Merge branch 'v2.0'
This commit is contained in:
commit
2efb445534
|
@ -129,7 +129,7 @@
|
|||
.\" ========================================================================
|
||||
.\"
|
||||
.IX Title "llng-fastcgi-server 8"
|
||||
.TH llng-fastcgi-server 8 "2019-09-24" "perl v5.28.1" "User Contributed Perl Documentation"
|
||||
.TH llng-fastcgi-server 8 "2019-10-30" "perl v5.26.1" "User Contributed Perl Documentation"
|
||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||||
.\" way too many mistakes in technical documents.
|
||||
.if n .ad l
|
||||
|
|
|
@ -305,9 +305,10 @@ languages = en, fr, vi, it, ar, de, fi
|
|||
; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page.
|
||||
;customPlugins = My::Package1, My::Package2
|
||||
|
||||
; To avoid bad/expired OTT if authssl and auth are served by different Load Balancers
|
||||
; you can override OTT configuration to store Upgrade OTT into global storage
|
||||
; To avoid bad/expired OTT if "authssl" and "auth" are served by different Load Balancers
|
||||
; you can override OTT configuration to store Upgrade or Issuer OTT into global storage
|
||||
;forceGlobalStorageUpgradeOTT = 1
|
||||
;forceGlobalStorageIssuerOTT = 1
|
||||
|
||||
[handler]
|
||||
|
||||
|
|
|
@ -260,8 +260,7 @@ sub defaultValues {
|
|||
'samlAuthnContextMapPassword' => 2,
|
||||
'samlAuthnContextMapPasswordProtectedTransport' => 3,
|
||||
'samlAuthnContextMapTLSClient' => 5,
|
||||
'samlEntityID' => '#PORTAL#/saml/metadata',
|
||||
'samlIdPResolveCookie' => 'lemonldapidp',
|
||||
'samlEntityID' => '#PORTAL#/saml/metadata',
|
||||
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
|
||||
'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' =>
|
||||
|
|
|
@ -195,9 +195,11 @@ sub virtualHosts {
|
|||
type => 'keyText',
|
||||
};
|
||||
|
||||
# If rule contains a comment, split it
|
||||
# If rule contains a comment or an AuthLevel, split them
|
||||
if ( $query eq 'locationRules' ) {
|
||||
$res->{comment} = '';
|
||||
$res->{level} = '';
|
||||
$res->{level} = $1 if ( $r =~ s/\(\?#AuthnLevel=(-?\d+)\)// );
|
||||
if ( $r =~ s/\(\?#(.*?)\)// ) {
|
||||
$res->{title} = $res->{comment} = $1;
|
||||
}
|
||||
|
|
|
@ -67,7 +67,7 @@ our $issuerParameters = {
|
|||
issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
|
||||
issuerOptions => [qw(issuersTimeout)],
|
||||
};
|
||||
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlOverrideIDPEntityID)];
|
||||
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlOverrideIDPEntityID)];
|
||||
our $oidcServiceParameters = [qw(oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)];
|
||||
|
||||
1;
|
||||
|
|
|
@ -43,11 +43,11 @@ sub run {
|
|||
|
||||
# Catch Secure Token parameters
|
||||
my $localConfig = $class->localConfig;
|
||||
my $secureTokenMemcachedServers =
|
||||
our $secureTokenMemcachedServers =
|
||||
$localConfig->{secureTokenMemcachedServers} || ['127.0.0.1:11211'];
|
||||
my $secureTokenExpiration = $localConfig->{secureTokenExpiration} || 60;
|
||||
my $secureTokenAttribute = $localConfig->{secureTokenAttribute} || 'uid';
|
||||
my $secureTokenUrls = $localConfig->{'secureTokenUrls'} || ['.*'];
|
||||
our $secureTokenUrls = $localConfig->{'secureTokenUrls'} || ['.*'];
|
||||
my $secureTokenHeader = $localConfig->{secureTokenHeader} || 'Auth-Token';
|
||||
my $secureTokenAllowOnError = $localConfig->{'secureTokenAllowOnError'}
|
||||
// 1;
|
||||
|
|
|
@ -281,6 +281,7 @@ sub locationRulesInit {
|
|||
$class->tsv->{locationProtection}->{$vhost} = [];
|
||||
$class->tsv->{locationRegexp}->{$vhost} = [];
|
||||
$class->tsv->{locationConditionText}->{$vhost} = [];
|
||||
$class->tsv->{locationAuthnLevel}->{$vhost} = [];
|
||||
|
||||
foreach my $url ( sort keys %{$rules} ) {
|
||||
my ( $cond, $prot ) = $class->conditionSub( $rules->{$url} );
|
||||
|
@ -300,10 +301,14 @@ sub locationRulesInit {
|
|||
push @{ $class->tsv->{locationCondition}->{$vhost} }, $cond;
|
||||
push @{ $class->tsv->{locationProtection}->{$vhost} }, $prot;
|
||||
push @{ $class->tsv->{locationRegexp}->{$vhost} }, qr/$url/;
|
||||
push @{ $class->tsv->{locationAuthnLevel}->{$vhost} },
|
||||
$url =~ /\(\?#AuthnLevel=(-?\d+)\)/
|
||||
? $1
|
||||
: undef;
|
||||
push @{ $class->tsv->{locationConditionText}->{$vhost} },
|
||||
$url =~ /^\(\?#(.*?)\)/ ? $1
|
||||
: $url =~ /^(.*?)##(.+)$/ ? $2
|
||||
: $url;
|
||||
: $url;
|
||||
$class->tsv->{locationCount}->{$vhost}++;
|
||||
}
|
||||
}
|
||||
|
@ -451,6 +456,7 @@ sub postUrlInit {
|
|||
# @return array (ref(sub), int)
|
||||
sub conditionSub {
|
||||
my ( $class, $cond ) = @_;
|
||||
$cond =~ s/\(\?#(\d+)\)$//;
|
||||
my ( $OK, $NOK ) = ( sub { 1 }, sub { 0 } );
|
||||
|
||||
# Simple cases : accept and deny
|
||||
|
|
|
@ -267,10 +267,31 @@ sub checkMaintenanceMode {
|
|||
# @return True if the user is granted to access to the current URL
|
||||
sub grant {
|
||||
my ( $class, $req, $session, $uri, $cond, $vhost ) = @_;
|
||||
my $level;
|
||||
|
||||
return $cond->( $req, $session ) if ($cond);
|
||||
|
||||
$vhost ||= $class->resolveAlias($req);
|
||||
if ( my $level = $class->tsv->{authnLevel}->{$vhost} ) {
|
||||
|
||||
# Using URL authentification level if exists
|
||||
for (
|
||||
my $i = 0 ;
|
||||
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ;
|
||||
$i++
|
||||
)
|
||||
{
|
||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
||||
$level = $class->tsv->{locationAuthnLevel}->{$vhost}->[$i];
|
||||
last;
|
||||
}
|
||||
}
|
||||
$level
|
||||
? $class->logger->debug(
|
||||
'Found AuthnLevel=' . $level . ' for "' . "$vhost$uri" . '"' )
|
||||
: $class->logger->debug("No URL authentication level found...");
|
||||
|
||||
# Using VH authentification level if exists
|
||||
if ( $level ||= $class->tsv->{authnLevel}->{$vhost} ) {
|
||||
if ( $session->{authenticationLevel} < $level ) {
|
||||
$class->logger->debug(
|
||||
"User authentication level = $session->{authenticationLevel}");
|
||||
|
|
|
@ -10,6 +10,7 @@ init('Lemonldap::NG::Handler::PSGI');
|
|||
my $res;
|
||||
|
||||
# Unauthentified query
|
||||
# --------------------
|
||||
ok( $res = $client->_get('/'), 'Unauthentified query' );
|
||||
ok( ref($res) eq 'ARRAY', 'Response is an array' ) or explain( $res, 'array' );
|
||||
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
|
||||
|
@ -24,17 +25,14 @@ ok(
|
|||
'Location => http://auth.example.com/?url='
|
||||
. encode_base64( 'http://test1.example.com/', '' )
|
||||
);
|
||||
|
||||
count(4);
|
||||
|
||||
# Authentified queries
|
||||
# --------------------
|
||||
|
||||
# Authorized query
|
||||
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Authentified query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/user_dwho/', undef, undef, "lemonldap=$sessionId" ),
|
||||
|
@ -47,7 +45,12 @@ count(2);
|
|||
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query' );
|
||||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 1
|
||||
ok( $res = $client->_get( '/AuthWeak', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Weak Authentified query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/user_rtyler/', undef, undef, "lemonldap=$sessionId" ),
|
||||
|
@ -56,6 +59,25 @@ ok( $res->[0] == 403, 'Code is 403' ) or explain( $res, 403 );
|
|||
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 5
|
||||
ok(
|
||||
$res = $client->_get( '/AuthStrong', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Strong Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res, 302 );
|
||||
%h = @{ $res->[1] };
|
||||
ok(
|
||||
$h{Location} eq 'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test1.example.com/AuthStrong', '' ),
|
||||
'Redirection points to http://test1.example.com/AuthStrong'
|
||||
)
|
||||
or explain(
|
||||
\%h,
|
||||
'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test1.example.com/AuthStrong', '' )
|
||||
);
|
||||
count(3);
|
||||
|
||||
# Bad cookie
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
|
@ -70,9 +92,38 @@ ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
|
|||
unlink(
|
||||
't/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock'
|
||||
);
|
||||
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 1
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/AuthWeak', undef, 'test2.example.com', "lemonldap=$sessionId"
|
||||
),
|
||||
'Weak Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 5
|
||||
ok(
|
||||
$res =
|
||||
$client->_get( '/', undef, 'test2.example.com', "lemonldap=$sessionId" ),
|
||||
'Default Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res, 302 );
|
||||
%h = @{ $res->[1] };
|
||||
ok(
|
||||
$h{Location} eq 'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test2.example.com/', '' ),
|
||||
'Redirection points to http://test2.example.com/'
|
||||
)
|
||||
or explain(
|
||||
\%h,
|
||||
'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test2.example.com/', '' )
|
||||
);
|
||||
count(3);
|
||||
|
||||
done_testing( count() );
|
||||
|
||||
clean();
|
||||
|
|
|
@ -9,6 +9,7 @@ init('Lemonldap::NG::Handler::Server');
|
|||
my $res;
|
||||
|
||||
# Unauthentified query
|
||||
# --------------------
|
||||
ok( $res = $client->_get('/'), 'Unauthentified query' );
|
||||
ok( ref($res) eq 'ARRAY', 'Response is an array' ) or explain( $res, 'array' );
|
||||
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
|
||||
|
@ -23,17 +24,14 @@ ok(
|
|||
'Location => http://auth.example.com/?url='
|
||||
. encode_base64( 'http://test1.example.com/', '' )
|
||||
);
|
||||
|
||||
count(4);
|
||||
|
||||
# Authentified queries
|
||||
# --------------------
|
||||
|
||||
# Authorized query
|
||||
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Authentified query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
|
||||
|
||||
count(2);
|
||||
|
||||
# Check headers
|
||||
|
@ -46,9 +44,33 @@ count(1);
|
|||
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query' );
|
||||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
|
||||
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 1
|
||||
ok( $res = $client->_get( '/AuthWeak', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Weak Authentified query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 5
|
||||
ok(
|
||||
$res = $client->_get( '/AuthStrong', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Strong Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res, 302 );
|
||||
%h = @{ $res->[1] };
|
||||
ok(
|
||||
$h{Location} eq 'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test1.example.com/AuthStrong', '' ),
|
||||
'Redirection points to http://test1.example.com/AuthStrong'
|
||||
)
|
||||
or explain(
|
||||
\%h,
|
||||
'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test1.example.com/AuthStrong', '' )
|
||||
);
|
||||
count(3);
|
||||
|
||||
# Bad cookie
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
|
@ -63,9 +85,38 @@ ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
|
|||
unlink(
|
||||
't/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock'
|
||||
);
|
||||
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 1
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/AuthWeak', undef, 'test2.example.com', "lemonldap=$sessionId"
|
||||
),
|
||||
'Weak Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 5
|
||||
ok(
|
||||
$res =
|
||||
$client->_get( '/', undef, 'test2.example.com', "lemonldap=$sessionId" ),
|
||||
'Default Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res, 302 );
|
||||
%h = @{ $res->[1] };
|
||||
ok(
|
||||
$h{Location} eq 'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test2.example.com/', '' ),
|
||||
'Redirection points to http://test2.example.com/'
|
||||
)
|
||||
or explain(
|
||||
\%h,
|
||||
'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test2.example.com/', '' )
|
||||
);
|
||||
count(3);
|
||||
|
||||
done_testing( count() );
|
||||
|
||||
clean();
|
||||
|
|
|
@ -34,7 +34,6 @@ count(4);
|
|||
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Authentified query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
|
||||
|
||||
count(2);
|
||||
|
||||
# Check headers
|
||||
|
@ -49,9 +48,33 @@ count(2);
|
|||
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query' );
|
||||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
|
||||
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 1
|
||||
ok( $res = $client->_get( '/AuthWeak', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Weak Authentified query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 5
|
||||
ok(
|
||||
$res = $client->_get( '/AuthStrong', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Strong Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 401, 'Code is 401' ) or explain( $res, 401 );
|
||||
%h = @{ $res->[1] };
|
||||
ok(
|
||||
$h{Location} eq 'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test1.example.com/AuthStrong', '' ),
|
||||
'Redirection points to http://test1.example.com/AuthStrong'
|
||||
)
|
||||
or explain(
|
||||
\%h,
|
||||
'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test1.example.com/AuthStrong', '' )
|
||||
);
|
||||
count(3);
|
||||
|
||||
# Bad cookie
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
|
@ -66,9 +89,38 @@ ok( $res->[0] == 401, 'Code is 401' ) or explain( $res->[0], 401 );
|
|||
unlink(
|
||||
't/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock'
|
||||
);
|
||||
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 1
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/AuthWeak', undef, 'test2.example.com', "lemonldap=$sessionId"
|
||||
),
|
||||
'Weak Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 5
|
||||
ok(
|
||||
$res =
|
||||
$client->_get( '/', undef, 'test2.example.com', "lemonldap=$sessionId" ),
|
||||
'Default Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 401, 'Code is 401' ) or explain( $res, 401 );
|
||||
%h = @{ $res->[1] };
|
||||
ok(
|
||||
$h{Location} eq 'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test2.example.com/', '' ),
|
||||
'Redirection points to http://test2.example.com/'
|
||||
)
|
||||
or explain(
|
||||
\%h,
|
||||
'http://auth.example.com//upgradesession?url='
|
||||
. encode_base64( 'http://test2.example.com/', '' )
|
||||
);
|
||||
count(3);
|
||||
|
||||
done_testing( count() );
|
||||
|
||||
clean();
|
||||
|
|
|
@ -41,12 +41,15 @@
|
|||
"default": "$uid eq \"dwho\""
|
||||
},
|
||||
"test1.example.com": {
|
||||
"^/AuthStrong(?#AuthnLevel=5)": "accept",
|
||||
"^/AuthWeak(?#AuthnLevel=1)": "accept",
|
||||
"^/logout": "logout_sso",
|
||||
"^/deny": "deny",
|
||||
"^/user_(\\w+)/": "$uid eq $_rulematch[1]",
|
||||
"default": "accept"
|
||||
},
|
||||
"test2.example.com": {
|
||||
"^/AuthWeak(?#AuthnLevel=1)": "accept",
|
||||
"^/logout": "logout_sso",
|
||||
"default": "accept"
|
||||
},
|
||||
|
@ -61,5 +64,10 @@
|
|||
"portal": "http://auth.example.com/",
|
||||
"reloadUrls": {},
|
||||
"userDB": "Demo",
|
||||
"vhostOptions": {
|
||||
"test2.example.com": {
|
||||
"vhostAuthnLevel": 5
|
||||
}
|
||||
},
|
||||
"whatToTrace": "_whatToTrace"
|
||||
}
|
||||
|
|
|
@ -1254,6 +1254,9 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
'default' => 3,
|
||||
'type' => 'int'
|
||||
},
|
||||
'forceGlobalStorageIssuerOTT' => {
|
||||
'type' => 'bool'
|
||||
},
|
||||
'forceGlobalStorageUpgradeOTT' => {
|
||||
'type' => 'bool'
|
||||
},
|
||||
|
@ -3032,10 +3035,6 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
},
|
||||
'type' => 'file'
|
||||
},
|
||||
'samlIdPResolveCookie' => {
|
||||
'default' => 'lemonldapidp',
|
||||
'type' => 'text'
|
||||
},
|
||||
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => {
|
||||
'default' =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
|
||||
|
|
|
@ -553,6 +553,11 @@ sub attributes {
|
|||
documentation =>
|
||||
'Avoid asking confirmation when an Issuer asks to renew auth',
|
||||
},
|
||||
forceGlobalStorageIssuerOTT => {
|
||||
type => 'bool',
|
||||
documentation =>
|
||||
'Force Issuer tokens be stored into Global Storage',
|
||||
},
|
||||
handlerInternalCache => {
|
||||
type => 'int',
|
||||
default => 15,
|
||||
|
@ -1532,7 +1537,7 @@ sub attributes {
|
|||
forceGlobalStorageUpgradeOTT => {
|
||||
type => 'bool',
|
||||
documentation =>
|
||||
'Force upgrade tokens be stored into Global Storage',
|
||||
'Force Upgrade tokens be stored into Global Storage',
|
||||
},
|
||||
|
||||
# 2F
|
||||
|
@ -2319,11 +2324,6 @@ sub attributes {
|
|||
documentation =>
|
||||
'Use certificate instead of public key in SAML responses',
|
||||
},
|
||||
samlIdPResolveCookie => {
|
||||
type => 'text',
|
||||
default => 'lemonldapidp',
|
||||
documentation => 'SAML IDP resolution cookie',
|
||||
},
|
||||
samlMetadataForceUTF8 => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
|
|
|
@ -1138,7 +1138,6 @@ sub tree {
|
|||
title => 'samlAdvanced',
|
||||
help => 'samlservice.html#advanced',
|
||||
nodes => [
|
||||
'samlIdPResolveCookie',
|
||||
'samlMetadataForceUTF8',
|
||||
'samlStorage',
|
||||
'samlStorageOptions',
|
||||
|
|
|
@ -266,6 +266,7 @@ sub _scanNodes {
|
|||
$leaf->{comment}
|
||||
? "(?#$leaf->{comment})$leaf->{re}"
|
||||
: $leaf->{re};
|
||||
$k .= "(?#AuthnLevel=$leaf->{level})" if $leaf->{level};
|
||||
$self->set( $target, $key, $k, $leaf->{data} );
|
||||
}
|
||||
else {
|
||||
|
|
|
@ -592,6 +592,10 @@ llapp.controller 'TreeCtrl', [
|
|||
if a.template
|
||||
a._nodes = templates a.template, a.title
|
||||
node.nodes.push a
|
||||
if a.type.match /^rule$/
|
||||
console.log "Parse rule AuthnLevel as integer"
|
||||
if a.level and typeof a.level == 'string'
|
||||
a.level = parseInt(a.level, 10)
|
||||
d.resolve 'OK'
|
||||
$scope.waiting = false
|
||||
, (response) ->
|
||||
|
|
|
@ -17,6 +17,10 @@
|
|||
<th><span trspan="rule"></span></th>
|
||||
<td><textarea rows="3" id="hashvalueinput" class="form-control" ng-model="currentNode.data"/></td>
|
||||
</tr>
|
||||
<tr ng-if="currentNode.re!='default'">
|
||||
<th><span trspan="ruleAuthnLevel"></span></th>
|
||||
<td><input id="ruleAuthnLevel" type="number" class="form-control" ng-model="currentNode.level"/></td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<script type="text/menu">
|
||||
|
|
|
@ -7,7 +7,8 @@
|
|||
<tr>
|
||||
<th width="20%" trspan="comments"></th>
|
||||
<th width="30%" trspan="regexps"></th>
|
||||
<th width="50%" trspan="rules"></th>
|
||||
<th width="40%" trspan="rules"></th>
|
||||
<th width="7%" trspan="rulesAuthnLevel"></th>
|
||||
<th />
|
||||
</tr>
|
||||
</thead>
|
||||
|
@ -28,6 +29,12 @@
|
|||
<td>
|
||||
<input class="form-control" ng-model="s.data"/>
|
||||
</td>
|
||||
<td ng-if="s.re!='default'">
|
||||
<input type="number" class="form-control" ng-model="s.level"/>
|
||||
</td>
|
||||
<td ng-if="s.re=='default'">
|
||||
<input class="form-control" placeholder="defaultLevel" readonly/>
|
||||
</td>
|
||||
<td>
|
||||
<span ng-if="s.re!='default'" class="link text-danger glyphicon glyphicon-minus-sign" ng-click="del(currentNode.nodes,$index)"/>
|
||||
<span ng-if="$last" class="link text-success glyphicon glyphicon-plus-sign" ng-click="menuClick({title:'newRule'})"/>
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1 +1,2 @@
|
|||
(function(){var F;F={authParams:function(C,b,y){var n,o,x,e,s;for(s=[],n=0,o=(e=y.nodes).length;n<o;n++)x=e[n],s.push(C.getKey(x));return b.all(s).then(function(){var n,o,e,s,t,a,d,i,r,l,c,f,h,u,g,m,_,p,w,P,v;for(!1,l=[],h=function(n){var o;if("openidconnect"===(o=n.toLowerCase())&&(o="oidc"),l.push(o+"Params"),"ad"===o)return l.push("ldapParams")},n=0,s=(m=y.nodes).length;n<s;n++)h((x=m[n]).data);for(o=0,t=(_=y.nodes_cond).length;o<t;o++){if(P=0,c=(x=_[o])._nodes?x._nodes:x.nodes,"Choice"===y.nodes[0].data&&"choiceParams"===x.id)if(console.log("Choice is selected"),c[1].cnodes)P++;else for(e=0,a=(c=c[1]._nodes?c[1]._nodes:c[1].nodes).length;e<a;e++)for(f=0,d=(p=c[e].data).length;f<d;f++)"string"==typeof(v=p[f])&&h(v);else if("Combination"===y.nodes[0].data&&"combinationParams"===x.id)if(console.log("Combination is selected"),c[1].cnodes)P++;else for(u=0,i=(c=c[1]._nodes?c[1]._nodes:c[1].nodes).length;u<i;u++)h(c[u].data.type);if(P)return C.waiting=!0,void C.download({$modelValue:c[1]}).then(function(){return F.authParams(C,b,y)})}for(g=0,r=(w=y.nodes_cond).length;g<r;g++)x=w[g],-1===l.indexOf(x.id)?x.show=!1:x.show=!0})}},window.filterFunctions=F}).call(this);
|
||||
(function(){var n;n={authParams:function(o,e,s){var t,a,d,i,r;for(r=[],i=s.nodes,t=0,a=i.length;t<a;t++)d=i[t],r.push(o.getKey(d));return e.all(r).then(function(){var t,a,i,r,l,c,f,h,u,g,m,_,p,w,P,v,C,b,y,x,F,K,L;for(t=!1,_=[],P=function(n){var o;if(o=n.toLowerCase(),"openidconnect"===o&&(o="oidc"),_.push(o+"Params"),"ad"===o)return _.push("ldapParams")},b=s.nodes,a=0,l=b.length;a<l;a++)d=b[a],P(d.data);for(y=s.nodes_cond,i=0,c=y.length;i<c;i++){if(d=y[i],K=0,p=d._nodes?d._nodes:d.nodes,"Choice"===s.nodes[0].data&&"choiceParams"===d.id)if(console.log("Choice is selected"),p[1].cnodes)K++;else for(p=p[1]._nodes?p[1]._nodes:p[1].nodes,r=0,f=p.length;r<f;r++)for(m=p[r],x=m.data,w=0,h=x.length;w<h;w++)"string"==typeof(L=x[w])&&P(L);else if("Combination"===s.nodes[0].data&&"combinationParams"===d.id)if(console.log("Combination is selected"),p[1].cnodes)K++;else for(p=p[1]._nodes?p[1]._nodes:p[1].nodes,v=0,u=p.length;v<u;v++)m=p[v],P(m.data.type);if(K)return o.waiting=!0,void o.download({$modelValue:p[1]}).then(function(){return n.authParams(o,e,s)})}for(F=s.nodes_cond,C=0,g=F.length;C<g;C++)d=F[C],t||-1!==_.indexOf(d.id)?d.show=!0:d.show=!1})}},window.filterFunctions=n}).call(this);
|
||||
//# sourceMappingURL=lemonldap-ng-manager/site/htdocs/static/js/filterFunctions.min.js.map
|
|
@ -1 +1 @@
|
|||
{"version":3,"sources":["lemonldap-ng-manager/site/htdocs/static/js/filterFunctions.js"],"names":["filterFunctions","authParams","scope","$q","node","i","len","n","ref","wait","nodes","length","push","getKey","all","then","j","k","l","len1","len2","len3","len4","len5","len6","nToShow","nd","o","p","q","r","ref1","ref2","ref3","ref4","restart","s","tmp","toLowerCase","data","nodes_cond","_nodes","id","console","log","cnodes","type","waiting","download","$modelValue","indexOf","show","window","call","this"],"mappings":"CACA,WACE,IAAIA,EAEJA,EAAkB,CAChBC,WAAY,SAASC,EAAOC,EAAIC,GAC9B,IAAIC,EAAGC,EAAKC,EAAGC,EAAKC,EAGpB,IAFAA,EAAO,GAEFJ,EAAI,EAAGC,GADZE,EAAMJ,EAAKM,OACWC,OAAQN,EAAIC,EAAKD,IACrCE,EAAIC,EAAIH,GACRI,EAAKG,KAAKV,EAAMW,OAAON,IAEzB,OAAOJ,EAAGW,IAAIL,GAAMM,KAAK,WACvB,IAASC,EAAGC,EAAGC,EAAGC,EAAMC,EAAMC,EAAMC,EAAMC,EAAMC,EAASC,EAASC,EAAIC,EAAGC,EAAGC,EAAGC,EAAGC,EAAMC,EAAMC,EAAMC,EAAMC,EAASC,EAenH,KAdM,EACNX,EAAU,GACVG,EAAI,SAASQ,GACX,IAAIC,EAMJ,GAJY,mBADZA,EAAMD,EAAEE,iBAEND,EAAM,QAERZ,EAAQb,KAAKyB,EAAM,UACP,OAARA,EACF,OAAOZ,EAAQb,KAAK,eAInBI,EAAI,EAAGG,GADZY,EAAO3B,EAAKM,OACYC,OAAQK,EAAIG,EAAMH,IAExCY,GADArB,EAAIwB,EAAKf,IACLuB,MAGN,IAAKtB,EAAI,EAAGG,GADZY,EAAO5B,EAAKoC,YACY7B,OAAQM,EAAIG,EAAMH,IAAK,CAI7C,GAFAkB,EAAU,EACVT,GAFAnB,EAAIyB,EAAKf,IAEFwB,OAASlC,EAAEkC,OAASlC,EAAEG,MACF,WAAvBN,EAAKM,MAAM,GAAG6B,MAA8B,iBAAThC,EAAEmC,GAEvC,GADAC,QAAQC,IAAI,sBACRlB,EAAG,GAAGmB,OACRV,SAGA,IAAKjB,EAAI,EAAGG,GADZK,EAAKA,EAAG,GAAGe,OAASf,EAAG,GAAGe,OAASf,EAAG,GAAGhB,OACnBC,OAAQO,EAAIG,EAAMH,IAGtC,IAAKS,EAAI,EAAGL,GADZW,EADIP,EAAGR,GACEqB,MACe5B,OAAQgB,EAAIL,EAAMK,IAEvB,iBADjBS,EAAIH,EAAKN,KAEPC,EAAEQ,QAKL,GAA2B,gBAAvBhC,EAAKM,MAAM,GAAG6B,MAAmC,sBAAThC,EAAEmC,GAEnD,GADAC,QAAQC,IAAI,2BACRlB,EAAG,GAAGmB,OACRV,SAGA,IAAKN,EAAI,EAAGN,GADZG,EAAKA,EAAG,GAAGe,OAASf,EAAG,GAAGe,OAASf,EAAG,GAAGhB,OACnBC,OAAQkB,EAAIN,EAAMM,IAEtCD,EADIF,EAAGG,GACHU,KAAKO,MAIf,GAAIX,EAOF,OANAjC,EAAM6C,SAAU,OAChB7C,EAAM8C,SAAS,CACbC,YAAevB,EAAG,KACjBX,KAAK,WACN,OAAOf,EAAgBC,WAAWC,EAAOC,EAAIC,KAMnD,IAAK0B,EAAI,EAAGN,GADZU,EAAO9B,EAAKoC,YACY7B,OAAQmB,EAAIN,EAAMM,IACxCvB,EAAI2B,EAAKJ,IAC8B,IAA3BL,EAAQyB,QAAQ3C,EAAEmC,IAC5BnC,EAAE4C,MAAO,EAET5C,EAAE4C,MAAO,MAOnBC,OAAOpD,gBAAkBA,IAExBqD,KAAKC"}
|
||||
{"version":3,"sources":["lemonldap-ng-manager/site/htdocs/static/js/filterFunctions.js"],"names":["filterFunctions","authParams","scope","$q","node","i","len","n","ref","wait","nodes","length","push","getKey","all","then","j","k","l","len1","len2","len3","len4","len5","len6","m","nToShow","nd","o","p","q","r","ref1","ref2","ref3","ref4","restart","s","tmp","toLowerCase","data","nodes_cond","_nodes","id","console","log","cnodes","type","waiting","download","$modelValue","indexOf","show","window","call","this"],"mappings":"CACA,WACE,GAAIA,EAEJA,IACEC,WAAY,SAASC,EAAOC,EAAIC,GAC9B,GAAIC,GAAGC,EAAKC,EAAGC,EAAKC,CAGpB,KAFAA,KACAD,EAAMJ,EAAKM,MACNL,EAAI,EAAGC,EAAME,EAAIG,OAAQN,EAAIC,EAAKD,IACrCE,EAAIC,EAAIH,GACRI,EAAKG,KAAKV,EAAMW,OAAON,GAEzB,OAAOJ,GAAGW,IAAIL,GAAMM,KAAK,WACvB,GAAID,GAAKE,EAAGC,EAAGC,EAAGC,EAAMC,EAAMC,EAAMC,EAAMC,EAAMC,EAAMC,EAAGC,EAASC,EAAIC,EAAGC,EAAGC,EAAGC,EAAGC,EAAMC,EAAMC,EAAMC,EAAMC,EAASC,CAenH,KAdAvB,GAAM,EACNY,KACAG,EAAI,SAASQ,GACX,GAAIC,EAMJ,IALAA,EAAMD,EAAEE,cACI,kBAARD,IACFA,EAAM,QAERZ,EAAQd,KAAK0B,EAAM,UACP,OAARA,EACF,MAAOZ,GAAQd,KAAK,eAGxBoB,EAAO5B,EAAKM,MACPM,EAAI,EAAGG,EAAOa,EAAKrB,OAAQK,EAAIG,EAAMH,IACxCT,EAAIyB,EAAKhB,GACTa,EAAEtB,EAAEiC,KAGN,KADAP,EAAO7B,EAAKqC,WACPxB,EAAI,EAAGG,EAAOa,EAAKtB,OAAQM,EAAIG,EAAMH,IAAK,CAI7C,GAHAV,EAAI0B,EAAKhB,GACTmB,EAAU,EACVT,EAAKpB,EAAEmC,OAASnC,EAAEmC,OAASnC,EAAEG,MACF,WAAvBN,EAAKM,MAAM,GAAG8B,MAA8B,iBAATjC,EAAEoC,GAEvC,GADAC,QAAQC,IAAI,sBACRlB,EAAG,GAAGmB,OACRV,QAGA,KADAT,EAAKA,EAAG,GAAGe,OAASf,EAAG,GAAGe,OAASf,EAAG,GAAGjB,MACpCQ,EAAI,EAAGG,EAAOM,EAAGhB,OAAQO,EAAIG,EAAMH,IAGtC,IAFAO,EAAIE,EAAGT,GACPgB,EAAOT,EAAEe,KACJZ,EAAI,EAAGN,EAAOY,EAAKvB,OAAQiB,EAAIN,EAAMM,IAEvB,iBADjBS,EAAIH,EAAKN,KAEPC,EAAEQ,OAKL,IAA2B,gBAAvBjC,EAAKM,MAAM,GAAG8B,MAAmC,sBAATjC,EAAEoC,GAEnD,GADAC,QAAQC,IAAI,2BACRlB,EAAG,GAAGmB,OACRV,QAGA,KADAT,EAAKA,EAAG,GAAGe,OAASf,EAAG,GAAGe,OAASf,EAAG,GAAGjB,MACpCoB,EAAI,EAAGP,EAAOI,EAAGhB,OAAQmB,EAAIP,EAAMO,IACtCL,EAAIE,EAAGG,GACPD,EAAEJ,EAAEe,KAAKO,KAIf,IAAIX,EAOF,MANAlC,GAAM8C,SAAU,MAChB9C,GAAM+C,UACJC,YAAevB,EAAG,KACjBZ,KAAK,WACN,MAAOf,GAAgBC,WAAWC,EAAOC,EAAIC,KAMnD,IADA+B,EAAO/B,EAAKqC,WACPV,EAAI,EAAGP,EAAOW,EAAKxB,OAAQoB,EAAIP,EAAMO,IACxCxB,EAAI4B,EAAKJ,GACJjB,IAAkC,IAA3BY,EAAQyB,QAAQ5C,EAAEoC,IAG5BpC,EAAE6C,MAAO,EAFT7C,EAAE6C,MAAO,MASnBC,OAAOrD,gBAAkBA,IAExBsD,KAAKC","file":"lemonldap-ng-manager/site/htdocs/static/js/filterFunctions.min.js"}
|
|
@ -1 +1 @@
|
|||
(function(){var e;(e=angular.module("llApp",["ngAria"])).provider("$translator",function(){var e,t,n,r,a,i,o,s,l,u,c,g;if(g={},decodeURIComponent(document.cookie).match(/llnglanguage=(\w+)/))g.lang=RegExp.$1;else if(navigator){for(r=[],a=[],l=[navigator.language],navigator.languages&&(l=navigator.languages),t=0,i=l.length;t<i;t++)for(s=l[t],console.log("Navigator lang",s),n=0,o=(c=window.availableLanguages).length;n<o;n++)e=c[n],console.log(" Available lang",e),u=new RegExp("^"+e+"-?"),s.match(u)?(console.log(" Matching lang =",e),r.push(e)):e.substring(0,1)===s.substring(0,1)&&a.push(e);g.lang=r[0]?r[0]:a[0]?a[0]:"en"}else g.lang="en";return console.log("Selected lang ->",g.lang),g.deferredTr=[],g.translationFields={},g.translate=function(e){return g.translationFields[e]&&(e=g.translationFields[e]),e},g.translateField=function(e,t){return g.translate(e[t])},g.translateP=function(e){return e&&g.translationFields.portal&&(e=e.replace(/__(\w+)__/g,function(e,t){return g.translate(t)})),e},this.$get=["$q","$http",function(t,n){return g.last="",g.init=function(e){var i;return e=e||g.lang,(i=new Date).setTime(i.getTime()+2592e6),document.cookie="llnglanguage="+e+"; expires="+i.toUTCString()+"; path=/",i=t.defer(),g.last!==e?(g.last=e,n.get(window.staticPrefix+"languages/"+e+".json").then(function(e){var t,n,r,a;for(g.translationFields=e.data,n=0,r=(a=g.deferredTr).length;n<r;n++)(t=a[n]).e[t.f](g.translationFields[t.m]);return g.deferredTr=[],i.resolve("Translation files loaded")},function(e){return i.reject("")})):i.resolve("No change"),i.promise},g}],this}),e.directive("trspan",["$translator",function(r){return{restrict:"A",replace:!1,transclude:!0,scope:{trspan:"@"},link:function(e,t,n){return r.translationFields.portal?n.trspan=r.translate(n.trspan):r.deferredTr.push({e:t,f:"text",m:n.trspan}),t.text(n.trspan)},template:""}}]),e.provider("$htmlParams",function(){return this.$get=function(){var n;return n={},{set:function(e,t){return n[e]=t},menu:function(){return n.menu},params:function(){return n.params}}},this}),e.directive("script",["$htmlParams",function(a){return{restrict:"E",terminal:!0,compile:function(e,t){var n,r;if(t.type&&(r=t.type.match(/text\/(menu|parameters)/)))try{return a.set(r[1],JSON.parse(e[0].text))}catch(e){n=e,console.log("Parsing error:",n)}}}}]),e.controller("ModalInstanceCtrl",["$scope","$uibModalInstance","elem","set","init",function(a,e,t,n,r){var i,o;return null,a.elem=t,a.set=n,a.result=r,a.staticPrefix=window.staticPrefix,i=t("currentNode"),a.translateP=t("translateP"),i&&(o=i.data,a.currentNode=i),a.ok=function(){return n("result",a.result),e.close(!0)},a.cancel=function(){return i&&(a.currentNode.data=o),e.dismiss("cancel")},a.inSelect=function(e){var t,n,r;for(t=0,n=(r=a.currentNode.select).length;t<n;t++)if(r[t].k===e)return!0;return!1}}]),e.directive("onReadFile",["$parse",function(a){return{restrict:"A",scope:!1,link:function(n,e,t){var r;return r=a(t.onReadFile),e.on("change",function(e){var t;return(t=new FileReader).onload=function(e){return n.$apply(function(){return r(n,{$fileContent:e.target.result})})},t.readAsText((e.srcElement||e.target).files[0])})}}}]),e.directive("resizer",["$document",function(i){var o,s;return s=o=null,function(e,t,r){var n,a;return t.on("mousedown",function(e){return"vertical"===r.resizer?s=$(r.resizerRight).width()+$(r.resizerLeft).width():o=$(r.resizerTop).height()+$(r.resizerBottom).height(),e.preventDefault(),i.on("mousemove",n),i.on("mouseup",a)}),n=function(e){var t,n;return"vertical"===r.resizer?(t=e.pageX,r.resizerMax&&t>r.resizerMax&&(t=parseInt(r.resizerMax)),$(r.resizerLeft).css({width:t+"px"}),$(r.resizerRight).css({width:s-t+"px"})):(n=e.pageY-$("#navbar").height(),$(r.resizerTop).css({height:n+"px"}),$(r.resizerBottom).css({height:o-n+"px"}))},a=function(){return i.unbind("mousemove",n),i.unbind("mouseup",a)}}}]),e.factory("$lmhttp",["$q","$location",function(t,e){return{responseError:function(e){return 401===e.status&&window.portal?window.location=window.portal+"?url="+window.btoa(window.location).replace(/\//,"_"):t.reject(e)}}}]),e.config(["$httpProvider",function(e){return e.interceptors.push("$lmhttp")}])}).call(this);
|
||||
(function(){var e;(e=angular.module("llApp",["ngAria"])).provider("$translator",function(){var e,t,n,r,a,i,o,s,l,u,c,g;if(g={},decodeURIComponent(document.cookie).match(/llnglanguage=(\w+)/))g.lang=RegExp.$1;else if(navigator){for(r=[],a=[],l=[navigator.language],navigator.languages&&(l=navigator.languages),t=0,i=l.length;t<i;t++)for(s=l[t],console.log("Navigator lang",s),n=0,o=(c=window.availableLanguages).length;n<o;n++)e=c[n],console.log(" Available lang",e),u=new RegExp("^"+e+"-?"),s.match(u)?(console.log(" Matching lang =",e),r.push(e)):e.substring(0,1)===s.substring(0,1)&&a.push(e);g.lang=r[0]?r[0]:a[0]?a[0]:"en"}else g.lang="en";return console.log("Selected lang ->",g.lang),g.deferredTr=[],g.translationFields={},g.translate=function(e){return g.translationFields[e]&&(e=g.translationFields[e]),e},g.translateField=function(e,t){return g.translate(e[t])},g.translateP=function(e){return e&&g.translationFields.portal&&(e=e.replace(/__(\w+)__/g,function(e,t){return g.translate(t)})),e},this.$get=["$q","$http",function(t,n){return g.last="",g.init=function(e){var i;return e||(e=g.lang),(i=new Date).setTime(i.getTime()+2592e6),document.cookie="llnglanguage="+e+"; expires="+i.toUTCString()+"; path=/",i=t.defer(),g.last!==e?(g.last=e,n.get(window.staticPrefix+"languages/"+e+".json").then(function(e){var t,n,r,a;for(g.translationFields=e.data,n=0,r=(a=g.deferredTr).length;n<r;n++)(t=a[n]).e[t.f](g.translationFields[t.m]);return g.deferredTr=[],i.resolve("Translation files loaded")},function(e){return i.reject("")})):i.resolve("No change"),i.promise},g}],this}),e.directive("trspan",["$translator",function(r){return{restrict:"A",replace:!1,transclude:!0,scope:{trspan:"@"},link:function(e,t,n){return r.translationFields.portal?n.trspan=r.translate(n.trspan):r.deferredTr.push({e:t,f:"text",m:n.trspan}),t.text(n.trspan)},template:""}}]),e.provider("$htmlParams",function(){return this.$get=function(){var n;return n={},{set:function(e,t){return n[e]=t},menu:function(){return n.menu},params:function(){return n.params}}},this}),e.directive("script",["$htmlParams",function(a){return{restrict:"E",terminal:!0,compile:function(e,t){var n,r;if(t.type&&(r=t.type.match(/text\/(menu|parameters)/)))try{return a.set(r[1],JSON.parse(e[0].text))}catch(e){n=e,console.log("Parsing error:",n)}}}}]),e.controller("ModalInstanceCtrl",["$scope","$uibModalInstance","elem","set","init",function(a,e,t,n,r){var i,o;return null,a.elem=t,a.set=n,a.result=r,a.staticPrefix=window.staticPrefix,i=t("currentNode"),a.translateP=t("translateP"),i&&(o=i.data,a.currentNode=i),a.ok=function(){return n("result",a.result),e.close(!0)},a.cancel=function(){return i&&(a.currentNode.data=o),e.dismiss("cancel")},a.inSelect=function(e){var t,n,r;for(t=0,n=(r=a.currentNode.select).length;t<n;t++)if(r[t].k===e)return!0;return!1}}]),e.directive("onReadFile",["$parse",function(a){return{restrict:"A",scope:!1,link:function(n,e,t){var r;return r=a(t.onReadFile),e.on("change",function(e){var t;return(t=new FileReader).onload=function(e){return n.$apply(function(){return r(n,{$fileContent:e.target.result})})},t.readAsText((e.srcElement||e.target).files[0])})}}}]),e.directive("resizer",["$document",function(i){var o,s;return s=o=null,function(e,t,r){var n,a;return t.on("mousedown",function(e){return"vertical"===r.resizer?s=$(r.resizerRight).width()+$(r.resizerLeft).width():o=$(r.resizerTop).height()+$(r.resizerBottom).height(),e.preventDefault(),i.on("mousemove",n),i.on("mouseup",a)}),n=function(e){var t,n;return"vertical"===r.resizer?(t=e.pageX,r.resizerMax&&t>r.resizerMax&&(t=parseInt(r.resizerMax)),$(r.resizerLeft).css({width:t+"px"}),$(r.resizerRight).css({width:s-t+"px"})):(n=e.pageY-$("#navbar").height(),$(r.resizerTop).css({height:n+"px"}),$(r.resizerBottom).css({height:o-n+"px"}))},a=function(){return i.unbind("mousemove",n),i.unbind("mouseup",a)}}}]),e.factory("$lmhttp",["$q","$location",function(t,e){return{responseError:function(e){return 401===e.status&&window.portal?window.location=window.portal+"?url="+window.btoa(window.location).replace(/\//,"_"):t.reject(e)}}}]),e.config(["$httpProvider",function(e){return e.interceptors.push("$lmhttp")}])}).call(this);
|
File diff suppressed because one or more lines are too long
|
@ -739,6 +739,12 @@ This file contains:
|
|||
a._nodes = templates(a.template, a.title);
|
||||
}
|
||||
node.nodes.push(a);
|
||||
if (a.type.match(/^rule$/)) {
|
||||
console.log("Parse rule AuthnLevel as integer");
|
||||
if (a.level && typeof a.level === 'string') {
|
||||
a.level = parseInt(a.level, 10);
|
||||
}
|
||||
}
|
||||
}
|
||||
d.resolve('OK');
|
||||
}
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -768,7 +768,9 @@
|
|||
"returnUrl":"إرجاع اليو آر إل",
|
||||
"rp":"Relying Party",
|
||||
"rule":"القاعدة",
|
||||
"ruleAuthnLevel":"Required authentication level",
|
||||
"rules":"القواعد",
|
||||
"rulesAuthnLevel":"Required authentication levels",
|
||||
"Same":"نفسه",
|
||||
"save":"حفظ",
|
||||
"saveReport":"احفظ التقرير",
|
||||
|
@ -1063,7 +1065,6 @@
|
|||
"samlServiceSignatureMethod":"Signature method",
|
||||
"samlServiceUseCertificateInResponse":"استخدم الشهادة الرقمية في الردود",
|
||||
"samlAdvanced":"المتقدمة",
|
||||
"samlIdPResolveCookie":"اسم ملف تعريف الارتباط IDP",
|
||||
"samlPartnerName":"اسم شريك SAML ",
|
||||
"samlMetadataForceUTF8":"تحويل البيانات الوصفية UTF8",
|
||||
"samlStorage":"اسم وحدة الجلسات SAML",
|
||||
|
|
|
@ -429,7 +429,7 @@
|
|||
"loadFromUrl":"Load from URL",
|
||||
"localSessionStorage":"Cache module",
|
||||
"localSessionStorageOptions":"Cache module options",
|
||||
"locationRules":"Access rule",
|
||||
"locationRules":"Access rules",
|
||||
"loginHistory":"Login history",
|
||||
"loginHistoryEnabled":"Activation",
|
||||
"logo":"Logo",
|
||||
|
@ -767,7 +767,9 @@
|
|||
"returnUrl":"Return URL",
|
||||
"rp":"Relying Party",
|
||||
"rule":"Rule",
|
||||
"ruleAuthnLevel":"Required authentication level",
|
||||
"rules":"Regeln",
|
||||
"rulesAuthnLevel":"Required authentication levels",
|
||||
"Same":"Same",
|
||||
"save":"Save",
|
||||
"saveReport":"Save report",
|
||||
|
@ -1062,7 +1064,6 @@
|
|||
"samlServiceSignatureMethod":"Signature method",
|
||||
"samlServiceUseCertificateInResponse":"Use certificate in responses",
|
||||
"samlAdvanced":"Advanced",
|
||||
"samlIdPResolveCookie":"IDP resolution cookie name",
|
||||
"samlPartnerName":"Name of SAML partner",
|
||||
"samlMetadataForceUTF8":"UTF8 metadata conversion",
|
||||
"samlStorage":"SAML sessions module name",
|
||||
|
|
|
@ -429,7 +429,7 @@
|
|||
"loadFromUrl":"Load from URL",
|
||||
"localSessionStorage":"Cache module",
|
||||
"localSessionStorageOptions":"Cache module options",
|
||||
"locationRules":"Access rule",
|
||||
"locationRules":"Access rules",
|
||||
"loginHistory":"Login history",
|
||||
"loginHistoryEnabled":"Activation",
|
||||
"logo":"Logo",
|
||||
|
@ -767,7 +767,9 @@
|
|||
"returnUrl":"Return URL",
|
||||
"rp":"Relying Party",
|
||||
"rule":"Rule",
|
||||
"ruleAuthnLevel":"Required authentication level",
|
||||
"rules":"Rules",
|
||||
"rulesAuthnLevel":"Required authentication levels",
|
||||
"Same":"Same",
|
||||
"save":"Save",
|
||||
"saveReport":"Save report",
|
||||
|
@ -1062,7 +1064,6 @@
|
|||
"samlServiceSignatureMethod":"Signature method",
|
||||
"samlServiceUseCertificateInResponse":"Use certificate in responses",
|
||||
"samlAdvanced":"Advanced",
|
||||
"samlIdPResolveCookie":"IDP resolution cookie name",
|
||||
"samlPartnerName":"Name of SAML partner",
|
||||
"samlMetadataForceUTF8":"UTF8 metadata conversion",
|
||||
"samlStorage":"SAML sessions module name",
|
||||
|
|
|
@ -767,7 +767,9 @@
|
|||
"returnUrl":"URL de retour",
|
||||
"rp":"Client",
|
||||
"rule":"Règle",
|
||||
"ruleAuthnLevel":"Niveau d'authentication requis",
|
||||
"rules":"Règles",
|
||||
"rulesAuthnLevel":"Niveaux d'authentification requis",
|
||||
"Same":"Identique",
|
||||
"save":"Sauver",
|
||||
"saveReport":"Rapport de sauvegarde",
|
||||
|
@ -1062,7 +1064,6 @@
|
|||
"samlServiceSignatureMethod":"Méthode pour la signature",
|
||||
"samlServiceUseCertificateInResponse":"Utilisation du certificat dans les réponses",
|
||||
"samlAdvanced":"Avancé",
|
||||
"samlIdPResolveCookie":"Nom du cookie de résolution IDP",
|
||||
"samlPartnerName":"Nom du partenaire SAML",
|
||||
"samlMetadataForceUTF8":"Conversion des métadonnées en UTF8",
|
||||
"samlStorage":"Nom du module des sessions SAML",
|
||||
|
|
|
@ -767,7 +767,9 @@
|
|||
"returnUrl":"URL di ritorno",
|
||||
"rp":"Parte facente affidamento",
|
||||
"rule":"Regola",
|
||||
"ruleAuthnLevel":"Required authentication level",
|
||||
"rules":"Regole",
|
||||
"rulesAuthnLevel":"Required authentication levels",
|
||||
"Same":"Stesso",
|
||||
"save":"Salva",
|
||||
"saveReport":"Salva report",
|
||||
|
@ -1062,7 +1064,6 @@
|
|||
"samlServiceSignatureMethod":"Metodo di firma",
|
||||
"samlServiceUseCertificateInResponse":"Utilizza il certificato nelle risposte",
|
||||
"samlAdvanced":"Avanzato",
|
||||
"samlIdPResolveCookie":"Nome del cookie di risoluzione IDP",
|
||||
"samlPartnerName":"Nome del partner SAML",
|
||||
"samlMetadataForceUTF8":"Conversione metadati UTF8",
|
||||
"samlStorage":"Nome del modulo di sessioni SAML",
|
||||
|
|
|
@ -767,7 +767,9 @@
|
|||
"returnUrl":"Trả lại URL",
|
||||
"rp":"Relying Party",
|
||||
"rule":"Quy tắc",
|
||||
"ruleAuthnLevel":"Required authentication level",
|
||||
"rules":"Quy tắc",
|
||||
"rulesAuthnLevel":"Required authentication levels",
|
||||
"Same":"Tương tự",
|
||||
"save":"Lưu",
|
||||
"saveReport":"Lưu báo cáo",
|
||||
|
@ -1062,7 +1064,6 @@
|
|||
"samlServiceSignatureMethod":"Signature method",
|
||||
"samlServiceUseCertificateInResponse":"Sử dụng chứng chỉ trong hồi đáp",
|
||||
"samlAdvanced":"Nâng cao",
|
||||
"samlIdPResolveCookie":"Tên cookie phân giải IDP",
|
||||
"samlPartnerName":"Tên của đối tác SAML",
|
||||
"samlMetadataForceUTF8":"chuyển đổi mô-tả dữ liệu UTF8",
|
||||
"samlStorage":"tên mô-đun phiên SAML",
|
||||
|
|
|
@ -429,7 +429,7 @@
|
|||
"loadFromUrl":"Load from URL",
|
||||
"localSessionStorage":"Cache module",
|
||||
"localSessionStorageOptions":"Cache module options",
|
||||
"locationRules":"Access rule",
|
||||
"locationRules":"Access rules",
|
||||
"loginHistory":"登陆记录",
|
||||
"loginHistoryEnabled":"激活",
|
||||
"logo":"Logo",
|
||||
|
@ -767,7 +767,9 @@
|
|||
"returnUrl":"Return URL",
|
||||
"rp":"Relying Party",
|
||||
"rule":"Rule",
|
||||
"ruleAuthnLevel":"Required authentication level",
|
||||
"rules":"Rules",
|
||||
"rulesAuthnLevel":"Required authentication levels",
|
||||
"Same":"Same",
|
||||
"save":"Save",
|
||||
"saveReport":"Save report",
|
||||
|
@ -1062,7 +1064,6 @@
|
|||
"samlServiceSignatureMethod":"Signature method",
|
||||
"samlServiceUseCertificateInResponse":"Use certificate in responses",
|
||||
"samlAdvanced":"高级",
|
||||
"samlIdPResolveCookie":"IDP resolution cookie name",
|
||||
"samlPartnerName":"Name of SAML partner",
|
||||
"samlMetadataForceUTF8":"UTF8 metadata conversion",
|
||||
"samlStorage":"SAML sessions module name",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -56,7 +56,7 @@ my @notManagedAttributes = (
|
|||
'max2FDevices', 'max2FDevicesNameLength', 'checkTime',
|
||||
'mySessionAuthorizedRWKeys', 'handlerInternalCache',
|
||||
'handlerServiceTokenTTL', 'impersonationPrefix', 'pdataDomain',
|
||||
'forceGlobalStorageUpgradeOTT'
|
||||
'forceGlobalStorageUpgradeOTT', 'forceGlobalStorageIssuerOTT'
|
||||
);
|
||||
|
||||
# Words used either as attribute name and node title
|
||||
|
|
|
@ -1725,10 +1725,6 @@
|
|||
"title": "samlAttributeAuthorityDescriptor"
|
||||
}, {
|
||||
"_nodes": [{
|
||||
"default": "lemonldapidp",
|
||||
"id": "samlIdPResolveCookie",
|
||||
"title": "samlIdPResolveCookie"
|
||||
}, {
|
||||
"default": 1,
|
||||
"id": "samlMetadataForceUTF8",
|
||||
"title": "samlMetadataForceUTF8",
|
||||
|
|
|
@ -2162,11 +2162,6 @@
|
|||
"id": "samlAdvanced",
|
||||
"title": "samlAdvanced",
|
||||
"nodes": [{
|
||||
"default": "lemonldapidp",
|
||||
"id": "samlIdPResolveCookie",
|
||||
"title": "samlIdPResolveCookie",
|
||||
"data": "lemonldapidp"
|
||||
}, {
|
||||
"default": 1,
|
||||
"id": "samlMetadataForceUTF8",
|
||||
"title": "samlMetadataForceUTF8",
|
||||
|
|
|
@ -2137,11 +2137,6 @@
|
|||
"id": "samlAdvanced",
|
||||
"title": "samlAdvanced",
|
||||
"nodes": [{
|
||||
"default": "lemonldapidp",
|
||||
"id": "samlIdPResolveCookie",
|
||||
"title": "samlIdPResolveCookie",
|
||||
"data": "lemonldapidp"
|
||||
}, {
|
||||
"default": 1,
|
||||
"id": "samlMetadataForceUTF8",
|
||||
"title": "samlMetadataForceUTF8",
|
||||
|
|
|
@ -2255,11 +2255,6 @@
|
|||
"id": "samlAdvanced",
|
||||
"title": "samlAdvanced",
|
||||
"nodes": [{
|
||||
"default": "lemonldapidp",
|
||||
"id": "samlIdPResolveCookie",
|
||||
"title": "samlIdPResolveCookie",
|
||||
"data": "lemonldapidp"
|
||||
}, {
|
||||
"default": 1,
|
||||
"id": "samlMetadataForceUTF8",
|
||||
"title": "samlMetadataForceUTF8",
|
||||
|
|
|
@ -2268,11 +2268,6 @@
|
|||
"id": "samlAdvanced",
|
||||
"title": "samlAdvanced",
|
||||
"nodes": [{
|
||||
"default": "lemonldapidp",
|
||||
"id": "samlIdPResolveCookie",
|
||||
"title": "samlIdPResolveCookie",
|
||||
"data": "lemonldapidp"
|
||||
}, {
|
||||
"default": 1,
|
||||
"id": "samlMetadataForceUTF8",
|
||||
"title": "samlMetadataForceUTF8",
|
||||
|
|
|
@ -2153,11 +2153,6 @@
|
|||
"id": "samlAdvanced",
|
||||
"title": "samlAdvanced",
|
||||
"nodes": [{
|
||||
"default": "lemonldapidp",
|
||||
"id": "samlIdPResolveCookie",
|
||||
"title": "samlIdPResolveCookie",
|
||||
"data": "lemonldapidp"
|
||||
}, {
|
||||
"default": 1,
|
||||
"id": "samlMetadataForceUTF8",
|
||||
"title": "samlMetadataForceUTF8",
|
||||
|
|
|
@ -2663,11 +2663,6 @@
|
|||
},
|
||||
{
|
||||
"_nodes": [{
|
||||
"default": "lemonldapidp",
|
||||
"id": "samlIdPResolveCookie",
|
||||
"title": "samlIdPResolveCookie"
|
||||
},
|
||||
{
|
||||
"default": 1,
|
||||
"id": "samlMetadataForceUTF8",
|
||||
"title": "samlMetadataForceUTF8",
|
||||
|
|
|
@ -3830,11 +3830,6 @@
|
|||
},
|
||||
{
|
||||
"_nodes" : [
|
||||
{
|
||||
"default" : "lemonldapidp",
|
||||
"id" : "samlIdPResolveCookie",
|
||||
"title" : "samlIdPResolveCookie"
|
||||
},
|
||||
{
|
||||
"default" : 1,
|
||||
"id" : "samlMetadataForceUTF8",
|
||||
|
|
|
@ -1727,10 +1727,6 @@
|
|||
"title": "samlAttributeAuthorityDescriptor"
|
||||
}, {
|
||||
"_nodes": [{
|
||||
"default": "lemonldapidp",
|
||||
"id": "samlIdPResolveCookie",
|
||||
"title": "samlIdPResolveCookie"
|
||||
}, {
|
||||
"default": 1,
|
||||
"id": "samlMetadataForceUTF8",
|
||||
"title": "samlMetadataForceUTF8",
|
||||
|
|
|
@ -137,7 +137,6 @@ sub extractFormInfo {
|
|||
$portalPath =~ s#^https?://[^/]+/?#/#;
|
||||
|
||||
$req->data->{list} = $self->srvList;
|
||||
$req->data->{confirmRemember} = 0;
|
||||
|
||||
$req->data->{login} = 1;
|
||||
return PE_IDPCHOICE;
|
||||
|
|
|
@ -244,7 +244,6 @@ sub extractFormInfo {
|
|||
$portalPath =~ s#^https?://[^/]+/?#/#;
|
||||
|
||||
$req->data->{list} = $self->opList;
|
||||
$req->data->{confirmRemember} = 0;
|
||||
|
||||
$req->data->{login} = 1;
|
||||
return PE_IDPCHOICE;
|
||||
|
|
|
@ -859,7 +859,7 @@ sub extractFormInfo {
|
|||
# 2. IDP resolution
|
||||
|
||||
# Search a selected IdP
|
||||
my ( $idp, $idp_cookie ) = $self->getIDP($req);
|
||||
my $idp = $self->getIDP($req);
|
||||
|
||||
# Use Common Domain Cookie
|
||||
if ( !$idp
|
||||
|
@ -973,47 +973,12 @@ sub extractFormInfo {
|
|||
or $a->{val} cmp $b->{val}
|
||||
} @list;
|
||||
$req->data->{list} = \@list;
|
||||
$req->data->{confirmRemember} = 1;
|
||||
|
||||
# Delete existing IDP resolution cookie
|
||||
$req->addCookie(
|
||||
$self->p->cookie(
|
||||
name => $self->conf->{samlIdPResolveCookie},
|
||||
value => 0,
|
||||
domain => $self->conf->{domain},
|
||||
secure => 0,
|
||||
expires => 'Wed, 21 Oct 2015 00:00:00 GMT',
|
||||
)
|
||||
);
|
||||
|
||||
#TODO: check this
|
||||
$req->data->{login} = 1;
|
||||
return PE_IDPCHOICE;
|
||||
}
|
||||
|
||||
# Store choosen IDP in cookie
|
||||
unless ( $idp_cookie and $idp eq $idp_cookie ) {
|
||||
$self->logger->debug("Build cookie to remember $idp as IDP choice");
|
||||
|
||||
# Control url parameter
|
||||
my $urlcheck = $self->p->controlUrl($req);
|
||||
return $urlcheck unless ( $urlcheck == PE_OK );
|
||||
|
||||
# User can choose temporary (0) or persistent cookie (1)
|
||||
my $cookie_type = $req->param("cookie_type") || "0";
|
||||
|
||||
# Cookie available 1 year
|
||||
$req->addCookie(
|
||||
$self->p->cookie(
|
||||
name => $self->conf->{samlIdPResolveCookie},
|
||||
value => $idp,
|
||||
domain => $self->conf->{domain},
|
||||
secure => $self->conf->{securedCookie},
|
||||
( $cookie_type ? ( max_age => 31557600 ) : () ),
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
# 3. Build authentication request
|
||||
|
||||
# IDP conf key
|
||||
|
@ -1487,7 +1452,6 @@ sub getForm {
|
|||
|
||||
# Try to find an IdP using :
|
||||
# * HTTP parameter
|
||||
# * "samlIdPResolveCookie" cookie
|
||||
# * Rules
|
||||
#
|
||||
# @return Array containing :
|
||||
|
@ -1498,8 +1462,6 @@ sub getIDP {
|
|||
my $idp;
|
||||
my $idpName;
|
||||
|
||||
my $idp_cookie = $req->cookies->{ $self->{conf}->{samlIdPResolveCookie} };
|
||||
|
||||
# Case 1: Recover IDP from idp URL Parameter
|
||||
unless ( $idp = $req->param("idp") ) {
|
||||
|
||||
|
@ -1516,12 +1478,7 @@ sub getIDP {
|
|||
}
|
||||
}
|
||||
|
||||
# Case 3: Recover IDP from cookie
|
||||
if ( !$idp and $idp = $idp_cookie ) {
|
||||
$self->logger->debug("IDP $idp selected from IDP resolution cookie");
|
||||
}
|
||||
|
||||
# Case 4: check all IDP resolution rules
|
||||
# Case 3: check all IDP resolution rules
|
||||
# The first match win
|
||||
else {
|
||||
foreach ( keys %{ $self->idpList } ) {
|
||||
|
@ -1553,7 +1510,7 @@ sub getIDP {
|
|||
$idp = undef;
|
||||
}
|
||||
|
||||
return ( $idp, $idp_cookie );
|
||||
return $idp;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -98,7 +98,6 @@ sub display {
|
|||
&& $req->data->{login},
|
||||
ASK_LOGINS => $req->param('checkLogins') || 0,
|
||||
CONFIRMKEY => $self->stamp(),
|
||||
REMEMBER => $req->data->{confirmRemember},
|
||||
(
|
||||
$req->data->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||
|
@ -126,7 +125,6 @@ sub display {
|
|||
ASK_LOGINS => $req->param('checkLogins') || 0,
|
||||
CONFIRMKEY => $self->stamp(),
|
||||
LIST => $req->data->{list} || [],
|
||||
REMEMBER => $req->data->{confirmRemember},
|
||||
(
|
||||
$req->data->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||
|
|
|
@ -24,13 +24,10 @@ our $VERSION = '2.1.0';
|
|||
|
||||
# PROPERTIES
|
||||
|
||||
has type => ( is => 'rw' );
|
||||
|
||||
has path => ( is => 'rw' );
|
||||
|
||||
has type => ( is => 'rw' );
|
||||
has path => ( is => 'rw' );
|
||||
has ipath => ( is => 'rw' );
|
||||
|
||||
has _ott => (
|
||||
has _ott => (
|
||||
is => 'rw',
|
||||
lazy => 1,
|
||||
default => sub {
|
||||
|
@ -52,6 +49,12 @@ sub beforeLogout { 'logout' }
|
|||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
if ( $self->conf->{forceGlobalStorageIssuerOTT} ) {
|
||||
$self->logger->debug(
|
||||
"-> Issuer tokens will be stored into global storage");
|
||||
$self->_ott->cache(undef);
|
||||
}
|
||||
|
||||
my $type = ref( $_[0] );
|
||||
$type =~ s/.*:://;
|
||||
$self->type($type);
|
||||
|
@ -91,7 +94,7 @@ sub _redirect {
|
|||
'Add ' . $self->ipath . ', ' . $self->ipath . 'Path in keepPdata' );
|
||||
push @{ $req->pdata->{keepPdata} }, $self->ipath, $self->ipath . 'Path';
|
||||
$req->{urldc} = $self->conf->{portal} . '/' . $self->path;
|
||||
$req->pdata->{_url} = encode_base64($req->urldc, '');
|
||||
$req->pdata->{_url} = encode_base64( $req->urldc, '' );
|
||||
}
|
||||
else {
|
||||
$self->logger->debug('Not seen as Issuer request, skipping');
|
||||
|
|
|
@ -29,7 +29,7 @@ sub init {
|
|||
my ($self) = @_;
|
||||
if ( $self->conf->{forceGlobalStorageUpgradeOTT} ) {
|
||||
$self->logger->debug(
|
||||
"Upgrade token will be stored into global storage");
|
||||
"-> Upgrade tokens will be stored into global storage");
|
||||
$self->ott->cache(undef);
|
||||
}
|
||||
$self->addAuthRoute( upgradesession => 'ask', ['GET'] );
|
||||
|
|
|
@ -47,12 +47,12 @@ sub getUser {
|
|||
my ( $self, $req, %args ) = @_;
|
||||
|
||||
if ( $args{useMail} ) {
|
||||
return PE_OK
|
||||
if (
|
||||
( $req->{user} ) =
|
||||
grep { $demoAccounts{$_}->{mail} eq $req->{user} }
|
||||
keys %demoAccounts
|
||||
);
|
||||
my ($user) = grep { $demoAccounts{$_}->{mail} eq $req->{user} }
|
||||
keys %demoAccounts;
|
||||
if ($user) {
|
||||
$req->{user} = $user;
|
||||
return PE_OK;
|
||||
}
|
||||
}
|
||||
else {
|
||||
return PE_OK
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1 +1,2 @@
|
|||
(function(){var r,e,n,t,o;n=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},r=function(e,r,t){var o;if(console.log("Error",t),(o=JSON.parse(e.responseText))&&o.error)return o=o.error.replace(/.* /,""),console.log("Returned error",o),n(o,"warning")},t="",e=function(e){return n("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:e},error:r,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),n(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?n("yourNewTotpKey","warning"):n("yourTotpKey","success"),t=e.token):n("PE24","danger")}})},o=function(){var e;return(e=$("#code").val())?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:t,code:e,TOTPName:$("#TOTPName").val()},error:r,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?n(e.error,"warning"):n(e.error,"danger"):n("yourKeyIsRegistered","success")}}):n("fillTheForm","warning")},$(document).ready(function(){return e(0),$("#changekey").on("click",function(){return e(1)}),$("#verify").on("click",function(){return o()})})}).call(this);
|
||||
(function(){var e,r,t,o,n;t=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},e=function(e,r,o){var n;if(console.log("Error",o),(n=JSON.parse(e.responseText))&&n.error)return n=n.error.replace(/.* /,""),console.log("Returned error",n),t(n,"warning")},o="",r=function(r){return t("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:r},error:e,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),t(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?t("yourNewTotpKey","warning"):t("yourTotpKey","success"),o=e.token):t("PE24","danger")}})},n=function(){var r;return r=$("#code").val(),r?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:o,code:r,TOTPName:$("#TOTPName").val()},error:e,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?t(e.error,"warning"):t(e.error,"danger"):t("yourKeyIsRegistered","success")}}):t("fillTheForm","warning")},$(document).ready(function(){return r(0),$("#changekey").on("click",function(){return r(1)}),$("#verify").on("click",function(){return n()})})}).call(this);
|
||||
//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map
|
|
@ -1 +1 @@
|
|||
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.js"],"names":["displayError","getKey","setMsg","token","verify","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,IAAIA,EAAcC,EAAQC,EAAQC,EAAOC,EAEzCF,EAAS,SAASG,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCN,EAAe,SAASa,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBd,EAAOc,EAAK,YAIvBb,EAAQ,GAERF,EAAS,SAASuB,GAEhB,OADAtB,EAAO,cAAe,WACfK,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJC,OAAQP,GAEVF,MAAOtB,EACPgC,QAAS,SAASF,GAChB,IAAQG,EACR,OAAIH,EAAKR,OACHQ,EAAKR,MAAMY,MAAM,oBACnB3B,EAAE,cAAc4B,OAEXjC,EAAO4B,EAAKR,MAAO,YAEtBQ,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvC9B,EAAE,cAAc+B,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,IAAIC,OAAO,CACdC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAERxC,EAAE,eAAeyC,KAAKf,GAClBH,EAAKC,OACP7B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBC,EAAQ2B,EAAK3B,OArBXD,EAAO,OAAQ,cA0B9BE,EAAS,WACP,IAAI6C,EAEJ,OADAA,EAAM1C,EAAE,SAAS0C,OAIR1C,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJ3B,MAAOA,EACP+C,KAAMD,EACNE,SAAU5C,EAAE,aAAa0C,OAE3B3B,MAAOtB,EACPgC,QAAS,SAASF,GAChB,OAAIA,EAAKR,MACHQ,EAAKR,MAAMY,MAAM,kBACZhC,EAAO4B,EAAKR,MAAO,WAEnBpB,EAAO4B,EAAKR,MAAO,UAGrBpB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCK,EAAEqC,UAAUQ,MAAM,WAKhB,OAJAnD,EAAO,GACPM,EAAE,cAAc8C,GAAG,QAAS,WAC1B,OAAOpD,EAAO,KAETM,EAAE,WAAW8C,GAAG,QAAS,WAC9B,OAAOjD,UAIVkD,KAAKC"}
|
||||
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.js"],"names":["displayError","getKey","setMsg","token","verify","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,GAAIA,GAAcC,EAAQC,EAAQC,EAAOC,CAEzCF,GAAS,SAASG,EAAKC,GAOrB,MANAC,GAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCN,EAAe,SAASa,EAAGC,EAAQC,GACjC,GAAIC,EAGJ,IAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,MAFAN,GAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBd,EAAOc,EAAK,YAIvBb,EAAQ,GAERF,EAAS,SAASuB,GAEhB,MADAtB,GAAO,cAAe,WACfK,EAAEkB,MACPC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,MACEC,OAAQP,GAEVF,MAAOtB,EACPgC,QAAS,SAASF,GAChB,GAAQG,EACR,OAAIH,GAAKR,OACHQ,EAAKR,MAAMY,MAAM,oBACnB3B,EAAE,cAAc4B,OAEXjC,EAAO4B,EAAKR,MAAO,YAEtBQ,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvC9B,EAAE,cAAc+B,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,GAAIC,SACPC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAERxC,EAAE,eAAeyC,KAAKf,GAClBH,EAAKC,OACP7B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBC,EAAQ2B,EAAK3B,OArBXD,EAAO,OAAQ,cA0B9BE,EAAS,WACP,GAAI6C,EAEJ,OADAA,GAAM1C,EAAE,SAAS0C,MACZA,EAGI1C,EAAEkB,MACPC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,MACE3B,MAAOA,EACP+C,KAAMD,EACNE,SAAU5C,EAAE,aAAa0C,OAE3B3B,MAAOtB,EACPgC,QAAS,SAASF,GAChB,MAAIA,GAAKR,MACHQ,EAAKR,MAAMY,MAAM,kBACZhC,EAAO4B,EAAKR,MAAO,WAEnBpB,EAAO4B,EAAKR,MAAO,UAGrBpB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCK,EAAEqC,UAAUQ,MAAM,WAKhB,MAJAnD,GAAO,GACPM,EAAE,cAAc8C,GAAG,QAAS,WAC1B,MAAOpD,GAAO,KAETM,EAAE,WAAW8C,GAAG,QAAS,WAC9B,MAAOjD,WAIVkD,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js"}
|
|
@ -42,21 +42,6 @@
|
|||
</TMPL_LOOP>
|
||||
</div>
|
||||
|
||||
<TMPL_IF NAME="REMEMBER">
|
||||
<div class="input-group">
|
||||
<div class="input-group-prepend">
|
||||
<div class="input-group-text">
|
||||
<input type="checkbox" id="remember" name="cookie_type" value="1" aria-describedby="rememberlabel">
|
||||
</div>
|
||||
</div>
|
||||
<p class="form-control">
|
||||
<label id="rememberlabel" for="remember">
|
||||
<span trspan="rememberChoice">Remember my choice</span>
|
||||
</label>
|
||||
</p>
|
||||
</div>
|
||||
</TMPL_IF>
|
||||
|
||||
<!-- //if:jsminified
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/idpchoice.min.js"></script>
|
||||
//else -->
|
||||
|
|
|
@ -12,7 +12,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 24;
|
||||
my $maintests = 22;
|
||||
my $debug = 'error';
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
||||
|
@ -60,9 +60,6 @@ SKIP: {
|
|||
),
|
||||
'Post SAML choice'
|
||||
);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ) == 0, 'IDP cookie deleted' )
|
||||
or explain( $res->[1],
|
||||
'Set-Cookie => lemonldapidp=0; domain=.sp.com; path=/; expires=-1d' );
|
||||
( $host, $url, $query ) = expectForm( $res, undef, undef, 'confirm', );
|
||||
|
||||
# IDP must be sorted
|
||||
|
@ -92,16 +89,11 @@ m%<img src="http://auth.sp.com/static/common/icons/sfa_manager.png" class="mr-2"
|
|||
'/' => IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => "lemonldapidp=0;$spPdata",
|
||||
cookie => "$spPdata",
|
||||
),
|
||||
'Post SAML choice'
|
||||
);
|
||||
$spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
( $host, $url, $query ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -144,7 +136,7 @@ m%<img src="http://auth.sp.com/static/common/icons/sfa_manager.png" class="mr-2"
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata",
|
||||
cookie => "$spPdata",
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -194,7 +186,6 @@ m%<img src="http://auth.sp.com/static/common/icons/sfa_manager.png" class="mr-2"
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -213,9 +204,7 @@ m%<img src="http://auth.sp.com/static/common/icons/sfa_manager.png" class="mr-2"
|
|||
switch ('sp');
|
||||
ok(
|
||||
$res = $sp->_get(
|
||||
'/',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
'/', cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -149,8 +149,7 @@ m#img src="http://auth.idp.com(/saml/relaySingleLogoutSOAP)\?(relay=.*?)"#s,
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -10,7 +10,7 @@ BEGIN {
|
|||
require 't/test-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 14;
|
||||
my $maintests = 13;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -65,11 +65,6 @@ SKIP: {
|
|||
),
|
||||
'Unauth SP request'
|
||||
);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $url, $query ) = expectRedirection( $res,
|
||||
qr#^http://auth.idp.com(/saml/singleSignOnArtifact)\?(SAMLart=.+)# );
|
||||
|
||||
|
@ -121,7 +116,6 @@ SKIP: {
|
|||
query => $query,
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Push artifact to SP'
|
||||
);
|
||||
|
@ -174,8 +168,7 @@ SKIP: {
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -74,7 +74,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -180,8 +179,7 @@ m#iframe src="http://auth.idp.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 21;
|
||||
my $maintests = 19;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -50,11 +50,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -96,11 +91,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -142,7 +132,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -210,8 +199,7 @@ SKIP: {
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 22;
|
||||
my $maintests = 20;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -50,11 +50,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -96,11 +91,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -148,7 +138,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -206,7 +195,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -227,8 +215,7 @@ SKIP: {
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -84,7 +84,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -162,8 +161,7 @@ m#iframe src="http://auth.sp.com(/saml/proxySingleLogout)\?(SAMLRequest=.*?)"#,
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 23;
|
||||
my $maintests = 21;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $sp2, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [], sp2 => [] );
|
||||
|
@ -55,15 +55,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
my ( $host, $url, $query );
|
||||
ok(
|
||||
expectCookie( $res, 'lemonldapidp' ) eq
|
||||
'http://auth.idp.com/saml/metadata',
|
||||
'IDP cookie defined'
|
||||
)
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
( $url, $query ) = expectRedirection( $res,
|
||||
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
|
||||
|
||||
|
@ -113,7 +104,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -144,15 +134,6 @@ SKIP: {
|
|||
'Unauth SP2 request'
|
||||
);
|
||||
|
||||
ok(
|
||||
expectCookie( $res, 'lemonldapidp' ) eq
|
||||
'http://auth.idp.com/saml/metadata',
|
||||
'IDP cookie defined'
|
||||
)
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp2.com; path=/'
|
||||
);
|
||||
( $url, $query ) = expectRedirection( $res,
|
||||
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
|
||||
|
||||
|
@ -178,7 +159,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP2'
|
||||
);
|
||||
|
@ -235,8 +215,7 @@ SKIP: {
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
@ -249,8 +228,7 @@ SKIP: {
|
|||
$res = $sp2->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$sp2Id"
|
||||
cookie => "lemonldap=$sp2Id"
|
||||
),
|
||||
'User is unfortunately still logged into SP2'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 27;
|
||||
my $maintests = 25;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $sp2, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [], sp2 => [] );
|
||||
|
@ -55,15 +55,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
my ( $host, $url, $query );
|
||||
ok(
|
||||
expectCookie( $res, 'lemonldapidp' ) eq
|
||||
'http://auth.idp.com/saml/metadata',
|
||||
'IDP cookie defined'
|
||||
)
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
( $url, $query ) = expectRedirection( $res,
|
||||
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
|
||||
|
||||
|
@ -113,7 +104,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -144,15 +134,6 @@ SKIP: {
|
|||
'Unauth SP2 request'
|
||||
);
|
||||
|
||||
ok(
|
||||
expectCookie( $res, 'lemonldapidp' ) eq
|
||||
'http://auth.idp.com/saml/metadata',
|
||||
'IDP cookie defined'
|
||||
)
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp2.com; path=/'
|
||||
);
|
||||
( $url, $query ) = expectRedirection( $res,
|
||||
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
|
||||
|
||||
|
@ -178,7 +159,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP2'
|
||||
);
|
||||
|
@ -293,8 +273,7 @@ qr#^http://auth.sp.com(/saml/proxySingleLogoutReturn)\?(SAMLResponse=.+)#
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
@ -306,8 +285,7 @@ qr#^http://auth.sp.com(/saml/proxySingleLogoutReturn)\?(SAMLResponse=.+)#
|
|||
$res = $sp2->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$sp2Id"
|
||||
cookie => "lemonldap=$sp2Id"
|
||||
),
|
||||
'Test if user is reject on SP2'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 17;
|
||||
my $maintests = 16;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -52,15 +52,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
my ( $host, $url, $query );
|
||||
ok(
|
||||
expectCookie( $res, 'lemonldapidp' ) eq
|
||||
'http://auth.idp.com/saml/metadata',
|
||||
'IDP cookie defined'
|
||||
)
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
( $url, $query ) = expectRedirection( $res,
|
||||
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
|
||||
|
||||
|
@ -115,7 +106,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -189,8 +179,7 @@ qr#^http://auth.sp.com(/saml/proxySingleLogoutReturn)\?(SAMLResponse=.+)#
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 21;
|
||||
my $maintests = 20;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $cdc, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -63,11 +63,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -126,7 +121,6 @@ m#<iframe.*src="http://auth.cdc.com/\?(action=write&idp=http://auth.idp.com/saml
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -184,7 +178,6 @@ m#<iframe.*src="http://auth.cdc.com/\?(action=write&idp=http://auth.idp.com/saml
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -205,8 +198,7 @@ m#<iframe.*src="http://auth.cdc.com/\?(action=write&idp=http://auth.idp.com/saml
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 13;
|
||||
my $maintests = 12;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -49,11 +49,6 @@ SKIP: {
|
|||
),
|
||||
'Unauth SP request'
|
||||
);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -96,7 +91,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -109,9 +103,8 @@ SKIP: {
|
|||
ok(
|
||||
$res = $sp->_get(
|
||||
$url || '/',
|
||||
query => $s,
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId",
|
||||
query => $s,
|
||||
cookie => "lemonldap=$spId",
|
||||
accept => 'text/html',
|
||||
),
|
||||
' Follow redirection'
|
||||
|
@ -155,7 +148,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -176,8 +168,7 @@ SKIP: {
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 18;
|
||||
my $maintests = 16;
|
||||
my $debug = 'error';
|
||||
my $timeout = 6;
|
||||
my ( $issuer, $sp, $res );
|
||||
|
@ -51,11 +51,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -97,11 +92,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -148,7 +138,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -201,7 +190,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
|
|
@ -12,7 +12,7 @@ BEGIN {
|
|||
require 't/smtp.pm';
|
||||
}
|
||||
|
||||
my $maintests = 20;
|
||||
my $maintests = 19;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -65,11 +65,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -172,7 +167,6 @@ qr%<input name="code" value="" class="form-control" id="extcode" trplaceholder="
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -222,7 +216,6 @@ qr%<input name="code" value="" class="form-control" id="extcode" trplaceholder="
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -244,7 +237,7 @@ qr%<input name="code" value="" class="form-control" id="extcode" trplaceholder="
|
|||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
"lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 17;
|
||||
my $maintests = 16;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -64,11 +64,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -144,7 +139,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -194,7 +188,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -215,8 +208,7 @@ SKIP: {
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -12,7 +12,7 @@ BEGIN {
|
|||
}
|
||||
my $userdb = tempdb();
|
||||
|
||||
my $maintests = 13;
|
||||
my $maintests = 12;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -75,11 +75,6 @@ SKIP: {
|
|||
),
|
||||
'Unauth SP request'
|
||||
);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $query ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -92,8 +87,7 @@ SKIP: {
|
|||
IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie =>
|
||||
"lemonldap=$idpId;lemonldapidp=http://auth.idp.com/saml/metadata",
|
||||
cookie => "lemonldap=$idpId",
|
||||
),
|
||||
'Post SAML request to IdP'
|
||||
);
|
||||
|
@ -108,8 +102,7 @@ SKIP: {
|
|||
IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie =>
|
||||
"lemonldap=$idpId;lemonldapidp=http://auth.idp.com/saml/metadata;$pdata",
|
||||
cookie => "lemonldap=$idpId;$pdata",
|
||||
),
|
||||
'Ask to renew'
|
||||
);
|
||||
|
@ -127,8 +120,7 @@ SKIP: {
|
|||
IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie =>
|
||||
"lemonldap=$idpId;lemonldapidp=http://auth.idp.com/saml/metadata;$pdata",
|
||||
cookie => "lemonldap=$idpId;$pdata",
|
||||
),
|
||||
'Re auth'
|
||||
);
|
||||
|
@ -143,8 +135,7 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldap=$idpId;lemonldapidp=http://auth.idp.com/saml/metadata;$pdata",
|
||||
cookie => "lemonldap=$idpId;$pdata",
|
||||
),
|
||||
'Follow redirection'
|
||||
);
|
||||
|
@ -159,7 +150,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 13;
|
||||
my $maintests = 12;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -63,11 +63,6 @@ SKIP: {
|
|||
),
|
||||
'Unauth SP request'
|
||||
);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $query ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -80,8 +75,7 @@ SKIP: {
|
|||
IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie =>
|
||||
"lemonldap=$idpId;lemonldapidp=http://auth.idp.com/saml/metadata",
|
||||
cookie => "lemonldap=$idpId",
|
||||
),
|
||||
'Post SAML request to IdP'
|
||||
);
|
||||
|
@ -96,8 +90,7 @@ SKIP: {
|
|||
IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie =>
|
||||
"lemonldap=$idpId;lemonldapidp=http://auth.idp.com/saml/metadata;$pdata",
|
||||
cookie => "lemonldap=$idpId;$pdata",
|
||||
),
|
||||
'Ask to renew'
|
||||
);
|
||||
|
@ -115,8 +108,7 @@ SKIP: {
|
|||
IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie =>
|
||||
"lemonldap=$idpId;lemonldapidp=http://auth.idp.com/saml/metadata;$pdata",
|
||||
cookie => "lemonldap=$idpId;$pdata",
|
||||
),
|
||||
'Re auth'
|
||||
);
|
||||
|
@ -131,8 +123,7 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldap=$idpId;lemonldapidp=http://auth.idp.com/saml/metadata;$pdata",
|
||||
cookie => "lemonldap=$idpId;$pdata",
|
||||
),
|
||||
'Follow redirection'
|
||||
);
|
||||
|
@ -147,7 +138,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 7;
|
||||
my $maintests = 6;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -51,15 +51,6 @@ SKIP: {
|
|||
),
|
||||
'Unauth SP request'
|
||||
);
|
||||
ok(
|
||||
expectCookie( $res, 'lemonldapidp' ) eq
|
||||
'http://auth.idp.com/saml/metadata',
|
||||
'IDP cookie defined'
|
||||
)
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $url, $query ) = expectRedirection( $res,
|
||||
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
|
||||
|
||||
|
|
|
@ -184,21 +184,6 @@ ok(
|
|||
count(1);
|
||||
expectReject($res);
|
||||
|
||||
#switch ('rp');
|
||||
#ok(
|
||||
# $res = $rp->_get(
|
||||
# '/',
|
||||
# accept => 'text/html',
|
||||
# cookie =>
|
||||
# "lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
# ),
|
||||
# 'Test if user is reject on SP'
|
||||
#);
|
||||
#count(1);
|
||||
#expectRedirection( $res, qr#^http://auth.op.com/oauth2/authorize# );
|
||||
|
||||
#print STDERR Dumper($res);
|
||||
|
||||
clean_sessions();
|
||||
done_testing( count() );
|
||||
|
||||
|
|
|
@ -260,8 +260,7 @@ ok(
|
|||
$res = $rp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -228,8 +228,7 @@ SKIP: {
|
|||
$res = $rp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -256,8 +256,7 @@ ok(
|
|||
$res = $rp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -256,8 +256,7 @@ ok(
|
|||
$res = $rp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -167,8 +167,7 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata;$proxyPdata",
|
||||
cookie => "$proxyPdata",
|
||||
),
|
||||
'POST SAML response'
|
||||
);
|
||||
|
@ -178,8 +177,7 @@ SKIP: {
|
|||
$res = $proxy->_get(
|
||||
$url,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata;lemonldap=$spId;$proxyPdata",
|
||||
cookie => "lemonldap=$spId;$proxyPdata",
|
||||
),
|
||||
'Follow internal redirection'
|
||||
);
|
||||
|
|
|
@ -152,8 +152,7 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata;$proxyPdata",
|
||||
cookie => "$proxyPdata",
|
||||
),
|
||||
'POST SAML response'
|
||||
);
|
||||
|
@ -163,8 +162,7 @@ SKIP: {
|
|||
$res = $proxy->_get(
|
||||
$url,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata;lemonldap=$spId;$proxyPdata",
|
||||
cookie => "lemonldap=$spId;$proxyPdata",
|
||||
),
|
||||
'Follow internal redirection'
|
||||
);
|
||||
|
|
|
@ -167,7 +167,6 @@ SKIP: {
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie => 'lemonldapidp=http://auth.op.com/saml/metadata'
|
||||
),
|
||||
'Try SAML SP'
|
||||
);
|
||||
|
@ -197,7 +196,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -305,8 +303,7 @@ m#iframe src="http://auth.op.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
|
|||
$res = $rp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.op.com/saml/metadata; lemonldap=$rpId"
|
||||
cookie => "lemonldap=$rpId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
@ -317,8 +314,7 @@ m#iframe src="http://auth.op.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.op.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
|
@ -115,8 +115,6 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
|
||||
# cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata'
|
||||
),
|
||||
"Push request to OP, endpoint $url"
|
||||
);
|
||||
|
@ -186,7 +184,7 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
|
||||
cookie => "$spPdata"
|
||||
),
|
||||
'POST SAML response'
|
||||
);
|
||||
|
@ -200,8 +198,7 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldap=$spId;lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
|
||||
cookie => "lemonldap=$spId;$spPdata"
|
||||
),
|
||||
'Follow internal redirection from SAML-SP to OIDC-OP'
|
||||
);
|
||||
|
@ -211,8 +208,7 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldap=$spId;lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
|
||||
cookie => "lemonldap=$spId;$spPdata"
|
||||
),
|
||||
'Confirm OIDC sharing'
|
||||
);
|
||||
|
|
|
@ -115,8 +115,6 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata'
|
||||
),
|
||||
"Push request to OP, endpoint $url"
|
||||
);
|
||||
|
@ -169,7 +167,7 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
|
||||
cookie => "$spPdata"
|
||||
),
|
||||
'POST SAML response'
|
||||
);
|
||||
|
@ -183,8 +181,7 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldap=$spId;lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
|
||||
cookie => "lemonldap=$spId;$spPdata"
|
||||
),
|
||||
'Follow internal redirection from SAML-SP to OIDC-OP'
|
||||
);
|
||||
|
@ -194,8 +191,7 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldap=$spId;lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
|
||||
cookie => "lemonldap=$spId;$spPdata"
|
||||
),
|
||||
'Confirm OIDC sharing'
|
||||
);
|
||||
|
|
|
@ -115,8 +115,6 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata'
|
||||
),
|
||||
"Push request to OP, endpoint $url"
|
||||
);
|
||||
|
@ -171,7 +169,7 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata",
|
||||
cookie => "$spPdata",
|
||||
),
|
||||
'POST SAML response'
|
||||
);
|
||||
|
@ -185,8 +183,7 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldap=$spId;lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
|
||||
cookie => "lemonldap=$spId;$spPdata"
|
||||
),
|
||||
'Follow internal redirection from SAML-SP to OIDC-OP'
|
||||
);
|
||||
|
@ -196,8 +193,7 @@ SKIP: {
|
|||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldap=$spId;lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
|
||||
cookie => "lemonldap=$spId;$spPdata"
|
||||
),
|
||||
'Confirm OIDC sharing'
|
||||
);
|
||||
|
|
|
@ -107,7 +107,6 @@ SKIP: {
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata'
|
||||
),
|
||||
'Try SAML SP'
|
||||
);
|
||||
|
@ -207,7 +206,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 17;
|
||||
my $maintests = 16;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $proxy, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], proxy => [], sp => [] );
|
||||
|
@ -88,11 +88,6 @@ SKIP: {
|
|||
),
|
||||
'Unauth SP request'
|
||||
);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.proxy.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
|
||||
my ( $host, $url, $query ) =
|
||||
expectAutoPost( $res, 'auth.proxy.com', '/saml/singleSignOn',
|
||||
|
@ -189,7 +184,6 @@ qr'^http://auth.idp.com/cas/login\?(service=http%3A%2F%2Fauth.proxy.com%2F.*)$'
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 15;
|
||||
my $maintests = 14;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $proxy, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], proxy => [], sp => [] );
|
||||
|
@ -89,11 +89,6 @@ SKIP: {
|
|||
),
|
||||
'Unauth SP request'
|
||||
);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.proxy.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
|
||||
my ( $host, $url, $query ) =
|
||||
expectAutoPost( $res, 'auth.proxy.com', '/saml/singleSignOn',
|
||||
|
@ -174,7 +169,6 @@ qr'^http://auth.idp.com/cas/login\?(service=http%3A%2F%2Fauth.proxy.com%2F.*)$'
|
|||
$url, IO::String->new($query),
|
||||
accept => 'text/html',
|
||||
length => length($query),
|
||||
cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
|
|
@ -107,7 +107,6 @@ SKIP: {
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata'
|
||||
),
|
||||
'Try SAML SP'
|
||||
);
|
||||
|
@ -205,7 +204,6 @@ SKIP: {
|
|||
$url, IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
|
|
@ -9,6 +9,7 @@ require 't/smtp.pm';
|
|||
use_ok('Lemonldap::NG::Common::FormEncode');
|
||||
count(1);
|
||||
|
||||
my $res;
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
|
@ -26,6 +27,13 @@ my $client = LLNG::Manager::Test->new( {
|
|||
'vhostAuthnLevel' => 3
|
||||
},
|
||||
},
|
||||
"locationRules" => {
|
||||
"test1.example.com" => {
|
||||
'default' => 'accept',
|
||||
'^/AuthWeak(?#AuthnLevel=2)' => 'deny',
|
||||
'^/AuthStrong(?#AuthnLevel=5)' => 'deny',
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
);
|
||||
|
@ -33,7 +41,7 @@ my $client = LLNG::Manager::Test->new( {
|
|||
# Try to authenticate
|
||||
# -------------------
|
||||
ok(
|
||||
my $res = $client->_post(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=dwho&password=dwho&lmAuth=weak'),
|
||||
length => 35,
|
||||
|
@ -42,15 +50,40 @@ ok(
|
|||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
|
||||
my $id = expectCookie($res);
|
||||
|
||||
|
||||
# Portal IS NOT a handler
|
||||
#########################
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/AuthWeak',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id",
|
||||
host => 'test1.example.com',
|
||||
),
|
||||
'GET http://test1.example.com/AuthWeak'
|
||||
);
|
||||
expectOK($res);
|
||||
count(1);
|
||||
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/AuthStrong',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id",
|
||||
host => 'test1.example.com',
|
||||
),
|
||||
'GET http://test1.example.com/AuthStrong'
|
||||
);
|
||||
count(1);
|
||||
|
||||
# After attempting to access test1,
|
||||
# the handler sends up back to /upgradesession
|
||||
# --------------------------------------------
|
||||
|
||||
ok(
|
||||
my $res = $client->_get(
|
||||
$res = $client->_get(
|
||||
'/upgradesession',
|
||||
query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29t',
|
||||
accept => 'text/html',
|
||||
|
@ -67,7 +100,7 @@ my ( $host, $url, $query ) =
|
|||
# ----------------------
|
||||
|
||||
ok(
|
||||
my $res = $client->_post(
|
||||
$res = $client->_post(
|
||||
'/upgradesession',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
|
@ -79,8 +112,7 @@ ok(
|
|||
count(1);
|
||||
|
||||
my $pdata = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'upgrading', 'url' );
|
||||
( $host, $url, $query ) = expectForm( $res, '#', undef, 'upgrading', 'url' );
|
||||
|
||||
$query = $query . "&lmAuth=strong";
|
||||
|
||||
|
@ -89,7 +121,7 @@ $query = $query . "&lmAuth=strong";
|
|||
# -------------------------------------------
|
||||
|
||||
ok(
|
||||
my $res = $client->_post(
|
||||
$res = $client->_post(
|
||||
'/upgradesession',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
|
@ -110,7 +142,7 @@ expectRedirection( $res, 'http://test1.example.com' );
|
|||
|
||||
# Make pdata was cleared and we aren't being redirected
|
||||
ok(
|
||||
my $res = $client->_get(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id;lemonldappdata=$pdata",
|
||||
|
@ -118,7 +150,6 @@ ok(
|
|||
'Post login'
|
||||
);
|
||||
count(1);
|
||||
|
||||
expectOK($res);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
@ -11,7 +11,7 @@ BEGIN {
|
|||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 24;
|
||||
my $maintests = 21;
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $sp, $res );
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -50,11 +50,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
my ( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -96,11 +91,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -147,7 +137,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -173,11 +162,6 @@ SKIP: {
|
|||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
|
||||
or explain(
|
||||
$res->[1],
|
||||
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||
);
|
||||
( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
@ -225,7 +209,6 @@ SKIP: {
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -356,7 +339,6 @@ m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="
|
|||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
@ -377,8 +359,7 @@ m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="
|
|||
$res = $sp->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie =>
|
||||
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
|
||||
cookie => "lemonldap=$spId"
|
||||
),
|
||||
'Test if user is reject on SP'
|
||||
);
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue