dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SAML: map authenticationLevel and authn context

Browse Source
This commit is contained in:
Clément Oudot 2010-04-14 16:22:55 +00:00
parent 799b643949
commit 457430f2f7
2 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
View File

@ -234,22 +234,13 @@ sub issuerForAuthUser {
# TODO Check AuthnRequest conditions
# Convert authentication method into SAML2 string
$authn_context = Lasso::Constants::SAML2_AUTHN_CONTEXT_UNSPECIFIED;
# Map authenticationLevel with SAML2 authentication context
my $authenticationLevel = $self->{sessionInfo}->{authenticationLevel};
if ( $self->get_module('auth') =~ /(LDAP|DBI)/i ) {
if ( $self->https() ) {
$authn_context =
$self->getAuthnContext("password-protected-transport");
}
else {
$authn_context = $self->getAuthnContext("password");
}
}
if ( $self->get_module('auth') =~ /(SSL)/i ) {
$authn_context = $self->getAuthnContext("x509");
}
$authn_context = $self->getAuthnContext("unspecified");
$authn_context = $self->getAuthnContext("password") if ( $authenticationLevel == "2" );
$authn_context = $self->getAuthnContext("password-protected-transport") if ( $authenticationLevel == "3" );
$authn_context = $self->getAuthnContext("x509") if ( $authenticationLevel == "5" );
$self->lmLog( "Authentication context is $authn_context", 'debug' );

2
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
View File

@ -1868,6 +1868,8 @@ sub getAuthnContext {
if ( $context =~ /^password$/i );
return Lasso::Constants::SAML2_AUTHN_CONTEXT_X509
if ( $context =~ /^x509$/i );
return Lasso::Constants::SAML2_AUTHN_CONTEXT_UNSPECIFIED
if ( $context =~ /^unspecified$/i );
return;
}