From 457430f2f71d80ddbfb37e7af26314c383318268 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Wed, 14 Apr 2010 16:22:55 +0000
Subject: [PATCH] SAML: map authenticationLevel and authn context

---
 .../lib/Lemonldap/NG/Portal/IssuerDBSAML.pm   | 21 ++++++-------------
 .../lib/Lemonldap/NG/Portal/_SAML.pm          |  2 ++
 2 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
index 7d817510b..914fd26c5 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
@@ -234,22 +234,13 @@ sub issuerForAuthUser {
 
             # TODO Check AuthnRequest conditions
 
-            # Convert authentication method into SAML2 string
-            $authn_context = Lasso::Constants::SAML2_AUTHN_CONTEXT_UNSPECIFIED;
+            # Map authenticationLevel with SAML2 authentication context
+	    my $authenticationLevel = $self->{sessionInfo}->{authenticationLevel};
 
-            if ( $self->get_module('auth') =~ /(LDAP|DBI)/i ) {
-                if ( $self->https() ) {
-                    $authn_context =
-                      $self->getAuthnContext("password-protected-transport");
-                }
-                else {
-                    $authn_context = $self->getAuthnContext("password");
-                }
-            }
-
-            if ( $self->get_module('auth') =~ /(SSL)/i ) {
-                $authn_context = $self->getAuthnContext("x509");
-            }
+            $authn_context = $self->getAuthnContext("unspecified");
+            $authn_context = $self->getAuthnContext("password") if ( $authenticationLevel == "2" );
+            $authn_context = $self->getAuthnContext("password-protected-transport") if ( $authenticationLevel == "3" );
+            $authn_context = $self->getAuthnContext("x509") if ( $authenticationLevel == "5" );
 
             $self->lmLog( "Authentication context is $authn_context", 'debug' );
 
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
index dda3428a5..7e3b0925e 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
@@ -1868,6 +1868,8 @@ sub getAuthnContext {
       if ( $context =~ /^password$/i );
     return Lasso::Constants::SAML2_AUTHN_CONTEXT_X509
       if ( $context =~ /^x509$/i );
+    return Lasso::Constants::SAML2_AUTHN_CONTEXT_UNSPECIFIED
+      if ( $context =~ /^unspecified$/i );
 
     return;
 }