SAML test skeleton
This commit is contained in:
parent
ea1b78b1e7
commit
46e7e36070
|
@ -10,6 +10,7 @@ lib/Lemonldap/NG/Handler/API/CGI.pm
|
|||
lib/Lemonldap/NG/Handler/API/ExperimentalNginx.pm
|
||||
lib/Lemonldap/NG/Handler/AuthBasic.pm
|
||||
lib/Lemonldap/NG/Handler/CGI.pm
|
||||
lib/Lemonldap/NG/Handler/Lib/AuthBasic.pm
|
||||
lib/Lemonldap/NG/Handler/Main.pm
|
||||
lib/Lemonldap/NG/Handler/Main/Init.pm
|
||||
lib/Lemonldap/NG/Handler/Main/Jail.pm
|
||||
|
|
|
@ -353,6 +353,7 @@ t/26-AuthRemote.t
|
|||
t/27-AuthProxy.t
|
||||
t/28-AuthChoice.t
|
||||
t/29-AuthSSL.t
|
||||
t/30-Auth-and-issuer-SAML.t
|
||||
t/40-Notifications-DBI.t
|
||||
t/50-IssuerGet.t
|
||||
t/90-translations.t
|
||||
|
|
|
@ -34,14 +34,6 @@ BEGIN {
|
|||
}
|
||||
else {
|
||||
eval "use constant GLIB => 1";
|
||||
Glib::Log->set_handler(
|
||||
"Lasso",
|
||||
[qw/ error critical warning message info debug /],
|
||||
sub {
|
||||
$_[0]
|
||||
->lmLog( $_[0] . " error " . $_[1] . ": " . $_[2], 'debug' );
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
# Load Lasso.pm
|
||||
|
@ -99,6 +91,16 @@ sub init {
|
|||
else {
|
||||
$self->lmLog( 'Lasso thin-sessions flag set', 'debug' );
|
||||
}
|
||||
if (GLIB) {
|
||||
Glib::Log->set_handler(
|
||||
"Lasso",
|
||||
[qw/ error critical warning message info debug /],
|
||||
sub {
|
||||
$self->lmLog( $_[0] . " error " . $_[1] . ": " . $_[2],
|
||||
'debug' );
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
# Conf initialization
|
||||
|
||||
|
@ -132,8 +134,7 @@ sub loadService {
|
|||
# Create Lasso server with service metadata
|
||||
my $server = $self->createServer(
|
||||
$service_metadata->serviceToXML(
|
||||
$self->getApacheHtdocsPath() . "/skins/common/saml2-metadata.tpl",
|
||||
$self
|
||||
$self->conf->{templateDir} . "/common/saml2-metadata.tpl", $self->conf
|
||||
),
|
||||
$self->conf->{samlServicePrivateKeySig},
|
||||
$self->conf->{samlServicePrivateKeySigPwd},
|
||||
|
|
432
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML.t
Normal file
432
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML.t
Normal file
|
@ -0,0 +1,432 @@
|
|||
use Test::More;
|
||||
use strict;
|
||||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
my $tests = 0;
|
||||
my $debug = 'error';
|
||||
my $res;
|
||||
|
||||
SKIP: {
|
||||
eval "use Lasso";
|
||||
if ($@) {
|
||||
skip 'Lasso not found', $tests;
|
||||
}
|
||||
my $issuer = issuer();
|
||||
|
||||
#my $sp = sp();
|
||||
}
|
||||
|
||||
count($tests);
|
||||
done_testing( count() );
|
||||
|
||||
sub issuer {
|
||||
return LLNG::Manager::Test->new(
|
||||
{
|
||||
ini => {
|
||||
samlAttributeAuthorityDescriptorAttributeServiceSOAP => '',
|
||||
logLevel => $debug,
|
||||
domain => 'idp.com',
|
||||
portal => 'auth.idp.com',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Demo',
|
||||
issuerDBSAMLActivation => "1",
|
||||
samlAttributeAuthorityDescriptorAttributeServiceSOAP =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||
samlAuthnContextMapKerberos => 4,
|
||||
samlAuthnContextMapPassword => 2,
|
||||
samlAuthnContextMapPasswordProtectedTransport => 3,
|
||||
samlAuthnContextMapTLSClient => 5,
|
||||
samlCommonDomainCookieActivation => 0,
|
||||
samlEntityID => '#PORTAL#/saml/metadata',
|
||||
samlIDPMetaDataExportedAttributes => {},
|
||||
samlIDPMetaDataOptionsAdaptSessionUtime => 0,
|
||||
samlIDPMetaDataOptionsAllowLoginFromIDP => 0,
|
||||
samlIDPMetaDataOptionsAllowProxiedAuthn => 0,
|
||||
samlIDPMetaDataOptionsCheckAudience => 1,
|
||||
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
|
||||
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
|
||||
samlIDPMetaDataOptionsCheckTime => 1,
|
||||
samlIDPMetaDataOptionsEncryptionMode => 'none',
|
||||
samlIDPMetaDataOptionsForceAuthn => 0,
|
||||
samlIDPMetaDataOptionsForceUTF8 => 0,
|
||||
samlIDPMetaDataOptionsIsPassive => 0,
|
||||
samlIDPMetaDataOptionsNameIDFormat => '',
|
||||
samlIDPMetaDataOptionsRelayStateURL => 0,
|
||||
samlIDPMetaDataOptionsRequestedAuthnContext => '',
|
||||
samlIDPMetaDataOptionsResolutionRule => '',
|
||||
samlIDPMetaDataOptionsSignSLOMessage => -1,
|
||||
samlIDPMetaDataOptionsSignSSOMessage => -1,
|
||||
samlIDPMetaDataOptionsSLOBinding => '',
|
||||
samlIDPMetaDataOptionsSSOBinding => '',
|
||||
samlIDPMetaDataOptionsStoreSAMLToken => 0,
|
||||
samlIdPResolveCookie => 'lemonldapidp',
|
||||
samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
|
||||
samlIDPSSODescriptorSingleLogoutServiceHTTPPost =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
|
||||
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
|
||||
samlIDPSSODescriptorSingleLogoutServiceSOAP =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPPost =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
|
||||
samlIDPSSODescriptorSingleSignOnServiceSOAP =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;',
|
||||
samlIDPSSODescriptorWantAuthnRequestsSigned => 1,
|
||||
samlMetadataForceUTF8 => 1,
|
||||
samlNameIDFormatMapEmail => 'mail',
|
||||
samlNameIDFormatMapKerberos => 'uid',
|
||||
samlNameIDFormatMapWindows => 'uid',
|
||||
samlNameIDFormatMapX509 => 'mail',
|
||||
samlRelayStateTimeout => 600,
|
||||
samlServiceUseCertificateInResponse => 0,
|
||||
samlSPMetaDataExportedAttributes => {},
|
||||
samlSPMetaDataOptions => {
|
||||
'sp.com' => {
|
||||
samlSPMetaDataOptionsEncryptionMode => 'none',
|
||||
}
|
||||
},
|
||||
samlSPMetaDataOptionsCheckSLOMessageSignature => 1,
|
||||
samlSPMetaDataOptionsCheckSSOMessageSignature => 1,
|
||||
samlSPMetaDataOptionsEnableIDPInitiatedURL => 0,
|
||||
samlSPMetaDataOptionsEncryptionMode => 'none',
|
||||
samlSPMetaDataOptionsForceUTF8 => 1,
|
||||
samlSPMetaDataOptionsNameIDFormat => '',
|
||||
samlSPMetaDataOptionsNotOnOrAfterTimeout => 72000,
|
||||
samlSPMetaDataOptionsOneTimeUse => 0,
|
||||
samlSPMetaDataOptionsSessionNotOnOrAfterTimeout => 72000,
|
||||
samlSPMetaDataOptionsSignSLOMessage => -1,
|
||||
samlSPMetaDataOptionsSignSSOMessage => -1,
|
||||
samlSPSSODescriptorArtifactResolutionServiceArtifact =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
|
||||
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
|
||||
samlSPSSODescriptorAssertionConsumerServiceHTTPPost =>
|
||||
'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
|
||||
samlSPSSODescriptorAuthnRequestsSigned => 1,
|
||||
samlSPSSODescriptorSingleLogoutServiceHTTPPost =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
|
||||
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
|
||||
samlSPSSODescriptorSingleLogoutServiceSOAP =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
|
||||
samlSPSSODescriptorWantAssertionsSigned => 1,
|
||||
samlUseQueryStringSpecific => 0,
|
||||
|
||||
samlOrganizationDisplayName => "IDP",
|
||||
samlOrganizationName => "IDP",
|
||||
samlOrganizationURL => "https://www.idp.com/",
|
||||
samlServicePrivateKeyEnc => "-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAnfKBDG/K0TnGT7Xu8q1N45sNWvIK91SqNg8nvN2uVeKoHADT
|
||||
csus5Xn3id5+8Q9TuMFsW9kIEeXiaPKXQa9ryfSNDhWDWloNkpGEeWif2BnHUu46
|
||||
Abu1UBWb0mH6VwcG1PR4qHruLis1odjQ1qnVDNfSEASVIppEBYjDX203ypmURIzU
|
||||
6h53GRRRlf1BLWkbVn9ysmDeR57Xw5Rsx/+tBlcnMrkv/40DSUkehQIl2JmlFrl2
|
||||
Caik+gU4pd20apA/pNLjBZF0OmGoS08AIR5NMd0KFa6CwZUUSHJqH5GFy5Y2yl4l
|
||||
g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQIDAQABAoIBAHnfqjX3eO8SfnP5
|
||||
NURp90Td2mNHirCn0qLd9NKl1ySMPR1GgeH9SQ7Umu32EcteAUL5dOw2PiTZVmeW
|
||||
cKINgsWVftXUQcOQ4xIqWKb51QUBdy0FhxrZRSFjWxXt5iYK1PmzHfsax/g1/S9C
|
||||
RnqtFyjOy1bywkSt9jiy+9YBR2B7BDhLHlILbijWn5zaecaV4YA+L1UK4M/mehdb
|
||||
+0FVPavbGpnlqBRTY+7YXfZ/mRPCfn5DvO9lW1O0pJMmNdBh9kmm3DxHf6AkK47a
|
||||
43gO/dRWiWo2rZ/+Jw7uyqOb23U0MydP7kia0p3tzCUBPsrlgnichYG5RNFp0wqy
|
||||
3VT1TYECgYEA0Y9vENy1jJd+s7WbGrsRtSKxfZgtJr0yjSlQVYrIlwbZSGn+ndxq
|
||||
V2vVlwIgLX3pz6T40BMfk6SNx08jjy0Sgn6OAM0ILrinno8yWcSAMCmfCU0S/3O1
|
||||
55bqtcnk4XTHBHzJ5OrnrPaW5ourvJz0lcWEKMg3BXxLzaF6ZRy85nECgYEAwPMD
|
||||
LNAKLCDrUMyYFOpPyPLe7wvszcFvPipGgerSgFP1c6N7xaMUdHDYqBfuis1khPGF
|
||||
YcMHeNBYmzX6yEGbp3lrB4PHpUySmTU3mv3u9I05aahInK21gXum3uRkCWyyIF6V
|
||||
T/qeszl9mVOCp0CC4eG3IMVpaD0UKDEHVhERYCkCgYAjuTPRyA4a3Wh38ilysRkf
|
||||
q75eDqcDx5Tqg3RyYKo5NK2troP9HSnzpSpQB8i8eI53G0RfFCN5479XjqIdMi3J
|
||||
mRFUCZ+vd0L7wKVwsBK6Ix49U6o9adhElnGEc9pUpLeYiD1SjMjZr1+iBYVNLeRz
|
||||
86vH1/mpMbsqXrCis/dvwQKBgGttomHr/w3s0jftget7PirrFrbP0+wHfDGHhjRF
|
||||
kyhCFtJovrwefYALaIXGtVjw3LusYZA570oT7pGUb2naJZkMYEwR0jG1vZWx7KDO
|
||||
K6JbkxDB0pPxn7JVL2bAkPYyX8boAohCSOQO6WBZ/8+xem3bp4OGhpa0EyoBik0g
|
||||
OaVpAoGATj4SyYsE10hGT676iie8zy3fi5IPC3E+x4QlVuusaLtuY8LJA50stjtx
|
||||
gUa/JAKlZZL+gvzvOviQIxyfIChXOdTt5uiOYkdHJDbAF3NSrji7hrXq4v8UZv75
|
||||
8hBrwJZIpy6y01dRlrriHmPRtEq1pk7JX2uUg0sP5g4BEcsaCbc=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
",
|
||||
samlServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAtR/wgDqWB4Maho5V6TjcL/NbNfjgIh7GcgkrB5RZcVT1GTej
|
||||
JlMjUQdgBKBuZXQN+7/29P6UcGq1kYalURq6S8SpeJ1ofp5rBEoD/TIkvU0JOcid
|
||||
65wp+fdzXGXsfiZvHraU74jSCgjP/wqfVGRyBIQzB0SIxSpnrsigqNsE1E94toDM
|
||||
x4wovjHu/9ABAImREV7Sz83OeFF00/sghrjTEJOD/gHf04JCn9MgNOqvSTysr9LX
|
||||
Wg/oUKQDEYeTq9ux6pq/oqv1MxwONbSZPtN5yD41mi+hT8Rh+W8Je8rsiML4VMxz
|
||||
sb1l9303asw6suo5bLTISKNSbu1nt1NkpNxzywIDAQABAoIBAQCQkbvPPfP+bwC/
|
||||
IeEk1IO7qkzFWa7czR+safD0jc6OjTdNN4F716Q6yt4zEzLKu8VliiW+C23EBQiD
|
||||
7asKf4DvdTun0ExVtHDK7aEdeealSlXwz1ZtdypyILbtq1UGo/rR0v4x601rQPl0
|
||||
IrBmFf6D6FkqleNtLJmxguXpoVfLdYKNwkxH2ux+GOA9r2o5pUCQmJGDap5YWRuQ
|
||||
uB71ewJjVWujaL3e1ac/5cP7/tqWmgAiOaN8sYdD6+oWOR47bHj8JKcMBSl4y2QC
|
||||
dL31cGmmf5KqBbtISki3RXfHHjT7E3Z85CbESkKTZlEb1ar3XmepY6Z7V5UO16oz
|
||||
fFE5R6khAoGBAOl9Qb+qYVVO5ugE65ORjYVeuXykANhM9ssiY5a6zuAakWzw7Zv3
|
||||
k6PXm9p7azlEXAlTnTXVwHYMyuuzZDvQ8LRV1iBOdPuIkUAmaQ5K9ASD7VcoHexh
|
||||
k8DAKf9Ln7sTRaMdvgceRNczOmJOBIEpTZkssA/jVGXZsoyTWYl1en/ZAoGBAMaW
|
||||
RnNbSNprEV2b8UeAJ6i77c4SXwu1I8X2NLtiLScb1ETBjfrdHmdlJglfyd/0gmhH
|
||||
p/43Ku2iGUoY5KtuOI6QmahrJYQscRQhoj252VXadG6fNWWAlpgdCm9houhHb5BF
|
||||
3zge/bTr0anUe9EA7Z/ymav12rEouoNjIlhI9C5DAoGATR85a2SMt8/TB0owwdJu
|
||||
62GpZNkLCmcJkXkvaecUVAOSi2hdI4o4MwMRkK35cbX5rH74y4JqCtQY5pefgP53
|
||||
sykzDAK+MyMdzxGg2764MRGegI5Yq+5jDmSquo+xF+q6srEtRk6iMG7UVwosBLmu
|
||||
zuxqzySoiOfKSRKWnYe3SakCgYEAwWMkVkAmETXE4oDzFSsS8/mW2l//mPocTTK3
|
||||
JWe1CunJ6+8FYbAlZJEW2ngismp8+CoXybNVpbZ+pC7buKoMf6EHUgCNt0pEEFO0
|
||||
mCG9KSMk0XlPWXpArP9S4yaUq1itpzSz7QYZES+4rIcU0HLz9RgeWFyCTJWaFErc
|
||||
7laVG9sCgYBKOtk5WlIOP4BxSd2y4cYzohgwTZIs1/2kTEn1u4eH73M1xvAlHHFB
|
||||
wSF5QXgDKJ8pPAOhNWpdLO/PdtnQn91nOvTNc+ShJZzjdbneUdQVpWpoBf72uA+N
|
||||
6rIVf1JBUL2p7HFHaGdUZC7KGQ+yv6ZHrE1+7202nuDvJdvGEEdFsQ==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
",
|
||||
samlServicePublicKeyEnc => "-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfKBDG/K0TnGT7Xu8q1N
|
||||
45sNWvIK91SqNg8nvN2uVeKoHADTcsus5Xn3id5+8Q9TuMFsW9kIEeXiaPKXQa9r
|
||||
yfSNDhWDWloNkpGEeWif2BnHUu46Abu1UBWb0mH6VwcG1PR4qHruLis1odjQ1qnV
|
||||
DNfSEASVIppEBYjDX203ypmURIzU6h53GRRRlf1BLWkbVn9ysmDeR57Xw5Rsx/+t
|
||||
BlcnMrkv/40DSUkehQIl2JmlFrl2Caik+gU4pd20apA/pNLjBZF0OmGoS08AIR5N
|
||||
Md0KFa6CwZUUSHJqH5GFy5Y2yl4lg8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxI
|
||||
GQIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
",
|
||||
samlServicePublicKeySig => "-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR/wgDqWB4Maho5V6Tjc
|
||||
L/NbNfjgIh7GcgkrB5RZcVT1GTejJlMjUQdgBKBuZXQN+7/29P6UcGq1kYalURq6
|
||||
S8SpeJ1ofp5rBEoD/TIkvU0JOcid65wp+fdzXGXsfiZvHraU74jSCgjP/wqfVGRy
|
||||
BIQzB0SIxSpnrsigqNsE1E94toDMx4wovjHu/9ABAImREV7Sz83OeFF00/sghrjT
|
||||
EJOD/gHf04JCn9MgNOqvSTysr9LXWg/oUKQDEYeTq9ux6pq/oqv1MxwONbSZPtN5
|
||||
yD41mi+hT8Rh+W8Je8rsiML4VMxzsb1l9303asw6suo5bLTISKNSbu1nt1NkpNxz
|
||||
ywIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
",
|
||||
samlSPMetaDataXML => {
|
||||
"sp.com" => {
|
||||
samlSPMetaDataXML => "<?xml version=\"1.0\"?>
|
||||
<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"
|
||||
xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"
|
||||
xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"
|
||||
entityID=\"http://auth.sp.com/saml/metadata\">
|
||||
<IDPSSODescriptor
|
||||
WantAuthnRequestsSigned=\"true\"
|
||||
protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
|
||||
<KeyDescriptor use=\"signing\">
|
||||
<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<ds:KeyValue>
|
||||
<RSAKeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<Modulus>u4iToYAEmWQxgZDihGVzMMql1elPn37domWcvXeU2E4yt2hh5jkQHiFjgodfOlNeRIw5QJVlUBwr
|
||||
+CQvbaKRFXd7BrOhQIDC0TZPRVB0XHarUtsCuDekN4/2GKSzHsoToKUVPWq9thsuek3xkpsJGZNX
|
||||
7bglfEc9+QQpYTqN1rkdN1PVU0epNMokFFGho5pLRqLUV5+I/QXAL49jfTjaSxsp4UndTI8/+mGS
|
||||
RSq+nrT2zyQRM/vkj5vR9ZVz67HO/+Wk3Mx6RAwkVcMdgMAqCq8odmbI0yCRZiTL9ybKWRKqWJoK
|
||||
J0p5+Q2fPEBPupQZR09Jt/JPuLVSsGfCxi9Nqw==
|
||||
</Modulus>
|
||||
<Exponent>AQAB
|
||||
</Exponent>
|
||||
</RSAKeyValue>
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<KeyDescriptor use=\"encryption\">
|
||||
<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<ds:KeyValue>
|
||||
<RSAKeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<Modulus>sRaod2RZ8hMFBl+VhsnhyPM8l/Fj1obnBxfQIaWuHFIFfXiGe/CYHuZ5QJQLnZxHMJX6LL3Sh+Us
|
||||
og3p0jpijpcg0QgfBSEkfopKTgReYN8DiDIll0rV1XdTni7E85Nd1YyNy3ui/ZD+UShWwqu6jLVL
|
||||
R+QUm+/1LIKYb3OCBTvOlY7xHoP6NSU1+Mr+YzGBUacdO2vnNxe/PQhxIeP1zO0njuqGHkwEpy8r
|
||||
UWRZbbDn31TmKjqlhgtsz5HPhbRaYEExhyepKgBiNz+RyxtYXVhuG8OrWQDoS5gYHSjdw1CTJyix
|
||||
eJwyoqA9RGYguG5nh9zndi3LWAh7Z0lx+tIz+w==
|
||||
</Modulus>
|
||||
<Exponent>AQAB
|
||||
</Exponent>
|
||||
</RSAKeyValue>
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<ArtifactResolutionService
|
||||
isDefault=\"true\"
|
||||
index=\"0\"
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"
|
||||
Location=\"http://auth.sp.com/saml/artifact\" />
|
||||
<SingleLogoutService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"
|
||||
Location=\"http://auth.sp.com/saml/singleLogoutSOAP\" />
|
||||
<SingleLogoutService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"
|
||||
Location=\"http://auth.sp.com/saml/singleLogout\"
|
||||
|
||||
ResponseLocation=\"http://auth.sp.com/saml/singleLogoutReturn\"
|
||||
/>
|
||||
<SingleLogoutService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"
|
||||
Location=\"http://auth.sp.com/saml/singleLogout\"
|
||||
|
||||
ResponseLocation=\"http://auth.sp.com/saml/singleLogoutReturn\"
|
||||
/>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||
<SingleSignOnService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"
|
||||
Location=\"http://auth.sp.com/saml/singleSignOn\"
|
||||
/>
|
||||
<SingleSignOnService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"
|
||||
Location=\"http://auth.sp.com/saml/singleSignOn\"
|
||||
/>
|
||||
<SingleSignOnService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"
|
||||
Location=\"http://auth.sp.com/saml/singleSignOnArtifact\"
|
||||
/>
|
||||
<SingleSignOnService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"
|
||||
Location=\"http://auth.sp.com/saml/singleSignOnSOAP\" />
|
||||
</IDPSSODescriptor>
|
||||
|
||||
<SPSSODescriptor
|
||||
AuthnRequestsSigned=\"true\"
|
||||
WantAssertionsSigned=\"true\"
|
||||
protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
|
||||
<KeyDescriptor use=\"signing\">
|
||||
<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<ds:KeyValue>
|
||||
<RSAKeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<Modulus>u4iToYAEmWQxgZDihGVzMMql1elPn37domWcvXeU2E4yt2hh5jkQHiFjgodfOlNeRIw5QJVlUBwr
|
||||
+CQvbaKRFXd7BrOhQIDC0TZPRVB0XHarUtsCuDekN4/2GKSzHsoToKUVPWq9thsuek3xkpsJGZNX
|
||||
7bglfEc9+QQpYTqN1rkdN1PVU0epNMokFFGho5pLRqLUV5+I/QXAL49jfTjaSxsp4UndTI8/+mGS
|
||||
RSq+nrT2zyQRM/vkj5vR9ZVz67HO/+Wk3Mx6RAwkVcMdgMAqCq8odmbI0yCRZiTL9ybKWRKqWJoK
|
||||
J0p5+Q2fPEBPupQZR09Jt/JPuLVSsGfCxi9Nqw==
|
||||
</Modulus>
|
||||
<Exponent>AQAB
|
||||
</Exponent>
|
||||
</RSAKeyValue>
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<KeyDescriptor use=\"encryption\">
|
||||
<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<ds:KeyValue>
|
||||
<RSAKeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<Modulus>sRaod2RZ8hMFBl+VhsnhyPM8l/Fj1obnBxfQIaWuHFIFfXiGe/CYHuZ5QJQLnZxHMJX6LL3Sh+Us
|
||||
og3p0jpijpcg0QgfBSEkfopKTgReYN8DiDIll0rV1XdTni7E85Nd1YyNy3ui/ZD+UShWwqu6jLVL
|
||||
R+QUm+/1LIKYb3OCBTvOlY7xHoP6NSU1+Mr+YzGBUacdO2vnNxe/PQhxIeP1zO0njuqGHkwEpy8r
|
||||
UWRZbbDn31TmKjqlhgtsz5HPhbRaYEExhyepKgBiNz+RyxtYXVhuG8OrWQDoS5gYHSjdw1CTJyix
|
||||
eJwyoqA9RGYguG5nh9zndi3LWAh7Z0lx+tIz+w==
|
||||
</Modulus>
|
||||
<Exponent>AQAB
|
||||
</Exponent>
|
||||
</RSAKeyValue>
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<ArtifactResolutionService
|
||||
isDefault=\"true\"
|
||||
index=\"0\"
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"
|
||||
Location=\"http://auth.sp.com/saml/artifact\" />
|
||||
<SingleLogoutService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"
|
||||
Location=\"http://auth.sp.com/saml/proxySingleLogoutSOAP\" />
|
||||
<SingleLogoutService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"
|
||||
Location=\"http://auth.sp.com/saml/proxySingleLogout\"
|
||||
|
||||
ResponseLocation=\"http://auth.sp.com/saml/proxySingleLogoutReturn\"
|
||||
/>
|
||||
<SingleLogoutService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"
|
||||
Location=\"http://auth.sp.com/saml/proxySingleLogout\"
|
||||
|
||||
ResponseLocation=\"http://auth.sp.com/saml/proxySingleLogoutReturn\"
|
||||
/>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||
<AssertionConsumerService
|
||||
isDefault=\"true\"
|
||||
index=\"0\"
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"
|
||||
Location=\"http://auth.sp.com/saml/proxySingleSignOnArtifact\" />
|
||||
<AssertionConsumerService
|
||||
isDefault=\"false\"
|
||||
index=\"1\"
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"
|
||||
Location=\"http://auth.sp.com/saml/proxySingleSignOnPost\" />
|
||||
</SPSSODescriptor>
|
||||
|
||||
<AttributeAuthorityDescriptor
|
||||
protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
|
||||
<KeyDescriptor use=\"signing\">
|
||||
<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<ds:KeyValue>
|
||||
<RSAKeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<Modulus>u4iToYAEmWQxgZDihGVzMMql1elPn37domWcvXeU2E4yt2hh5jkQHiFjgodfOlNeRIw5QJVlUBwr
|
||||
+CQvbaKRFXd7BrOhQIDC0TZPRVB0XHarUtsCuDekN4/2GKSzHsoToKUVPWq9thsuek3xkpsJGZNX
|
||||
7bglfEc9+QQpYTqN1rkdN1PVU0epNMokFFGho5pLRqLUV5+I/QXAL49jfTjaSxsp4UndTI8/+mGS
|
||||
RSq+nrT2zyQRM/vkj5vR9ZVz67HO/+Wk3Mx6RAwkVcMdgMAqCq8odmbI0yCRZiTL9ybKWRKqWJoK
|
||||
J0p5+Q2fPEBPupQZR09Jt/JPuLVSsGfCxi9Nqw==
|
||||
</Modulus>
|
||||
<Exponent>AQAB
|
||||
</Exponent>
|
||||
</RSAKeyValue>
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<KeyDescriptor use=\"encryption\">
|
||||
<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<ds:KeyValue>
|
||||
<RSAKeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\">
|
||||
<Modulus>sRaod2RZ8hMFBl+VhsnhyPM8l/Fj1obnBxfQIaWuHFIFfXiGe/CYHuZ5QJQLnZxHMJX6LL3Sh+Us
|
||||
og3p0jpijpcg0QgfBSEkfopKTgReYN8DiDIll0rV1XdTni7E85Nd1YyNy3ui/ZD+UShWwqu6jLVL
|
||||
R+QUm+/1LIKYb3OCBTvOlY7xHoP6NSU1+Mr+YzGBUacdO2vnNxe/PQhxIeP1zO0njuqGHkwEpy8r
|
||||
UWRZbbDn31TmKjqlhgtsz5HPhbRaYEExhyepKgBiNz+RyxtYXVhuG8OrWQDoS5gYHSjdw1CTJyix
|
||||
eJwyoqA9RGYguG5nh9zndi3LWAh7Z0lx+tIz+w==
|
||||
</Modulus>
|
||||
<Exponent>AQAB
|
||||
</Exponent>
|
||||
</RSAKeyValue>
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<AttributeService
|
||||
Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"
|
||||
Location=\"http://auth.sp.com/saml/AA/SOAP\"/>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||
</AttributeAuthorityDescriptor>
|
||||
|
||||
<Organization>
|
||||
<OrganizationName xml:lang=\"en\">Example</OrganizationName>
|
||||
<OrganizationDisplayName xml:lang=\"en\">Example</OrganizationDisplayName>
|
||||
<OrganizationURL xml:lang=\"en\">http://www.sp.com</OrganizationURL>
|
||||
</Organization>
|
||||
|
||||
</EntityDescriptor>
|
||||
"
|
||||
},
|
||||
},
|
||||
samlStorageOptions => {},
|
||||
userPivot => "uid",
|
||||
}
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
sub sp {
|
||||
return LLNG::Manager::Test->new(
|
||||
{
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
domain => 'sp.com',
|
||||
authentication => 'SAML',
|
||||
userDB => 'SAML',
|
||||
}
|
||||
}
|
||||
);
|
||||
}
|
Loading…
Reference in New Issue
Block a user