dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CAS in progress (#595)

Browse Source
This commit is contained in:
Xavier Guimard 2016-12-22 08:40:50 +00:00
parent d01e3472ff
commit 5ac69452df
11 changed files with 60 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm
View File

@ -110,6 +110,7 @@ sub authenticate {
# calculating remaining time before password expiration # calculating remaining time before password expiration
my $remainingTime = $_pwdExpire - $timestamp; my $remainingTime = $_pwdExpire - $timestamp;
$self->info( $self->info(
$req,
"<h3>" "<h3>"
. sprintf( . sprintf(
$self->msg(PM_PP_EXP_WARNING), $self->msg(PM_PP_EXP_WARNING),

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
View File

@ -53,7 +53,7 @@ sub extractFormInfo {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
# Local URL # Local URL
my $local_url = $self->conf->{portal} . $req->uri; my $local_url = $self->p->fullUrl($req);
# Add request state parameters # Add request state parameters
if ( $req->datas->{_url} ) { if ( $req->datas->{_url} ) {
@ -82,7 +82,7 @@ sub extractFormInfo {
if ( $self->proxy ) { if ( $self->proxy ) {
$self->lmLog( "CAS: Proxy mode activated", 'debug' ); $self->lmLog( "CAS: Proxy mode activated", 'debug' );
my $proxy_url = $req->uri . '?casProxy=1'; my $proxy_url = $self->p->fullUrl($req) . '?casProxy=1';
if ( my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) { if ( my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) {
$proxy_url .= '&' . $self->conf->{authChoiceParam} . "=$tmp"; $proxy_url .= '&' . $self->conf->{authChoiceParam} . "=$tmp";
@ -198,7 +198,8 @@ sub authLogout {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
# Build CAS logout URL # Build CAS logout URL
my $logout_url = $self->cas->getServerLogoutURL( $req->uri ); my $logout_url =
$self->cas->getServerLogoutURL( uri_escape( $self->p->fullUrl($req) ) );
$self->lmLog( "Build CAS logout URL: $logout_url", 'debug' ); $self->lmLog( "Build CAS logout URL: $logout_url", 'debug' );

8
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
View File

@ -214,10 +214,11 @@ sub run {
# Display a link to the provided URL # Display a link to the provided URL
$self->lmLog( "Logout URL $logout_url will be displayed", 'debug' ); $self->lmLog( "Logout URL $logout_url will be displayed", 'debug' );
$self->info( $self->info( $req,
'<h3 trmsg="back2CasUrl">The application you just logged out of has provided a link it would like you to follow</h3>' '<h3 trmsg="back2CasUrl">The application you just logged out of has provided a link it would like you to follow</h3>'
); );
$self->info("<p><a href=\"$logout_url\">$logout_url</a></p>"); $self->info( $req,
"<p><a href=\"$logout_url\">$logout_url</a></p>" );
$self->{activeTimer} = 0; $self->{activeTimer} = 0;
return PE_CONFIRM; return PE_CONFIRM;
@ -397,7 +398,8 @@ sub validate {
# Get username # Get username
my $username = my $username =
$localSession->data->{ $self->conf->{casAttr} || $self->conf->{whatToTrace} }; $localSession->data->{ $self->conf->{casAttr}
|| $self->conf->{whatToTrace} };
$self->lmLog( "Get username $username", 'debug' ); $self->lmLog( "Get username $username", 'debug' );

8
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
View File

@ -79,6 +79,7 @@ qr/^($saml_slo_get_url|$saml_slo_get_url_ret|$saml_slo_post_url|$saml_slo_post_u
# Required to manage SLO in Proxy mode # Required to manage SLO in Proxy mode
and $self->loadIDPs() and $self->loadIDPs()
); );
# SOAP routes (access without authentication) # SOAP routes (access without authentication)
$self->addRouteFromMetaDataURL( $self->addRouteFromMetaDataURL(
'samlIDPSSODescriptorArtifactResolutionServiceArtifact', 'samlIDPSSODescriptorArtifactResolutionServiceArtifact',
@ -865,10 +866,9 @@ sub run {
. " width=\"0\" height=\"0\" frameborder=\"0\">" . " width=\"0\" height=\"0\" frameborder=\"0\">"
. "</iframe>"; . "</iframe>";
# TODO: replace this $self->info( $req,
#$self->info( "<h3>" . $self->msg(PM_CDC_WRITER) . "</h3>" ); '<h3 trspan="updateCdc">Update Common Domain Cookie</h3>'
. $cdc_iframe );
$self->info( $req, $cdc_iframe );
} }
# HTTP-REDIRECT # HTTP-REDIRECT

12
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
View File

@ -206,13 +206,17 @@ sub userBind {
if ( $resp->grace_authentications_remaining ) { if ( $resp->grace_authentications_remaining ) {
# TODO # TODO
$self->{portal}->info( "<h3>" $self->{portal}->info( $req,
. $resp->grace_authentications_remaining . " " '<h3>'
. $self->{portal}->msg(PM_PP_GRACE) . $resp->grace_authentications_remaining
. "</h3>" ); . ' <span trmsg="ppGrace">authentications remaining, change your password!</span></h3>'
);
} }
if ( $resp->time_before_expiration ) { if ( $resp->time_before_expiration ) {
die 'TODO: change this by JS conversion';
$self->{portal}->info( $self->{portal}->info(
$req,
"<h3>" "<h3>"
. sprintf( . sprintf(
$self->{portal}->msg(PM_PP_EXP_WARNING), $self->{portal}->msg(PM_PP_EXP_WARNING),

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
View File

@ -8,7 +8,6 @@ use constant {
# Portal errors # Portal errors
# Developers warning, do not use PE_INFO, it's reserved to autoRedirect. # Developers warning, do not use PE_INFO, it's reserved to autoRedirect.
# If you want to send an information, use $self->info('text').
PE_SENDRESPONSE => -4, PE_SENDRESPONSE => -4,
PE_INFO => -3, PE_INFO => -3,
PE_REDIRECT => -2, PE_REDIRECT => -2,

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
View File

@ -145,7 +145,7 @@ sub deleteSession {
$self->lmLog( "Create iFrames to forward logout to services", 'debug' ); $self->lmLog( "Create iFrames to forward logout to services", 'debug' );
$self->info('<h3 trmsg="logoutFromOtherApp"></h3>'); $self->info( $req, '<h3 trmsg="logoutFromOtherApp"></h3>' );
foreach ( keys %{ $req->datas->{logoutServices} } ) { foreach ( keys %{ $req->datas->{logoutServices} } ) {
my $logoutServiceName = $_; my $logoutServiceName = $_;
@ -153,7 +153,7 @@ sub deleteSession {
$req->datas->{logoutServices}->{$logoutServiceName}; $req->datas->{logoutServices}->{$logoutServiceName};
$self->lmLog( $self->lmLog(
"Find lo#gout service $logoutServiceName ($logoutServiceUrl)", "Find logout service $logoutServiceName ($logoutServiceUrl)",
'debug' 'debug'
); );
@ -165,11 +165,12 @@ sub deleteSession {
. " width=\"0\" height=\"0\" frameborder=\"0\">" . " width=\"0\" height=\"0\" frameborder=\"0\">"
. "</iframe>"; . "</iframe>";
$self->info($iframe); $self->info( $req, $iframe );
} }
# Redirect on logout page if no other target defined # Redirect on logout page if no other target defined
if ( !$req->urldc and !$req->postUrl ) { if ( !$req->urldc and !$req->postUrl ) {
$self->lmLog('No other target defined, redirect on logout','debug');
$req->urldc( $req->scriptname . "?logout=1" ); $req->urldc( $req->scriptname . "?logout=1" );
} }
} }

8
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -164,6 +164,7 @@ sub do {
or ( $err == PE_REDIRECT or ( $err == PE_REDIRECT
and $req->datas->{redirectFormMethod} and $req->datas->{redirectFormMethod}
and $req->datas->{redirectFormMethod} eq 'post' ) and $req->datas->{redirectFormMethod} eq 'post' )
or ( $err == PE_REDIRECT and $req->info )
) )
) )
{ {
@ -590,4 +591,11 @@ sub info {
return $req->info($info); return $req->info($info);
} }
sub fullUrl {
my ( $self, $req ) = @_;
my $pHost = $self->conf->{portal};
$pHost =~ s#^(https?://[^/]+)(?:/.*)?$#$1#;
return $pHost . $req->uri;
}
1; 1;

2
lemonldap-ng-portal/site/htdocs/static/languages/en.json
View File

@ -167,6 +167,7 @@
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.", "openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSSOSession":"Open your SSO session", "openSSOSession":"Open your SSO session",
"password": "Password", "password": "Password",
"ppGrace": "authentications remaining, change your password!",
"pwdChanged":"Your password was changed.", "pwdChanged":"Your password was changed.",
"pwdChange":"Password change", "pwdChange":"Password change",
"pwdIs":"Your password is", "pwdIs":"Your password is",
@ -188,6 +189,7 @@
"serviceProvidedBy":"Service provided by", "serviceProvidedBy":"Service provided by",
"SSOSessionInactive":"SSO session inactive", "SSOSessionInactive":"SSO session inactive",
"submit":"Submit", "submit":"Submit",
"updateCdc": "Update Common Domain Cookie",
"user":"User", "user":"User",
"useYubikey":"use your Yubikey", "useYubikey":"use your Yubikey",
"wait":"Wait", "wait":"Wait",

2
lemonldap-ng-portal/site/htdocs/static/languages/fr.json
View File

@ -167,6 +167,7 @@
"openSessionSpace":"Cet espace vous permet d'ouvrir une session SSO. Celle-ci vous aidera à accéder de manière totalement sécurisée à l'ensemble des applications autorisées par votre profil utilisateur.", "openSessionSpace":"Cet espace vous permet d'ouvrir une session SSO. Celle-ci vous aidera à accéder de manière totalement sécurisée à l'ensemble des applications autorisées par votre profil utilisateur.",
"openSSOSession":"Ouvrir une session SSO", "openSSOSession":"Ouvrir une session SSO",
"password": "Mot-de-passe", "password": "Mot-de-passe",
"ppGrace": "authentifications restantes, changez votre mot de passe !",
"pwdChange":"Changement de mot de passe", "pwdChange":"Changement de mot de passe",
"pwdChanged":"Votre mot de passe a été changé.", "pwdChanged":"Votre mot de passe a été changé.",
"pwdIs":"Votre mot de passe est", "pwdIs":"Votre mot de passe est",
@ -188,6 +189,7 @@
"serviceProvidedBy":"Ce service est fourni par", "serviceProvidedBy":"Ce service est fourni par",
"SSOSessionInactive":"Session SSO inactive", "SSOSessionInactive":"Session SSO inactive",
"submit":"Envoyer", "submit":"Envoyer",
"updateCdc": "Mise à jour du cookie de domaine commun",
"user":"Utilisateur", "user":"Utilisateur",
"useYubikey":"utilisez votre Yubikey", "useYubikey":"utilisez votre Yubikey",
"wait":"Attendre", "wait":"Attendre",

24
lemonldap-ng-portal/t/31-Auth-and-issuer-CAS.t
View File

@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm'; require 't/test-lib.pm';
} }
my $maintests = 14; my $maintests = 19;
my $debug = 'debug'; my $debug = 'debug';
my ( $issuer, $sp, $res ); my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] ); my %handlerOR = ( issuer => [], sp => [] );
@ -95,8 +95,28 @@ SKIP: {
switch ('sp'); switch ('sp');
ok( $res = $sp->_get( '/', query => $query, accept => 'text/html' ), ok( $res = $sp->_get( '/', query => $query, accept => 'text/html' ),
'Query SP with ticket' ); 'Query SP with ticket' );
$cookies = $sp->getCookies($res);
my $spId;
ok( $spId = $cookies->{lemonldap}, 'Get cookie' )
or explain( $res, 'Set-Cookie: something' );
#print STDERR Dumper($res); # Test authentication
ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
ok( $res->[0] == 200, 'User is authentified' ) or explain( $res->[0], 200 );
ok( $sp->getUser($res) eq 'dwho', 'User is identified as dwho' )
or explain( $res->[1], 'Lm-Remote-User: dwho' );
# Logout initiated by SP
ok(
$res = $sp->_get(
'/',
query => 'logout',
cookie => "lemonldap=$spId",
accept => 'text/html'
),
'Query SP for logout'
);
print STDERR Dumper($res);
} }
count($maintests); count($maintests);