CAS in progress (#595)
This commit is contained in:
parent
d01e3472ff
commit
5ac69452df
|
@ -110,6 +110,7 @@ sub authenticate {
|
||||||
# calculating remaining time before password expiration
|
# calculating remaining time before password expiration
|
||||||
my $remainingTime = $_pwdExpire - $timestamp;
|
my $remainingTime = $_pwdExpire - $timestamp;
|
||||||
$self->info(
|
$self->info(
|
||||||
|
$req,
|
||||||
"<h3>"
|
"<h3>"
|
||||||
. sprintf(
|
. sprintf(
|
||||||
$self->msg(PM_PP_EXP_WARNING),
|
$self->msg(PM_PP_EXP_WARNING),
|
||||||
|
|
|
@ -53,7 +53,7 @@ sub extractFormInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
# Local URL
|
# Local URL
|
||||||
my $local_url = $self->conf->{portal} . $req->uri;
|
my $local_url = $self->p->fullUrl($req);
|
||||||
|
|
||||||
# Add request state parameters
|
# Add request state parameters
|
||||||
if ( $req->datas->{_url} ) {
|
if ( $req->datas->{_url} ) {
|
||||||
|
@ -82,7 +82,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
if ( $self->proxy ) {
|
if ( $self->proxy ) {
|
||||||
$self->lmLog( "CAS: Proxy mode activated", 'debug' );
|
$self->lmLog( "CAS: Proxy mode activated", 'debug' );
|
||||||
my $proxy_url = $req->uri . '?casProxy=1';
|
my $proxy_url = $self->p->fullUrl($req) . '?casProxy=1';
|
||||||
|
|
||||||
if ( my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) {
|
if ( my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) {
|
||||||
$proxy_url .= '&' . $self->conf->{authChoiceParam} . "=$tmp";
|
$proxy_url .= '&' . $self->conf->{authChoiceParam} . "=$tmp";
|
||||||
|
@ -198,7 +198,8 @@ sub authLogout {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
# Build CAS logout URL
|
# Build CAS logout URL
|
||||||
my $logout_url = $self->cas->getServerLogoutURL( $req->uri );
|
my $logout_url =
|
||||||
|
$self->cas->getServerLogoutURL( uri_escape( $self->p->fullUrl($req) ) );
|
||||||
|
|
||||||
$self->lmLog( "Build CAS logout URL: $logout_url", 'debug' );
|
$self->lmLog( "Build CAS logout URL: $logout_url", 'debug' );
|
||||||
|
|
||||||
|
|
|
@ -214,10 +214,11 @@ sub run {
|
||||||
# Display a link to the provided URL
|
# Display a link to the provided URL
|
||||||
$self->lmLog( "Logout URL $logout_url will be displayed", 'debug' );
|
$self->lmLog( "Logout URL $logout_url will be displayed", 'debug' );
|
||||||
|
|
||||||
$self->info(
|
$self->info( $req,
|
||||||
'<h3 trmsg="back2CasUrl">The application you just logged out of has provided a link it would like you to follow</h3>'
|
'<h3 trmsg="back2CasUrl">The application you just logged out of has provided a link it would like you to follow</h3>'
|
||||||
);
|
);
|
||||||
$self->info("<p><a href=\"$logout_url\">$logout_url</a></p>");
|
$self->info( $req,
|
||||||
|
"<p><a href=\"$logout_url\">$logout_url</a></p>" );
|
||||||
$self->{activeTimer} = 0;
|
$self->{activeTimer} = 0;
|
||||||
|
|
||||||
return PE_CONFIRM;
|
return PE_CONFIRM;
|
||||||
|
@ -397,7 +398,8 @@ sub validate {
|
||||||
|
|
||||||
# Get username
|
# Get username
|
||||||
my $username =
|
my $username =
|
||||||
$localSession->data->{ $self->conf->{casAttr} || $self->conf->{whatToTrace} };
|
$localSession->data->{ $self->conf->{casAttr}
|
||||||
|
|| $self->conf->{whatToTrace} };
|
||||||
|
|
||||||
$self->lmLog( "Get username $username", 'debug' );
|
$self->lmLog( "Get username $username", 'debug' );
|
||||||
|
|
||||||
|
|
|
@ -79,6 +79,7 @@ qr/^($saml_slo_get_url|$saml_slo_get_url_ret|$saml_slo_post_url|$saml_slo_post_u
|
||||||
# Required to manage SLO in Proxy mode
|
# Required to manage SLO in Proxy mode
|
||||||
and $self->loadIDPs()
|
and $self->loadIDPs()
|
||||||
);
|
);
|
||||||
|
|
||||||
# SOAP routes (access without authentication)
|
# SOAP routes (access without authentication)
|
||||||
$self->addRouteFromMetaDataURL(
|
$self->addRouteFromMetaDataURL(
|
||||||
'samlIDPSSODescriptorArtifactResolutionServiceArtifact',
|
'samlIDPSSODescriptorArtifactResolutionServiceArtifact',
|
||||||
|
@ -865,10 +866,9 @@ sub run {
|
||||||
. " width=\"0\" height=\"0\" frameborder=\"0\">"
|
. " width=\"0\" height=\"0\" frameborder=\"0\">"
|
||||||
. "</iframe>";
|
. "</iframe>";
|
||||||
|
|
||||||
# TODO: replace this
|
$self->info( $req,
|
||||||
#$self->info( "<h3>" . $self->msg(PM_CDC_WRITER) . "</h3>" );
|
'<h3 trspan="updateCdc">Update Common Domain Cookie</h3>'
|
||||||
|
. $cdc_iframe );
|
||||||
$self->info( $req, $cdc_iframe );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# HTTP-REDIRECT
|
# HTTP-REDIRECT
|
||||||
|
|
|
@ -206,13 +206,17 @@ sub userBind {
|
||||||
if ( $resp->grace_authentications_remaining ) {
|
if ( $resp->grace_authentications_remaining ) {
|
||||||
|
|
||||||
# TODO
|
# TODO
|
||||||
$self->{portal}->info( "<h3>"
|
$self->{portal}->info( $req,
|
||||||
. $resp->grace_authentications_remaining . " "
|
'<h3>'
|
||||||
. $self->{portal}->msg(PM_PP_GRACE)
|
. $resp->grace_authentications_remaining
|
||||||
. "</h3>" );
|
. ' <span trmsg="ppGrace">authentications remaining, change your password!</span></h3>'
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $resp->time_before_expiration ) {
|
if ( $resp->time_before_expiration ) {
|
||||||
|
die 'TODO: change this by JS conversion';
|
||||||
$self->{portal}->info(
|
$self->{portal}->info(
|
||||||
|
$req,
|
||||||
"<h3>"
|
"<h3>"
|
||||||
. sprintf(
|
. sprintf(
|
||||||
$self->{portal}->msg(PM_PP_EXP_WARNING),
|
$self->{portal}->msg(PM_PP_EXP_WARNING),
|
||||||
|
|
|
@ -8,7 +8,6 @@ use constant {
|
||||||
|
|
||||||
# Portal errors
|
# Portal errors
|
||||||
# Developers warning, do not use PE_INFO, it's reserved to autoRedirect.
|
# Developers warning, do not use PE_INFO, it's reserved to autoRedirect.
|
||||||
# If you want to send an information, use $self->info('text').
|
|
||||||
PE_SENDRESPONSE => -4,
|
PE_SENDRESPONSE => -4,
|
||||||
PE_INFO => -3,
|
PE_INFO => -3,
|
||||||
PE_REDIRECT => -2,
|
PE_REDIRECT => -2,
|
||||||
|
|
|
@ -145,7 +145,7 @@ sub deleteSession {
|
||||||
|
|
||||||
$self->lmLog( "Create iFrames to forward logout to services", 'debug' );
|
$self->lmLog( "Create iFrames to forward logout to services", 'debug' );
|
||||||
|
|
||||||
$self->info('<h3 trmsg="logoutFromOtherApp"></h3>');
|
$self->info( $req, '<h3 trmsg="logoutFromOtherApp"></h3>' );
|
||||||
|
|
||||||
foreach ( keys %{ $req->datas->{logoutServices} } ) {
|
foreach ( keys %{ $req->datas->{logoutServices} } ) {
|
||||||
my $logoutServiceName = $_;
|
my $logoutServiceName = $_;
|
||||||
|
@ -153,7 +153,7 @@ sub deleteSession {
|
||||||
$req->datas->{logoutServices}->{$logoutServiceName};
|
$req->datas->{logoutServices}->{$logoutServiceName};
|
||||||
|
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
|
"Find logout service $logoutServiceName ($logoutServiceUrl)",
|
||||||
|
|
||||||
'debug'
|
'debug'
|
||||||
);
|
);
|
||||||
|
@ -165,11 +165,12 @@ sub deleteSession {
|
||||||
. " width=\"0\" height=\"0\" frameborder=\"0\">"
|
. " width=\"0\" height=\"0\" frameborder=\"0\">"
|
||||||
. "</iframe>";
|
. "</iframe>";
|
||||||
|
|
||||||
$self->info($iframe);
|
$self->info( $req, $iframe );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Redirect on logout page if no other target defined
|
# Redirect on logout page if no other target defined
|
||||||
if ( !$req->urldc and !$req->postUrl ) {
|
if ( !$req->urldc and !$req->postUrl ) {
|
||||||
|
$self->lmLog('No other target defined, redirect on logout','debug');
|
||||||
$req->urldc( $req->scriptname . "?logout=1" );
|
$req->urldc( $req->scriptname . "?logout=1" );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -164,6 +164,7 @@ sub do {
|
||||||
or ( $err == PE_REDIRECT
|
or ( $err == PE_REDIRECT
|
||||||
and $req->datas->{redirectFormMethod}
|
and $req->datas->{redirectFormMethod}
|
||||||
and $req->datas->{redirectFormMethod} eq 'post' )
|
and $req->datas->{redirectFormMethod} eq 'post' )
|
||||||
|
or ( $err == PE_REDIRECT and $req->info )
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
|
@ -590,4 +591,11 @@ sub info {
|
||||||
return $req->info($info);
|
return $req->info($info);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub fullUrl {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
|
my $pHost = $self->conf->{portal};
|
||||||
|
$pHost =~ s#^(https?://[^/]+)(?:/.*)?$#$1#;
|
||||||
|
return $pHost . $req->uri;
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -167,6 +167,7 @@
|
||||||
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
|
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
|
||||||
"openSSOSession":"Open your SSO session",
|
"openSSOSession":"Open your SSO session",
|
||||||
"password": "Password",
|
"password": "Password",
|
||||||
|
"ppGrace": "authentications remaining, change your password!",
|
||||||
"pwdChanged":"Your password was changed.",
|
"pwdChanged":"Your password was changed.",
|
||||||
"pwdChange":"Password change",
|
"pwdChange":"Password change",
|
||||||
"pwdIs":"Your password is",
|
"pwdIs":"Your password is",
|
||||||
|
@ -188,6 +189,7 @@
|
||||||
"serviceProvidedBy":"Service provided by",
|
"serviceProvidedBy":"Service provided by",
|
||||||
"SSOSessionInactive":"SSO session inactive",
|
"SSOSessionInactive":"SSO session inactive",
|
||||||
"submit":"Submit",
|
"submit":"Submit",
|
||||||
|
"updateCdc": "Update Common Domain Cookie",
|
||||||
"user":"User",
|
"user":"User",
|
||||||
"useYubikey":"use your Yubikey",
|
"useYubikey":"use your Yubikey",
|
||||||
"wait":"Wait",
|
"wait":"Wait",
|
||||||
|
|
|
@ -167,6 +167,7 @@
|
||||||
"openSessionSpace":"Cet espace vous permet d'ouvrir une session SSO. Celle-ci vous aidera à accéder de manière totalement sécurisée à l'ensemble des applications autorisées par votre profil utilisateur.",
|
"openSessionSpace":"Cet espace vous permet d'ouvrir une session SSO. Celle-ci vous aidera à accéder de manière totalement sécurisée à l'ensemble des applications autorisées par votre profil utilisateur.",
|
||||||
"openSSOSession":"Ouvrir une session SSO",
|
"openSSOSession":"Ouvrir une session SSO",
|
||||||
"password": "Mot-de-passe",
|
"password": "Mot-de-passe",
|
||||||
|
"ppGrace": "authentifications restantes, changez votre mot de passe !",
|
||||||
"pwdChange":"Changement de mot de passe",
|
"pwdChange":"Changement de mot de passe",
|
||||||
"pwdChanged":"Votre mot de passe a été changé.",
|
"pwdChanged":"Votre mot de passe a été changé.",
|
||||||
"pwdIs":"Votre mot de passe est",
|
"pwdIs":"Votre mot de passe est",
|
||||||
|
@ -188,6 +189,7 @@
|
||||||
"serviceProvidedBy":"Ce service est fourni par",
|
"serviceProvidedBy":"Ce service est fourni par",
|
||||||
"SSOSessionInactive":"Session SSO inactive",
|
"SSOSessionInactive":"Session SSO inactive",
|
||||||
"submit":"Envoyer",
|
"submit":"Envoyer",
|
||||||
|
"updateCdc": "Mise à jour du cookie de domaine commun",
|
||||||
"user":"Utilisateur",
|
"user":"Utilisateur",
|
||||||
"useYubikey":"utilisez votre Yubikey",
|
"useYubikey":"utilisez votre Yubikey",
|
||||||
"wait":"Attendre",
|
"wait":"Attendre",
|
||||||
|
|
|
@ -7,7 +7,7 @@ BEGIN {
|
||||||
require 't/test-lib.pm';
|
require 't/test-lib.pm';
|
||||||
}
|
}
|
||||||
|
|
||||||
my $maintests = 14;
|
my $maintests = 19;
|
||||||
my $debug = 'debug';
|
my $debug = 'debug';
|
||||||
my ( $issuer, $sp, $res );
|
my ( $issuer, $sp, $res );
|
||||||
my %handlerOR = ( issuer => [], sp => [] );
|
my %handlerOR = ( issuer => [], sp => [] );
|
||||||
|
@ -95,8 +95,28 @@ SKIP: {
|
||||||
switch ('sp');
|
switch ('sp');
|
||||||
ok( $res = $sp->_get( '/', query => $query, accept => 'text/html' ),
|
ok( $res = $sp->_get( '/', query => $query, accept => 'text/html' ),
|
||||||
'Query SP with ticket' );
|
'Query SP with ticket' );
|
||||||
|
$cookies = $sp->getCookies($res);
|
||||||
|
my $spId;
|
||||||
|
ok( $spId = $cookies->{lemonldap}, 'Get cookie' )
|
||||||
|
or explain( $res, 'Set-Cookie: something' );
|
||||||
|
|
||||||
#print STDERR Dumper($res);
|
# Test authentication
|
||||||
|
ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
|
||||||
|
ok( $res->[0] == 200, 'User is authentified' ) or explain( $res->[0], 200 );
|
||||||
|
ok( $sp->getUser($res) eq 'dwho', 'User is identified as dwho' )
|
||||||
|
or explain( $res->[1], 'Lm-Remote-User: dwho' );
|
||||||
|
|
||||||
|
# Logout initiated by SP
|
||||||
|
ok(
|
||||||
|
$res = $sp->_get(
|
||||||
|
'/',
|
||||||
|
query => 'logout',
|
||||||
|
cookie => "lemonldap=$spId",
|
||||||
|
accept => 'text/html'
|
||||||
|
),
|
||||||
|
'Query SP for logout'
|
||||||
|
);
|
||||||
|
print STDERR Dumper($res);
|
||||||
}
|
}
|
||||||
|
|
||||||
count($maintests);
|
count($maintests);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user