SAML: add IDP in Lasso::Server

modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm

@@ -43,7 +43,7 @@ sub unserialize {
     while ( my ( $k, $v ) = each(%$fields) ) {
         $v =~ s/^'(.*)'$/$1/s;
         if ( $k =~
-/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|notificationStorageOptions|samlServiceMetaData)$/
+/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|notificationStorageOptions|samlServiceMetaData|samlIDPMetaData|samlSPMetaData)$/
             and $v ||= {}
             and not ref($v) )
         {

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm

@@ -29,6 +29,7 @@ sub authInit {
     return PE_ERROR unless $self->{samlServiceMetaData};
 
     # Get metadata from configuration
+    $self->lmLog( "Get Metadata for this service", 'debug' );
     my $service_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
     unless (
         $service_metadata->initializeFromConfHash(
@@ -43,13 +44,48 @@ sub authInit {
 
     # Create Lasso server with service metadata
     # Provate key has to be inside service metadata
-    my $xml = $service_metadata->toXML();
-
-    my $server = $self->createServer($xml);
+    my $server = $self->createServer( $service_metadata->toXML() );
 
     return PE_ERROR unless $server;
 
-    # Load entities metadata
+    $self->lmLog( "Service created", 'debug' );
+
+    # Check presence of at least one identity provider in configuration
+    unless ( $self->{samlIDPMetaData} and keys %{ $self->{samlIDPMetaData} } ) {
+        $self->lmLog( "No IDP found in configuration", 'error' );
+        return PE_ERROR;
+    }
+
+    # Load identity provider metadata
+    # IDP are listed in $self->{samlIDPMetaData}
+    # Each key is the IDP name and value is the metadata
+    foreach ( keys %{ $self->{samlIDPMetaData} } ) {
+
+        $self->lmLog( "Get Metadata for IDP $_", 'debug' );
+
+        # Get metadata from configuration
+        my $idp_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
+        unless (
+            $idp_metadata->initializeFromConfHash(
+                $self->{samlIDPMetaData}->{$_}
+            )
+          )
+        {
+            $self->lmLog( "Fail to read IDP $_ Metadata from configuration",
+                'error' );
+            return PE_ERROR;
+        }
+
+        # Add this IDP to Lasso::Server
+        my $result = $self->addIDP( $server, $idp_metadata->toXML() );
+
+        unless ($result) {
+            $self->lmLog( "Fail to use IDP $_ Metadata", 'error' );
+            return PE_ERROR;
+        }
+
+        $self->lmLog( "IDP $_ added", 'debug' );
+    }
 
     PE_OK;
 }

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm

@@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::_SAML;
 use strict;
 use base qw(Exporter);
 
-our @EXPORT = qw(loadLasso checkLassoError createServer);
+our @EXPORT = qw(loadLasso checkLassoError createServer addIDP addProvider);
 
 our $VERSION = '0.01';
 
@@ -88,7 +88,7 @@ sub checkLassoError {
     return 1;
 }
 
-## @method Lasso::Server createServer(string metadata, string private key, string private key password, string certificate)
+## @method Lasso::Server createServer(string metadata, string private_key, string private_key_password, string certificate)
 # Load service metadata and create Lasso::Server object
 # @param string metadata
 # @param string optional private key
@@ -107,15 +107,61 @@ sub createServer {
 
     unless ($server) {
         $self->lmLog( 'Unable to create Lasso server', 'error' );
-        return;
     }
 
-    $self->lmLog( 'Lasso server dump ' . Lasso::Server::dump($server),
-        'debug' );
-
     return $server;
 }
 
+## @method boolean addIDP(Lasso::Server server, string metadata, string public_key, string ca_cert_chain)
+# Add IDP to an existing Lasso::Server
+# @param Lasso::Server Lasso::Server object
+# @param string metadata IDP metadata
+# @param string optional public key
+# @param string optional ca cert chain
+# @return boolean result
+sub addIDP {
+    my $self          = shift;
+    my $server        = shift;
+    my $metadata      = shift;
+    my $public_key    = shift || '';
+    my $ca_cert_chain = shift || '';
+
+    return 0 unless ( $server->isa("Lasso::Server") and defined $metadata );
+
+    return $self->addProvider( $server, Lasso::Constants::PROVIDER_ROLE_IDP,
+        $metadata, $public_key, $ca_cert_chain );
+}
+
+## @method boolean addProvider(Lasso::Server server, int role, string metadata, string public_key, string ca_cert_chain)
+# Add provider to an existing Lasso::Server
+# @param Lasso::Server Lasso::Server object
+# @param int role (IDP, SP or Both)
+# @param string metadata IDP metadata
+# @param string optional public key
+# @param string optional ca cert chain
+# @return boolean result
+sub addProvider {
+    my $self          = shift;
+    my $server        = shift;
+    my $role          = shift;
+    my $metadata      = shift;
+    my $public_key    = shift || '';
+    my $ca_cert_chain = shift || '';
+
+    return 0
+      unless ( $server->isa("Lasso::Server")
+        and defined $role
+        and defined $metadata );
+
+    eval {
+        Lasso::Server::add_provider_from_buffers( $server, $role, $metadata,
+            $public_key, $ca_cert_chain );
+    };
+
+    return $self->checkLassoError($@);
+
+}
+
 1;
 
 __END__
@@ -149,6 +195,14 @@ Log Lasso error code and message if this is actually a Lasso::Error with code >
 
 Load service metadata and create Lasso::Server object
 
+=head2 addIDP
+
+Add IDP to an existing Lasso::Server
+
+=head2 addProvider
+
+Add provider to an existing Lasso::Server
+
 =head1 SEE ALSO
 
 L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>