diff --git a/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm b/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm index 3524b2e89..23a5b5a92 100644 --- a/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm +++ b/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm @@ -43,7 +43,7 @@ sub unserialize { while ( my ( $k, $v ) = each(%$fields) ) { $v =~ s/^'(.*)'$/$1/s; if ( $k =~ -/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|notificationStorageOptions|samlServiceMetaData)$/ +/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|notificationStorageOptions|samlServiceMetaData|samlIDPMetaData|samlSPMetaData)$/ and $v ||= {} and not ref($v) ) { diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm index 362c3c81c..ed921ba47 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm @@ -29,6 +29,7 @@ sub authInit { return PE_ERROR unless $self->{samlServiceMetaData}; # Get metadata from configuration + $self->lmLog( "Get Metadata for this service", 'debug' ); my $service_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new(); unless ( $service_metadata->initializeFromConfHash( @@ -43,13 +44,48 @@ sub authInit { # Create Lasso server with service metadata # Provate key has to be inside service metadata - my $xml = $service_metadata->toXML(); - - my $server = $self->createServer($xml); + my $server = $self->createServer( $service_metadata->toXML() ); return PE_ERROR unless $server; - # Load entities metadata + $self->lmLog( "Service created", 'debug' ); + + # Check presence of at least one identity provider in configuration + unless ( $self->{samlIDPMetaData} and keys %{ $self->{samlIDPMetaData} } ) { + $self->lmLog( "No IDP found in configuration", 'error' ); + return PE_ERROR; + } + + # Load identity provider metadata + # IDP are listed in $self->{samlIDPMetaData} + # Each key is the IDP name and value is the metadata + foreach ( keys %{ $self->{samlIDPMetaData} } ) { + + $self->lmLog( "Get Metadata for IDP $_", 'debug' ); + + # Get metadata from configuration + my $idp_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new(); + unless ( + $idp_metadata->initializeFromConfHash( + $self->{samlIDPMetaData}->{$_} + ) + ) + { + $self->lmLog( "Fail to read IDP $_ Metadata from configuration", + 'error' ); + return PE_ERROR; + } + + # Add this IDP to Lasso::Server + my $result = $self->addIDP( $server, $idp_metadata->toXML() ); + + unless ($result) { + $self->lmLog( "Fail to use IDP $_ Metadata", 'error' ); + return PE_ERROR; + } + + $self->lmLog( "IDP $_ added", 'debug' ); + } PE_OK; } diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm index 96f267d79..c342ccc9a 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm @@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::_SAML; use strict; use base qw(Exporter); -our @EXPORT = qw(loadLasso checkLassoError createServer); +our @EXPORT = qw(loadLasso checkLassoError createServer addIDP addProvider); our $VERSION = '0.01'; @@ -88,7 +88,7 @@ sub checkLassoError { return 1; } -## @method Lasso::Server createServer(string metadata, string private key, string private key password, string certificate) +## @method Lasso::Server createServer(string metadata, string private_key, string private_key_password, string certificate) # Load service metadata and create Lasso::Server object # @param string metadata # @param string optional private key @@ -107,15 +107,61 @@ sub createServer { unless ($server) { $self->lmLog( 'Unable to create Lasso server', 'error' ); - return; } - $self->lmLog( 'Lasso server dump ' . Lasso::Server::dump($server), - 'debug' ); - return $server; } +## @method boolean addIDP(Lasso::Server server, string metadata, string public_key, string ca_cert_chain) +# Add IDP to an existing Lasso::Server +# @param Lasso::Server Lasso::Server object +# @param string metadata IDP metadata +# @param string optional public key +# @param string optional ca cert chain +# @return boolean result +sub addIDP { + my $self = shift; + my $server = shift; + my $metadata = shift; + my $public_key = shift || ''; + my $ca_cert_chain = shift || ''; + + return 0 unless ( $server->isa("Lasso::Server") and defined $metadata ); + + return $self->addProvider( $server, Lasso::Constants::PROVIDER_ROLE_IDP, + $metadata, $public_key, $ca_cert_chain ); +} + +## @method boolean addProvider(Lasso::Server server, int role, string metadata, string public_key, string ca_cert_chain) +# Add provider to an existing Lasso::Server +# @param Lasso::Server Lasso::Server object +# @param int role (IDP, SP or Both) +# @param string metadata IDP metadata +# @param string optional public key +# @param string optional ca cert chain +# @return boolean result +sub addProvider { + my $self = shift; + my $server = shift; + my $role = shift; + my $metadata = shift; + my $public_key = shift || ''; + my $ca_cert_chain = shift || ''; + + return 0 + unless ( $server->isa("Lasso::Server") + and defined $role + and defined $metadata ); + + eval { + Lasso::Server::add_provider_from_buffers( $server, $role, $metadata, + $public_key, $ca_cert_chain ); + }; + + return $self->checkLassoError($@); + +} + 1; __END__ @@ -149,6 +195,14 @@ Log Lasso error code and message if this is actually a Lasso::Error with code > Load service metadata and create Lasso::Server object +=head2 addIDP + +Add IDP to an existing Lasso::Server + +=head2 addProvider + +Add provider to an existing Lasso::Server + =head1 SEE ALSO L, L