SAML: add IDP in Lasso::Server
This commit is contained in:
parent
bcfdac9dd1
commit
718e4fa136
@ -43,7 +43,7 @@ sub unserialize {
|
|||||||
while ( my ( $k, $v ) = each(%$fields) ) {
|
while ( my ( $k, $v ) = each(%$fields) ) {
|
||||||
$v =~ s/^'(.*)'$/$1/s;
|
$v =~ s/^'(.*)'$/$1/s;
|
||||||
if ( $k =~
|
if ( $k =~
|
||||||
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|notificationStorageOptions|samlServiceMetaData)$/
|
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|notificationStorageOptions|samlServiceMetaData|samlIDPMetaData|samlSPMetaData)$/
|
||||||
and $v ||= {}
|
and $v ||= {}
|
||||||
and not ref($v) )
|
and not ref($v) )
|
||||||
{
|
{
|
||||||
|
@ -29,6 +29,7 @@ sub authInit {
|
|||||||
return PE_ERROR unless $self->{samlServiceMetaData};
|
return PE_ERROR unless $self->{samlServiceMetaData};
|
||||||
|
|
||||||
# Get metadata from configuration
|
# Get metadata from configuration
|
||||||
|
$self->lmLog( "Get Metadata for this service", 'debug' );
|
||||||
my $service_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
|
my $service_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
|
||||||
unless (
|
unless (
|
||||||
$service_metadata->initializeFromConfHash(
|
$service_metadata->initializeFromConfHash(
|
||||||
@ -43,13 +44,48 @@ sub authInit {
|
|||||||
|
|
||||||
# Create Lasso server with service metadata
|
# Create Lasso server with service metadata
|
||||||
# Provate key has to be inside service metadata
|
# Provate key has to be inside service metadata
|
||||||
my $xml = $service_metadata->toXML();
|
my $server = $self->createServer( $service_metadata->toXML() );
|
||||||
|
|
||||||
my $server = $self->createServer($xml);
|
|
||||||
|
|
||||||
return PE_ERROR unless $server;
|
return PE_ERROR unless $server;
|
||||||
|
|
||||||
# Load entities metadata
|
$self->lmLog( "Service created", 'debug' );
|
||||||
|
|
||||||
|
# Check presence of at least one identity provider in configuration
|
||||||
|
unless ( $self->{samlIDPMetaData} and keys %{ $self->{samlIDPMetaData} } ) {
|
||||||
|
$self->lmLog( "No IDP found in configuration", 'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Load identity provider metadata
|
||||||
|
# IDP are listed in $self->{samlIDPMetaData}
|
||||||
|
# Each key is the IDP name and value is the metadata
|
||||||
|
foreach ( keys %{ $self->{samlIDPMetaData} } ) {
|
||||||
|
|
||||||
|
$self->lmLog( "Get Metadata for IDP $_", 'debug' );
|
||||||
|
|
||||||
|
# Get metadata from configuration
|
||||||
|
my $idp_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
|
||||||
|
unless (
|
||||||
|
$idp_metadata->initializeFromConfHash(
|
||||||
|
$self->{samlIDPMetaData}->{$_}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
{
|
||||||
|
$self->lmLog( "Fail to read IDP $_ Metadata from configuration",
|
||||||
|
'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Add this IDP to Lasso::Server
|
||||||
|
my $result = $self->addIDP( $server, $idp_metadata->toXML() );
|
||||||
|
|
||||||
|
unless ($result) {
|
||||||
|
$self->lmLog( "Fail to use IDP $_ Metadata", 'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
$self->lmLog( "IDP $_ added", 'debug' );
|
||||||
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::_SAML;
|
|||||||
use strict;
|
use strict;
|
||||||
use base qw(Exporter);
|
use base qw(Exporter);
|
||||||
|
|
||||||
our @EXPORT = qw(loadLasso checkLassoError createServer);
|
our @EXPORT = qw(loadLasso checkLassoError createServer addIDP addProvider);
|
||||||
|
|
||||||
our $VERSION = '0.01';
|
our $VERSION = '0.01';
|
||||||
|
|
||||||
@ -88,7 +88,7 @@ sub checkLassoError {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
## @method Lasso::Server createServer(string metadata, string private key, string private key password, string certificate)
|
## @method Lasso::Server createServer(string metadata, string private_key, string private_key_password, string certificate)
|
||||||
# Load service metadata and create Lasso::Server object
|
# Load service metadata and create Lasso::Server object
|
||||||
# @param string metadata
|
# @param string metadata
|
||||||
# @param string optional private key
|
# @param string optional private key
|
||||||
@ -107,15 +107,61 @@ sub createServer {
|
|||||||
|
|
||||||
unless ($server) {
|
unless ($server) {
|
||||||
$self->lmLog( 'Unable to create Lasso server', 'error' );
|
$self->lmLog( 'Unable to create Lasso server', 'error' );
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$self->lmLog( 'Lasso server dump ' . Lasso::Server::dump($server),
|
|
||||||
'debug' );
|
|
||||||
|
|
||||||
return $server;
|
return $server;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## @method boolean addIDP(Lasso::Server server, string metadata, string public_key, string ca_cert_chain)
|
||||||
|
# Add IDP to an existing Lasso::Server
|
||||||
|
# @param Lasso::Server Lasso::Server object
|
||||||
|
# @param string metadata IDP metadata
|
||||||
|
# @param string optional public key
|
||||||
|
# @param string optional ca cert chain
|
||||||
|
# @return boolean result
|
||||||
|
sub addIDP {
|
||||||
|
my $self = shift;
|
||||||
|
my $server = shift;
|
||||||
|
my $metadata = shift;
|
||||||
|
my $public_key = shift || '';
|
||||||
|
my $ca_cert_chain = shift || '';
|
||||||
|
|
||||||
|
return 0 unless ( $server->isa("Lasso::Server") and defined $metadata );
|
||||||
|
|
||||||
|
return $self->addProvider( $server, Lasso::Constants::PROVIDER_ROLE_IDP,
|
||||||
|
$metadata, $public_key, $ca_cert_chain );
|
||||||
|
}
|
||||||
|
|
||||||
|
## @method boolean addProvider(Lasso::Server server, int role, string metadata, string public_key, string ca_cert_chain)
|
||||||
|
# Add provider to an existing Lasso::Server
|
||||||
|
# @param Lasso::Server Lasso::Server object
|
||||||
|
# @param int role (IDP, SP or Both)
|
||||||
|
# @param string metadata IDP metadata
|
||||||
|
# @param string optional public key
|
||||||
|
# @param string optional ca cert chain
|
||||||
|
# @return boolean result
|
||||||
|
sub addProvider {
|
||||||
|
my $self = shift;
|
||||||
|
my $server = shift;
|
||||||
|
my $role = shift;
|
||||||
|
my $metadata = shift;
|
||||||
|
my $public_key = shift || '';
|
||||||
|
my $ca_cert_chain = shift || '';
|
||||||
|
|
||||||
|
return 0
|
||||||
|
unless ( $server->isa("Lasso::Server")
|
||||||
|
and defined $role
|
||||||
|
and defined $metadata );
|
||||||
|
|
||||||
|
eval {
|
||||||
|
Lasso::Server::add_provider_from_buffers( $server, $role, $metadata,
|
||||||
|
$public_key, $ca_cert_chain );
|
||||||
|
};
|
||||||
|
|
||||||
|
return $self->checkLassoError($@);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
||||||
__END__
|
__END__
|
||||||
@ -149,6 +195,14 @@ Log Lasso error code and message if this is actually a Lasso::Error with code >
|
|||||||
|
|
||||||
Load service metadata and create Lasso::Server object
|
Load service metadata and create Lasso::Server object
|
||||||
|
|
||||||
|
=head2 addIDP
|
||||||
|
|
||||||
|
Add IDP to an existing Lasso::Server
|
||||||
|
|
||||||
|
=head2 addProvider
|
||||||
|
|
||||||
|
Add provider to an existing Lasso::Server
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
|
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
|
||||||
|
Loading…
Reference in New Issue
Block a user