SAML: add IDP in Lasso::Server
This commit is contained in:
parent
bcfdac9dd1
commit
718e4fa136
@ -43,7 +43,7 @@ sub unserialize {
|
||||
while ( my ( $k, $v ) = each(%$fields) ) {
|
||||
$v =~ s/^'(.*)'$/$1/s;
|
||||
if ( $k =~
|
||||
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|notificationStorageOptions|samlServiceMetaData)$/
|
||||
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|notificationStorageOptions|samlServiceMetaData|samlIDPMetaData|samlSPMetaData)$/
|
||||
and $v ||= {}
|
||||
and not ref($v) )
|
||||
{
|
||||
|
@ -29,6 +29,7 @@ sub authInit {
|
||||
return PE_ERROR unless $self->{samlServiceMetaData};
|
||||
|
||||
# Get metadata from configuration
|
||||
$self->lmLog( "Get Metadata for this service", 'debug' );
|
||||
my $service_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
|
||||
unless (
|
||||
$service_metadata->initializeFromConfHash(
|
||||
@ -43,13 +44,48 @@ sub authInit {
|
||||
|
||||
# Create Lasso server with service metadata
|
||||
# Provate key has to be inside service metadata
|
||||
my $xml = $service_metadata->toXML();
|
||||
|
||||
my $server = $self->createServer($xml);
|
||||
my $server = $self->createServer( $service_metadata->toXML() );
|
||||
|
||||
return PE_ERROR unless $server;
|
||||
|
||||
# Load entities metadata
|
||||
$self->lmLog( "Service created", 'debug' );
|
||||
|
||||
# Check presence of at least one identity provider in configuration
|
||||
unless ( $self->{samlIDPMetaData} and keys %{ $self->{samlIDPMetaData} } ) {
|
||||
$self->lmLog( "No IDP found in configuration", 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
# Load identity provider metadata
|
||||
# IDP are listed in $self->{samlIDPMetaData}
|
||||
# Each key is the IDP name and value is the metadata
|
||||
foreach ( keys %{ $self->{samlIDPMetaData} } ) {
|
||||
|
||||
$self->lmLog( "Get Metadata for IDP $_", 'debug' );
|
||||
|
||||
# Get metadata from configuration
|
||||
my $idp_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
|
||||
unless (
|
||||
$idp_metadata->initializeFromConfHash(
|
||||
$self->{samlIDPMetaData}->{$_}
|
||||
)
|
||||
)
|
||||
{
|
||||
$self->lmLog( "Fail to read IDP $_ Metadata from configuration",
|
||||
'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
# Add this IDP to Lasso::Server
|
||||
my $result = $self->addIDP( $server, $idp_metadata->toXML() );
|
||||
|
||||
unless ($result) {
|
||||
$self->lmLog( "Fail to use IDP $_ Metadata", 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
$self->lmLog( "IDP $_ added", 'debug' );
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::_SAML;
|
||||
use strict;
|
||||
use base qw(Exporter);
|
||||
|
||||
our @EXPORT = qw(loadLasso checkLassoError createServer);
|
||||
our @EXPORT = qw(loadLasso checkLassoError createServer addIDP addProvider);
|
||||
|
||||
our $VERSION = '0.01';
|
||||
|
||||
@ -88,7 +88,7 @@ sub checkLassoError {
|
||||
return 1;
|
||||
}
|
||||
|
||||
## @method Lasso::Server createServer(string metadata, string private key, string private key password, string certificate)
|
||||
## @method Lasso::Server createServer(string metadata, string private_key, string private_key_password, string certificate)
|
||||
# Load service metadata and create Lasso::Server object
|
||||
# @param string metadata
|
||||
# @param string optional private key
|
||||
@ -107,15 +107,61 @@ sub createServer {
|
||||
|
||||
unless ($server) {
|
||||
$self->lmLog( 'Unable to create Lasso server', 'error' );
|
||||
return;
|
||||
}
|
||||
|
||||
$self->lmLog( 'Lasso server dump ' . Lasso::Server::dump($server),
|
||||
'debug' );
|
||||
|
||||
return $server;
|
||||
}
|
||||
|
||||
## @method boolean addIDP(Lasso::Server server, string metadata, string public_key, string ca_cert_chain)
|
||||
# Add IDP to an existing Lasso::Server
|
||||
# @param Lasso::Server Lasso::Server object
|
||||
# @param string metadata IDP metadata
|
||||
# @param string optional public key
|
||||
# @param string optional ca cert chain
|
||||
# @return boolean result
|
||||
sub addIDP {
|
||||
my $self = shift;
|
||||
my $server = shift;
|
||||
my $metadata = shift;
|
||||
my $public_key = shift || '';
|
||||
my $ca_cert_chain = shift || '';
|
||||
|
||||
return 0 unless ( $server->isa("Lasso::Server") and defined $metadata );
|
||||
|
||||
return $self->addProvider( $server, Lasso::Constants::PROVIDER_ROLE_IDP,
|
||||
$metadata, $public_key, $ca_cert_chain );
|
||||
}
|
||||
|
||||
## @method boolean addProvider(Lasso::Server server, int role, string metadata, string public_key, string ca_cert_chain)
|
||||
# Add provider to an existing Lasso::Server
|
||||
# @param Lasso::Server Lasso::Server object
|
||||
# @param int role (IDP, SP or Both)
|
||||
# @param string metadata IDP metadata
|
||||
# @param string optional public key
|
||||
# @param string optional ca cert chain
|
||||
# @return boolean result
|
||||
sub addProvider {
|
||||
my $self = shift;
|
||||
my $server = shift;
|
||||
my $role = shift;
|
||||
my $metadata = shift;
|
||||
my $public_key = shift || '';
|
||||
my $ca_cert_chain = shift || '';
|
||||
|
||||
return 0
|
||||
unless ( $server->isa("Lasso::Server")
|
||||
and defined $role
|
||||
and defined $metadata );
|
||||
|
||||
eval {
|
||||
Lasso::Server::add_provider_from_buffers( $server, $role, $metadata,
|
||||
$public_key, $ca_cert_chain );
|
||||
};
|
||||
|
||||
return $self->checkLassoError($@);
|
||||
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
__END__
|
||||
@ -149,6 +195,14 @@ Log Lasso error code and message if this is actually a Lasso::Error with code >
|
||||
|
||||
Load service metadata and create Lasso::Server object
|
||||
|
||||
=head2 addIDP
|
||||
|
||||
Add IDP to an existing Lasso::Server
|
||||
|
||||
=head2 addProvider
|
||||
|
||||
Add provider to an existing Lasso::Server
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
|
||||
|
Loading…
Reference in New Issue
Block a user