SAML: manage hidden values for SAML authentication request
This commit is contained in:
Thomas CHEMINEAU
parent
119386dca7
commit
7202a6651f
@ -99,9 +99,6 @@ sub issuerForUnAuthUser {
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
# Save dump into SAMLRequest hidden field
|
||||
$self->setHiddenFormValue( 'SAMLRequest', $saml_request->dump() );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -375,15 +375,10 @@ sub setHiddenFormValue {
|
||||
my $self = shift;
|
||||
my $key = shift;
|
||||
my $val = shift;
|
||||
$self->{portalHiddenFormValues}->{$key} = $val;
|
||||
}
|
||||
|
||||
##@method public array getHiddenFormFields()
|
||||
# Return all hidden field names.
|
||||
#@return array All hidden field names
|
||||
sub getHiddenFormFields {
|
||||
my $self = shift;
|
||||
return keys %{$self->{portalHiddenFormValues}};
|
||||
if ( $val ) {
|
||||
$key = 'lmhidden_' . $key;
|
||||
$self->{portalHiddenFormValues}->{$key} = encode_base64( $val );
|
||||
}
|
||||
}
|
||||
|
||||
##@method public void getHiddenFormValue(string fieldname)
|
||||
@ -393,8 +388,12 @@ sub getHiddenFormFields {
|
||||
sub getHiddenFormValue {
|
||||
my $self = shift;
|
||||
my $key = shift;
|
||||
return '' unless ( defined($self->{portalHiddenFormValues}->{$key}) );
|
||||
return $self->{portalHiddenFormValues}->{$key}
|
||||
$key = 'lmhidden_' . $key;
|
||||
if ( my $val = $self->param($key) )
|
||||
{
|
||||
return decode_base64( $val );
|
||||
}
|
||||
return undef;
|
||||
}
|
||||
|
||||
##@method public string buildHiddenForm()
|
||||
@ -402,12 +401,12 @@ sub getHiddenFormValue {
|
||||
#@return string
|
||||
sub buildHiddenForm {
|
||||
my $self = shift;
|
||||
my @keys = $self->getHiddenFormFields();
|
||||
my @keys = keys %{$self->{portalHiddenFormValues}};
|
||||
my $val = '';
|
||||
foreach ( @keys )
|
||||
{
|
||||
$val .= '<input type="hidden" name="' . $_ . '" id="' . $_ . '" value="'
|
||||
. encode_base64($self->getHiddenFormValue($_)) . '" />';
|
||||
$val .= '<input type="hidden" name="' . $_ . '" id="' . $_
|
||||
. '" value="' . $self->{portalHiddenFormValues}->{$_} . '" />';
|
||||
}
|
||||
return $val;
|
||||
}
|
||||
|
||||
@ -292,8 +292,9 @@ sub checkMessage {
|
||||
$self->disableSignature($profile);
|
||||
}
|
||||
|
||||
# Get relayState
|
||||
# Get relayState (eventually previously backup'd)
|
||||
$relaystate = $self->param('RelayState');
|
||||
unless ( $relaystate = $self->getHiddenFormValue('RelayState') );
|
||||
|
||||
# 1. HTTP REDIRECT
|
||||
if ( $request_method =~ /^GET$/ ) {
|
||||
@ -339,16 +340,23 @@ sub checkMessage {
|
||||
|
||||
}
|
||||
|
||||
# 2 HTTP POST AND SOAP
|
||||
# 2. HTTP POST AND SOAP
|
||||
elsif ( $request_method =~ /^POST$/ ) {
|
||||
|
||||
# 2.1 POST
|
||||
# 2.1. POST
|
||||
if ( $content_type !~ /xml/ ) {
|
||||
|
||||
my $hidden = 0;
|
||||
$method = Lasso::Constants::HTTP_METHOD_POST;
|
||||
$self->lmLog( "SAML method: HTTP-POST", 'debug' );
|
||||
|
||||
if ( $self->param('SAMLResponse') ) {
|
||||
if ( $response = $self->getHiddenFormValue('SAMLResponse') ) {
|
||||
|
||||
# Do not need to get artifact (which has been saved), because
|
||||
# we have previously resolve it to get this response.
|
||||
$hidden = 1;
|
||||
|
||||
} elsif ( $self->param('SAMLResponse') ) {
|
||||
|
||||
# Response in body part
|
||||
$response = $self->param('SAMLResponse');
|
||||
@ -356,7 +364,13 @@ sub checkMessage {
|
||||
|
||||
}
|
||||
|
||||
if ( $self->param('SAMLRequest') ) {
|
||||
if ( $request = $self->getHiddenFormValue('SAMLRequest') ) {
|
||||
|
||||
# Do not need to get artifact (which has been saved), because
|
||||
# we have previously resolve it to get this request.
|
||||
$hidden = 1;
|
||||
|
||||
} elsif ( $self->param('SAMLRequest') ) {
|
||||
|
||||
# Request in body part
|
||||
$request = $self->param('SAMLRequest');
|
||||
@ -364,9 +378,9 @@ sub checkMessage {
|
||||
|
||||
}
|
||||
|
||||
if ( $self->param('SAMLart') ) {
|
||||
if ( !$hidden && $self->param('SAMLart') ) {
|
||||
|
||||
# Artifcat in SAMLart param
|
||||
# Artifact in SAMLart param
|
||||
$artifact = $self->param('SAMLart');
|
||||
$self->lmLog( "HTTP-REDIRECT: SAML Artifact $artifact",
|
||||
'debug' );
|
||||
@ -388,7 +402,7 @@ sub checkMessage {
|
||||
|
||||
}
|
||||
|
||||
# 2.2 SOAP
|
||||
# 2.2. SOAP
|
||||
else {
|
||||
|
||||
$method = Lasso::Constants::HTTP_METHOD_SOAP;
|
||||
@ -402,6 +416,23 @@ sub checkMessage {
|
||||
|
||||
}
|
||||
|
||||
# Get method previously backup'd
|
||||
$method = $self->getHiddenFormValue('Method')
|
||||
if ( $self->getHiddenFormValue('Method') );
|
||||
|
||||
# Get artifact previously backup'd
|
||||
$artifact = $self->getHiddenFormValue('SAMLArt')
|
||||
if ( $self->getHiddenFormValue('SAMLArt') );
|
||||
|
||||
# 3. Backup values into hidden form values, if process is interrupted
|
||||
# later in LemonLDAP::NG
|
||||
|
||||
$self->setHiddenFormValue('SAMLRequest', $request);
|
||||
$self->setHiddenFormValue('SAMLResponse', $response);
|
||||
$self->setHiddenFormValue('Method', $method);
|
||||
$self->setHiddenFormValue('RelayState', $relaystate);
|
||||
$self->setHiddenFormValue('SAMLArt', $artifact);
|
||||
|
||||
return ( $request, $response, $method, $relaystate, $artifact ? 1 : 0 );
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user