dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SAML: possibility to configure a different storage for SAML objects (samlStorage) than sessions storage (globalStorage)

Browse Source
This commit is contained in:
Clément Oudot 2010-04-09 13:27:54 +00:00
parent 81f749ec23
commit 7fef157210
3 changed files with 40 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
View File

@ -394,8 +394,8 @@ sub extractFormInfo {
# Get corresponding session
my $local_sessions =
$self->{globalStorage}
->searchOn( $self->{globalStorageOptions}, "_user", $user, );
$self->{samlStorage}
->searchOn( $self->{samlStorageOptions}, "_user", $user, );
if ( my @local_sessions_keys = keys %$local_sessions ) {

33
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
View File

@ -163,6 +163,12 @@ sub new {
$self->abort( "Configuration error",
"Module " . $self->{globalStorage} . " not found in \@INC" )
if ($@);
if ( $self->{samlStorage} ne $self->{globalStorage} ) {
eval "require " . $self->{samlStorage};
$self->abort( "Configuration error",
"Module " . $self->{samlStorage} . " not found in \@INC" )
if ($@);
}
$self->abort( "Configuration error",
"You've to indicate a domain for cookies" )
unless ( $self->{domain} );
@ -363,7 +369,9 @@ sub setDefaultValues {
$self->{ldapGroupRecursive} ||= 0;
# SAML
$self->{samlIdPResolveCookie} ||= "lemonldapidp";
$self->{samlIdPResolveCookie} ||= $self->{cookieName} . "idp";
$self->{samlStorage} ||= $self->{globalStorage};
$self->{samlStorageOptions} ||= $self->{globalStorageOptions};
}
##@method protected void setHiddenFormValue(string fieldname, string value)
@ -375,9 +383,9 @@ sub setHiddenFormValue {
my $self = shift;
my $key = shift;
my $val = shift;
if ( $val ) {
if ($val) {
$key = 'lmhidden_' . $key;
$self->{portalHiddenFormValues}->{$key} = encode_base64( $val );
$self->{portalHiddenFormValues}->{$key} = encode_base64($val);
}
}
@ -389,9 +397,8 @@ sub getHiddenFormValue {
my $self = shift;
my $key = shift;
$key = 'lmhidden_' . $key;
if ( my $val = $self->param($key) )
{
return decode_base64( $val );
if ( my $val = $self->param($key) ) {
return decode_base64($val);
}
return undef;
}
@ -401,12 +408,16 @@ sub getHiddenFormValue {
#@return string
sub buildHiddenForm {
my $self = shift;
my @keys = keys %{$self->{portalHiddenFormValues}};
my @keys = keys %{ $self->{portalHiddenFormValues} };
my $val = '';
foreach ( @keys )
{
$val .= '<input type="hidden" name="' . $_ . '" id="' . $_
. '" value="' . $self->{portalHiddenFormValues}->{$_} . '" />';
foreach (@keys) {
$val .=
'<input type="hidden" name="'
. $_
. '" id="'
. $_
. '" value="'
. $self->{portalHiddenFormValues}->{$_} . '" />';
}
return $val;
}

40
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
View File

@ -919,11 +919,9 @@ sub storeRelayState {
my %h;
# Create relaystate session
eval {
tie %h, $self->{globalStorage}, undef, $self->{globalStorageOptions};
};
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
if ($@) {
$self->lmLog( "Unable to create relaystate session", 'error' );
$self->lmLog( "Unable to create relaystate session: $@", 'error' );
return;
}
@ -961,11 +959,10 @@ sub extractRelayState {
# Open relaystate session
eval {
tie %h, $self->{globalStorage}, $relaystate,
$self->{globalStorageOptions};
tie %h, $self->{samlStorage}, $relaystate, $self->{samlStorageOptions};
};
if ($@) {
$self->lmLog( "Unable to open relaystate session", 'error' );
$self->lmLog( "Unable to open relaystate session: $@", 'error' );
return 0;
}
@ -1265,11 +1262,10 @@ sub storeReplayProtection {
my ( $self, $samlID ) = splice @_;
my %h;
eval {
tie %h, $self->{globalStorage}, undef, $self->{globalStorageOptions};
};
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
if ( $@ or !$samlID ) {
$self->lmLog( "Unable to create replay protection session", 'error' );
$self->lmLog( "Unable to create replay protection session: $@",
'error' );
return 0;
}
@ -1302,8 +1298,8 @@ sub replayProtection {
}
my $sessions =
$self->{globalStorage}
->searchOn( $self->{globalStorageOptions}, "ID", $samlID );
$self->{samlStorage}
->searchOn( $self->{samlStorageOptions}, "ID", $samlID );
if ( my @keys = keys %$sessions ) {
@ -1313,8 +1309,7 @@ sub replayProtection {
# Delete it
eval {
tie %h, $self->{globalStorage}, $_,
$self->{globalStorageOptions};
tie %h, $self->{samlStorage}, $_, $self->{samlStorageOptions};
};
if ($@) {
$self->lmLog(
@ -1394,11 +1389,9 @@ sub storeArtifact {
my ( $self, $id, $message ) = splice @_;
my %h;
eval {
tie %h, $self->{globalStorage}, undef, $self->{globalStorageOptions};
};
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
if ( $@ or !$id or !$message ) {
$self->lmLog( "Unable to create artifact session", 'error' );
$self->lmLog( "Unable to create artifact session: $@", 'error' );
return 0;
}
@ -1431,8 +1424,7 @@ sub loadArtifact {
}
my $sessions =
$self->{globalStorage}
->searchOn( $self->{globalStorageOptions}, "ID", $id );
$self->{samlStorage}->searchOn( $self->{samlStorageOptions}, "ID", $id );
if ( my @keys = keys %$sessions ) {
@ -1448,12 +1440,12 @@ sub loadArtifact {
# Open session
eval {
tie %h, $self->{globalStorage}, $session_id,
$self->{globalStorageOptions};
tie %h, $self->{samlStorage}, $session_id,
$self->{samlStorageOptions};
};
if ($@) {
$self->lmLog(
"Unable to recover artifact session $session (ID $id)",
"Unable to recover artifact session $session (ID $id): $@",
'error' );
return;
}