SAML: possibility to configure a different storage for SAML objects (samlStorage) than sessions storage (globalStorage)
This commit is contained in:
parent
81f749ec23
commit
7fef157210
@ -394,8 +394,8 @@ sub extractFormInfo {
|
||||
|
||||
# Get corresponding session
|
||||
my $local_sessions =
|
||||
$self->{globalStorage}
|
||||
->searchOn( $self->{globalStorageOptions}, "_user", $user, );
|
||||
$self->{samlStorage}
|
||||
->searchOn( $self->{samlStorageOptions}, "_user", $user, );
|
||||
|
||||
if ( my @local_sessions_keys = keys %$local_sessions ) {
|
||||
|
||||
|
@ -163,6 +163,12 @@ sub new {
|
||||
$self->abort( "Configuration error",
|
||||
"Module " . $self->{globalStorage} . " not found in \@INC" )
|
||||
if ($@);
|
||||
if ( $self->{samlStorage} ne $self->{globalStorage} ) {
|
||||
eval "require " . $self->{samlStorage};
|
||||
$self->abort( "Configuration error",
|
||||
"Module " . $self->{samlStorage} . " not found in \@INC" )
|
||||
if ($@);
|
||||
}
|
||||
$self->abort( "Configuration error",
|
||||
"You've to indicate a domain for cookies" )
|
||||
unless ( $self->{domain} );
|
||||
@ -363,7 +369,9 @@ sub setDefaultValues {
|
||||
$self->{ldapGroupRecursive} ||= 0;
|
||||
|
||||
# SAML
|
||||
$self->{samlIdPResolveCookie} ||= "lemonldapidp";
|
||||
$self->{samlIdPResolveCookie} ||= $self->{cookieName} . "idp";
|
||||
$self->{samlStorage} ||= $self->{globalStorage};
|
||||
$self->{samlStorageOptions} ||= $self->{globalStorageOptions};
|
||||
}
|
||||
|
||||
##@method protected void setHiddenFormValue(string fieldname, string value)
|
||||
@ -375,9 +383,9 @@ sub setHiddenFormValue {
|
||||
my $self = shift;
|
||||
my $key = shift;
|
||||
my $val = shift;
|
||||
if ( $val ) {
|
||||
if ($val) {
|
||||
$key = 'lmhidden_' . $key;
|
||||
$self->{portalHiddenFormValues}->{$key} = encode_base64( $val );
|
||||
$self->{portalHiddenFormValues}->{$key} = encode_base64($val);
|
||||
}
|
||||
}
|
||||
|
||||
@ -389,9 +397,8 @@ sub getHiddenFormValue {
|
||||
my $self = shift;
|
||||
my $key = shift;
|
||||
$key = 'lmhidden_' . $key;
|
||||
if ( my $val = $self->param($key) )
|
||||
{
|
||||
return decode_base64( $val );
|
||||
if ( my $val = $self->param($key) ) {
|
||||
return decode_base64($val);
|
||||
}
|
||||
return undef;
|
||||
}
|
||||
@ -401,12 +408,16 @@ sub getHiddenFormValue {
|
||||
#@return string
|
||||
sub buildHiddenForm {
|
||||
my $self = shift;
|
||||
my @keys = keys %{$self->{portalHiddenFormValues}};
|
||||
my @keys = keys %{ $self->{portalHiddenFormValues} };
|
||||
my $val = '';
|
||||
foreach ( @keys )
|
||||
{
|
||||
$val .= '<input type="hidden" name="' . $_ . '" id="' . $_
|
||||
. '" value="' . $self->{portalHiddenFormValues}->{$_} . '" />';
|
||||
foreach (@keys) {
|
||||
$val .=
|
||||
'<input type="hidden" name="'
|
||||
. $_
|
||||
. '" id="'
|
||||
. $_
|
||||
. '" value="'
|
||||
. $self->{portalHiddenFormValues}->{$_} . '" />';
|
||||
}
|
||||
return $val;
|
||||
}
|
||||
|
@ -919,11 +919,9 @@ sub storeRelayState {
|
||||
my %h;
|
||||
|
||||
# Create relaystate session
|
||||
eval {
|
||||
tie %h, $self->{globalStorage}, undef, $self->{globalStorageOptions};
|
||||
};
|
||||
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
|
||||
if ($@) {
|
||||
$self->lmLog( "Unable to create relaystate session", 'error' );
|
||||
$self->lmLog( "Unable to create relaystate session: $@", 'error' );
|
||||
return;
|
||||
}
|
||||
|
||||
@ -961,11 +959,10 @@ sub extractRelayState {
|
||||
|
||||
# Open relaystate session
|
||||
eval {
|
||||
tie %h, $self->{globalStorage}, $relaystate,
|
||||
$self->{globalStorageOptions};
|
||||
tie %h, $self->{samlStorage}, $relaystate, $self->{samlStorageOptions};
|
||||
};
|
||||
if ($@) {
|
||||
$self->lmLog( "Unable to open relaystate session", 'error' );
|
||||
$self->lmLog( "Unable to open relaystate session: $@", 'error' );
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1265,11 +1262,10 @@ sub storeReplayProtection {
|
||||
my ( $self, $samlID ) = splice @_;
|
||||
my %h;
|
||||
|
||||
eval {
|
||||
tie %h, $self->{globalStorage}, undef, $self->{globalStorageOptions};
|
||||
};
|
||||
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
|
||||
if ( $@ or !$samlID ) {
|
||||
$self->lmLog( "Unable to create replay protection session", 'error' );
|
||||
$self->lmLog( "Unable to create replay protection session: $@",
|
||||
'error' );
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1302,8 +1298,8 @@ sub replayProtection {
|
||||
}
|
||||
|
||||
my $sessions =
|
||||
$self->{globalStorage}
|
||||
->searchOn( $self->{globalStorageOptions}, "ID", $samlID );
|
||||
$self->{samlStorage}
|
||||
->searchOn( $self->{samlStorageOptions}, "ID", $samlID );
|
||||
|
||||
if ( my @keys = keys %$sessions ) {
|
||||
|
||||
@ -1313,8 +1309,7 @@ sub replayProtection {
|
||||
|
||||
# Delete it
|
||||
eval {
|
||||
tie %h, $self->{globalStorage}, $_,
|
||||
$self->{globalStorageOptions};
|
||||
tie %h, $self->{samlStorage}, $_, $self->{samlStorageOptions};
|
||||
};
|
||||
if ($@) {
|
||||
$self->lmLog(
|
||||
@ -1394,11 +1389,9 @@ sub storeArtifact {
|
||||
my ( $self, $id, $message ) = splice @_;
|
||||
my %h;
|
||||
|
||||
eval {
|
||||
tie %h, $self->{globalStorage}, undef, $self->{globalStorageOptions};
|
||||
};
|
||||
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
|
||||
if ( $@ or !$id or !$message ) {
|
||||
$self->lmLog( "Unable to create artifact session", 'error' );
|
||||
$self->lmLog( "Unable to create artifact session: $@", 'error' );
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1431,8 +1424,7 @@ sub loadArtifact {
|
||||
}
|
||||
|
||||
my $sessions =
|
||||
$self->{globalStorage}
|
||||
->searchOn( $self->{globalStorageOptions}, "ID", $id );
|
||||
$self->{samlStorage}->searchOn( $self->{samlStorageOptions}, "ID", $id );
|
||||
|
||||
if ( my @keys = keys %$sessions ) {
|
||||
|
||||
@ -1448,12 +1440,12 @@ sub loadArtifact {
|
||||
|
||||
# Open session
|
||||
eval {
|
||||
tie %h, $self->{globalStorage}, $session_id,
|
||||
$self->{globalStorageOptions};
|
||||
tie %h, $self->{samlStorage}, $session_id,
|
||||
$self->{samlStorageOptions};
|
||||
};
|
||||
if ($@) {
|
||||
$self->lmLog(
|
||||
"Unable to recover artifact session $session (ID $id)",
|
||||
"Unable to recover artifact session $session (ID $id): $@",
|
||||
'error' );
|
||||
return;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user