From 7fef157210119ee6b44438c34c0e79c51678583f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Fri, 9 Apr 2010 13:27:54 +0000
Subject: [PATCH] SAML: possibility to configure a different storage for SAML
 objects (samlStorage) than sessions storage (globalStorage)

---
 .../lib/Lemonldap/NG/Portal/AuthSAML.pm       |  4 +-
 .../lib/Lemonldap/NG/Portal/Simple.pm         | 33 ++++++++++-----
 .../lib/Lemonldap/NG/Portal/_SAML.pm          | 40 ++++++++-----------
 3 files changed, 40 insertions(+), 37 deletions(-)

diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
index d5e077bfb..519ff4d37 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
@@ -394,8 +394,8 @@ sub extractFormInfo {
 
             # Get corresponding session
             my $local_sessions =
-              $self->{globalStorage}
-              ->searchOn( $self->{globalStorageOptions}, "_user", $user, );
+              $self->{samlStorage}
+              ->searchOn( $self->{samlStorageOptions}, "_user", $user, );
 
             if ( my @local_sessions_keys = keys %$local_sessions ) {
 
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
index f8ad03a18..973f01245 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -163,6 +163,12 @@ sub new {
     $self->abort( "Configuration error",
         "Module " . $self->{globalStorage} . " not found in \@INC" )
       if ($@);
+    if ( $self->{samlStorage} ne $self->{globalStorage} ) {
+        eval "require " . $self->{samlStorage};
+        $self->abort( "Configuration error",
+            "Module " . $self->{samlStorage} . " not found in \@INC" )
+          if ($@);
+    }
     $self->abort( "Configuration error",
         "You've to indicate a domain for cookies" )
       unless ( $self->{domain} );
@@ -363,7 +369,9 @@ sub setDefaultValues {
     $self->{ldapGroupRecursive}           ||= 0;
 
     # SAML
-    $self->{samlIdPResolveCookie} ||= "lemonldapidp";
+    $self->{samlIdPResolveCookie} ||= $self->{cookieName} . "idp";
+    $self->{samlStorage}          ||= $self->{globalStorage};
+    $self->{samlStorageOptions}   ||= $self->{globalStorageOptions};
 }
 
 ##@method protected void setHiddenFormValue(string fieldname, string value)
@@ -375,9 +383,9 @@ sub setHiddenFormValue {
     my $self = shift;
     my $key  = shift;
     my $val  = shift;
-    if ( $val ) {
+    if ($val) {
         $key = 'lmhidden_' . $key;
-        $self->{portalHiddenFormValues}->{$key} = encode_base64( $val );
+        $self->{portalHiddenFormValues}->{$key} = encode_base64($val);
     }
 }
 
@@ -389,9 +397,8 @@ sub getHiddenFormValue {
     my $self = shift;
     my $key  = shift;
     $key = 'lmhidden_' . $key;
-    if ( my $val = $self->param($key) )
-    {
-      return decode_base64( $val );
+    if ( my $val = $self->param($key) ) {
+        return decode_base64($val);
     }
     return undef;
 }
@@ -401,12 +408,16 @@ sub getHiddenFormValue {
 #@return string
 sub buildHiddenForm {
     my $self = shift;
-    my @keys = keys %{$self->{portalHiddenFormValues}};
+    my @keys = keys %{ $self->{portalHiddenFormValues} };
     my $val  = ''; 
-    foreach ( @keys )
-    {
-      $val .= '<input type="hidden" name="' . $_ . '" id="' . $_
-           .  '" value="' .  $self->{portalHiddenFormValues}->{$_} . '" />';
+    foreach (@keys) {
+        $val .=
+            '<input type="hidden" name="' 
+          . $_ 
+          . '" id="' 
+          . $_
+          . '" value="'
+          . $self->{portalHiddenFormValues}->{$_} . '" />';
     }
     return $val;
 }
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
index 8a7c228d4..ce3394b8a 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
@@ -919,11 +919,9 @@ sub storeRelayState {
     my %h;
 
     # Create relaystate session
-    eval {
-        tie %h, $self->{globalStorage}, undef, $self->{globalStorageOptions};
-    };
+    eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
     if ($@) {
-        $self->lmLog( "Unable to create relaystate session", 'error' );
+        $self->lmLog( "Unable to create relaystate session: $@", 'error' );
         return;
     }
 
@@ -961,11 +959,10 @@ sub extractRelayState {
 
     # Open relaystate session
     eval {
-        tie %h, $self->{globalStorage}, $relaystate,
-          $self->{globalStorageOptions};
+        tie %h, $self->{samlStorage}, $relaystate, $self->{samlStorageOptions};
     };
     if ($@) {
-        $self->lmLog( "Unable to open relaystate session", 'error' );
+        $self->lmLog( "Unable to open relaystate session: $@", 'error' );
         return 0;
     }
 
@@ -1265,11 +1262,10 @@ sub storeReplayProtection {
     my ( $self, $samlID ) = splice @_;
     my %h;
 
-    eval {
-        tie %h, $self->{globalStorage}, undef, $self->{globalStorageOptions};
-    };
+    eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
     if ( $@ or !$samlID ) {
-        $self->lmLog( "Unable to create replay protection session", 'error' );
+        $self->lmLog( "Unable to create replay protection session: $@",
+            'error' );
         return 0;
     }
 
@@ -1302,8 +1298,8 @@ sub replayProtection {
     }
 
     my $sessions =
-      $self->{globalStorage}
-      ->searchOn( $self->{globalStorageOptions}, "ID", $samlID );
+      $self->{samlStorage}
+      ->searchOn( $self->{samlStorageOptions}, "ID", $samlID );
 
     if ( my @keys = keys %$sessions ) {
 
@@ -1313,8 +1309,7 @@ sub replayProtection {
 
             # Delete it
             eval {
-                tie %h, $self->{globalStorage}, $_,
-                  $self->{globalStorageOptions};
+                tie %h, $self->{samlStorage}, $_, $self->{samlStorageOptions};
             };
             if ($@) {
                 $self->lmLog(
@@ -1394,11 +1389,9 @@ sub storeArtifact {
     my ( $self, $id, $message ) = splice @_;
     my %h;
 
-    eval {
-        tie %h, $self->{globalStorage}, undef, $self->{globalStorageOptions};
-    };
+    eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
     if ( $@ or !$id or !$message ) {
-        $self->lmLog( "Unable to create artifact session", 'error' );
+        $self->lmLog( "Unable to create artifact session: $@", 'error' );
         return 0;
     }
 
@@ -1431,8 +1424,7 @@ sub loadArtifact {
     }
 
     my $sessions =
-      $self->{globalStorage}
-      ->searchOn( $self->{globalStorageOptions}, "ID", $id );
+      $self->{samlStorage}->searchOn( $self->{samlStorageOptions}, "ID", $id );
 
     if ( my @keys = keys %$sessions ) {
 
@@ -1448,12 +1440,12 @@ sub loadArtifact {
 
         # Open session
         eval {
-            tie %h, $self->{globalStorage}, $session_id,
-              $self->{globalStorageOptions};
+            tie %h, $self->{samlStorage}, $session_id,
+              $self->{samlStorageOptions};
         };
         if ($@) {
             $self->lmLog(
-                "Unable to recover artifact session $session (ID $id)",
+                "Unable to recover artifact session $session (ID $id): $@",
                 'error' );
             return;
         }