SAML: keep NameID in a SAML session to answer later attribute queries (#2)

2010-06-01 13:27:02 +00:00 · 2010-06-01 13:27:02 +00:00 · 8c14ba24bf
commit 8c14ba24bf
parent 00a952a372
1 changed files with 24 additions and 0 deletions
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
@ -864,6 +864,30 @@ sub issuerForAuthUser {
                    $session_id );
            }

+            # Keep SAML elements for later queries
+            my %h;
+            eval {
+                tie %h, $self->{samlStorage}, undef,
+                  $self->{samlStorageOptions};
+            };
+            if ($@) {
+                $self->lmLog( "Unable to create SAML session: $@", 'error' );
+                return PE_ERROR;
+            }
+
+            $h{type}    = 'saml';                    # Session type
+            $h{_utime}  = $time;                     # Creation time
+            $h{_id}     = $session_id;               # SSO session id
+            $h{_nameID} = $login->nameIdentifier;    # SAML NameID
+
+            my $saml_session_id = $h{_session_id};
+
+            untie %h;
+
+            $self->lmLog(
+                "Link session $session_id to SAML session $saml_session_id",
+                'debug' );
+
            # Send SSO Response

            # HTTP-REDIRECT