Improve detection of SAML Artifact response type (#2648)

2021-10-26 11:38:27 +02:00 · 2021-10-26 11:38:27 +02:00 · 8cfab558c7
commit 8cfab558c7
parent 085c798ec6
1 changed files with 25 additions and 2 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@ -550,7 +550,7 @@ sub checkMessage {
            $message = $self->resolveArtifact( $profile, $artifact, $method );

            # Request or response ?
-            if ( $message =~ /samlp:response/i ) {
+            if ( $self->_isArtifactSamlResponse($message) ) {
                $response = $message;
            }
            else {
@ -598,7 +598,7 @@ sub checkMessage {
                  $self->resolveArtifact( $profile, $artifact, $method );

                # Request or response ?
-                if ( $message =~ /samlp:response/i ) {
+                if ( $self->_isArtifactSamlResponse($message) ) {
                    $response = $message;
                }
                else {
@ -627,6 +627,29 @@ sub checkMessage {
    return ( $request, $response, $method, $relaystate, $artifact ? 1 : 0 );
 }

+sub _isArtifactSamlResponse {
+    my ( $self, $message ) = @_;
+
+    my $type = eval {
+        my $resp = Lasso::Samlp2ArtifactResponse->new;
+        $resp->init_from_message($message);
+        $resp->any->get_name;
+    };
+
+    if ($@) {
+        $self->logger->warn("Could not detect type of Artifact response");
+        return;
+    }
+
+    $self->logger->debug("Artifact response type is $type");
+    if ( $type eq "Response" ) {
+        return 1;
+    }
+    else {
+        return 0;
+    }
+}
+
 ## @method boolean checkLassoError(Lasso::Error error, string level)
 # Log Lasso error code and message if this is actually a Lasso::Error with code > 0
 # @param error Lasso error object