From 8cfab558c784702f66dd3ba7052e4e14549ddc06 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 26 Oct 2021 11:38:27 +0200 Subject: [PATCH] Improve detection of SAML Artifact response type (#2648) --- .../lib/Lemonldap/NG/Portal/Lib/SAML.pm | 27 +++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm index 004021c19..9cbd0d8d7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm @@ -550,7 +550,7 @@ sub checkMessage { $message = $self->resolveArtifact( $profile, $artifact, $method ); # Request or response ? - if ( $message =~ /samlp:response/i ) { + if ( $self->_isArtifactSamlResponse($message) ) { $response = $message; } else { @@ -598,7 +598,7 @@ sub checkMessage { $self->resolveArtifact( $profile, $artifact, $method ); # Request or response ? - if ( $message =~ /samlp:response/i ) { + if ( $self->_isArtifactSamlResponse($message) ) { $response = $message; } else { @@ -627,6 +627,29 @@ sub checkMessage { return ( $request, $response, $method, $relaystate, $artifact ? 1 : 0 ); } +sub _isArtifactSamlResponse { + my ( $self, $message ) = @_; + + my $type = eval { + my $resp = Lasso::Samlp2ArtifactResponse->new; + $resp->init_from_message($message); + $resp->any->get_name; + }; + + if ($@) { + $self->logger->warn("Could not detect type of Artifact response"); + return; + } + + $self->logger->debug("Artifact response type is $type"); + if ( $type eq "Response" ) { + return 1; + } + else { + return 0; + } +} + ## @method boolean checkLassoError(Lasso::Error error, string level) # Log Lasso error code and message if this is actually a Lasso::Error with code > 0 # @param error Lasso error object