Skip registration of SAML SP when config has errors (#2525)
This commit is contained in:
Maxime Besson
parent
71a8fc6d16
commit
91cfba275a
|
|
@ -386,6 +386,54 @@ sub loadSPs {
|
|||
$sp_metadata = encode( "utf8", $sp_metadata );
|
||||
}
|
||||
|
||||
# Get SP entityID
|
||||
my ( $tmp, $entityID ) = ( $sp_metadata =~ /entityID=(['"])(.+?)\1/si );
|
||||
|
||||
# Decode HTML entities from entityID
|
||||
# TODO: see Lasso comment below
|
||||
decode_entities($entityID);
|
||||
|
||||
my $valid = 1;
|
||||
my $rule = $self->conf->{samlSPMetaDataOptions}->{$_}
|
||||
->{samlSPMetaDataOptionsRule};
|
||||
|
||||
if ( length $rule ) {
|
||||
$rule = $self->p->HANDLER->substitute($rule);
|
||||
unless ( $rule = $self->p->HANDLER->buildSub($rule) ) {
|
||||
$self->logger->error( 'SAML SP rule error: '
|
||||
. $self->p->HANDLER->tsv->{jail}->error );
|
||||
$valid = 0;
|
||||
}
|
||||
}
|
||||
|
||||
# Load per-SP macros
|
||||
my $macros = $self->conf->{samlSPMetaDataMacros}->{$_};
|
||||
my $compiledMacros = {};
|
||||
for my $macroAttr ( keys %{$macros} ) {
|
||||
my $macroRule = $macros->{$macroAttr};
|
||||
if ( length $macroRule ) {
|
||||
$macroRule = $self->p->HANDLER->substitute($macroRule);
|
||||
if ( $macroRule = $self->p->HANDLER->buildSub($macroRule) ) {
|
||||
$compiledMacros->{$macroAttr} = $macroRule;
|
||||
}
|
||||
else {
|
||||
$valid = 0;
|
||||
$self->logger->error(
|
||||
"Error processing macro $macroAttr for SAML SP $_"
|
||||
. $self->p->HANDLER->tsv->{jail}->error );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($valid) {
|
||||
$self->spRules->{$_} = $rule;
|
||||
$self->spMacros->{$entityID} = $compiledMacros;
|
||||
}
|
||||
else {
|
||||
$self->logger->error("SAML SP $_ has errors and will be ignored");
|
||||
next;
|
||||
}
|
||||
|
||||
# Add this SP to Lasso::Server
|
||||
# TODO: when Lasso issue #35061 is fixed in all distros,
|
||||
# we could load the metadata into a new LassoProvider, extract the
|
||||
|
|
@ -399,13 +447,7 @@ sub loadSPs {
|
|||
next;
|
||||
}
|
||||
|
||||
# Store SP entityID and Organization Name
|
||||
my ( $tmp, $entityID ) = ( $sp_metadata =~ /entityID=(['"])(.+?)\1/si );
|
||||
|
||||
# Decode HTML entities from entityID
|
||||
# TODO: see Lasso comment above
|
||||
decode_entities($entityID);
|
||||
|
||||
# Store Org name
|
||||
my $name = $self->getOrganizationName( $self->lassoServer, $entityID )
|
||||
|| ucfirst($_);
|
||||
$self->spList->{$entityID}->{confKey} = $_;
|
||||
|
|
@ -452,34 +494,6 @@ sub loadSPs {
|
|||
"Set signature method $signature_method on SP $_");
|
||||
}
|
||||
|
||||
my $rule = $self->conf->{samlSPMetaDataOptions}->{$_}
|
||||
->{samlSPMetaDataOptionsRule};
|
||||
if ( length $rule ) {
|
||||
$rule = $self->p->HANDLER->substitute($rule);
|
||||
unless ( $rule = $self->p->HANDLER->buildSub($rule) ) {
|
||||
$self->logger->error( 'SAML SP rule error: '
|
||||
. $self->p->HANDLER->tsv->{jail}->error );
|
||||
next;
|
||||
}
|
||||
$self->spRules->{$_} = $rule;
|
||||
}
|
||||
|
||||
# Load per-SP macros
|
||||
my $macros = $self->conf->{samlSPMetaDataMacros}->{$_};
|
||||
for my $macroAttr ( keys %{$macros} ) {
|
||||
my $macroRule = $macros->{$macroAttr};
|
||||
if ( length $macroRule ) {
|
||||
$macroRule = $self->p->HANDLER->substitute($macroRule);
|
||||
unless ( $macroRule = $self->p->HANDLER->buildSub($macroRule) )
|
||||
{
|
||||
$self->error( 'SAML SP macro error: '
|
||||
. $self->p->HANDLER->tsv->{jail}->error );
|
||||
return 0;
|
||||
}
|
||||
$self->spMacros->{$entityID}->{$macroAttr} = $macroRule;
|
||||
}
|
||||
}
|
||||
|
||||
$self->logger->debug("SP $_ added");
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user