CAS: Manage renew flag in VALIDATE and SERVICE VALIDATE URL (#101)
This commit is contained in:
parent
d3aefd81b8
commit
9a4df749fe
@ -36,7 +36,9 @@ else {
|
||||
# First time access
|
||||
unless ($ticket) {
|
||||
print $cgi->h1("Click below to use CAS");
|
||||
print $cgi->h2("<a href=\"$login_url\">CAS LOGIN</a>");
|
||||
print $cgi->h2("<a href=\"$login_url\">Simple login</a>");
|
||||
print $cgi->h2("<a href=\"$login_url&renew=true\">Renew login</a>");
|
||||
print $cgi->h2("<a href=\"$login_url&gateway=true\">Gateway login</a>");
|
||||
}
|
||||
|
||||
# Ticket receveived
|
||||
@ -81,6 +83,8 @@ else {
|
||||
print $cgi->h2("Error: Unable to get proxy granting ticket");
|
||||
}
|
||||
|
||||
print $cgi->h2("<a href=\"".$cgi->url."\">Home</a>");
|
||||
|
||||
}
|
||||
|
||||
print $cgi->end_html();
|
||||
|
@ -153,8 +153,16 @@ sub issuerForUnAuthUser {
|
||||
if ( $renew eq 'true' ) {
|
||||
|
||||
# We should check the ST was delivered with primary credentials
|
||||
# TODO
|
||||
$self->lmLog( "Renew parameter not managed", 'warn' );
|
||||
$self->lmLog( "Renew flag detected ", 'debug' );
|
||||
|
||||
unless ( $casServiceSession->{renew} ) {
|
||||
$self->lmLog(
|
||||
"Authentication renew requested, but not done in former authentication process",
|
||||
'error'
|
||||
);
|
||||
untie %$casServiceSession;
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
}
|
||||
|
||||
# Open local session
|
||||
@ -268,8 +276,17 @@ sub issuerForUnAuthUser {
|
||||
if ( $renew eq 'true' ) {
|
||||
|
||||
# We should check the ST was delivered with primary credentials
|
||||
# TODO
|
||||
$self->lmLog( "Renew parameter not managed", 'warn' );
|
||||
$self->lmLog( "Renew flag detected ", 'debug' );
|
||||
|
||||
unless ( $casServiceSession->{renew} ) {
|
||||
$self->lmLog(
|
||||
"Authentication renew requested, but not done in former authentication process",
|
||||
'error'
|
||||
);
|
||||
untie %$casServiceSession;
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# Proxies (for PROXY VALIDATE only)
|
||||
@ -529,6 +546,17 @@ sub issuerForAuthUser {
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
# Check last authentication time to decide if
|
||||
# the authentication is recent or not
|
||||
my $casRenewFlag = 0;
|
||||
my $last_authn_utime = $self->{sessionInfo}->{_lastAuthnUTime} || 0;
|
||||
if ( time() - $last_authn_utime < $self->{portalForceAuthnInterval} ) {
|
||||
$self->lmLog(
|
||||
"Authentication is recent, will set CAS renew flag to true",
|
||||
'debug' );
|
||||
$casRenewFlag = 1;
|
||||
}
|
||||
|
||||
# Create a service ticket
|
||||
$self->lmLog( "Create a CAS service ticket for service $service",
|
||||
'debug' );
|
||||
@ -542,6 +570,7 @@ sub issuerForAuthUser {
|
||||
|
||||
$casServiceSession->{type} = 'casService';
|
||||
$casServiceSession->{service} = $service;
|
||||
$casServiceSession->{renew} = $casRenewFlag;
|
||||
$casServiceSession->{_cas_id} = $session_id;
|
||||
$casServiceSession->{_utime} = $time;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user