Generate CAS Service Ticket (#101)
This commit is contained in:
parent
c6c8024326
commit
a6acf86f4e
@ -7,6 +7,8 @@ package Lemonldap::NG::Portal::IssuerDBCAS;
|
|||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
use Lemonldap::NG::Portal::Simple;
|
use Lemonldap::NG::Portal::Simple;
|
||||||
|
use Lemonldap::NG::Portal::_CAS;
|
||||||
|
our @ISA = qw(Lemonldap::NG::Portal::_CAS);
|
||||||
|
|
||||||
our $VERSION = '0.01';
|
our $VERSION = '0.01';
|
||||||
|
|
||||||
@ -24,13 +26,46 @@ sub issuerDBInit {
|
|||||||
sub issuerForUnAuthUser {
|
sub issuerForUnAuthUser {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
|
my $portal = $self->{portal};
|
||||||
|
$portal =~ s/\/$//;
|
||||||
|
|
||||||
# CAS URLs
|
# CAS URLs
|
||||||
my $cas_login_url = $self->{portal} . '/cas/login';
|
my $cas_login_url = $portal . '/cas/login';
|
||||||
my $cas_logout_url = $self->{portal} . '/cas/logout';
|
my $cas_logout_url = $portal . '/cas/logout';
|
||||||
my $cas_validate_url = $self->{portal} . '/cas/validate';
|
my $cas_validate_url = $portal . '/cas/validate';
|
||||||
my $cas_serviceValidate_url = $self->{portal} . '/cas/serviceValidate';
|
my $cas_serviceValidate_url = $portal . '/cas/serviceValidate';
|
||||||
my $cas_proxyValidate_url = $self->{portal} . '/cas/proxyValidate';
|
my $cas_proxyValidate_url = $portal . '/cas/proxyValidate';
|
||||||
my $cas_proxy_url = $self->{portal} . '/cas/proxy';
|
my $cas_proxy_url = $portal . '/cas/proxy';
|
||||||
|
|
||||||
|
# Called URL
|
||||||
|
my $url = $self->url();
|
||||||
|
|
||||||
|
# 1. LOGIN
|
||||||
|
if ( $url =~ /\Q$cas_login_url\E/io ) {
|
||||||
|
|
||||||
|
$self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' );
|
||||||
|
|
||||||
|
# GET parameters
|
||||||
|
my $service = $self->getHiddenFormValue('service')
|
||||||
|
|| $self->param('service');
|
||||||
|
my $renew = $self->getHiddenFormValue('renew') || $self->param('renew');
|
||||||
|
my $gateway = $self->getHiddenFormValue('gateway')
|
||||||
|
|| $self->param('gateway');
|
||||||
|
|
||||||
|
# Keep values in hidden fields
|
||||||
|
$self->setHiddenFormValue( 'service', $service );
|
||||||
|
$self->setHiddenFormValue( 'renew', $renew );
|
||||||
|
$self->setHiddenFormValue( 'gateway', $gateway );
|
||||||
|
|
||||||
|
# Gateway
|
||||||
|
# Authentication must use non-interactive mean
|
||||||
|
# TODO
|
||||||
|
if ( $gateway eq 'true' ) {
|
||||||
|
$self->lmLog( "Gateway authentication not managed", 'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
@ -41,22 +76,92 @@ sub issuerForUnAuthUser {
|
|||||||
sub issuerForAuthUser {
|
sub issuerForAuthUser {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
|
my $portal = $self->{portal};
|
||||||
|
$portal =~ s/\/$//;
|
||||||
|
|
||||||
# CAS URLs
|
# CAS URLs
|
||||||
my $cas_login_url = $self->{portal} . '/cas/login';
|
my $cas_login_url = $portal . '/cas/login';
|
||||||
my $cas_logout_url = $self->{portal} . '/cas/logout';
|
my $cas_logout_url = $portal . '/cas/logout';
|
||||||
my $cas_validate_url = $self->{portal} . '/cas/validate';
|
my $cas_validate_url = $portal . '/cas/validate';
|
||||||
my $cas_serviceValidate_url = $self->{portal} . '/cas/serviceValidate';
|
my $cas_serviceValidate_url = $portal . '/cas/serviceValidate';
|
||||||
my $cas_proxyValidate_url = $self->{portal} . '/cas/proxyValidate';
|
my $cas_proxyValidate_url = $portal . '/cas/proxyValidate';
|
||||||
my $cas_proxy_url = $self->{portal} . '/cas/proxy';
|
my $cas_proxy_url = $portal . '/cas/proxy';
|
||||||
|
|
||||||
|
# Called URL
|
||||||
|
my $url = $self->url();
|
||||||
|
|
||||||
|
# Session ID
|
||||||
|
my $session_id = $self->{sessionInfo}->{_session_id} || $self->{id};
|
||||||
|
|
||||||
|
# 1. LOGIN
|
||||||
|
if ( $url =~ /\Q$cas_login_url\E/io ) {
|
||||||
|
|
||||||
|
$self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' );
|
||||||
|
|
||||||
|
# GET parameters
|
||||||
|
my $service = $self->getHiddenFormValue('service')
|
||||||
|
|| $self->param('service');
|
||||||
|
my $renew = $self->getHiddenFormValue('renew') || $self->param('renew');
|
||||||
|
my $gateway = $self->getHiddenFormValue('gateway')
|
||||||
|
|| $self->param('gateway');
|
||||||
|
|
||||||
|
# Renew
|
||||||
|
# Authentication must be replayed
|
||||||
|
# TODO
|
||||||
|
if ( $renew eq 'true' ) {
|
||||||
|
$self->lmLog( "Authentication renewal not managed", 'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
# If no service defined, exit
|
||||||
|
unless ( defined $service ) {
|
||||||
|
$self->lmLog( "No service defined in CAS URL", 'debug' );
|
||||||
|
return PE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create a service ticket
|
||||||
|
$self->lmLog( "Create a CAS service ticket for service $service",
|
||||||
|
'debug' );
|
||||||
|
|
||||||
|
my $casServiceSession = $self->getCasSession();
|
||||||
|
|
||||||
|
return PE_ERROR unless $casServiceSession;
|
||||||
|
|
||||||
|
$casServiceSession->{type} = 'casService';
|
||||||
|
$casServiceSession->{service} = $service;
|
||||||
|
$casServiceSession->{id} = $session_id;
|
||||||
|
|
||||||
|
my $casServiceSessionID = $casServiceSession->{_session_id};
|
||||||
|
my $casServiceTicket = "ST-" . $casServiceSessionID;
|
||||||
|
|
||||||
|
untie %$casServiceSession;
|
||||||
|
|
||||||
|
$self->lmLog( "CAS service session $casServiceSessionID created",
|
||||||
|
'debug' );
|
||||||
|
|
||||||
|
# Redirect to service
|
||||||
|
my $service_url = (
|
||||||
|
$service =~ /\?/
|
||||||
|
? $service .= '&ticket=' . $casServiceTicket
|
||||||
|
: $service .= '?ticket=' . $casServiceTicket
|
||||||
|
);
|
||||||
|
|
||||||
|
$self->{urldc} = $service_url;
|
||||||
|
|
||||||
|
return $self->_subProcess(qw(autoRedirect));
|
||||||
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
## @apmethod int issuerLogout()
|
## @apmethod int issuerLogout()
|
||||||
# Do nothing
|
# Destroy linked CAS sessions
|
||||||
# @return Lemonldap::NG::Portal error code
|
# @return Lemonldap::NG::Portal error code
|
||||||
sub issuerLogout {
|
sub issuerLogout {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
|
# TODO
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -465,6 +465,10 @@ sub setDefaultValues {
|
|||||||
$self->{samlStorageOptions} ||= $self->{globalStorageOptions};
|
$self->{samlStorageOptions} ||= $self->{globalStorageOptions};
|
||||||
$self->{samlMetadataForceUTF8} = 1
|
$self->{samlMetadataForceUTF8} = 1
|
||||||
unless ( defined( $self->{samlMetadataForceUTF8} ) );
|
unless ( defined( $self->{samlMetadataForceUTF8} ) );
|
||||||
|
|
||||||
|
# CAS
|
||||||
|
$self->{casStorage} ||= $self->{globalStorage};
|
||||||
|
$self->{casStorageOptions} ||= $self->{globalStorageOptions};
|
||||||
}
|
}
|
||||||
|
|
||||||
## @method protected void setHiddenFormValue(string fieldname, string value, string prefix, boolean base64)
|
## @method protected void setHiddenFormValue(string fieldname, string value, string prefix, boolean base64)
|
||||||
|
78
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm
Normal file
78
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
## @file
|
||||||
|
# Common CAS functions
|
||||||
|
|
||||||
|
## @class
|
||||||
|
# Common CAS functions
|
||||||
|
package Lemonldap::NG::Portal::_CAS;
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
|
||||||
|
our $VERSION = '0.01';
|
||||||
|
|
||||||
|
## @method hashref getCasSession(string id)
|
||||||
|
# Try to recover the CAS session corresponding to id and return session datas
|
||||||
|
# If id is set to undef, return a new session
|
||||||
|
# @param id session reference
|
||||||
|
# @return session datas
|
||||||
|
sub getCasSession {
|
||||||
|
my ( $self, $id ) = splice @_;
|
||||||
|
my %h;
|
||||||
|
|
||||||
|
# Trying to recover session from CAS session storage
|
||||||
|
eval { tie %h, $self->{casStorage}, $id, $self->{casStorageOptions}; };
|
||||||
|
if ( $@ or not tied(%h) ) {
|
||||||
|
|
||||||
|
# Session not available
|
||||||
|
if ($id) {
|
||||||
|
$self->lmLog( "CAS session $id isn't yet available", 'info' );
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog( "Unable to create new CAS session: $@", 'error' );
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
return \%h;
|
||||||
|
}
|
||||||
|
|
||||||
|
__END__
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
=encoding utf8
|
||||||
|
|
||||||
|
Lemonldap::NG::Portal::_CAS - Common CAS functions
|
||||||
|
|
||||||
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
|
use Lemonldap::NG::Portal::_CAS;
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
This module contains common methods for CAS
|
||||||
|
|
||||||
|
=head1 METHODS
|
||||||
|
|
||||||
|
=head2 getCasSession
|
||||||
|
|
||||||
|
Try to recover the CAS session corresponding to id and return session datas
|
||||||
|
If id is set to undef, return a new session
|
||||||
|
|
||||||
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
L<Lemonldap::NG::Portal::IssuerDBCAS>,
|
||||||
|
|
||||||
|
=head1 AUTHOR
|
||||||
|
|
||||||
|
Clement Oudot, E<lt>coudot@linagora.comE<gt>
|
||||||
|
|
||||||
|
=head1 COPYRIGHT AND LICENSE
|
||||||
|
|
||||||
|
Copyright (C) 2010 by Clement Oudot
|
||||||
|
|
||||||
|
This library is free software; you can redistribute it and/or modify
|
||||||
|
it under the same terms as Perl itself, either Perl version 5.10.0 or,
|
||||||
|
at your option, any later version of Perl 5 you may have available.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
@ -0,0 +1,15 @@
|
|||||||
|
# Before `make install' is performed this script should be runnable with
|
||||||
|
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Portal-AuthSsl.t'
|
||||||
|
|
||||||
|
#########################
|
||||||
|
|
||||||
|
# change 'tests => 1' to 'tests => last_test_to_print';
|
||||||
|
|
||||||
|
use Test::More tests => 1;
|
||||||
|
BEGIN { use_ok('Lemonldap::NG::Portal::IssuerDBCAS') }
|
||||||
|
|
||||||
|
#########################
|
||||||
|
|
||||||
|
# Insert your test code below, the Test::More module is use()ed here so read
|
||||||
|
# its man page ( perldoc Test::More ) for help writing this test script.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user