SAML: manage HTTP method choice for SSO
This commit is contained in:
parent
8564389fa7
commit
ae4ff763df
|
@ -842,23 +842,43 @@ sub extractFormInfo {
|
|||
|
||||
# 3. Build authentication request
|
||||
|
||||
# Force HTTP-REDIRECT method
|
||||
# TODO choose method depending on IDP
|
||||
$method = Lasso::Constants::HTTP_METHOD_REDIRECT;
|
||||
|
||||
# IDP entityID
|
||||
$self->{_idp} = $idp;
|
||||
my $IDPentityID = $self->{_idpList}->{$idp}->{entityID};
|
||||
|
||||
# IDP Options
|
||||
# IDP ForceAuthn
|
||||
my $forceAuthn =
|
||||
$self->{samlIDPMetaDataOptions}->{$idp}
|
||||
->{samlIDPMetaDataOptionsForceAuthn};
|
||||
|
||||
# IDP NameIDFormat
|
||||
my $nameIDFormat =
|
||||
$self->{samlIDPMetaDataOptions}->{$idp}
|
||||
->{samlIDPMetaDataOptionsNameIDFormat};
|
||||
$nameIDFormat = $self->getNameIDFormat($nameIDFormat) if $nameIDFormat;
|
||||
|
||||
# IDP HTTP method
|
||||
$method =
|
||||
$self->{samlIDPMetaDataOptions}->{$idp}
|
||||
->{samlIDPMetaDataOptionsSSOBinding};
|
||||
$method = $self->getHttpMethod($method) if $method;
|
||||
|
||||
# If no method defined, get first HTTP method
|
||||
unless ( defined $method ) {
|
||||
my $protocolType = Lasso::Constants::MD_PROTOCOL_TYPE_SINGLE_SIGN_ON;
|
||||
$method =
|
||||
$self->getFirstHttpMethod( $server, $IDPentityID, $protocolType );
|
||||
}
|
||||
|
||||
# Failback to HTTP-REDIRECT
|
||||
unless ( defined $method and $method != -1 ) {
|
||||
$self->lmLog( "No method found with IDP $idp for SSO profile",
|
||||
'debug' );
|
||||
$method = $self->getHttpMethod("redirect");
|
||||
}
|
||||
|
||||
$self->lmLog( "Use method $method with IDP $idp for SSO profile", 'debug' );
|
||||
|
||||
# Create SSO request
|
||||
$login =
|
||||
$self->createAuthnRequest( $server, $IDPentityID, $method, $forceAuthn,
|
||||
|
|
|
@ -1082,6 +1082,63 @@ sub getNameIDFormat {
|
|||
return;
|
||||
}
|
||||
|
||||
## @method int getHttpMethod(string method)
|
||||
# Convert configuration string into Lasso HTTP Method integer
|
||||
# @param method configuration string
|
||||
# @return Lasso HTTP Method integer
|
||||
sub getHttpMethod {
|
||||
my ( $self, $method ) = splice @_;
|
||||
|
||||
return Lasso::Constants::HTTP_METHOD_GET
|
||||
if ( $method =~ /^(http)?[-_]?get$/i );
|
||||
return Lasso::Constants::HTTP_METHOD_POST
|
||||
if ( $method =~ /^(http)?[-_]?post$/i );
|
||||
return Lasso::Constants::HTTP_METHOD_REDIRECT
|
||||
if ( $method =~ /^(http)?[-_]?redirect$/i );
|
||||
return Lasso::Constants::HTTP_METHOD_SOAP
|
||||
if ( $method =~ /^(http)?[-_]?soap$/i );
|
||||
return Lasso::Constants::HTTP_METHOD_ARTIFACT_GET
|
||||
if ( $method =~ /^(artifact)[-_]get$/i );
|
||||
return Lasso::Constants::HTTP_METHOD_ARTIFACT_POST
|
||||
if ( $method =~ /^(artifact)[-_]post$/i );
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
## @method int getFirstHttpMethod(Lasso::Server server, string entityID, int protcolType)
|
||||
# Find a suitable HTTP method for an entity with a given protocol
|
||||
# @param server Lasso::Server object
|
||||
# @param entityID entity ID
|
||||
# @param protocolType Lasso protocol type
|
||||
# @return Lasso HTTP Method
|
||||
sub getFirstHttpMethod {
|
||||
my ( $self, $server, $entityID, $protocolType ) = splice @_;
|
||||
my $entity_provider;
|
||||
my $method;
|
||||
|
||||
# Get Lasso::Provider object
|
||||
eval {
|
||||
$entity_provider = Lasso::Server::get_provider( $server, $entityID );
|
||||
};
|
||||
if ($@) {
|
||||
$self->checkLassoError($@);
|
||||
return;
|
||||
}
|
||||
|
||||
# Find HTTP method
|
||||
eval {
|
||||
$method =
|
||||
Lasso::Provider::get_first_http_method( $server, $entity_provider,
|
||||
$protocolType );
|
||||
};
|
||||
if ($@) {
|
||||
$self->checkLassoError($@);
|
||||
return;
|
||||
}
|
||||
|
||||
return $method;
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
__END__
|
||||
|
@ -1256,6 +1313,14 @@ Process an attribute response
|
|||
|
||||
Convert configuration string into SAML2 NameIDFormat string
|
||||
|
||||
=head2 getHttpMethod
|
||||
|
||||
Convert configuration string into Lasso HTTP Method integer
|
||||
|
||||
=head2 getFirstHttpMethod
|
||||
|
||||
Find a suitable HTTP method for an entity with a given protocol
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
|
||||
|
|
Loading…
Reference in New Issue
Block a user