SAML: use getSamlSession whenever it's possible
This commit is contained in:
parent
758c133f81
commit
b2381101d7
@ -1332,21 +1332,19 @@ sub authFinish {
|
|||||||
);
|
);
|
||||||
|
|
||||||
# Save SAML session
|
# Save SAML session
|
||||||
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
|
my $samlSessionInfo = $self->getSamlSession();
|
||||||
if ($@) {
|
|
||||||
$self->lmLog( "Unable to create SAML session: $@", 'error' );
|
|
||||||
return PE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
$h{type} = 'saml'; # Session type
|
return PE_ERROR unless $samlSessionInfo;
|
||||||
$h{_utime} = $utime; # Creation time
|
|
||||||
$h{_id} = $id; # SSO session id
|
|
||||||
$h{_nameID} = $nameid->dump; # SAML NameID
|
|
||||||
$h{_sessionIndex} = $session_index; # SAML SessionIndex
|
|
||||||
|
|
||||||
my $session_id = $h{_session_id};
|
$samlSessionInfo->{type} = 'saml'; # Session type
|
||||||
|
$samlSessionInfo->{_utime} = $utime; # Creation time
|
||||||
|
$samlSessionInfo->{_id} = $id; # SSO session id
|
||||||
|
$samlSessionInfo->{_nameID} = $nameid->dump; # SAML NameID
|
||||||
|
$samlSessionInfo->{_sessionIndex} = $session_index; # SAML SessionIndex
|
||||||
|
|
||||||
untie %h;
|
my $session_id = $samlSessionInfo->{_session_id};
|
||||||
|
|
||||||
|
untie %$samlSessionInfo;
|
||||||
|
|
||||||
$self->lmLog( "Link session $id to SAML session $session_id", 'debug' );
|
$self->lmLog( "Link session $id to SAML session $session_id", 'debug' );
|
||||||
|
|
||||||
|
@ -1582,25 +1582,19 @@ sub issuerForAuthUser {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Keep SAML elements for later queries
|
# Keep SAML elements for later queries
|
||||||
my %h;
|
|
||||||
my $nameid = $login->nameIdentifier;
|
my $nameid = $login->nameIdentifier;
|
||||||
eval {
|
my $samlSessionInfo = $self->getSamlSession();
|
||||||
tie %h, $self->{samlStorage}, undef,
|
|
||||||
$self->{samlStorageOptions};
|
|
||||||
};
|
|
||||||
if ($@) {
|
|
||||||
$self->lmLog( "Unable to create SAML session: $@", 'error' );
|
|
||||||
return PE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
$h{type} = 'saml'; # Session type
|
return PE_ERROR unless $samlSessionInfo;
|
||||||
$h{_utime} = $time; # Creation time
|
|
||||||
$h{_id} = $session_id; # SSO session id
|
|
||||||
$h{_nameID} = $nameid->dump; # SAML NameID
|
|
||||||
|
|
||||||
my $saml_session_id = $h{_session_id};
|
$samlSessionInfo->{type} = 'saml'; # Session type
|
||||||
|
$samlSessionInfo->{_utime} = $time; # Creation time
|
||||||
|
$samlSessionInfo->{_id} = $session_id; # SSO session id
|
||||||
|
$samlSessionInfo->{_nameID} = $nameid->dump; # SAML NameID
|
||||||
|
|
||||||
untie %h;
|
my $saml_session_id = $samlSessionInfo->{_session_id};
|
||||||
|
|
||||||
|
untie %$samlSessionInfo;
|
||||||
|
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Link session $session_id to SAML session $saml_session_id",
|
"Link session $session_id to SAML session $saml_session_id",
|
||||||
|
@ -1112,31 +1112,28 @@ sub acceptSSO {
|
|||||||
# @param infos HASH reference of information
|
# @param infos HASH reference of information
|
||||||
sub storeRelayState {
|
sub storeRelayState {
|
||||||
my ( $self, $infos ) = splice @_;
|
my ( $self, $infos ) = splice @_;
|
||||||
my %h;
|
|
||||||
|
|
||||||
# Create relaystate session
|
# Create relaystate session
|
||||||
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
|
my $samlSessionInfo = $self->getSamlSession();
|
||||||
if ($@) {
|
|
||||||
$self->lmLog( "Unable to create relaystate session: $@", 'error' );
|
return unless $samlSessionInfo;
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Session type
|
# Session type
|
||||||
$h{_type} = "relaystate";
|
$samlSessionInfo->{_type} = "relaystate";
|
||||||
|
|
||||||
# UNIX time
|
# UNIX time
|
||||||
$h{_utime} = time();
|
$samlSessionInfo->{_utime} = time();
|
||||||
|
|
||||||
# Store infos in relaystate session
|
# Store infos in relaystate session
|
||||||
foreach ( keys %$infos ) {
|
foreach ( keys %$infos ) {
|
||||||
$h{$_} = $infos->{$_};
|
$samlSessionInfo->{$_} = $infos->{$_};
|
||||||
}
|
}
|
||||||
|
|
||||||
# Session ID
|
# Session ID
|
||||||
my $relaystate_id = $h{_session_id};
|
my $relaystate_id = $samlSessionInfo->{_session_id};
|
||||||
|
|
||||||
# Close session
|
# Close session
|
||||||
untie %h;
|
untie %$samlSessionInfo;
|
||||||
|
|
||||||
# Return session ID
|
# Return session ID
|
||||||
return $relaystate_id;
|
return $relaystate_id;
|
||||||
@ -1149,25 +1146,22 @@ sub storeRelayState {
|
|||||||
# @return result
|
# @return result
|
||||||
sub extractRelayState {
|
sub extractRelayState {
|
||||||
my ( $self, $relaystate ) = splice @_;
|
my ( $self, $relaystate ) = splice @_;
|
||||||
my %h;
|
|
||||||
|
|
||||||
return 0 unless $relaystate;
|
return 0 unless $relaystate;
|
||||||
|
|
||||||
# Open relaystate session
|
# Open relaystate session
|
||||||
eval {
|
my $samlSessionInfo = $self->getSamlSession($relaystate);
|
||||||
tie %h, $self->{samlStorage}, $relaystate, $self->{samlStorageOptions};
|
|
||||||
};
|
return 0 unless $samlSessionInfo;
|
||||||
if ($@) {
|
|
||||||
$self->lmLog( "Unable to open relaystate session: $@", 'error' );
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Push values in $self
|
# Push values in $self
|
||||||
foreach ( keys %h ) {
|
foreach ( keys %$samlSessionInfo ) {
|
||||||
next if $_ =~ /(type|_session_id|_utime)/;
|
next if $_ =~ /(type|_session_id|_utime)/;
|
||||||
$self->{$_} = $h{$_};
|
$self->{$_} = $samlSessionInfo->{$_};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
untie %$samlSessionInfo;
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1483,26 +1477,22 @@ sub buildLogoutResponseMsg {
|
|||||||
# @return result
|
# @return result
|
||||||
sub storeReplayProtection {
|
sub storeReplayProtection {
|
||||||
my ( $self, $samlID, $samlData ) = splice @_;
|
my ( $self, $samlID, $samlData ) = splice @_;
|
||||||
my %h;
|
|
||||||
|
|
||||||
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
|
my $samlSessionInfo = $self->getSamlSession();
|
||||||
if ( $@ or !$samlID ) {
|
|
||||||
$self->lmLog( "Unable to create replay protection session: $@",
|
|
||||||
'error' );
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
$h{type} = 'assertion'; # Session type
|
return 0 unless $samlSessionInfo;
|
||||||
$h{_utime} = time(); # Creation time
|
|
||||||
$h{ID} = $samlID;
|
$samlSessionInfo->{type} = 'assertion'; # Session type
|
||||||
|
$samlSessionInfo->{_utime} = time(); # Creation time
|
||||||
|
$samlSessionInfo->{ID} = $samlID;
|
||||||
|
|
||||||
if ( defined $samlData && $samlData ) {
|
if ( defined $samlData && $samlData ) {
|
||||||
$h{data} = $samlData;
|
$samlSessionInfo->{data} = $samlData;
|
||||||
}
|
}
|
||||||
|
|
||||||
my $session_id = $h{_session_id};
|
my $session_id = $samlSessionInfo->{_session_id};
|
||||||
|
|
||||||
untie %h;
|
untie %$samlSessionInfo;
|
||||||
|
|
||||||
$self->lmLog( "Keep request ID $samlID in assertion session $session_id",
|
$self->lmLog( "Keep request ID $samlID in assertion session $session_id",
|
||||||
'debug' );
|
'debug' );
|
||||||
@ -1516,7 +1506,6 @@ sub storeReplayProtection {
|
|||||||
# @return result
|
# @return result
|
||||||
sub replayProtection {
|
sub replayProtection {
|
||||||
my ( $self, $samlID ) = splice @_;
|
my ( $self, $samlID ) = splice @_;
|
||||||
my %h;
|
|
||||||
|
|
||||||
unless ($samlID) {
|
unless ($samlID) {
|
||||||
$self->lmLog( "Cannot verify replay because no SAML ID given",
|
$self->lmLog( "Cannot verify replay because no SAML ID given",
|
||||||
@ -1536,20 +1525,14 @@ sub replayProtection {
|
|||||||
my $result = 1;
|
my $result = 1;
|
||||||
|
|
||||||
# Delete it
|
# Delete it
|
||||||
eval {
|
my $samlSessionInfo = $self->getSamlSession($_);
|
||||||
tie %h, $self->{samlStorage}, $_, $self->{samlStorageOptions};
|
|
||||||
};
|
return 0 unless $samlSessionInfo;
|
||||||
if ($@) {
|
|
||||||
$self->lmLog(
|
if ( defined $samlSessionInfo->{data} ) {
|
||||||
"Unable to recover assertion session $session (Message ID $samlID)",
|
$result = $samlSessionInfo->{data};
|
||||||
'error'
|
|
||||||
);
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
if ( defined $h{data} ) {
|
eval { tied(%$samlSessionInfo)->delete(); };
|
||||||
$result = $h{data};
|
|
||||||
}
|
|
||||||
eval { tied(%h)->delete(); };
|
|
||||||
if ($@) {
|
if ($@) {
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Unable to delete assertion session $session (Message ID $samlID)",
|
"Unable to delete assertion session $session (Message ID $samlID)",
|
||||||
@ -1624,23 +1607,20 @@ sub resolveArtifact {
|
|||||||
# @return result
|
# @return result
|
||||||
sub storeArtifact {
|
sub storeArtifact {
|
||||||
my ( $self, $id, $message, $session_id ) = splice @_;
|
my ( $self, $id, $message, $session_id ) = splice @_;
|
||||||
my %h;
|
|
||||||
|
|
||||||
eval { tie %h, $self->{samlStorage}, undef, $self->{samlStorageOptions}; };
|
my $samlSessionInfo = $self->getSamlSession();
|
||||||
if ( $@ or !$id or !$message ) {
|
|
||||||
$self->lmLog( "Unable to create artifact session: $@", 'error' );
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
$h{type} = 'artifact'; # Session type
|
return 0 unless $samlSessionInfo;
|
||||||
$h{_utime} = time(); # Creation time
|
|
||||||
$h{ID} = $id;
|
|
||||||
$h{message} = $message;
|
|
||||||
$h{session_id} = $session_id;
|
|
||||||
|
|
||||||
my $art_session_id = $h{_session_id};
|
$samlSessionInfo->{type} = 'artifact'; # Session type
|
||||||
|
$samlSessionInfo->{_utime} = time(); # Creation time
|
||||||
|
$samlSessionInfo->{ID} = $id;
|
||||||
|
$samlSessionInfo->{message} = $message;
|
||||||
|
$samlSessionInfo->{session_id} = $session_id;
|
||||||
|
|
||||||
untie %h;
|
my $art_session_id = $samlSessionInfo->{_session_id};
|
||||||
|
|
||||||
|
untie %$samlSessionInfo;
|
||||||
|
|
||||||
$self->lmLog( "Keep artifact $id in session $art_session_id", 'debug' );
|
$self->lmLog( "Keep artifact $id in session $art_session_id", 'debug' );
|
||||||
|
|
||||||
@ -1654,7 +1634,6 @@ sub storeArtifact {
|
|||||||
sub loadArtifact {
|
sub loadArtifact {
|
||||||
my ( $self, $id ) = splice @_;
|
my ( $self, $id ) = splice @_;
|
||||||
my $art_session;
|
my $art_session;
|
||||||
my %h;
|
|
||||||
|
|
||||||
unless ($id) {
|
unless ($id) {
|
||||||
$self->lmLog( "Cannot load artifact because no id given", 'error' );
|
$self->lmLog( "Cannot load artifact because no id given", 'error' );
|
||||||
@ -1677,24 +1656,17 @@ sub loadArtifact {
|
|||||||
my $session = $session_id;
|
my $session = $session_id;
|
||||||
|
|
||||||
# Open session
|
# Open session
|
||||||
eval {
|
my $samlSessionInfo = $self->getSamlSession($session_id);
|
||||||
tie %h, $self->{samlStorage}, $session_id,
|
|
||||||
$self->{samlStorageOptions};
|
return unless $samlSessionInfo;
|
||||||
};
|
|
||||||
if ($@) {
|
|
||||||
$self->lmLog(
|
|
||||||
"Unable to recover artifact session $session (ID $id): $@",
|
|
||||||
'error' );
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get session contents
|
# Get session contents
|
||||||
foreach ( keys %h ) {
|
foreach ( keys %$samlSessionInfo ) {
|
||||||
$art_session->{$_} = $h{$_};
|
$art_session->{$_} = $samlSessionInfo->{$_};
|
||||||
}
|
}
|
||||||
|
|
||||||
# Delete session
|
# Delete session
|
||||||
eval { tied(%h)->delete(); };
|
eval { tied(%$samlSessionInfo)->delete(); };
|
||||||
if ($@) {
|
if ($@) {
|
||||||
$self->lmLog( "Unable to delete artifact session $session (ID $id)",
|
$self->lmLog( "Unable to delete artifact session $session (ID $id)",
|
||||||
'error' );
|
'error' );
|
||||||
|
Loading…
Reference in New Issue
Block a user