Add Auth/SSL (#595)
This commit is contained in:
parent
c7ad953184
commit
b2977eec95
|
@ -41,12 +41,12 @@ lib/Lemonldap/NG/Portal/Auth/Null.pm
|
|||
lib/Lemonldap/NG/Portal/Auth/Proxy.pm
|
||||
lib/Lemonldap/NG/Portal/Auth/Remote.pm
|
||||
lib/Lemonldap/NG/Portal/Auth/Slave.pm
|
||||
lib/Lemonldap/NG/Portal/Auth/SSL.pm
|
||||
lib/Lemonldap/NG/Portal/AuthCAS.pm
|
||||
lib/Lemonldap/NG/Portal/AuthGoogle.pm
|
||||
lib/Lemonldap/NG/Portal/AuthMulti.pm
|
||||
lib/Lemonldap/NG/Portal/AuthOpenID.pm
|
||||
lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm
|
||||
lib/Lemonldap/NG/Portal/AuthProxy.pm
|
||||
lib/Lemonldap/NG/Portal/AuthRadius.pm
|
||||
lib/Lemonldap/NG/Portal/AuthSAML.pm
|
||||
lib/Lemonldap/NG/Portal/AuthSSL.pm
|
||||
|
@ -84,13 +84,16 @@ lib/Lemonldap/NG/Portal/Menu.pm
|
|||
lib/Lemonldap/NG/Portal/OpenID/Server.pm
|
||||
lib/Lemonldap/NG/Portal/OpenID/SREG.pm
|
||||
lib/Lemonldap/NG/Portal/Password/Base.pm
|
||||
lib/Lemonldap/NG/Portal/Password/DBI.pm
|
||||
lib/Lemonldap/NG/Portal/Password/Demo.pm
|
||||
lib/Lemonldap/NG/Portal/Password/LDAP.pm
|
||||
lib/Lemonldap/NG/Portal/PasswordDBAD.pm
|
||||
lib/Lemonldap/NG/Portal/PasswordDBChoice.pm
|
||||
lib/Lemonldap/NG/Portal/PasswordDBDBI.pm
|
||||
lib/Lemonldap/NG/Portal/PasswordDBLDAP.pm
|
||||
lib/Lemonldap/NG/Portal/PasswordDBNull.pm
|
||||
lib/Lemonldap/NG/Portal/Plugins/CDA.pm
|
||||
lib/Lemonldap/NG/Portal/Plugins/ForceAuth.pm
|
||||
lib/Lemonldap/NG/Portal/Plugins/Notifications.pm
|
||||
lib/Lemonldap/NG/Portal/Register.pm
|
||||
lib/Lemonldap/NG/Portal/RegisterDBAD.pm
|
||||
|
@ -331,19 +334,21 @@ site/templates/pastel/register.tpl
|
|||
site/templates/pastel/standardform.tpl
|
||||
site/templates/pastel/yubikeyform.tpl
|
||||
t/01-AuthDemo.t
|
||||
t/02-AuthAD.t
|
||||
t/02-AuthLDAP.t
|
||||
t/03-AuthDBI.t
|
||||
t/04-AuthNull.t
|
||||
t/05-AuthApache.t
|
||||
t/06-AuthSlave.t
|
||||
t/07-AuthRemote.t
|
||||
t/08-AuthProxy.t
|
||||
t/09-AuthChoice.t
|
||||
t/10-Notifications-File.t
|
||||
t/11-Notifications-DBI.t
|
||||
t/20-XSS-protection.t
|
||||
t/30-IssuerGet.t
|
||||
t/02-Password-Demo.t
|
||||
t/03-XSS-protection.t
|
||||
t/04-Notification-File.t
|
||||
t/20-Auth-and-password-DBI.t
|
||||
t/21-Auth-and-password-LDAP.t
|
||||
t/22-Auth-and-password-AD.t
|
||||
t/23-AuthNull.t
|
||||
t/24-AuthApache.t
|
||||
t/25-AuthSlave.t
|
||||
t/26-AuthRemote.t
|
||||
t/27-AuthProxy.t
|
||||
t/28-AuthChoice.t
|
||||
t/29-AuthSSL.t
|
||||
t/40-Notifications-DBI.t
|
||||
t/50-IssuerGet.t
|
||||
t/90-translations.t
|
||||
t/99-pod.t
|
||||
t/lmConf-1.js
|
||||
|
|
48
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm
Normal file
48
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm
Normal file
|
@ -0,0 +1,48 @@
|
|||
package Lemonldap::NG::Portal::Auth::SSL;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants
|
||||
qw(PE_OK PE_BADCERTIFICATE PE_CERTIFICATEREQUIRED);
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Auth::Base';
|
||||
|
||||
# PROPERTIES
|
||||
|
||||
has SSLField => ( is => 'rw' );
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
$self->SSLField( $self->conf->{SSLVar} ||= 'SSL_CLIENT_S_DN_Email' );
|
||||
}
|
||||
|
||||
# Read username in SSL environment variables, or return an error
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub extractFormInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
return PE_OK
|
||||
if ( $req->user( $req->{ $self->SSLField } ) );
|
||||
if ( $req->{SSL_CLIENT_S_DN} ) {
|
||||
$self->p->userError(
|
||||
"$self->SSLField was not found in user certificate");
|
||||
return PE_BADCERTIFICATE;
|
||||
}
|
||||
else {
|
||||
$self->p->userError('No certificate found');
|
||||
return PE_CERTIFICATEREQUIRED;
|
||||
}
|
||||
}
|
||||
|
||||
sub authenticate {
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
sub getDisplayType {
|
||||
return "logo";
|
||||
}
|
||||
|
||||
1;
|
|
@ -1,145 +0,0 @@
|
|||
## @file
|
||||
# Proxy authentication module
|
||||
|
||||
## @class
|
||||
# Proxy authentication module: It simply call another Lemonldap::NG portal by
|
||||
# SOAP using credentials
|
||||
package Lemonldap::NG::Portal::AuthProxy;
|
||||
|
||||
use strict;
|
||||
use Lemonldap::NG::Portal::_Proxy;
|
||||
use Lemonldap::NG::Portal::_WebForm;
|
||||
use Lemonldap::NG::Portal::Simple;
|
||||
use base qw(Lemonldap::NG::Portal::_WebForm Lemonldap::NG::Portal::_Proxy);
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
## @apmethod int authInit()
|
||||
# Call Lemonldap::NG::Portal::_Proxy::proxyInit();
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
*authInit = *Lemonldap::NG::Portal::_Proxy::proxyInit;
|
||||
|
||||
## @apmethod int authenticate()
|
||||
# Call Lemonldap::NG::Portal::_Proxy::proxyQuery()
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
*authenticate = *Lemonldap::NG::Portal::_Proxy::proxyQuery;
|
||||
|
||||
## @apmethod int setAuthSessionInfo()
|
||||
# Call Lemonldap::NG::Portal::_Proxy::setSessionInfo()
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
*setAuthSessionInfo = *Lemonldap::NG::Portal::_Proxy::setSessionInfo;
|
||||
|
||||
## @apmethod int authFinish()
|
||||
# Does nothing.
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub authFinish {
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
## @apmethod int authLogout()
|
||||
# Does nothing
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub authLogout {
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
## @apmethod boolean authForce()
|
||||
# Does nothing
|
||||
# @return result
|
||||
sub authForce {
|
||||
return 0;
|
||||
}
|
||||
|
||||
## @method string getDisplayType
|
||||
# @return display type
|
||||
sub getDisplayType {
|
||||
return "standardform";
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
__END__
|
||||
|
||||
=head1 NAME
|
||||
|
||||
=encoding utf8
|
||||
|
||||
Lemonldap::NG::Portal::AuthProxy - Authentication module for Lemonldap::NG
|
||||
that delegates authentication to a remote Lemonldap::NG portal.
|
||||
|
||||
The difference with Remote authentication module is that the client will never
|
||||
be redirected to the main Lemonldap::NG portal. This configuration is usable if
|
||||
you want to expose your internal SSO to another network (DMZ).
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Lemonldap::NG::Portal::SharedConf;
|
||||
my $portal = new Lemonldap::NG::Portal::SharedConf(
|
||||
|
||||
# REQUIRED PARAMETERS
|
||||
authentication => 'Proxy',
|
||||
userDB => 'Proxy',
|
||||
soapAuthService => 'https://auth.internal.network/',
|
||||
|
||||
# OTHER PARAMETERS
|
||||
# remoteCookieName (default: same name)
|
||||
remoteCookieName => 'lemonldap',
|
||||
# soapSessionService (default ${soapAuthService}index.pl/sessions)
|
||||
soapSessionService =>
|
||||
'https://auth2.internal.network/index.pl/sessions',
|
||||
);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
Authentication module for Lemonldap::NG portal that forward credentials to a
|
||||
remote Lemonldap::NGportal using SOAP request. Note that the remote portal must
|
||||
accept SOAP requests ("Soap=>1").
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<http://lemonldap-ng.org/>
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
=over
|
||||
|
||||
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
||||
|
||||
=item Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||
|
||||
=back
|
||||
|
||||
=head1 BUG REPORT
|
||||
|
||||
Use OW2 system to report bug or ask for features:
|
||||
L<http://jira.ow2.org>
|
||||
|
||||
=head1 DOWNLOAD
|
||||
|
||||
Lemonldap::NG is available at
|
||||
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
=over
|
||||
|
||||
=item Copyright (C) 2009-2010 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||
|
||||
=item Copyright (C) 2010-2012 by Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
||||
|
||||
=back
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
||||
|
||||
=cut
|
32
lemonldap-ng-portal/t/29-AuthSSL.t
Normal file
32
lemonldap-ng-portal/t/29-AuthSSL.t
Normal file
|
@ -0,0 +1,32 @@
|
|||
use Test::More;
|
||||
use strict;
|
||||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
my $res;
|
||||
|
||||
init(
|
||||
{
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
authentication => 'SSL',
|
||||
userDB => 'Null',
|
||||
SSLVar => 'SSL_CLIENT_S_DN_Custom',
|
||||
}
|
||||
);
|
||||
|
||||
ok(
|
||||
$res = &client->_get(
|
||||
'/', custom => { SSL_CLIENT_S_DN_Custom => 'dwho' }
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok( $res->[0] == 200, 'Response is 200' ) or explain( $res->[0], 200 );
|
||||
my $cookies = getCookies($res);
|
||||
my $id;
|
||||
ok( $id = $cookies->{lemonldap}, 'Get cookie' )
|
||||
or explain( $res, 'Set-Cookie: something' );
|
||||
clean_sessions();
|
||||
|
||||
count(3);
|
||||
done_testing( count() );
|
Loading…
Reference in New Issue
Block a user