SAML in progress (#595)
This commit is contained in:
parent
abb61affe0
commit
c550606f50
|
@ -9,6 +9,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_SAML_ART_ERROR
|
||||
PE_SAML_CONDITIONS_ERROR
|
||||
PE_SAML_DESTINATION_ERROR
|
||||
PE_SAML_ERROR
|
||||
PM_SAML_IDPCHOOSEN
|
||||
PE_SAML_IDPSSOINITIATED_NOTALLOWED
|
||||
PE_SAML_SESSION_ERROR
|
||||
|
@ -379,10 +380,7 @@ sub extractFormInfo {
|
|||
# This should not happen
|
||||
$self->lmLog( "SSO request or response was not found", 'error' );
|
||||
|
||||
# Redirect user
|
||||
$req->mustRedirect(1);
|
||||
$req->steps( [] );
|
||||
return PE_OK;
|
||||
return PE_SAML_ERROR;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -634,9 +634,8 @@ sub run {
|
|||
->set_subject_name_id( $login->nameIdentifier );
|
||||
|
||||
# Set basic conditions
|
||||
my $oneTimeUse =
|
||||
$self->conf->{samlSPMetaDataOptions}->{$spConfKey}
|
||||
->{samlSPMetaDataOptionsOneTimeUse};
|
||||
my $oneTimeUse = $self->conf->{samlSPMetaDataOptions}->{$spConfKey}
|
||||
->{samlSPMetaDataOptionsOneTimeUse} // 0;
|
||||
|
||||
my $conditionNotOnOrAfter = $notOnOrAfterTimeout || "86400";
|
||||
eval {
|
||||
|
@ -704,7 +703,7 @@ sub run {
|
|||
# Signature
|
||||
my $signSSOMessage =
|
||||
$self->conf->{samlSPMetaDataOptions}->{$spConfKey}
|
||||
->{samlSPMetaDataOptionsSignSSOMessage};
|
||||
->{samlSPMetaDataOptionsSignSSOMessage} // -1;
|
||||
|
||||
if ( $signSSOMessage == 0 ) {
|
||||
$self->lmLog( "SSO response will not be signed", 'debug' );
|
||||
|
@ -720,8 +719,8 @@ sub run {
|
|||
}
|
||||
|
||||
# log that a SAML authn response is build
|
||||
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||
my $nameIDLog;
|
||||
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||
my $nameIDLog = '';
|
||||
foreach my $format (qw(persistent transient)) {
|
||||
if ( $login->nameIdentifier->Format eq
|
||||
$self->getNameIDFormat($format) )
|
||||
|
|
|
@ -4,6 +4,7 @@ use strict;
|
|||
use Mouse;
|
||||
use Lemonldap::NG::Common::Conf::SAML::Metadata;
|
||||
use Lemonldap::NG::Common::Session;
|
||||
use LWP::UserAgent;
|
||||
use XML::Simple;
|
||||
use MIME::Base64;
|
||||
use String::Random;
|
||||
|
@ -21,6 +22,20 @@ has lassoServer => ( is => 'rw' );
|
|||
has spList => ( is => 'rw', default => sub { {} } );
|
||||
has idpList => ( is => 'rw', default => sub { {} } );
|
||||
|
||||
# return LWP::UserAgent object
|
||||
has ua => (
|
||||
is => 'rw',
|
||||
lasy => 1,
|
||||
builder => sub {
|
||||
|
||||
# TODO : LWP options to use a proxy for example
|
||||
my $ua = LWP::UserAgent->new();
|
||||
push @{ $ua->requests_redirectable }, 'POST';
|
||||
$ua->env_proxy();
|
||||
return $ua;
|
||||
}
|
||||
);
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
BEGIN {
|
||||
|
|
|
@ -4,7 +4,7 @@ use IO::String;
|
|||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
my $maintests = 14;
|
||||
my $maintests = 19;
|
||||
my $debug = 'debug';
|
||||
my $res;
|
||||
my %handlerOR = ( issuer => [], sp => [] );
|
||||
|
@ -25,7 +25,7 @@ SKIP: {
|
|||
ok( $sp = sp(), 'SP portal' );
|
||||
$handlerOR{sp} = \@Lemonldap::NG::Handler::Main::Reload::_onReload;
|
||||
|
||||
# Simple SP login
|
||||
# Simple SP access
|
||||
my $res;
|
||||
ok(
|
||||
$res = $sp->_get(
|
||||
|
@ -95,6 +95,8 @@ SKIP: {
|
|||
'Found IdP URL'
|
||||
);
|
||||
my $url = $1;
|
||||
|
||||
# Push SAML request to IdP
|
||||
switch ('issuer');
|
||||
my $s = "SAMLRequest=$samlReq";
|
||||
ok(
|
||||
|
@ -107,6 +109,8 @@ SKIP: {
|
|||
'Post SAML request to IdP'
|
||||
);
|
||||
ok( $res->[0] == 200, 'Return code is 200' );
|
||||
|
||||
# Try to authenticate to IdP
|
||||
my $body = $res->[2]->[0];
|
||||
$body =~ s/^.*?<form.*?>//s;
|
||||
$body =~ s#</form>.*$##s;
|
||||
|
@ -120,12 +124,39 @@ SKIP: {
|
|||
$url,
|
||||
IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s)
|
||||
length => length($s),
|
||||
),
|
||||
'Post authentication'
|
||||
);
|
||||
ok( $res->[0] == 200, 'Response is 200' ) or explain( $res->[0], 200 );
|
||||
$cookies = $sp->getCookies($res);
|
||||
my $idpId;
|
||||
ok( $idpId = $cookies->{lemonldap}, 'Get cookie' )
|
||||
or explain( $res, 'Set-Cookie: something' );
|
||||
|
||||
#print STDERR Dumper($res);
|
||||
# Post SAML artifact to SP
|
||||
ok( $res->[2]->[0] =~ m#<form.+?action="http://auth.sp.com(.*?)".+?method="post"#,
|
||||
'Form method is POST' );
|
||||
$url = $1;
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
/<input type="hidden".+?name="SAMLart".+?value="(.+?)"/s,
|
||||
'Found SAML artifact'
|
||||
);
|
||||
my $samlArt = $1;
|
||||
switch ('sp');
|
||||
$s = "SAMLart=$samlArt";
|
||||
ok(
|
||||
$res = $sp->_post(
|
||||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
|
||||
),
|
||||
'Post artifact to SP'
|
||||
);
|
||||
|
||||
#print STDERR Dumper( $res, $url, $s );
|
||||
}
|
||||
|
||||
count($maintests);
|
||||
|
|
Loading…
Reference in New Issue
Block a user