Add a specific timeout parameter for SAML RelayState sessions (#524)
This commit is contained in:
parent
4e9a4e9789
commit
ce581e75e9
|
@ -1314,7 +1314,7 @@ sub struct {
|
|||
# ADVANCED SAML PARAMETERS
|
||||
samlAdvanced => {
|
||||
_nodes => [
|
||||
qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage cn:samlStorageOptions n:samlCommonDomainCookie)
|
||||
qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage cn:samlStorageOptions samlRelayStateTimeout n:samlCommonDomainCookie)
|
||||
],
|
||||
_help => 'samlServiceAdvanced',
|
||||
|
||||
|
@ -1327,6 +1327,7 @@ sub struct {
|
|||
_js => 'hashRoot',
|
||||
_help => 'samlServiceAdvanced',
|
||||
},
|
||||
samlRelayStateTimeout => 'int:/samlRelayStateTimeout',
|
||||
samlCommonDomainCookie => {
|
||||
_nodes => [
|
||||
qw(samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter)
|
||||
|
@ -1823,6 +1824,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
test => Lemonldap::NG::Common::Regexp::HTTP_URI(),
|
||||
msgFail => 'Bad URI',
|
||||
},
|
||||
samlRelayStateTimeout => $integer,
|
||||
|
||||
# SSL
|
||||
SSLAuthnLevel => $integer,
|
||||
|
@ -2198,6 +2200,7 @@ sub defaultConf {
|
|||
samlAuthnContextMapTLSClient => 5,
|
||||
samlAuthnContextMapKerberos => 4,
|
||||
samlCommonDomainCookieActivation => 0,
|
||||
samlRelayStateTimeout => 600,
|
||||
|
||||
# Authentication levels
|
||||
ldapAuthnLevel => 2,
|
||||
|
|
|
@ -515,6 +515,7 @@ sub en {
|
|||
samlCommonDomainCookieDomain => 'Common domain',
|
||||
samlCommonDomainCookieReader => 'Reader URL',
|
||||
samlCommonDomainCookieWriter => 'Writer URL',
|
||||
samlRelayStateTimeout => 'RelayState session timeout',
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -1005,6 +1006,7 @@ sub fr {
|
|||
samlCommonDomainCookieDomain => 'Domaine commun',
|
||||
samlCommonDomainCookieReader => 'URL de lecture',
|
||||
samlCommonDomainCookieWriter => 'URL d\'écriture',
|
||||
samlRelayStateTimeout => 'Durée de vie d\'une session RelayState',
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -626,6 +626,8 @@ sub setDefaultValues {
|
|||
unless defined $self->{samlAuthnContextMapTLSClient};
|
||||
$self->{samlAuthnContextMapKerberos} = 4
|
||||
unless defined $self->{samlAuthnContextMapKerberos};
|
||||
$self->{samlRelayStateTimeout} = 600
|
||||
unless defined $self->{samlRelayStateTimeout};
|
||||
|
||||
# CAS
|
||||
$self->{casStorage} ||= $self->{globalStorage};
|
||||
|
|
|
@ -1178,8 +1178,13 @@ sub storeRelayState {
|
|||
# Session type
|
||||
$samlSessionInfo->{_type} = "relaystate";
|
||||
|
||||
# UNIX time
|
||||
$samlSessionInfo->{_utime} = time();
|
||||
# Set _utime for session autoremove
|
||||
# Use default session timeout and relayState session timeout to compute it
|
||||
my $time = time();
|
||||
my $timeout = $self->{timeout};
|
||||
my $samlRelayStateTimeout = $self->{samlRelayStateTimeout} || $timeout;
|
||||
|
||||
$samlSessionInfo->{_utime} = $time + ( $samlRelayStateTimeout - $timeout );
|
||||
|
||||
# Store infos in relaystate session
|
||||
foreach ( keys %$infos ) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user