dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reformating

Browse Source
This commit is contained in:
Xavier Guimard 2010-05-02 11:37:25 +00:00
parent 2f3d24ed72
commit cf0ece9aa2
2 changed files with 60 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
View File

@ -34,16 +34,13 @@ sub authInit {
sub extractFormInfo {
my $self = shift;
my $server = $self->{_lassoServer};
my $login;
my $logout;
my $idp;
my $idpConfKey;
my $method;
my $request;
my $response;
my $artifact;
my $relaystate;
my $signature_status;
# TODO: seems to be unused (redefined later)
my (
$login, $logout, $idp,
$idpConfKey, $request, $response,
$artifact, $relaystate, $signature_status
);
# 1. Get HTTP request informations to know
# if we are receving SAML request or response
@ -69,11 +66,11 @@ sub extractFormInfo {
"samlSPSSODescriptorArtifactResolutionServiceArtifact");
# 1.1 SSO assertion consumer
# TODO: if $saml_acs_art_url,... are fixed, add a /o
if ( $url =~
/^(\Q$saml_acs_art_url\E|\Q$saml_acs_post_url\E|\Q$saml_acs_get_url\E)$/i
)
{
$self->lmLog( "URL $url detected as an SSO assertion consumer URL",
'debug' );
@ -85,7 +82,7 @@ sub extractFormInfo {
$login = $self->createLogin($server);
# Ignore signature verification
$self->disableSignatureVerification($login);
$self->disableSignatureVerification($login);
if ($response) {
@ -299,7 +296,7 @@ sub extractFormInfo {
}
# 1.2 SLO
if ( $url =~
elsif ( $url =~
/^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E)$/i
)
{
@ -313,7 +310,7 @@ sub extractFormInfo {
$logout = $self->createLogout($server);
# Ignore signature verification
$self->disableSignatureVerification($logout);
$self->disableSignatureVerification($logout);
if ($response) {
@ -509,15 +506,15 @@ sub extractFormInfo {
}
# Do we set signature?
my $signSLOMessage =
my $signSLOMessage =
$self->{samlIDPMetaDataOptions}->{$idpConfKey}
->{samlIDPMetaDataOptionsSignSLOMessage};
unless ($signSLOMessage) {
->{samlIDPMetaDataOptionsSignSLOMessage};
unless ($signSLOMessage) {
$self->lmLog(
"SLO message to IDP $idpConfKey will not be signed",
'debug' );
$self->disableSignature($logout);
}
'debug' );
$self->disableSignature($logout);
}
# Logout response
unless ( $self->buildLogoutResponseMsg($logout) ) {
@ -544,7 +541,7 @@ sub extractFormInfo {
}
# HTTP-POST
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
# Use autosubmit form
my $slo_url = $logout->msg_url;
@ -566,7 +563,7 @@ sub extractFormInfo {
}
# HTTP-SOAP
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
my $slo_body = $logout->msg_body;
@ -596,7 +593,7 @@ sub extractFormInfo {
}
# 1.3 Artifact
if ( $url =~ /^(\Q$saml_ars_url\E)$/i ) {
elsif ( $url =~ /^(\Q$saml_ars_url\E)$/i ) {
$self->lmLog( "URL $url detected as an artifact resolution service URL",
'debug' );
@ -713,7 +710,7 @@ sub extractFormInfo {
}
# If IDP is found but not confirmed, let the user confirm it
if ( $confirm_flag != 1 ) {
elsif ( $confirm_flag != 1 ) {
$self->lmLog( "IDP $idp selected, need user confirmation", 'debug' );
# Choosen IDP
@ -858,7 +855,7 @@ sub extractFormInfo {
}
# HTTP-POST
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
# Use autosubmit form
my $sso_url = $login->msg_url;
@ -885,10 +882,10 @@ sub extractFormInfo {
# Extract attributes sent in authentication statement
# @return Lemonldap::NG::Portal error code
sub setAuthSessionInfo {
my $self = shift;
my $server = $self->{_lassoServer};
my $login = $self->{_lassoLogin};
my $idp = $self->{_idp};
my $self = shift;
my $server = $self->{_lassoServer};
my $login = $self->{_lassoLogin};
my $idp = $self->{_idp};
my $idpConfKey = $self->{_idpConfKey};
# Get SAML assertion
@ -929,8 +926,8 @@ sub setAuthSessionInfo {
}
# Store other informations in session
$self->{sessionInfo}->{_user} = $self->{user};
$self->{sessionInfo}->{_idp} = $idp;
$self->{sessionInfo}->{_user} = $self->{user};
$self->{sessionInfo}->{_idp} = $idp;
$self->{sessionInfo}->{_idpConfKey} = $idpConfKey;
# Adapt _utime with SessionNotOnOrAfter
@ -991,8 +988,8 @@ sub authenticate {
# Logout SP
# @return Lemonldap::NG::Portal error code
sub authLogout {
my $self = shift;
my $idp = $self->{sessionInfo}->{_idp};
my $self = shift;
my $idp = $self->{sessionInfo}->{_idp};
my $idpConfKey = $self->{sessionInfo}->{_idpConfKey};
my $method;
@ -1070,7 +1067,7 @@ sub authLogout {
}
# HTTP-POST
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
# Use autosubmit form
my $slo_url = $logout->msg_url;
@ -1084,7 +1081,7 @@ sub authLogout {
}
# HTTP-SOAP
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
my $slo_url = $logout->msg_url;
my $slo_body = $logout->msg_body;

84
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
View File

@ -14,8 +14,9 @@ use LWP::UserAgent; # SOAP call
use HTTP::Request; # SOAP call
use POSIX; # Convert SAML2 date into timestamp
use Encode; # Encode attribute values
use Date::Format
our $VERSION = '0.01';
our $VERSION = '0.01';
our $_samlCache;
BEGIN {
@ -262,19 +263,13 @@ sub loadSPs {
# @param profile_type login or logout
# @return ( $request, $response, $method, $relaystate, $artifact )
sub checkMessage {
my $self = shift;
my $url = shift;
my $request_method = shift;
my $content_type = shift;
my $profile_type = shift || "login";
my $request;
my $response;
my $message;
my $method;
my $relaystate;
my $artifact;
my ( $self, $url, $request_method, $content_type, $profile_type ) =
splice @_;
$profile_type ||= "login";
my ( $request, $response, $message, $method, $relaystate, $artifact );
# Check if SAML service is loaded
# TODO : return undefined values ???
return ( $request, $response, $method, $relaystate, $artifact )
unless $self->{_lassoServer};
@ -362,7 +357,7 @@ sub checkMessage {
}
if ( $self->param('SAMLRequest') ) {
elsif ( $self->param('SAMLRequest') ) {
# Request in body part
$request = $self->param('SAMLRequest');
@ -370,7 +365,7 @@ sub checkMessage {
}
if ( $self->param('SAMLart') ) {
elsif ( $self->param('SAMLart') ) {
# Artifact in SAMLart param
$artifact = $self->param('SAMLart');
@ -1935,23 +1930,8 @@ sub getAuthnContext {
sub timestamp2samldate {
my ( $self, $timestamp ) = splice @_;
my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst ) =
gmtime($timestamp);
$year += 1900;
$mon++;
$mon = $mon > 9 ? $mon : "0" . $mon;
$mday = $mday > 9 ? $mday : "0" . $mday;
$hour = $hour > 9 ? $hour : "0" . $hour;
$min = $min > 9 ? $min : "0" . $min;
$sec = $sec > 9 ? $sec : "0" . $sec;
my $samldate = "$year-$mon-$mday" . "T" . "$hour:$min:$sec" . "Z";
$self->lmLog( "Convert timestamp $timestamp in SAML2 date: $samldate",
'debug' );
return $samldate;
my @t = gmtime($timestamp);
return strftime( "%Y-%m-%dT%R:%SZ", @t );
}
## @method string samldate2timestamp(string samldate)
@ -1980,11 +1960,7 @@ sub samldate2timestamp {
# @param $wait If true, do not call to autoRedirect or autoPost function
# @return boolean False if failed.
sub sendLogoutResponseToServiceProvider {
my $self = shift;
my $logout = shift;
my $method = shift;
my $relaystate = shift;
my $seconds = shift;
my ( $self, $logout, $method, $relaystate, $seconds ) = splice @_;
# Logout response
unless ( $self->buildLogoutResponseMsg($logout) ) {
@ -2017,7 +1993,7 @@ sub sendLogoutResponseToServiceProvider {
}
# HTTP-POST
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
# Use autosubmit form
my $slo_url = $logout->msg_url;
@ -2040,7 +2016,7 @@ sub sendLogoutResponseToServiceProvider {
}
# HTTP-SOAP
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
my $slo_body = $logout->msg_body;
$self->{SOAPMessage} = $slo_body;
@ -2071,12 +2047,8 @@ sub sendLogoutResponseToServiceProvider {
# @param $relay If SOAP method, build a relay logout request
# @return int Number of concerned providers.
sub sendLogoutRequestToServiceProvider {
my $self = shift;
my $logout = shift;
my $providerID = shift;
my $method = shift;
my $relay = shift;
my $server = $self->{_lassoServer};
my ( $self, $logout, $providerID, $method, $relay ) = splice @_;
my $server = $self->{_lassoServer};
my $info;
# Test if provider is mentionned
@ -2108,19 +2080,19 @@ sub sendLogoutRequestToServiceProvider {
$self->lmLog( "No logout request found, build it", 'debug' );
# Initiate the logout request
unless ( $self->initLogoutRequest( $logout, $providerID, $method ) ) {
$self->lmLog( "Initiate logout request failed for $providerID",
'error' );
return ( 0, $method, undef );
}
# Initiate the logout request
unless ( $self->initLogoutRequest( $logout, $providerID, $method ) ) {
$self->lmLog( "Initiate logout request failed for $providerID",
'error' );
return ( 0, $method, undef );
}
# Build request message
unless ( $self->buildLogoutRequestMsg($logout) ) {
# Build request message
unless ( $self->buildLogoutRequestMsg($logout) ) {
$self->lmLog( "Build logout request failed for $providerID",
'error' );
return ( 0, $method, undef );
}
return ( 0, $method, undef );
}
}
@ -2149,7 +2121,7 @@ sub sendLogoutRequestToServiceProvider {
}
# HTTP-POST
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
$self->lmLog( "Send POST logout request to $providerID", 'debug' );
@ -2169,7 +2141,7 @@ sub sendLogoutRequestToServiceProvider {
}
# HTTP-SOAP
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
# Build a relay request, to be used after SLO process is done
if ($relay) {