diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm index 172210f2a..3345fff0e 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm @@ -34,16 +34,13 @@ sub authInit { sub extractFormInfo { my $self = shift; my $server = $self->{_lassoServer}; - my $login; - my $logout; - my $idp; - my $idpConfKey; - my $method; - my $request; - my $response; - my $artifact; - my $relaystate; - my $signature_status; + + # TODO: seems to be unused (redefined later) + my ( + $login, $logout, $idp, + $idpConfKey, $request, $response, + $artifact, $relaystate, $signature_status + ); # 1. Get HTTP request informations to know # if we are receving SAML request or response @@ -69,11 +66,11 @@ sub extractFormInfo { "samlSPSSODescriptorArtifactResolutionServiceArtifact"); # 1.1 SSO assertion consumer + # TODO: if $saml_acs_art_url,... are fixed, add a /o if ( $url =~ /^(\Q$saml_acs_art_url\E|\Q$saml_acs_post_url\E|\Q$saml_acs_get_url\E)$/i ) { - $self->lmLog( "URL $url detected as an SSO assertion consumer URL", 'debug' ); @@ -85,7 +82,7 @@ sub extractFormInfo { $login = $self->createLogin($server); # Ignore signature verification - $self->disableSignatureVerification($login); + $self->disableSignatureVerification($login); if ($response) { @@ -299,7 +296,7 @@ sub extractFormInfo { } # 1.2 SLO - if ( $url =~ + elsif ( $url =~ /^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E)$/i ) { @@ -313,7 +310,7 @@ sub extractFormInfo { $logout = $self->createLogout($server); # Ignore signature verification - $self->disableSignatureVerification($logout); + $self->disableSignatureVerification($logout); if ($response) { @@ -509,15 +506,15 @@ sub extractFormInfo { } # Do we set signature? - my $signSLOMessage = + my $signSLOMessage = $self->{samlIDPMetaDataOptions}->{$idpConfKey} - ->{samlIDPMetaDataOptionsSignSLOMessage}; - unless ($signSLOMessage) { + ->{samlIDPMetaDataOptionsSignSLOMessage}; + unless ($signSLOMessage) { $self->lmLog( "SLO message to IDP $idpConfKey will not be signed", - 'debug' ); - $self->disableSignature($logout); - } + 'debug' ); + $self->disableSignature($logout); + } # Logout response unless ( $self->buildLogoutResponseMsg($logout) ) { @@ -544,7 +541,7 @@ sub extractFormInfo { } # HTTP-POST - if ( $method == Lasso::Constants::HTTP_METHOD_POST ) { + elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) { # Use autosubmit form my $slo_url = $logout->msg_url; @@ -566,7 +563,7 @@ sub extractFormInfo { } # HTTP-SOAP - if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) { + elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) { my $slo_body = $logout->msg_body; @@ -596,7 +593,7 @@ sub extractFormInfo { } # 1.3 Artifact - if ( $url =~ /^(\Q$saml_ars_url\E)$/i ) { + elsif ( $url =~ /^(\Q$saml_ars_url\E)$/i ) { $self->lmLog( "URL $url detected as an artifact resolution service URL", 'debug' ); @@ -713,7 +710,7 @@ sub extractFormInfo { } # If IDP is found but not confirmed, let the user confirm it - if ( $confirm_flag != 1 ) { + elsif ( $confirm_flag != 1 ) { $self->lmLog( "IDP $idp selected, need user confirmation", 'debug' ); # Choosen IDP @@ -858,7 +855,7 @@ sub extractFormInfo { } # HTTP-POST - if ( $method == Lasso::Constants::HTTP_METHOD_POST ) { + elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) { # Use autosubmit form my $sso_url = $login->msg_url; @@ -885,10 +882,10 @@ sub extractFormInfo { # Extract attributes sent in authentication statement # @return Lemonldap::NG::Portal error code sub setAuthSessionInfo { - my $self = shift; - my $server = $self->{_lassoServer}; - my $login = $self->{_lassoLogin}; - my $idp = $self->{_idp}; + my $self = shift; + my $server = $self->{_lassoServer}; + my $login = $self->{_lassoLogin}; + my $idp = $self->{_idp}; my $idpConfKey = $self->{_idpConfKey}; # Get SAML assertion @@ -929,8 +926,8 @@ sub setAuthSessionInfo { } # Store other informations in session - $self->{sessionInfo}->{_user} = $self->{user}; - $self->{sessionInfo}->{_idp} = $idp; + $self->{sessionInfo}->{_user} = $self->{user}; + $self->{sessionInfo}->{_idp} = $idp; $self->{sessionInfo}->{_idpConfKey} = $idpConfKey; # Adapt _utime with SessionNotOnOrAfter @@ -991,8 +988,8 @@ sub authenticate { # Logout SP # @return Lemonldap::NG::Portal error code sub authLogout { - my $self = shift; - my $idp = $self->{sessionInfo}->{_idp}; + my $self = shift; + my $idp = $self->{sessionInfo}->{_idp}; my $idpConfKey = $self->{sessionInfo}->{_idpConfKey}; my $method; @@ -1070,7 +1067,7 @@ sub authLogout { } # HTTP-POST - if ( $method == Lasso::Constants::HTTP_METHOD_POST ) { + elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) { # Use autosubmit form my $slo_url = $logout->msg_url; @@ -1084,7 +1081,7 @@ sub authLogout { } # HTTP-SOAP - if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) { + elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) { my $slo_url = $logout->msg_url; my $slo_body = $logout->msg_body; diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm index 2ae161922..968c3db53 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm @@ -14,8 +14,9 @@ use LWP::UserAgent; # SOAP call use HTTP::Request; # SOAP call use POSIX; # Convert SAML2 date into timestamp use Encode; # Encode attribute values +use Date::Format -our $VERSION = '0.01'; + our $VERSION = '0.01'; our $_samlCache; BEGIN { @@ -262,19 +263,13 @@ sub loadSPs { # @param profile_type login or logout # @return ( $request, $response, $method, $relaystate, $artifact ) sub checkMessage { - my $self = shift; - my $url = shift; - my $request_method = shift; - my $content_type = shift; - my $profile_type = shift || "login"; - my $request; - my $response; - my $message; - my $method; - my $relaystate; - my $artifact; + my ( $self, $url, $request_method, $content_type, $profile_type ) = + splice @_; + $profile_type ||= "login"; + my ( $request, $response, $message, $method, $relaystate, $artifact ); # Check if SAML service is loaded + # TODO : return undefined values ??? return ( $request, $response, $method, $relaystate, $artifact ) unless $self->{_lassoServer}; @@ -362,7 +357,7 @@ sub checkMessage { } - if ( $self->param('SAMLRequest') ) { + elsif ( $self->param('SAMLRequest') ) { # Request in body part $request = $self->param('SAMLRequest'); @@ -370,7 +365,7 @@ sub checkMessage { } - if ( $self->param('SAMLart') ) { + elsif ( $self->param('SAMLart') ) { # Artifact in SAMLart param $artifact = $self->param('SAMLart'); @@ -1935,23 +1930,8 @@ sub getAuthnContext { sub timestamp2samldate { my ( $self, $timestamp ) = splice @_; - my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst ) = - gmtime($timestamp); - - $year += 1900; - $mon++; - $mon = $mon > 9 ? $mon : "0" . $mon; - $mday = $mday > 9 ? $mday : "0" . $mday; - $hour = $hour > 9 ? $hour : "0" . $hour; - $min = $min > 9 ? $min : "0" . $min; - $sec = $sec > 9 ? $sec : "0" . $sec; - - my $samldate = "$year-$mon-$mday" . "T" . "$hour:$min:$sec" . "Z"; - - $self->lmLog( "Convert timestamp $timestamp in SAML2 date: $samldate", - 'debug' ); - - return $samldate; + my @t = gmtime($timestamp); + return strftime( "%Y-%m-%dT%R:%SZ", @t ); } ## @method string samldate2timestamp(string samldate) @@ -1980,11 +1960,7 @@ sub samldate2timestamp { # @param $wait If true, do not call to autoRedirect or autoPost function # @return boolean False if failed. sub sendLogoutResponseToServiceProvider { - my $self = shift; - my $logout = shift; - my $method = shift; - my $relaystate = shift; - my $seconds = shift; + my ( $self, $logout, $method, $relaystate, $seconds ) = splice @_; # Logout response unless ( $self->buildLogoutResponseMsg($logout) ) { @@ -2017,7 +1993,7 @@ sub sendLogoutResponseToServiceProvider { } # HTTP-POST - if ( $method == Lasso::Constants::HTTP_METHOD_POST ) { + elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) { # Use autosubmit form my $slo_url = $logout->msg_url; @@ -2040,7 +2016,7 @@ sub sendLogoutResponseToServiceProvider { } # HTTP-SOAP - if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) { + elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) { my $slo_body = $logout->msg_body; $self->{SOAPMessage} = $slo_body; @@ -2071,12 +2047,8 @@ sub sendLogoutResponseToServiceProvider { # @param $relay If SOAP method, build a relay logout request # @return int Number of concerned providers. sub sendLogoutRequestToServiceProvider { - my $self = shift; - my $logout = shift; - my $providerID = shift; - my $method = shift; - my $relay = shift; - my $server = $self->{_lassoServer}; + my ( $self, $logout, $providerID, $method, $relay ) = splice @_; + my $server = $self->{_lassoServer}; my $info; # Test if provider is mentionned @@ -2108,19 +2080,19 @@ sub sendLogoutRequestToServiceProvider { $self->lmLog( "No logout request found, build it", 'debug' ); - # Initiate the logout request - unless ( $self->initLogoutRequest( $logout, $providerID, $method ) ) { - $self->lmLog( "Initiate logout request failed for $providerID", - 'error' ); - return ( 0, $method, undef ); - } + # Initiate the logout request + unless ( $self->initLogoutRequest( $logout, $providerID, $method ) ) { + $self->lmLog( "Initiate logout request failed for $providerID", + 'error' ); + return ( 0, $method, undef ); + } - # Build request message - unless ( $self->buildLogoutRequestMsg($logout) ) { + # Build request message + unless ( $self->buildLogoutRequestMsg($logout) ) { $self->lmLog( "Build logout request failed for $providerID", 'error' ); - return ( 0, $method, undef ); - } + return ( 0, $method, undef ); + } } @@ -2149,7 +2121,7 @@ sub sendLogoutRequestToServiceProvider { } # HTTP-POST - if ( $method == Lasso::Constants::HTTP_METHOD_POST ) { + elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) { $self->lmLog( "Send POST logout request to $providerID", 'debug' ); @@ -2169,7 +2141,7 @@ sub sendLogoutRequestToServiceProvider { } # HTTP-SOAP - if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) { + elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) { # Build a relay request, to be used after SLO process is done if ($relay) {