Reformating
This commit is contained in:
parent
2f3d24ed72
commit
cf0ece9aa2
@ -34,16 +34,13 @@ sub authInit {
|
||||
sub extractFormInfo {
|
||||
my $self = shift;
|
||||
my $server = $self->{_lassoServer};
|
||||
my $login;
|
||||
my $logout;
|
||||
my $idp;
|
||||
my $idpConfKey;
|
||||
my $method;
|
||||
my $request;
|
||||
my $response;
|
||||
my $artifact;
|
||||
my $relaystate;
|
||||
my $signature_status;
|
||||
|
||||
# TODO: seems to be unused (redefined later)
|
||||
my (
|
||||
$login, $logout, $idp,
|
||||
$idpConfKey, $request, $response,
|
||||
$artifact, $relaystate, $signature_status
|
||||
);
|
||||
|
||||
# 1. Get HTTP request informations to know
|
||||
# if we are receving SAML request or response
|
||||
@ -69,11 +66,11 @@ sub extractFormInfo {
|
||||
"samlSPSSODescriptorArtifactResolutionServiceArtifact");
|
||||
|
||||
# 1.1 SSO assertion consumer
|
||||
# TODO: if $saml_acs_art_url,... are fixed, add a /o
|
||||
if ( $url =~
|
||||
/^(\Q$saml_acs_art_url\E|\Q$saml_acs_post_url\E|\Q$saml_acs_get_url\E)$/i
|
||||
)
|
||||
{
|
||||
|
||||
$self->lmLog( "URL $url detected as an SSO assertion consumer URL",
|
||||
'debug' );
|
||||
|
||||
@ -85,7 +82,7 @@ sub extractFormInfo {
|
||||
$login = $self->createLogin($server);
|
||||
|
||||
# Ignore signature verification
|
||||
$self->disableSignatureVerification($login);
|
||||
$self->disableSignatureVerification($login);
|
||||
|
||||
if ($response) {
|
||||
|
||||
@ -299,7 +296,7 @@ sub extractFormInfo {
|
||||
}
|
||||
|
||||
# 1.2 SLO
|
||||
if ( $url =~
|
||||
elsif ( $url =~
|
||||
/^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E)$/i
|
||||
)
|
||||
{
|
||||
@ -313,7 +310,7 @@ sub extractFormInfo {
|
||||
$logout = $self->createLogout($server);
|
||||
|
||||
# Ignore signature verification
|
||||
$self->disableSignatureVerification($logout);
|
||||
$self->disableSignatureVerification($logout);
|
||||
|
||||
if ($response) {
|
||||
|
||||
@ -509,15 +506,15 @@ sub extractFormInfo {
|
||||
}
|
||||
|
||||
# Do we set signature?
|
||||
my $signSLOMessage =
|
||||
my $signSLOMessage =
|
||||
$self->{samlIDPMetaDataOptions}->{$idpConfKey}
|
||||
->{samlIDPMetaDataOptionsSignSLOMessage};
|
||||
unless ($signSLOMessage) {
|
||||
->{samlIDPMetaDataOptionsSignSLOMessage};
|
||||
unless ($signSLOMessage) {
|
||||
$self->lmLog(
|
||||
"SLO message to IDP $idpConfKey will not be signed",
|
||||
'debug' );
|
||||
$self->disableSignature($logout);
|
||||
}
|
||||
'debug' );
|
||||
$self->disableSignature($logout);
|
||||
}
|
||||
|
||||
# Logout response
|
||||
unless ( $self->buildLogoutResponseMsg($logout) ) {
|
||||
@ -544,7 +541,7 @@ sub extractFormInfo {
|
||||
}
|
||||
|
||||
# HTTP-POST
|
||||
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
|
||||
# Use autosubmit form
|
||||
my $slo_url = $logout->msg_url;
|
||||
@ -566,7 +563,7 @@ sub extractFormInfo {
|
||||
}
|
||||
|
||||
# HTTP-SOAP
|
||||
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
||||
elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
||||
|
||||
my $slo_body = $logout->msg_body;
|
||||
|
||||
@ -596,7 +593,7 @@ sub extractFormInfo {
|
||||
}
|
||||
|
||||
# 1.3 Artifact
|
||||
if ( $url =~ /^(\Q$saml_ars_url\E)$/i ) {
|
||||
elsif ( $url =~ /^(\Q$saml_ars_url\E)$/i ) {
|
||||
|
||||
$self->lmLog( "URL $url detected as an artifact resolution service URL",
|
||||
'debug' );
|
||||
@ -713,7 +710,7 @@ sub extractFormInfo {
|
||||
}
|
||||
|
||||
# If IDP is found but not confirmed, let the user confirm it
|
||||
if ( $confirm_flag != 1 ) {
|
||||
elsif ( $confirm_flag != 1 ) {
|
||||
$self->lmLog( "IDP $idp selected, need user confirmation", 'debug' );
|
||||
|
||||
# Choosen IDP
|
||||
@ -858,7 +855,7 @@ sub extractFormInfo {
|
||||
}
|
||||
|
||||
# HTTP-POST
|
||||
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
|
||||
# Use autosubmit form
|
||||
my $sso_url = $login->msg_url;
|
||||
@ -885,10 +882,10 @@ sub extractFormInfo {
|
||||
# Extract attributes sent in authentication statement
|
||||
# @return Lemonldap::NG::Portal error code
|
||||
sub setAuthSessionInfo {
|
||||
my $self = shift;
|
||||
my $server = $self->{_lassoServer};
|
||||
my $login = $self->{_lassoLogin};
|
||||
my $idp = $self->{_idp};
|
||||
my $self = shift;
|
||||
my $server = $self->{_lassoServer};
|
||||
my $login = $self->{_lassoLogin};
|
||||
my $idp = $self->{_idp};
|
||||
my $idpConfKey = $self->{_idpConfKey};
|
||||
|
||||
# Get SAML assertion
|
||||
@ -929,8 +926,8 @@ sub setAuthSessionInfo {
|
||||
}
|
||||
|
||||
# Store other informations in session
|
||||
$self->{sessionInfo}->{_user} = $self->{user};
|
||||
$self->{sessionInfo}->{_idp} = $idp;
|
||||
$self->{sessionInfo}->{_user} = $self->{user};
|
||||
$self->{sessionInfo}->{_idp} = $idp;
|
||||
$self->{sessionInfo}->{_idpConfKey} = $idpConfKey;
|
||||
|
||||
# Adapt _utime with SessionNotOnOrAfter
|
||||
@ -991,8 +988,8 @@ sub authenticate {
|
||||
# Logout SP
|
||||
# @return Lemonldap::NG::Portal error code
|
||||
sub authLogout {
|
||||
my $self = shift;
|
||||
my $idp = $self->{sessionInfo}->{_idp};
|
||||
my $self = shift;
|
||||
my $idp = $self->{sessionInfo}->{_idp};
|
||||
my $idpConfKey = $self->{sessionInfo}->{_idpConfKey};
|
||||
my $method;
|
||||
|
||||
@ -1070,7 +1067,7 @@ sub authLogout {
|
||||
}
|
||||
|
||||
# HTTP-POST
|
||||
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
|
||||
# Use autosubmit form
|
||||
my $slo_url = $logout->msg_url;
|
||||
@ -1084,7 +1081,7 @@ sub authLogout {
|
||||
}
|
||||
|
||||
# HTTP-SOAP
|
||||
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
||||
elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
||||
|
||||
my $slo_url = $logout->msg_url;
|
||||
my $slo_body = $logout->msg_body;
|
||||
|
@ -14,8 +14,9 @@ use LWP::UserAgent; # SOAP call
|
||||
use HTTP::Request; # SOAP call
|
||||
use POSIX; # Convert SAML2 date into timestamp
|
||||
use Encode; # Encode attribute values
|
||||
use Date::Format
|
||||
|
||||
our $VERSION = '0.01';
|
||||
our $VERSION = '0.01';
|
||||
our $_samlCache;
|
||||
|
||||
BEGIN {
|
||||
@ -262,19 +263,13 @@ sub loadSPs {
|
||||
# @param profile_type login or logout
|
||||
# @return ( $request, $response, $method, $relaystate, $artifact )
|
||||
sub checkMessage {
|
||||
my $self = shift;
|
||||
my $url = shift;
|
||||
my $request_method = shift;
|
||||
my $content_type = shift;
|
||||
my $profile_type = shift || "login";
|
||||
my $request;
|
||||
my $response;
|
||||
my $message;
|
||||
my $method;
|
||||
my $relaystate;
|
||||
my $artifact;
|
||||
my ( $self, $url, $request_method, $content_type, $profile_type ) =
|
||||
splice @_;
|
||||
$profile_type ||= "login";
|
||||
my ( $request, $response, $message, $method, $relaystate, $artifact );
|
||||
|
||||
# Check if SAML service is loaded
|
||||
# TODO : return undefined values ???
|
||||
return ( $request, $response, $method, $relaystate, $artifact )
|
||||
unless $self->{_lassoServer};
|
||||
|
||||
@ -362,7 +357,7 @@ sub checkMessage {
|
||||
|
||||
}
|
||||
|
||||
if ( $self->param('SAMLRequest') ) {
|
||||
elsif ( $self->param('SAMLRequest') ) {
|
||||
|
||||
# Request in body part
|
||||
$request = $self->param('SAMLRequest');
|
||||
@ -370,7 +365,7 @@ sub checkMessage {
|
||||
|
||||
}
|
||||
|
||||
if ( $self->param('SAMLart') ) {
|
||||
elsif ( $self->param('SAMLart') ) {
|
||||
|
||||
# Artifact in SAMLart param
|
||||
$artifact = $self->param('SAMLart');
|
||||
@ -1935,23 +1930,8 @@ sub getAuthnContext {
|
||||
sub timestamp2samldate {
|
||||
my ( $self, $timestamp ) = splice @_;
|
||||
|
||||
my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst ) =
|
||||
gmtime($timestamp);
|
||||
|
||||
$year += 1900;
|
||||
$mon++;
|
||||
$mon = $mon > 9 ? $mon : "0" . $mon;
|
||||
$mday = $mday > 9 ? $mday : "0" . $mday;
|
||||
$hour = $hour > 9 ? $hour : "0" . $hour;
|
||||
$min = $min > 9 ? $min : "0" . $min;
|
||||
$sec = $sec > 9 ? $sec : "0" . $sec;
|
||||
|
||||
my $samldate = "$year-$mon-$mday" . "T" . "$hour:$min:$sec" . "Z";
|
||||
|
||||
$self->lmLog( "Convert timestamp $timestamp in SAML2 date: $samldate",
|
||||
'debug' );
|
||||
|
||||
return $samldate;
|
||||
my @t = gmtime($timestamp);
|
||||
return strftime( "%Y-%m-%dT%R:%SZ", @t );
|
||||
}
|
||||
|
||||
## @method string samldate2timestamp(string samldate)
|
||||
@ -1980,11 +1960,7 @@ sub samldate2timestamp {
|
||||
# @param $wait If true, do not call to autoRedirect or autoPost function
|
||||
# @return boolean False if failed.
|
||||
sub sendLogoutResponseToServiceProvider {
|
||||
my $self = shift;
|
||||
my $logout = shift;
|
||||
my $method = shift;
|
||||
my $relaystate = shift;
|
||||
my $seconds = shift;
|
||||
my ( $self, $logout, $method, $relaystate, $seconds ) = splice @_;
|
||||
|
||||
# Logout response
|
||||
unless ( $self->buildLogoutResponseMsg($logout) ) {
|
||||
@ -2017,7 +1993,7 @@ sub sendLogoutResponseToServiceProvider {
|
||||
}
|
||||
|
||||
# HTTP-POST
|
||||
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
|
||||
# Use autosubmit form
|
||||
my $slo_url = $logout->msg_url;
|
||||
@ -2040,7 +2016,7 @@ sub sendLogoutResponseToServiceProvider {
|
||||
}
|
||||
|
||||
# HTTP-SOAP
|
||||
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
||||
elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
||||
|
||||
my $slo_body = $logout->msg_body;
|
||||
$self->{SOAPMessage} = $slo_body;
|
||||
@ -2071,12 +2047,8 @@ sub sendLogoutResponseToServiceProvider {
|
||||
# @param $relay If SOAP method, build a relay logout request
|
||||
# @return int Number of concerned providers.
|
||||
sub sendLogoutRequestToServiceProvider {
|
||||
my $self = shift;
|
||||
my $logout = shift;
|
||||
my $providerID = shift;
|
||||
my $method = shift;
|
||||
my $relay = shift;
|
||||
my $server = $self->{_lassoServer};
|
||||
my ( $self, $logout, $providerID, $method, $relay ) = splice @_;
|
||||
my $server = $self->{_lassoServer};
|
||||
my $info;
|
||||
|
||||
# Test if provider is mentionned
|
||||
@ -2108,19 +2080,19 @@ sub sendLogoutRequestToServiceProvider {
|
||||
|
||||
$self->lmLog( "No logout request found, build it", 'debug' );
|
||||
|
||||
# Initiate the logout request
|
||||
unless ( $self->initLogoutRequest( $logout, $providerID, $method ) ) {
|
||||
$self->lmLog( "Initiate logout request failed for $providerID",
|
||||
'error' );
|
||||
return ( 0, $method, undef );
|
||||
}
|
||||
# Initiate the logout request
|
||||
unless ( $self->initLogoutRequest( $logout, $providerID, $method ) ) {
|
||||
$self->lmLog( "Initiate logout request failed for $providerID",
|
||||
'error' );
|
||||
return ( 0, $method, undef );
|
||||
}
|
||||
|
||||
# Build request message
|
||||
unless ( $self->buildLogoutRequestMsg($logout) ) {
|
||||
# Build request message
|
||||
unless ( $self->buildLogoutRequestMsg($logout) ) {
|
||||
$self->lmLog( "Build logout request failed for $providerID",
|
||||
'error' );
|
||||
return ( 0, $method, undef );
|
||||
}
|
||||
return ( 0, $method, undef );
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -2149,7 +2121,7 @@ sub sendLogoutRequestToServiceProvider {
|
||||
}
|
||||
|
||||
# HTTP-POST
|
||||
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||
|
||||
$self->lmLog( "Send POST logout request to $providerID", 'debug' );
|
||||
|
||||
@ -2169,7 +2141,7 @@ sub sendLogoutRequestToServiceProvider {
|
||||
}
|
||||
|
||||
# HTTP-SOAP
|
||||
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
||||
elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
||||
|
||||
# Build a relay request, to be used after SLO process is done
|
||||
if ($relay) {
|
||||
|
Loading…
Reference in New Issue
Block a user