dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Restore relayState (#595)

Browse Source
This commit is contained in:
Xavier Guimard 2017-03-20 12:43:57 +00:00
parent 60796fa6a1
commit d0467f0802
3 changed files with 25 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fastcgi-server/man/llng-fastcgi-server.1p
View File

@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "llng-fastcgi-server 1"
.TH llng-fastcgi-server 1 "2017-03-16" "perl v5.24.1" "User Contributed Perl Documentation"
.TH llng-fastcgi-server 1 "2017-03-20" "perl v5.24.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

15
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
View File

@ -228,7 +228,8 @@ sub extractFormInfo {
->{samlIDPMetaDataOptionsRelayStateURL};
# Extract RelayState information
if ( $self->extractRelayState( $relaystate, $relayStateURL ) ) {
if ( $self->extractRelayState( $req, $relaystate, $relayStateURL ) )
{
$self->logger->debug("RelayState $relaystate extracted");
}
@ -346,6 +347,16 @@ sub extractFormInfo {
$req->datas->{_proxiedArtifact} =
$samlSessionInfo->data->{Artifact};
# Save values in hidden fields in case of other user interactions
$self->p->setHiddenFormValue( $req, 'SAMLRequest',
$self->{_proxiedRequest} );
$self->p->setHiddenFormValue( $req, 'Method',
$self->{_proxiedMethod} );
$self->p->setHiddenFormValue( $req, 'RelayState',
$self->{_proxiedRelayState} );
$self->p->setHiddenFormValue( $req, 'SAMLart',
$self->{_proxiedArtifact} );
# Delete session
$samlSessionInfo->remove();
}
@ -456,7 +467,7 @@ sub extractFormInfo {
}
# If URL in RelayState, different from portal, redirect user
if ( $self->extractRelayState($relaystate) ) {
if ( $self->extractRelayState( $req, $relaystate ) ) {
$self->logger->debug("RelayState $relaystate extracted");
$self->logger->debug(
"URL " . $req->urldc . " found in RelayState" );

30
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
View File

@ -8,7 +8,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 22;
my $maintests = 20;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -95,44 +95,36 @@ SKIP: {
( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
$fields{user} = $fields{password} = 'french';
use URI::Escape;
my $s = join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
$query =
join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
ok(
$res = $issuer->_post(
$url,
IO::String->new($s),
IO::String->new($query),
accept => 'text/html',
length => length($s),
length => length($query),
),
'Post authentication'
);
expectOK($res);
my $idpId = expectCookie($res);
( $host, $url, $query ) =
expectForm( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
'SAMLResponse', 'RelayState' );
# Post SAML response to SP
ok(
$res->[2]->[0] =~
m#<form.+?action="http://auth.sp.com(.*?)".+?method="post"#,
'Form method is POST'
);
$url = $1;
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLResponse".+?value="(.+?)"/s,
'Found SAML response'
);
$s = "SAMLResponse=$1";
switch ('sp');
ok(
$res = $sp->_post(
$url, IO::String->new($s),
$url, IO::String->new($query),
accept => 'text/html',
length => length($s),
length => length($query),
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
),
'Post SAML response to SP'
);
my $spId = expectCookie($res);
expectRedirection( $res, 'http://auth.sp.com' );
expectRedirection( $res, 'http://test1.example.com/' );
ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
expectOK($res);