dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Code to support SAML Discovery Protocol as SP (#1478)

Browse Source
This commit is contained in:
Clément OUDOT 2018-09-04 14:39:19 +02:00
parent f1b912a802
commit d6e462d6bc
1 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
View File

@ -754,7 +754,7 @@ sub extractFormInfo {
my $res = $self->p->deleteSession($req);
return (
$res eq PE_LOGOUT_OK ? PE_SENDRESPONSE : $res );
}
}
]
);
@ -849,6 +849,45 @@ sub extractFormInfo {
return PE_REDIRECT;
}
# Use SAML Discovery Protocol
if ( !$idp
and $self->conf->{samlDiscoveryProtocolActivation}
and defined $self->conf->{samlDiscoveryProtocolURL} )
{
$self->logger->debug(
"Will try to use SAML Discovery Protocol for IDP resolution");
my $disco_url = $self->conf->{samlDiscoveryProtocolURL};
$disco_url .= ( $disco_url =~ /\?/ ? '&' : '?' )
. build_urlencoded(
entityID => $self->getMetaDataURL( 'samlEntityID', 0, 1 ),
return => $self->conf->{portal},
returnIDParam => 'idp'
);
if ( defined $self->conf->{samlDiscoveryProtocolPolicy} ) {
$disco_url .= "&"
. build_urlencoded(
policy => $self->conf->{samlDiscoveryProtocolPolicy} );
}
if ( defined $self->conf->{samlDiscoveryProtocolIsPassive} ) {
$disco_url .= "&"
. build_urlencoded(
isPassive => $self->conf->{samlDiscoveryProtocolIsPassive}
? "true"
: "false" );
}
$self->logger->debug("Redirect user to $disco_url");
$req->urldc($disco_url);
$req->steps( [] );
return PE_REDIRECT;
}
# If IDP was not resolved, let the user choose its IDP
unless ($idp) {
$self->logger->debug("Redirecting user to IDP list");
@ -1440,7 +1479,7 @@ sub getIDP {
# Alert when selected IDP is unknown
if ( $idp and !exists $self->idpList->{$idp} ) {
$self->userLogger->error("Required IDP $idp does not exists");
$self->logger->error("Required IDP $idp does not exists");
$idp = undef;
}