Possibility to use IDP initiated mode in SAML IDP module (#208)
This commit is contained in:
parent
533b2153f6
commit
db5b4e8a95
|
@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Simple;
|
|||
use Lemonldap::NG::Portal::_SAML;
|
||||
our @ISA = qw(Lemonldap::NG::Portal::_SAML);
|
||||
|
||||
our $VERSION = '1.2.3';
|
||||
our $VERSION = '1.3.2';
|
||||
|
||||
## @method void issuerDBInit()
|
||||
# Load and check SAML configuration
|
||||
|
@ -1127,6 +1127,7 @@ sub issuerForAuthUser {
|
|||
my $url = $self->url( -absolute => 1 );
|
||||
my $request_method = $self->request_method();
|
||||
my $content_type = $self->content_type();
|
||||
my $idp_initiated = $self->param('IDPInitiated');
|
||||
|
||||
# 1.1. SSO (SSO URL or Proxy Mode)
|
||||
if ( $url =~
|
||||
|
@ -1156,8 +1157,8 @@ sub issuerForAuthUser {
|
|||
# Ignore signature verification
|
||||
$self->disableSignatureVerification($login);
|
||||
|
||||
# Process the request
|
||||
if ($request) {
|
||||
# Process the request or use IDP initiated mode
|
||||
if ( $request or $idp_initiated ) {
|
||||
|
||||
# Load Session and Identity if they exist
|
||||
my $session = $self->{sessionInfo}->{_lassoSessionDump};
|
||||
|
@ -1179,23 +1180,9 @@ sub issuerForAuthUser {
|
|||
$self->lmLog( "Lasso Identity loaded", 'debug' );
|
||||
}
|
||||
|
||||
# Process authentication request
|
||||
my $result;
|
||||
if ($artifact) {
|
||||
$result = $self->processArtResponseMsg( $login, $request );
|
||||
}
|
||||
else {
|
||||
$result = $self->processAuthnRequestMsg( $login, $request );
|
||||
}
|
||||
|
||||
unless ($result) {
|
||||
$self->lmLog( "SSO: Fail to process authentication request",
|
||||
'error' );
|
||||
return PE_SAML_SSO_ERROR;
|
||||
}
|
||||
|
||||
# Get SP entityID
|
||||
my $sp = $login->remote_providerID();
|
||||
my $sp =
|
||||
$request ? $login->remote_providerID() : $self->param("sp");
|
||||
|
||||
$self->lmLog( "Found entityID $sp in SAML message", 'debug' );
|
||||
|
||||
|
@ -1210,6 +1197,34 @@ sub issuerForAuthUser {
|
|||
|
||||
$self->lmLog( "$sp match $spConfKey SP in configuration", 'debug' );
|
||||
|
||||
my $result;
|
||||
|
||||
# Create fake request if IDP initiated mode
|
||||
if ($idp_initiated) {
|
||||
$result = $self->initIdpInitiatedAuthnRequest( $login, $sp );
|
||||
unless ($result) {
|
||||
$self->lmLog(
|
||||
"SSO: Fail to init IDP Initiated authentication request",
|
||||
'error'
|
||||
);
|
||||
return PE_SAML_SSO_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
# Process authentication request
|
||||
if ($artifact) {
|
||||
$result = $self->processArtResponseMsg( $login, $request );
|
||||
}
|
||||
else {
|
||||
$result = $self->processAuthnRequestMsg( $login, $request );
|
||||
}
|
||||
|
||||
unless ($result) {
|
||||
$self->lmLog( "SSO: Fail to process authentication request",
|
||||
'error' );
|
||||
return PE_SAML_SSO_ERROR;
|
||||
}
|
||||
|
||||
# Do we check signature?
|
||||
my $checkSSOMessageSignature =
|
||||
$self->{samlSPMetaDataOptions}->{$spConfKey}
|
||||
|
|
|
@ -21,7 +21,7 @@ use URI; # Get metadata URL path
|
|||
#inherits Lemonldap::NG::Common::Conf::SAML::Metadata protected service_metadata
|
||||
|
||||
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
|
||||
our $VERSION = '1.3.0';
|
||||
our $VERSION = '1.3.2';
|
||||
our $samlCache;
|
||||
our $initGlibDone;
|
||||
|
||||
|
@ -978,6 +978,19 @@ sub initAuthnRequest {
|
|||
return $self->checkLassoError($@);
|
||||
}
|
||||
|
||||
## @method boolean initIdpInitiatedAuthnRequest(Lasso::Login login, string idp)
|
||||
# Init authentication request
|
||||
# @param login Lasso::Login
|
||||
# @param idp entityID
|
||||
# @return boolean result
|
||||
sub initIdpInitiatedAuthnRequest {
|
||||
my ( $self, $login, $idp ) = splice @_;
|
||||
|
||||
eval { Lasso::Login::init_idp_initiated_authn_request( $login, $idp ); };
|
||||
|
||||
return $self->checkLassoError($@);
|
||||
}
|
||||
|
||||
## @method boolean buildAuthnRequestMsg(Lasso::Login login)
|
||||
# Build authentication request message
|
||||
# @param login Lasso::Login
|
||||
|
@ -3057,6 +3070,10 @@ Create Lasso::Login object
|
|||
|
||||
Init authentication request
|
||||
|
||||
=head2 initIdpInitiatedAuthnRequest
|
||||
|
||||
Init authentication request for IDP initiated
|
||||
|
||||
=head2 buildAuthnRequestMsg
|
||||
|
||||
Build authentication request message
|
||||
|
|
Loading…
Reference in New Issue
Block a user