Use URL path to match SAML action URL (#404)

modules/lemonldap-ng-portal/META.yml

@@ -26,6 +26,7 @@ requires:
     Net::LDAP:            0
     SOAP::Lite:           0
     String::Random:       0
+    URI:                  0
     XML::LibXML:          0
     XML::LibXSLT:         0
 no_index:

modules/lemonldap-ng-portal/Makefile.PL

@@ -36,6 +36,7 @@ WriteMakefile(
         'XML::LibXML'            => 0,
         'XML::LibXSLT'           => 0,
         'Clone'                  => 0,
+        'URI'                    => 0,
     },
     (
         $] >= 5.005

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm

@@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Simple;
 use Lemonldap::NG::Portal::_SAML;    #inherits
 use Lemonldap::NG::Common::Conf::SAML::Metadata;
 
-our $VERSION = '1.0.0';
+our $VERSION = '1.2.0';
 our @ISA     = qw(Lemonldap::NG::Portal::_SAML);
 
 ## @apmethod int authInit()
@@ -38,7 +38,7 @@ sub extractFormInfo {
 
     # 1. Get HTTP request informations to know
     # if we are receving SAML request or response
-    my $url            = $self->url();
+    my $url            = $self->url( -absolute => 1 );
     my $request_method = $self->request_method();
     my $content_type   = $self->content_type();
 
@@ -190,7 +190,7 @@ sub extractFormInfo {
             if (
                 $checkConditions
                 and !$self->validateConditions(
-                    $assertion, $self->getMetaDataURL( "samlEntityID", 0 )
+                    $assertion, $self->getMetaDataURL( "samlEntityID", 0, 1 )
                 )
               )
             {
@@ -1410,7 +1410,7 @@ sub authLogout {
 sub authForce {
     my $self = shift;
 
-    my $url = $self->url();
+    my $url = $self->url( -asbolute => 1 );
 
     my $saml_acs_art_url = $self->getMetaDataURL(
         "samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact");

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm

@@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Simple;
 use Lemonldap::NG::Portal::_SAML;
 our @ISA = qw(Lemonldap::NG::Portal::_SAML);
 
-our $VERSION = '1.1.0';
+our $VERSION = '1.2.0';
 
 ## @method void issuerDBInit()
 # Load and check SAML configuration
@@ -86,7 +86,7 @@ sub issuerForUnAuthUser {
 
     # Get HTTP request informations to know
     # if we are receving SAML request or response
-    my $url            = $self->url();
+    my $url            = $self->url( -absolute => 1 );
     my $request_method = $self->request_method();
     my $content_type   = $self->content_type();
 
@@ -1109,7 +1109,7 @@ sub issuerForAuthUser {
 
     # Get HTTP request informations to know
     # if we are receving SAML request or response
-    my $url            = $self->url();
+    my $url            = $self->url( -absolute => 1 );
     my $request_method = $self->request_method();
     my $content_type   = $self->content_type();
 
@@ -1401,7 +1401,7 @@ sub issuerForAuthUser {
 
             # Manage Entity NameID format
             if ( $nameIDFormat eq $self->getNameIDFormat("entity") ) {
-                $nameIDContent = $self->getMetaDataURL( "samlEntityID", 0 );
+                $nameIDContent = $self->getMetaDataURL( "samlEntityID", 0, 1 );
             }
 
             if ( $login->nameIdentifier ) {
@@ -1692,7 +1692,7 @@ sub issuerForAuthUser {
             if (    $self->{samlCommonDomainCookieActivation}
                 and $self->{samlCommonDomainCookieWriter} )
             {
-                my $cdc_idp = $self->getMetaDataURL( "samlEntityID", 0 );
+                my $cdc_idp = $self->getMetaDataURL( "samlEntityID", 0, 1 );
 
                 $self->lmLog(
                     "Will register IDP $cdc_idp in Common Domain Cookie",

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm

@@ -15,6 +15,7 @@ use HTTP::Request;     # SOAP call
 use POSIX;             # Convert SAML2 date into timestamp
 use Time::Local;       # Convert SAML2 date into timestamp
 use Encode;            # Encode attribute values
+use URI;               # Get metadata URL path
 
 # Special comments for doxygen
 #inherits Lemonldap::NG::Common::Conf::SAML::Metadata protected service_metadata
@@ -1472,10 +1473,12 @@ sub setIdentityFromDump {
 # Replace #PORTAL# macro
 # @param key Metadata configuration key
 # @param index field index containing URL
+# @param full Return full URL instead of path
 # @return url
 sub getMetaDataURL {
-    my ( $self, $key, $index ) = splice @_;
+    my ( $self, $key, $index, $full ) = splice @_;
     $index = 3 unless defined $index;
+    $full  = 0 unless defined $full;
 
     return unless defined $self->{$key};
 
@@ -1488,8 +1491,12 @@ sub getMetaDataURL {
     # Replace #PORTAL# macro
     $url =~ s/#PORTAL#/$portal/g;
 
-    # Return URL
-    return $url;
+    # Return Full URL
+    return $url if $full;
+
+    # Return only path
+    my $uri = URI->new($url);
+    return $uri->path();
 }
 
 ## @method boolean processLogoutResponseMsg(Lasso::Logout logout, string response)