Use URL path to match SAML action URL (#404)
This commit is contained in:
parent
61d8e14a91
commit
db5c83a96a
|
@ -26,6 +26,7 @@ requires:
|
|||
Net::LDAP: 0
|
||||
SOAP::Lite: 0
|
||||
String::Random: 0
|
||||
URI: 0
|
||||
XML::LibXML: 0
|
||||
XML::LibXSLT: 0
|
||||
no_index:
|
||||
|
|
|
@ -36,6 +36,7 @@ WriteMakefile(
|
|||
'XML::LibXML' => 0,
|
||||
'XML::LibXSLT' => 0,
|
||||
'Clone' => 0,
|
||||
'URI' => 0,
|
||||
},
|
||||
(
|
||||
$] >= 5.005
|
||||
|
|
|
@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Simple;
|
|||
use Lemonldap::NG::Portal::_SAML; #inherits
|
||||
use Lemonldap::NG::Common::Conf::SAML::Metadata;
|
||||
|
||||
our $VERSION = '1.0.0';
|
||||
our $VERSION = '1.2.0';
|
||||
our @ISA = qw(Lemonldap::NG::Portal::_SAML);
|
||||
|
||||
## @apmethod int authInit()
|
||||
|
@ -38,7 +38,7 @@ sub extractFormInfo {
|
|||
|
||||
# 1. Get HTTP request informations to know
|
||||
# if we are receving SAML request or response
|
||||
my $url = $self->url();
|
||||
my $url = $self->url( -absolute => 1 );
|
||||
my $request_method = $self->request_method();
|
||||
my $content_type = $self->content_type();
|
||||
|
||||
|
@ -190,7 +190,7 @@ sub extractFormInfo {
|
|||
if (
|
||||
$checkConditions
|
||||
and !$self->validateConditions(
|
||||
$assertion, $self->getMetaDataURL( "samlEntityID", 0 )
|
||||
$assertion, $self->getMetaDataURL( "samlEntityID", 0, 1 )
|
||||
)
|
||||
)
|
||||
{
|
||||
|
@ -1410,7 +1410,7 @@ sub authLogout {
|
|||
sub authForce {
|
||||
my $self = shift;
|
||||
|
||||
my $url = $self->url();
|
||||
my $url = $self->url( -asbolute => 1 );
|
||||
|
||||
my $saml_acs_art_url = $self->getMetaDataURL(
|
||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact");
|
||||
|
|
|
@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Simple;
|
|||
use Lemonldap::NG::Portal::_SAML;
|
||||
our @ISA = qw(Lemonldap::NG::Portal::_SAML);
|
||||
|
||||
our $VERSION = '1.1.0';
|
||||
our $VERSION = '1.2.0';
|
||||
|
||||
## @method void issuerDBInit()
|
||||
# Load and check SAML configuration
|
||||
|
@ -86,7 +86,7 @@ sub issuerForUnAuthUser {
|
|||
|
||||
# Get HTTP request informations to know
|
||||
# if we are receving SAML request or response
|
||||
my $url = $self->url();
|
||||
my $url = $self->url( -absolute => 1 );
|
||||
my $request_method = $self->request_method();
|
||||
my $content_type = $self->content_type();
|
||||
|
||||
|
@ -1109,7 +1109,7 @@ sub issuerForAuthUser {
|
|||
|
||||
# Get HTTP request informations to know
|
||||
# if we are receving SAML request or response
|
||||
my $url = $self->url();
|
||||
my $url = $self->url( -absolute => 1 );
|
||||
my $request_method = $self->request_method();
|
||||
my $content_type = $self->content_type();
|
||||
|
||||
|
@ -1401,7 +1401,7 @@ sub issuerForAuthUser {
|
|||
|
||||
# Manage Entity NameID format
|
||||
if ( $nameIDFormat eq $self->getNameIDFormat("entity") ) {
|
||||
$nameIDContent = $self->getMetaDataURL( "samlEntityID", 0 );
|
||||
$nameIDContent = $self->getMetaDataURL( "samlEntityID", 0, 1 );
|
||||
}
|
||||
|
||||
if ( $login->nameIdentifier ) {
|
||||
|
@ -1692,7 +1692,7 @@ sub issuerForAuthUser {
|
|||
if ( $self->{samlCommonDomainCookieActivation}
|
||||
and $self->{samlCommonDomainCookieWriter} )
|
||||
{
|
||||
my $cdc_idp = $self->getMetaDataURL( "samlEntityID", 0 );
|
||||
my $cdc_idp = $self->getMetaDataURL( "samlEntityID", 0, 1 );
|
||||
|
||||
$self->lmLog(
|
||||
"Will register IDP $cdc_idp in Common Domain Cookie",
|
||||
|
|
|
@ -15,6 +15,7 @@ use HTTP::Request; # SOAP call
|
|||
use POSIX; # Convert SAML2 date into timestamp
|
||||
use Time::Local; # Convert SAML2 date into timestamp
|
||||
use Encode; # Encode attribute values
|
||||
use URI; # Get metadata URL path
|
||||
|
||||
# Special comments for doxygen
|
||||
#inherits Lemonldap::NG::Common::Conf::SAML::Metadata protected service_metadata
|
||||
|
@ -1472,10 +1473,12 @@ sub setIdentityFromDump {
|
|||
# Replace #PORTAL# macro
|
||||
# @param key Metadata configuration key
|
||||
# @param index field index containing URL
|
||||
# @param full Return full URL instead of path
|
||||
# @return url
|
||||
sub getMetaDataURL {
|
||||
my ( $self, $key, $index ) = splice @_;
|
||||
my ( $self, $key, $index, $full ) = splice @_;
|
||||
$index = 3 unless defined $index;
|
||||
$full = 0 unless defined $full;
|
||||
|
||||
return unless defined $self->{$key};
|
||||
|
||||
|
@ -1488,8 +1491,12 @@ sub getMetaDataURL {
|
|||
# Replace #PORTAL# macro
|
||||
$url =~ s/#PORTAL#/$portal/g;
|
||||
|
||||
# Return URL
|
||||
return $url;
|
||||
# Return Full URL
|
||||
return $url if $full;
|
||||
|
||||
# Return only path
|
||||
my $uri = URI->new($url);
|
||||
return $uri->path();
|
||||
}
|
||||
|
||||
## @method boolean processLogoutResponseMsg(Lasso::Logout logout, string response)
|
||||
|
|
Loading…
Reference in New Issue
Block a user