dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reorder SAML bindings to put default ACS first (#2621)

Browse Source 
This is just in case we interact with a dumb SP who doesn't implement
isDefault correctly. And to preserve (almost) byte-for-byte metadata
content for existing installations
This commit is contained in:
Maxime Besson 2021-09-23 16:28:26 +02:00
parent 1d4b202ebb
commit de8f5adf96
1 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm
View File

@ -164,12 +164,22 @@ sub serviceToXML {
samlIDPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorArtifactResolutionServiceArtifact
); );
my %indexed_endpoints;
foreach (@param_assertion) { foreach (@param_assertion) {
my @_tab = split( /;/, $self->getValue( $_, $conf ) ); my @_tab = split( /;/, $self->getValue( $_, $conf ) );
$template->param( $_ . 'Default', $_tab[0] ? 'true' : 'false' ); $indexed_endpoints{ $_ . 'Default' } = ( $_tab[0] ? 'true' : 'false' );
$template->param( $_ . 'Index', $_tab[1] ); $indexed_endpoints{ $_ . 'Index' } = $_tab[1];
$template->param( $_ . 'Binding', $_tab[2] ); $indexed_endpoints{ $_ . 'Binding' } = $_tab[2];
$template->param( $_ . 'Location', $_tab[3] ); $indexed_endpoints{ $_ . 'Location' } = $_tab[3];
}
$template->param(%indexed_endpoints);
if (
$indexed_endpoints{samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactDefault}
eq 'true'
)
{
$template->param( "ACSArtifactDefault" => 1 );
} }
# Return the XML metadata. # Return the XML metadata.
@ -310,6 +320,7 @@ __DATA__
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<TMPL_IF ACSArtifactDefault>
<AssertionConsumerService <AssertionConsumerService
isDefault="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactDefault">" isDefault="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactDefault">"
index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactIndex">" index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactIndex">"
@ -320,6 +331,18 @@ __DATA__
index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostIndex">" index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostIndex">"
Binding="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostBinding">" Binding="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostBinding">"
Location="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostLocation">" /> Location="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostLocation">" />
<TMPL_ELSE>
<AssertionConsumerService
isDefault="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostDefault">"
index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostIndex">"
Binding="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostBinding">"
Location="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostLocation">" />
<AssertionConsumerService
isDefault="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactDefault">"
index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactIndex">"
Binding="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactBinding">"
Location="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactLocation">" />
</TMPL_IF>
</SPSSODescriptor> </SPSSODescriptor>
</TMPL_UNLESS> </TMPL_UNLESS>