SAML in progress (#595)
This commit is contained in:
parent
9b065f2e3c
commit
e5fdcbc3fd
|
@ -84,7 +84,8 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Check SAML Message
|
# Check SAML Message
|
||||||
my ( $request, $response, $method, $relaystate, $artifact ) =
|
my ( $request, $response, $method, $relaystate, $artifact ) =
|
||||||
$self->checkMessage( $url, $request_method, $content_type, "login" );
|
$self->checkMessage( $req, $url, $request_method, $content_type,
|
||||||
|
"login" );
|
||||||
|
|
||||||
# Create Login object
|
# Create Login object
|
||||||
my $login = $self->createLogin( $self->lassoServer );
|
my $login = $self->createLogin( $self->lassoServer );
|
||||||
|
@ -392,7 +393,8 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Check SAML Message
|
# Check SAML Message
|
||||||
my ( $request, $response, $method, $relaystate, $artifact ) =
|
my ( $request, $response, $method, $relaystate, $artifact ) =
|
||||||
$self->checkMessage( $url, $request_method, $content_type, "logout" );
|
$self->checkMessage( $req, $url, $request_method, $content_type,
|
||||||
|
"logout" );
|
||||||
|
|
||||||
# Create Logout object
|
# Create Logout object
|
||||||
my $logout = $self->createLogout( $self->lassoServer );
|
my $logout = $self->createLogout( $self->lassoServer );
|
||||||
|
|
|
@ -47,7 +47,7 @@ sub init {
|
||||||
my $saml_sso_art_url_ret = $self->getMetaDataURL(
|
my $saml_sso_art_url_ret = $self->getMetaDataURL(
|
||||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact", 2 );
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact", 2 );
|
||||||
$self->ssoUrlRe(
|
$self->ssoUrlRe(
|
||||||
qr/^\Q($saml_sso_soap_url|$saml_sso_soap_url_ret|$saml_sso_get_url|$saml_sso_get_url_ret|$saml_sso_post_url|$saml_sso_post_url_ret|$saml_sso_art_url|$saml_sso_art_url_ret)\E$/i
|
qr/^($saml_sso_soap_url|$saml_sso_soap_url_ret|$saml_sso_get_url|$saml_sso_get_url_ret|$saml_sso_post_url|$saml_sso_post_url_ret|$saml_sso_art_url|$saml_sso_art_url_ret)$/i
|
||||||
);
|
);
|
||||||
|
|
||||||
my $saml_slo_soap_url =
|
my $saml_slo_soap_url =
|
||||||
|
@ -65,7 +65,7 @@ qr/^\Q($saml_sso_soap_url|$saml_sso_soap_url_ret|$saml_sso_get_url|$saml_sso_get
|
||||||
$self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTPPost",
|
$self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTPPost",
|
||||||
2 );
|
2 );
|
||||||
$self->sloRe(
|
$self->sloRe(
|
||||||
qr/^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E|\Q$saml_slo_post_url\E|\Q$saml_slo_post_url_ret\E)$/i
|
qr/^($saml_slo_soap_url|$saml_slo_soap_url_ret|$saml_slo_get_url|$saml_slo_get_url_ret|$saml_slo_post_url|$saml_slo_post_url_ret)$/i
|
||||||
);
|
);
|
||||||
|
|
||||||
return (
|
return (
|
||||||
|
@ -101,12 +101,12 @@ sub run {
|
||||||
|
|
||||||
# Get HTTP request informations to know
|
# Get HTTP request informations to know
|
||||||
# if we are receving SAML request or response
|
# if we are receving SAML request or response
|
||||||
my $url = $self->url( -absolute => 1 );
|
my $url = $req->uri;
|
||||||
my $request_method = $self->request_method();
|
my $request_method = $req->method();
|
||||||
my $content_type = $self->content_type();
|
my $content_type = $req->contentType();
|
||||||
my $idp_initiated = $self->param('IDPInitiated');
|
my $idp_initiated = $req->param('IDPInitiated');
|
||||||
my $idp_initiated_sp = $self->param('sp');
|
my $idp_initiated_sp = $req->param('sp');
|
||||||
my $idp_initiated_spConfKey = $self->param('spConfKey');
|
my $idp_initiated_spConfKey = $req->param('spConfKey');
|
||||||
|
|
||||||
# 1.1. SSO (SSO URL or Proxy Mode)
|
# 1.1. SSO (SSO URL or Proxy Mode)
|
||||||
if ( $url =~ $self->ssoUrlRe or $req->datas->{_proxiedRequest} ) {
|
if ( $url =~ $self->ssoUrlRe or $req->datas->{_proxiedRequest} ) {
|
||||||
|
@ -114,11 +114,12 @@ sub run {
|
||||||
$self->lmLog( "URL $url detected as an SSO request URL", 'debug' );
|
$self->lmLog( "URL $url detected as an SSO request URL", 'debug' );
|
||||||
|
|
||||||
# Get hidden params for IDP initiated if needed
|
# Get hidden params for IDP initiated if needed
|
||||||
$idp_initiated = $self->getHiddenFormValue('IDPInitiated')
|
$idp_initiated = $self->p->getHiddenFormValue( $req, 'IDPInitiated' )
|
||||||
unless defined $idp_initiated;
|
unless defined $idp_initiated;
|
||||||
$idp_initiated_sp = $self->getHiddenFormValue('sp')
|
$idp_initiated_sp = $self->p->getHiddenFormValue( $req, 'sp' )
|
||||||
unless defined $idp_initiated_sp;
|
unless defined $idp_initiated_sp;
|
||||||
$idp_initiated_spConfKey = $self->getHiddenFormValue('spConfKey')
|
$idp_initiated_spConfKey =
|
||||||
|
$self->p->getHiddenFormValue( $req, 'spConfKey' )
|
||||||
unless defined $idp_initiated_spConfKey;
|
unless defined $idp_initiated_spConfKey;
|
||||||
|
|
||||||
# Check message
|
# Check message
|
||||||
|
@ -132,7 +133,7 @@ sub run {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
( $request, $response, $method, $relaystate, $artifact ) =
|
( $request, $response, $method, $relaystate, $artifact ) =
|
||||||
$self->checkMessage( $url, $request_method, $content_type );
|
$self->checkMessage( $req, $url, $request_method, $content_type );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create Login object
|
# Create Login object
|
||||||
|
@ -444,7 +445,7 @@ sub run {
|
||||||
# Build Assertion
|
# Build Assertion
|
||||||
unless (
|
unless (
|
||||||
$self->buildAssertion(
|
$self->buildAssertion(
|
||||||
$login, $authn_context, $notOnOrAfterTimeout
|
$req, $login, $authn_context, $notOnOrAfterTimeout
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
|
@ -501,7 +502,7 @@ sub run {
|
||||||
my $nameIDContent;
|
my $nameIDContent;
|
||||||
if ( defined $req->{sessionInfo}->{$nameIDSessionKey} ) {
|
if ( defined $req->{sessionInfo}->{$nameIDSessionKey} ) {
|
||||||
$nameIDContent =
|
$nameIDContent =
|
||||||
$self->getFirstValue(
|
$self->p->getFirstValue(
|
||||||
$req->{sessionInfo}->{$nameIDSessionKey} );
|
$req->{sessionInfo}->{$nameIDSessionKey} );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -730,7 +731,7 @@ sub run {
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$self->_sub( 'userNotice',
|
$self->p->userNotice(
|
||||||
"SAML authentication response sent to SAML SP $spConfKey for $user$nameIDLog"
|
"SAML authentication response sent to SAML SP $spConfKey for $user$nameIDLog"
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -795,7 +796,7 @@ sub run {
|
||||||
|
|
||||||
if ( $login->is_session_dirty ) {
|
if ( $login->is_session_dirty ) {
|
||||||
$self->lmLog( "Save Lasso session in session", 'debug' );
|
$self->lmLog( "Save Lasso session in session", 'debug' );
|
||||||
$self->updateSession(
|
$self->p->updateSession(
|
||||||
{ _lassoSessionDump => $login->get_session->dump },
|
{ _lassoSessionDump => $login->get_session->dump },
|
||||||
$session_id );
|
$session_id );
|
||||||
}
|
}
|
||||||
|
@ -903,7 +904,8 @@ sub run {
|
||||||
$req->{postFields}->{'RelayState'} = $relaystate
|
$req->{postFields}->{'RelayState'} = $relaystate
|
||||||
if ($relaystate);
|
if ($relaystate);
|
||||||
|
|
||||||
return $self->_subProcess(qw(autoPost));
|
$req->steps( ['autoPost'] );
|
||||||
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -931,7 +933,8 @@ sub run {
|
||||||
|
|
||||||
# Check SAML Message
|
# Check SAML Message
|
||||||
my ( $request, $response, $method, $relaystate, $artifact ) =
|
my ( $request, $response, $method, $relaystate, $artifact ) =
|
||||||
$self->checkMessage( $url, $request_method, $content_type, "logout" );
|
$self->checkMessage( $req, $url, $request_method, $content_type,
|
||||||
|
"logout" );
|
||||||
|
|
||||||
# Create Logout object
|
# Create Logout object
|
||||||
my $logout = $self->createLogout($server);
|
my $logout = $self->createLogout($server);
|
||||||
|
|
|
@ -49,6 +49,10 @@ sub init {
|
||||||
|
|
||||||
sub _redirect {
|
sub _redirect {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
my $prms = $req->params;
|
||||||
|
foreach my $k ( keys %$prms ) {
|
||||||
|
$self->p->setHiddenFormValue( $req, $k, $prms->{$k}, '', 0 );
|
||||||
|
}
|
||||||
$req->{urldc} =
|
$req->{urldc} =
|
||||||
$self->conf->{portal}
|
$self->conf->{portal}
|
||||||
. $req->path
|
. $req->path
|
||||||
|
@ -74,9 +78,6 @@ sub _redirect {
|
||||||
sub _pRedirect {
|
sub _pRedirect {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->parseBody;
|
$req->parseBody;
|
||||||
|
|
||||||
# TODO
|
|
||||||
die("TODO: store datas");
|
|
||||||
return $self->_redirect($req);
|
return $self->_redirect($req);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -518,7 +518,7 @@ sub setHiddenFormValue {
|
||||||
# Store value
|
# Store value
|
||||||
if ($val) {
|
if ($val) {
|
||||||
$key = $prefix . $key;
|
$key = $prefix . $key;
|
||||||
$val = encode_base64($val) if $base64;
|
$val = encode_base64($val,'') if $base64;
|
||||||
$req->{portalHiddenFormValues}->{$key} = $val;
|
$req->{portalHiddenFormValues}->{$key} = $val;
|
||||||
$self->lmLog( "Store $val in hidden key $key", 'debug' );
|
$self->lmLog( "Store $val in hidden key $key", 'debug' );
|
||||||
}
|
}
|
||||||
|
@ -572,4 +572,13 @@ sub clearHiddenFormValue {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Get the first value of a multivaluated session value
|
||||||
|
sub getFirstValue {
|
||||||
|
my ( $self, $value ) = @_;
|
||||||
|
|
||||||
|
my @values = split /$self->{conf}->{multiValuesSeparator}/, $value;
|
||||||
|
|
||||||
|
return $values[0];
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -4,7 +4,7 @@ use IO::String;
|
||||||
|
|
||||||
require 't/test-lib.pm';
|
require 't/test-lib.pm';
|
||||||
|
|
||||||
my $maintests = 10;
|
my $maintests = 14;
|
||||||
my $debug = 'debug';
|
my $debug = 'debug';
|
||||||
my $res;
|
my $res;
|
||||||
my %handlerOR = ( issuer => [], sp => [] );
|
my %handlerOR = ( issuer => [], sp => [] );
|
||||||
|
@ -60,9 +60,9 @@ SKIP: {
|
||||||
$res = $sp->_post(
|
$res = $sp->_post(
|
||||||
'/',
|
'/',
|
||||||
IO::String->new(
|
IO::String->new(
|
||||||
"confirm=$confirm&idp=https://auth.idp.com/saml/metadata"),
|
"confirm=$confirm&idp=http://auth.idp.com/saml/metadata"),
|
||||||
accept => 'text/html',
|
accept => 'text/html',
|
||||||
length => length($confirm) + 47,
|
length => length($confirm) + 46,
|
||||||
),
|
),
|
||||||
'Select IDP'
|
'Select IDP'
|
||||||
);
|
);
|
||||||
|
@ -72,13 +72,13 @@ SKIP: {
|
||||||
(
|
(
|
||||||
defined( $cookies->{lemonldapidp} )
|
defined( $cookies->{lemonldapidp} )
|
||||||
and $cookies->{lemonldapidp} eq
|
and $cookies->{lemonldapidp} eq
|
||||||
'https://auth.idp.com/saml/metadata'
|
'http://auth.idp.com/saml/metadata'
|
||||||
),
|
),
|
||||||
'IDP cookie defined'
|
'IDP cookie defined'
|
||||||
)
|
)
|
||||||
or explain(
|
or explain(
|
||||||
$res->[1],
|
$res->[1],
|
||||||
'Set-Cookie => lemonldapidp=https://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
|
||||||
);
|
);
|
||||||
ok(
|
ok(
|
||||||
$res->[2]->[0] =~
|
$res->[2]->[0] =~
|
||||||
|
@ -90,6 +90,42 @@ SKIP: {
|
||||||
' <input type="hidden" name="SAMLRequest" id="SAMLRequest" value="...'
|
' <input type="hidden" name="SAMLRequest" id="SAMLRequest" value="...'
|
||||||
);
|
);
|
||||||
my $samlReq = $1;
|
my $samlReq = $1;
|
||||||
|
ok(
|
||||||
|
$res->[2]->[0] =~ m#<form id="form" action="http://auth.idp.com(.*?)"#s,
|
||||||
|
'Found IdP URL'
|
||||||
|
);
|
||||||
|
my $url = $1;
|
||||||
|
switch ('issuer');
|
||||||
|
my $s = "SAMLRequest=$samlReq";
|
||||||
|
ok(
|
||||||
|
$res = $issuer->_post(
|
||||||
|
$url,
|
||||||
|
IO::String->new($s),
|
||||||
|
accept => 'text/html',
|
||||||
|
length => length($s)
|
||||||
|
),
|
||||||
|
'Post SAML request to IdP'
|
||||||
|
);
|
||||||
|
ok( $res->[0] == 200, 'Return code is 200' );
|
||||||
|
my $body = $res->[2]->[0];
|
||||||
|
$body =~ s/^.*?<form.*?>//s;
|
||||||
|
$body =~ s#</form>.*$##s;
|
||||||
|
my %fields =
|
||||||
|
( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
|
||||||
|
$fields{user} = $fields{password} = 'dwho';
|
||||||
|
use URI::Escape;
|
||||||
|
$s = join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
|
||||||
|
ok(
|
||||||
|
$res = $issuer->_post(
|
||||||
|
$url,
|
||||||
|
IO::String->new($s),
|
||||||
|
accept => 'text/html',
|
||||||
|
length => length($s)
|
||||||
|
),
|
||||||
|
'Post authentication'
|
||||||
|
);
|
||||||
|
|
||||||
|
#print STDERR Dumper($res);
|
||||||
}
|
}
|
||||||
|
|
||||||
count($maintests);
|
count($maintests);
|
||||||
|
@ -109,7 +145,7 @@ sub issuer {
|
||||||
ini => {
|
ini => {
|
||||||
logLevel => $debug,
|
logLevel => $debug,
|
||||||
domain => 'idp.com',
|
domain => 'idp.com',
|
||||||
portal => 'auth.idp.com',
|
portal => 'http://auth.idp.com',
|
||||||
authentication => 'Demo',
|
authentication => 'Demo',
|
||||||
userDB => 'Demo',
|
userDB => 'Demo',
|
||||||
issuerDBSAMLActivation => 1,
|
issuerDBSAMLActivation => 1,
|
||||||
|
@ -120,7 +156,7 @@ sub issuer {
|
||||||
},
|
},
|
||||||
samlOrganizationDisplayName => "IDP",
|
samlOrganizationDisplayName => "IDP",
|
||||||
samlOrganizationName => "IDP",
|
samlOrganizationName => "IDP",
|
||||||
samlOrganizationURL => "https://www.idp.com/",
|
samlOrganizationURL => "http://www.idp.com/",
|
||||||
samlServicePrivateKeyEnc => "-----BEGIN RSA PRIVATE KEY-----
|
samlServicePrivateKeyEnc => "-----BEGIN RSA PRIVATE KEY-----
|
||||||
MIIEogIBAAKCAQEAnfKBDG/K0TnGT7Xu8q1N45sNWvIK91SqNg8nvN2uVeKoHADT
|
MIIEogIBAAKCAQEAnfKBDG/K0TnGT7Xu8q1N45sNWvIK91SqNg8nvN2uVeKoHADT
|
||||||
csus5Xn3id5+8Q9TuMFsW9kIEeXiaPKXQa9ryfSNDhWDWloNkpGEeWif2BnHUu46
|
csus5Xn3id5+8Q9TuMFsW9kIEeXiaPKXQa9ryfSNDhWDWloNkpGEeWif2BnHUu46
|
||||||
|
@ -357,6 +393,7 @@ sub sp {
|
||||||
ini => {
|
ini => {
|
||||||
logLevel => $debug,
|
logLevel => $debug,
|
||||||
domain => 'sp.com',
|
domain => 'sp.com',
|
||||||
|
portal => 'http://auth.sp.com',
|
||||||
authentication => 'SAML',
|
authentication => 'SAML',
|
||||||
userDB => 'SAML',
|
userDB => 'SAML',
|
||||||
issuerDBSAMLActivation => 0,
|
issuerDBSAMLActivation => 0,
|
||||||
|
@ -379,7 +416,7 @@ sub sp {
|
||||||
<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"
|
<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"
|
||||||
xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"
|
xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"
|
||||||
xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"
|
xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"
|
||||||
entityID=\"https://auth.idp.com/saml/metadata\">
|
entityID=\"http://auth.idp.com/saml/metadata\">
|
||||||
|
|
||||||
<IDPSSODescriptor WantAuthnRequestsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
|
<IDPSSODescriptor WantAuthnRequestsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
|
||||||
<KeyDescriptor use=\"signing\">
|
<KeyDescriptor use=\"signing\">
|
||||||
|
@ -412,20 +449,20 @@ g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQ==
|
||||||
</ds:KeyValue>
|
</ds:KeyValue>
|
||||||
</ds:KeyInfo>
|
</ds:KeyInfo>
|
||||||
</KeyDescriptor>
|
</KeyDescriptor>
|
||||||
<ArtifactResolutionService isDefault=\"true\" index=\"0\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"https://auth.idp.com/saml/artifact\" />
|
<ArtifactResolutionService isDefault=\"true\" index=\"0\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://auth.idp.com/saml/artifact\" />
|
||||||
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"https://auth.idp.com/saml/singleLogoutSOAP\" />
|
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://auth.idp.com/saml/singleLogoutSOAP\" />
|
||||||
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://auth.idp.com/saml/singleLogout\" ResponseLocation=\"https://auth.idp.com/saml/singleLogoutReturn\" />
|
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://auth.idp.com/saml/singleLogout\" ResponseLocation=\"http://auth.idp.com/saml/singleLogoutReturn\" />
|
||||||
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://auth.idp.com/saml/singleLogout\" ResponseLocation=\"https://auth.idp.com/saml/singleLogoutReturn\" />
|
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://auth.idp.com/saml/singleLogout\" ResponseLocation=\"http://auth.idp.com/saml/singleLogoutReturn\" />
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||||
<SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://auth.idp.com/saml/singleSignOn\" />
|
<SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://auth.idp.com/saml/singleSignOn\" />
|
||||||
<SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://auth.idp.com/saml/singleSignOn\" />
|
<SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://auth.idp.com/saml/singleSignOn\" />
|
||||||
<SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"https://auth.idp.com/saml/singleSignOnArtifact\" />
|
<SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"http://auth.idp.com/saml/singleSignOnArtifact\" />
|
||||||
<SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"https://auth.idp.com/saml/singleSignOnSOAP\" />
|
<SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://auth.idp.com/saml/singleSignOnSOAP\" />
|
||||||
</IDPSSODescriptor>
|
</IDPSSODescriptor>
|
||||||
|
|
||||||
<SPSSODescriptor AuthnRequestsSigned=\"true\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
|
<SPSSODescriptor AuthnRequestsSigned=\"true\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
|
||||||
|
@ -459,18 +496,18 @@ g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQ==
|
||||||
</ds:KeyValue>
|
</ds:KeyValue>
|
||||||
</ds:KeyInfo>
|
</ds:KeyInfo>
|
||||||
</KeyDescriptor>
|
</KeyDescriptor>
|
||||||
<ArtifactResolutionService isDefault=\"true\" index=\"0\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"https://auth.idp.com/saml/artifact\" />
|
<ArtifactResolutionService isDefault=\"true\" index=\"0\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://auth.idp.com/saml/artifact\" />
|
||||||
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"https://auth.idp.com/saml/proxySingleLogoutSOAP\" />
|
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://auth.idp.com/saml/proxySingleLogoutSOAP\" />
|
||||||
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://auth.idp.com/saml/proxySingleLogout\" ResponseLocation=\"https://auth.idp.com/saml/proxySingleLogoutReturn\" />
|
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://auth.idp.com/saml/proxySingleLogout\" ResponseLocation=\"http://auth.idp.com/saml/proxySingleLogoutReturn\" />
|
||||||
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://auth.idp.com/saml/proxySingleLogout\" ResponseLocation=\"https://auth.idp.com/saml/proxySingleLogoutReturn\" />
|
<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://auth.idp.com/saml/proxySingleLogout\" ResponseLocation=\"http://auth.idp.com/saml/proxySingleLogoutReturn\" />
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||||
<AssertionConsumerService isDefault=\"true\" index=\"0\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"https://auth.idp.com/saml/proxySingleSignOnArtifact\" />
|
<AssertionConsumerService isDefault=\"true\" index=\"0\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"http://auth.idp.com/saml/proxySingleSignOnArtifact\" />
|
||||||
<AssertionConsumerService isDefault=\"false\" index=\"1\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://auth.idp.com/saml/proxySingleSignOnPost\" />
|
<AssertionConsumerService isDefault=\"false\" index=\"1\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://auth.idp.com/saml/proxySingleSignOnPost\" />
|
||||||
</SPSSODescriptor>
|
</SPSSODescriptor>
|
||||||
|
|
||||||
<AttributeAuthorityDescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
|
<AttributeAuthorityDescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
|
||||||
|
@ -504,7 +541,7 @@ g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQ==
|
||||||
</ds:KeyValue>
|
</ds:KeyValue>
|
||||||
</ds:KeyInfo>
|
</ds:KeyInfo>
|
||||||
</KeyDescriptor>
|
</KeyDescriptor>
|
||||||
<AttributeService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"https://auth.idp.com/saml/AA/SOAP\"/>
|
<AttributeService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://auth.idp.com/saml/AA/SOAP\"/>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
||||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
|
||||||
|
@ -516,7 +553,7 @@ g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQ==
|
||||||
<Organization>
|
<Organization>
|
||||||
<OrganizationName xml:lang=\"en\">IDP</OrganizationName>
|
<OrganizationName xml:lang=\"en\">IDP</OrganizationName>
|
||||||
<OrganizationDisplayName xml:lang=\"en\">IDP</OrganizationDisplayName>
|
<OrganizationDisplayName xml:lang=\"en\">IDP</OrganizationDisplayName>
|
||||||
<OrganizationURL xml:lang=\"en\">https://www.idp.fr/</OrganizationURL>
|
<OrganizationURL xml:lang=\"en\">http://www.idp.fr/</OrganizationURL>
|
||||||
</Organization>
|
</Organization>
|
||||||
|
|
||||||
</EntityDescriptor>
|
</EntityDescriptor>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user