diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm index 39ee12c0b..bfc5b58ad 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm @@ -495,7 +495,145 @@ sub issuerForUnAuthUser { $self->returnSOAPMessage(); } - # TODO + # Get requested attributes + my @requested_attributes; + eval { @requested_attributes = $query->request()->Attribute(); }; + if ($@) { + $self->checkLassoError($@); + $self->returnSOAPMessage(); + } + + # Returned attributes + my @returned_attributes; + + # Browse SP authorized attributes + foreach ( + keys %{ $self->{samlSPMetaDataExportedAttributes}->{$spConfKey} } ) + { + my $sp_attr = $_; + + # Extract fields from exportedAttr value + my ( $mandatory, $name, $format, $friendly_name ) = + split( /;/, + $self->{samlSPMetaDataExportedAttributes}->{$spConfKey} + ->{$sp_attr} ); + + foreach (@requested_attributes) { + my $req_attr = $_; + my $rname = $req_attr->Name(); + my $rformat = $req_attr->NameFormat(); + my $rfriendly_name = $req_attr->FriendlyName(); + + # Skip if name does not match + next unless ( $rname =~ /^$name$/ ); + + #TODO check format and friendly name + + $self->lmLog( + "SP $spConfKey is authorized to access attribute $rname", + 'debug' ); + + $self->lmLog( + "Attribute $rname is linked to $sp_attr session key", + 'debug' ); + + # Get session value + if ( $sessionInfo->{$sp_attr} ) { + + my @values = split $self->{multiValuesSeparator}, + $sessionInfo->{$sp_attr}; + my @saml2values; + + foreach (@values) { + + # TODO check if values were set in requested attribute + # In this case, only requested values can be returned + + # SAML2 attribute value + my $saml2value; + + eval { + $saml2value = Lasso::Saml2AttributeValue->new(); + }; + if ($@) { + $self->checkLassoError($@); + $self->returnSOAPMessage(); + } + + my @any; + + my $textNode; + eval { $textNode = Lasso::MiscTextNode->new(); }; + if ($@) { + $self->checkLassoError($@); + $self->returnSOAPMessage(); + } + + $textNode->text_child(1); + $textNode->content($_); + + push @any, $textNode; + + $saml2value->any(@any); + + push @saml2values, $saml2value; + + $self->lmLog( "Push $_ in SAML attribute $name", + 'debug' ); + + } + + $req_attr->AttributeValue(@saml2values); + + # Push attribute in attribute list + push @returned_attributes, $req_attr; + + } + else { + $self->lmLog( "No session value for $sp_attr", 'debug' ); + } + + } + + } + + # Create attribute statement + my $attribute_statement; + + eval { $attribute_statement = Lasso::Saml2AttributeStatement->new(); }; + if ($@) { + $self->checkLassoError($@); + $self->returnSOAPMessage(); + } + + # Register attributes in attribute statement + $attribute_statement->Attribute(@requested_attributes); + + # Create assetion + my $assertion; + + eval { $assertion = Lasso::Saml2Assertion->new(); }; + if ($@) { + $self->checkLassoError($@); + $self->returnSOAPMessage(); + } + + # Add attribute statement in response assertion + my @attributes_statement = ($attribute_statement); + $assertion->AttributeStatement(@attributes_statement); + + # Set response assertion + $query->response->Assertion( ($assertion) ); + + # Build response + $att_response = $self->buildAttributeResponse($query); + + unless ($att_response) { + $self->lmLog( "Unable to build attribute response", 'error' ); + $self->returnSOAPMessage(); + } + + $self->{SOAPMessage} = $att_response; # Return SOAP message $self->returnSOAPMessage(); diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm index 757278552..8e0682a12 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm @@ -1808,6 +1808,23 @@ sub processAttributeRequest { return $query; } +## @method string buildAttributeResponse(Lasso::AssertionQuery query) +# Build attribute response +# @param query Lasso::AssertionQuery object +# @return attribute response +sub buildAttributeResponse { + my ( $self, $query ) = splice @_; + + eval { Lasso::AssertionQuery::build_response_msg($query); }; + + if ($@) { + $self->checkLassoError($@); + return; + } + + return $query->msg_body; +} + ## @method Lasso::AssertionQuery processAttributeResponse(Lasso::Server server, string response) # Process an attribute response # @param server Lasso::Server object @@ -2727,6 +2744,10 @@ Validate an attribute request Process an attribute request +=head2 buildAttributeResponse + +Build attribute response + =head2 processAttributeResponse Process an attribute response