SAML: signatures on SSO/SLO messages issued from IDP (#66)
This commit is contained in:
parent
bc618ce075
commit
f187851ba6
@ -232,10 +232,14 @@ sub issuerForUnAuthUser {
|
||||
$self->lmLog( "Set $relaystate in RelayState", 'debug' );
|
||||
}
|
||||
|
||||
# Logout response
|
||||
unless ( $self->buildLogoutResponseMsg($logout) ) {
|
||||
$self->lmLog( "Unable to build SLO response", 'error' );
|
||||
return PE_ERROR;
|
||||
# Signature
|
||||
my $signSLOMessage =
|
||||
$self->{samlSPMetaDataOptions}->{$spConfKey}
|
||||
->{samlSPMetaDataOptionsSignSLOMessage};
|
||||
|
||||
unless ($signSLOMessage) {
|
||||
$self->lmLog( "Do not sign this SLO response", 'debug' );
|
||||
return PE_ERROR unless ( $self->disableSignature($logout) );
|
||||
}
|
||||
|
||||
# Send logout response
|
||||
@ -683,6 +687,16 @@ sub issuerForAuthUser {
|
||||
# Set response assertion
|
||||
$login->response->Assertion(@response_assertions);
|
||||
|
||||
# Signature
|
||||
my $signSSOMessage =
|
||||
$self->{samlSPMetaDataOptions}->{$spConfKey}
|
||||
->{samlSPMetaDataOptionsSignSSOMessage};
|
||||
|
||||
unless ($signSSOMessage) {
|
||||
$self->lmLog( "Do not sign this SSO response", 'debug' );
|
||||
return PE_ERROR unless ( $self->disableSignature($login) );
|
||||
}
|
||||
|
||||
# Build SAML response
|
||||
$protocolProfile = $login->protocolProfile();
|
||||
|
||||
@ -942,6 +956,16 @@ sub issuerForAuthUser {
|
||||
'debug' );
|
||||
}
|
||||
|
||||
# Signature
|
||||
my $signSLOMessage =
|
||||
$self->{samlSPMetaDataOptions}->{$spConfKey}
|
||||
->{samlSPMetaDataOptionsSignSLOMessage};
|
||||
|
||||
unless ($signSLOMessage) {
|
||||
$self->lmLog( "Do not sign this SLO response", 'debug' );
|
||||
return PE_ERROR unless ( $self->disableSignature($logout) );
|
||||
}
|
||||
|
||||
# Send logout response. The process could be stopped here, if no
|
||||
# there are no providers to wait for logout via HTTP-REDIRECT
|
||||
# method.
|
||||
|
@ -2069,8 +2069,9 @@ sub sendLogoutRequestToServiceProvider {
|
||||
return ( 0, undef, undef );
|
||||
}
|
||||
|
||||
# Get SP Name from EntityID
|
||||
# Get SP Name and Conf Key from EntityID
|
||||
my $providerName = $self->{_spList}->{$providerID}->{name};
|
||||
my $spConfKey = $self->{_spList}->{$providerID}->{confKey};
|
||||
|
||||
# Get first HTTP method
|
||||
my $protocolType = Lasso::Constants::MD_PROTOCOL_TYPE_SINGLE_LOGOUT;
|
||||
@ -2082,6 +2083,17 @@ sub sendLogoutRequestToServiceProvider {
|
||||
# Fix a default value for the relay parameter
|
||||
$relay = 0 unless ( defined $relay );
|
||||
|
||||
# Signature
|
||||
my $signSLOMessage =
|
||||
$self->{samlSPMetaDataOptions}->{$spConfKey}
|
||||
->{samlSPMetaDataOptionsSignSLOMessage};
|
||||
|
||||
unless ($signSLOMessage) {
|
||||
$self->lmLog( "Do not sign this SLO request", 'debug' );
|
||||
return ( 0, undef, undef )
|
||||
unless ( $self->disableSignature($logout) );
|
||||
}
|
||||
|
||||
# Build the request unless this is a SOAP relay logout request
|
||||
unless ( $method == Lasso::Constants::HTTP_METHOD_SOAP && $relay ) {
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user