SAML: artifact for sending authn request, work in progress (#32)
This commit is contained in:
parent
edb345f23c
commit
f46c3b4224
|
@ -591,6 +591,7 @@ function samlService(id) {
|
|||
formateSelect('samlServiceBinding',[
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect=HTTP Redirect',
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST=HTTP POST',
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact=HTTP Artifact',
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP=SOAP'
|
||||
],t[0]);
|
||||
$('#samlServiceLocation').attr('value',t[1]);
|
||||
|
|
|
@ -197,8 +197,7 @@ sub cstruct {
|
|||
},
|
||||
samlSPMetaDataOptionsSecurity => {
|
||||
|
||||
_nodes =>
|
||||
[ qw(samlSPMetaDataOptionsEncryptionMode) ],
|
||||
_nodes => [qw(samlSPMetaDataOptionsEncryptionMode)],
|
||||
|
||||
samlSPMetaDataOptionsEncryptionMode =>
|
||||
"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsEncryptionMode:default:encryptionModeParams",
|
||||
|
@ -830,6 +829,7 @@ sub struct {
|
|||
_nodes => [
|
||||
qw(samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPPost
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact
|
||||
samlIDPSSODescriptorSingleSignOnServiceSOAP)
|
||||
],
|
||||
_help => 'default',
|
||||
|
@ -837,6 +837,8 @@ sub struct {
|
|||
'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPPost =>
|
||||
'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPPost',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact =>
|
||||
'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact',
|
||||
samlIDPSSODescriptorSingleSignOnServiceSOAP =>
|
||||
'samlService:/samlIDPSSODescriptorSingleSignOnServiceSOAP',
|
||||
},
|
||||
|
@ -1224,6 +1226,7 @@ sub testStruct {
|
|||
samlIDPSSODescriptorWantAuthnRequestsSigned => $boolean,
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect => $testNotDefined,
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPPost => $testNotDefined,
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact => $testNotDefined,
|
||||
samlIDPSSODescriptorSingleSignOnServiceSOAP => $testNotDefined,
|
||||
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect => $testNotDefined,
|
||||
samlIDPSSODescriptorSingleLogoutServiceHTTPPost => $testNotDefined,
|
||||
|
@ -1434,6 +1437,10 @@ sub defaultConf {
|
|||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
|
||||
. $portal
|
||||
. '/saml/singleSignOn;',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;'
|
||||
. $portal
|
||||
. '/saml/singleSignOnArtifact;',
|
||||
samlIDPSSODescriptorSingleSignOnServiceSOAP =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
||||
. $portal
|
||||
|
|
|
@ -299,6 +299,7 @@ sub en {
|
|||
samlIDPSSODescriptorSingleSignOnService => 'Single Sign On',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect => 'HTTP Redirect',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPPost => 'HTTP POST',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact => 'HTTP Artifact',
|
||||
samlIDPSSODescriptorSingleSignOnServiceSOAP => 'SOAP',
|
||||
samlIDPSSODescriptorSingleLogoutService => 'Single Logout',
|
||||
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect => 'HTTP Redirect',
|
||||
|
@ -585,6 +586,7 @@ sub fr {
|
|||
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
|
||||
'Redirection HTTP',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPPost => 'POST HTTP',
|
||||
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact => 'HTTP Artifact',
|
||||
samlIDPSSODescriptorSingleSignOnServiceSOAP => 'SOAP',
|
||||
samlIDPSSODescriptorSingleLogoutService => 'Single Logout',
|
||||
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
||||
|
|
|
@ -1173,8 +1173,6 @@ sub issuerForAuthUser {
|
|||
|
||||
$self->lmLog( "SSO: authentication request is valid", 'debug' );
|
||||
|
||||
# TODO Check AuthnRequest conditions
|
||||
|
||||
# Get ForceAuthn flag
|
||||
my $force_authn;
|
||||
|
||||
|
|
|
@ -881,11 +881,35 @@ sub createAuthnRequest {
|
|||
}
|
||||
|
||||
# Build authentication request
|
||||
|
||||
# Artifact
|
||||
if ( $method == $self->getHttpMethod("artifact-get")
|
||||
or $method == $self->getHttpMethod("artifact-post") )
|
||||
{
|
||||
|
||||
# Build artifact message
|
||||
unless ( $self->buildArtifactMsg( $login, $method ) ) {
|
||||
$self->lmLog( "Unable to build SSO artifact response message",
|
||||
'error' );
|
||||
return;
|
||||
}
|
||||
|
||||
$self->lmLog( "SSO: artifact response is built", 'debug' );
|
||||
|
||||
# Get artifact ID and Content, and store them
|
||||
my $artifact_id = $login->get_artifact;
|
||||
my $artifact_message = $login->get_artifact_message;
|
||||
|
||||
$self->storeArtifact( $artifact_id, $artifact_message );
|
||||
}
|
||||
|
||||
else {
|
||||
unless ( $self->buildAuthnRequestMsg($login) ) {
|
||||
$self->lmLog( "Could not build authentication request on $idp",
|
||||
'error' );
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
return $login;
|
||||
}
|
||||
|
@ -1631,7 +1655,7 @@ sub storeArtifact {
|
|||
$samlSessionInfo->{_utime} = time(); # Creation time
|
||||
$samlSessionInfo->{ID} = $id;
|
||||
$samlSessionInfo->{message} = $message;
|
||||
$samlSessionInfo->{session_id} = $session_id;
|
||||
$samlSessionInfo->{session_id} = $session_id if $session_id;
|
||||
|
||||
my $art_session_id = $samlSessionInfo->{_session_id};
|
||||
|
||||
|
@ -1716,12 +1740,11 @@ sub createArtifactResponse {
|
|||
|
||||
$self->lmLog( "Response loaded", 'debug' );
|
||||
|
||||
# Get Lasso session
|
||||
# Try to get Lasso session
|
||||
my $session_id = $art_session->{session_id};
|
||||
unless ($session_id) {
|
||||
$self->lmLog( "Cannot find session_id in artifact session", 'error' );
|
||||
return;
|
||||
}
|
||||
if ($session_id) {
|
||||
$self->lmLog( "Find session_id $session_id in artifact session",
|
||||
'manage' );
|
||||
|
||||
my $session = $self->getApacheSession( $session_id, 1 );
|
||||
unless ( defined $session ) {
|
||||
|
@ -1739,6 +1762,11 @@ sub createArtifactResponse {
|
|||
$self->lmLog( "Lasso Session loaded", 'debug' );
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "No session_id in artifact session", 'manage' );
|
||||
}
|
||||
|
||||
# Build artifact response
|
||||
eval { Lasso::Login::build_response_msg($login); };
|
||||
if ($@) {
|
||||
|
@ -1748,8 +1776,8 @@ sub createArtifactResponse {
|
|||
}
|
||||
$self->lmLog( "Artifact response built", 'debug' );
|
||||
|
||||
# Store Lasso session
|
||||
if ( $login->is_session_dirty ) {
|
||||
# Store Lasso session if session opened
|
||||
if ( $session_id and $login->is_session_dirty ) {
|
||||
$self->lmLog( "Save Lasso session in session", 'debug' );
|
||||
$self->updateSession(
|
||||
{ _lassoSessionDump => $login->get_session->dump }, $session_id );
|
||||
|
|
Loading…
Reference in New Issue
Block a user