dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ba6bb76549
lemonldap-ng/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
Thomas CHEMINEAU ba6bb76549 SAML: 
- Move part of the code into _SAML.pm so that it could be reused;
- Create the method checkMessage that check SAML requests and responses.
2010-03-26 16:02:27 +00:00

172 lines
4.2 KiB
Perl
Raw Blame History

## @file
# SAML Issuer file
## @class
# SAML Issuer class
package Lemonldap::NG::Portal::IssuerDBSAML;
use strict;
use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_SAML;
our @ISA = qw(Lemonldap::NG::Portal::_SAML);
our $VERSION = '0.01';
## @method void issuerDBInit()
# TODO
# Load and check SAML configuration
# @return Lemonldap::NG::Portal error code
sub issuerDBInit {
my $self = shift;
# Load SAML service
return PE_ERROR unless $self->loadService();
# Load SAML identity providers
return PE_ERROR unless $self->loadSPs();
PE_OK;
}
## @apmethod int issuerForUnAuthUser()
# TODO
# Check if there is an SAML authentication request.
# Called only for unauthenticated users, it store SAML request in
# $self->{url}
# @return Lemonldap::NG::Portal error code
sub issuerForUnAuthUser {
my $self = shift;
my $server = $self->{_lassoServer};
# Get configuration parameter
my $saml_sso_soap_url =
$self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceSOAP", 1 );
my $saml_sso_soap_url_ret =
$self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceSOAP", 2 );
my $saml_sso_get_url =
$self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTP", 1 );
my $saml_sso_get_url_ret =
$self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTP", 2 );
if ( $url =~ /^($saml_sso_soap_url|$saml_sso_get_url)$/i )
{
$self->lmLog( "URL $url detected as an SSO request URL", 'debug' );
# Get HTTP request informations to know
# if we are receving SAML request or response
my $url = $self->url();
my $request_method = $self->request_method();
my $content_type = $self->content_type();
# Check message
my ( $request, $response, $method, $relaystate, $artifact ) =
$self->checkMessage($url, $request_method, $content_type);
# Process the request
if ( $request ) {
# Create Login object
my $login = $self->createLogin( $server );
# Process authentication request
my $result;
if ($artifact) {
$result = $self->processArtRequestMsg( $login, $request );
}
else {
$result = $self->processAuthnRequestMsg( $login, $request );
}
unless ($result) {
$self->lmLog( "SSO: Fail to process authentication request",
'error' );
return PE_ERROR;
}
$self->lmLog( "SSO: authentication request is valid", 'debug' );
# Get SAML request
my $saml_request = $login->request();
unless ($saml_request) {
$self->lmLog( "No SAML request found", 'error' );
return PE_ERROR;
}
# Check isPassive flag
my $isPassive = $saml_request->IsPassive();
if ($isPassive) {
$self->lmLog( "Found isPassive flag in assertion conditions",
'debug' );
return PE_ERROR;
}
}
}
PE_OK;
}
## @apmethod int issuerForAuthUser()
# TODO
# Check if there is an SAML authentication request for an authenticated user
# and build assertions
# @return Lemonldap::NG::Portal error code
sub issuerForAuthUser {
my $self = shift;
print STDERR "IssuerDBSAML: issuerForAuthUser\n";
PE_OK;
}
## @apmethod int issuerLogout()
# TODO
# @return Lemonldap::NG::Portal error code
sub issuerLogout {
my $self = shift;
print STDERR "IssuerDBSAML: issuerLogout\n";
PE_OK;
}
1;
__END__
=head1 NAME
=encoding utf8
Lemonldap::NG::Portal::IssuerDBSAML - SAML IssuerDB for Lemonldap::NG
=head1 SYNOPSIS
use Lemonldap::NG::Portal::IssuerDBSAML;
#TODO
=head1 DESCRIPTION
SAML IssuerDB for Lemonldap::NG
=head1 SEE ALSO
L<Lemonldap::NG::Portal>
=head1 AUTHOR
Clément Oudot, E<lt>coudot@linagora.comE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2009 by Clément Oudot
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.10.0 or,
at your option, any later version of Perl 5 you may have available.
=cut
Reference in New Issue View Git Blame Copy Permalink