SAML: add ArtifactResolutionService in SP Metadata

15 years ago · 62330e2d44
parent 83880118b3
commit 62330e2d44
4 changed files with 28 additions and 0 deletions
--- a/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm
+++ b/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm
@ -208,6 +208,7 @@ sub serviceToXML {
      samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact
      samlSPSSODescriptorAssertionConsumerServiceHTTPPost
      samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect
+      samlSPSSODescriptorArtifactResolutionServiceArtifact
      samlIDPSSODescriptorArtifactResolutionServiceArtifact
    );
    foreach (@param_assertion) {
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
@ -600,6 +600,7 @@ sub struct {
                      samlSPSSODescriptorKeyDescriptorSigning
                      n:samlSPSSODescriptorSingleLogoutService
                      n:samlSPSSODescriptorAssertionConsumerService
+                      n:samlSPSSODescriptorArtifactResolutionService
                      n:samlSPSSODescriptorNameIDFormat)
                ],
                _help => 'default',
@ -636,6 +637,15 @@ sub struct {
 'samlAssertion:/samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect',
                },

+                samlSPSSODescriptorArtifactResolutionService => {
+                    _nodes => [
+                        qw(samlSPSSODescriptorArtifactResolutionServiceArtifact)
+                    ],
+                    _help => 'default',
+                    samlSPSSODescriptorArtifactResolutionServiceArtifact =>
+'samlAssertion:/samlSPSSODescriptorArtifactResolutionServiceArtifact',
+                },
+
                samlSPSSODescriptorNameIDFormat => {
                    _nodes => [
                        qw(samlSPSSODescriptorNameIDFormatX509SubjectName
@ -1054,6 +1064,7 @@ sub testStruct {
        samlSPSSODescriptorAssertionConsumerServiceHTTPPost => $testNotDefined,
        samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect =>
          $testNotDefined,
+        samlSPSSODescriptorArtifactResolutionServiceArtifact => $testNotDefined,
        samlSPSSODescriptorNameIDFormatX509SubjectName => $boolean,
        samlSPSSODescriptorNameIDFormatPersistent      => $boolean,
        samlSPSSODescriptorNameIDFormatTransient       => $boolean,
@ -1223,6 +1234,10 @@ sub defaultConf {
          '0;2;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;' 
          . $portal
          . '/saml/proxySingleSignOnRedirect',
+        samlSPSSODescriptorArtifactResolutionServiceArtifact =>
+          '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;' 
+          . $portal
+          . '/saml/artifact',
        samlSPSSODescriptorNameIDFormatX509SubjectName => '0',
        samlSPSSODescriptorNameIDFormatPersistent      => '1',
        samlSPSSODescriptorNameIDFormatTransient       => '0',
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
@ -245,6 +245,9 @@ sub en {
        samlSPSSODescriptorAssertionConsumerServiceHTTPPost => 'HTTP POST',
        samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect =>
          'HTTP Redirect',
+        samlSPSSODescriptorArtifactResolutionService => 'Artifact Resolution',
+        samlSPSSODescriptorArtifactResolutionServiceArtifact =>
+          'Artifact Service',
        samlSPSSODescriptorNameIDFormat                => 'NameID Format',
        samlSPSSODescriptorNameIDFormatX509SubjectName => 'x509',
        samlSPSSODescriptorNameIDFormatPersistent      => 'Persistent',
@ -477,6 +480,10 @@ sub fr {
        samlSPSSODescriptorAssertionConsumerServiceHTTPPost => 'POST HTTP',
        samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect =>
          'Redirection HTTP',
+        samlSPSSODescriptorArtifactResolutionService =>
+          'Résolution d\'Artifact',
+        samlSPSSODescriptorArtifactResolutionServiceArtifact =>
+          'Service Artifact',
        samlSPSSODescriptorNameIDFormat                => 'Format NameID',
        samlSPSSODescriptorNameIDFormatX509SubjectName => 'x509',
        samlSPSSODescriptorNameIDFormatPersistent      => 'Persistant',
--- a/modules/lemonldap-ng-portal/example/skins/common/saml2-metadata.tpl
+++ b/modules/lemonldap-ng-portal/example/skins/common/saml2-metadata.tpl
@ -78,6 +78,11 @@
        </ds:KeyValue>
      </ds:KeyInfo>
    </KeyDescriptor>
+    <ArtifactResolutionService
+      isDefault="<TMPL_VAR NAME="samlSPSSODescriptorArtifactResolutionServiceArtifactDefault">"
+      index="<TMPL_VAR NAME="samlSPSSODescriptorArtifactResolutionServiceArtifactIndex">"
+      Binding="<TMPL_VAR NAME="samlSPSSODescriptorArtifactResolutionServiceArtifactBinding">"
+      Location="<TMPL_VAR NAME="samlSPSSODescriptorArtifactResolutionServiceArtifactLocation">" />
    <SingleLogoutService
      Binding="<TMPL_VAR NAME="samlSPSSODescriptorSingleLogoutServiceSOAPBinding">"
      Location="<TMPL_VAR NAME="samlSPSSODescriptorSingleLogoutServiceSOAPLocation">" />