Merge branch 'saml-separate-metadata' into 'v2.0'

Add new URLs for SP-only or IDP-only SAML metadata

See merge request lemonldap-ng/lemonldap-ng!61

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm

@@ -23,7 +23,7 @@ my $dataStart = tell(DATA);
 # SAML 2 description.
 # @return string
 sub serviceToXML {
-    my ( $self, $conf ) = @_;
+    my ( $self, $conf, $type ) = @_;
 
     seek DATA, $dataStart, 0;
     my $s = join '', <DATA>;
@@ -41,6 +41,14 @@ sub serviceToXML {
       samlOrganizationURL
     );
 
+    if ($type eq 'idp') {
+	    $template->param( 'hideSPMetadata', 1);
+    }
+
+    if ($type eq 'sp') {
+	    $template->param( 'hideIDPMetadata', 1);
+    }
+
     foreach (@param_auto) {
         $template->param( $_, $self->getValue( $_, $conf ) );
     }
@@ -195,6 +203,7 @@ __DATA__
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
     entityID="<TMPL_VAR NAME="samlEntityID">">
 
+  <TMPL_UNLESS NAME="hideIDPMetadata">
   <IDPSSODescriptor
       WantAuthnRequestsSigned="<TMPL_VAR NAME="samlIDPSSODescriptorWantAuthnRequestsSigned">"
       protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
@@ -253,7 +262,9 @@ __DATA__
       ResponseLocation="<TMPL_VAR NAME="samlIDPSSODescriptorSingleSignOnServiceHTTPArtifactResponseLocation">"
       </TMPL_IF>/>
   </IDPSSODescriptor>
+  </TMPL_UNLESS>
 
+  <TMPL_UNLESS NAME="hideSPMetadata">
   <SPSSODescriptor
       AuthnRequestsSigned="<TMPL_VAR NAME="samlSPSSODescriptorAuthnRequestsSigned">"
       WantAssertionsSigned="<TMPL_VAR NAME="samlSPSSODescriptorWantAssertionsSigned">"
@@ -305,7 +316,9 @@ __DATA__
       Binding="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostBinding">"
       Location="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostLocation">" />
   </SPSSODescriptor>
+  </TMPL_UNLESS>
 
+  <TMPL_UNLESS NAME="hideIDPMetadata">
   <AttributeAuthorityDescriptor
     protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     <KeyDescriptor use="signing">
@@ -328,6 +341,7 @@ __DATA__
     <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
     <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
   </AttributeAuthorityDescriptor>
+  </TMPL_UNLESS>
   
   <Organization>
     <OrganizationName xml:lang="en"><TMPL_VAR NAME="samlOrganizationName"></OrganizationName>

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm

@@ -145,11 +145,11 @@ sub init {
 
     return 0 unless ( $self->lassoServer( $self->loadService ) );
     $self->addUnauthRoute(
-        ( $self->{path} || 'saml' ) => { 'metadata' => 'metadata' },
+        ( $self->{path} || 'saml' ) => { 'metadata' => { ':type' => 'metadata' }},
         ['GET']
     );
     $self->addAuthRoute(
-        ( $self->{path} || 'saml' ) => { 'metadata' => 'metadata' },
+        ( $self->{path} || 'saml' ) => { 'metadata' => { ':type' => 'metadata' }},
         ['GET']
     );
     return 1;
@@ -3072,9 +3072,10 @@ sub importRealSession {
 
 sub metadata {
     my ( $self, $req ) = @_;
+    my $type = $req->param('type');
     require Lemonldap::NG::Common::Conf::SAML::Metadata;
     if ( my $metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new() ) {
-        my $s = $metadata->serviceToXML( $self->conf );
+        my $s = $metadata->serviceToXML( $self->conf, $type);
         return [
             200,
             [