worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

make tidy

Browse Source
environments/ppa-mbqj77/deployments/1
Xavier Guimard 15 years ago
parent 58419de458
commit aa190c7f35
10 changed files with 228 additions and 210 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 20
      modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm
  2. 12
      modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/SympaAutoLogin.pm
  3. 36
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Request.pm
  4. 113
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
  5. 106
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
  6. 60
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
  7. 60
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
  8. 8
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
  9. 17
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBSAML.pm
  10. 6
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm

20
modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm
Unescape View File

@ -168,18 +168,20 @@ sub serviceToXML {
foreach (@param_keys) {
my $str = '';
my $val = $conf->{$_};
# A default value for samlServicePublicKeyEnc parameter
if ( $_ =~ /samlServicePublicKeyEnc/ ) {
unless ( $val && length $val gt 0 ) {
$val = $conf->{samlServicePublicKeySig};
}
}
# Generate XML
if ( defined $val && length $val gt 0 ) {
# Public Key ?
if ( $val =~ /^-----BEGIN PUBLIC KEY-----/
and my $rsa_pub =
Crypt::OpenSSL::RSA->new_public_key($val) )
and my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($val) )
{
my @params = $rsa_pub->get_key_parameters();
my $mod = encode_base64( $params[0]->to_bin() );
@ -188,15 +190,21 @@ sub serviceToXML {
'<ds:KeyValue>' . "\n\t"
. '<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#">'
. "\n\t\t"
. '<Modulus>' . $mod . '</Modulus>' . "\n\t\t"
. '<Exponent>' . $exp . '</Exponent>' . "\n\t"
. '<Modulus>'
. $mod
. '</Modulus>'
. "\n\t\t"
. '<Exponent>'
. $exp
. '</Exponent>' . "\n\t"
. '</RSAKeyValue>' . "\n"
. '</ds:KeyValue>';
}
# Certificate ?
if ( $val =~ /^-----BEGIN CERTIFICATE-----/
and my $certificate =
Crypt::OpenSSL::X509->new_from_string($val) )
and my $certificate =
Crypt::OpenSSL::X509->new_from_string($val) )
{
$certificate = $certificate->as_string();
$certificate =~ s/^-----BEGIN CERTIFICATE-----\n?//g;

12
modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/SympaAutoLogin.pm
Unescape View File

@ -28,18 +28,18 @@ sub defaultValuesInit {
# If not, try to read it from /etc/lemonldap-ng/sympa.secret
if ( !$sympaSecret and -r '/etc/lemonldap-ng/sympa.secret' ) {
open S, '/etc/lemonldap-ng/sympa.secret'
or die "Unable to open /etc/lemonldap-ng/sympa.secret";
$sympaSecret = join( '', <S> );
close S;
$sympaSecret =~ s/[\r\n]//g;
open S, '/etc/lemonldap-ng/sympa.secret'
or die "Unable to open /etc/lemonldap-ng/sympa.secret";
$sympaSecret = join( '', <S> );
close S;
$sympaSecret =~ s/[\r\n]//g;
}
# Sympa mail key
$sympaMailKey = $args->{'sympaMailKey'} || $sympaMailKey || "mail";
# Display found values in debug mode
$class->lmLog( "sympaSecret: $sympaSecret", 'debug' );
$class->lmLog( "sympaSecret: $sympaSecret", 'debug' );
$class->lmLog( "sympaMailKey: $sympaMailKey", 'debug' );
# Delete Sympa parameters

36
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Request.pm
Unescape View File

@ -17,18 +17,19 @@ use URI::Escape;
# @param $request A request
# @return String
sub request {
my ($self, $rrequest) = splice @_;
my $request = ${$rrequest};
my $response = undef;
my ( $self, $rrequest ) = splice @_;
my $request = ${$rrequest};
my $response = undef;
#
# GENERATE PRIVATE/PUBLIC KEYS
#
if ($request =~ /generateKeys/i) {
if ( $request =~ /generateKeys/i ) {
my $password = $self->rparam('password');
$password = $password ? ${$password} : undef;
$response = $self->generateKeys($password);
}
if (defined $response) {
if ( defined $response ) {
$self->sendJSONResponse($response);
}
}
@ -38,13 +39,13 @@ sub request {
# @param $password A password to protect the private key
# @return Hashref
sub generateKeys {
my ($self, $password) = splice @_;
my $rsa = Crypt::OpenSSL::RSA->generate_key(2048);
my $keys = undef;
%$keys = (
'private' => $rsa->get_private_key_string(),
'public' => $rsa->get_public_key_x509_string(),
);
my ( $self, $password ) = splice @_;
my $rsa = Crypt::OpenSSL::RSA->generate_key(2048);
my $keys = undef;
%$keys = (
'private' => $rsa->get_private_key_string(),
'public' => $rsa->get_public_key_x509_string(),
);
if ($password) {
my $pem = Convert::PEM->new(
Name => 'RSA PRIVATE KEY',
@ -61,12 +62,12 @@ sub generateKeys {
iqmp INTEGER
}
)
);
);
my %param = ();
$param{Content} = $keys->{private};
$param{Content} = $pem->decode(%param);
$param{Password} = $password;
$keys->{private} = $pem->encode(%param);
$keys->{private} = $pem->encode(%param);
}
return $keys;
}
@ -76,9 +77,10 @@ sub generateKeys {
# @param $content The content to sent
# @return Void
sub sendJSONResponse {
my ($self, $content) = splice @_;
my $json = new JSON();
my $json_content = '';
my ( $self, $content ) = splice @_;
my $json = new JSON();
my $json_content = '';
# All systems do not have the most recent JSON version.
# We should take care of version 1 (RedHat 5) and version 2 (Debian 5).
if ( $JSON::VERSION lt 2 ) {

113
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
Unescape View File

@ -546,7 +546,7 @@ sub struct {
# Sympa
sympaHandler => {
_nodes => [qw(sympaSecret sympaMailKey)],
sympaSecret => 'text:/sympaSecret',
sympaSecret => 'text:/sympaSecret',
sympaMailKey => 'text:/sympaMailKey',
},
},
@ -633,36 +633,37 @@ sub struct {
# SECURITY NODE
samlServiceSecurity => {
_nodes => [qw(n:samlServiceSecuritySig n:samlServiceSecurityEnc)],
_help => 'default',
_nodes =>
[qw(n:samlServiceSecuritySig n:samlServiceSecurityEnc)],
_help => 'default',
samlServiceSecuritySig => {
_nodes => [
qw(samlServicePrivateKeySig
samlServicePrivateKeySigPwd
samlServicePublicKeySig)
],
_help => 'default',
samlServicePrivateKeySig =>
_nodes => [
qw(samlServicePrivateKeySig
samlServicePrivateKeySigPwd
samlServicePublicKeySig)
],
_help => 'default',
samlServicePrivateKeySig =>
'filearea:/samlServicePrivateKeySig:samlServicePrivateKeySig:filearea',
samlServicePrivateKeySigPwd =>
'text:/samlServicePrivateKeySigPwd',
samlServicePublicKeySig =>
samlServicePrivateKeySigPwd =>
'text:/samlServicePrivateKeySigPwd',
samlServicePublicKeySig =>
'filearea:/samlServicePublicKeySig:samlServicePublicKeySig:filearea',
},
samlServiceSecurityEnc => {
_nodes => [
qw(samlServicePrivateKeyEnc
},
samlServiceSecurityEnc => {
_nodes => [
qw(samlServicePrivateKeyEnc
samlServicePrivateKeyEncPwd
samlServicePublicKeyEnc)
],
_help => 'default',
samlServicePrivateKeyEnc =>
],
_help => 'default',
samlServicePrivateKeyEnc =>
'filearea:/samlServicePrivateKeyEnc:samlServicePrivateKeyEnc:filearea',
samlServicePrivateKeyEncPwd =>
'text:/samlServicePrivateKeyEncPwd',
samlServicePublicKeyEnc =>
samlServicePrivateKeyEncPwd =>
'text:/samlServicePrivateKeyEncPwd',
samlServicePublicKeyEnc =>
'filearea:/samlServicePublicKeyEnc:samlServicePublicKeyEnc:filearea',
},
},
},
# NAMEID FORMAT MAP
@ -802,7 +803,7 @@ sub struct {
'samlAssertion:/samlIDPSSODescriptorArtifactResolutionServiceArtifact',
},
},
},
# ATTRIBUTE AUTHORITY
samlAttributeAuthorityDescriptor => {
@ -923,7 +924,7 @@ sub testStruct {
1;
},
},
https => $boolean,
https => $boolean,
issuerActivationRule => {
test => $perlExpr,
warnTest => sub {
@ -1052,7 +1053,7 @@ sub testStruct {
keyTest => qr/^(?:none|authentificate|manager|)$/,
msgFail => 'must be one of none authentificate manager',
},
securedCookie => {
securedCookie => {
test => qr/^(?:0|1|2)$/,
msgFail => 'securedCookie must be 0, 1 or 2',
},
@ -1091,8 +1092,8 @@ sub testStruct {
########
# SAML #
########
saml => $testNotDefined,
samlServiceMetaData => $testNotDefined,
saml => $testNotDefined,
samlServiceMetaData => $testNotDefined,
samlIDPMetaDataExportedAttributes => {
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
keyMsgFail => 'Bad metadata name',
@ -1143,15 +1144,15 @@ sub testStruct {
keyTest => sub { return 1; },
},
},
samlEntityID => $testNotDefined,
samlOrganizationDisplayName => $testNotDefined,
samlOrganizationName => $testNotDefined,
samlOrganizationURL => $testNotDefined,
samlSPSSODescriptorAuthnRequestsSigned => $boolean,
samlEntityID => $testNotDefined,
samlOrganizationDisplayName => $testNotDefined,
samlOrganizationName => $testNotDefined,
samlOrganizationURL => $testNotDefined,
samlSPSSODescriptorAuthnRequestsSigned => $boolean,
samlSPSSODescriptorWantAssertionsSigned => $boolean,
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect => $testNotDefined,
samlSPSSODescriptorSingleLogoutServiceHTTPPost => $testNotDefined,
samlSPSSODescriptorSingleLogoutServiceSOAP => $testNotDefined,
samlSPSSODescriptorSingleLogoutServiceSOAP => $testNotDefined,
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
$testNotDefined,
samlSPSSODescriptorAssertionConsumerServiceHTTPPost => $testNotDefined,
@ -1167,17 +1168,17 @@ sub testStruct {
samlIDPSSODescriptorSingleLogoutServiceSOAP => $testNotDefined,
samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
$testNotDefined,
samlNameIDFormatMapEmail => $testNotDefined,
samlNameIDFormatMapX509 => $testNotDefined,
samlNameIDFormatMapWindows => $testNotDefined,
samlNameIDFormatMapKerberos => $testNotDefined,
samlNameIDFormatMapEmail => $testNotDefined,
samlNameIDFormatMapX509 => $testNotDefined,
samlNameIDFormatMapWindows => $testNotDefined,
samlNameIDFormatMapKerberos => $testNotDefined,
samlAttributeAuthorityDescriptorAttributeServiceSOAP => $testNotDefined,
samlServicePrivateKeySig => $testNotDefined,
samlServicePrivateKeySigPwd => $testNotDefined,
samlServicePublicKeySig => $testNotDefined,
samlServicePrivateKeyEnc => $testNotDefined,
samlServicePrivateKeyEncPwd => $testNotDefined,
samlServicePublicKeyEnc => $testNotDefined,
samlServicePrivateKeySig => $testNotDefined,
samlServicePrivateKeySigPwd => $testNotDefined,
samlServicePublicKeySig => $testNotDefined,
samlServicePrivateKeyEnc => $testNotDefined,
samlServicePrivateKeyEncPwd => $testNotDefined,
samlServicePublicKeyEnc => $testNotDefined,
# SSL
SSLVar => $testNotDefined,
@ -1237,7 +1238,7 @@ sub testStruct {
zimbraSsoUrl => $testNotDefined,
# Sympa
sympaSecret => $testNotDefined,
sympaSecret => $testNotDefined,
sympaMailKey => $testNotDefined,
};
@ -1395,20 +1396,20 @@ sub defaultConf {
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
. $portal
. '/saml/artifact',
samlNameIDFormatMapEmail => 'mail',
samlNameIDFormatMapX509 => 'mail',
samlNameIDFormatMapWindows => 'uid',
samlNameIDFormatMapKerberos => 'uid',
samlNameIDFormatMapEmail => 'mail',
samlNameIDFormatMapX509 => 'mail',
samlNameIDFormatMapWindows => 'uid',
samlNameIDFormatMapKerberos => 'uid',
samlAttributeAuthorityDescriptorAttributeServiceSOAP =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
. $portal
. '/saml/AA/SOAP;',
samlServicePrivateKeySig => '',
samlServicePrivateKeySigPwd => '',
samlServicePublicKeySig => '',
samlServicePrivateKeyEnc => '',
samlServicePrivateKeyEncPwd => '',
samlServicePublicKeyEnc => '',
samlServicePrivateKeySig => '',
samlServicePrivateKeySigPwd => '',
samlServicePublicKeySig => '',
samlServicePrivateKeyEnc => '',
samlServicePrivateKeyEncPwd => '',
samlServicePublicKeyEnc => '',
};
}

106
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
Unescape View File

@ -246,33 +246,33 @@ sub en {
samlIDPMetaDataOptionsResolutionRule => 'Resolution rule',
samlIDPMetaDataOptionsRequestedAuthnContext =>
'Requested authentication context',
samlIDPMetaDataOptionsForceUTF8 => 'Force UTF-8',
samlIDPMetaDataOptionsEncryptionMode => 'Encryption mode',
samlIDPMetaDataOptionsForceUTF8 => 'Force UTF-8',
samlIDPMetaDataOptionsEncryptionMode => 'Encryption mode',
samlIDPMetaDataOptionsCheckConditions => 'Check conditions',
samlSPMetaDataNode => 'SAML service providers',
samlSPMetaDataXML => 'Metadata',
samlSPMetaDataExportedAttributes => 'Exported attributes',
samlSPMetaDataOptions => 'Options',
samlSPMetaDataOptionsNameIDFormat => 'Default NameID format',
samlSPMetaDataOptionsOneTimeUse => 'One time use',
samlSPMetaDataOptionsSignSSOMessage => 'Sign SSO message',
samlSPMetaDataNode => 'SAML service providers',
samlSPMetaDataXML => 'Metadata',
samlSPMetaDataExportedAttributes => 'Exported attributes',
samlSPMetaDataOptions => 'Options',
samlSPMetaDataOptionsNameIDFormat => 'Default NameID format',
samlSPMetaDataOptionsOneTimeUse => 'One time use',
samlSPMetaDataOptionsSignSSOMessage => 'Sign SSO message',
samlSPMetaDataOptionsCheckSSOMessageSignature =>
'Check SSO message signature',
samlSPMetaDataOptionsSignSLOMessage => 'Sign SLO message',
samlSPMetaDataOptionsCheckSLOMessageSignature =>
'Check SLO message signature',
samlSPMetaDataOptionsEncryptionMode => 'Encryption mode',
samlServiceMetaData => 'SAML 2 Service',
samlEntityID => 'Entity Identifier',
samlOrganization => 'Organization',
samlOrganizationDisplayName => 'Display Name',
samlOrganizationName => 'Name',
samlOrganizationURL => 'URL',
samlSPSSODescriptor => 'Service Provider',
samlServiceMetaData => 'SAML 2 Service',
samlEntityID => 'Entity Identifier',
samlOrganization => 'Organization',
samlOrganizationDisplayName => 'Display Name',
samlOrganizationName => 'Name',
samlOrganizationURL => 'URL',
samlSPSSODescriptor => 'Service Provider',
samlSPSSODescriptorAuthnRequestsSigned =>
'Signed Authentication Request',
samlSPSSODescriptorWantAssertionsSigned => 'Want Assertions Signed',
samlSPSSODescriptorSingleLogoutService => 'Single Logout',
samlSPSSODescriptorSingleLogoutService => 'Single Logout',
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect => 'HTTP Redirect',
samlSPSSODescriptorSingleLogoutServiceHTTPPost => 'HTTP POST',
samlSPSSODescriptorSingleLogoutServiceSOAP => 'SOAP',
@ -285,14 +285,14 @@ sub en {
samlSPSSODescriptorArtifactResolutionService => 'Artifact Resolution',
samlSPSSODescriptorArtifactResolutionServiceArtifact =>
'Artifact Service',
samlIDPSSODescriptor => 'Identity Provider',
samlIDPSSODescriptor => 'Identity Provider',
samlIDPSSODescriptorWantAuthnRequestsSigned =>
'Want Authentication Request Signed',
samlIDPSSODescriptorSingleSignOnService => 'Single Sign On',
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect => 'HTTP Redirect',
samlIDPSSODescriptorSingleSignOnServiceHTTPPost => 'HTTP POST',
samlIDPSSODescriptorSingleSignOnServiceSOAP => 'SOAP',
samlIDPSSODescriptorSingleLogoutService => 'Single Logout',
samlIDPSSODescriptorSingleLogoutService => 'Single Logout',
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect => 'HTTP Redirect',
samlIDPSSODescriptorSingleLogoutServiceHTTPPost => 'HTTP POST',
samlIDPSSODescriptorSingleLogoutServiceSOAP => 'SOAP',
@ -302,15 +302,15 @@ sub en {
samlAttributeAuthorityDescriptor => 'Attribute Authority',
samlAttributeAuthorityDescriptorAttributeService => 'Attribute Service',
samlAttributeAuthorityDescriptorAttributeServiceSOAP => 'SOAP',
samlServiceSecurity => 'Security parameters',
samlServiceSecuritySig => 'Signature',
samlServiceSecurityEnc => 'Encryption',
samlServicePrivateKeySig => 'Private key',
samlServiceSecurity => 'Security parameters',
samlServiceSecuritySig => 'Signature',
samlServiceSecurityEnc => 'Encryption',
samlServicePrivateKeySig => 'Private key',
samlServicePrivateKeySigPwd => 'Private key password',
samlServicePublicKeySig => 'Public key',
samlServicePrivateKeyEnc => 'Private key',
samlServicePublicKeySig => 'Public key',
samlServicePrivateKeyEnc => 'Private key',
samlServicePrivateKeyEncPwd => 'Private key password',
samlServicePublicKeyEnc => 'Public key',
samlServicePublicKeyEnc => 'Public key',
};
}
@ -520,39 +520,39 @@ sub fr {
samlIDPMetaDataOptionsResolutionRule => 'Règle de résolution',
samlIDPMetaDataOptionsRequestedAuthnContext =>
'Contexte d\'authentification demandé',
samlIDPMetaDataOptionsForceUTF8 => 'Forcer l\'UTF-8',
samlIDPMetaDataOptionsEncryptionMode => 'Mode de chiffrement',
samlIDPMetaDataOptionsForceUTF8 => 'Forcer l\'UTF-8',
samlIDPMetaDataOptionsEncryptionMode => 'Mode de chiffrement',
samlIDPMetaDataOptionsCheckConditions => 'Vérifier les conditions',
samlSPMetaDataNode => 'Fournisseurs de service SAML',
samlSPMetaDataXML => 'Metadonnées',
samlSPMetaDataExportedAttributes => 'Attributs exportés',
samlSPMetaDataOptions => 'Options',
samlSPMetaDataOptionsNameIDFormat => 'Format par défaut du NameID',
samlSPMetaDataOptionsOneTimeUse => 'Utilisation unique',
samlSPMetaDataOptionsSignSSOMessage => 'Signature des messages SSO',
samlSPMetaDataNode => 'Fournisseurs de service SAML',
samlSPMetaDataXML => 'Metadonnées',
samlSPMetaDataExportedAttributes => 'Attributs exportés',
samlSPMetaDataOptions => 'Options',
samlSPMetaDataOptionsNameIDFormat => 'Format par défaut du NameID',
samlSPMetaDataOptionsOneTimeUse => 'Utilisation unique',
samlSPMetaDataOptionsSignSSOMessage => 'Signature des messages SSO',
samlSPMetaDataOptionsCheckSSOMessageSignature =>
'Vérification de la signature des messages SSO',
samlSPMetaDataOptionsSignSLOMessage => 'Signature des messages SLO',
samlSPMetaDataOptionsCheckSLOMessageSignature =>
'Vérification de la signature des messages SLO',
samlSPMetaDataOptionsEncryptionMode => 'Mode de chiffrement',
samlServiceMetaData => 'Service SAML 2',
samlEntityID => 'Identifiant d\'entité',
samlOrganization => 'Organisation',
samlOrganizationDisplayName => 'Nom affiché',
samlOrganizationName => 'Nom',
samlOrganizationURL => 'URL',
samlSPSSODescriptor => 'Fournisseur de service',
samlServiceMetaData => 'Service SAML 2',
samlEntityID => 'Identifiant d\'entité',
samlOrganization => 'Organisation',
samlOrganizationDisplayName => 'Nom affiché',
samlOrganizationName => 'Nom',
samlOrganizationURL => 'URL',
samlSPSSODescriptor => 'Fournisseur de service',
samlSPSSODescriptorAuthnRequestsSigned =>
'Requêtes d\'authentification signées',
samlSPSSODescriptorWantAssertionsSigned =>
'Exige des assertions signées',
samlSPSSODescriptorSingleLogoutService => 'Single Logout',
samlSPSSODescriptorSingleLogoutService => 'Single Logout',
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect =>
'Redirection HTTP',
samlSPSSODescriptorSingleLogoutServiceHTTPPost => 'POST HTTP',
samlSPSSODescriptorSingleLogoutServiceSOAP => 'SOAP',
samlSPSSODescriptorAssertionConsumerService => 'Assertions',
samlSPSSODescriptorAssertionConsumerService => 'Assertions',
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
'HTTP Artifact',
samlSPSSODescriptorAssertionConsumerServiceHTTPPost => 'POST HTTP',
@ -565,12 +565,12 @@ sub fr {
samlIDPSSODescriptor => 'Fournisseur d\'identité',
samlIDPSSODescriptorWantAuthnRequestsSigned =>
'Exige des requêtes d\'authentification signées',
samlIDPSSODescriptorSingleSignOnService => 'Single Sign On',
samlIDPSSODescriptorSingleSignOnService => 'Single Sign On',
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
'Redirection HTTP',
samlIDPSSODescriptorSingleSignOnServiceHTTPPost => 'POST HTTP',
samlIDPSSODescriptorSingleSignOnServiceSOAP => 'SOAP',
samlIDPSSODescriptorSingleLogoutService => 'Single Logout',
samlIDPSSODescriptorSingleLogoutService => 'Single Logout',
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
'Redirection HTTP',
samlIDPSSODescriptorSingleLogoutServiceHTTPPost => 'POST HTTP',
@ -583,15 +583,15 @@ sub fr {
samlAttributeAuthorityDescriptorAttributeService =>
'Service d\'attributs',
samlAttributeAuthorityDescriptorAttributeServiceSOAP => 'SOAP',
samlServiceSecurity => 'Paramètres de sécurité',
samlServiceSecuritySig => 'Signature',
samlServiceSecurityEnc => 'Chiffrement',
samlServicePrivateKeySig => 'Clé privée',
samlServiceSecurity => 'Paramètres de sécurité',
samlServiceSecuritySig => 'Signature',
samlServiceSecurityEnc => 'Chiffrement',
samlServicePrivateKeySig => 'Clé privée',
samlServicePrivateKeySigPwd => 'Mot de passe de la clé privée',
samlServicePublicKeySig => 'Clé publique',
samlServicePrivateKeyEnc => 'Clé privée',
samlServicePublicKeySig => 'Clé publique',
samlServicePrivateKeyEnc => 'Clé privée',
samlServicePrivateKeyEncPwd => 'Mot de passe de la clé privée',
samlServicePublicKeyEnc => 'Clé publique',
samlServicePublicKeyEnc => 'Clé publique',
};
}

60
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
Unescape View File

@ -212,18 +212,18 @@ sub extractFormInfo {
}
# Check authentication context
my $responseAuthnContext;
eval {
$responseAuthnContext =
$assertion->AuthnStatement()->AuthnContext()
->AuthnContextClassRef();
};
if ($@) {
$self->lmLog(
"Unable to get authentication context from $idpConfKey",
my $responseAuthnContext;
eval {
$responseAuthnContext =
$assertion->AuthnStatement()->AuthnContext()
->AuthnContextClassRef();
};
if ($@) {
$self->lmLog(
"Unable to get authentication context from $idpConfKey",
'debug' );
$responseAuthnContext = $self->getAuthnContext("unspecified");
}
}
else {
$self->lmLog(
"Found authentication context: $responseAuthnContext",
@ -266,9 +266,9 @@ sub extractFormInfo {
$self->{user} = $user;
# Store Lasso objects
$self->{_lassoLogin} = $login;
$self->{_idp} = $idp;
$self->{_idpConfKey} = $idpConfKey;
$self->{_lassoLogin} = $login;
$self->{_idp} = $idp;
$self->{_idpConfKey} = $idpConfKey;
$self->{_nameID} = $nameid;
$self->{_sessionIndex} = $session_index;
@ -507,7 +507,7 @@ sub extractFormInfo {
my $realSessionInfo =
$self->getApacheSession( $sessionInfo->{_id}, 1 );
# Get Lasso::Session dump
# Get Lasso::Session dump
# This value is erased if a next session match the SLO request
if ( $realSessionInfo
&& $realSessionInfo->{_lassoSessionDump} )
@ -524,7 +524,7 @@ sub extractFormInfo {
my $del_real_result =
$self->_deleteSession($realSessionInfo);
$self->lmLog(
$self->lmLog(
"Delete real session $real_session result: $del_real_result",
'debug'
);
@ -1040,7 +1040,7 @@ sub setAuthSessionInfo {
my $sessionNotOnOrAfter;
eval {
$sessionNotOnOrAfter =
$assertion->AuthnStatement()->SessionNotOnOrAfter();
$assertion->AuthnStatement()->SessionNotOnOrAfter();
};
if ( $@ or !$sessionNotOnOrAfter ) {
@ -1048,23 +1048,23 @@ sub setAuthSessionInfo {
}
else {
my $samltime = $self->samldate2timestamp($sessionNotOnOrAfter);
my $utime = time();
my $timeout = $self->{timeout};
my $adaptSessionUtime =
$self->{samlIDPMetaDataOptions}->{$idpConfKey}
->{samlIDPMetaDataOptionsAdaptSessionUtime};
my $samltime = $self->samldate2timestamp($sessionNotOnOrAfter);
my $utime = time();
my $timeout = $self->{timeout};
my $adaptSessionUtime =
$self->{samlIDPMetaDataOptions}->{$idpConfKey}
->{samlIDPMetaDataOptionsAdaptSessionUtime};
if ( ( $utime + $timeout > $samltime ) and $adaptSessionUtime ) {
if ( ( $utime + $timeout > $samltime ) and $adaptSessionUtime ) {
# Use SAML time to determine the start of the session
my $new_utime = $samltime - $timeout;
$self->{sessionInfo}->{_utime} = $new_utime;
$self->lmLog(
# Use SAML time to determine the start of the session
my $new_utime = $samltime - $timeout;
$self->{sessionInfo}->{_utime} = $new_utime;
$self->lmLog(
"Adapt _utime with SessionNotOnOrAfter value, new _utime: $new_utime",
'debug'
);
}
'debug'
);
}
}

60
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
Unescape View File

@ -866,34 +866,34 @@ sub issuerForUnAuthUser {
# Create attribute statement
if ( scalar @returned_attributes ) {
my $attribute_statement;
my $attribute_statement;
eval {
$attribute_statement = Lasso::Saml2AttributeStatement->new();
};
if ($@) {
$self->checkLassoError($@);
$self->returnSOAPMessage();
}
if ($@) {
$self->checkLassoError($@);
$self->returnSOAPMessage();
}
# Register attributes in attribute statement
$attribute_statement->Attribute(@returned_attributes);
# Register attributes in attribute statement
$attribute_statement->Attribute(@returned_attributes);
# Create assetion
my $assertion;
# Create assetion
my $assertion;
eval { $assertion = Lasso::Saml2Assertion->new(); };
if ($@) {
$self->checkLassoError($@);
$self->returnSOAPMessage();
}
eval { $assertion = Lasso::Saml2Assertion->new(); };
if ($@) {
$self->checkLassoError($@);
$self->returnSOAPMessage();
}
# Add attribute statement in response assertion
my @attributes_statement = ($attribute_statement);
$assertion->AttributeStatement(@attributes_statement);
# Add attribute statement in response assertion
my @attributes_statement = ($attribute_statement);
$assertion->AttributeStatement(@attributes_statement);
# Set response assertion
$query->response->Assertion( ($assertion) );
# Set response assertion
$query->response->Assertion( ($assertion) );
}
# Build response
@ -1363,22 +1363,22 @@ sub issuerForAuthUser {
# Create attribute statement
if ( scalar @attributes ) {
my $attribute_statement;
my $attribute_statement;
eval {
eval {
$attribute_statement =
Lasso::Saml2AttributeStatement->new();
};
if ($@) {
$self->checkLassoError($@);
return PE_ERROR;
}
};
if ($@) {
$self->checkLassoError($@);
return PE_ERROR;
}
# Register attributes in attribute statement
$attribute_statement->Attribute(@attributes);
# Register attributes in attribute statement
$attribute_statement->Attribute(@attributes);
# Add attribute statement in response assertion
my @attributes_statement = ($attribute_statement);
# Add attribute statement in response assertion
my @attributes_statement = ($attribute_statement);
$response_assertions[0]
->AttributeStatement(@attributes_statement);
}

8
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
Unescape View File

@ -1539,11 +1539,13 @@ sub autoRedirect {
my $ssl = $1;
$self->lmLog( 'CDA request', 'debug' );
$self->{urldc} .=
( $self->{urldc} =~ /\?/ ? '&' : '?' )
( $self->{urldc} =~ /\?/ ? '&' : '?' )
. $self->{cookieName} . "="
. ( ( $self->{securedCookie} != 2 or $ssl )
. (
( $self->{securedCookie} != 2 or $ssl )
? $self->{id}
: $self->{sessionInfo}->{_httpSession} );
: $self->{sessionInfo}->{_httpSession}
);
}
$self->updateStatus;
print $self->SUPER::redirect(

17
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBSAML.pm
Unescape View File

@ -38,8 +38,8 @@ sub getUser {
# Get all required attributes
# @return Lemonldap::NG::Portal error code
sub setSessionInfo {
my $self = shift;
my $idp = $self->{_idp};
my $self = shift;
my $idp = $self->{_idp};
my $idpConfKey = $self->{_idpConfKey};
my $nameid = $self->{_nameID};
@ -87,9 +87,12 @@ sub setSessionInfo {
'error' );
return 0;
}
unless ( $privateKeyEnc ) {
$self->lmLog( "SAML private encryption key not found in configuration, "
. "use private signature key", 'debug' );
unless ($privateKeyEnc) {
$self->lmLog(
"SAML private encryption key not found in configuration, "
. "use private signature key",
'debug'
);
$privateKeyEnc = $privateKeySig;
}
@ -101,7 +104,9 @@ sub setSessionInfo {
$service_metadata->serviceToXML(
$ENV{DOCUMENT_ROOT} . "/skins/common/saml2-metadata.tpl", $self
),
$privateKeySig, undef, $privateKeyEnc
$privateKeySig,
undef,
$privateKeyEnc
);
unless ($server) {

6
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
Unescape View File

@ -1249,7 +1249,7 @@ sub createLogout {
eval { $logout = Lasso::Logout::new_from_dump( $server, $dump ); };
}
else {
eval { $logout = Lasso::Logout->new($server); };
eval { $logout = Lasso::Logout->new($server); };
}
if ($@) {
@ -1981,10 +1981,10 @@ sub getHttpMethod {
sub getHttpMethodString {
my ( $self, $method ) = splice @_;
return "POST" if ( $method == Lasso::Constants::HTTP_METHOD_POST );
return "POST" if ( $method == Lasso::Constants::HTTP_METHOD_POST );
return "REDIRECT"
if ( $method == Lasso::Constants::HTTP_METHOD_REDIRECT );
return "SOAP" if ( $method == Lasso::Constants::HTTP_METHOD_SOAP );
return "SOAP" if ( $method == Lasso::Constants::HTTP_METHOD_SOAP );
return "ARTIFACT GET"
if ( $method == Lasso::Constants::HTTP_METHOD_ARTIFACT_GET );
return "ARTIFACT POST"

Write Preview
Loading…
Cancel
Save