SAML: add an IDP option to force attribute value in UTF-8 (#72)

environments/ppa-mbqj77/deployments/1
Clément Oudot 15 years ago
parent 6964b09eb2
commit c0edd943db
  1. 5
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
  2. 2
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
  3. 7
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
  4. 8
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBSAML.pm
  5. 11
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm

@ -60,7 +60,7 @@ sub cstruct {
. ":samlIDPMetaDataXML:filearea",
samlIDPMetaDataOptions => {
_nodes => [
qw(samlIDPMetaDataOptionsNameIDFormat samlIDPMetaDataOptionsForceAuthn samlIDPMetaDataOptionsIsPassive samlIDPMetaDataOptionsAllowProxiedAuthn samlIDPMetaDataOptionsSSOBinding samlIDPMetaDataOptionsSLOBinding samlIDPMetaDataOptionsResolutionRule samlIDPMetaDataOptionsAllowLoginFromIDP samlIDPMetaDataOptionsAdaptSessionUtime samlIDPMetaDataOptionsSignSSOMessage samlIDPMetaDataOptionsCheckSSOMessageSignature samlIDPMetaDataOptionsSignSLOMessage samlIDPMetaDataOptionsCheckSLOMessageSignature samlIDPMetaDataOptionsRequestedAuthnContext)
qw(samlIDPMetaDataOptionsNameIDFormat samlIDPMetaDataOptionsForceAuthn samlIDPMetaDataOptionsIsPassive samlIDPMetaDataOptionsAllowProxiedAuthn samlIDPMetaDataOptionsSSOBinding samlIDPMetaDataOptionsSLOBinding samlIDPMetaDataOptionsResolutionRule samlIDPMetaDataOptionsAllowLoginFromIDP samlIDPMetaDataOptionsAdaptSessionUtime samlIDPMetaDataOptionsSignSSOMessage samlIDPMetaDataOptionsCheckSSOMessageSignature samlIDPMetaDataOptionsSignSLOMessage samlIDPMetaDataOptionsCheckSLOMessageSignature samlIDPMetaDataOptionsRequestedAuthnContext samlIDPMetaDataOptionsForceUTF8)
],
samlIDPMetaDataOptionsNameIDFormat =>
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsNameIDFormat"
@ -94,6 +94,8 @@ sub cstruct {
samlIDPMetaDataOptionsRequestedAuthnContext =>
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsRequestedAuthnContext"
. ":default:authnContextParams",
samlIDPMetaDataOptionsForceUTF8 =>
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsForceUTF8",
},
}
}
@ -1303,6 +1305,7 @@ sub defaultConf {
samlIDPMetaDataOptionsSignSLOMessage => '1',
samlIDPMetaDataOptionsCheckSLOMessageSignature => '1',
samlIDPMetaDataOptionsRequestedAuthnContext => '',
samlIDPMetaDataOptionsForceUTF8 => '0',
samlSPMetaDataOptionsNameIDFormat => '',
samlSPMetaDataOptionsOneTimeUse => '0',
samlSPMetaDataOptionsSignSSOMessage => '1',

@ -246,6 +246,7 @@ sub en {
samlIDPMetaDataOptionsResolutionRule => 'Resolution rule',
samlIDPMetaDataOptionsRequestedAuthnContext =>
'Requested authentication context',
samlIDPMetaDataOptionsForceUTF8 => 'Force UTF-8',
samlSPMetaDataNode => 'SAML service providers',
samlSPMetaDataXML => 'Metadata',
samlSPMetaDataExportedAttributes => 'Exported attributes',
@ -516,6 +517,7 @@ sub fr {
samlIDPMetaDataOptionsResolutionRule => 'Règle de résolution',
samlIDPMetaDataOptionsRequestedAuthnContext =>
'Contexte d\'authentification demandé',
samlIDPMetaDataOptionsForceUTF8 => 'Forcer l\'UTF-8',
samlSPMetaDataNode => 'Fournisseurs de service SAML',
samlSPMetaDataXML => 'Metadonnées',
samlSPMetaDataExportedAttributes => 'Attributs exportés',

@ -984,6 +984,11 @@ sub setAuthSessionInfo {
return PE_ERROR;
}
# Force UTF-8
my $force_utf8 =
$self->{samlIDPMetaDataOptions}->{$idpConfKey}
->{samlIDPMetaDataOptionsForceUTF8};
# Try to get attributes if attribute statement is present in assertion
my $attr_statement = $assertion->AttributeStatement();
if ($attr_statement) {
@ -1006,7 +1011,7 @@ sub setAuthSessionInfo {
# Try to get value
my $value =
$self->getAttributeValue( $name, $format, $friendly_name,
\@attributes );
\@attributes, $force_utf8 );
# Store value in sessionInfo
$self->{sessionInfo}->{$_} = $value if defined $value;

@ -42,9 +42,15 @@ sub setSessionInfo {
my $server = $self->{_lassoServer};
my $login = $self->{_lassoLogin};
my $idp = $self->{_idp};
my $idpConfKey = $self->{_idpConfKey};
my $exportedAttr;
# Force UTF-8
my $force_utf8 =
$self->{samlIDPMetaDataOptions}->{$idpConfKey}
->{samlIDPMetaDataOptionsForceUTF8};
# Get all required attributes, not already set
# in setAuthSessionInfo()
foreach ( keys %{ $self->{samlIDPMetaDataExportedAttributes}->{$idp} } ) {
@ -121,7 +127,7 @@ sub setSessionInfo {
# Try to get value
my $value = $self->getAttributeValue( $name, $format, $friendly_name,
\@response_attributes );
\@response_attributes, $force_utf8 );
unless ($value) {
$self->lmLog(

@ -1010,15 +1010,18 @@ sub getAssertion {
return $assertion;
}
## @method string getAttributeValue(string name, string format, string friendly_name, array_ref attributes)
## @method string getAttributeValue(string name, string format, string friendly_name, array_ref attributes, boolean force_utf8)
# Get SAML attribute value corresponding to name, format and friendly_name
# Multivaluated values are separated by multiValuesSeparator
# If force_utf8 flag is set, value is encoded in UTF-8
# @param name SAML attribute name
# @param format optional SAML attribute format
# @param friendly_name optional SAML attribute friendly name
# @param force_utf8 optional flag to force value in UTF-8
# @return attribute value
sub getAttributeValue {
my ( $self, $name, $format, $friendly_name, $attributes ) = splice @_;
my ( $self, $name, $format, $friendly_name, $attributes, $force_utf8 ) =
splice @_;
my $value;
# Loop on attributes
@ -1045,8 +1048,8 @@ sub getAttributeValue {
}
$value =~ s/\Q$self->{multiValuesSeparator}\E$//;
# Force UTF-8
$value = encode( "utf-8", $value );
# Encode UTF-8 if force_utf8 flag
$value = encode( "utf8", $value ) if $force_utf8;
}

Loading…
Cancel
Save