NAME
Net::SPID::SAML::IdP
VERSION
version 0.10
SYNOPSIS
use Net::SPID;
# get an IdP
my $idp = $spid->get_idp('https://www.prova.it/');
# generate an AuthnRequest
my $authnreq = $idp->authnrequest(
#acs_url => 'https://...', # URL of AssertionConsumerServiceURL to use
acs_index => 0, # index of AssertionConsumerService as per our SP metadata
attr_index => 1, # index of AttributeConsumingService as per our SP metadata
level => 1, # SPID level
);
# generate a LogoutRequest
my $logoutreq = $idp->logoutrequest(session => $spid_session);
# generate a LogoutResponse
my $logoutres = $idp->logoutresponse(in_response_to => $logoutreq->id, status => 'success');
ABSTRACT
This class represents an Identity Provider.
CONSTRUCTOR
This method is not supposed to be instantiated directly. Use the Net::SPID::SAML/get_idp
method in Net::SPID::SAML.
METHODS
authnrequest
This method generates an AuthnRequest addressed to this Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::AuthnRequest object.
my $authnrequest = $idp->authnrequest(
#acs_url => 'https://...', # URL of AssertionConsumerServiceURL to use
acs_index => 0, # index of AssertionConsumerService as per our SP metadata
attr_index => 1, # index of AttributeConsumingService as per our SP metadata
level => 1, # SPID level
);
The following arguments can be supplied to authnrequest()
:
- acs_url
-
The value to use for
AssertionConsumerServiceURL
in AuthnRequest. This is the URL where the user will be redirected (via GET or POST) by the Identity Provider after Single Sign-On. This must be one of the URLs contained in our Service Provider metadata. This is required if acs_index is not set, but it can be omitted if the "sp_acs_url" in Net::SPID option was set in Net::SPID. - acs_index
-
The value to use for
AssertionConsumerServiceIndex
in AuthnRequest. As an alternative to specifying the URL explicitely in each AuthnRequest using acs_url, a numeric index referring to the URL(s) specified in the Service Provider metadata can be supplied. It can be omitted if the "sp_acs_index" in Net::SPID option was set in Net::SPID. This is required if acs_url is not set, but it can be omitted if the "acs_index" in Net::SPID option was set in Net::SPID. - attr_index
-
(Optional.) The value to use for
AttributeConsumingServiceIndex
in AuthnRequest. This refers to theAttributeConsumingService
specified in the Service Provider metadata. If omitted, the "sp_attr_index" in Net::SPID option set in Net::SPID will be used. If that was not set, no attributes will be requested at all. - level
-
(Optional.) The SPID level requested (as an integer; can be 1, 2 or 3). If omitted, 1 will be used.
logoutrequest
This method generates a LogoutRequest addressed to this Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::LogoutRequest object.
my $logoutreq = $idp->logoutrequest(session => $spid_session);
The following arguments can be supplied to logoutrequest()
:
- session
-
The Net::SPID::Session object (originally returned by "parse_assertion" in Net::SPID::SAML through a Net::SPID::SAML::Assertion object) representing the SPID session to close.
logoutresponse
This method generates a LogoutResponse addressed to this Identity Provider. You usually need to generate a LogoutResponse when user initiated a logout on another Service Provider (or from the Identity Provider itself) and thus you got a LogoutRequest from the Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::LogoutResponse object.
my $logoutres = $idp->logoutresponse(
status => 'success',
in_response_to => $logoutreq->id,
);
The following arguments can be supplied to logoutresponse()
:
- status
-
This can be either
success
,partial
,requester
orresponder
according to the SAML specs.
AUTHOR
Alessandro Ranellucci <aar@cpan.org>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2018 by Alessandro Ranellucci.
This is free software, licensed under:
The (three-clause) BSD License