NAME

Lemonldap::NG::Portal::Lib::SAML - Common SAML functions

SYNOPSIS

use Lemonldap::NG::Portal::Lib::SAML;

DESCRIPTION

This module contains common methods for SAML authentication and user information loading

METHODS

loadLasso

Load Lasso module

loadService

Load SAML service by creating a Lasso::Server

loadIDPs

Load SAML identity providers

loadSPs

Load SAML service providers

checkMessage

Check SAML requests and responses

checkLassoError

Log Lasso error code and message if this is actually a Lasso::Error with code > 0

createServer

Load service metadata and create Lasso::Server object

addIDP

Add IDP to an existing Lasso::Server

addSP

Add SP to an existing Lasso::Server

addAA

Add Attribute Authority to an existing Lasso::Server

addProvider

Add provider to an existing Lasso::Server

getOrganizationName

Return name of organization picked up from metadata

createAuthnRequest

Create authentication request for selected IDP

createLogin

Create Lasso::Login object

initAuthnRequest

Init authentication request

initIdpInitiatedAuthnRequest

Init authentication request for IDP initiated

buildAuthnRequestMsg

Build authentication request message

processAuthnRequestMsg

Process authentication request message

validateRequestMsg

Validate request message

buildAuthnResponseMsg

Build authentication response message

buildArtifactMsg

Build artifact message

buildAssertion

Build assertion

processAuthnResponseMsg

Process authentication response message

getNameIdentifier

Get NameID from Lasso Profile

createIdentity

Create Lasso::Identity object

createSession

Create Lasso::Session object

acceptSSO

Accept SSO from IDP

storeRelayState

Store information in relayState database and return

extractRelayState

Extract RelayState information into $self

getAssertion

Get assertion in Lasso::Login object

getAttributeValue

Get SAML attribute value corresponding to name, format and friendly_name Multivaluated values are separated by ';'

validateConditions

Validate conditions

createLogoutRequest

Create logout request for selected entity

createLogout

Create Lasso::Logout object

initLogoutRequest

Init logout request

buildLogoutRequestMsg

Build logout request message

setSessionFromDump

Set session from dump in Lasso::Profile object

setIdentityFromDump

Set identity from dump in Lasso::Profile object

getMetaDataURL

Get URL stored in a service metadata configuration key

processLogoutResponseMsg

Process logout response message

processLogoutRequestMsg

Process logout request message

validateLogoutRequest

Validate logout request

buildLogoutResponseMsg

Build logout response msg

storeReplayProtection

Store ID of an SAML message in Replay Protection base

replayProtection

Check if SAML message do not correspond to a previously responded message

resolveArtifact

Resolve artifact to get the real SAML message

storeArtifact

Store artifact

loadArtifact

Load artifact

createArtifactResponse

Create artifact response

processArtRequestMsg

Process artifact response message

processArtResponseMsg

Process artifact response message

sendSOAPMessage

Send SOAP message and get response

createAssertionQuery

Create a new assertion query

createAttributeRequest

Create an attribute request

validateAttributeRequest

Validate an attribute request

processAttributeRequest

Process an attribute request

buildAttributeResponse

Build attribute response

processAttributeResponse

Process an attribute response

getNameIDFormat

Convert configuration string into SAML2 NameIDFormat string

getHttpMethod

Convert configuration string into Lasso HTTP Method integer

getHttpMethodString

Convert configuration Lasso HTTP Method integer into string

getFirstHttpMethod

Find a suitable HTTP method for an entity with a given protocol

disableSignature

Modify Lasso signature hint to disable signature

forceSignature

Modify Lasso signature hint to force signature

disableSignatureVerification

Modify Lasso signature hint to disable signature verification

forceSignatureVerification

Modify Lasso signature hint to force signature verification

getAuthnContext

Convert configuration string into SAML2 AuthnContextClassRef string

timestamp2samldate

Convert timestamp into SAML2 date format

samldate2timestamp

Convert SAML2 date format into timestamp

sendLogoutResponseToServiceProvider

Send logout response issue from a logout request

sendLogoutRequestToProvider

Send logout request to a provider

sendLogoutRequestToProviders

Send logout response issue from a logout request to all other providers. If information have to be displayed to users, such as iframe to send HTTP-Redirect or HTTP-POST logout request, then $self->{_info} will be updated.

checkSignatureStatus

Check signature status

authnContext2authnLevel

Return authentication level corresponding to authnContext

authnLevel2authnContext

Return SAML authentication context corresponding to authnLevel

checkDestination

If SAML Destination attribute is present, check it

getSamlSession

Try to recover the SAML session corresponding to id and return session data

createAttribute

Create a new SAML attribute

createAttributeValue

Create a new SAML attribute value

getEncryptionMode

Return Lasso encryption mode

setProviderEncryptionMode

Set encryption mode on a provider

deleteSAMLSecondarySessions

Find and delete SAML sessions bounded to a primary session

sendSLOErrorResponse

Send an SLO error response

getQueryString

Get query string with or without CGI query_string() method

getSignatureMethod

Return Lasso signature method

setProviderSignatureMethod

Set signature method on a provider

SEE ALSO

Lemonldap::NG::Portal::Auth::SAML, Lemonldap::NG::Portal::UserDBSAML

AUTHORS

LemonLDAP::NG team http://lemonldap-ng.org/team

BUG REPORT

Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues

DOWNLOAD

Lemonldap::NG is available at http://forge.objectweb.org/project/showfiles.php?group_id=274

COPYRIGHT AND LICENSE

See COPYING file for details.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.