our
@ISA
=
qw(Lemonldap::NG::Portal::_SAML)
;
our
$VERSION
=
'1.0.0'
;
sub
userDBInit {
my
$self
=
shift
;
if
(
$self
->get_module(
'auth'
) =~ /^SAML/ ) {
return
PE_OK;
}
else
{
$self
->lmLog(
"SAML user module require SAML authentication"
,
'error'
);
return
PE_SAML_ERROR;
}
}
sub
getUser {
PE_OK;
}
sub
setSessionInfo {
my
$self
=
shift
;
my
$idp
=
$self
->{_idp};
my
$idpConfKey
=
$self
->{_idpConfKey};
my
$nameid
=
$self
->{_nameID};
my
$exportedAttr
;
my
$force_utf8
=
$self
->{samlIDPMetaDataOptions}->{
$idpConfKey
}
->{samlIDPMetaDataOptionsForceUTF8};
foreach
(
keys
%{
$self
->{samlIDPMetaDataExportedAttributes}->{
$idpConfKey
} } )
{
my
(
$mandatory
,
$name
,
$format
,
$friendly_name
) =
split
( /;/,
$self
->{samlIDPMetaDataExportedAttributes}->{
$idpConfKey
}->{
$_
} );
if
(
$mandatory
and not
defined
$self
->{sessionInfo}->{
$_
} ) {
$exportedAttr
->{
$_
} =
$self
->{samlIDPMetaDataExportedAttributes}->{
$idpConfKey
}->{
$_
};
$self
->lmLog(
"Attribute $_ will be requested to $idpConfKey"
,
'debug'
);
}
}
unless
(
keys
%$exportedAttr
) {
$self
->lmLog(
"All mandatory attributes were present in authentication response"
,
'debug'
);
return
PE_OK;
}
my
$current_server
=
$self
->{_lassoServer};
$self
->loadService(1);
my
$server
=
$self
->{_lassoServer};
unless
(
$server
) {
$self
->lmLog(
"Unable to create service for attribute request"
,
'error'
);
return
PE_SAML_LOAD_SERVICE_ERROR;
}
$self
->lmLog(
"Service for attribute request created"
,
'debug'
);
my
$idp_metadata
=
$self
->{samlIDPMetaDataXML}->{
$idpConfKey
}->{samlIDPMetaDataXML};
if
(
$self
->{samlMetadataForceUTF8} ) {
$idp_metadata
= encode(
"utf8"
,
$idp_metadata
);
}
unless
(
$self
->addAA(
$server
,
$idp_metadata
) ) {
$self
->lmLog(
"Fail to use IDP $idpConfKey Metadata as Attribute Authority"
,
'error'
);
return
PE_SAML_LOAD_IDP_ERROR;
}
my
$query
=
$self
->createAttributeRequest(
$server
,
$idp
,
$exportedAttr
,
$nameid
);
unless
(
$query
) {
$self
->lmLog(
"Unable to build attribute request for $idpConfKey"
,
'error'
);
return
PE_SAML_ATTR_ERROR;
}
my
$query_url
=
$query
->msg_url;
my
$query_body
=
$query
->msg_body;
my
$response
=
$self
->sendSOAPMessage(
$query_url
,
$query_body
);
unless
(
$response
) {
$self
->lmLog(
"No attribute response to SOAP request"
,
'error'
);
return
PE_SAML_ATTR_ERROR;
}
my
$result
=
$self
->processAttributeResponse(
$server
,
$response
);
unless
(
$result
) {
$self
->lmLog(
"Fail to process attribute response"
,
'error'
);
return
PE_SAML_ATTR_ERROR;
}
my
@response_attributes
;
eval
{
@response_attributes
=
$result
->response()->Assertion()->AttributeStatement()->Attribute();
};
if
($@) {
$self
->lmLog(
"No attributes defined in attribute response"
,
'error'
);
return
PE_SAML_ATTR_ERROR;
}
foreach
(
keys
%$exportedAttr
) {
my
(
$mandatory
,
$name
,
$format
,
$friendly_name
) =
split
( /;/,
$exportedAttr
->{
$_
} );
my
$value
=
$self
->getAttributeValue(
$name
,
$format
,
$friendly_name
,
\
@response_attributes
,
$force_utf8
);
unless
(
$value
) {
$self
->lmLog(
"Attribute $_ is mandatory, but was not delivered by $idpConfKey"
,
'error'
);
return
PE_SAML_ATTR_ERROR;
}
$self
->lmLog(
"Get value $value for attribute $_"
,
'debug'
);
$self
->{sessionInfo}->{
$_
} =
$value
;
}
$self
->{_lassoServer} =
$current_server
;
return
PE_OK;
}
sub
setGroups {
PE_OK;
}
1;