NAME
Mojo::SAML - A SAML2 toolkit using the Mojo toolkit
DESCRIPTION
Mojo::SAML is a project to build a SAML toolkit using the Mojo stack. It is (for better or worse) completely reimplemented from the ground up. It is considered extremely experimental and unstable (see "CAVEATS").
That said, it can do basic SAML interactions given the proper configuration. For more on SAML, you might want to consult https://en.wikipedia.org/wiki/SAML_2.0 or https://wiki.oasis-open.org/security.
CAVEATS
It currently has plenty of limitations and should be considered extremely experimental. The API can and will change without warning until this warning is removed.
It also relies heavily on using the simpler SAML bindings and is only really workable for RSA keys. Because of this, there are dependencies on Crypt::OpenSSL::RSA and Crypt::OpenSSL::X509 which really should be optional, though they are required until other signing mechanisms are included. Users are encouraged to add those modules to their own dependencies in case they become optional in the future.
Currently data extraction and documentation are very much separate sets of code. It is not yet decided if this will continue or if some effort will be made to unify them. This is a large part of the concern for api stability.
While most classes have API documentation, currently overall usage documentation is lacking. For the time being, examples can be seen in the ex/
directory within the source repository and/or distribution, especially ex/webapp.pl
. These examples will be modified as the API changes and eventually usage documentation should be written.
Mojo::XMLSig has some tests, the rest has precious few tests. There could always be more tests.
All of this should be improvable. PRs and comments are most welcome.
EXPORTS
Mojo::SAML exports nothing by default. On request it can export any of the following symbols or tags.
XML Document Constructors
The following symbols are constant functions which return the full name of Mojo::SAML::Document subclasses. Their name is both the name of the subclass and the tag that they create.
AssertionConsumerService
Constant shortcut to Mojo::SAML::Document::AssertionConsumerService.
AttributeConsumingService
Constant shortcut to Mojo::SAML::Document::AttributeConsumingService.
AuthnRequest
Constant shortcut to Mojo::SAML::Document::AuthnRequest.
ContactPerson
Constant shortcut to Mojo::SAML::Document::ContactPerson.
EntityDescriptor
Constant shortcut to Mojo::SAML::Document::EntityDescriptor.
KeyDescriptor
Constant shortcut to Mojo::SAML::Document::KeyDescriptor.
KeyInfo
Constant shortcut to Mojo::SAML::Document::KeyInfo.
NameIDPolicy
Constant shortcut to Mojo::SAML::Document::NameIDPolicy.
Organization
Constant shortcut to Mojo::SAML::Document::Organization.
RequestedAttribute
Constant shortcut to Mojo::SAML::Document::RequestedAttribute.
Signature
Constant shortcut to Mojo::SAML::Document::Signature.
SPSSODescriptor
Constant shortcut to Mojo::SAML::Document::SPSSODescriptor.
Tags
:docs
Exports all of the above document type constants.
OTHER MODULES
While they aren't linked to from this module, some other modules that will likely be useful are:
Mojo::SAML::Names
Mojo::SAML::Names is a (fairly incomplete) list of naming conventions and standard used in SAML.
Mojo::SAML::IdP
Mojo::SAML::IdP is a tool for examining the entity metadata returned from an identity provider and extracting useful inforamation.
Mojo::XMLSig
Mojo::XMLSig is a tool for signing and verifying XML documents. Note that it is possible that this module could be spun out into its own distribution at some point. If it does, this module will depend on it.
Mojolicious::Plugin::SAML
Mojolicious::Plugin::SAML attempts to be a turn-key SAML Service Provider (SP) implementation. This is useful for interacting with a single Identity Provider (IdP) under simple circumstances. This is (as with all the rest) still highly experimental.
SOURCE REPOSITORY
http://github.com/jberger/Mojo-SAML
CONTRIBUTORS
Giuseppe Di Terlizzi (giterlizzi)
Mohammad S Anwar (manwar)
AUTHOR
Joel Berger, <joel.a.berger@gmail.com>
COPYRIGHT AND LICENSE
Copyright (C) 2018 by "AUTHOR" and "CONTRIBUTORS" This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.