NAME

Net::SAML2::Binding::Redirect - HTTP Redirect binding for SAML

VERSION

version 0.81

SYNOPSIS

my $redirect = Net::SAML2::Binding::Redirect->new(
  key     => '/path/to/SPsign-nopw-key.pem',		# Service Provider (SP) private key
  url     => $sso_url,							# Service Provider Single Sign Out URL
  param   => 'SAMLRequest' OR 'SAMLResponse',		# Type of request
  cert    => $idp->cert('signing')				# Identity Provider (IdP) certificate
  sig_hash => 'sha256', 'sha224', 'sha384', 'sha512' or 'sha1'  # Signature to sign request
);

my $url = $redirect->sign($authnreq);

my $ret = $redirect->verify($url);

METHODS

new( ... )

Constructor. Creates an instance of the Redirect binding.

Arguments:

key

The SP's (Service Provider) also known as your application's signing key that your application uses to sign the AuthnRequest. Some IdPs may not verify the signature.

Usually required when param is SAMLRequest.

If you don't want to sign the request, you can pass insecure => 1 and not provide a key; in this case, sign will return a non-signed URL.

cert

IdP's (Identity Provider's) certificate that is used to verify a signed Redirect from the IdP. It is used to verify the signature of the Redirect response. Required with param being SAMLResponse.

url

IdP's SSO (Single Sign Out) service url for the Redirect binding Required with param being SAMLRequest.

param

query param name to use (SAMLRequest, SAMLResponse) Defaults to SAMLRequest.

sig_hash

RSA signature hash used to sign request

Supported:

sha256, sha224, sha384, sha512 and sha1

Defaults to sha256.

debug

Output extra debugging information

get_redirect_uri($authn_request, $relaystate)

Get the redirect URI for a given request, and returns the URL to which the user's browser should be redirected.

Accepts an optional RelayState parameter, a string which will be returned to the requestor when the user returns from the authentication process with the IdP.

The request is signed unless the the object has been instantiated with <insecure = 1>>.

sign( $request, $relaystate )

Signs the given request, and returns the URL to which the user's browser should be redirected.

Accepts an optional RelayState parameter, a string which will be returned to the requestor when the user returns from the authentication process with the IdP.

Returns the signed (or unsigned) URL for the SAML2 redirect

verify( $query_string )

my ($request, $relaystate) = $self->verify($query_string)

Decode a Redirect binding URL.

Verifies the signature on the response.

Requires the *raw* query string to be passed, because URI parses and re-encodes URI-escapes in uppercase (%3f becomes %3F, for instance), which leads to signature verification failures if the other party uses lower case (or mixed case).

Returns an ARRAY of containing the verified request and relaystate (if it exists). Croaks on errors.

AUTHORS

Chris Andrews <chrisa@cpan.org>
Timothy Legge <timlegge@gmail.com>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install Net::SAML2, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::SAML2

CPAN shell

perl -MCPAN -e shell
install Net::SAML2

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)