Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • lemonldap-ng lemonldap-ng
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 329
    • Issues 329
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 12
    • Merge requests 12
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • LemonLDAP NG
  • lemonldap-nglemonldap-ng
  • Issues
  • #2176

Closed
Open
Created Apr 24, 2020 by René Linder@lihaso

SAML Send ProtocolBinding and AssertionConsumerURL in the AuthnRequest

Summary

Some SAML IdP did'nt fallback to the metadata information and fails.

So it would be nice to configure it via the IdP Settings Optional.

Design proposition

Currently manualy with a code addition solved for the problematic SAML IdP:

clement@ader-worteks:~/dev/lemonldap-ng$ git diff
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
index 1c55d1477..1fba06317 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@@ -869,6 +869,10 @@ sub createAuthnRequest {
     # Always allow NameID creation
     $request->NameIDPolicy()->AllowCreate(1);
 
+    # Set AssertionConsumerServiceURL and ProtocolBinding 
+    $request->ProtocolBinding(Lasso::Constants::HTTP_METHOD_POST);
+   
$request->AssertionConsumerServiceURL("https://auth.example.com/saml/proxySingleSignOnPost");
+
     # Force authentication
     if ($forceAuthn) {
         $self->logger->debug("Force authentication on IDP");
  • $request->ProtocolBinding(Lasso::Constants::HTTP_METHOD_POST); In this line something wrong (to less Perl knowing) it sets only number 3 not the Text who's needed ...

Thanks to @clement_oudot fore code 😄

Edited Apr 24, 2020 by René Linder
Assignee
Assign to
Time tracking