Commit 41afc837 authored by Yadd's avatar Yadd

SAML in progress (#595)

parent aba27302
......@@ -1421,9 +1421,62 @@ sub sloServer {
$self->lmLog( "SLO: Logout request is valid", 'debug' );
# Get SP entityID
my $sp = $logout->remote_providerID();
$self->lmLog( "Found entityID $sp in SAML message", 'debug' );
# SP conf key
my $spConfKey = $self->spList->{$sp}->{confKey};
unless ($spConfKey) {
return $self->p->sendError( $req,
"$sp do not match any SP in configuration", 400 );
}
$self->lmLog( "$sp match $spConfKey SP in configuration", 'debug' );
# Load Session and Identity if they exist
my $session = $req->{sessionInfo}->{_lassoSessionDump};
my $identity = $req->{sessionInfo}->{_lassoIdentityDump};
my ( $session, $session_index, $identity, $local_session_id );
eval { $session_index = $logout->request()->SessionIndex; };
# SLO requests without session index are not accepted
unless ( defined $session_index ) {
$self->lmLog( "No session index in SLO request from $spConfKey SP",
'error' );
return $self->sendSLOErrorResponse( $logout, $method );
}
$local_session_id = $self->conf->{cipher}->decrypt($session_index);
$self->lmLog(
"Get session id $local_session_id (decrypted from $session_index)",
'debug'
);
if ( $req->{sessionInfo} ) {
$session = $req->{sessionInfo}->{_lassoSessionDump};
$identity = $req->{sessionInfo}->{_lassoIdentityDump};
}
unless ($session) {
# Open local session
my $local_session =
$self->p->getApacheSession( $local_session_id, 1 );
unless ($local_session) {
$self->lmLog( "No local session found", 'error' );
return $self->sendSLOErrorResponse( $logout, $method );
}
# Load Session and Identity if they exist
$session = $local_session->data->{_lassoSessionDump};
$identity = $local_session->data->{_lassoIdentityDump};
# Import user datas in $req (for other "logout" subs)
$req->id( $local_session->data->{_session_id} );
$req->sessionInfo( $local_session->data );
$req->user( $local_session->data->{ $self->conf->{whatToTrace} } );
}
if ($session) {
unless ( $self->setSessionFromDump( $logout, $session ) ) {
......@@ -1441,21 +1494,6 @@ sub sloServer {
$self->lmLog( "Lasso Identity loaded", 'debug' );
}
# Get SP entityID
my $sp = $logout->remote_providerID();
$self->lmLog( "Found entityID $sp in SAML message", 'debug' );
# SP conf key
my $spConfKey = $self->spList->{$sp}->{confKey};
unless ($spConfKey) {
return $self->p->sendError( $req,
"$sp do not match any SP in configuration", 400 );
}
$self->lmLog( "$sp match $spConfKey SP in configuration", 'debug' );
# Do we check signature?
my $checkSLOMessageSignature =
$self->conf->{samlSPMetaDataOptions}->{$spConfKey}
......@@ -1481,16 +1519,6 @@ sub sloServer {
return $self->sendSLOErrorResponse( $logout, $method )
unless ( $self->checkDestination( $logout->request, $url ) );
# Get session index
my $session_index;
eval { $session_index = $logout->request()->SessionIndex; };
# SLO requests without session index are not accepted
if ( $@ or !defined $session_index ) {
return $self->p->sendError( $req,
"No session index in SLO request from $spConfKey SP", 400 );
}
# Validate request if no previous error
unless ( $self->validateLogoutRequest($logout) ) {
return $self->p->sendError( $req, "SLO request is not valid", 400 );
......@@ -1519,17 +1547,6 @@ sub sloServer {
my $provider_nb =
$self->sendLogoutRequestToProviders( $req, $logout, $relayID );
# Decrypt session index
my $local_session_id = $self->conf->{cipher}->decrypt($session_index);
$self->lmLog(
"Get session id $local_session_id (decrypted from $session_index)",
'debug'
);
my $user = $req->{sessionInfo}->{user};
my $local_session = $self->p->getApacheSession( $local_session_id, 1 );
# Close SAML sessions
unless ( $self->deleteSAMLSecondarySessions($local_session_id) ) {
$self->lmLog( "Fail to delete SAML sessions", 'error' );
......
......@@ -401,7 +401,7 @@ sub checkMessage {
# 2.2.1. POST
if ( $content_type !~ /xml/ ) {
$req->parseBody unless(%{$req->params});
$req->parseBody unless ( %{ $req->params } );
$method = Lasso::Constants::HTTP_METHOD_POST;
$self->lmLog( "SAML method: HTTP-POST", 'debug' );
......@@ -2361,6 +2361,9 @@ sub sendLogoutResponseToServiceProvider {
return $self->p->do( $req, ['autoPost'] );
}
elsif ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
return $self->sendSLOSoapErrorResponse( $req, $logout, $method );
}
return $self->p->sendError( $req,
"Lasso method '$method' should not be handle here...", 400 );
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment