From a2be61bbcd7c3825d32833c8fb93cd40245a3aee Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Sat, 24 Dec 2016 08:47:39 +0000 Subject: [PATCH] SAML in progress (#595) --- .../lib/Lemonldap/NG/Portal/Auth/SAML.pm | 26 ++++++------- .../t/30-Auth-and-issuer-SAML-Artifact.t | 30 ++++----------- .../t/30-Auth-and-issuer-SAML-POST.t | 38 ------------------- .../t/30-Auth-and-issuer-SAML-Redirect.t | 32 ---------------- 4 files changed, 20 insertions(+), 106 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm index b46fb369c..8477d310a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm @@ -784,7 +784,7 @@ sub extractFormInfo { 'debug' ); # Artifact request are sent with SOAP trough POST - my $art_request = $req->param('POSTDATA'); + my $art_request = $req->body; my $art_response; # Create Login object @@ -809,18 +809,18 @@ sub extractFormInfo { return PE_SAML_ART_ERROR; } - $req->datas->{SOAPMessage} = $art_response; - - $self->lmLog( "Send SOAP Message: " . $req->datas->{SOAPMessage}, - 'debug' ); - - # Return SOAP message - $self->returnSOAPMessage(); - - # If we are here, there was a problem with SOAP request - $self->lmLog( "Artifact response was not sent trough SOAP", 'error' ); - return PE_SAML_ART_ERROR; - + $req->response( + [ + 200, + [ + 'Content-Type' => 'application/xml', + 'Content-Length' => length($art_response) + ], + [$art_response] + ] + ); + $req->user('SOAP client'); + return PE_SENDRESPONSE; } # 2. IDP resolution diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact.t index 4507d0bba..c0daf2ccc 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact.t @@ -66,7 +66,7 @@ SKIP: { 'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/' ); my ( $url, $query ) = expectRedirection( $res, - qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# ); + qr#^http://auth.idp.com(/saml/singleSignOnArtifact)\?(SAMLart=.+)# ); #ok( decode_base64($samlReq) =~ /^uri =~ m#http://auth.idp.com(.*)#, 'Request from SP to IdP' ); - my $url = $1; + ok( $req->uri =~ m#http://auth.((?:id|s)p).com(.*)#, 'SOAP request' ); + my $host = $1; + my $url = $2; my $res; my $s = $req->content; + my $client = ( $host eq 'idp' ? $issuer : $sp ); ok( - $res = $issuer->_post( + $res = $client->_post( $url, IO::String->new($s), length => length($s), type => 'application/xml', @@ -377,14 +379,8 @@ entityID="http://auth.sp.com/saml/metadata"> urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - @@ -605,14 +598,8 @@ entityID="http://auth.idp.com/saml/metadata"> urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t index d85f10615..87bce1b62 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t @@ -423,11 +423,6 @@ entityID="http://auth.sp.com/saml/metadata"> - - @@ -443,14 +438,8 @@ entityID="http://auth.sp.com/saml/metadata"> urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - - @@ -512,9 +496,6 @@ entityID="http://auth.sp.com/saml/metadata"> - @@ -651,11 +632,6 @@ entityID="http://auth.idp.com/saml/metadata"> - - @@ -671,14 +647,8 @@ entityID="http://auth.idp.com/saml/metadata"> urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - - @@ -740,9 +705,6 @@ entityID="http://auth.idp.com/saml/metadata"> - diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t index e957e5429..bbe12fcce 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t @@ -362,14 +362,9 @@ entityID="http://auth.sp.com/saml/metadata"> - - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress @@ -384,12 +379,6 @@ entityID="http://auth.sp.com/saml/metadata"> urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress @@ -590,14 +574,9 @@ entityID="http://auth.idp.com/saml/metadata"> - - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress @@ -612,12 +591,6 @@ entityID="http://auth.idp.com/saml/metadata"> urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress -- GitLab