Skip to content

GitLab

Commit a2be61bb authored by Yadd's avatar Yadd
Browse files
Options

SAML in progress (#595)

parent 565a61bc
Hide whitespace changes
Inline Side-by-side
Showing with 20 additions and 106 deletions
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
View file @ a2be61bb
...@@ -784,7 +784,7 @@ sub extractFormInfo { ...@@ -784,7 +784,7 @@ sub extractFormInfo {
'debug' ); 'debug' );
# Artifact request are sent with SOAP trough POST # Artifact request are sent with SOAP trough POST
my $art_request = $req->param('POSTDATA'); my $art_request = $req->body;
my $art_response; my $art_response;
# Create Login object # Create Login object
...@@ -809,18 +809,18 @@ sub extractFormInfo { ...@@ -809,18 +809,18 @@ sub extractFormInfo {
return PE_SAML_ART_ERROR; return PE_SAML_ART_ERROR;
} }
$req->datas->{SOAPMessage} = $art_response; $req->response(
[
$self->lmLog( "Send SOAP Message: " . $req->datas->{SOAPMessage}, 200,
'debug' ); [
'Content-Type' => 'application/xml',
# Return SOAP message 'Content-Length' => length($art_response)
$self->returnSOAPMessage(); ],
[$art_response]
# If we are here, there was a problem with SOAP request ]
$self->lmLog( "Artifact response was not sent trough SOAP", 'error' ); );
return PE_SAML_ART_ERROR; $req->user('SOAP client');
return PE_SENDRESPONSE;
} }
# 2. IDP resolution # 2. IDP resolution
......
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact.t
View file @ a2be61bb
...@@ -66,7 +66,7 @@ SKIP: { ...@@ -66,7 +66,7 @@ SKIP: {
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/' 'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
); );
my ( $url, $query ) = expectRedirection( $res, my ( $url, $query ) = expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# ); qr#^http://auth.idp.com(/saml/singleSignOnArtifact)\?(SAMLart=.+)# );
#ok( decode_base64($samlReq) =~ /^</s, 'SAML request seems valid' ) #ok( decode_base64($samlReq) =~ /^</s, 'SAML request seems valid' )
# or explain( decode_base64($samlReq), '<?xml ...' ); # or explain( decode_base64($samlReq), '<?xml ...' );
...@@ -158,7 +158,7 @@ SKIP: { ...@@ -158,7 +158,7 @@ SKIP: {
'Test if user is reject on SP' 'Test if user is reject on SP'
); );
expectRedirection( $res, expectRedirection( $res,
qr#^http://auth.idp.com/saml/singleSignOn\?(SAMLRequest=.*)# ); qr#^http://auth.idp.com/saml/singleSignOnArtifact\?(SAMLart=.*)# );
#print STDERR Dumper($res); #print STDERR Dumper($res);
} }
...@@ -174,12 +174,14 @@ no warnings 'redefine'; ...@@ -174,12 +174,14 @@ no warnings 'redefine';
sub LWP::UserAgent::request { sub LWP::UserAgent::request {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
ok( $req->uri =~ m#http://auth.idp.com(.*)#, 'Request from SP to IdP' ); ok( $req->uri =~ m#http://auth.((?:id|s)p).com(.*)#, 'SOAP request' );
my $url = $1; my $host = $1;
my $url = $2;
my $res; my $res;
my $s = $req->content; my $s = $req->content;
my $client = ( $host eq 'idp' ? $issuer : $sp );
ok( ok(
$res = $issuer->_post( $res = $client->_post(
$url, IO::String->new($s), $url, IO::String->new($s),
length => length($s), length => length($s),
type => 'application/xml', type => 'application/xml',
...@@ -377,14 +379,8 @@ entityID="http://auth.sp.com/saml/metadata"> ...@@ -377,14 +379,8 @@ entityID="http://auth.sp.com/saml/metadata">
urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
<NameIDFormat> <NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.sp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.sp.com/saml/singleSignOnArtifact" /> Location="http://auth.sp.com/saml/singleSignOnArtifact" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/singleSignOnSOAP" />
</IDPSSODescriptor> </IDPSSODescriptor>
<SPSSODescriptor AuthnRequestsSigned="true" <SPSSODescriptor AuthnRequestsSigned="true"
WantAssertionsSigned="true" WantAssertionsSigned="true"
...@@ -446,9 +442,6 @@ entityID="http://auth.sp.com/saml/metadata"> ...@@ -446,9 +442,6 @@ entityID="http://auth.sp.com/saml/metadata">
<AssertionConsumerService isDefault="true" index="0" <AssertionConsumerService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.sp.com/saml/proxySingleSignOnArtifact" /> Location="http://auth.sp.com/saml/proxySingleSignOnArtifact" />
<AssertionConsumerService isDefault="false" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/proxySingleSignOnPost" />
</SPSSODescriptor> </SPSSODescriptor>
<AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
...@@ -605,14 +598,8 @@ entityID="http://auth.idp.com/saml/metadata"> ...@@ -605,14 +598,8 @@ entityID="http://auth.idp.com/saml/metadata">
urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
<NameIDFormat> <NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.idp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.idp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.idp.com/saml/singleSignOnArtifact" /> Location="http://auth.idp.com/saml/singleSignOnArtifact" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/singleSignOnSOAP" />
</IDPSSODescriptor> </IDPSSODescriptor>
<SPSSODescriptor AuthnRequestsSigned="true" <SPSSODescriptor AuthnRequestsSigned="true"
WantAssertionsSigned="true" WantAssertionsSigned="true"
...@@ -674,9 +661,6 @@ entityID="http://auth.idp.com/saml/metadata"> ...@@ -674,9 +661,6 @@ entityID="http://auth.idp.com/saml/metadata">
<AssertionConsumerService isDefault="true" index="0" <AssertionConsumerService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.idp.com/saml/proxySingleSignOnArtifact" /> Location="http://auth.idp.com/saml/proxySingleSignOnArtifact" />
<AssertionConsumerService isDefault="false" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.idp.com/saml/proxySingleSignOnPost" />
</SPSSODescriptor> </SPSSODescriptor>
<AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
......
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t
View file @ a2be61bb
...@@ -423,11 +423,6 @@ entityID="http://auth.sp.com/saml/metadata"> ...@@ -423,11 +423,6 @@ entityID="http://auth.sp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0" <ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/artifact" /> Location="http://auth.sp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/singleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.sp.com/saml/singleLogout"
ResponseLocation="http://auth.sp.com/saml/singleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/singleLogout" Location="http://auth.sp.com/saml/singleLogout"
ResponseLocation="http://auth.sp.com/saml/singleLogoutReturn" /> ResponseLocation="http://auth.sp.com/saml/singleLogoutReturn" />
...@@ -443,14 +438,8 @@ entityID="http://auth.sp.com/saml/metadata"> ...@@ -443,14 +438,8 @@ entityID="http://auth.sp.com/saml/metadata">
urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
<NameIDFormat> <NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.sp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/singleSignOn" /> Location="http://auth.sp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.sp.com/saml/singleSignOnArtifact" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/singleSignOnSOAP" />
</IDPSSODescriptor> </IDPSSODescriptor>
<SPSSODescriptor AuthnRequestsSigned="true" <SPSSODescriptor AuthnRequestsSigned="true"
WantAssertionsSigned="true" WantAssertionsSigned="true"
...@@ -489,11 +478,6 @@ entityID="http://auth.sp.com/saml/metadata"> ...@@ -489,11 +478,6 @@ entityID="http://auth.sp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0" <ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/artifact" /> Location="http://auth.sp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/proxySingleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.sp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.sp.com/saml/proxySingleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/proxySingleLogout" Location="http://auth.sp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.sp.com/saml/proxySingleLogoutReturn" /> ResponseLocation="http://auth.sp.com/saml/proxySingleLogoutReturn" />
...@@ -512,9 +496,6 @@ entityID="http://auth.sp.com/saml/metadata"> ...@@ -512,9 +496,6 @@ entityID="http://auth.sp.com/saml/metadata">
<AssertionConsumerService isDefault="true" index="0" <AssertionConsumerService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/proxySingleSignOnPost" /> Location="http://auth.sp.com/saml/proxySingleSignOnPost" />
<AssertionConsumerService isDefault="false" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.sp.com/saml/proxySingleSignOnArtifact" />
</SPSSODescriptor> </SPSSODescriptor>
<AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
...@@ -651,11 +632,6 @@ entityID="http://auth.idp.com/saml/metadata"> ...@@ -651,11 +632,6 @@ entityID="http://auth.idp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0" <ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/artifact" /> Location="http://auth.idp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/singleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.idp.com/saml/singleLogout"
ResponseLocation="http://auth.idp.com/saml/singleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.idp.com/saml/singleLogout" Location="http://auth.idp.com/saml/singleLogout"
ResponseLocation="http://auth.idp.com/saml/singleLogoutReturn" /> ResponseLocation="http://auth.idp.com/saml/singleLogoutReturn" />
...@@ -671,14 +647,8 @@ entityID="http://auth.idp.com/saml/metadata"> ...@@ -671,14 +647,8 @@ entityID="http://auth.idp.com/saml/metadata">
urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
<NameIDFormat> <NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.idp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.idp.com/saml/singleSignOn" /> Location="http://auth.idp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.idp.com/saml/singleSignOnArtifact" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/singleSignOnSOAP" />
</IDPSSODescriptor> </IDPSSODescriptor>
<SPSSODescriptor AuthnRequestsSigned="true" <SPSSODescriptor AuthnRequestsSigned="true"
WantAssertionsSigned="true" WantAssertionsSigned="true"
...@@ -717,11 +687,6 @@ entityID="http://auth.idp.com/saml/metadata"> ...@@ -717,11 +687,6 @@ entityID="http://auth.idp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0" <ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/artifact" /> Location="http://auth.idp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/proxySingleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.idp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.idp.com/saml/proxySingleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.idp.com/saml/proxySingleLogout" Location="http://auth.idp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.idp.com/saml/proxySingleLogoutReturn" /> ResponseLocation="http://auth.idp.com/saml/proxySingleLogoutReturn" />
...@@ -740,9 +705,6 @@ entityID="http://auth.idp.com/saml/metadata"> ...@@ -740,9 +705,6 @@ entityID="http://auth.idp.com/saml/metadata">
<AssertionConsumerService isDefault="true" index="0" <AssertionConsumerService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.idp.com/saml/proxySingleSignOnPost" /> Location="http://auth.idp.com/saml/proxySingleSignOnPost" />
<AssertionConsumerService isDefault="false" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.idp.com/saml/proxySingleSignOnArtifact" />
</SPSSODescriptor> </SPSSODescriptor>
<AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
......
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
View file @ a2be61bb
...@@ -362,14 +362,9 @@ entityID="http://auth.sp.com/saml/metadata"> ...@@ -362,14 +362,9 @@ entityID="http://auth.sp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0" <ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/artifact" /> Location="http://auth.sp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/singleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.sp.com/saml/singleLogout" Location="http://auth.sp.com/saml/singleLogout"
ResponseLocation="http://auth.sp.com/saml/singleLogoutReturn" /> ResponseLocation="http://auth.sp.com/saml/singleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/singleLogout"
ResponseLocation="http://auth.sp.com/saml/singleLogoutReturn" />
<NameIDFormat> <NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat> <NameIDFormat>
...@@ -384,12 +379,6 @@ entityID="http://auth.sp.com/saml/metadata"> ...@@ -384,12 +379,6 @@ entityID="http://auth.sp.com/saml/metadata">
urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.sp.com/saml/singleSignOn" /> Location="http://auth.sp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.sp.com/saml/singleSignOnArtifact" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/singleSignOnSOAP" />
</IDPSSODescriptor> </IDPSSODescriptor>
<SPSSODescriptor AuthnRequestsSigned="true" <SPSSODescriptor AuthnRequestsSigned="true"
WantAssertionsSigned="true" WantAssertionsSigned="true"
...@@ -428,14 +417,9 @@ entityID="http://auth.sp.com/saml/metadata"> ...@@ -428,14 +417,9 @@ entityID="http://auth.sp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0" <ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/artifact" /> Location="http://auth.sp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/proxySingleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.sp.com/saml/proxySingleLogout" Location="http://auth.sp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.sp.com/saml/proxySingleLogoutReturn" /> ResponseLocation="http://auth.sp.com/saml/proxySingleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.sp.com/saml/proxySingleLogoutReturn" />
<NameIDFormat> <NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat> <NameIDFormat>
...@@ -590,14 +574,9 @@ entityID="http://auth.idp.com/saml/metadata"> ...@@ -590,14 +574,9 @@ entityID="http://auth.idp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0" <ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/artifact" /> Location="http://auth.idp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/singleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.idp.com/saml/singleLogout" Location="http://auth.idp.com/saml/singleLogout"
ResponseLocation="http://auth.idp.com/saml/singleLogoutReturn" /> ResponseLocation="http://auth.idp.com/saml/singleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.idp.com/saml/singleLogout"
ResponseLocation="http://auth.idp.com/saml/singleLogoutReturn" />
<NameIDFormat> <NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat> <NameIDFormat>
...@@ -612,12 +591,6 @@ entityID="http://auth.idp.com/saml/metadata"> ...@@ -612,12 +591,6 @@ entityID="http://auth.idp.com/saml/metadata">
urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.idp.com/saml/singleSignOn" /> Location="http://auth.idp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.idp.com/saml/singleSignOn" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://auth.idp.com/saml/singleSignOnArtifact" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/singleSignOnSOAP" />
</IDPSSODescriptor> </IDPSSODescriptor>
<SPSSODescriptor AuthnRequestsSigned="true" <SPSSODescriptor AuthnRequestsSigned="true"
WantAssertionsSigned="true" WantAssertionsSigned="true"
...@@ -656,14 +629,9 @@ entityID="http://auth.idp.com/saml/metadata"> ...@@ -656,14 +629,9 @@ entityID="http://auth.idp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0" <ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/artifact" /> Location="http://auth.idp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.idp.com/saml/proxySingleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.idp.com/saml/proxySingleLogout" Location="http://auth.idp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.idp.com/saml/proxySingleLogoutReturn" /> ResponseLocation="http://auth.idp.com/saml/proxySingleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.idp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.idp.com/saml/proxySingleLogoutReturn" />
<NameIDFormat> <NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat> <NameIDFormat>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment