Commit 33712dcf authored by Xavier Guimard's avatar Xavier Guimard

Set ignore system for issuers (#1468)

parent 1260073a
......@@ -162,6 +162,15 @@ sub storeEnv {
return PE_OK;
}
sub ssoMatch {
my ( $self, $req ) = @_;
my $url = $self->normalize_url( $req->uri, $self->conf->{issuerDBSAMLPath},
$self->ssoGetUrl );
return ( $url =~ $self->ssoUrlRe or $req->datas->{_proxiedRequest}
? 1
: 0);
}
# Main method (launched only for authenticated users, see Main/Issuer)
sub run {
my ( $self, $req ) = @_;
......@@ -953,6 +962,7 @@ sub run {
}
}
$self->logger->debug("Not an issuer request");
return PE_OK;
}
......
......@@ -2980,8 +2980,8 @@ sub deleteSAMLSecondarySessions {
}
}
}
else {
$self->logger->debug("No SAML session found for session $session_id ");
elsif ($session_id) {
$self->logger->debug("No SAML session found for session $session_id");
}
return $result;
......
......@@ -73,20 +73,29 @@ sub init {
sub _redirect {
my ( $self, $req, @path ) = @_;
$self->logger->debug('Processing _redirect');
$self->logger->debug('Store issuer request');
my $ir =
$req->param( 'issuerRequest' . $self->path ) || $self->storeRequest($req);
$self->p->setHiddenFormValue( $req, 'issuerRequest' . $self->path,
$ir, '' );
$req->{urldc} = $self->conf->{portal};
$req->{urldc} =~ s#/*$##;
$req->{urldc} .= $req->path . '?'
. build_urlencoded( "issuerRequest$self->{path}" => $ir );
$self->p->setHiddenFormValue( $req, 'issuerUrldc', $req->urldc, '', 0 );
if ( my $t = $req->param( 'issuerRequest' . $self->path ) ) {
$ir = $t;
my $restore;
my $ir;
unless ( $self->can('ssoMatch') and not $self->ssoMatch($req) ) {
$restore = 1;
$self->logger->debug('Processing _redirect');
$self->logger->debug('Store issuer request');
$ir =
$req->param( 'issuerRequest' . $self->path )
|| $self->storeRequest($req);
$self->p->setHiddenFormValue( $req, 'issuerRequest' . $self->path,
$ir, '' );
$req->{urldc} = $self->conf->{portal};
$req->{urldc} =~ s#/*$##;
$req->{urldc} .= $req->path . '?'
. build_urlencoded( "issuerRequest$self->{path}" => $ir );
$self->p->setHiddenFormValue( $req, 'issuerUrldc', $req->urldc, '', 0 );
if ( my $t = $req->param( 'issuerRequest' . $self->path ) ) {
$ir = $t;
}
}
else {
$self->logger->debug("Ignore SSO request");
}
# TODO: launch normal process with 'run' at the end
......@@ -99,11 +108,16 @@ sub _redirect {
@{ $self->p->betweenAuthAndDatas },
$self->p->sessionDatas,
@{ $self->p->afterDatas },
sub {
# Restore urldc if auth doesn't need to dial with browser
$self->restoreRequest( $req, $ir );
return $self->run( @_, @path );
}
(
$restore
? sub {
# Restore urldc if auth doesn't need to dial with browser
$self->restoreRequest( $req, $ir );
return $self->run( @_, @path );
}
: ()
)
]
);
}
......
......@@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 18;
my $maintests = 17;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
......@@ -155,9 +155,6 @@ SKIP: {
expectAutoPost( $res, 'auth.idp.com', '/saml/singleLogout',
'SAMLRequest' );
#print STDERR Dumper($res);
#skip 'todo', 8;
# Push SAML logout request to IdP
switch ('issuer');
ok(
......@@ -185,20 +182,7 @@ SKIP: {
),
'Post SAML response to SP'
);
( $url, $s ) =
expectRedirection( $res, qr#^http://auth.sp.com(/.*?)(?:\?(.*))?$# );
# Follow redirection
ok(
$res = $sp->_get(
$url,
query => $s,
accept => 'text/html',
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
),
' Follow redirection'
);
diag "TODO: there is a loop here: http://auth.sp.com$url?$s";
expectOK($res);
# Test if logout is done
switch ('issuer');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment