Commit cd00bf3b authored by Xavier Guimard's avatar Xavier Guimard

OpenID server in progress

parent 6045909d
......@@ -419,6 +419,12 @@ sub struct {
SSLRequire => 'bool:/SSLRequire',
},
# OpenID
openIDParams => {
_nodes => [qw(openIdSecret)],
openIdSecret => 'text:/openIdSecret',
},
# CAS
casParams => {
_nodes => [
......@@ -1422,8 +1428,8 @@ sub defaultConf {
issuerDBCASPath => '^/cas/',
issuerDBCASRule => '1',
issuerDBOpenIDActivation => '0',
issuerDBOpenIDPath => '^/cas/',
issuerDBOpenIDRule => '1',
issuerDBOpenIDPath => '^/openidserver/',
issuerDBOpenIDRule => '1',
ldapBase => 'dc=example,dc=com',
ldapPort => '389',
ldapPwdEnc => 'utf-8',
......
......@@ -158,7 +158,18 @@ elsif ( my $info = $portal->info() ) {
);
}
# 2.4 Authentication has been refused OR this is the first access
# 2.4 OpenID menu page
elsif ( $portal->{error} == PE_OPENID_EMPTY ) {
$skinfile = 'openid.tpl';
my $p = $portal->{portal}.$portal->{issuerDBOpenIDPath};
$p =~ s#(?<!:)/\^?/#/#g;
%templateParams = (
SKIN => $skin,
PROVIDERURI => $p,
);
}
# 2.5 Authentication has been refused OR this is the first access
else {
$skinfile = 'login.tpl';
%templateParams = (
......
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>OpenID endpoint</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<meta http-equiv="cache-control" content="no-cache" />
<link rel="stylesheet" type="text/css" href="/skins/<TMPL_VAR NAME="SKIN">/impact.css" />
<link href="skins/common/favicon.ico" rel="icon" type="image/x-icon" />
<link href="skins/common/favicon.ico" rel="shortcut icon" />
<link rel="openid.server" href="<TMPL_VAR NAME="PROVIDERURI">" />
<link rel="openid2.provider" href="<TMPL_VAR NAME="PROVIDERURI">" />
</head>
<body>
<div id="content">
<div id="content-left">
<p><img src="/skins/<TMPL_VAR NAME="SKIN">/images/logo-lock.png" /></p>
</div>
<div id="content-right">
<p><span class="text-error">This is an OpenID endpoint page</span></p>
</div>
<TMPL_INCLUDE NAME="footer.tpl">
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>OpenID endpoint</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<meta http-equiv="cache-control" content="no-cache" />
<link rel="stylesheet" type="text/css" href="/skins/<TMPL_VAR NAME="SKIN">/styles.css" />
<link href="skins/common/favicon.ico" rel="icon" type="image/x-icon" />
<link href="skins/common/favicon.ico" rel="shortcut icon" />
<link rel="openid.server" href="<TMPL_VAR NAME="PROVIDERURI">" />
<link rel="openid2.provider" href="<TMPL_VAR NAME="PROVIDERURI">" />
</head>
<body>
<div id="page">
<div id="header"></div>
<div class="message warning" style="display:block"><ul><li>This is an OpenID endpoint page</li></ul></div>
<div class="loginlogo"></div>
<TMPL_INCLUDE NAME="footer.tpl">
......@@ -17,6 +17,8 @@ sub issuerDBInit {
my $self = shift;
eval { require Net::OpenID::Server };
$self->abort( 'Unable to load Net::OpenID::Server', $@ ) if ($@);
# TODO secret
$self->lmLog(
'OpenID provider module is not fully functionnal now, use for test purpose only',
'warn'
......@@ -29,65 +31,104 @@ sub issuerDBInit {
# @return Lemonldap::NG::Portal error code
sub issuerForUnAuthUser {
my $self = shift;
if ( $ENV{PATH_INFO} =~ /^\/openid/ ) {
# TODO: store GET and POST params somewhere...
# Restore datas
$self->restoreOpenIDprm();
my $mode = $self->param('openid.mode');
print STDERR Dumper($self->{_prm}); use Data::Dumper;
unless($mode) {
$self->lmLog( 'OpenID SP test', 'debug' );
return PE_OPENID_EMPTY;
}
my ( $type, $data );
if($mode eq 'associate') {
return $self->_openIDResponse( $self->openIDServer->_mode_associate() );
}
elsif($mode eq 'check_authentication'){
return $self->_openIDResponse( $self->openIDServer->_mode_check_authentication() );
}
else {
# TODO: store datas
$self->setHiddenFormValue('openidprm',Storable::nfreeze($self->{_prm}));
return PE_OK;
}
PE_OK;
}
## @apmethod int issuerForAuthUser()
# Do nothing
# @return Lemonldap::NG::Portal error code
sub issuerForAuthUser {
sub restoreOpenIDprm {
my $self = shift;
my $portal = $self->{portal};
$portal .= 'index.pl' if ( $portal =~ /\/$/ );
#TODO: Catch openIdSetup
my $server = Net::OpenID::Server->new(
post_args => $self->params(),
get_args => $self->params(),
endpoint_url => $portal . "/openid/",
setup_url => $self->{portal},
if(my $tmp = $self->getHiddenFormValue('openidprm')){
eval { $tmp = Storable::thaw($tmp); $self->{_prm}->{$_} = $tmp->{$_} foreach(keys %$tmp);};
}
}
sub openIDServer {
my $self = shift;
return $self->{_openidserver} if($self->{_openidserver});
$self->{_openidPortal} = $self->{portal} . "/openidserver/";
$self->{_openidPortal} =~ s#(?<!:)//#/#g;
$self->{_openidserver} = Net::OpenID::Server->new(
# TODO
server_secret=> sub{return 'azertt'},
post_args => $self->{_prm},
get_args => $self->{_prm},
endpoint_url => $self->{_openidPortal},
setup_url => $self->{_openidPortal},
get_user => sub {
print STDERR "############### 0#\n";
return $self->{sessionInfo}
->{ $self->{OpenIdAttr} || $self->{whatToTrace} };
},
get_identity => sub {
my ( $u, $identity ) = @_;
print STDERR "############### 1 $u, $identity#\n";
return $identity unless $u;
return $portal . "/openid/" . $u->username;
return $self->{_openidPortal} . $u->username;
},
is_identity => sub {
my ( $u, $identity ) = @_;
return $u && $u->username eq ( split '/', $identity )[-1];
return 0 unless($u and $identity);
return $u eq ( split '/', $identity )[-1];
},
is_trusted => sub {
my ( $u, $trust_root, $is_identity ) = @_;
print STDERR "############### 3 $u, $trust_root, $is_identity#\n";
return $is_identity;
}
);
return $self->{_openidserver};
}
my ( $type, $data ) = $server->handle_page();
sub _openIDResponse {
my ($self,$type,$data)=splice @_;
if ( $type eq 'redirect' ) {
$self->lmLog( 'OpenID redirection', 'debug' );
print $self->redirect($data);
$self->quit();
}
elsif ( $type eq 'setup' ) {
# TODO: what is in $data;
print $self->redirect( $portal
. "?openIdSetup=1&trust_root=$data->{trust_root}&return_to=$data->{return_to}"
);
print $self->quit();
$self->lmLog( 'OpenID setup', 'debug' );
$self->abort('Must never append !!!');
}
else {
$self->lmLog( 'OpenID generated page', 'debug' );
print $self->header($type);
print $data;
$self->quit();
}
$self->quit();
PE_OK;
}
## @apmethod int issuerForAuthUser()
# Do nothing
# @return Lemonldap::NG::Portal error code
sub issuerForAuthUser {
my $self = shift;
$self->restoreOpenIDprm();
$self->_openIDResponse( $self->openIDServer->handle_page() );
PE_OK;
}
......
......@@ -108,6 +108,7 @@ use constant {
PE_SAML_SESSION_ERROR => 59,
PE_SAML_LOAD_SP_ERROR => 60,
PE_SAML_ATTR_ERROR => 61,
PE_OPENID_EMPTY => 62,
# Portal messages
PM_USER => 0,
......@@ -142,7 +143,7 @@ our @EXPORT = qw( PE_IMG_NOK PE_IMG_OK PE_INFO PE_REDIRECT PE_DONE PE_OK
PE_SAML_SSO_ERROR PE_SAML_UNKNOWN_ENTITY PE_SAML_DESTINATION_ERROR
PE_SAML_CONDITIONS_ERROR PE_SAML_IDPSSOINITIATED_NOTALLOWED PE_SAML_SLO_ERROR
PE_SAML_SIGNATURE_ERROR PE_SAML_ART_ERROR PE_SAML_SESSION_ERROR
PE_SAML_LOAD_SP_ERROR PE_SAML_ATTR_ERROR
PE_SAML_LOAD_SP_ERROR PE_SAML_ATTR_ERROR PE_OPENID_EMPTY
PM_USER PM_DATE PM_IP PM_SESSIONS_DELETED PM_OTHER_SESSIONS
PM_REMOVE_OTHER_SESSIONS PM_PP_GRACE PM_PP_EXP_WARNING
PM_SAML_IDPSELECT PM_SAML_IDPCHOOSEN PM_REMEMBERCHOICE PM_SAML_SPLOGOUT
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment