Commit fe2ad66a authored by Clément OUDOT's avatar Clément OUDOT

Add attributes in CAS serviceValidate response (#773)

parent ef1da93b
......@@ -113,6 +113,13 @@ has 'casAccessControlPolicy' => (
documentation => 'CAS access control policy',
);
has 'casAttributes' => (
is => 'rw',
isa => 'HashRef',
default => sub { return {}; },
documentation => 'CAS Issuer exported attributes',
);
has 'CAS_authnLevel' => (
is => 'rw',
isa => 'Int',
......
......@@ -106,6 +106,7 @@ sub unserialize {
|authChoiceModules
|captchaStorageOptions
|CAS_proxiedServices
|casAttributes
|casStorageOptions
|dbiExportedVars
|demoExportedVars
......
......@@ -954,9 +954,14 @@ sub struct {
'text:/issuerDBCASRule:issuerdbCAS:boolOrPerlExpr',
issuerDBCASOptions => {
_nodes => [
qw(casAttr casAccessControlPolicy casStorage cn:casStorageOptions)
qw(casAttr cn:casAttributes casAccessControlPolicy casStorage cn:casStorageOptions)
],
casAttr => 'text:/casAttr',
casAttr => 'text:/casAttr',
casAttributes => {
_nodes => ['hash:/casAttributes:issuerDBCAS:btext'],
_js => 'hashRoot',
_help => 'issuerdbCAS',
},
casAccessControlPolicy =>
'select:/casAccessControlPolicy:issuerdbCAS:casAccessControlPolicyParams',
casStorage => 'text:/casStorage',
......@@ -2250,7 +2255,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
keyTest => qr/^\w+$/,
keyMsgFail => 'Bad CAS proxied service identifier',
},
casAttr => $testNotDefined,
casAttr => $testNotDefined,
casAttributes => {
keyTest => qr/^\w+$/,
keyMsgFail => 'Bad attribute',
},
casAccessControlPolicy => $testNotDefined,
casStorage => {
test => qr/^[\w:]*$/,
......
......@@ -124,6 +124,7 @@ sub en {
CAS_url => 'Server URL',
casAccessControlPolicy => 'Access control policy',
casAttr => 'CAS login',
casAttributes => 'CAS attributes',
casParams => 'CAS parameters',
casStorage => 'CAS sessions module name',
casStorageOptions => 'CAS sessions module options',
......@@ -691,6 +692,7 @@ sub fr {
CAS_url => 'URL du serveur',
casAccessControlPolicy => "Politique de contrôle d'accès",
casAttr => 'Identifiant CAS',
casAttributes => 'Attributs CAS',
casParams => 'Paramètres CAS',
casStorage => 'Nom du module des session CAS',
casStorageOptions => 'Options du module des sessions CAS',
......
......@@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_CAS;
use base qw(Lemonldap::NG::Portal::_CAS Lemonldap::NG::Portal::_LibAccess);
our $VERSION = '1.4.3';
our $VERSION = '2.0.0';
## @method void issuerDBInit()
# Nothing to do
......@@ -396,10 +396,19 @@ sub issuerForUnAuthUser {
$self->lmLog( "Get username $username", 'debug' );
# Get attributes [CAS 3.0]
my $attributes = {};
if (defined $self->{casAttributes} ) {
foreach my $casAttribute (keys %{ $self->{casAttributes} }) {
my $localSessionValue =$localSession->data->{ $self->{casAttributes}->{$casAttribute} };
$attributes->{$casAttribute} = $localSessionValue if defined $localSessionValue;
}
}
# Return success message
$self->deleteCasSession($casServiceSession);
$self->returnCasServiceValidateSuccess( $username,
$casProxyGrantingTicketIOU, $proxies );
$casProxyGrantingTicketIOU, $proxies, $attributes );
# We should not be there
return PE_ERROR;
......
......@@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::_Browser;
use Lemonldap::NG::Common::Session;
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
our $VERSION = '1.4.1';
our $VERSION = '2.0.0';
## @method hashref getCasSession(string id)
# Try to recover the CAS session corresponding to id and return session datas
......@@ -98,14 +98,15 @@ sub returnCasServiceValidateError {
$self->quit();
}
## @method void returnCasServiceValidateSuccess(string username, string pgtIou, string proxies)
## @method void returnCasServiceValidateSuccess(string username, string pgtIou, string proxies, hashref attributes)
# Return success for CAS SERVICE VALIDATE request
# @param username User name
# @param pgtIou Proxy granting ticket IOU
# @param proxies List of used CAS proxies
# @param attributes Attributes to return
# @return nothing
sub returnCasServiceValidateSuccess {
my ( $self, $username, $pgtIou, $proxies ) = splice @_;
my ( $self, $username, $pgtIou, $proxies, $attributes ) = splice @_;
$self->lmLog( "Return CAS service validate success with username $username",
'debug' );
......@@ -114,6 +115,21 @@ sub returnCasServiceValidateSuccess {
print "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>\n";
print "\t<cas:authenticationSuccess>\n";
print "\t\t<cas:user>$username</cas:user>\n";
if ( defined $attributes ) {
print "\t\t<cas:attributes>\n";
foreach my $attribute ( keys %$attributes ) {
foreach my $value (
split(
$self->{multiValuesSeparator},
$attributes->{$attribute}
)
)
{
print "\t\t\t<cas:$attribute>$value</cas:$attribute>\n";
}
}
print "\t\t</cas:attributes>\n";
}
if ( defined $pgtIou ) {
$self->lmLog( "Add proxy granting ticket $pgtIou in response",
'debug' );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment