Commit b275ee2a authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG : WSDL is now clean

parent fbdb9ccb
...@@ -7,9 +7,9 @@ accounting. So you can have a full AAA protection. ...@@ -7,9 +7,9 @@ accounting. So you can have a full AAA protection.
See README file to known how it works. See README file to known how it works.
------------------------ ----------------------
I - EXAMPLE INSTALLATION I - QUICK INSTALLATION
------------------------ ----------------------
The proposed example use a protected site named test.example.com. Non The proposed example use a protected site named test.example.com. Non
authenticated users are redirected to auth.example.com. authenticated users are redirected to auth.example.com.
...@@ -31,13 +31,13 @@ package for Debian works fine). ...@@ -31,13 +31,13 @@ package for Debian works fine).
Perl modules: Perl modules:
Apache::Session, Net::LDAP, MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, Apache::Session, Net::LDAP, MIME::Base64, CGI, LWP::UserAgent, Cache::Cache,
DBI, XML::Simple, SOAP::Lite, HTML::Template, XML::LibXML DBI, XML::Simple, SOAP::Lite, HTML::Template, XML::LibXML, XML::LibXSLT
With Debian: With Debian:
apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl \ apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl \
libdbi-perl perl-modules libwww-perl libcache-cache-perl \ libdbi-perl perl-modules libwww-perl libcache-cache-perl \
libxml-simple-perl libhtml-template-perl libsoap-lite-perl \ libxml-simple-perl libhtml-template-perl libsoap-lite-perl \
libxml-libxml-perl libxml-libxml-perl libxml-libxslt-perl
1.2 - BUILDING 1.2 - BUILDING
-------------- --------------
...@@ -59,6 +59,9 @@ which are installed in a directory included in @INC. ...@@ -59,6 +59,9 @@ which are installed in a directory included in @INC.
$ debuild $ debuild
$ sudo dpkg -i ../*lemonldap-ng*.deb $ sudo dpkg -i ../*lemonldap-ng*.deb
Here, all is installed in /var/lib/lemonldap-ng, /etc/lemonldap-ng except Perl
libraries which are installed in /usr/share/perl5/Lemonldap/NG/
1.3 - EXAMPLE CONFIGURATION 1.3 - EXAMPLE CONFIGURATION
--------------------------- ---------------------------
...@@ -75,28 +78,20 @@ include this file in Apache configuration: ...@@ -75,28 +78,20 @@ include this file in Apache configuration:
Modify your /etc/hosts file to include: Modify your /etc/hosts file to include:
127.0.0.2 auth.example.com 127.0.0.1 auth.example.com test1.example.com manager.example.com test2.example.com
127.0.0.3 test.example.com
127.0.0.4 manager.example.com
Edit /path/to/lemonldap-ng/source/example/conf/lmConfig-1 and specify your LDAP Use a browser to connect to http://manager.example.com/ and specify your LDAP
settings. If you don't set managerDn and managerPassword, Lemonldap::NG will settings. If you don't set managerDn and managerPassword, Lemonldap::NG will
use an anonymous bind to find user dn. use an anonymous bind to find user dn.
(Debian users: /var/lib/lemonldap-ng/conf/lmConfig-1)
WARNINGS:
* only few parameters can be set by hand in the configuration file. You have
to use the manager to change configuration, but since the example is yet
configured, you can edit directly the file
* each new configuration is saved by the manager in a new file (or a new
record with DBI) so you can recover an old configuration by removing
Next, restart Apache use your prefered browser and try to connect to Next, restart Apache use your prefered browser and try to connect to
http://test.example.com/. You'll be redirect to auth.example.com. Try http://test1.example.com/. You'll be redirect to auth.example.com. Try
to authenticate yourself with a valid account and the protected page will to authenticate yourself with a valid account and the protected page will
appear. You will find other explanations on this page. appear. You will find other explanations on this page.
Configuration can be modified by connecting your browser to the file /usr/local/lemonldap-ng/etc/storage.conf
http://manager.example.com/ (/etc/lemonldap-ng/storage.conf on Debian systems) can be modified to change
configuration database.
------------------------- -------------------------
2 - ADVANCED INSTALLATION 2 - ADVANCED INSTALLATION
...@@ -133,8 +128,9 @@ Warning: Handler and Portal parts both need Lemonldap::NG::Manager components ...@@ -133,8 +128,9 @@ Warning: Handler and Portal parts both need Lemonldap::NG::Manager components
to access to configuration. to access to configuration.
Manager: Manager:
------- --------
CGI, XML::Simple, DBI, LWP::UserAgent (and SOAP::Lite if you want to use SOAP) Apache::Session, MIME::Base64, CGI, LWP::UserAgent, DBI, XML::Simple,
SOAP::Lite, XML::LibXML, XML::LibXSLT, Lemonldap::NG::Common
With Debian: With Debian:
apt-get install perl-modules libxml-simple-perl libdbi-perl libwww-perl apt-get install perl-modules libxml-simple-perl libdbi-perl libwww-perl
...@@ -142,15 +138,17 @@ With Debian: ...@@ -142,15 +138,17 @@ With Debian:
apt-get install libsoap-lite-perl apt-get install libsoap-lite-perl
Portal: Portal:
------ -------
Apache::Session, Net::LDAP, CGI, Lemonldap::NG::Manager Apache::Session, Net::LDAP, MIME::Base64, CGI, Cache::Cache, DBI, XML::Simple,
SOAP::Lite, HTML::Template, XML::LibXML, Lemonldap::NG::Common
With Debian: With Debian:
apt-get install libapache-session-perl libnet-ldap-perl perl-modules apt-get install libapache-session-perl libnet-ldap-perl perl-modules
Handler: Handler:
------- --------
Apache::Session, LWP::UserAgent, Cache::Cache, Lemonldap::NG::Manager Apache::Session, MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI,
XML::Simple, SOAP::Lite, Lemonldap::NG::Common
With Debian: With Debian:
apt-get install libapache-session-perl libwww-perl libcache-cache-perl apt-get install libapache-session-perl libwww-perl libcache-cache-perl
...@@ -172,7 +170,7 @@ else for a complete install: ...@@ -172,7 +170,7 @@ else for a complete install:
$ make && make test $ make && make test
$ sudo make install $ sudo make install
See prereq in §1.1.2 See prereq in §1.1.2
2.3 - LEMONLDAP::NG INSTALLATION 2.3 - LEMONLDAP::NG INSTALLATION
-------------------------------- --------------------------------
......
...@@ -81,7 +81,7 @@ Example (See Lemonldap::NG::Manager::Conf(3) to see how configuration is stored ...@@ -81,7 +81,7 @@ Example (See Lemonldap::NG::Manager::Conf(3) to see how configuration is stored
* User groups : * User groups :
# Custom-Name => group definition # Custom-Name => group definition
group1 => { $departmentUID eq "unit1" or $login = "xavier.guimard" } group1 => { $departmentUID eq "unit1" or $login = "foo.bar" }
* Area protection: * Area protection:
...@@ -122,9 +122,9 @@ a long expression at each HTTP request: ...@@ -122,9 +122,9 @@ a long expression at each HTTP request:
You can also use LDAP filters, or Perl expression or mixed expressions in You can also use LDAP filters, or Perl expression or mixed expressions in
groups definitions. Perl expressions has to be enclosed with {}: groups definitions. Perl expressions has to be enclosed with {}:
* group1 => (|(uid=xavier.guimard)(ou=unit1)) * group1 => (|(uid=foo.bar)(ou=unit1))
* group1 => {$uid eq "xavier.guimard" or $ou eq "unit1"} * group1 => {$uid eq "foo.bar" or $ou eq "unit1"}
* group1 => (|(uid=xavier.guimard){$ou eq "unit1"}) * group1 => (|(uid=foo.bar){$ou eq "unit1"})
It is also recommanded to use Perl expressions to avoid requiering the LDAP It is also recommanded to use Perl expressions to avoid requiering the LDAP
server more than 2 times per authentication. server more than 2 times per authentication.
......
...@@ -4,7 +4,7 @@ Priority: extra ...@@ -4,7 +4,7 @@ Priority: extra
Maintainer: Xavier Guimard <x.guimard@free.fr> Maintainer: Xavier Guimard <x.guimard@free.fr>
DM-Upload-Allowed: yes DM-Upload-Allowed: yes
Build-Depends: debhelper (>= 4.1.16), po-debconf Build-Depends: debhelper (>= 4.1.16), po-debconf
Build-Depends-Indep:libapache-session-perl, libnet-ldap-perl, libdbi-perl, libwww-perl, libcache-cache-perl, libxml-simple-perl, libcgi-session-perl, libcrypt-rijndael-perl Build-Depends-Indep:libapache-session-perl, libnet-ldap-perl, libdbi-perl, libwww-perl, libcache-cache-perl, libxml-simple-perl, libcgi-session-perl, libcrypt-rijndael-perl, libxml-libxslt-perl
Standards-Version: 3.8.0 Standards-Version: 3.8.0
Package: lemonldap-ng Package: lemonldap-ng
...@@ -59,7 +59,7 @@ Description: Lemonldap::NG apache manager part ...@@ -59,7 +59,7 @@ Description: Lemonldap::NG apache manager part
Package: liblemonldap-ng-portal-perl Package: liblemonldap-ng-portal-perl
Architecture: all Architecture: all
Depends: libapache-session-perl, libnet-ldap-perl, liblemonldap-ng-conf-perl (= ${binary:Version}), libhtml-template-perl, libjs-jquery, liblemonldap-ng-handler-perl (= ${binary:Version}), libxml-libxml-perl Depends: libapache-session-perl, libnet-ldap-perl, liblemonldap-ng-conf-perl (= ${binary:Version}), libhtml-template-perl, libjs-jquery, liblemonldap-ng-handler-perl (= ${binary:Version}), libxml-libxml-perl, libxml-libxslt-perl
Suggests: liblasso-perl, libcgi-session-perl, slapd Suggests: liblasso-perl, libcgi-session-perl, slapd
Description: Lemonldap::NG apache authentication portal part Description: Lemonldap::NG apache authentication portal part
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
......
...@@ -3,20 +3,24 @@ package Lemonldap::NG::Common::BuildWSDL; ...@@ -3,20 +3,24 @@ package Lemonldap::NG::Common::BuildWSDL;
use Lemonldap::NG::Common::Conf; use Lemonldap::NG::Common::Conf;
sub new { sub new {
my($class, $configStorage) = @_; my ( $class, $configStorage ) = @_;
my $self = bless {}, $class; my $self = bless {}, $class;
my $lmConf = Lemonldap::NG::Common::Conf->new($configStorage) or die($Lemonldap::NG::Common::Conf::msg); my $lmConf = Lemonldap::NG::Common::Conf->new($configStorage)
or die($Lemonldap::NG::Common::Conf::msg);
$self->{conf} = $lmConf->getConf() or die "Unable to load configuration"; $self->{conf} = $lmConf->getConf() or die "Unable to load configuration";
return $self; return $self;
} }
sub buildWSDL { sub buildWSDL {
my($self,$xml) = @_; my ( $self, $xml ) = @_;
$xml =~ s/__PORTAL__/$self->{conf}->{portal}/gs; my $portal = $self->{conf}->{portal};
$portal .= "index.pl" if ( $portal =~ /\/$/ );
$xml =~ s/__PORTAL__/$portal/gs;
$xml =~ s/__DOMAIN__/$self->{conf}->{domain}/gs; $xml =~ s/__DOMAIN__/$self->{conf}->{domain}/gs;
my @cookies = split /\s+/, $self->{conf}->{cookieName}; my @cookies = split /\s+/, $self->{conf}->{cookieName};
s#(.*)#<element name="$1" type="xsd:string"></element># foreach(@cookies); s#(.*)#<element name="$1" type="xsd:string"></element># foreach (@cookies);
#s#(.*)#<element name="$1" nillable="true" type="xsd:string"></element># foreach(@cookies);
#s#(.*)#<element name="$1" nillable="true" type="xsd:string"></element># foreach(@cookies);
$xml =~ s/__XMLCOOKIELIST__/join("\n",@cookies)/ges; $xml =~ s/__XMLCOOKIELIST__/join("\n",@cookies)/ges;
return $xml; return $xml;
} }
......
...@@ -5,6 +5,8 @@ ...@@ -5,6 +5,8 @@
# SOAP wrapper used to restrict exported functions # SOAP wrapper used to restrict exported functions
package Lemonldap::NG::Common::CGI::SOAPService; package Lemonldap::NG::Common::CGI::SOAPService;
require SOAP::Lite;
## @cmethod Lemonldap::NG::Common::CGI::SOAPService new(object obj,string @func) ## @cmethod Lemonldap::NG::Common::CGI::SOAPService new(object obj,string @func)
# Constructor # Constructor
# @param $obj object which will be called for SOAP authorizated methods # @param $obj object which will be called for SOAP authorizated methods
...@@ -26,10 +28,14 @@ sub AUTOLOAD { ...@@ -26,10 +28,14 @@ sub AUTOLOAD {
my $self = shift; my $self = shift;
$AUTOLOAD =~ s/.*:://; $AUTOLOAD =~ s/.*:://;
if(grep {$_ eq $AUTOLOAD} @{$self->{func}}){ if(grep {$_ eq $AUTOLOAD} @{$self->{func}}){
return $self->{obj}->$AUTOLOAD(@_); my $tmp = $self->{obj}->$AUTOLOAD(@_);
unless(ref($tmp) and ref($tmp) eq 'SOAP::Data') {
$tmp = SOAP::Data->name( result => $tmp );
}
return $tmp;
} }
elsif($AUTOLOAD ne 'DESTROY') { elsif($AUTOLOAD ne 'DESTROY') {
die "$AUTOLOAD is an authorizated function";use Data::Dumper; die "$AUTOLOAD is not an authorizated function";use Data::Dumper;
} }
1; 1;
} }
......
...@@ -4,9 +4,9 @@ use Lemonldap::NG::Common::BuildWSDL; ...@@ -4,9 +4,9 @@ use Lemonldap::NG::Common::BuildWSDL;
print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT); print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT);
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions targetNamespace="__PORTAL__" xmlns:impl="__PORTAL__" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns1="__PORTAL__"> <wsdl:definitions targetNamespace="urn:Lemonldap/NG/Common/CGI/SOAPService" xmlns:impl="urn:Lemonldap/NG/Common/CGI/SOAPService" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns1="urn:Lemonldap/NG/Common/CGI/SOAPService">
<wsdl:types> <wsdl:types>
<schema targetNamespace="__PORTAL__" xmlns="http://www.w3.org/2001/XMLSchema"> <schema targetNamespace="urn:Lemonldap/NG/Common/CGI/SOAPService" xmlns="http://www.w3.org/2001/XMLSchema">
<import namespace="http://schemas.xmlsoap.org/soap/encoding/" /> <import namespace="http://schemas.xmlsoap.org/soap/encoding/" />
<complexType name="CookiesSequence"> <complexType name="CookiesSequence">
<sequence> <sequence>
...@@ -25,8 +25,8 @@ print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT); ...@@ -25,8 +25,8 @@ print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT);
<wsdl:part name="lang" type="xsd:string" /> <wsdl:part name="lang" type="xsd:string" />
<wsdl:part name="code" type="xsd:int" /> <wsdl:part name="code" type="xsd:int" />
</wsdl:message> </wsdl:message>
<wsdl:message name="errorResponse"> <wsdl:message name="errorResponse">
<wsdl:part name="errorReturn" type="xsd:string" /> <wsdl:part name="result" type="xsd:string" />
</wsdl:message> </wsdl:message>
<wsdl:message name="getCookiesRequest"> <wsdl:message name="getCookiesRequest">
<wsdl:part name="user" type="xsd:string" /> <wsdl:part name="user" type="xsd:string" />
...@@ -35,7 +35,13 @@ print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT); ...@@ -35,7 +35,13 @@ print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT);
<wsdl:message name="getCookiesResponse"> <wsdl:message name="getCookiesResponse">
<wsdl:part name="getCookiesReturn" type="tns1:GetCookieResponse" /> <wsdl:part name="getCookiesReturn" type="tns1:GetCookieResponse" />
</wsdl:message> </wsdl:message>
<wsdl:portType name="myServiceHandler"> <wsdl:message name="notificationRequest">
<wsdl:part name="notification" type="xsd:string" />
</wsdl:message>
<wsdl:message name="notificationResponse">
<wsdl:part name="result" type="xsd:string" />
</wsdl:message>
<wsdl:portType name="authenticationHandler">
<wsdl:operation name="error" parameterOrder="lang code"> <wsdl:operation name="error" parameterOrder="lang code">
<wsdl:input message="impl:errorRequest" name="errorRequest" /> <wsdl:input message="impl:errorRequest" name="errorRequest" />
<wsdl:output message="impl:errorResponse" name="errorResponse" /> <wsdl:output message="impl:errorResponse" name="errorResponse" />
...@@ -45,32 +51,55 @@ print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT); ...@@ -45,32 +51,55 @@ print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT);
<wsdl:output message="impl:getCookiesResponse" name="getCookiesResponse" /> <wsdl:output message="impl:getCookiesResponse" name="getCookiesResponse" />
</wsdl:operation> </wsdl:operation>
</wsdl:portType> </wsdl:portType>
<wsdl:binding name="myServiceSoapBinding" type="impl:myServiceHandler"> <wsdl:portType name="notificationPostHandler">
<wsdl:operation name="newNotification" parameterOrder="notification">
<wsdl:input message="impl:newNotificationRequest" name="newNotificationRequest" />
<wsdl:output message="impl:newNotificationResponse" name="newNotificationResponse" />
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="authenticationSoapBinding" type="impl:authenticationHandler">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" /> <wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="error"> <wsdl:operation name="error">
<wsdlsoap:operation soapAction="" /> <wsdlsoap:operation soapAction="" />
<wsdl:input name="errorRequest"> <wsdl:input name="errorRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="__PORTAL__" use="encoded" /> <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:input> </wsdl:input>
<wsdl:output name="errorResponse"> <wsdl:output name="errorResponse">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="__PORTAL__" use="encoded" /> <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:output> </wsdl:output>
</wsdl:operation> </wsdl:operation>
<wsdl:operation name="getCookies"> <wsdl:operation name="getCookies">
<wsdlsoap:operation soapAction="" /> <wsdlsoap:operation soapAction="" />
<wsdl:input name="getCookiesRequest"> <wsdl:input name="getCookiesRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="__PORTAL__" use="encoded" /> <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:input> </wsdl:input>
<wsdl:output name="getCookiesResponse"> <wsdl:output name="getCookiesResponse">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="__PORTAL__" use="encoded" /> <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="notificationPostSoapBinding" type="impl:notificationPostHandler">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="newNotification">
<wsdlsoap:operation soapAction="" />
<wsdl:input name="newNotificationRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:input>
<wsdl:output name="newNotificationResponse">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:output> </wsdl:output>
</wsdl:operation> </wsdl:operation>
</wsdl:binding> </wsdl:binding>
<wsdl:service name="myServiceHandlerService"> <wsdl:service name="authenticationHandlerService">
<wsdl:port binding="impl:myServiceSoapBinding" name="myService"> <wsdl:port binding="impl:authenticationSoapBinding" name="authentication">
<wsdlsoap:address location="__PORTAL__" /> <wsdlsoap:address location="__PORTAL__" />
</wsdl:port> </wsdl:port>
</wsdl:service> </wsdl:service>
<wsdl:service name="notificationPostHandlerService">
<wsdl:port binding="impl:notificationPostSoapBinding" name="notificationPost">
<wsdlsoap:address location="__PORTAL__/notification" />
</wsdl:port>
</wsdl:service>
</wsdl:definitions> </wsdl:definitions>
EOT EOT
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment