NAME

Net::SPID::SAML::IdP

VERSION

version 0.15

SYNOPSIS

    use Net::SPID;
    
    # get an IdP
    my $idp = $spid->get_idp('https://www.prova.it/');
    
    # generate an AuthnRequest
    my $authnreq = $idp->authnrequest(
        #acs_url    => 'https://...',   # URL of AssertionConsumerServiceURL to use
        acs_index   => 0,   # index of AssertionConsumerService as per our SP metadata
        attr_index  => 1,   # index of AttributeConsumingService as per our SP metadata
        level       => 1,   # SPID level
    );

    # generate a LogoutRequest
    my $logoutreq = $idp->logoutrequest(session => $spid_session);
    
    # generate a LogoutResponse
    my $logoutres = $idp->logoutresponse(in_response_to => $logoutreq->id, status => 'success');

ABSTRACT

This class represents an Identity Provider.

CONSTRUCTOR

new_from_xml

This constructor takes the metadata in XML form and parses it into a Net::SPID::SAML::IdP object:

    my $idp = Net::SPID::SAML::IdP->new_from_xml(xml => $xml);

If the metadata is signed, this method will croak in case the signature is not valid.

Note that you don't usually need to construct this object manually. You load metadata using the methods offered by Net::SPID::SAML and then you retrieve the IdP you need using "get_idp" in Net::SPID::SAML.

METHODS

authnrequest

This method generates an AuthnRequest addressed to this Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::Out::AuthnRequest object.

    my $authnrequest = $idp->authnrequest(
        #acs_url    => 'https://...',   # URL of AssertionConsumerServiceURL to use
        acs_index   => 0,   # index of AssertionConsumerService as per our SP metadata
        attr_index  => 1,   # index of AttributeConsumingService as per our SP metadata
        level       => 1,   # SPID level
    );

The following arguments can be supplied to authnrequest():

acs_url

The value to use for AssertionConsumerServiceURL in AuthnRequest. This is the URL where the user will be redirected (via GET or POST) by the Identity Provider after Single Sign-On. This should be one of the URLs configured in the "sp_assertionconsumerservice" in Net::SPID parameter at initialization time, otherwise the Response will not be validated. If omitted, the first configured one will be used.

acs_index

The value to use for AssertionConsumerServiceIndex in AuthnRequest. As an alternative to specifying the URL explicitely in each AuthnRequest using acs_url, a numeric index referring to the URL(s) specified in the Service Provider metadata can be supplied. Make sure the corresponding URL is listed in the "sp_assertionconsumerservice" in Net::SPID parameter, otherwise the response will not be validated.

attr_index

(Optional.) The value to use for AttributeConsumingServiceIndex in AuthnRequest. This refers to the AttributeConsumingService specified in the Service Provider metadata. If omitted, no attributes will be requested at all.

level

(Optional.) The SPID level requested (as an integer; can be 1, 2 or 3). If omitted, 1 will be used.

logoutrequest

This method generates a LogoutRequest addressed to this Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::LogoutRequest object.

    my $logoutreq = $idp->logoutrequest(session => $spid_session);

The following arguments can be supplied to logoutrequest():

session_index

The Net::SPID::Session object (originally returned by "parse_response" in Net::SPID::SAML through a Net::SPID::SAML::In::Response object) representing the SPID session to close.

logoutresponse

This method generates a LogoutResponse addressed to this Identity Provider. You usually need to generate a LogoutResponse when user initiated a logout on another Service Provider (or from the Identity Provider itself) and thus you got a LogoutRequest from the Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::LogoutResponse object.

    my $logoutres = $idp->logoutresponse(
        status          => 'success',
        in_response_to  => $logoutreq->id,
    );

The following arguments can be supplied to logoutresponse():

status

This can be either success, partial, requester or responder according to the SAML specs.

cert

Returns the signing certificate for this Identity Provider as a Crypt::OpenSSL::X509 object.

xml

Returns the XML representation of this Identity Provider's metadata.

entityID

Returns the entityID of this Identity Provider.

sso_urls

Hashref of SingleSignOnService bindings, whose keys are the binding methods (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) and values contain the URLs.

sloreq_urls

Hashref of SingleLogoutService bindings to be used for sending LogoutRequest messages. Keys are the binding methods (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) and values contain the URLs.

slores_urls

Hashref of SingleLogoutService bindings to be used for sending LogoutResponse messages. Keys are the binding methods (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) and values contain the URLs.

AUTHOR

Alessandro Ranellucci <aar@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2018 by Alessandro Ranellucci.

This is free software, licensed under:

  The (three-clause) BSD License