The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
 / 
Net-SPID-0.11
River stage one • 1 direct dependent • 1 total dependent
3 ++
/ Net::SPID::SAML::IdP

NAME

Net::SPID::SAML::IdP

VERSION

version 0.11

SYNOPSIS

    use Net::SPID;
    
    # get an IdP
    my $idp = $spid->get_idp('https://www.prova.it/');
    
    # generate an AuthnRequest
    my $authnreq = $idp->authnrequest(
        #acs_url    => 'https://...',   # URL of AssertionConsumerServiceURL to use
        acs_index   => 0,   # index of AssertionConsumerService as per our SP metadata
        attr_index  => 1,   # index of AttributeConsumingService as per our SP metadata
        level       => 1,   # SPID level
    );

    # generate a LogoutRequest
    my $logoutreq = $idp->logoutrequest(session => $spid_session);
    
    # generate a LogoutResponse
    my $logoutres = $idp->logoutresponse(in_response_to => $logoutreq->id, status => 'success');

ABSTRACT

This class represents an Identity Provider.

CONSTRUCTOR

This method is not supposed to be instantiated directly. Use the Net::SPID::SAML/get_idp method in Net::SPID::SAML.

METHODS

authnrequest

This method generates an AuthnRequest addressed to this Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::AuthnRequest object.

    my $authnrequest = $idp->authnrequest(
        #acs_url    => 'https://...',   # URL of AssertionConsumerServiceURL to use
        acs_index   => 0,   # index of AssertionConsumerService as per our SP metadata
        attr_index  => 1,   # index of AttributeConsumingService as per our SP metadata
        level       => 1,   # SPID level
    );

The following arguments can be supplied to authnrequest():

acs_url

The value to use for AssertionConsumerServiceURL in AuthnRequest. This is the URL where the user will be redirected (via GET or POST) by the Identity Provider after Single Sign-On. This must be one of the URLs contained in our Service Provider metadata. This is required if acs_index is not set, but it can be omitted if the "sp_acs_url" in Net::SPID option was set in Net::SPID.

acs_index

The value to use for AssertionConsumerServiceIndex in AuthnRequest. As an alternative to specifying the URL explicitely in each AuthnRequest using acs_url, a numeric index referring to the URL(s) specified in the Service Provider metadata can be supplied. It can be omitted if the "sp_acs_index" in Net::SPID option was set in Net::SPID. This is required if acs_url is not set, but it can be omitted if the "acs_index" in Net::SPID option was set in Net::SPID.

attr_index

(Optional.) The value to use for AttributeConsumingServiceIndex in AuthnRequest. This refers to the AttributeConsumingService specified in the Service Provider metadata. If omitted, the "sp_attr_index" in Net::SPID option set in Net::SPID will be used. If that was not set, no attributes will be requested at all.

level

(Optional.) The SPID level requested (as an integer; can be 1, 2 or 3). If omitted, 1 will be used.

logoutrequest

This method generates a LogoutRequest addressed to this Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::LogoutRequest object.

    my $logoutreq = $idp->logoutrequest(session => $spid_session);

The following arguments can be supplied to logoutrequest():

session

The Net::SPID::Session object (originally returned by "parse_assertion" in Net::SPID::SAML through a Net::SPID::SAML::Assertion object) representing the SPID session to close.

logoutresponse

This method generates a LogoutResponse addressed to this Identity Provider. You usually need to generate a LogoutResponse when user initiated a logout on another Service Provider (or from the Identity Provider itself) and thus you got a LogoutRequest from the Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::LogoutResponse object.

    my $logoutres = $idp->logoutresponse(
        status          => 'success',
        in_response_to  => $logoutreq->id,
    );

The following arguments can be supplied to logoutresponse():

status

This can be either success, partial, requester or responder according to the SAML specs.

AUTHOR

Alessandro Ranellucci <aar@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2018 by Alessandro Ranellucci.

This is free software, licensed under:

  The (three-clause) BSD License