Net::SPID::SAML::IdP
version 0.15
use Net::SPID; # get an IdP my $idp = $spid->get_idp('https://www.prova.it/'); # generate an AuthnRequest my $authnreq = $idp->authnrequest( #acs_url => 'https://...', # URL of AssertionConsumerServiceURL to use acs_index => 0, # index of AssertionConsumerService as per our SP metadata attr_index => 1, # index of AttributeConsumingService as per our SP metadata level => 1, # SPID level ); # generate a LogoutRequest my $logoutreq = $idp->logoutrequest(session => $spid_session); # generate a LogoutResponse my $logoutres = $idp->logoutresponse(in_response_to => $logoutreq->id, status => 'success');
This class represents an Identity Provider.
This constructor takes the metadata in XML form and parses it into a Net::SPID::SAML::IdP object:
my $idp = Net::SPID::SAML::IdP->new_from_xml(xml => $xml);
If the metadata is signed, this method will croak in case the signature is not valid.
Note that you don't usually need to construct this object manually. You load metadata using the methods offered by Net::SPID::SAML and then you retrieve the IdP you need using "get_idp" in Net::SPID::SAML.
This method generates an AuthnRequest addressed to this Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::Out::AuthnRequest object.
my $authnrequest = $idp->authnrequest( #acs_url => 'https://...', # URL of AssertionConsumerServiceURL to use acs_index => 0, # index of AssertionConsumerService as per our SP metadata attr_index => 1, # index of AttributeConsumingService as per our SP metadata level => 1, # SPID level );
The following arguments can be supplied to authnrequest():
authnrequest()
The value to use for AssertionConsumerServiceURL in AuthnRequest. This is the URL where the user will be redirected (via GET or POST) by the Identity Provider after Single Sign-On. This should be one of the URLs configured in the "sp_assertionconsumerservice" in Net::SPID parameter at initialization time, otherwise the Response will not be validated. If omitted, the first configured one will be used.
AssertionConsumerServiceURL
The value to use for AssertionConsumerServiceIndex in AuthnRequest. As an alternative to specifying the URL explicitely in each AuthnRequest using acs_url, a numeric index referring to the URL(s) specified in the Service Provider metadata can be supplied. Make sure the corresponding URL is listed in the "sp_assertionconsumerservice" in Net::SPID parameter, otherwise the response will not be validated.
AssertionConsumerServiceIndex
(Optional.) The value to use for AttributeConsumingServiceIndex in AuthnRequest. This refers to the AttributeConsumingService specified in the Service Provider metadata. If omitted, no attributes will be requested at all.
AttributeConsumingServiceIndex
AttributeConsumingService
(Optional.) The SPID level requested (as an integer; can be 1, 2 or 3). If omitted, 1 will be used.
This method generates a LogoutRequest addressed to this Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::LogoutRequest object.
my $logoutreq = $idp->logoutrequest(session => $spid_session);
The following arguments can be supplied to logoutrequest():
logoutrequest()
The Net::SPID::Session object (originally returned by "parse_response" in Net::SPID::SAML through a Net::SPID::SAML::In::Response object) representing the SPID session to close.
This method generates a LogoutResponse addressed to this Identity Provider. You usually need to generate a LogoutResponse when user initiated a logout on another Service Provider (or from the Identity Provider itself) and thus you got a LogoutRequest from the Identity Provider. Note that this method does not perform any network call, it just generates a Net::SPID::SAML::LogoutResponse object.
my $logoutres = $idp->logoutresponse( status => 'success', in_response_to => $logoutreq->id, );
The following arguments can be supplied to logoutresponse():
logoutresponse()
This can be either success, partial, requester or responder according to the SAML specs.
success
partial
requester
responder
Returns the signing certificate for this Identity Provider as a Crypt::OpenSSL::X509 object.
Returns the XML representation of this Identity Provider's metadata.
Returns the entityID of this Identity Provider.
Hashref of SingleSignOnService bindings, whose keys are the binding methods (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) and values contain the URLs.
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Hashref of SingleLogoutService bindings to be used for sending LogoutRequest messages. Keys are the binding methods (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) and values contain the URLs.
LogoutRequest
Hashref of SingleLogoutService bindings to be used for sending LogoutResponse messages. Keys are the binding methods (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) and values contain the URLs.
LogoutResponse
Alessandro Ranellucci <aar@cpan.org>
This software is Copyright (c) 2018 by Alessandro Ranellucci.
This is free software, licensed under:
The (three-clause) BSD License
To install Net::SPID, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Net::SPID
CPAN shell
perl -MCPAN -e shell install Net::SPID
For more information on module installation, please visit the detailed CPAN module installation guide.