PE_OK
PE_SAML_ATTR_ERROR
PE_SAML_LOAD_IDP_ERROR
PE_SAML_LOAD_SERVICE_ERROR
);
our $VERSION = '2.19.0';
extends qw(
Lemonldap::NG::Portal::Lib::SAML
);
sub init {
my ($self) = @_;
$self->lassoServer(
$self->p->loadedModules->{'Lemonldap::NG::Portal::Auth::SAML'}
->lassoServer );
return 1;
}
sub getUser {
return PE_OK;
}
sub findUser {
return PE_OK;
}
sub setSessionInfo {
my ( $self, $req ) = @_;
my $idp = $req->data->{_idp};
my $idpConfKey = $req->data->{_idpConfKey};
my $nameid = $req->data->{_nameID};
my $exportedAttr;
my $force_utf8 =
$self->idpOptions->{$idpConfKey}->{samlIDPMetaDataOptionsForceUTF8}
if $idpConfKey;
if ($idpConfKey) {
foreach ( keys %{ $self->idpAttributes->{$idp} } ) {
my ( $mandatory, $name, $format, $friendly_name ) =
split( /;/, $self->idpAttributes->{$idp}->{$_} );
if ( $mandatory and not defined $req->{sessionInfo}->{$_} ) {
$exportedAttr->{$_} =
$self->idpAttributes->{$idp}->{$_};
$self->logger->debug(
"Attribute $_ will be requested to $idpConfKey");
}
}
}
unless ( keys %$exportedAttr ) {
$self->logger->debug(
"All mandatory attributes were present in authentication response");
return PE_OK;
}
my $current_server = $self->lassoServer;
$self->loadService(1);
my $server = $self->lassoServer;
unless ($server) {
$self->logger->error('Unable to create service for attribute request');
return PE_SAML_LOAD_SERVICE_ERROR;
}
$self->logger->debug("Service for attribute request created");
my $idp_metadata =
$self->conf->{samlIDPMetaDataXML}->{$idpConfKey}->{samlIDPMetaDataXML};
if ( $self->conf->{samlMetadataForceUTF8} ) {
$idp_metadata = encode( "utf8", $idp_metadata );
}
unless ( $self->addAA( $server, $idp_metadata ) ) {
$self->logger->error(
"Fail to use IDP $idpConfKey Metadata as Attribute Authority");
return PE_SAML_LOAD_IDP_ERROR;
}
my $query =
$self->createAttributeRequest( $server, $idp, $exportedAttr, $nameid );
unless ($query) {
$self->logger->error(
"Unable to build attribute request for $idpConfKey");
return PE_SAML_ATTR_ERROR;
}
my $query_url = $query->msg_url;
my $query_body = $query->msg_body;
my $response = $self->sendSOAPMessage( $query_url, $query_body );
unless ($response) {
$self->logger->error("No attribute response to SOAP request");
return PE_SAML_ATTR_ERROR;
}
my $result = $self->processAttributeResponse( $server, $response );
unless ($result) {
$self->logger->error("Fail to process attribute response");
return PE_SAML_ATTR_ERROR;
}
my @response_attributes;
eval {
@response_attributes =
$result->response()->Assertion()->AttributeStatement()->Attribute();
};
if ($@) {
$self->logger->error("No attributes defined in attribute response");
return PE_SAML_ATTR_ERROR;
}
foreach ( keys %$exportedAttr ) {
my ( $mandatory, $name, $format, $friendly_name ) =
split( /;/, $exportedAttr->{$_} );
my $value = $self->getAttributeValue( $name, $format, $friendly_name,
\@response_attributes, $force_utf8 );
unless ($value) {
$self->logger->error(
"Attribute $_ is mandatory, but was not delivered by $idpConfKey"
);
return PE_SAML_ATTR_ERROR;
}
$self->logger->debug("Get value $value for attribute $_");
$req->{sessionInfo}->{$_} = $value;
}
$self->lassoServer = $current_server;
return PE_OK;
}
1;