Lemonldap-NG-Portal
view release on metacpan or search on metacpan
lib/Lemonldap/NG/Portal/Plugins/SamlFederation.pm view on Meta::CPAN
my ( $self, $confKey, $attributes_meta ) = @_;
my $result =
{ %{ $self->conf->{samlSPMetaDataExportedAttributes}->{$confKey} || {} }
};
for my $attr ( keys %{ $attributes_meta || {} } ) {
# Explicit configuration overrides SP from metadata
next if $result->{$attr};
my @conf = split( /;/, $attributes_meta->{$attr} );
my $required = $conf[0];
my $policy;
if ($required) {
$policy =
$self->conf->{samlSPMetaDataOptions}->{$confKey}
->{samlSPMetaDataOptionsFederationRequiredAttributes}
|| '';
}
else {
$policy =
$self->conf->{samlSPMetaDataOptions}->{$confKey}
->{samlSPMetaDataOptionsFederationOptionalAttributes}
|| '';
}
if ( $policy eq "optional" ) {
$required = 0;
}
if ( $policy ne "ignore" ) {
$result->{$attr} = join( ";", $required, splice( @conf, 1 ) );
}
}
return $result;
}
sub get_config_info_from_xml_federation {
my ( $self, $entityID ) = @_;
my @federation_files =
split( /[\s;,]+/, $self->conf->{samlFederationFiles} );
my $info;
for my $file (@federation_files) {
$info = $self->get_federation( $file, $entityID );
last if $info;
}
return unless defined $info;
my $partner = $info->{metadata};
my $result =
{ federation_name => $info->{federation}, ttl => $info->{ttl} };
# Add required XML namespaces
$partner->setNamespace( "urn:oasis:names:tc:SAML:2.0:metadata", "md", 0 );
$partner->setNamespace( "urn:oasis:names:tc:SAML:metadata:attribute",
"mdattr", 0 );
$partner->setNamespace( "urn:oasis:names:tc:SAML:2.0:assertion",
"saml", 0 );
$partner->setNamespace( "http://www.w3.org/2000/09/xmldsig#", "ds", 0 );
# Parse subject-id:req extension
my $requested_subject_id = "none";
if (
my $subjectid = $partner->findnodes(
'./md:Extensions'
. '/mdattr:EntityAttributes'
. '/saml:Attribute[@Name="urn:oasis:names:tc:SAML:profiles:subject-id:req"]'
. '/saml:AttributeValue[1]'
. '/text()'
)->shift()
)
{
$requested_subject_id = $subjectid->toString;
}
# Check IDP or SP
if ( my $idp = $partner->findnodes('./md:IDPSSODescriptor') ) {
# Check if SAML 2.0 is supported
if (
$partner->findnodes(
'./md:IDPSSODescriptor/md:SingleSignOnService[contains(@Binding,"urn:oasis:names:tc:SAML:2.0:")]'
)
)
{
$self->logger->debug("Found IDP metadata for $entityID");
# Read metadata
my $partner_metadata = $partner->toString;
$partner_metadata =~ s/\n//g;
$result->{idp_metadata} = $partner_metadata;
}
}
if ( my $sp = $partner->findnodes('./md:SPSSODescriptor') ) {
# Check if SAML 2.0 is supported
if (
$partner->findnodes(
'./md:SPSSODescriptor/md:AssertionConsumerService[contains(@Binding,"urn:oasis:names:tc:SAML:2.0:")]'
)
)
{
$self->logger->debug("Found SP metadata for $entityID");
# Read requested attributes
my $requestedAttributes = {};
if (
$partner->findnodes(
'./md:SPSSODescriptor/md:AttributeConsumingService/md:RequestedAttribute'
)
)
{
foreach my $requestedAttribute (
$partner->findnodes(
'./md:SPSSODescriptor/md:AttributeConsumingService/md:RequestedAttribute'
)
)
( run in 0.298 second using v1.01-cache-2.11-cpan-5511b514fd6 )