Lemonldap-NG-Common
view release on metacpan or search on metacpan
scripts/importMetadata view on Meta::CPAN
my $idpCounter = {
'found' => 0,
'updated' => 0,
'created' => 0,
'rejected' => 0,
'removed' => 0,
'ignored' => 0
};
my $spCounter = {
'found' => 0,
'updated' => 0,
'created' => 0,
'rejected' => 0,
'removed' => 0,
'ignored' => 0,
};
# IDP and SP lists
my ( $allIdpList, $allSpList, $mdIdpList, $mdSpList, $matchingIdpList,
$matchingSpList );
# List current SAML partners
foreach my $spConfKey ( keys %{ $lastConf->{samlSPMetaDataXML} } ) {
my ( $tmp, $entityID ) =
( $lastConf->{samlSPMetaDataXML}->{$spConfKey}->{samlSPMetaDataXML}
=~ /entityID=(['"])(.+?)\1/si );
$allSpList->{$entityID} = $spConfKey;
if ( $spConfKey =~ /^$spConfKeyPrefix/ ) {
$matchingSpList->{$entityID} = $spConfKey;
}
printlog("Existing SAML partner found: [SP] $entityID ($spConfKey)\n");
}
foreach my $idpConfKey ( keys %{ $lastConf->{samlIDPMetaDataXML} } ) {
my ( $tmp, $entityID ) =
( $lastConf->{samlIDPMetaDataXML}->{$idpConfKey}->{samlIDPMetaDataXML}
=~ /entityID=(['"])(.+?)\1/si );
$allIdpList->{$entityID} = $idpConfKey;
if ( $idpConfKey =~ /^$idpConfKeyPrefix/ ) {
$matchingIdpList->{$entityID} = $idpConfKey;
}
printlog(
"Existing SAML partner found: [IDP] $entityID ($idpConfKey)\n");
}
my $dom = XML::LibXML->load_xml( string => $xml_metadata );
# Browse all partners
foreach my $partner (
$dom->findnodes('/md:EntitiesDescriptor/md:EntityDescriptor') )
{
my $entityID = $partner->getAttribute('entityID');
# Add required XML namespaces
$partner->setNamespace( "urn:oasis:names:tc:SAML:2.0:metadata",
"md", 0 );
$partner->setNamespace( "urn:oasis:names:tc:SAML:metadata:attribute",
"mdattr", 0 );
$partner->setNamespace( "urn:oasis:names:tc:SAML:2.0:assertion",
"saml", 0 );
$partner->setNamespace( "http://www.w3.org/2000/09/xmldsig#", "ds", 0 );
# Parse subject-id:req extension
my $requested_subject_id = "none";
if (
my $subjectid = $partner->findnodes(
'./md:Extensions'
. '/mdattr:EntityAttributes'
. '/saml:Attribute[@Name="urn:oasis:names:tc:SAML:profiles:subject-id:req"]'
. '/saml:AttributeValue[1]'
. '/text()'
)->shift()
)
{
$requested_subject_id = $subjectid->toString;
}
# Remove other extensions
foreach ( $partner->findnodes('.//md:Extensions') ) { $_->unbindNode; }
# Check IDP or SP
if ( my $idp = $partner->findnodes('./md:IDPSSODescriptor') ) {
$idpCounter->{found}++;
$mdIdpList->{$entityID} = 1;
# Check if SAML 2.0 is supported
if (
$partner->findnodes(
'./md:IDPSSODescriptor/md:SingleSignOnService[contains(@Binding,"urn:oasis:names:tc:SAML:2.0:")]'
)
)
{
# Read metadata
my $partner_metadata = $partner->toString;
$partner_metadata =~ s/\n//g;
utf8::encode($partner_metadata);
# test if IDP entityID is inside the block list
if ( grep { $entityID eq $_ } @idpIgnorelist ) {
printlog("IDP $entityID won't be update/added \n");
$idpCounter->{ignored}++;
}
else {
# Check if entityID already in configuration
if ( defined $matchingIdpList->{$entityID} ) {
my $confKey = $matchingIdpList->{$entityID};
my $equal =
register_saml_idp( $config, $lastConf, $confKey,
$entityID, $partner_metadata );
if ($equal) {
printlog("IDP $entityID has not changed\n");
}
else {
printlog("Update IDP $entityID in configuration\n");
$idpCounter->{updated}++;
}
}
( run in 2.088 seconds using v1.01-cache-2.11-cpan-71847e10f99 )