.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Lemonldap::NG::Portal::Lib::SAML 3pm" .TH Lemonldap::NG::Portal::Lib::SAML 3pm "2020-09-07" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Lemonldap::NG::Portal::Lib::SAML \- Common SAML functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" use Lemonldap::NG::Portal::Lib::SAML; .SH "DESCRIPTION" .IX Header "DESCRIPTION" This module contains common methods for \s-1SAML\s0 authentication and user information loading .SH "METHODS" .IX Header "METHODS" .SS "loadLasso" .IX Subsection "loadLasso" Load Lasso module .SS "loadService" .IX Subsection "loadService" Load \s-1SAML\s0 service by creating a Lasso::Server .SS "loadIDPs" .IX Subsection "loadIDPs" Load \s-1SAML\s0 identity providers .SS "loadSPs" .IX Subsection "loadSPs" Load \s-1SAML\s0 service providers .SS "checkMessage" .IX Subsection "checkMessage" Check \s-1SAML\s0 requests and responses .SS "checkLassoError" .IX Subsection "checkLassoError" Log Lasso error code and message if this is actually a Lasso::Error with code > 0 .SS "createServer" .IX Subsection "createServer" Load service metadata and create Lasso::Server object .SS "addIDP" .IX Subsection "addIDP" Add \s-1IDP\s0 to an existing Lasso::Server .SS "addSP" .IX Subsection "addSP" Add \s-1SP\s0 to an existing Lasso::Server .SS "addAA" .IX Subsection "addAA" Add Attribute Authority to an existing Lasso::Server .SS "addProvider" .IX Subsection "addProvider" Add provider to an existing Lasso::Server .SS "getOrganizationName" .IX Subsection "getOrganizationName" Return name of organization picked up from metadata .SS "createAuthnRequest" .IX Subsection "createAuthnRequest" Create authentication request for selected \s-1IDP\s0 .SS "createLogin" .IX Subsection "createLogin" Create Lasso::Login object .SS "initAuthnRequest" .IX Subsection "initAuthnRequest" Init authentication request .SS "initIdpInitiatedAuthnRequest" .IX Subsection "initIdpInitiatedAuthnRequest" Init authentication request for \s-1IDP\s0 initiated .SS "buildAuthnRequestMsg" .IX Subsection "buildAuthnRequestMsg" Build authentication request message .SS "processAuthnRequestMsg" .IX Subsection "processAuthnRequestMsg" Process authentication request message .SS "validateRequestMsg" .IX Subsection "validateRequestMsg" Validate request message .SS "buildAuthnResponseMsg" .IX Subsection "buildAuthnResponseMsg" Build authentication response message .SS "buildArtifactMsg" .IX Subsection "buildArtifactMsg" Build artifact message .SS "buildAssertion" .IX Subsection "buildAssertion" Build assertion .SS "processAuthnResponseMsg" .IX Subsection "processAuthnResponseMsg" Process authentication response message .SS "getNameIdentifier" .IX Subsection "getNameIdentifier" Get NameID from Lasso Profile .SS "createIdentity" .IX Subsection "createIdentity" Create Lasso::Identity object .SS "createSession" .IX Subsection "createSession" Create Lasso::Session object .SS "acceptSSO" .IX Subsection "acceptSSO" Accept \s-1SSO\s0 from \s-1IDP\s0 .SS "storeRelayState" .IX Subsection "storeRelayState" Store information in relayState database and return .SS "extractRelayState" .IX Subsection "extractRelayState" Extract RelayState information into \f(CW$self\fR .SS "getAssertion" .IX Subsection "getAssertion" Get assertion in Lasso::Login object .SS "getAttributeValue" .IX Subsection "getAttributeValue" Get \s-1SAML\s0 attribute value corresponding to name, format and friendly_name Multivaluated values are separated by ';' .SS "validateConditions" .IX Subsection "validateConditions" Validate conditions .SS "createLogoutRequest" .IX Subsection "createLogoutRequest" Create logout request for selected entity .SS "createLogout" .IX Subsection "createLogout" Create Lasso::Logout object .SS "initLogoutRequest" .IX Subsection "initLogoutRequest" Init logout request .SS "buildLogoutRequestMsg" .IX Subsection "buildLogoutRequestMsg" Build logout request message .SS "setSessionFromDump" .IX Subsection "setSessionFromDump" Set session from dump in Lasso::Profile object .SS "setIdentityFromDump" .IX Subsection "setIdentityFromDump" Set identity from dump in Lasso::Profile object .SS "getMetaDataURL" .IX Subsection "getMetaDataURL" Get \s-1URL\s0 stored in a service metadata configuration key .SS "processLogoutResponseMsg" .IX Subsection "processLogoutResponseMsg" Process logout response message .SS "processLogoutRequestMsg" .IX Subsection "processLogoutRequestMsg" Process logout request message .SS "validateLogoutRequest" .IX Subsection "validateLogoutRequest" Validate logout request .SS "buildLogoutResponseMsg" .IX Subsection "buildLogoutResponseMsg" Build logout response msg .SS "storeReplayProtection" .IX Subsection "storeReplayProtection" Store \s-1ID\s0 of an \s-1SAML\s0 message in Replay Protection base .SS "replayProtection" .IX Subsection "replayProtection" Check if \s-1SAML\s0 message do not correspond to a previously responded message .SS "resolveArtifact" .IX Subsection "resolveArtifact" Resolve artifact to get the real \s-1SAML\s0 message .SS "storeArtifact" .IX Subsection "storeArtifact" Store artifact .SS "loadArtifact" .IX Subsection "loadArtifact" Load artifact .SS "createArtifactResponse" .IX Subsection "createArtifactResponse" Create artifact response .SS "processArtRequestMsg" .IX Subsection "processArtRequestMsg" Process artifact response message .SS "processArtResponseMsg" .IX Subsection "processArtResponseMsg" Process artifact response message .SS "sendSOAPMessage" .IX Subsection "sendSOAPMessage" Send \s-1SOAP\s0 message and get response .SS "createAssertionQuery" .IX Subsection "createAssertionQuery" Create a new assertion query .SS "createAttributeRequest" .IX Subsection "createAttributeRequest" Create an attribute request .SS "validateAttributeRequest" .IX Subsection "validateAttributeRequest" Validate an attribute request .SS "processAttributeRequest" .IX Subsection "processAttributeRequest" Process an attribute request .SS "buildAttributeResponse" .IX Subsection "buildAttributeResponse" Build attribute response .SS "processAttributeResponse" .IX Subsection "processAttributeResponse" Process an attribute response .SS "getNameIDFormat" .IX Subsection "getNameIDFormat" Convert configuration string into \s-1SAML2\s0 NameIDFormat string .SS "getHttpMethod" .IX Subsection "getHttpMethod" Convert configuration string into Lasso \s-1HTTP\s0 Method integer .SS "getHttpMethodString" .IX Subsection "getHttpMethodString" Convert configuration Lasso \s-1HTTP\s0 Method integer into string .SS "getFirstHttpMethod" .IX Subsection "getFirstHttpMethod" Find a suitable \s-1HTTP\s0 method for an entity with a given protocol .SS "disableSignature" .IX Subsection "disableSignature" Modify Lasso signature hint to disable signature .SS "forceSignature" .IX Subsection "forceSignature" Modify Lasso signature hint to force signature .SS "disableSignatureVerification" .IX Subsection "disableSignatureVerification" Modify Lasso signature hint to disable signature verification .SS "forceSignatureVerification" .IX Subsection "forceSignatureVerification" Modify Lasso signature hint to force signature verification .SS "getAuthnContext" .IX Subsection "getAuthnContext" Convert configuration string into \s-1SAML2\s0 AuthnContextClassRef string .SS "timestamp2samldate" .IX Subsection "timestamp2samldate" Convert timestamp into \s-1SAML2\s0 date format .SS "samldate2timestamp" .IX Subsection "samldate2timestamp" Convert \s-1SAML2\s0 date format into timestamp .SS "sendLogoutResponseToServiceProvider" .IX Subsection "sendLogoutResponseToServiceProvider" Send logout response issue from a logout request .SS "sendLogoutRequestToProvider" .IX Subsection "sendLogoutRequestToProvider" Send logout request to a provider .SS "sendLogoutRequestToProviders" .IX Subsection "sendLogoutRequestToProviders" Send logout response issue from a logout request to all other providers. If information have to be displayed to users, such as iframe to send HTTP-Redirect or HTTP-POST logout request, then \&\f(CW$self\fR\->{_info} will be updated. .SS "checkSignatureStatus" .IX Subsection "checkSignatureStatus" Check signature status .SS "authnContext2authnLevel" .IX Subsection "authnContext2authnLevel" Return authentication level corresponding to authnContext .SS "authnLevel2authnContext" .IX Subsection "authnLevel2authnContext" Return \s-1SAML\s0 authentication context corresponding to authnLevel .SS "checkDestination" .IX Subsection "checkDestination" If \s-1SAML\s0 Destination attribute is present, check it .SS "getSamlSession" .IX Subsection "getSamlSession" Try to recover the \s-1SAML\s0 session corresponding to id and return session data .SS "createAttribute" .IX Subsection "createAttribute" Create a new \s-1SAML\s0 attribute .SS "createAttributeValue" .IX Subsection "createAttributeValue" Create a new \s-1SAML\s0 attribute value .SS "getEncryptionMode" .IX Subsection "getEncryptionMode" Return Lasso encryption mode .SS "setProviderEncryptionMode" .IX Subsection "setProviderEncryptionMode" Set encryption mode on a provider .SS "deleteSAMLSecondarySessions" .IX Subsection "deleteSAMLSecondarySessions" Find and delete \s-1SAML\s0 sessions bounded to a primary session .SS "sendSLOErrorResponse" .IX Subsection "sendSLOErrorResponse" Send an \s-1SLO\s0 error response .SS "getQueryString" .IX Subsection "getQueryString" Get query string with or without \s-1CGI\s0 \fBquery_string()\fR method .SS "getSignatureMethod" .IX Subsection "getSignatureMethod" Return Lasso signature method .SH "SEE ALSO" .IX Header "SEE ALSO" Lemonldap::NG::Portal::Auth::SAML, Lemonldap::NG::Portal::UserDBSAML .SH "AUTHORS" .IX Header "AUTHORS" .IP "LemonLDAP::NG team " 4 .IX Item "LemonLDAP::NG team " .SH "BUG REPORT" .IX Header "BUG REPORT" Use \s-1OW2\s0 system to report bug or ask for features: .SH "DOWNLOAD" .IX Header "DOWNLOAD" Lemonldap::NG is available at .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" See \s-1COPYING\s0 file for details. .PP This library is free software; you can redistribute it and/or modify it under the terms of the \s-1GNU\s0 General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. .PP This program is distributed in the hope that it will be useful, but \s-1WITHOUT ANY WARRANTY\s0; without even the implied warranty of \&\s-1MERCHANTABILITY\s0 or \s-1FITNESS FOR A PARTICULAR PURPOSE.\s0 See the \&\s-1GNU\s0 General Public License for more details. .PP You should have received a copy of the \s-1GNU\s0 General Public License along with this program. If not, see .