.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Lemonldap::NG::Portal::Lib::SAML 3pm" .TH Lemonldap::NG::Portal::Lib::SAML 3pm 2024-02-07 "perl v5.38.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME Lemonldap::NG::Portal::Lib::SAML \- Common SAML functions .SH SYNOPSIS .IX Header "SYNOPSIS" use Lemonldap::NG::Portal::Lib::SAML; .SH DESCRIPTION .IX Header "DESCRIPTION" This module contains common methods for SAML authentication and user information loading .SH METHODS .IX Header "METHODS" .SS loadLasso .IX Subsection "loadLasso" Load Lasso module .SS loadService .IX Subsection "loadService" Load SAML service by creating a Lasso::Server .SS loadIDPs .IX Subsection "loadIDPs" Load SAML identity providers .SS loadSPs .IX Subsection "loadSPs" Load SAML service providers .SS checkMessage .IX Subsection "checkMessage" Check SAML requests and responses .SS checkLassoError .IX Subsection "checkLassoError" Log Lasso error code and message if this is actually a Lasso::Error with code > 0 .SS createServer .IX Subsection "createServer" Load service metadata and create Lasso::Server object .SS addIDP .IX Subsection "addIDP" Add IDP to an existing Lasso::Server .SS addSP .IX Subsection "addSP" Add SP to an existing Lasso::Server .SS addAA .IX Subsection "addAA" Add Attribute Authority to an existing Lasso::Server .SS addProvider .IX Subsection "addProvider" Add provider to an existing Lasso::Server .SS getOrganizationName .IX Subsection "getOrganizationName" Return name of organization picked up from metadata .SS createAuthnRequest .IX Subsection "createAuthnRequest" Create authentication request for selected IDP .SS createLogin .IX Subsection "createLogin" Create Lasso::Login object .SS initAuthnRequest .IX Subsection "initAuthnRequest" Init authentication request .SS initIdpInitiatedAuthnRequest .IX Subsection "initIdpInitiatedAuthnRequest" Init authentication request for IDP initiated .SS buildAuthnRequestMsg .IX Subsection "buildAuthnRequestMsg" Build authentication request message .SS processAuthnRequestMsg .IX Subsection "processAuthnRequestMsg" Process authentication request message .SS processAuthnRequestMsgWithError .IX Subsection "processAuthnRequestMsgWithError" Process authentication request message and return Lasso error .SS validateRequestMsg .IX Subsection "validateRequestMsg" Validate request message .SS buildAuthnResponseMsg .IX Subsection "buildAuthnResponseMsg" Build authentication response message .SS buildArtifactMsg .IX Subsection "buildArtifactMsg" Build artifact message .SS buildAssertion .IX Subsection "buildAssertion" Build assertion .SS processAuthnResponseMsg .IX Subsection "processAuthnResponseMsg" Process authentication response message .SS getNameIdentifier .IX Subsection "getNameIdentifier" Get NameID from Lasso Profile .SS createIdentity .IX Subsection "createIdentity" Create Lasso::Identity object .SS createSession .IX Subsection "createSession" Create Lasso::Session object .SS acceptSSO .IX Subsection "acceptSSO" Accept SSO from IDP .SS storeRelayState .IX Subsection "storeRelayState" Store information in relayState database and return .SS extractRelayState .IX Subsection "extractRelayState" Extract RelayState information into \f(CW$self\fR .SS getAssertion .IX Subsection "getAssertion" Get assertion in Lasso::Login object .SS getAttributeValue .IX Subsection "getAttributeValue" Get SAML attribute value corresponding to name, format and friendly_name Multivaluated values are separated by ';' .SS validateConditions .IX Subsection "validateConditions" Validate conditions .SS createLogoutRequest .IX Subsection "createLogoutRequest" Create logout request for selected entity .SS createLogout .IX Subsection "createLogout" Create Lasso::Logout object .SS initLogoutRequest .IX Subsection "initLogoutRequest" Init logout request .SS buildLogoutRequestMsg .IX Subsection "buildLogoutRequestMsg" Build logout request message .SS setSessionFromDump .IX Subsection "setSessionFromDump" Set session from dump in Lasso::Profile object .SS setIdentityFromDump .IX Subsection "setIdentityFromDump" Set identity from dump in Lasso::Profile object .SS getMetaDataURL .IX Subsection "getMetaDataURL" Get URL stored in a service metadata configuration key .SS processLogoutResponseMsg .IX Subsection "processLogoutResponseMsg" Process logout response message .SS processLogoutRequestMsg .IX Subsection "processLogoutRequestMsg" Process logout request message .SS validateLogoutRequest .IX Subsection "validateLogoutRequest" Validate logout request .SS buildLogoutResponseMsg .IX Subsection "buildLogoutResponseMsg" Build logout response msg .SS storeReplayProtection .IX Subsection "storeReplayProtection" Store ID of an SAML message in Replay Protection base .SS replayProtection .IX Subsection "replayProtection" Check if SAML message do not correspond to a previously responded message .SS resolveArtifact .IX Subsection "resolveArtifact" Resolve artifact to get the real SAML message .SS storeArtifact .IX Subsection "storeArtifact" Store artifact .SS loadArtifact .IX Subsection "loadArtifact" Load artifact .SS createArtifactResponse .IX Subsection "createArtifactResponse" Create artifact response .SS processArtRequestMsg .IX Subsection "processArtRequestMsg" Process artifact response message .SS processArtResponseMsg .IX Subsection "processArtResponseMsg" Process artifact response message .SS sendSOAPMessage .IX Subsection "sendSOAPMessage" Send SOAP message and get response .SS createAssertionQuery .IX Subsection "createAssertionQuery" Create a new assertion query .SS createAttributeRequest .IX Subsection "createAttributeRequest" Create an attribute request .SS validateAttributeRequest .IX Subsection "validateAttributeRequest" Validate an attribute request .SS processAttributeRequest .IX Subsection "processAttributeRequest" Process an attribute request .SS buildAttributeResponse .IX Subsection "buildAttributeResponse" Build attribute response .SS processAttributeResponse .IX Subsection "processAttributeResponse" Process an attribute response .SS getNameIDFormat .IX Subsection "getNameIDFormat" Convert configuration string into SAML2 NameIDFormat string .SS getHttpMethod .IX Subsection "getHttpMethod" Convert configuration string into Lasso HTTP Method integer .SS getHttpMethodString .IX Subsection "getHttpMethodString" Convert configuration Lasso HTTP Method integer into string .SS getFirstHttpMethod .IX Subsection "getFirstHttpMethod" Find a suitable HTTP method for an entity with a given protocol .SS disableSignature .IX Subsection "disableSignature" Modify Lasso signature hint to disable signature .SS forceSignature .IX Subsection "forceSignature" Modify Lasso signature hint to force signature .SS disableSignatureVerification .IX Subsection "disableSignatureVerification" Modify Lasso signature hint to disable signature verification .SS forceSignatureVerification .IX Subsection "forceSignatureVerification" Modify Lasso signature hint to force signature verification .SS getAuthnContext .IX Subsection "getAuthnContext" Convert configuration string into SAML2 AuthnContextClassRef string .SS timestamp2samldate .IX Subsection "timestamp2samldate" Convert timestamp into SAML2 date format .SS samldate2timestamp .IX Subsection "samldate2timestamp" Convert SAML2 date format into timestamp .SS sendLogoutResponseToServiceProvider .IX Subsection "sendLogoutResponseToServiceProvider" Send logout response issue from a logout request .SS sendLogoutRequestToProvider .IX Subsection "sendLogoutRequestToProvider" Send logout request to a provider .SS sendLogoutRequestToProviders .IX Subsection "sendLogoutRequestToProviders" Send logout response issue from a logout request to all other providers. If information have to be displayed to users, such as iframe to send HTTP-Redirect or HTTP-POST logout request, then \&\f(CW$self\fR\->{_info} will be updated. .SS checkSignatureStatus .IX Subsection "checkSignatureStatus" Check signature status .SS authnContext2authnLevel .IX Subsection "authnContext2authnLevel" Return authentication level corresponding to authnContext .SS authnLevel2authnContext .IX Subsection "authnLevel2authnContext" Return SAML authentication context corresponding to authnLevel .SS checkDestination .IX Subsection "checkDestination" If SAML Destination attribute is present, check it .SS getSamlSession .IX Subsection "getSamlSession" Try to recover the SAML session corresponding to id and return session data .SS createAttribute .IX Subsection "createAttribute" Create a new SAML attribute .SS createAttributeValue .IX Subsection "createAttributeValue" Create a new SAML attribute value .SS getEncryptionMode .IX Subsection "getEncryptionMode" Return Lasso encryption mode .SS setProviderEncryptionMode .IX Subsection "setProviderEncryptionMode" Set encryption mode on a provider .SS deleteSAMLSecondarySessions .IX Subsection "deleteSAMLSecondarySessions" Find and delete SAML sessions bounded to a primary session .SS sendSLOErrorResponse .IX Subsection "sendSLOErrorResponse" Send an SLO error response .SS getQueryString .IX Subsection "getQueryString" Get query string with or without CGI \fBquery_string()\fR method .SS getSignatureMethod .IX Subsection "getSignatureMethod" Return Lasso signature method .SS setProviderSignatureMethod .IX Subsection "setProviderSignatureMethod" Set signature method on a provider .SH "SEE ALSO" .IX Header "SEE ALSO" Lemonldap::NG::Portal::Auth::SAML, Lemonldap::NG::Portal::UserDBSAML .SH AUTHORS .IX Header "AUTHORS" .IP "LemonLDAP::NG team " 4 .IX Item "LemonLDAP::NG team " .SH "BUG REPORT" .IX Header "BUG REPORT" Use OW2 system to report bug or ask for features: .SH DOWNLOAD .IX Header "DOWNLOAD" Lemonldap::NG is available at .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" See COPYING file for details. .PP This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. .PP This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. .PP You should have received a copy of the GNU General Public License along with this program. If not, see .