Provided by: liblemonldap-ng-portal-perl_1.4.6-3_all bug

NAME

       Lemonldap::NG::Portal::_SAML - Common SAML functions

SYNOPSIS

       use Lemonldap::NG::Portal::_SAML;

DESCRIPTION

       This module contains common methods for SAML authentication and user information loading

METHODS

   loadLasso
       Load Lasso module

   loadService
       Load SAML service by creating a Lasso::Server

   loadIDPs
       Load SAML identity providers

   loadSPs
       Load SAML service providers

   checkMessage
       Check SAML requests and responses

   checkLassoError
       Log Lasso error code and message if this is actually a Lasso::Error with code > 0

   createServer
       Load service metadata and create Lasso::Server object

   addIDP
       Add IDP to an existing Lasso::Server

   addSP
       Add SP to an existing Lasso::Server

   addAA
       Add Attribute Authority to an existing Lasso::Server

   addProvider
       Add provider to an existing Lasso::Server

   getOrganizationName
       Return name of organization picked up from metadata

   createAuthnRequest
       Create authentication request for selected IDP

   createLogin
       Create Lasso::Login object

   initAuthnRequest
       Init authentication request

   initIdpInitiatedAuthnRequest
       Init authentication request for IDP initiated

   buildAuthnRequestMsg
       Build authentication request message

   processAuthnRequestMsg
       Process authentication request message

   validateRequestMsg
       Validate request message

   buildAuthnResponseMsg
       Build authentication response message

   buildArtifactMsg
       Build artifact message

   buildAssertion
       Build assertion

   processAuthnResponseMsg
       Process authentication response message

   getNameIdentifier
       Get NameID from Lasso Profile

   createIdentity
       Create Lasso::Identity object

   createSession
       Create Lasso::Session object

   acceptSSO
       Accept SSO from IDP

   storeRelayState
       Store information in relayState database and return

   extractRelayState
       Extract RelayState information into $self

   getAssertion
       Get assertion in Lasso::Login object

   getAttributeValue
       Get SAML attribute value corresponding to name, format and friendly_name Multivaluated
       values are separated by ';'

   validateConditions
       Validate conditions

   createLogoutRequest
       Create logout request for selected entity

   createLogout
       Create Lasso::Logout object

   initLogoutRequest
       Init logout request

   buildLogoutRequestMsg
       Build logout request message

   setSessionFromDump
       Set session from dump in Lasso::Profile object

   setIdentityFromDump
       Set identity from dump in Lasso::Profile object

   getMetaDataURL
       Get URL stored in a service metadata configuration key

   processLogoutResponseMsg
       Process logout response message

   processLogoutRequestMsg
       Process logout request message

   validateLogoutRequest
       Validate logout request

   buildLogoutResponseMsg
       Build logout response msg

   storeReplayProtection
       Store ID of an SAML message in Replay Protection base

   replayProtection
       Check if SAML message do not correspond to a previously responded message

   resolveArtifact
       Resolve artifact to get the real SAML message

   storeArtifact
       Store artifact

   loadArtifact
       Load artifact

   createArtifactResponse
       Create artifact response

   processArtRequestMsg
       Process artifact response message

   processArtResponseMsg
       Process artifact response message

   sendSOAPMessage
       Send SOAP message and get response

   createAssertionQuery
       Create a new assertion query

   createAttributeRequest
       Create an attribute request

   validateAttributeRequest
       Validate an attribute request

   processAttributeRequest
       Process an attribute request

   buildAttributeResponse
       Build attribute response

   processAttributeResponse
       Process an attribute response

   getNameIDFormat
       Convert configuration string into SAML2 NameIDFormat string

   getHttpMethod
       Convert configuration string into Lasso HTTP Method integer

   getHttpMethodString
       Convert configuration Lasso HTTP Method integer into string

   getFirstHttpMethod
       Find a suitable HTTP method for an entity with a given protocol

   disableSignature
       Modify Lasso signature hint to disable signature

   forceSignature
       Modify Lasso signature hint to force signature

   disableSignatureVerification
       Modify Lasso signature hint to disable signature verification

   forceSignatureVerification
       Modify Lasso signature hint to force signature verification

   getAuthnContext
       Convert configuration string into SAML2 AuthnContextClassRef string

   timestamp2samldate
       Convert timestamp into SAML2 date format

   samldate2timestamp
       Convert SAML2 date format into timestamp

   sendLogoutResponseToServiceProvider
       Send logout response issue from a logout request

   sendLogoutRequestToProvider
       Send logout request to a provider

   sendLogoutRequestToProviders
       Send logout response issue from a logout request to all other providers. If information
       have to be displayed to users, such as iframe to send HTTP-Redirect or HTTP-POST logout
       request, then $self->{_info} will be updated.

   checkSignatureStatus
       Check signature status

   authnContext2authnLevel
       Return authentication level corresponding to authnContext

   authnLevel2authnContext
       Return SAML authentication context corresponding to authnLevel

   checkDestination
       If SAML Destination attribute is present, check it

   getSamlSession
       Try to recover the SAML session corresponding to id and return session datas

   createAttribute
       Create a new SAML attribute

   createAttributeValue
       Create a new SAML attribute value

   getEncryptionMode
       Return Lasso encryption mode

   setProviderEncryptionMode
       Set encryption mode on a provider

   deleteSAMLSecondarySessions
       Find and delete SAML sessions bounded to a primary session

   sendSLOErrorResponse
       Send an SLO error response

   getQueryString
       Get query string with or without CGI query_string() method

SEE ALSO

       Lemonldap::NG::Portal::AuthSAML, Lemonldap::NG::Portal::UserDBSAML

AUTHOR

       Clement Oudot, <clem.oudot@gmail.com>
       Fran├žois-Xavier Deltombe, <fxdeltombe@gmail.com.>
       Xavier Guimard, <x.guimard@free.fr>
       Sandro Cazzaniga, <cazzaniga.sandro@gmail.com>
       Thomas Chemineau, <thomas.chemineau@gmail.com>

BUG REPORT

       Use OW2 system to report bug or ask for features: <http://jira.ow2.org>

DOWNLOAD

       Lemonldap::NG is available at
       <http://forge.objectweb.org/project/showfiles.php?group_id=274>

COPYRIGHT AND LICENSE

       Copyright (C) 2009, 2010, 2011, 2012 by Xavier Guimard, <x.guimard@free.fr>
       Copyright (C) 2012 by Sandro Cazzaniga, <cazzaniga.sandro@gmail.com>
       Copyright (C) 2012 by Fran├žois-Xavier Deltombe, <fxdeltombe@gmail.com.>
       Copyright (C) 2010, 2011, 2012, 2013 by Clement Oudot, <clem.oudot@gmail.com>
       Copyright (C) 2010, 2011 by Thomas Chemineau, <thomas.chemineau@gmail.com>

       This library is free software; you can redistribute it and/or modify it under the terms of
       the GNU General Public License as published by the Free Software Foundation; either
       version 2, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program.
       If not, see <http://www.gnu.org/licenses/>.