1Lemonldap::NG::Portal::ULsiebr::CSoAnMtLr(i3b)uted PerlLDeomcounmlednatpa:t:iNoGn::Portal::Lib::SAML(3)
2
3
4

NAME

6       Lemonldap::NG::Portal::Lib::SAML - Common SAML functions
7

SYNOPSIS

9       use Lemonldap::NG::Portal::Lib::SAML;
10

DESCRIPTION

12       This module contains common methods for SAML authentication and user
13       information loading
14

METHODS

16   loadLasso
17       Load Lasso module
18
19   loadService
20       Load SAML service by creating a Lasso::Server
21
22   loadIDPs
23       Load SAML identity providers
24
25   loadSPs
26       Load SAML service providers
27
28   checkMessage
29       Check SAML requests and responses
30
31   checkLassoError
32       Log Lasso error code and message if this is actually a Lasso::Error
33       with code > 0
34
35   createServer
36       Load service metadata and create Lasso::Server object
37
38   addIDP
39       Add IDP to an existing Lasso::Server
40
41   addSP
42       Add SP to an existing Lasso::Server
43
44   addAA
45       Add Attribute Authority to an existing Lasso::Server
46
47   addProvider
48       Add provider to an existing Lasso::Server
49
50   getOrganizationName
51       Return name of organization picked up from metadata
52
53   createAuthnRequest
54       Create authentication request for selected IDP
55
56   createLogin
57       Create Lasso::Login object
58
59   initAuthnRequest
60       Init authentication request
61
62   initIdpInitiatedAuthnRequest
63       Init authentication request for IDP initiated
64
65   buildAuthnRequestMsg
66       Build authentication request message
67
68   processAuthnRequestMsg
69       Process authentication request message
70
71   processAuthnRequestMsgWithError
72       Process authentication request message and return Lasso error
73
74   validateRequestMsg
75       Validate request message
76
77   buildAuthnResponseMsg
78       Build authentication response message
79
80   buildArtifactMsg
81       Build artifact message
82
83   buildAssertion
84       Build assertion
85
86   processAuthnResponseMsg
87       Process authentication response message
88
89   getNameIdentifier
90       Get NameID from Lasso Profile
91
92   createIdentity
93       Create Lasso::Identity object
94
95   createSession
96       Create Lasso::Session object
97
98   acceptSSO
99       Accept SSO from IDP
100
101   storeRelayState
102       Store information in relayState database and return
103
104   extractRelayState
105       Extract RelayState information into $self
106
107   getAssertion
108       Get assertion in Lasso::Login object
109
110   getAttributeValue
111       Get SAML attribute value corresponding to name, format and
112       friendly_name Multivaluated values are separated by ';'
113
114   validateConditions
115       Validate conditions
116
117   createLogoutRequest
118       Create logout request for selected entity
119
120   createLogout
121       Create Lasso::Logout object
122
123   initLogoutRequest
124       Init logout request
125
126   buildLogoutRequestMsg
127       Build logout request message
128
129   setSessionFromDump
130       Set session from dump in Lasso::Profile object
131
132   setIdentityFromDump
133       Set identity from dump in Lasso::Profile object
134
135   getMetaDataURL
136       Get URL stored in a service metadata configuration key
137
138   processLogoutResponseMsg
139       Process logout response message
140
141   processLogoutRequestMsg
142       Process logout request message
143
144   validateLogoutRequest
145       Validate logout request
146
147   buildLogoutResponseMsg
148       Build logout response msg
149
150   storeReplayProtection
151       Store ID of an SAML message in Replay Protection base
152
153   replayProtection
154       Check if SAML message do not correspond to a previously responded
155       message
156
157   resolveArtifact
158       Resolve artifact to get the real SAML message
159
160   storeArtifact
161       Store artifact
162
163   loadArtifact
164       Load artifact
165
166   createArtifactResponse
167       Create artifact response
168
169   processArtRequestMsg
170       Process artifact response message
171
172   processArtResponseMsg
173       Process artifact response message
174
175   sendSOAPMessage
176       Send SOAP message and get response
177
178   createAssertionQuery
179       Create a new assertion query
180
181   createAttributeRequest
182       Create an attribute request
183
184   validateAttributeRequest
185       Validate an attribute request
186
187   processAttributeRequest
188       Process an attribute request
189
190   buildAttributeResponse
191       Build attribute response
192
193   processAttributeResponse
194       Process an attribute response
195
196   getNameIDFormat
197       Convert configuration string into SAML2 NameIDFormat string
198
199   getHttpMethod
200       Convert configuration string into Lasso HTTP Method integer
201
202   getHttpMethodString
203       Convert configuration Lasso HTTP Method integer into string
204
205   getFirstHttpMethod
206       Find a suitable HTTP method for an entity with a given protocol
207
208   disableSignature
209       Modify Lasso signature hint to disable signature
210
211   forceSignature
212       Modify Lasso signature hint to force signature
213
214   disableSignatureVerification
215       Modify Lasso signature hint to disable signature verification
216
217   forceSignatureVerification
218       Modify Lasso signature hint to force signature verification
219
220   getAuthnContext
221       Convert configuration string into SAML2 AuthnContextClassRef string
222
223   timestamp2samldate
224       Convert timestamp into SAML2 date format
225
226   samldate2timestamp
227       Convert SAML2 date format into timestamp
228
229   sendLogoutResponseToServiceProvider
230       Send logout response issue from a logout request
231
232   sendLogoutRequestToProvider
233       Send logout request to a provider
234
235   sendLogoutRequestToProviders
236       Send logout response issue from a logout request to all other
237       providers. If information have to be displayed to users, such as iframe
238       to send HTTP-Redirect or HTTP-POST logout request, then $self->{_info}
239       will be updated.
240
241   checkSignatureStatus
242       Check signature status
243
244   authnContext2authnLevel
245       Return authentication level corresponding to authnContext
246
247   authnLevel2authnContext
248       Return SAML authentication context corresponding to authnLevel
249
250   checkDestination
251       If SAML Destination attribute is present, check it
252
253   getSamlSession
254       Try to recover the SAML session corresponding to id and return session
255       data
256
257   createAttribute
258       Create a new SAML attribute
259
260   createAttributeValue
261       Create a new SAML attribute value
262
263   getEncryptionMode
264       Return Lasso encryption mode
265
266   setProviderEncryptionMode
267       Set encryption mode on a provider
268
269   deleteSAMLSecondarySessions
270       Find and delete SAML sessions bounded to a primary session
271
272   sendSLOErrorResponse
273       Send an SLO error response
274
275   getQueryString
276       Get query string with or without CGI query_string() method
277
278   getSignatureMethod
279       Return Lasso signature method
280
281   setProviderSignatureMethod
282       Set signature method on a provider
283

SEE ALSO

285       Lemonldap::NG::Portal::Auth::SAML, Lemonldap::NG::Portal::UserDBSAML
286

AUTHORS

288       LemonLDAP::NG team <http://lemonldap-ng.org/team>
289

BUG REPORT

291       Use OW2 system to report bug or ask for features:
292       <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
293

DOWNLOAD

295       Lemonldap::NG is available at <https://lemonldap-ng.org/download>
296

COPYRIGHT AND LICENSE

298       See COPYING file for details.
299
300       This library is free software; you can redistribute it and/or modify it
301       under the terms of the GNU General Public License as published by the
302       Free Software Foundation; either version 2, or (at your option) any
303       later version.
304
305       This program is distributed in the hope that it will be useful, but
306       WITHOUT ANY WARRANTY; without even the implied warranty of
307       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
308       General Public License for more details.
309
310       You should have received a copy of the GNU General Public License along
311       with this program.  If not, see <http://www.gnu.org/licenses/>.
312
313
314
315perl v5.36.1                      2023-11-14Lemonldap::NG::Portal::Lib::SAML(3)