1Lemonldap::NG::Portal::UMsaeirn:C:oInstsruiebru(t3e)d PeLrelmoDnolcduampe:n:tNaGt:i:oPnortal::Main::Issuer(3)
2
3
4
6 Lemonldap::NG::Portal::Main::Issuer - Base class for identity
7 providers.
8
10 package Lemonldap::NG::Portal::Issuer::My;
11 use strict;
12 use Mouse;
13 extends 'Lemonldap::NG::Portal::Main::Issuer';
14 use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);
15
16 # Required: URL root path
17 use constant path => 'saml';
18
19 # Optional initialization method
20 sub init {
21 my ($self) = @_;
22 ...
23 # Must return 1 (succeed) or 0 (failure)
24 }
25
26 # Required methods are run() and logout(), they are launched only for
27 # authenticated users
28 # $req is a Lemonldap::NG::Portal::Main::Request object
29 # They must return a Lemonldap::NG::Portal::Main::Constants constant
30 sub run {
31 my ( $self, $req ) = @_
32 ...
33 return PE_OK
34 }
35
36 sub logout {
37 my ( $self, $req ) = @_
38 ...
39 return PE_OK
40 }
41 1;
42
44 Lemonldap::NG::Portal::Main::Issuer is a base class to write identity
45 providers for Lemonldap::NG web-SSO system. It provide several methods
46 to write easily an IdP and manage authentication if the identity
47 request comes before authentication.
48
50 To write a classic identity provider, you just have to inherit this
51 class and write run() and logout() methods. These methods must return a
52 Lemonldap::NG::Portal::Main::Constants constant.
53
54 A classic identity provider needs a "issuerDB>XXX<Path" parameter in
55 LLNG configuration to declare its base URI path (see
56 Lemonldap::NG::Manager::Build). Example: /saml/. All requests that
57 starts with /saml/ will call run() after authentication if needed, and
58 no one else.
59
60 The logout() function is called when user asks for logout on this
61 server. If you want to write an identity provider, you must implement a
62 single logout system.
63
64 managing other URI path
65 Lemonldap::NG::Portal::Main::Issuer provides methods to bind a method
66 to an URI path:
67
68 addAuthRoute() for authenticated users
69 addUnauthRoute() for unauthenticated users
70
71 They must be called during initialization process (so you must write
72 the optional init() sub).
73
74 Be careful with "add*authRoute()": you can't catch here your root path
75 (= path declared in "$self->path") because it is caught by this module,
76 but you can catch sub-routes (ie "/path/something").
77
78 Example:
79
80 sub init {
81 my ($self) = @_;
82 ...
83 $self->addUnauthRoute( saml => { soap => 'soapServer' }, [ 'POST' ] );
84 return 1;
85 }
86 sub soapServer {
87 my ( $self, $req ) = @_;
88 ...
89 # You must return a valid PSGI response
90 return [ 200, [ 'Content-Type' => 'application/xml' ], [] ];
91 }
92
93 avoid conflicts in path
94 If you share base URI path with another plugin (a "Auth::*" module for
95 example), it is recommended to write a "ssoMatch" function that returns
96 true if "$req->uri" has to be handled by Issuer module. See
97 "Issuer::SAML" or "Issuer::OpenIDConnect" to have some examples.
98
100 <http://lemonldap-ng.org/>
101
103 LemonLDAP::NG team <http://lemonldap-ng.org/team>
104
106 Use OW2 system to report bug or ask for features:
107 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
108
110 Lemonldap::NG is available at <https://lemonldap-ng.org/download>
111
113 See COPYING file for details.
114
115 This library is free software; you can redistribute it and/or modify it
116 under the terms of the GNU General Public License as published by the
117 Free Software Foundation; either version 2, or (at your option) any
118 later version.
119
120 This program is distributed in the hope that it will be useful, but
121 WITHOUT ANY WARRANTY; without even the implied warranty of
122 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
123 General Public License for more details.
124
125 You should have received a copy of the GNU General Public License along
126 with this program. If not, see <http://www.gnu.org/licenses/>.
127
128
129
130perl v5.36.1 2023-11L-e1m4onldap::NG::Portal::Main::Issuer(3)