Skip to content
Snippets Groups Projects
Commit 527f42e4 authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

extract metadata only if needed

parent 15ea4d0f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/IdPAccountManager/WebRequest.pm
+ 37
69
View file @ 527f42e4
...@@ -242,86 +242,54 @@ sub req_select_sp { ...@@ -242,86 +242,54 @@ sub req_select_sp {
return undef; return undef;
} }
my $federation_metadata; # Create a persistent service provider object
my $provider = IdPAccountManager::Data::ServiceProvider->new(
eval { db => $self->{db},
$federation_metadata = IdPAccountManager::SAMLMetadata->new( entityid => $self->{in}->{sp_entityid}
file => $self->{configuration}->{federation_metadata_file_path}
);
};
if ($EVAL_ERROR) {
push @{ $self->{out}->{errors} }, "internal";
$self->{logger}->error("Failed to load federation metadata: $EVAL_ERROR");
return undef;
}
$federation_metadata->parse(id => $self->{in}->{sp_entityid});
## Create a serviceprovider object to store major parameters for this SP in DB
my $service_provider = IdPAccountManager::Data::ServiceProvider->new(
db => $self->{db},
entityid => $self->{in}->{sp_entityid},
dev_sp_contact => $self->{configuration}->{dev_sp_contact}
); );
## Prepare data if ($provider->load(speculative => 1)) {
my $sp_metadata_as_hashref = # already present in DB, nothing todo
$federation_metadata->{federation_metadata_as_hashref}->[0]; } else {
my @contacts; # extract information from metadata
if (defined $sp_metadata_as_hashref->{contacts}) { my $metadata;
foreach my $contact (@{ $sp_metadata_as_hashref->{contacts} }) {
my $email = $contact->{EmailAddress}; eval {
$email =~ s/^(mailto:)//; ## Remove 'mailto:' prefixes if any $metadata = IdPAccountManager::SAMLMetadata->new(
push @contacts, $email; file => $self->{configuration}->{federation_metadata_file_path}
} );
} };
my $display_name; if ($EVAL_ERROR) {
if (defined $sp_metadata_as_hashref->{display_name}) { push @{ $self->{out}->{errors} }, "internal";
## Use English version of displayName if available $self->{logger}->error("Failed to load federation metadata: $EVAL_ERROR");
if ($sp_metadata_as_hashref->{display_name}->{en}) { return undef;
$display_name = $sp_metadata_as_hashref->{display_name}->{en};
## Else any language
} else {
foreach
my $lang (keys %{ $sp_metadata_as_hashref->{display_name} })
{
$display_name =
$sp_metadata_as_hashref->{display_name}->{$lang};
last;
}
} }
}
## Try loading DB object first my $sps = $metadata->parse(id => $self->{in}->{sp_entityid});
if ($service_provider->load(speculative => 1)) { if (!@$sps) {
$service_provider->contacts(join(',', @contacts)); push @{ $self->{out}->{errors} }, "no_such_entity";
$service_provider->displayname($display_name); $self->{logger}->errorf(
"No such entity %s in metadata", $self->{in}->{sp_entityid}
);
return undef;
}
my $sp = $sps->[0];
} else { # complete persistent object
$provider->displayname($sp->{display_name});
$provider->contacts(
join(',', map { $_->{EmailAddress} } @{$sp->{contacts}})
) if $sp->{contacts};
$service_provider = IdPAccountManager::Data::ServiceProvider->new( # save in DB
db => $self->{db}, unless ($provider->save()) {
entityid => $self->{in}->{sp_entityid},
contacts => join(',', @contacts),
displayname => $display_name,
dev_sp_contact => $self->{configuration}->{dev_sp_contact}
);
unless (defined $service_provider) {
push @{ $self->{out}->{errors} }, "internal"; push @{ $self->{out}->{errors} }, "internal";
$self->{logger}->error("Failed to create serviceprovider object"); $self->{logger}->error("Failed to save service provider object");
return undef; return undef;
} }
} }
unless ($service_provider->save()) { $self->{out}->{provider} = $provider;
push @{ $self->{out}->{errors} }, "internal";
$self->{logger}->error("Failed to save serviceprovider object");
return undef;
}
$self->{out}->{sp_metadata_as_hashref} =
$federation_metadata->{federation_metadata_as_hashref}->[0];
$self->{out}->{serviceprovider} = $service_provider;
$self->{out}->{subtitle} = 'Select your Service Provider'; $self->{out}->{subtitle} = 'Select your Service Provider';
return 1; return 1;
......
templates/web/select_sp.tt2.html
+ 4
9
View file @ 527f42e4
<h3>Send email challenge</h3> <h3>Send email challenge</h3>
[% IF serviceprovider.displayname %]
[% SET sp_display_name = serviceprovider.displayname %]
[% ELSE %]
[% SET sp_display_name = metadata.entityid %]
[% END %]
<div> <div>
Before you can create test accounts at this Identity Provider, we need to ensure you are a legitimate administrator of "[% sp_display_name %]". Before you can create test accounts at this Identity Provider, we need to ensure you are a legitimate administrator of "[% provider.displayname %]".
</div> </div>
<fieldset class="scrollable"> <fieldset class="scrollable">
[% IF metadata.contacts.defined %] [% IF provider.contacts.defined %]
<legend>Select your email address</legend> <legend>Select your email address</legend>
<label for="sp_entityid">The email addresses below have been extracted from your SP SAML metadata.<br/>Please select the email address where an email challenge <label for="sp_entityid">The email addresses below have been extracted from your SP SAML metadata.<br/>Please select the email address where an email challenge
can be sent to validate your identity</label> can be sent to validate your identity</label>
<div class="radio_inline"> <div class="radio_inline">
[% FOREACH email IN serviceprovider.list_contacts_as_array.sort %] [% FOREACH email IN provider.list_contacts_as_array.sort %]
<input name="email_address" value="[% email %]" type="radio" class="required"/><label for="email_address">[% email %]</label><br/> <input name="email_address" value="[% email %]" type="radio" class="required"/><label for="email_address">[% email %]</label><br/>
<input type="hidden" name="sp_entityid" value="[% metadata.entityid %]" id="sp_entityid"/> <input type="hidden" name="sp_entityid" value="[% provider.entityid %]" id="sp_entityid"/>
[% END %] [% END %]
</div> </div>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment