Skip to content
Snippets Groups Projects
Commit 527f42e4 authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

extract metadata only if needed

parent 15ea4d0f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/IdPAccountManager/WebRequest.pm
+ 37
69
View file @ 527f42e4
......@@ -242,86 +242,54 @@ sub req_select_sp {
return undef;
}
my $federation_metadata;
eval {
$federation_metadata = IdPAccountManager::SAMLMetadata->new(
file => $self->{configuration}->{federation_metadata_file_path}
);
};
if ($EVAL_ERROR) {
push @{ $self->{out}->{errors} }, "internal";
$self->{logger}->error("Failed to load federation metadata: $EVAL_ERROR");
return undef;
}
$federation_metadata->parse(id => $self->{in}->{sp_entityid});
## Create a serviceprovider object to store major parameters for this SP in DB
my $service_provider = IdPAccountManager::Data::ServiceProvider->new(
db => $self->{db},
entityid => $self->{in}->{sp_entityid},
dev_sp_contact => $self->{configuration}->{dev_sp_contact}
# Create a persistent service provider object
my $provider = IdPAccountManager::Data::ServiceProvider->new(
db => $self->{db},
entityid => $self->{in}->{sp_entityid}
);
## Prepare data
my $sp_metadata_as_hashref =
$federation_metadata->{federation_metadata_as_hashref}->[0];
my @contacts;
if (defined $sp_metadata_as_hashref->{contacts}) {
foreach my $contact (@{ $sp_metadata_as_hashref->{contacts} }) {
my $email = $contact->{EmailAddress};
$email =~ s/^(mailto:)//; ## Remove 'mailto:' prefixes if any
push @contacts, $email;
}
}
my $display_name;
if (defined $sp_metadata_as_hashref->{display_name}) {
## Use English version of displayName if available
if ($sp_metadata_as_hashref->{display_name}->{en}) {
$display_name = $sp_metadata_as_hashref->{display_name}->{en};
## Else any language
} else {
foreach
my $lang (keys %{ $sp_metadata_as_hashref->{display_name} })
{
$display_name =
$sp_metadata_as_hashref->{display_name}->{$lang};
last;
}
if ($provider->load(speculative => 1)) {
# already present in DB, nothing todo
} else {
# extract information from metadata
my $metadata;
eval {
$metadata = IdPAccountManager::SAMLMetadata->new(
file => $self->{configuration}->{federation_metadata_file_path}
);
};
if ($EVAL_ERROR) {
push @{ $self->{out}->{errors} }, "internal";
$self->{logger}->error("Failed to load federation metadata: $EVAL_ERROR");
return undef;
}
}
## Try loading DB object first
if ($service_provider->load(speculative => 1)) {
$service_provider->contacts(join(',', @contacts));
$service_provider->displayname($display_name);
my $sps = $metadata->parse(id => $self->{in}->{sp_entityid});
if (!@$sps) {
push @{ $self->{out}->{errors} }, "no_such_entity";
$self->{logger}->errorf(
"No such entity %s in metadata", $self->{in}->{sp_entityid}
);
return undef;
}
my $sp = $sps->[0];
} else {
# complete persistent object
$provider->displayname($sp->{display_name});
$provider->contacts(
join(',', map { $_->{EmailAddress} } @{$sp->{contacts}})
) if $sp->{contacts};
$service_provider = IdPAccountManager::Data::ServiceProvider->new(
db => $self->{db},
entityid => $self->{in}->{sp_entityid},
contacts => join(',', @contacts),
displayname => $display_name,
dev_sp_contact => $self->{configuration}->{dev_sp_contact}
);
unless (defined $service_provider) {
# save in DB
unless ($provider->save()) {
push @{ $self->{out}->{errors} }, "internal";
$self->{logger}->error("Failed to create serviceprovider object");
$self->{logger}->error("Failed to save service provider object");
return undef;
}
}
unless ($service_provider->save()) {
push @{ $self->{out}->{errors} }, "internal";
$self->{logger}->error("Failed to save serviceprovider object");
return undef;
}
$self->{out}->{sp_metadata_as_hashref} =
$federation_metadata->{federation_metadata_as_hashref}->[0];
$self->{out}->{serviceprovider} = $service_provider;
$self->{out}->{provider} = $provider;
$self->{out}->{subtitle} = 'Select your Service Provider';
return 1;
......
templates/web/select_sp.tt2.html
+ 4
9
View file @ 527f42e4
<h3>Send email challenge</h3>
[% IF serviceprovider.displayname %]
[% SET sp_display_name = serviceprovider.displayname %]
[% ELSE %]
[% SET sp_display_name = metadata.entityid %]
[% END %]
<div>
Before you can create test accounts at this Identity Provider, we need to ensure you are a legitimate administrator of "[% sp_display_name %]".
Before you can create test accounts at this Identity Provider, we need to ensure you are a legitimate administrator of "[% provider.displayname %]".
</div>
<fieldset class="scrollable">
[% IF metadata.contacts.defined %]
[% IF provider.contacts.defined %]
<legend>Select your email address</legend>
<label for="sp_entityid">The email addresses below have been extracted from your SP SAML metadata.<br/>Please select the email address where an email challenge
can be sent to validate your identity</label>
<div class="radio_inline">
[% FOREACH email IN serviceprovider.list_contacts_as_array.sort %]
[% FOREACH email IN provider.list_contacts_as_array.sort %]
<input name="email_address" value="[% email %]" type="radio" class="required"/><label for="email_address">[% email %]</label><br/>
<input type="hidden" name="sp_entityid" value="[% metadata.entityid %]" id="sp_entityid"/>
<input type="hidden" name="sp_entityid" value="[% provider.entityid %]" id="sp_entityid"/>
[% END %]
</div>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment