-
Notifications
You must be signed in to change notification settings - Fork 7
/
README
113 lines (86 loc) · 4.17 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
NAME
Net::SAML2 - SAML2 bindings and protocol implementation
VERSION
version 0.82
SYNOPSIS
See TUTORIAL.md for implementation documentation and
t/12-full-client.t for a pseudo implementation following the tutorial
# generate a redirect off to the IdP:
my $idp = Net::SAML2::IdP->new($IDP);
my $sso_url = $idp->sso_url('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect');
my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
issuer => 'http://localhost:3000/metadata.xml',
destination => $sso_url,
nameid_format => $idp->format('persistent'),
)->as_xml;
my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
id => 'NETSAML2_Crypt::OpenSSL::Random::random_pseudo_bytes(16),
issuer => $self->{id}, # Service Provider (SP) Entity ID
destination => $sso_url, # Identity Provider (IdP) SSO URL
provider_name => $provider_name, # Service Provider (SP) Human Readable Name
issue_instant => DateTime->now, # Defaults to Current Time
);
my $request_id = $authnreq->id; # Store and Compare to InResponseTo
# or
my $request_id = 'NETSAML2_' . unpack 'H*', Crypt::OpenSSL::Random::random_pseudo_bytes(16);
my $authnreq = Net::SAML2::Protocol::AuthnRequest->as_xml(
id => $request_id, # Unique Request ID will be returned in response
issuer => $self->{id}, # Service Provider (SP) Entity ID
destination => $sso_url, # Identity Provider (IdP) SSO URL
provider_name => $provider_name, # Service Provider (SP) Human Readable Name
issue_instant => DateTime->now, # Defaults to Current Time
);
my $redirect = Net::SAML2::Binding::Redirect->new(
key => '/path/to/SPsign-nopw-key.pem',
url => $sso_url,
param => 'SAMLRequest' OR 'SAMLResponse',
cert => '/path/to/IdP-cert.pem'
);
my $url = $redirect->sign($authnreq);
my $ret = $redirect->verify($url);
# handle the POST back from the IdP, via the browser:
my $post = Net::SAML2::Binding::POST->new;
my $ret = $post->handle_response(
$saml_response
);
if ($ret) {
my $assertion = Net::SAML2::Protocol::Assertion->new_from_xml(
xml => decode_base64($saml_response),
key_file => "SP-Private-Key.pem", # Required for EncryptedAssertions
cacert => "IdP-cacert.pem", # Required for EncryptedAssertions
);
# ...
}
DESCRIPTION
Support for the Web Browser SSO profile of SAML2.
Net::SAML2 correctly perform the SSO process against numerous SAML
Identity Providers (IdPs). It has been tested against:
Version 0.54 and newer support EncryptedAssertions. No changes required
to existing SP applications if EncryptedAssertions are not in use.
Auth0 (requires Net::SAML2 >=0.39)
Azure (Microsoft Office 365)
GSuite (Google)
Jump
Keycloak
MockSAML (https://mocksaml.com/)
Mircosoft ADFS
Okta
OneLogin
PingIdentity (requires Net::SAML2 >=0.54)
SAMLTEST.ID (requires Net::SAML2 >=0.63)
Shibboleth (requires Net::SAML2 >=0.63)
SimpleSAMLphp
DigiD (requires Net::SAML2 >= 0.63)
eHerkenning (requires Net::SAML2 >= 0.73)
eIDAS (requires Net::SAML2 >= 0.73)
MAJOR CAVEATS
SP-side protocol only
Requires XML metadata from the IdP
AUTHORS
* Chris Andrews <[email protected]>
* Timothy Legge <[email protected]>
COPYRIGHT AND LICENSE
This software is copyright (c) 2024 by Venda Ltd, see the CONTRIBUTORS
file for others.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.