logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

Lemonldap::NG::Portal::Main::Issuer - Base class for identity providers.

Authors

       LemonLDAP::NG team <http://lemonldap-ng.org/team>

Bug Report

       Use        OW2        system       to       report       bug       or       ask       for       features:
       <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>

Description

       Lemonldap::NG::Portal::Main::Issuer is a base class to write identity providers for Lemonldap::NG web-SSO
       system. It provide several methods to write easily an IdP and manage authentication if the identity
       request comes before authentication.

Download

       Lemonldap::NG is available at <https://lemonldap-ng.org/download>

Name

       Lemonldap::NG::Portal::Main::Issuer - Base class for identity providers.

See Also

Synopsis

         package Lemonldap::NG::Portal::Issuer::My;
         use strict;
         use Mouse;
         extends 'Lemonldap::NG::Portal::Main::Issuer';
         use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);

         # Required: URL root path
         use constant path => 'saml';

         # Optional initialization method
         sub init {
             my ($self) = @_;
             ...
             # Must return 1 (succeed) or 0 (failure)
         }

         # Required methods are run() and logout(), they are launched only for
         # authenticated users
         # $req is a Lemonldap::NG::Portal::Main::Request object
         # They must return a Lemonldap::NG::Portal::Main::Constants constant
         sub run {
             my ( $self, $req ) = @_
             ...
             return PE_OK
         }

         sub logout {
             my ( $self, $req ) = @_
             ...
             return PE_OK
         }
         1;

Writing An Identity Provider

       To write a classic identity provider, you just have to inherit this class and write run() and logout()
       methods. These methods must return a Lemonldap::NG::Portal::Main::Constants constant.

       A classic identity provider needs a "issuerDB>XXX<Path" parameter in LLNG configuration to declare its
       base URI path (see Lemonldap::NG::Manager::Build). Example: /saml/. All requests that starts with /saml/
       will call run() after authentication if needed, and no one else.

       The logout() function is called when user asks for logout on this server. If you want to write an
       identity provider, you must implement a single logout system.

   managingotherURIpath
       Lemonldap::NG::Portal::Main::Issuer provides methods to bind a method to an URI path:

       addAuthRoute() for authenticated users
       addUnauthRoute() for unauthenticated users

       They must be called during initialization process (so you must write the optional init() sub).

       Be careful with "add*authRoute()": you can't catch here your root path (= path declared in "$self->path")
       because it is caught by this module, but you can catch sub-routes (ie "/path/something").

       Example:

         sub init {
             my ($self) = @_;
             ...
             $self->addUnauthRoute( saml => { soap => 'soapServer' }, [ 'POST' ] );
             return 1;
         }
         sub soapServer {
             my ( $self, $req ) = @_;
             ...
             # You must return a valid PSGI response
             return [ 200, [ 'Content-Type' => 'application/xml' ], [] ];
         }

   avoidconflictsinpath
       If  you  share  base  URI path with another plugin (a "Auth::*" module for example), it is recommended to
       write a "ssoMatch" function that returns true if "$req->uri" has to be  handled  by  Issuer  module.  See
       "Issuer::SAML" or "Issuer::OpenIDConnect" to have some examples.

See Also