Net::SAML2::Binding::Redirect - HTTP Redirect binding for SAML

NAME  VERSION  SYNOPSIS  METHODS  new( ... )  get_redirect_uri($authn_request, $relaystate)  sign( $request, $relaystate )  verify( $query_string )  AUTHORS  COPYRIGHT AND LICENSE 

NAME

Net::SAML2::Binding::Redirect − HTTP Redirect binding for SAML

VERSION

version 0.74

SYNOPSIS

my $redirect = Net::SAML2::Binding::Redirect−>new(
key => '/path/to/SPsign−nopw−key.pem', # Service Provider (SP) private key
url => $sso_url, # Service Provider Single Sign Out URL
param => 'SAMLRequest' OR 'SAMLResponse', # Type of request
cert => $idp−>cert('signing') # Identity Provider (IdP) certificate
sig_hash => 'sha1', 'sha224', 'sha256', 'sha384', 'sha512' # Signature to sign request
);
my $url = $redirect−>sign($authnreq);
my $ret = $redirect−>verify($url);

METHODS

new( ... )

Constructor. Creates an instance of the Redirect binding.

Arguments:

key

The SP’s (Service Provider) also known as your application’s signing key that your application uses to sign the AuthnRequest. Some IdPs may not verify the signature.

Usually required when param is "SAMLRequest".

If you don’t want to sign the request, you can pass "insecure => 1" and not provide a key; in this case, "sign" will return a non-signed URL.

cert

IdP’s (Identity Provider’s) certificate that is used to verify a signed Redirect from the IdP. It is used to verify the signature of the Redirect response. Required with param being "SAMLResponse".

url

IdP’s SSO (Single Sign Out) service url for the Redirect binding Required with param being "SAMLRequest".

param

query param name to use (SAMLRequest, SAMLResponse) Defaults to "SAMLRequest".

sig_hash

RSA hash to use to sign request

Supported:

sha1, sha224, sha256, sha384, sha512

Defaults to "sha1".

debug

Output extra debugging information

get_redirect_uri($authn_request, $relaystate)

Get the redirect URI for a given request, and returns the URL to which the user’s browser should be redirected.

Accepts an optional RelayState parameter, a string which will be returned to the requestor when the user returns from the authentication process with the IdP.

The request is signed unless the the object has been instantiated with "<insecure =" 1>>.

sign( $request, $relaystate )

Signs the given request, and returns the URL to which the user’s browser should be redirected.

Accepts an optional RelayState parameter, a string which will be returned to the requestor when the user returns from the authentication process with the IdP.

Returns the signed (or unsigned) URL for the SAML2 redirect

verify( $query_string )

my ($request, $relaystate) = $self−>verify($query_string)

Decode a Redirect binding URL.

Verifies the signature on the response.

Requires the *raw* query string to be passed, because URI parses and re-encodes URI-escapes in uppercase (%3f becomes %3F, for instance), which leads to signature verification failures if the other party uses lower case (or mixed case).

Returns an ARRAY of containing the verified request and relaystate (if it exists). Croaks on errors.

AUTHORS

Chris Andrews <[email protected]>

Timothy Legge <[email protected]>

COPYRIGHT AND LICENSE

This software is copyright (c) 2023 by Venda Ltd, see the CONTRIBUTORS file for others.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

Updated 2024-01-29 - jenkler.se | uex.se