Net::SAML2::SP − SAML Service Provider object
version 0.74
my $sp =
Net::SAML2::SP−>new(
id => 'http://localhost:3000',
url => 'http://localhost:3000',
cert => 'sign−nopw−cert.pem',
key => 'sign−nopw−key.pem',
);
Constructor. Create an SP object.
Arguments:
|
url |
Base for all SP service URLs |
error_url
The error URI. Can be relative to the base URI or a regular URI
|
id |
SP’s identity URI. |
cert
Path to the signing certificate
|
key |
Path to the private key for the signing certificate |
encryption_key
Path to the public key that the IdP should use for encryption. This is used when generating the metadata.
cacert
Path to the CA certificate for verification
org_name
SP organisation name
org_display_name
SP organisation display name
org_contact
SP contact email address
org_url
SP organization url. This is optional and url will be used as in previous versions if this is not provided.
authnreq_signed
Specifies in the metadata whether the SP signs the AuthnRequest Optional (0 or 1) defaults to 1 (TRUE) if not specified.
want_assertions_signed
Specifies in the metadata whether the SP wants the Assertion from the IdP to be signed Optional (0 or 1) defaults to 1 (TRUE) if not specified.
sign_metadata
Sign the metadata, defaults to 1 (TRUE) if not specified.
single_logout_service
The following option replaces the previous "slo_url_post", "slo_url_soap" and "slo_url_redirect" constructor parameters. The former options are mapped to this new structure.
This expects an array of hash refs where you define one or more Single Logout Services
[
{
Binding => BINDING_HTTP_POST,
Location =>
https://foo.example.com/your−post−endpoint,
},
{
Binding => BINDING_HTTP_ARTIFACT,
Location =>
https://foo.example.com/your−artifact−endpoint,
}
]
assertion_consumer_service
The following option replaces the previous "acs_url_post" and "acs_url_artifact" constructor parameters. The former options are mapped to this new structure.
This expects an array of hash refs where you define one or more Assertion Consumer Services.
[
# Order decides the index if not supplied, else we assume
you have an index
{
Binding => BINDING_HTTP_POST,
Location =>
https://foo.example.com/your−post−endpoint,
isDefault => 'false',
# optionally
index => 1,
},
{
Binding => BINDING_HTTP_ARTIFACT,
Location =>
https://foo.example.com/your−artifact−endpoint,
isDefault => 'true',
index => 2,
}
]
Returns an AuthnRequest object created by this SP, intended for the given destination, which should be the identity URI of the IdP.
%params is a hash containing parameters valid for Net::SAML2::Protocol::AuthnRequest. For example:
my %params = (
force_authn => 1,
is_passive => 1,
)
my $authnreq =
authn_request(
’https://keycloak.local:8443/realms/Foswiki/protocol/saml’,
’urn:oasis:names:tc:SAML:2.0:nameid−format:persistent’,
%params
);
Returns a LogoutRequest object created by this SP, intended for the given destination, which should be the identity URI of the IdP.
Also requires the nameid (+format) and session to be logged out.
$params is a HASH reference for parameters to Net::SAML2::Protocol::LogoutRequest
$params = (
# name qualifier parameters from Assertion NameId
name_qualifier =>
"https://idp.shibboleth.local/idp/shibboleth"
sp_name_qualifier =>
"https://netsaml2−testapp.local"
);
Returns a LogoutResponse object created by this SP, intended for the given destination, which should be the identity URI of the IdP.
Also requires the status and the ID of the corresponding LogoutRequest.
Returns an ArtifactResolve request object created by this SP, intended for the given destination, which should be the identity URI of the IdP.
Returns a POST binding object for this SP, configured against the given IDP for Single Sign On. $param specifies the name of the query parameter involved − typically "SAMLRequest".
Returns a Redirect binding object for this SP, configured against the given IDP for Single Sign On. $param specifies the name of the query parameter involved − typically "SAMLRequest".
Returns a Redirect binding object for this SP, configured against the given IDP for Single Log Out. $param specifies the name of the query parameter involved − typically "SAMLRequest" or "SAMLResponse".
Returns a SOAP binding object for this SP, with a destination of the given URL and signing certificate.
XXX UA
Returns a POST binding object for this SP.
Returns the Net::SAML2 unique ID from Net::SAML2::Util::generate_id.
Generate the metadata XML document for this SP.
Get the key name for either the "signing" or "encryption" key
Returns the metadata XML document for this SP.
Return the assertion service which is the default
|
• |
Chris Andrews <[email protected]> |
|||
|
• |
Timothy Legge <[email protected]> |
This software is copyright (c) 2023 by Venda Ltd, see the CONTRIBUTORS file for others.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.