File Coverage

blib/lib/Net/SAML2.pm

Criterion	Covered	Total	%
statement	39	39	100.0
branch			n/a
condition			n/a
subroutine	13	13	100.0
pod			n/a
total	52	52	100.0

line	stmt	sub	time	code
1	3	3	6768	use strict;
	3		11
	3		83
2	3	3	14	use warnings;
	3		5
	3		147
3				package Net::SAML2;
4				our $VERSION = "0.74";
5
6				require 5.012;
7
8				# ABSTRACT: SAML2 bindings and protocol implementation
9
10				# entities
11	3	3	1273	use Net::SAML2::IdP;
	3		32313
	3		123
12	3	3	1266	use Net::SAML2::SP;
	3		844
	3		119
13
14				# bindings
15	3	3	25	use Net::SAML2::Binding::Redirect;
	3		7
	3		65
16	3	3	16	use Net::SAML2::Binding::POST;
	3		7
	3		70
17	3	3	18	use Net::SAML2::Binding::SOAP;
	3		6
	3		63
18
19				# protocol
20	3	3	14	use Net::SAML2::Protocol::AuthnRequest;
	3		7
	3		58
21	3	3	15	use Net::SAML2::Protocol::LogoutRequest;
	3		7
	3		54
22	3	3	1704	use Net::SAML2::Protocol::LogoutResponse;;
	3		1274
	3		162
23	3	3	2098	use Net::SAML2::Protocol::Assertion;
	3		13
	3		162
24	3	3	1814	use Net::SAML2::Protocol::Artifact;
	3		13
	3		142
25	3	3	1827	use Net::SAML2::Protocol::ArtifactResolve;
	3		1209
	3		177
26
27				1;
28
29				__END__
30
31				=pod
32
33				=encoding UTF-8
34
35				=head1 NAME
36
37				Net::SAML2 - SAML2 bindings and protocol implementation
38
39				=head1 VERSION
40
41				version 0.74
42
43				=head1 SYNOPSIS
44
45				See TUTORIAL.md for implementation documentation and
46				t/12-full-client.t for a pseudo implementation following the tutorial
47
48				# generate a redirect off to the IdP:
49
50				my $idp = Net::SAML2::IdP->new($IDP);
51				my $sso_url = $idp->sso_url('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect');
52
53				my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
54				issuer => 'http://localhost:3000/metadata.xml',
55				destination => $sso_url,
56				nameid_format => $idp->format('persistent'),
57				)->as_xml;
58
59				my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
60				id => 'NETSAML2_Crypt::OpenSSL::Random::random_pseudo_bytes(16),
61				issuer => $self->{id}, # Service Provider (SP) Entity ID
62				destination => $sso_url, # Identity Provider (IdP) SSO URL
63				provider_name => $provider_name, # Service Provider (SP) Human Readable Name
64				issue_instant => DateTime->now, # Defaults to Current Time
65				);
66
67				my $request_id = $authnreq->id; # Store and Compare to InResponseTo
68
69				# or
70
71				my $request_id = 'NETSAML2_' . unpack 'H*', Crypt::OpenSSL::Random::random_pseudo_bytes(16);
72
73				my $authnreq = Net::SAML2::Protocol::AuthnRequest->as_xml(
74				id => $request_id, # Unique Request ID will be returned in response
75				issuer => $self->{id}, # Service Provider (SP) Entity ID
76				destination => $sso_url, # Identity Provider (IdP) SSO URL
77				provider_name => $provider_name, # Service Provider (SP) Human Readable Name
78				issue_instant => DateTime->now, # Defaults to Current Time
79				);
80
81				my $redirect = Net::SAML2::Binding::Redirect->new(
82				key => '/path/to/SPsign-nopw-key.pem',
83				url => $sso_url,
84				param => 'SAMLRequest' OR 'SAMLResponse',
85				cert => '/path/to/IdP-cert.pem'
86				);
87
88				my $url = $redirect->sign($authnreq);
89
90				my $ret = $redirect->verify($url);
91
92				# handle the POST back from the IdP, via the browser:
93
94				my $post = Net::SAML2::Binding::POST->new;
95				my $ret = $post->handle_response(
96				$saml_response
97				);
98
99				if ($ret) {
100				my $assertion = Net::SAML2::Protocol::Assertion->new_from_xml(
101				xml => decode_base64($saml_response),
102				key_file => "SP-Private-Key.pem", # Required for EncryptedAssertions
103				cacert => "IdP-cacert.pem", # Required for EncryptedAssertions
104				);
105
106				# ...
107				}
108
109				=head1 DESCRIPTION
110
111				Support for the Web Browser SSO profile of SAML2.
112
113				Net::SAML2 correctly perform the SSO process against numerous SAML
114				Identity Providers (IdPs). It has been tested against:
115
116				Version 0.54 and newer support EncryptedAssertions. No changes required to existing
117				SP applications if EncryptedAssertions are not in use.
118
119				=over
120
121				=item Auth0 (requires Net::SAML2 >=0.39)
122
123				=item Azure (Microsoft Office 365)
124
125				=item GSuite (Google)
126
127				=item Jump
128
129				=item Keycloak
130
131				=item Mircosoft ADFS
132
133				=item Okta
134
135				=item OneLogin
136
137				=item PingIdentity (requires Net::SAML2 >=0.54)
138
139				=item SAMLTEST.ID (requires Net::SAML2 >=0.63)
140
141				=item Shibboleth (requires Net::SAML2 >=0.63)
142
143				=item SimpleSAMLphp
144
145				=item DigiD (requires Net::SAML2 >= 0.63)
146
147				=item eHerkenning (requires Net::SAML2 >= 0.73)
148
149				=item eIDAS (requires Net::SAML2 >= 0.73)
150
151				=back
152
153				=head1 MAJOR CAVEATS
154
155				=over
156
157				=item SP-side protocol only
158
159				=item Requires XML metadata from the IdP
160
161				=back
162
163				=head1 AUTHORS
164
165				=over 4
166
167				=item *
168
169				Chris Andrews <chrisa@cpan.org>
170
171				=item *
172
173				Timothy Legge <timlegge@gmail.com>
174
175				=back
176
177				=head1 COPYRIGHT AND LICENSE
178
179				This software is copyright (c) 2023 by Venda Ltd, see the CONTRIBUTORS file for others.
180
181				This is free software; you can redistribute it and/or modify it under
182				the same terms as the Perl 5 programming language system itself.
183
184				=cut