File Coverage

blib/lib/Net/SAML2.pm

Criterion	Covered	Total	%
statement	36	36	100.0
branch			n/a
condition			n/a
subroutine	12	12	100.0
pod			n/a
total	48	48	100.0

line	stmt	sub	time	code
1				package Net::SAML2;
2	1	1	553	use strict;
	1		2
	1		22
3	1	1	4	use warnings;
	1		1
	1		41
4
5				require 5.008_001;
6
7				# ABSTRACT: SAML2 bindings and protocol implementation
8
9				our $VERSION = '0.43';
10				$VERSION = eval {$VERSION};
11
12
13				# entities
14	1	1	1014	use Net::SAML2::IdP;
	1		18106
	1		96
15	1	1	739	use Net::SAML2::SP;
	1		490
	1		53
16
17				# bindings
18	1	1	12	use Net::SAML2::Binding::Redirect;
	1		3
	1		27
19	1	1	6	use Net::SAML2::Binding::POST;
	1		2
	1		21
20	1	1	4	use Net::SAML2::Binding::SOAP;
	1		2
	1		22
21
22				# protocol
23	1	1	6	use Net::SAML2::Protocol::AuthnRequest;
	1		3
	1		22
24	1	1	4	use Net::SAML2::Protocol::LogoutRequest;
	1		3
	1		18
25	1	1	688	use Net::SAML2::Protocol::LogoutResponse;;
	1		538
	1		53
26	1	1	688	use Net::SAML2::Protocol::Assertion;
	1		6
	1		48
27	1	1	662	use Net::SAML2::Protocol::ArtifactResolve;
	1		417
	1		67
28
29
30				1;
31
32				__END__
33
34				=pod
35
36				=encoding UTF-8
37
38				=head1 NAME
39
40				Net::SAML2 - SAML2 bindings and protocol implementation
41
42				=head1 VERSION
43
44				version 0.43
45
46				=head1 SYNOPSIS
47
48				See TUTORIAL.md for implementation documentation and
49				t/12-full-client.t for a pseudo implementation following the tutorial
50
51				# generate a redirect off to the IdP:
52
53				my $idp = Net::SAML2::IdP->new($IDP);
54				my $sso_url = $idp->sso_url('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect');
55
56				my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
57				issuer => 'http://localhost:3000/metadata.xml',
58				destination => $sso_url,
59				nameid_format => $idp->format('persistent'),
60				)->as_xml;
61
62				my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
63				id => 'NETSAML2_Crypt::OpenSSL::Random::random_pseudo_bytes(16),
64				issuer => $self->{id}, # Service Provider (SP) Entity ID
65				destination => $sso_url, # Identity Provider (IdP) SSO URL
66				provider_name => $provider_name, # Service Provider (SP) Human Readable Name
67				issue_instant => DateTime->now, # Defaults to Current Time
68				);
69
70				my $request_id = $authnreq->id; # Store and Compare to InResponseTo
71
72				# or
73
74				my $request_id = 'NETSAML2_' . unpack 'H*', Crypt::OpenSSL::Random::random_pseudo_bytes(16);
75
76				my $authnreq = Net::SAML2::Protocol::AuthnRequest->as_xml(
77				id => $request_id, # Unique Request ID will be returned in response
78				issuer => $self->{id}, # Service Provider (SP) Entity ID
79				destination => $sso_url, # Identity Provider (IdP) SSO URL
80				provider_name => $provider_name, # Service Provider (SP) Human Readable Name
81				issue_instant => DateTime->now, # Defaults to Current Time
82				);
83
84				my $redirect = Net::SAML2::Binding::Redirect->new(
85				key => '/path/to/SPsign-nopw-key.pem',
86				url => $sso_url,
87				param => 'SAMLRequest' OR 'SAMLResponse',
88				cert => '/path/to/IdP-cert.pem'
89				);
90
91				my $url = $redirect->sign($authnreq);
92
93				my $ret = $redirect->verify($url);
94
95				# handle the POST back from the IdP, via the browser:
96
97				my $post = Net::SAML2::Binding::POST->new;
98				my $ret = $post->handle_response(
99				$saml_response
100				);
101
102				if ($ret) {
103				my $assertion = Net::SAML2::Protocol::Assertion->new_from_xml(
104				xml => decode_base64($saml_response)
105				);
106
107				# ...
108				}
109
110				=head1 DESCRIPTION
111
112				Support for the Web Browser SSO profile of SAML2.
113
114				Net::SAML2 correctly perform the SSO process against numerous SAML
115				Identity Providers (IdPs). It has been tested against:
116
117				=over
118
119				=item GSuite (Google)
120
121				=item Azure (Microsoft Office 365)
122
123				=item OneLogin
124
125				=item Jump
126
127				=item Mircosoft ADFS
128
129				=item Keycloak
130
131				=item Auth0 (requires Net::SAML2 >=0.39)
132
133				=item PingIdentity
134
135				=back
136
137				=head1 NAME
138
139				Net::SAML2 - SAML bindings and protocol implementation
140
141				=head1 MAJOR CAVEATS
142
143				=over
144
145				=item SP-side protocol only
146
147				=item Requires XML metadata from the IdP
148
149				=back
150
151				=head1 CONTRIBUTORS
152
153				=over
154
155				=item Chris Andrews <chris@nodnol.org>
156
157				=item Oskari Okko Ojala <okko@frantic.com>
158
159				=item Peter Marschall <peter@adpm.de>
160
161				=item Mike Wisener <xmikew@cpan.org>
162
163				=item Jeff Fearn <jfearn@redhat.com>
164
165				=item Alessandro Ranellucci <aar@cpan.org>
166
167				=item Mike Wisener <mwisener@secureworks.com>, xmikew <github@32ths.com>
168
169				=item xmikew <github@32ths.com>
170
171				=item Timothy Legge <timlegge@gmail.com>
172
173				=back
174
175				=head1 COPYRIGHT
176
177				The following copyright notice applies to all the files provided in
178				this distribution, including binary files, unless explicitly noted
179				otherwise.
180
181				Copyright 2010, 2011 Venda Ltd.
182
183				=head1 LICENCE
184
185				This library is free software; you can redistribute it and/or modify
186				it under the same terms as Perl itself.
187
188				=head1 AUTHOR
189
190				Chris Andrews <chrisa@cpan.org>
191
192				=head1 COPYRIGHT AND LICENSE
193
194				This software is copyright (c) 2021 by Chris Andrews and Others, see the git log.
195
196				This is free software; you can redistribute it and/or modify it under
197				the same terms as the Perl 5 programming language system itself.
198
199				=cut