Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/perl-net-saml2/perl-net-saml2

Net::SAML2 - SAML bindings and protocol implementation
https://github.com/perl-net-saml2/perl-net-saml2

authentication authnrequest identityprovider idp metadata perl protocol saml2 samlresponse serviceprovider sp web-app

Last synced: 3 months ago
JSON representation

Net::SAML2 - SAML bindings and protocol implementation

Host: GitHub
URL: https://github.com/perl-net-saml2/perl-net-saml2
Owner: perl-net-saml2
License: other
Created: 2020-06-01T00:02:06.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-08-30T18:19:02.000Z (5 months ago)
Last Synced: 2024-09-30T15:13:10.123Z (4 months ago)
Topics: authentication, authnrequest, identityprovider, idp, metadata, perl, protocol, saml2, samlresponse, serviceprovider, sp, web-app
Language: Perl
Homepage: https://metacpan.org/pod/Net::SAML2
Size: 1.11 MB
Stars: 8
Watchers: 4
Forks: 7
Open Issues: 5
Metadata Files:
- Readme: README
- Changelog: Changes
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

README

        NAME

    Net::SAML2 - SAML2 bindings and protocol implementation

VERSION

    version 0.82

SYNOPSIS

      See TUTORIAL.md for implementation documentation and

      t/12-full-client.t for a pseudo implementation following the tutorial

      # generate a redirect off to the IdP:

            my $idp = Net::SAML2::IdP->new($IDP);

            my $sso_url = $idp->sso_url('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect');

            my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(

                    issuer        => 'http://localhost:3000/metadata.xml',

                    destination   => $sso_url,

                    nameid_format => $idp->format('persistent'),

            )->as_xml;

            my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(

              id            => 'NETSAML2_Crypt::OpenSSL::Random::random_pseudo_bytes(16),

              issuer        => $self->{id},         # Service Provider (SP) Entity ID

              destination   => $sso_url,            # Identity Provider (IdP) SSO URL

              provider_name => $provider_name,      # Service Provider (SP) Human Readable Name

              issue_instant => DateTime->now,       # Defaults to Current Time

            );

            my $request_id = $authnreq->id; # Store and Compare to InResponseTo

            # or

            my $request_id = 'NETSAML2_' . unpack 'H*', Crypt::OpenSSL::Random::random_pseudo_bytes(16);

            my $authnreq = Net::SAML2::Protocol::AuthnRequest->as_xml(

              id            => $request_id,         # Unique Request ID will be returned in response

              issuer        => $self->{id},         # Service Provider (SP) Entity ID

              destination   => $sso_url,            # Identity Provider (IdP) SSO URL

              provider_name => $provider_name,      # Service Provider (SP) Human Readable Name

              issue_instant => DateTime->now,       # Defaults to Current Time

            );

            my $redirect = Net::SAML2::Binding::Redirect->new(

                    key => '/path/to/SPsign-nopw-key.pem',

                    url => $sso_url,

                    param => 'SAMLRequest' OR 'SAMLResponse',

                    cert => '/path/to/IdP-cert.pem'

            );

            my $url = $redirect->sign($authnreq);

            my $ret = $redirect->verify($url);

      # handle the POST back from the IdP, via the browser:

            my $post = Net::SAML2::Binding::POST->new;

            my $ret = $post->handle_response(

                    $saml_response

            );

            if ($ret) {

                    my $assertion = Net::SAML2::Protocol::Assertion->new_from_xml(

                            xml         => decode_base64($saml_response),

                            key_file    => "SP-Private-Key.pem",    # Required for EncryptedAssertions

                            cacert      => "IdP-cacert.pem",        # Required for EncryptedAssertions

                    );

                    # ...

            }

DESCRIPTION

    Support for the Web Browser SSO profile of SAML2.

    Net::SAML2 correctly perform the SSO process against numerous SAML

    Identity Providers (IdPs). It has been tested against:

    Version 0.54 and newer support EncryptedAssertions. No changes required

    to existing SP applications if EncryptedAssertions are not in use.

    Auth0 (requires Net::SAML2 >=0.39)

    Azure (Microsoft Office 365)

    GSuite (Google)

    Jump

    Keycloak

    MockSAML (https://mocksaml.com/)

    Mircosoft ADFS

    Okta

    OneLogin

    PingIdentity (requires Net::SAML2 >=0.54)

    SAMLTEST.ID (requires Net::SAML2 >=0.63)

    Shibboleth (requires Net::SAML2 >=0.63)

    SimpleSAMLphp

    DigiD (requires Net::SAML2 >= 0.63)

    eHerkenning (requires Net::SAML2 >= 0.73)

    eIDAS (requires Net::SAML2 >= 0.73)

MAJOR CAVEATS

    SP-side protocol only

    Requires XML metadata from the IdP

AUTHORS

    *   Chris Andrews 

    *   Timothy Legge 

COPYRIGHT AND LICENSE

    This software is copyright (c) 2024 by Venda Ltd, see the CONTRIBUTORS

    file for others.

    This is free software; you can redistribute it and/or modify it under

    the same terms as the Perl 5 programming language system itself.