perl-net-saml2 / perl-crypt-openssl-verify Goto Github PK
View Code? Open in Web Editor NEWOfficial Repo for Crypt::OpenSSL:Verify
Home Page: https://metacpan.org/pod/Crypt::OpenSSL::Verify
License: Other
perl-crypt-openssl-verify's Introduction
NAME
Net::SAML2 - SAML2 bindings and protocol implementation
VERSION
version 0.82
SYNOPSIS
See TUTORIAL.md for implementation documentation and
t/12-full-client.t for a pseudo implementation following the tutorial
# generate a redirect off to the IdP:
my $idp = Net::SAML2::IdP->new($IDP);
my $sso_url = $idp->sso_url('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect');
my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
issuer => 'http://localhost:3000/metadata.xml',
destination => $sso_url,
nameid_format => $idp->format('persistent'),
)->as_xml;
my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
id => 'NETSAML2_Crypt::OpenSSL::Random::random_pseudo_bytes(16),
issuer => $self->{id}, # Service Provider (SP) Entity ID
destination => $sso_url, # Identity Provider (IdP) SSO URL
provider_name => $provider_name, # Service Provider (SP) Human Readable Name
issue_instant => DateTime->now, # Defaults to Current Time
);
my $request_id = $authnreq->id; # Store and Compare to InResponseTo
# or
my $request_id = 'NETSAML2_' . unpack 'H*', Crypt::OpenSSL::Random::random_pseudo_bytes(16);
my $authnreq = Net::SAML2::Protocol::AuthnRequest->as_xml(
id => $request_id, # Unique Request ID will be returned in response
issuer => $self->{id}, # Service Provider (SP) Entity ID
destination => $sso_url, # Identity Provider (IdP) SSO URL
provider_name => $provider_name, # Service Provider (SP) Human Readable Name
issue_instant => DateTime->now, # Defaults to Current Time
);
my $redirect = Net::SAML2::Binding::Redirect->new(
key => '/path/to/SPsign-nopw-key.pem',
url => $sso_url,
param => 'SAMLRequest' OR 'SAMLResponse',
cert => '/path/to/IdP-cert.pem'
);
my $url = $redirect->sign($authnreq);
my $ret = $redirect->verify($url);
# handle the POST back from the IdP, via the browser:
my $post = Net::SAML2::Binding::POST->new;
my $ret = $post->handle_response(
$saml_response
);
if ($ret) {
my $assertion = Net::SAML2::Protocol::Assertion->new_from_xml(
xml => decode_base64($saml_response),
key_file => "SP-Private-Key.pem", # Required for EncryptedAssertions
cacert => "IdP-cacert.pem", # Required for EncryptedAssertions
);
# ...
}
DESCRIPTION
Support for the Web Browser SSO profile of SAML2.
Net::SAML2 correctly perform the SSO process against numerous SAML
Identity Providers (IdPs). It has been tested against:
Version 0.54 and newer support EncryptedAssertions. No changes required
to existing SP applications if EncryptedAssertions are not in use.
Auth0 (requires Net::SAML2 >=0.39)
Azure (Microsoft Office 365)
GSuite (Google)
Jump
Keycloak
MockSAML (https://mocksaml.com/)
Mircosoft ADFS
Okta
OneLogin
PingIdentity (requires Net::SAML2 >=0.54)
SAMLTEST.ID (requires Net::SAML2 >=0.63)
Shibboleth (requires Net::SAML2 >=0.63)
SimpleSAMLphp
DigiD (requires Net::SAML2 >= 0.63)
eHerkenning (requires Net::SAML2 >= 0.73)
eIDAS (requires Net::SAML2 >= 0.73)
MAJOR CAVEATS
SP-side protocol only
Requires XML metadata from the IdP
AUTHORS
* Chris Andrews <[email protected]>
* Timothy Legge <[email protected]>
COPYRIGHT AND LICENSE
This software is copyright (c) 2024 by Venda Ltd, see the CONTRIBUTORS
file for others.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
perl-crypt-openssl-verify's People
Contributors
Watchers
perl-crypt-openssl-verify's Issues
Segfault in constructor
my $verify = Crypt::OpenSSL::Verify->new(Mozilla::CA::SSL_ca_file,{noCApath=>1});
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7843d84 in X509_LOOKUP_init () from /lib/x86_64-linux-gnu/libcrypto.so.1.1
(gdb) backtrace
#0 0x00007ffff7843d84 in X509_LOOKUP_init () from /lib/x86_64-linux-gnu/libcrypto.so.1.1
#1 0x00007ffff7fc81cc in XS_Crypt__OpenSSL__Verify_new () from /home/marc/perl5/perlbrew/perls/perl-5.32.0/lib/site_perl/5.32.0/x86_64-linux/auto/Crypt/OpenSSL/Verify/Verify.so
#2 0x000055555565b63e in Perl_pp_entersub ()
#3 0x0000555555651b63 in Perl_runops_standard ()
#4 0x00005555555c9c27 in perl_run ()
#5 0x00005555555a1202 in main ()
Issue with 32-bit - cast to pointer from integer of different size
Below is the error stack from stage 'fetch':
cp Verify.pm blib/lib/Crypt/OpenSSL/Verify.pm
Running Mkbootstrap for Verify ()
chmod 644 "Verify.bs"
"/home/cpan/pit/64bit/perl-5.28.1/bin/perl" "-Iinc" -MExtUtils::Command::MM -e 'cp_nonempty' -- Verify.bs blib/arch/auto/Crypt/OpenSSL/Verify/Verify.bs 644
"/home/cpan/pit/64bit/perl-5.28.1/bin/perl" "-Iinc" "/home/cpan/pit/64bit/perl-5.28.1/lib/5.28.1/ExtUtils/xsubpp" -typemap '/home/cpan/pit/64bit/perl-5.28.1/lib/5.28.1/ExtUtils/typemap' -typemap '/home/cpan/pit/64bit/conf/perl-5.28.1/.cpanplus/5.28.1/build/6iwVSwOHSM/Crypt-OpenSSL-Verify-0.17/typemap' Verify.xs > Verify.xsc
mv Verify.xsc Verify.c
cc -c -I/usr/include/openssl -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -Wall -Werror -DOPENSSL_API_COMPAT=0x10100000L -DVERSION="0.17" -DXS_VERSION="0.17" -fPIC "-I/home/cpan/pit/64bit/perl-5.28.1/lib/5.28.1/i686-linux-64int/CORE" Verify.c
Verify.xs: In function �XS_Crypt__OpenSSL__Verify_ctx_error_code�:
Verify.xs:397:43: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
RETVAL = X509_STORE_CTX_get_error((X509_STORE_CTX *) INT2PTR(UV, ctx));
^
cc1: all warnings being treated as errors
make: *** [Makefile:345: Verify.o] Error 1
Issues with 0.19
verify: unable to get issuer certificate
When verifying 1 cert against another, this error is thrown by 0.19 but not by 0.10
Use after free bug
Really weird that this only showed up on OpenBSD
http://www.cpantesters.org/cpan/report/02973edc-abea-11ea-a13c-7feaaed56ebc
The csc is freed before it is used at the end of verify
Improve t/03-verify-bad-cert.t
t/03-verify-bad-cert.t needs some improvements. It only checks for 3 specific errors returned. It should really just ensure that the certificate does not validate
new_from_x509($catext) method does not exist
Can't locate object method "new_from_X509" via package "Crypt::OpenSSL::Verify" at
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.