[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [wsf-dev] Perl Net::SAML



Duncan Garland wrote:
> Hi Sampo,
>
> Thanks. That's helpful.
>
> I've just been trying to install Net::SAML from CPAN so that I can look at
> zxidhlo.pl.
>
> The CPAN install fails with an unspecified error. If I cd to the build
> directory and run make I get:
>
> debian1:~/.cpan/build/zxid-0.49-4VCijF# make
> If you get compilation errors, try: make help
> Now trying to compile series of test programs to check dependencies...
>
> gcc -g -fpic -fmessage-length=0 -Wno-unused-label -Wno-unknown-pragmas
> -fno-
> strict-aliasing -Wall -Wno-parentheses -DMAYBE_UNUSED='__attribute__
> ((unused))' -ffunction-sections -fdata-sections -D_REENTRANT -DDEBUG
> -DUSE_C
> URL -DUSE_OPENSSL -DLINUX -I. -I/root/.cpan/build/zxid-0.49-4VCijF
> -I/usr/lo
> cal/ssl/include -I/usr/local/include -I/usr/local/httpd/include
> -I/usr/local
> /httpd/srclib/apr-util/include   -c -o precheck/chk-zlib.o
> precheck/chk-zlib.c
> precheck/chk-zlib.c:13:18: error: zlib.h: No such file or directory
> precheck/chk-zlib.c: In function bmainb:
> precheck/chk-zlib.c:20: error: bZLIB_VERSIONb undeclared (first use in
> this function)
> precheck/chk-zlib.c:20: error: (Each undeclared identifier is reported
> only
> once
> precheck/chk-zlib.c:20: error: for each function it appears in.)
> precheck/chk-zlib.c:21: warning: implicit declaration of function
> bzlibVersionb
> precheck/chk-zlib.c:21: warning: format b%sb expects type bchar
> *b,
> but argument 2 has type bintb
> make: *** [precheck/chk-zlib.o] Error 1
> debian1:~/.cpan/build/zxid-0.49-4VCijF#
>
> zlib.h does exist anywhere on the system, although it is used in zxutil.c.

You need to sintall zlib-devel package. In general whenever some .h file
is missing you need the developer package of your distro.

> Looking at your help files, it seems that it may require quite a lot of
> custom configuration to get it running. Is there a standard package for
> Debian Lenny? I've had a quick look at the Debian website and I can't see

Not at the moment. There are far too many distributions to support
for me to have time. Contributions welcome.

Cheers,
--Sampo

> one. There definately isn't one called simply "xzid".
>
> All the best.
>
> Duncan
>
> -----Original Message-----
> From: sampo@xxxxxxxxxxx [mailto:sampo@xxxxxxxxxxx]
> Sent: 06 March 2010 23:41
> To: Duncan Garland
> Cc: wsf-dev@xxxxxxxxxxxxxxxxxxxxx; zxid.user@xxxxxxxxxxxxx
> Subject: Re: [wsf-dev] Perl Net::SAML
>
>
> Duncan Garland wrote:
>> I've been struggling to decode a SAML XML document for most of the last
>> week. I think I saw Net::SAML early on but decided to decode the XML
>> directly. After a week of frustration I've returned to Net::SAML and
>> ZXID
>> and I'm wondering if I've been reinventing the wheel.
>
> You may be able to decode directly, but it is highly unlikely you
> will be able to verify the signature correctly.
>
>> I've been posted an HTML form with two fields. The second is called
>> SAMLResponse and contains a load of Base 64 characters. If I take it out
>> of
>> Base 64 I get a SAML XML document with various signatures and some
>> fields
>> which are needed for the user to log on.
>>
>> I need to do something along the following lines:
>>
>> my $cgi = CGI->new();
>> my $saml = Net::SAML->new();
>
> Above is hypothetical pseudocode, of course. The Net::SAML API
> is not object oriented.
>
>> my $SAMLResponseInBase64 = $cgi->param( "SAMLResponse" );
>>
>> # Remove Base 64 encoding here?
>>
>> my $xml = $saml->magically_verify_signature_and_decrypt(
>> $SAMLResponseInBase64, $senders_public_key );
>> die "Get lost." if ! $xml; # A better error message would help!
>>
>> login( $xml );
>>
>> Will Net::SAML do this? Are there some simple examples in Perl? The
>> documentation is a bit confusing.
>
> Accepted, the documentation is confusing.
>
> You can do exactly what you want, and I'll come back to it in a moment,
> but the design intent was that you would let Net::SAML::simple_cf()
> do all the sig verifying and attribute extraction for you.
>
> I encourage you to study zxidhlo.pl in the zxid-0.XX.tgz tar ball. In
> essence, if give right input, consistent with the POST phase of the
> SAML SSO cycle (e.g. the post happens to URL consistent with
> the configuration and ending in o=P), then it will return you
> an LDIF (or Query String or JSON, depending on the auto flags)
> of the extracted attributes.
>
> Now, to do exactly what you want, you would call
>
> Net::SAML::sp_dispatch()
>
> with cgi->qs set to the SAMLResponse input.
>
> I recommend you stick to Net::SAML::simple_cf() as it is an officially
> supported interface.
>
> Another point to consider is what do you in the end want out of
> the SSO transaction. If you do not need XML, but just the attributes,
> then Net::SAML::simple_cf() will serve you well. Here is an example:
>
> $url = "http://sp.tas3.pt:8082/zxidhlo.pl";;  # Edit to match your
> situation
> $conf = "PATH=/var/zxid/&URL=$url";
> $cf = Net::SAML::new_conf_to_cf($conf);
> $qs = $ENV{'QUERY_STRING'};
> $qs = <STDIN> if $qs =~ /o=P/;
> $res = Net::SAML::simple_cf($cf, -1, $qs, undef, 0x1828);
> $op = substr($res, 0, 1);
> if ($op eq 'L' || $op eq 'C') { warn "res($res) len=".length($res); print
> $res; exit; } # LOCATION (Redir) or CONTENT
> if ($op eq 'n') { exit; } # already handled
> if ($op eq 'e') { my_render_login_screen(); exit; }
> if ($op ne 'd') { die "Unknown Net::SAML::simple() res($res)"; }
>
> # At this point you are logged in. $res contains LDIF of the attributes.
> # You would use these to start your application session.
>
>> (Do you know that the zxid.org home page doesn't render in IE
>> 8.0.6001.18702? Firefox is fine.)
>
> I am aware of this. Thanks. In fact, the problem is that I should
> pick up the newer OpenLiberty.org stylesheets and templates that
> do render correctly on IE8. Will be looked into eventually.
>
> Cheers,
> --Sampo
>
>> Regards
>>
>> Duncan