2012-11-01 15:48:10 +01:00
|
|
|
/* SOGoSAML2Actions.m - this file is part of SOGo
|
|
|
|
*
|
2014-01-10 03:10:48 +01:00
|
|
|
* Copyright (C) 2012-2014 Inverse inc
|
2012-11-01 15:48:10 +01:00
|
|
|
*
|
|
|
|
* This file is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2, or (at your option)
|
|
|
|
* any later version.
|
|
|
|
*
|
|
|
|
* This file is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; see the file COPYING. If not, write to
|
|
|
|
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
|
|
* Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
2012-11-02 20:31:49 +01:00
|
|
|
|
|
|
|
#import <NGObjWeb/SoApplication.h>
|
|
|
|
#import <NGObjWeb/SoObject.h>
|
|
|
|
#import <NGObjWeb/WOContext+SoObjects.h>
|
|
|
|
#import <NGObjWeb/WOCookie.h>
|
|
|
|
#import <NGObjWeb/WORequest.h>
|
2012-11-01 15:48:10 +01:00
|
|
|
#import <NGObjWeb/WOResponse.h>
|
2012-11-02 20:31:49 +01:00
|
|
|
#import <NGExtensions/NSCalendarDate+misc.h>
|
|
|
|
#import <NGExtensions/NSString+misc.h>
|
2012-11-01 15:48:10 +01:00
|
|
|
|
2014-11-27 17:37:08 +01:00
|
|
|
#import <SOGo/SOGoCache.h>
|
2012-11-01 15:48:10 +01:00
|
|
|
#import <SOGo/SOGoSAML2Session.h>
|
2014-11-26 21:09:30 +01:00
|
|
|
#import <SOGo/SOGoSession.h>
|
|
|
|
#import <SOGo/SOGoSystemDefaults.h>
|
2012-11-02 20:31:49 +01:00
|
|
|
#import <SOGo/SOGoWebAuthenticator.h>
|
2012-11-01 15:48:10 +01:00
|
|
|
|
|
|
|
@interface SOGoSAML2Actions : WODirectAction
|
|
|
|
@end
|
|
|
|
|
|
|
|
@implementation SOGoSAML2Actions
|
|
|
|
|
|
|
|
- (WOResponse *) saml2MetadataAction
|
|
|
|
{
|
2014-11-26 21:09:30 +01:00
|
|
|
NSString *metadata, *certContent;
|
|
|
|
SOGoSystemDefaults *sd;
|
2012-11-01 15:48:10 +01:00
|
|
|
WOResponse *response;
|
|
|
|
|
|
|
|
response = [context response];
|
|
|
|
[response setHeader: @"application/xml; charset=utf-8"
|
|
|
|
forKey: @"content-type"];
|
|
|
|
|
2014-11-26 21:09:30 +01:00
|
|
|
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
|
|
|
|
|
|
|
certContent = [NSString stringWithContentsOfFile: [sd SAML2CertificateLocation]];
|
|
|
|
|
|
|
|
metadata = [SOGoSAML2Session metadataInContext: context
|
|
|
|
certificate: certContent];
|
|
|
|
|
2012-11-01 15:48:10 +01:00
|
|
|
[response setContentEncoding: NSUTF8StringEncoding];
|
|
|
|
[response appendContentString: metadata];
|
|
|
|
|
|
|
|
return response;
|
|
|
|
}
|
|
|
|
|
2014-11-27 17:37:08 +01:00
|
|
|
//
|
|
|
|
//
|
|
|
|
//
|
2014-11-26 21:09:30 +01:00
|
|
|
- (WOResponse *) saml2SingleLogoutServiceAction
|
|
|
|
{
|
2014-11-27 17:37:08 +01:00
|
|
|
NSString *userName, *value, *cookieName, *domain, *username, *password;
|
2014-11-26 21:09:30 +01:00
|
|
|
SOGoWebAuthenticator *auth;
|
2014-12-04 23:59:17 +01:00
|
|
|
SOGoSystemDefaults *sd;
|
2014-11-26 21:09:30 +01:00
|
|
|
WOResponse *response;
|
|
|
|
NSCalendarDate *date;
|
|
|
|
WOCookie *cookie;
|
|
|
|
NSArray *creds;
|
|
|
|
|
|
|
|
userName = [[context activeUser] login];
|
|
|
|
[self logWithFormat: @"SAML2 IdP-initiated SLO for user '%@'", userName];
|
|
|
|
|
2014-12-04 23:59:17 +01:00
|
|
|
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
|
|
|
|
2014-11-26 21:09:30 +01:00
|
|
|
response = [context response];
|
|
|
|
|
2014-12-04 23:59:17 +01:00
|
|
|
if ([sd SAML2LogoutURL])
|
|
|
|
{
|
|
|
|
[response setStatus: 302];
|
|
|
|
[response setHeader: [sd SAML2LogoutURL] forKey: @"location"];
|
|
|
|
}
|
|
|
|
|
2014-11-26 21:09:30 +01:00
|
|
|
if ([userName isEqualToString: @"anonymous"])
|
|
|
|
return response;
|
|
|
|
|
|
|
|
cookie = nil;
|
|
|
|
|
|
|
|
date = [NSCalendarDate calendarDate];
|
2019-12-09 14:50:50 +01:00
|
|
|
[date setTimeZone: [NSTimeZone timeZoneForSecondsFromGMT: 0]];
|
2014-11-26 21:09:30 +01:00
|
|
|
|
|
|
|
// We cleanup the memecached/database session cache. We do this before
|
|
|
|
// invoking _logoutCookieWithDate: in order to obtain its value.
|
|
|
|
auth = [[SoApplication application] authenticatorInContext: context];
|
|
|
|
|
|
|
|
if ([auth respondsToSelector: @selector (cookieNameInContext:)])
|
|
|
|
{
|
|
|
|
cookieName = [auth cookieNameInContext: context];
|
|
|
|
value = [[context request] cookieValueForKey: cookieName];
|
|
|
|
creds = [auth parseCredentials: value];
|
2014-11-27 17:37:08 +01:00
|
|
|
|
|
|
|
// We first delete our memcached entry
|
|
|
|
value = [SOGoSession valueForSessionKey: [creds lastObject]];
|
|
|
|
domain = nil;
|
|
|
|
|
|
|
|
[SOGoSession decodeValue: value
|
|
|
|
usingKey: [creds objectAtIndex: 0]
|
|
|
|
login: &username
|
|
|
|
domain: &domain
|
|
|
|
password: &password];
|
|
|
|
|
|
|
|
[[SOGoCache sharedCache] removeSAML2LoginDumpsForIdentifier: password];
|
2014-11-26 21:09:30 +01:00
|
|
|
|
|
|
|
if ([creds count] > 1)
|
|
|
|
[SOGoSession deleteValueForSessionKey: [creds objectAtIndex: 1]];
|
|
|
|
|
|
|
|
if ([cookieName length])
|
|
|
|
{
|
|
|
|
cookie = [WOCookie cookieWithName: cookieName value: @"discard"];
|
|
|
|
[cookie setPath: [NSString stringWithFormat: @"/%@/", [[context request] applicationName]]];
|
|
|
|
[cookie setExpires: [date yesterday]];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cookie)
|
|
|
|
[response addCookie: cookie];
|
|
|
|
|
|
|
|
return response;
|
|
|
|
}
|
|
|
|
|
2012-11-02 20:31:49 +01:00
|
|
|
- (WOCookie *) _authLocationResetCookieWithName: (NSString *) cookieName
|
|
|
|
{
|
|
|
|
WOCookie *locationCookie;
|
|
|
|
NSString *appName;
|
|
|
|
WORequest *rq;
|
|
|
|
NSCalendarDate *date;
|
|
|
|
|
|
|
|
rq = [context request];
|
|
|
|
locationCookie = [WOCookie cookieWithName: cookieName value: [rq uri]];
|
|
|
|
appName = [rq applicationName];
|
|
|
|
[locationCookie setPath: [NSString stringWithFormat: @"/%@/", appName]];
|
|
|
|
date = [NSCalendarDate calendarDate];
|
2019-12-09 14:50:50 +01:00
|
|
|
[date setTimeZone: [NSTimeZone timeZoneForSecondsFromGMT: 0]];
|
2012-11-02 20:31:49 +01:00
|
|
|
[locationCookie setExpires: [date yesterday]];
|
|
|
|
|
|
|
|
return locationCookie;
|
|
|
|
}
|
|
|
|
|
|
|
|
- (WOResponse *) saml2SignOnPOSTAction
|
|
|
|
{
|
|
|
|
WORequest *rq;
|
|
|
|
WOResponse *response;
|
|
|
|
SoApplication *application;
|
|
|
|
SOGoSAML2Session *newSession;
|
|
|
|
WOCookie *authCookie;
|
|
|
|
NSString *login, *oldLocation, *newLocation;
|
|
|
|
SOGoWebAuthenticator *auth;
|
|
|
|
|
|
|
|
rq = [context request];
|
|
|
|
if ([[rq method] isEqualToString: @"POST"])
|
|
|
|
{
|
|
|
|
newSession = [SOGoSAML2Session SAML2SessionInContext: context];
|
|
|
|
[newSession processAuthnResponse: [rq formValueForKey: @"SAMLResponse"]];
|
|
|
|
login = [newSession login];
|
|
|
|
|
|
|
|
application = [SoApplication application];
|
|
|
|
auth = [application authenticatorInContext: context];
|
|
|
|
authCookie = [auth cookieWithUsername: login
|
|
|
|
andPassword: [newSession identifier]
|
|
|
|
inContext: context];
|
|
|
|
|
|
|
|
oldLocation = [[context clientObject] baseURLInContext: context];
|
|
|
|
newLocation = [NSString stringWithFormat: @"%@/%@",
|
|
|
|
oldLocation, [login stringByEscapingURL]];
|
|
|
|
|
|
|
|
response = [context response];
|
|
|
|
[response setStatus: 302];
|
|
|
|
[response setHeader: @"text/plain; charset=utf-8"
|
|
|
|
forKey: @"content-type"];
|
|
|
|
[response setHeader: newLocation forKey: @"location"];
|
|
|
|
[response addCookie: authCookie];
|
|
|
|
}
|
|
|
|
|
|
|
|
return response;
|
|
|
|
}
|
|
|
|
|
2012-11-01 15:48:10 +01:00
|
|
|
@end
|