Skip to content

perl-net-saml2/perl-Net-SAML2

Repository files navigation

NAME
    Net::SAML2 - SAML2 bindings and protocol implementation

VERSION
    version 0.82

SYNOPSIS
      See TUTORIAL.md for implementation documentation and
      t/12-full-client.t for a pseudo implementation following the tutorial

      # generate a redirect off to the IdP:

            my $idp = Net::SAML2::IdP->new($IDP);
            my $sso_url = $idp->sso_url('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect');

            my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
                    issuer        => 'http://localhost:3000/metadata.xml',
                    destination   => $sso_url,
                    nameid_format => $idp->format('persistent'),
            )->as_xml;

            my $authnreq = Net::SAML2::Protocol::AuthnRequest->new(
              id            => 'NETSAML2_Crypt::OpenSSL::Random::random_pseudo_bytes(16),
              issuer        => $self->{id},         # Service Provider (SP) Entity ID
              destination   => $sso_url,            # Identity Provider (IdP) SSO URL
              provider_name => $provider_name,      # Service Provider (SP) Human Readable Name
              issue_instant => DateTime->now,       # Defaults to Current Time
            );

            my $request_id = $authnreq->id; # Store and Compare to InResponseTo

            # or

            my $request_id = 'NETSAML2_' . unpack 'H*', Crypt::OpenSSL::Random::random_pseudo_bytes(16);

            my $authnreq = Net::SAML2::Protocol::AuthnRequest->as_xml(
              id            => $request_id,         # Unique Request ID will be returned in response
              issuer        => $self->{id},         # Service Provider (SP) Entity ID
              destination   => $sso_url,            # Identity Provider (IdP) SSO URL
              provider_name => $provider_name,      # Service Provider (SP) Human Readable Name
              issue_instant => DateTime->now,       # Defaults to Current Time
            );

            my $redirect = Net::SAML2::Binding::Redirect->new(
                    key => '/path/to/SPsign-nopw-key.pem',
                    url => $sso_url,
                    param => 'SAMLRequest' OR 'SAMLResponse',
                    cert => '/path/to/IdP-cert.pem'
            );

            my $url = $redirect->sign($authnreq);

            my $ret = $redirect->verify($url);

      # handle the POST back from the IdP, via the browser:

            my $post = Net::SAML2::Binding::POST->new;
            my $ret = $post->handle_response(
                    $saml_response
            );

            if ($ret) {
                    my $assertion = Net::SAML2::Protocol::Assertion->new_from_xml(
                            xml         => decode_base64($saml_response),
                            key_file    => "SP-Private-Key.pem",    # Required for EncryptedAssertions
                            cacert      => "IdP-cacert.pem",        # Required for EncryptedAssertions
                    );

                    # ...
            }

DESCRIPTION
    Support for the Web Browser SSO profile of SAML2.

    Net::SAML2 correctly perform the SSO process against numerous SAML
    Identity Providers (IdPs). It has been tested against:

    Version 0.54 and newer support EncryptedAssertions. No changes required
    to existing SP applications if EncryptedAssertions are not in use.

    Auth0 (requires Net::SAML2 >=0.39)
    Azure (Microsoft Office 365)
    GSuite (Google)
    Jump
    Keycloak
    MockSAML (https://mocksaml.com/)
    Mircosoft ADFS
    Okta
    OneLogin
    PingIdentity (requires Net::SAML2 >=0.54)
    SAMLTEST.ID (requires Net::SAML2 >=0.63)
    Shibboleth (requires Net::SAML2 >=0.63)
    SimpleSAMLphp
    DigiD (requires Net::SAML2 >= 0.63)
    eHerkenning (requires Net::SAML2 >= 0.73)
    eIDAS (requires Net::SAML2 >= 0.73)

MAJOR CAVEATS
    SP-side protocol only
    Requires XML metadata from the IdP

AUTHORS
    *   Chris Andrews <[email protected]>

    *   Timothy Legge <[email protected]>

COPYRIGHT AND LICENSE
    This software is copyright (c) 2024 by Venda Ltd, see the CONTRIBUTORS
    file for others.

    This is free software; you can redistribute it and/or modify it under
    the same terms as the Perl 5 programming language system itself.