GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Net::SAML2::Binding::Redirect(3) User Contributed Perl Documentation Net::SAML2::Binding::Redirect(3)

Net::SAML2::Binding::Redirect - HTTP Redirect binding for SAML

version 0.82

  my $redirect = Net::SAML2::Binding::Redirect->new(
    key     => '/path/to/SPsign-nopw-key.pem',          # Service Provider (SP) private key
    url     => $sso_url,                                                        # Service Provider Single Sign Out URL
    param   => 'SAMLRequest' OR 'SAMLResponse',         # Type of request
    cert    => $idp->cert('signing')                            # Identity Provider (IdP) certificate
    sig_hash => 'sha256', 'sha224', 'sha384', 'sha512' or 'sha1'  # Signature to sign request
  );
  my $url = $redirect->sign($authnreq);
  my $ret = $redirect->verify($url);

Constructor. Creates an instance of the Redirect binding.

Arguments:

The SP's (Service Provider) also known as your application's signing key that your application uses to sign the AuthnRequest. Some IdPs may not verify the signature.

Usually required when param is "SAMLRequest".

If you don't want to sign the request, you can pass "insecure => 1" and not provide a key; in this case, "sign" will return a non-signed URL.

IdP's (Identity Provider's) certificate that is used to verify a signed Redirect from the IdP. It is used to verify the signature of the Redirect response. Required with param being "SAMLResponse".
IdP's SSO (Single Sign Out) service url for the Redirect binding Required with param being "SAMLRequest".
query param name to use (SAMLRequest, SAMLResponse) Defaults to "SAMLRequest".
RSA signature hash used to sign request

Supported:

sha256, sha224, sha384, sha512 and sha1

Defaults to "sha256".

Output extra debugging information

Get the redirect URI for a given request, and returns the URL to which the user's browser should be redirected.

Accepts an optional RelayState parameter, a string which will be returned to the requestor when the user returns from the authentication process with the IdP.

The request is signed unless the the object has been instantiated with "<insecure =" 1>>.

Signs the given request, and returns the URL to which the user's browser should be redirected.

Accepts an optional RelayState parameter, a string which will be returned to the requestor when the user returns from the authentication process with the IdP.

Returns the signed (or unsigned) URL for the SAML2 redirect

    my ($request, $relaystate) = $self->verify($query_string)

Decode a Redirect binding URL.

Verifies the signature on the response.

Requires the *raw* query string to be passed, because URI parses and re-encodes URI-escapes in uppercase (%3f becomes %3F, for instance), which leads to signature verification failures if the other party uses lower case (or mixed case).

Returns an ARRAY of containing the verified request and relaystate (if it exists). Croaks on errors.

  • Chris Andrews <chrisa@cpan.org>
  • Timothy Legge <timlegge@gmail.com>

This software is copyright (c) 2025 by Venda Ltd, see the CONTRIBUTORS file for others.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

2025-05-27 perl v5.40.2
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.