|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| Net::SAML2::SP(3) | User Contributed Perl Documentation | Net::SAML2::SP(3) |
NAME
Net::SAML2::SP - SAML Service Provider object
VERSION
version 0.82
SYNOPSIS
my $sp = Net::SAML2::SP->new(
issuer => 'http://localhost:3000',
url => 'http://localhost:3000',
cert => 'sign-nopw-cert.pem',
key => 'sign-nopw-key.pem', );
METHODS
new( ... )
Constructor. Create an SP object.
Arguments:
- id
- The ID attribute used in the EntityDescription tag
- url
- Base for all SP service URLs
- error_url
- The error URI. Can be relative to the base URI or a regular URI
- issuer
- SP's identity URI.
- cert
- Path to the signing certificate
- key
- Path to the private key for the signing certificate
- encryption_key
- Path to the public key that the IdP should use for encryption. This is used when generating the metadata.
- signing_only
- Indicate that the key for signing is exclusively used for signing and not encryption and signing.
- cacert
- Path to the CA certificate for verification
- lang
- Set the language for the "md:localizedNameType", defaults to "en".
- org_name
- SP organisation name
- org_display_name
- SP organisation display name
- org_contact
- SP contact email address
- org_url
- SP organization url. This is optional and url will be used as in previous versions if this is not provided.
- authnreq_signed
- Specifies in the metadata whether the SP signs the AuthnRequest Optional (0 or 1) defaults to 1 (TRUE) if not specified.
- want_assertions_signed
- Specifies in the metadata whether the SP wants the Assertion from the IdP to be signed Optional (0 or 1) defaults to 1 (TRUE) if not specified.
- sign_metadata
- Sign the metadata, defaults to 1 (TRUE) if not specified.
- single_logout_service
- The following option replaces the previous
"slo_url_post",
"slo_url_soap" and
"slo_url_redirect" constructor
parameters. The former options are mapped to this new structure.
This expects an array of hash refs where you define one or more Single Logout Services
[ { Binding => BINDING_HTTP_POST, Location => https://foo.example.com/your-post-endpoint, }, { Binding => BINDING_HTTP_ARTIFACT, Location => https://foo.example.com/your-artifact-endpoint, } ] - assertion_consumer_service
- The following option replaces the previous
"acs_url_post" and
"acs_url_artifact" constructor
parameters. The former options are mapped to this new structure.
This expects an array of hash refs where you define one or more Assertion Consumer Services.
[ # Order decides the index if not supplied, else we assume you have an index { Binding => BINDING_HTTP_POST, Location => https://foo.example.com/your-post-endpoint, isDefault => 'false', # optionally index => 1, }, { Binding => BINDING_HTTP_ARTIFACT, Location => https://foo.example.com/your-artifact-endpoint, isDefault => 'true', index => 2, } ]
authn_request( $destination, $nameid_format, %params )
Returns an AuthnRequest object created by this SP, intended for the given destination, which should be the identity URI of the IdP.
%params is a hash containing parameters valid for Net::SAML2::Protocol::AuthnRequest. For example:
force_authn => 1,
is_passive => 1,
)
my $authnreq = authn_request(
'https://keycloak.local:8443/realms/Foswiki/protocol/saml',
'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
%params
);
logout_request( $destination, $nameid, $nameid_format, $session, $params )
Returns a LogoutRequest object created by this SP, intended for the given destination, which should be the identity URI of the IdP.
Also requires the nameid (+format) and session to be logged out.
$params = (
# name qualifier parameters from Assertion NameId
name_qualifier => "https://idp.shibboleth.local/idp/shibboleth"
sp_name_qualifier => "https://netsaml2-testapp.local"
);
logout_response( $destination, $status, $in_response_to )
Returns a LogoutResponse object created by this SP, intended for the given destination, which should be the identity URI of the IdP.
Also requires the status and the ID of the corresponding LogoutRequest.
artifact_request( $destination, $artifact )
Returns an ArtifactResolve request object created by this SP, intended for the given destination, which should be the identity URI of the IdP.
sp_post_binding ( $idp, $param )
Returns a POST binding object for this SP, configured against the given IDP for Single Sign On. $param specifies the name of the query parameter involved - typically "SAMLRequest".
sso_redirect_binding( $idp, $param )
Returns a Redirect binding object for this SP, configured against the given IDP for Single Sign On. $param specifies the name of the query parameter involved - typically "SAMLRequest".
slo_redirect_binding( $idp, $param )
Returns a Redirect binding object for this SP, configured against the given IDP for Single Log Out. $param specifies the name of the query parameter involved - typically "SAMLRequest" or "SAMLResponse".
soap_binding( $ua, $idp_url, $idp_cert )
Returns a SOAP binding object for this SP, with a destination of the given URL and signing certificate.
XXX UA
post_binding( )
Returns a POST binding object for this SP.
generate_metadata( )
Generate the metadata XML document for this SP.
key_name($type)
Get the key name for either the "signing" or "encryption" key
metadata( )
Returns the metadata XML document for this SP.
get_default_assertion_service
Return the assertion service which is the default
AUTHORS
- Chris Andrews <chrisa@cpan.org>
- Timothy Legge <timlegge@gmail.com>
COPYRIGHT AND LICENSE
This software is copyright (c) 2025 by Venda Ltd, see the CONTRIBUTORS file for others.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
| 2025-05-27 | perl v5.40.2 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.