./security/cy2-saml, Crude SAML assertion validator for bridging WebSSO and SASL

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.9, Package name: cy2-saml-1.9, Maintainer: manu

SASL is a method for adding authentication support to connection-based
protocols. To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating protection
of subsequent protocol interactions. If its use is negotiated, a security
layer is inserted between the protocol and the connection.

This package contains a SASL plugin that perform a crude check on a SAML
authentication assertion. The assertion signature and date are verified,
and access is granted on behalf ot the user taked for a onfigurable
attribute.

The only protection against replay attacks is the assertion validity dates
checks, this authentication is therefore secure only if the SAML
authentication assertion remains secret. The assertion has the same role
as a web cookie used for authentication.

Here is a PHP example of LDAP binding using www/ap2-auth-mellon:
$saml_msg = $_SERVER["MELLON_SAML_RESPONSE"];
$userid = $_SERVER["REMOTE_USER"];
if (ldap_sasl_bind($ds, NULL, $saml_msg, "SAML",
NULL, $userid, NULL, "none") == FALSE) {
printf("ldap_sasl_bind() failed: %s", ldap_error($ds));
exit;
}


Required to run:
[textproc/libxml2]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: bd62e4081e676a0a5a8bce77bb3e1428d964ca44
RMD160: 1dd827eda9a35f37850b4e6990a86d6ddec5a2ff
Filesize: 304.606 KB

Version history: (Expand)


CVS history: (Expand)


   2017-05-25 05:17:41 by Emmanuel Dreyfus | Files touched by this commit (2) | Package updated
Log message:
Update crudesaml to 1.8

Changelog since previous version in pkgsrc

crusdesaml-1.8          2017-05-26
Fix crash introduced server side in 1.6 for saml_log()

crusdesaml-1.7          2017-05-22
Only iterate on XML_ELEMENT_NODE nodes

crusdesaml-1.6          2017-05-20
Typos in man pages (Florian Best)
Don't log the password length if it is too small (Florian Best)
Stop if wxmlXPathRegisterNs failed (Florian Best)
autoconf: Remove duplicate $(DESTDIR) (Florian Best)
PAM: Require only one provider (Florian Best)
PAM: No SONAME versioning (Philipp Hahn)
autoconf: Only strictness foreign (Philipp Hahn)
PAM: fix static PAM module build (Philipp Hahn)
Hide internal symbols (Philipp Hahn)
Fix varadic function SIGSEGV (Philipp Hahn)
Fix crash when using saml_log()/saml_error() in SASL client plugin

crusdesaml-1.5          2012-11-13
mod_shib2 compatibility, debug messages (Jan Tomasek)
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2014-01-01 12:52:43 by Thomas Klausner | Files touched by this commit (776)
Log message:
Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump.
   2012-10-23 20:17:02 by Aleksej Saushev | Files touched by this commit (368)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
   2012-09-15 12:07:21 by OBATA Akio | Files touched by this commit (1789) | Package updated
Log message:
recursive bump from libffi shlib major bump
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
   2012-06-14 09:45:42 by Steven Drake | Files touched by this commit (1202)
Log message:
Recursive PKGREVISION bump for libxml2 buildlink addition.
   2012-03-03 01:14:27 by Thomas Klausner | Files touched by this commit (1657)
Log message:
Recursive bump for pcre-8.30* (shlib major change)