./security/cy2-saml, Crude SAML assertion validator for bridging WebSSO and SASL

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.8, Package name: cy2-saml-1.8, Maintainer: manu

SASL is a method for adding authentication support to connection-based
protocols. To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating protection
of subsequent protocol interactions. If its use is negotiated, a security
layer is inserted between the protocol and the connection.

This package contains a SASL plugin that perform a crude check on a SAML
authentication assertion. The assertion signature and date are verified,
and access is granted on behalf ot the user taked for a onfigurable
attribute.

The only protection against replay attacks is the assertion validity dates
checks, this authentication is therefore secure only if the SAML
authentication assertion remains secret. The assertion has the same role
as a web cookie used for authentication.

Here is a PHP example of LDAP binding using www/ap2-auth-mellon:
$saml_msg = $_SERVER["MELLON_SAML_RESPONSE"];
$userid = $_SERVER["REMOTE_USER"];
if (ldap_sasl_bind($ds, NULL, $saml_msg, "SAML",
NULL, $userid, NULL, "none") == FALSE) {
printf("ldap_sasl_bind() failed: %s", ldap_error($ds));
exit;
}


Required to run:
[textproc/libxml2] [security/cyrus-sasl] [security/lasso]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: d3e65764cc7c27329e5977b871487b00766cc2b8
RMD160: aea305b89149d964223711db18d1020ec0f9544b
Filesize: 314.148 KB

Version history: (Expand)


CVS history: (Expand)


   2017-05-25 05:17:41 by Emmanuel Dreyfus | Files touched by this commit (2) | Package updated
Log message:
Update crudesaml to 1.8

Changelog since previous version in pkgsrc

crusdesaml-1.8          2017-05-26
Fix crash introduced server side in 1.6 for saml_log()

crusdesaml-1.7          2017-05-22
Only iterate on XML_ELEMENT_NODE nodes

crusdesaml-1.6          2017-05-20
Typos in man pages (Florian Best)
Don't log the password length if it is too small (Florian Best)
Stop if wxmlXPathRegisterNs failed (Florian Best)
autoconf: Remove duplicate $(DESTDIR) (Florian Best)
PAM: Require only one provider (Florian Best)
PAM: No SONAME versioning (Philipp Hahn)
autoconf: Only strictness foreign (Philipp Hahn)
PAM: fix static PAM module build (Philipp Hahn)
Hide internal symbols (Philipp Hahn)
Fix varadic function SIGSEGV (Philipp Hahn)
Fix crash when using saml_log()/saml_error() in SASL client plugin

crusdesaml-1.5          2012-11-13
mod_shib2 compatibility, debug messages (Jan Tomasek)
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2014-01-01 12:52:43 by Thomas Klausner | Files touched by this commit (776)
Log message:
Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump.
   2012-10-23 20:17:02 by Aleksej Saushev | Files touched by this commit (368)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
   2012-09-15 12:07:21 by OBATA Akio | Files touched by this commit (1789) | Package updated
Log message:
recursive bump from libffi shlib major bump
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
   2012-06-14 09:45:42 by Steven Drake | Files touched by this commit (1202)
Log message:
Recursive PKGREVISION bump for libxml2 buildlink addition.
   2012-03-03 01:14:27 by Thomas Klausner | Files touched by this commit (1657)
Log message:
Recursive bump for pcre-8.30* (shlib major change)