NAME
Mojo::SAML - A SAML2 toolkit using the Mojo toolkit
DESCRIPTION
Mojo::SAML is a project to build a SAML toolkit using the Mojo stack.
It is (for better or worse) completely reimplemented from the ground
up. It is considered extremely experimental and unstable (see
"CAVEATS").
That said, it can do basic SAML interactions given the proper
configuration. For more on SAML, you might want to consult
https://en.wikipedia.org/wiki/SAML_2.0 or
https://wiki.oasis-open.org/security.
CAVEATS
It currently has plenty of limitations and should be considered
extremely experimental. The API can and will change without warning
until this warning is removed.
It also relies heavily on using the simpler SAML bindings and is only
really workable for RSA keys. Because of this, there are dependencies
on Crypt::OpenSSL::RSA and Crypt::OpenSSL::X509 which really should be
optional, though they are required until other signing mechanisms are
included. Users are encouraged to add those modules to their own
dependencies in case they become optional in the future.
Currently data extraction and documentation are very much separate sets
of code. It is not yet decided if this will continue or if some effort
will be made to unify them. This is a large part of the concern for api
stability.
While most classes have API documentation, currently overall usage
documentation is lacking. For the time being, examples can be seen in
the ex/ directory within the source repository and/or distribution,
especially ex/webapp.pl. These examples will be modified as the API
changes and eventually usage documentation should be written.
Mojo::XMLSig has some tests, the rest has precious few tests. There
could always be more tests.
All of this should be improvable. PRs and comments are most welcome.
EXPORTS
Mojo::SAML exports nothing by default. On request it can export any of
the following symbols or tags.
XML Document Constructors
The following symbols are constant functions which return the full name
of Mojo::SAML::Document subclasses. Their name is both the name of the
subclass and the tag that they create.
AssertionConsumerService
Constant shortcut to Mojo::SAML::Document::AssertionConsumerService.
AttributeConsumingService
Constant shortcut to Mojo::SAML::Document::AttributeConsumingService.
AuthnRequest
Constant shortcut to Mojo::SAML::Document::AuthnRequest.
ContactPerson
Constant shortcut to Mojo::SAML::Document::ContactPerson.
EntityDescriptor
Constant shortcut to Mojo::SAML::Document::EntityDescriptor.
KeyDescriptor
Constant shortcut to Mojo::SAML::Document::KeyDescriptor.
KeyInfo
Constant shortcut to Mojo::SAML::Document::KeyInfo.
NameIDPolicy
Constant shortcut to Mojo::SAML::Document::NameIDPolicy.
Organization
Constant shortcut to Mojo::SAML::Document::Organization.
RequestedAttribute
Constant shortcut to Mojo::SAML::Document::RequestedAttribute.
Signature
Constant shortcut to Mojo::SAML::Document::Signature.
SPSSODescriptor
Constant shortcut to Mojo::SAML::Document::SPSSODescriptor.
Tags
:docs
Exports all of the above document type constants.
OTHER MODULES
While they aren't linked to from this module, some other modules that
will likely be useful are:
Mojo::SAML::Names
Mojo::SAML::Names is a (fairly incomplete) list of naming conventions
and standard used in SAML.
Mojo::SAML::IdP
Mojo::SAML::IdP is a tool for examining the entity metadata returned
from an identity provider and extracting useful inforamation.
Mojo::XMLSig
Mojo::XMLSig is a tool for signing and verifying XML documents. Note
that it is possible that this module could be spun out into its own
distribution at some point. If it does, this module will depend on it.
SOURCE REPOSITORY
http://github.com/jberger/Mojo-SAML
AUTHOR
Joel Berger, <joel.a.berger@gmail.com>
COPYRIGHT AND LICENSE
Copyright (C) 2018 by Joel Berger This library is free software; you
can redistribute it and/or modify it under the same terms as Perl
itself.