security/cy2-saml - The NetBSD Packages Collection

Crude SAML assertion validator for bridging WebSSO and SASL

SASL is a method for adding authentication support to connection-based
protocols.  To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating protection
of subsequent protocol interactions.  If its use is negotiated, a security
layer is inserted between the protocol and the connection.

This package contains a SASL plugin that perform a crude check on a SAML
authentication assertion. The assertion signature and date are verified,
and access is granted on behalf ot the user taked for a onfigurable
attribute.

The only protection against replay attacks is the assertion validity dates
checks, this authentication is therefore secure only if the SAML
authentication assertion remains secret. The assertion has the same role
as a web cookie used for authentication.

Here is a PHP example of LDAP binding using www/ap2-auth-mellon:
        $saml_msg = $_SERVER["MELLON_SAML_RESPONSE"];
        $userid = $_SERVER["REMOTE_USER"];
        if (ldap_sasl_bind($ds, NULL, $saml_msg, "SAML",
                           NULL, $userid, NULL, "none") == FALSE) {
                printf("ldap_sasl_bind() failed: %s", ldap_error($ds));
                exit;
        }

Build dependencies

devel/glib2-tools devel/libtool-base pkgtools/mktools devel/pkgconf pkgtools/cwrappers

Runtime dependencies

security/cyrus-sasl textproc/libxml2 security/lasso security/cyrus-sasl textproc/libxml2 security/lasso

Binary packages

OSArchitectureVersion
NetBSD 10.0aarch64cy2-saml-1.11nb12.tgz
NetBSD 10.0aarch64cy2-saml-1.10nb10.tgz
NetBSD 10.0aarch64cy2-saml-1.10nb10.tgz
NetBSD 10.0aarch64ebcy2-saml-1.10nb10.tgz
NetBSD 10.0aarch64ebcy2-saml-1.11nb12.tgz
NetBSD 10.0alphacy2-saml-1.11nb12.tgz
NetBSD 10.0earmv6hfcy2-saml-1.11nb12.tgz
NetBSD 10.0earmv6hfcy2-saml-1.10nb10.tgz
NetBSD 10.0earmv6hfcy2-saml-1.10nb10.tgz
NetBSD 10.0earmv7hfcy2-saml-1.11nb12.tgz
NetBSD 10.0earmv7hfcy2-saml-1.10nb10.tgz
NetBSD 10.0earmv7hfcy2-saml-1.10nb10.tgz
NetBSD 10.0i386cy2-saml-1.11nb12.tgz
NetBSD 10.0i386cy2-saml-1.10nb10.tgz
NetBSD 10.0powerpccy2-saml-1.10nb10.tgz
NetBSD 10.0x86_64cy2-saml-1.11nb12.tgz
NetBSD 10.0_BETAx86_64cy2-saml-1.10nb10.tgz
NetBSD 8.0i386cy2-saml-1.10nb10.tgz
NetBSD 8.0i386cy2-saml-1.10nb10.tgz
NetBSD 8.0powerpccy2-saml-1.10nb9.tgz
NetBSD 8.0powerpccy2-saml-1.10nb10.tgz
NetBSD 8.0powerpccy2-saml-1.10nb10.tgz
NetBSD 8.0x86_64cy2-saml-1.10nb10.tgz
NetBSD 8.0x86_64cy2-saml-1.10nb10.tgz
NetBSD 8.0x86_64cy2-saml-1.11nb12.tgz
NetBSD 9.0aarch64cy2-saml-1.11nb12.tgz
NetBSD 9.0aarch64cy2-saml-1.10nb10.tgz
NetBSD 9.0aarch64cy2-saml-1.10nb10.tgz
NetBSD 9.0alphacy2-saml-1.10nb9.tgz
NetBSD 9.0alphacy2-saml-1.11nb12.tgz
NetBSD 9.0earmv6hfcy2-saml-1.11nb12.tgz
NetBSD 9.0earmv6hfcy2-saml-1.10nb10.tgz
NetBSD 9.0earmv6hfcy2-saml-1.10nb10.tgz
NetBSD 9.0earmv7hfcy2-saml-1.11nb12.tgz
NetBSD 9.0earmv7hfcy2-saml-1.10nb10.tgz
NetBSD 9.0earmv7hfcy2-saml-1.10nb10.tgz
NetBSD 9.0i386cy2-saml-1.10nb10.tgz
NetBSD 9.0i386cy2-saml-1.11nb12.tgz
NetBSD 9.0mips64ebcy2-saml-1.10nb9.tgz
NetBSD 9.0powerpccy2-saml-1.11nb12.tgz
NetBSD 9.0powerpccy2-saml-1.10nb10.tgz
NetBSD 9.0powerpccy2-saml-1.10nb10.tgz
NetBSD 9.0sparc64cy2-saml-1.10nb9.tgz
NetBSD 9.0sparccy2-saml-1.10nb9.tgz
NetBSD 9.0x86_64cy2-saml-1.11nb12.tgz
NetBSD 9.0x86_64cy2-saml-1.10nb10.tgz
NetBSD 9.3x86_64cy2-saml-1.10nb10.tgz
NetBSD 9.3x86_64cy2-saml-1.11nb12.tgz

Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.

Available build options

(none)

Known vulnerabilities

The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.

Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.


Problem reports, updates or suggestions for this package should be reported with send-pr.