An exception will be thrown if this option isn't an integer, or if this option isn't found, and no default value
is given.
| public getInteger ( string $name, mixed $default = self::REQUIRED_OPTION ) : integer | mixed | ||
| $name | string | The name of the option. |
| $default | mixed | A default value which will be returned if the option isn't found. The option will be required if this parameter isn't given. The default value can be any value, including null. |
| return | integer | mixed | The option with the given name, or $default if the option isn't found and $default is specified. |
/**
* Initializes this discovery service.
*
* The constructor does the parsing of the request. If this is an invalid request, it will throw an exception.
*
* @param array $metadataSets Array with metadata sets we find remote entities in.
* @param string $instance The name of this instance of the discovery service.
*/
public function __construct(array $metadataSets, $instance)
{
parent::__construct($metadataSets, $instance);
$this->discoconfig = SimpleSAML_Configuration::getConfig('module_discopower.php');
$this->cdcDomain = $this->discoconfig->getString('cdc.domain', null);
if ($this->cdcDomain !== null && $this->cdcDomain[0] !== '.') {
// ensure that the CDC domain starts with a dot ('.') as required by the spec
$this->cdcDomain = '.' . $this->cdcDomain;
}
$this->cdcLifetime = $this->discoconfig->getInteger('cdc.lifetime', null);
}
/**
* Build a new logging handler based on syslog.
*/
public function __construct(\SimpleSAML_Configuration $config)
{
$facility = $config->getInteger('logging.facility', defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER);
$processname = $config->getString('logging.processname', 'SimpleSAMLphp');
// Setting facility to LOG_USER (only valid in Windows), enable log level rewrite on windows systems
if (System::getOS() === System::WINDOWS) {
$this->isWindows = true;
$facility = LOG_USER;
}
openlog($processname, LOG_PID, $facility);
}
/**
* Getter for the LDAP connection object. Created this getter
* rather than setting in the constructor to avoid unnecessarily
* connecting to LDAP when it might not be needed.
*
* @return sspmod_ldap_LdapConnection
*/
protected function getLdap()
{
// Check if already connected
if ($this->ldap) {
return $this->ldap;
}
// Get the connection specific options
$hostname = $this->config->getString('ldap.hostname');
$port = $this->config->getInteger('ldap.port', 389);
$enable_tls = $this->config->getBoolean('ldap.enable_tls', false);
$debug = $this->config->getBoolean('ldap.debug', false);
$timeout = $this->config->getInteger('ldap.timeout', 0);
$username = $this->config->getString('ldap.username', null);
$password = $this->config->getString('ldap.password', null);
// Log the LDAP connection
SimpleSAML\Logger::debug($this->title . 'Connecting to LDAP server;' . ' Hostname: ' . $hostname . ' Port: ' . $port . ' Enable TLS: ' . ($enable_tls ? 'Yes' : 'No') . ' Debug: ' . ($debug ? 'Yes' : 'No') . ' Timeout: ' . $timeout . ' Username: '******' Password: '******'*', strlen($password)));
// Connect to the LDAP server to be queried during processing
$this->ldap = new SimpleSAML_Auth_LDAP($hostname, $enable_tls, $debug, $timeout, $port);
$this->ldap->bind($username, $password);
// All done
return $this->ldap;
}
/**
* Build an authentication request based on information in the metadata.
*
* @param SimpleSAML_Configuration $spMetadata The metadata of the service provider.
* @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider.
*/
public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
{
$ar = new \SAML2\AuthnRequest();
// get the NameIDPolicy to apply. IdP metadata has precedence.
$nameIdPolicy = array();
if ($idpMetadata->hasValue('NameIDPolicy')) {
$nameIdPolicy = $idpMetadata->getValue('NameIDPolicy');
} elseif ($spMetadata->hasValue('NameIDPolicy')) {
$nameIdPolicy = $spMetadata->getValue('NameIDPolicy');
}
if (!is_array($nameIdPolicy)) {
// handle old configurations where 'NameIDPolicy' was used to specify just the format
$nameIdPolicy = array('Format' => $nameIdPolicy);
}
$nameIdPolicy_cf = SimpleSAML_Configuration::loadFromArray($nameIdPolicy);
$policy = array('Format' => $nameIdPolicy_cf->getString('Format', \SAML2\Constants::NAMEID_TRANSIENT), 'AllowCreate' => $nameIdPolicy_cf->getBoolean('AllowCreate', true));
$spNameQualifier = $nameIdPolicy_cf->getString('SPNameQualifier', false);
if ($spNameQualifier !== false) {
$policy['SPNameQualifier'] = $spNameQualifier;
}
$ar->setNameIdPolicy($policy);
$ar->setForceAuthn($spMetadata->getBoolean('ForceAuthn', FALSE));
$ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE));
$protbind = $spMetadata->getValueValidate('ProtocolBinding', array(\SAML2\Constants::BINDING_HTTP_POST, \SAML2\Constants::BINDING_HOK_SSO, \SAML2\Constants::BINDING_HTTP_ARTIFACT, \SAML2\Constants::BINDING_HTTP_REDIRECT), \SAML2\Constants::BINDING_HTTP_POST);
/* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */
$ar->setProtocolBinding($protbind);
$ar->setIssuer($spMetadata->getString('entityid'));
$ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', NULL));
$ar->setAttributeConsumingServiceIndex($spMetadata->getInteger('AttributeConsumingServiceIndex', NULL));
if ($spMetadata->hasValue('AuthnContextClassRef')) {
$accr = $spMetadata->getArrayizeString('AuthnContextClassRef');
$comp = $spMetadata->getValueValidate('AuthnContextComparison', array(\SAML2\Constants::COMPARISON_EXACT, \SAML2\Constants::COMPARISON_MINIMUM, \SAML2\Constants::COMPARISON_MAXIMUM, \SAML2\Constants::COMPARISON_BETTER), \SAML2\Constants::COMPARISON_EXACT);
$ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr, 'Comparison' => $comp));
}
self::addRedirectSign($spMetadata, $idpMetadata, $ar);
return $ar;
}
/**
* Build an authentication request based on information in the metadata.
*
* @param SimpleSAML_Configuration $spMetadata The metadata of the service provider.
* @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider.
*/
public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
{
$ar = new SAML2_AuthnRequest();
if ($spMetadata->hasValue('NameIDPolicy')) {
$nameIdPolicy = $spMetadata->getString('NameIDPolicy', NULL);
} else {
$nameIdPolicy = $spMetadata->getString('NameIDFormat', SAML2_Const::NAMEID_TRANSIENT);
}
if ($nameIdPolicy !== NULL) {
$ar->setNameIdPolicy(array('Format' => $nameIdPolicy, 'AllowCreate' => TRUE));
}
$ar->setForceAuthn($spMetadata->getBoolean('ForceAuthn', FALSE));
$ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE));
$protbind = $spMetadata->getValueValidate('ProtocolBinding', array(SAML2_Const::BINDING_HTTP_POST, SAML2_Const::BINDING_HOK_SSO, SAML2_Const::BINDING_HTTP_ARTIFACT, SAML2_Const::BINDING_HTTP_REDIRECT), SAML2_Const::BINDING_HTTP_POST);
/* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */
$ar->setProtocolBinding($protbind);
$ar->setIssuer($spMetadata->getString('entityid'));
$ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', NULL));
$ar->setAttributeConsumingServiceIndex($spMetadata->getInteger('AttributeConsumingServiceIndex', NULL));
if ($spMetadata->hasValue('AuthnContextClassRef')) {
$accr = $spMetadata->getArrayizeString('AuthnContextClassRef');
$ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr));
}
self::addRedirectSign($spMetadata, $idpMetadata, $ar);
return $ar;
}
/**
* Initialize this aggregator.
*
* @param string $id The id of this aggregator.
* @param SimpleSAML_Configuration $config The configuration for this aggregator.
*/
protected function __construct($id, SimpleSAML_Configuration $config)
{
assert('is_string($id)');
$this->id = $id;
$this->logLoc = 'aggregator2:' . $this->id . ': ';
$this->cronTag = $config->getString('cron.tag', NULL);
$this->cacheDirectory = $config->getString('cache.directory', NULL);
if ($this->cacheDirectory !== NULL) {
$this->cacheDirectory = SimpleSAML_Utilities::resolvePath($this->cacheDirectory);
}
$this->cacheGenerated = $config->getInteger('cache.generated', NULL);
if ($this->cacheGenerated !== NULL) {
$this->cacheId = sha1($this->id);
$this->cacheTag = sha1(serialize($config));
}
// configure entity IDs excluded by default
$this->excludeEntities($config->getArrayize('exclude', null));
// configure filters
$this->setFilters($config->getArrayize('filter', null));
$this->validLength = $config->getInteger('valid.length', 7 * 24 * 60 * 60);
$globalConfig = SimpleSAML_Configuration::getInstance();
$certDir = $globalConfig->getPathValue('certdir', 'cert/');
$signKey = $config->getString('sign.privatekey', NULL);
if ($signKey !== NULL) {
$signKey = SimpleSAML_Utilities::resolvePath($signKey, $certDir);
$this->signKey = @file_get_contents($signKey);
if ($this->signKey === NULL) {
throw new SimpleSAML_Error_Exception('Unable to load private key from ' . var_export($signKey, TRUE));
}
}
$this->signKeyPass = $config->getString('sign.privatekey_pass', NULL);
$signCert = $config->getString('sign.certificate', NULL);
if ($signCert !== NULL) {
$signCert = SimpleSAML_Utilities::resolvePath($signCert, $certDir);
$this->signCert = @file_get_contents($signCert);
if ($this->signCert === NULL) {
throw new SimpleSAML_Error_Exception('Unable to load certificate file from ' . var_export($signCert, TRUE));
}
}
$this->sslCAFile = $config->getString('ssl.cafile', NULL);
$this->regInfo = $config->getArray('RegistrationInfo', NULL);
$this->initSources($config->getConfigList('sources'));
}
