/** * Attach the data to the token, and establish the Callback URL (and verifier for 1.0a protocol handling) * @param $requestTokenKey RequestToken that was authorized * @param $data Data that is authorized and to be attached to the requestToken * @return array(string:url, string:verifier) ; empty verifier for 1.0-response */ public function authorize($requestTokenKey, $data) { $url = null; $verifier = ''; $version = $this->defaultversion; // See whether to remember values from the original requestToken request: $request_attributes = $this->store->get('requesttorequest', $requestTokenKey, ''); // must be there .. if ($request_attributes['value']) { // establish version to work with $v = $request_attributes['value']['version']; if ($v) { $version = $v; } // establish callback to use if ($request_attributes['value']['callback']) { $url = $request_attributes['value']['callback']; } } // Is there a callback registered? This is leading, even over a supplied oauth_callback-parameter $oConsumer = $this->lookup_consumer($request_attributes['value']['consumerKey']); if ($oConsumer && $oConsumer->callback_url) { $url = $oConsumer->callback_url; } if ($version == '1.0a') { $verifier = SimpleSAML_Utilities::generateID(); $url = SimpleSAML_Utilities::addURLparameter($url, array("oauth_verifier" => $verifier)); } $this->store->set('authorized', $requestTokenKey, $verifier, $data, $this->config->getValue('requestTokenDuration', 60 * 30)); return array($url, $verifier); }
/** * Create the redirect URL for a message. * * @param SAML2_Message $message The message. * @return string The URL the user should be redirected to in order to send a message. * @throws Exception */ public function getRedirectURL(SAML2_Message $message) { $store = SimpleSAML_Store::getInstance(); if ($store === FALSE) { throw new Exception('Unable to send artifact without a datastore configured.'); } $generatedId = pack('H*', (string) SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(20))); $artifact = base64_encode("" . sha1($message->getIssuer(), TRUE) . $generatedId); $artifactData = $message->toUnsignedXML(); $artifactDataString = $artifactData->ownerDocument->saveXML($artifactData); $store->set('artifact', $artifact, $artifactDataString, time() + 15 * 60); $params = array('SAMLart' => $artifact); $relayState = $message->getRelayState(); if ($relayState !== NULL) { $params['RelayState'] = $relayState; } return SimpleSAML_Utilities::addURLparameter($message->getDestination(), $params); }
/** * Log-in using Twitter platform * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $consumer = new sspmod_oauth_Consumer($this->key, $this->secret); // Get the request token $linkback = SimpleSAML_Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID)); $requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback)); SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]"); $state['authtwitter:authdata:requestToken'] = $requestToken; SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); // Authorize the request token $url = 'https://api.twitter.com/oauth/authenticate'; if ($this->force_login) { $url = SimpleSAML_Utilities::addURLparameter($url, array('force_login' => 'true')); } $consumer->getAuthorizeRequest($url, $requestToken); }
$links_welcome = array(); $links_config = array(); $links_auth = array(); $links_federation = array(); if ($config->getBoolean('idpdisco.enableremember', FALSE)) { $links_federation[] = array('href' => 'cleardiscochoices.php', 'text' => '{core:frontpage:link_cleardiscochoices}'); } $publishURL = $config->getString('metashare.publishurl', NULL); if ($publishURL !== NULL) { $metadataSources = array('saml20-idp' => 'saml2/idp/metadata.php', 'saml20-sp' => 'saml2/sp/metadata.php', 'shib13-idp' => 'shib13/idp/metadata.php', 'shib13-sp' => 'shib13/sp/metadata.php'); foreach ($metadataSources as $name => $url) { if (!$config->getBoolean('enable.' . $name, FALSE)) { continue; } $url = SimpleSAML_Utilities::getBaseURL() . $url; $linkTarget = SimpleSAML_Utilities::addURLparameter($publishURL, array('url' => $url)); $links_federation[] = array('href' => $linkTarget, 'text' => '{core:frontpage:link_publish_' . $name . '}'); } } $links_federation[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/metadata.php', 'text' => '{core:frontpage:link_meta_overview}'); $links_federation[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/metadata-converter.php', 'text' => '{core:frontpage:link_xmlconvert}'); $allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation); SimpleSAML_Module::callHooks('frontpage', $allLinks); $metadataHosted = array(); SimpleSAML_Module::callHooks('metadata_hosted', $metadataHosted); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $metaentries = array('hosted' => $metadataHosted, 'remote' => array()); if ($isadmin) { $metaentries['remote']['saml20-idp-remote'] = $metadata->getList('saml20-idp-remote'); $metaentries['remote']['shib13-idp-remote'] = $metadata->getList('shib13-idp-remote'); }
/** * Save the state, and return an URL that can contain a reference to the state. * * @param string $page The name of the page. * @param array $state The state array. * @return string An URL with the state ID as a parameter. */ private function getStateURL($page, array $state) { assert('is_string($page)'); $stateId = SimpleSAML_Auth_State::saveState($state, 'openidProvider:resumeState'); $stateURL = SimpleSAML_Module::getModuleURL('openidProvider/' . $page); $stateURL = SimpleSAML_Utilities::addURLparameter($stateURL, array('StateID' => $stateId)); return $stateURL; }
} if ($needAuth && !$isPassive) { SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Will go to authentication module ' . $idpmetadata['auth']); $authId = SimpleSAML_Utilities::generateID(); $session->setAuthnRequest('saml2', $authId, $requestcache); $redirectTo = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($authId); if ($authSource) { /* Authenticate with an AuthSource. */ /* The user will be redirected to this URL if the session is lost. This will cause an * unsoliced authentication response to be sent to the SP. */ $sessionLostParams = array('spentityid' => $requestcache['Issuer']); if (isset($requestcache['RelayState'])) { $sessionLostParams['RelayState'] = $requestcache['RelayState']; } $sessionLostURL = SimpleSAML_Utilities::addURLparameter($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'), $sessionLostParams); $hints = array('SPMetadata' => $metadata->getMetaData($requestcache['Issuer'], 'saml20-sp-remote'), 'IdPMetadata' => $idpmetadata, SimpleSAML_Auth_State::RESTART => $sessionLostURL); SimpleSAML_Auth_Default::initLogin($idpmetadata['auth'], $redirectTo, $redirectTo, $hints); } else { $authurl = '/' . $config->getBaseURL() . $idpmetadata['auth']; SimpleSAML_Utilities::redirect($authurl, array('RelayState' => $redirectTo, 'AuthId' => $authId, 'protocol' => 'saml2')); } } elseif ($needAuth) { /* We have a passive request, but need authentication. Send back a response indicating that * the user didn't have a valid session. */ handleError(new SimpleSAML_Error_NoPassive('Passive authentication requested, but no session available.')); /** * We got an request, and we have a valid session. Then we send an AuthnResponse back to the * service. */
$site = $op[1]; $site = pack("H*", $site); $server->removeTrustRoot($identity, $site); } } SimpleSAML_Utilities::redirect($identity); } if ($ownPage) { $trustedSites = $server->getTrustRoots($identity); } else { $trustedSites = array(); } $userBase = SimpleSAML_Module::getModuleURL('openidProvider/user.php'); $xrds = SimpleSAML_Module::getModuleURL('openidProvider/xrds.php'); if ($userId !== FALSE) { $xrds = SimpleSAML_Utilities::addURLparameter($xrds, array('user' => $userId)); } $as = $server->getAuthSource(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'openidProvider:user.tpl.php'); $t->data['identity'] = $identity; $t->data['loggedInAs'] = $server->getUserId(); $t->data['loginURL'] = $as->getLoginURL($userBase); $t->data['logoutURL'] = $as->getLogoutURL(); $t->data['ownPage'] = $ownPage; $t->data['serverURL'] = $server->getServerURL(); $t->data['trustedSites'] = $trustedSites; $t->data['userId'] = $userId; $t->data['userIdURL'] = $userBase . '/' . $userId; $t->data['xrdsURL'] = $xrds; $t->show(); exit(0);
throw new sspmod_selfregister_Error_UserException('void_value', 'mail', '', 'Validation of user input failed.' . ' Field:' . 'mail' . ' is empty'); } else { throw new sspmod_selfregister_Error_UserException('illegale_value', 'mail', $rawValue, 'Validation of user input failed.' . ' Field:' . 'mail' . ' Value:' . $rawValue); } } $store = sspmod_selfregister_Storage_UserCatalogue::instantiateStorage(); if ($store->isRegistered('mail', $email)) { $html = new SimpleSAML_XHTML_Template($config, 'selfregister:step5_mailUsed.tpl.php', 'selfregister:selfregister'); $html->data['systemName'] = $systemName; $html->show(); } else { $tg = new SimpleSAML_Auth_TimeLimitedToken($tokenLifetime); $tg->addVerificationData($email); $newToken = $tg->generate_token(); $url = SimpleSAML_Utilities::selfURL(); $registerurl = SimpleSAML_Utilities::addURLparameter($url, array('email' => $email, 'token' => $newToken)); $mailt = new SimpleSAML_XHTML_Template($config, 'selfregister:mail1_token.tpl.php', 'selfregister:selfregister'); $mailt->data['email'] = $email; $mailt->data['registerurl'] = $registerurl; $mailt->data['systemName'] = $systemName; $mailer = new sspmod_selfregister_XHTML_Mailer($email, $uregconf->getString('mail.subject'), $uregconf->getString('mail.from'), NULL, $uregconf->getString('mail.replyto')); $mailer->setTemplate($mailt); $mailer->send(); $html = new SimpleSAML_XHTML_Template($config, 'selfregister:step2_sent.tpl.php', 'selfregister:selfregister'); $html->data['systemName'] = $systemName; $html->show(); } } catch (sspmod_selfregister_Error_UserException $e) { $et = new SimpleSAML_XHTML_Template($config, 'selfregister:step1_email.tpl.php', 'selfregister:selfregister'); $et->data['email'] = $_POST['emailreg']; $et->data['systemName'] = $systemName;
/** * Receive an authentication request. * * @param SimpleSAML_IdP $idp The IdP we are receiving it for. */ public static function receiveAuthnRequest(SimpleSAML_IdP $idp) { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $supportedBindings = array(SAML2_Const::BINDING_HTTP_POST); if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) { $supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT; } if (isset($_REQUEST['spentityid'])) { /* IdP initiated authentication. */ if (isset($_REQUEST['cookieTime'])) { $cookieTime = (int) $_REQUEST['cookieTime']; if ($cookieTime + 5 > time()) { /* * Less than five seconds has passed since we were * here the last time. Cookies are probably disabled. */ SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL()); } } $spEntityId = (string) $_REQUEST['spentityid']; $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); if (isset($_REQUEST['RelayState'])) { $relayState = (string) $_REQUEST['RelayState']; } else { $relayState = NULL; } if (isset($_REQUEST['binding'])) { $protocolBinding = (string) $_REQUEST['binding']; } else { $protocolBinding = NULL; } if (isset($_REQUEST['NameIDFormat'])) { $nameIDFormat = (string) $_REQUEST['NameIDFormat']; } else { $nameIDFormat = NULL; } $requestId = NULL; $IDPList = array(); $ProxyCount = NULL; $RequesterID = NULL; $forceAuthn = FALSE; $isPassive = FALSE; $consumerURL = NULL; SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: ' . var_export($spEntityId, TRUE)); } else { $binding = SAML2_Binding::getCurrentBinding(); $request = $binding->receive(); if (!$request instanceof SAML2_AuthnRequest) { throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.'); } $spEntityId = $request->getIssuer(); if ($spEntityId === NULL) { throw new SimpleSAML_Error_BadRequest('Received message on authentication request endpoint without issuer.'); } $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $request); $relayState = $request->getRelayState(); $requestId = $request->getId(); $IDPList = $request->getIDPList(); $ProxyCount = $request->getProxyCount(); if ($ProxyCount !== null) { $ProxyCount--; } $RequesterID = $request->getRequesterID(); $forceAuthn = $request->getForceAuthn(); $isPassive = $request->getIsPassive(); $consumerURL = $request->getAssertionConsumerServiceURL(); $protocolBinding = $request->getProtocolBinding(); $nameIdPolicy = $request->getNameIdPolicy(); if (isset($nameIdPolicy['Format'])) { $nameIDFormat = $nameIdPolicy['Format']; } else { $nameIDFormat = NULL; } SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: ' . var_export($spEntityId, TRUE)); } if ($protocolBinding === NULL || !in_array($protocolBinding, $supportedBindings, TRUE)) { /* * No binding specified or unsupported binding requested - default to HTTP-POST. * TODO: Select any supported binding based on default endpoint? */ $protocolBinding = SAML2_Const::BINDING_HTTP_POST; } if ($consumerURL !== NULL) { $found = FALSE; foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) { if ($ep['Binding'] !== $protocolBinding) { continue; } if ($ep['Location'] !== $consumerURL) { continue; } $found = TRUE; break; } if (!$found) { SimpleSAML_Logger::warning('Authentication request from ' . var_export($spEntityId, TRUE) . ' contains invalid AssertionConsumerService URL. Was ' . var_export($consumerURL, TRUE) . '.'); $consumerURL = NULL; } } if ($consumerURL === NULL) { /* Not specified or invalid. Use default. */ $consumerURL = $spMetadata->getDefaultEndpoint('AssertionConsumerService', array($protocolBinding)); $consumerURL = $consumerURL['Location']; } $IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array()))); if ($ProxyCount == null) { $ProxyCount = $spMetadata->getInteger('ProxyCount', null); } if (!$forceAuthn) { $forceAuthn = $spMetadata->getBoolean('ForceAuthn', FALSE); } $sessionLostParams = array('spentityid' => $spEntityId, 'cookieTime' => time()); if ($relayState !== NULL) { $sessionLostParams['RelayState'] = $relayState; } $sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), $sessionLostParams); $state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendResponse'), SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC => array('sspmod_saml_IdP_SAML2', 'handleAuthError'), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'SPMetadata' => $spMetadata->toArray(), 'saml:RelayState' => $relayState, 'saml:RequestId' => $requestId, 'saml:IDPList' => $IDPList, 'saml:ProxyCount' => $ProxyCount, 'saml:RequesterID' => $RequesterID, 'ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'saml:ConsumerURL' => $consumerURL, 'saml:Binding' => $protocolBinding, 'saml:NameIDFormat' => $nameIDFormat); $idp->handleAuthenticationRequest($state); }
<?php if (empty($_REQUEST['entityID'])) { throw new Exception('Missing parameter [entityID]'); } if (empty($_REQUEST['return'])) { throw new Exception('Missing parameter [return]'); } $djconfig = SimpleSAML_Configuration::getOptionalConfig('discojuice.php'); $config = SimpleSAML_Configuration::getInstance(); // EntityID $entityid = $_REQUEST['entityID']; // Return to... $returnidparam = !empty($_REQUEST['returnIDParam']) ? $_REQUEST['returnIDParam'] : 'entityID'; $href = SimpleSAML_Utilities::addURLparameter($_REQUEST['return'], array($returnidparam => '')); $hostedConfig = array($djconfig->getString('name', 'Service'), $entityid, SimpleSAML_Module::getModuleURL('discojuice/response.html'), $djconfig->getArray('feeds', array('edugain')), $href); /* "a.signin", "Teest Demooo", "https://example.org/saml2/entityid", "' . SimpleSAML_Module::getModuleURL('discojuice/discojuice/discojuiceDiscoveryResponse.html') . '", ["kalmar"], "http://example.org/login?idp=" */ $t = new SimpleSAML_XHTML_Template($config, 'discojuice:central.tpl.php'); $t->data['hostedConfig'] = $hostedConfig; $t->data['enableCentralStorage'] = $djconfig->getBoolean('enableCentralStorage', true); $t->data['additionalFeeds'] = $djconfig->getArray('additionalFeeds', null); $t->show();
* renew * gateway * */ if (!array_key_exists('service', $_GET)) { throw new Exception('Required URL query parameter [service] not provided. (CAS Server)'); } $service = $_GET['service']; $forceAuthn = isset($_GET['renew']) && $_GET['renew']; $isPassive = isset($_GET['gateway']) && $_GET['gateway']; $config = SimpleSAML_Configuration::getInstance(); $casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php'); $legal_service_urls = $casconfig->getValue('legal_service_urls'); if (!checkServiceURL($service, $legal_service_urls)) { throw new Exception('Service parameter provided to CAS server is not listed as a legal service: [service] = ' . $service); } $auth = $casconfig->getValue('auth', 'saml2'); if (!in_array($auth, array('saml2', 'shib13'))) { throw new Exception('CAS Service configured to use [auth] = ' . $auth . ' only [saml2,shib13] is legal.'); } $as = new SimpleSAML_Auth_Simple($auth); if (!$as->isAuthenticated()) { $params = array('ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive); $as->login($params); } $attributes = $as->getAttributes(); $path = $casconfig->resolvePath($casconfig->getValue('ticketcache', '/tmp')); $ticket = str_replace('_', 'ST-', SimpleSAML_Utilities::generateID()); storeTicket($ticket, $path, array('service' => $service, 'forceAuthn' => $forceAuthn, 'attributes' => $attributes, 'proxies' => array(), 'validbefore' => time() + 5)); SimpleSAML_Utilities::redirectTrustedURL(SimpleSAML_Utilities::addURLparameter($service, array('ticket' => $ticket)));
/** * Receive an authentication request. * * @param SimpleSAML_IdP $idp The IdP we are receiving it for. */ public static function receiveAuthnRequest(SimpleSAML_IdP $idp) { if (isset($_REQUEST['cookieTime'])) { $cookieTime = (int) $_REQUEST['cookieTime']; if ($cookieTime + 5 > time()) { /* * Less than five seconds has passed since we were * here the last time. Cookies are probably disabled. */ SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL()); } } if (!isset($_REQUEST['providerId'])) { throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.'); } $spEntityId = (string) $_REQUEST['providerId']; if (!isset($_REQUEST['shire'])) { throw new SimpleSAML_Error_BadRequest('Missing shire parameter.'); } $shire = (string) $_REQUEST['shire']; if (isset($_REQUEST['target'])) { $target = $_REQUEST['target']; } else { $target = NULL; } SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.'); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote'); $found = FALSE; foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) { if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') { continue; } if ($ep['Location'] !== $shire) { continue; } $found = TRUE; break; } if (!$found) { throw new Exception('Invalid AssertionConsumerService for SP ' . var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE)); } SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'protocol' => 'saml1')); $sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('cookieTime' => time())); $state = array('Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'), 'SPMetadata' => $spMetadata->toArray(), 'saml:shire' => $shire, 'saml:target' => $target, 'saml:AuthnRequestReceivedAt' => microtime(TRUE)); $idp->handleAuthenticationRequest($state); }
/** * Start an IdP discovery service operation. * * @param array $state The state array. */ private function startDisco(array $state) { $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso'); $config = SimpleSAML_Configuration::getInstance(); $discoURL = $this->discoURL; if ($discoURL === NULL) { /* Fallback to internal discovery service. */ $discoURL = SimpleSAML_Module::getModuleURL('saml/disco.php'); } $returnTo = SimpleSAML_Module::getModuleURL('saml/sp/discoresp.php'); $returnTo = SimpleSAML_Utilities::addURLparameter($returnTo, array('AuthID' => $id)); SimpleSAML_Utilities::redirect($discoURL, array('entityID' => $this->entityId, 'return' => $returnTo, 'returnIDParam' => 'idpentityid')); }
$server->add_signature_method($hmac_method); $server->add_signature_method($plaintext_method); $server->add_signature_method($rsa_method); $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getSessionFromRequest(); $as = $oauthconfig->getString('auth'); if (!$session->isValid($as)) { SimpleSAML_Auth_Default::initLogin($as, SimpleSAML_Utilities::selfURL()); } if (!empty($_REQUEST['consent'])) { $consumer = $store->lookup_consumer_by_requestToken($requestToken); $t = new SimpleSAML_XHTML_Template($config, 'oauth:consent.php'); $t->data['header'] = '{status:header_saml20_sp}'; $t->data['consumer'] = $consumer; // array containint {name, description, key, secret, owner} keys $t->data['urlAgree'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array("consent" => "yes")); $t->data['logouturl'] = SimpleSAML_Utilities::selfURLNoQuery() . '?logout'; $t->show(); exit; // and be done. } $attributes = $session->getAttributes(); // Assume user consent at this point and proceed with authorizing the token list($url, $verifier) = $store->authorize($requestToken, $attributes); if ($url) { // If authorize() returns a URL, take user there (oauth1.0a) SimpleSAML_Utilities::redirectTrustedURL($url); } else { if (isset($_REQUEST['oauth_callback'])) { // If callback was provided in the request (oauth1.0) SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['oauth_callback']);
'hu' => 'Magyar', // Hungarian 'pl' => 'Język polski', // Polish 'pt' => 'Português', // Portuguese 'pt-BR' => 'Português brasileiro', // Portuguese 'tr' => 'Türkçe', 'el' => 'ελληνικά', 'ja' => '日本語', 'zh-tw' => '中文', ); $textarray = array(); foreach ($languages AS $lang => $current) { if ($current) { $textarray[] = $langnames[$lang]; } else { $textarray[] = '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('language' => $lang))) . '">' . $langnames[$lang] . '</a>'; } } echo join(' | ', $textarray); echo '</div>'; } ?> <div id="content">
public function getAuthorizeRequest($url, $requestToken, $redirect = TRUE, $callback = NULL) { $params = array('oauth_token' => $requestToken->key); if ($callback) { $params['oauth_callback'] = $callback; } $authorizeURL = SimpleSAML_Utilities::addURLparameter($url, $params); if ($redirect) { SimpleSAML_Utilities::redirectTrustedURL($authorizeURL); exit; } return $authorizeURL; }
/** * Initiate authentication. Returns a URL to redirect the user to. * * @param string $app_url The SSP URL to return to after authenticating (similar to an ACS). */ public function request_authentication($app_url) { $res = $this->call_aselect('authenticate', array('app_id' => $this->app_id, 'app_url' => $app_url)); $as_url = $res['as_url']; unset($res['as_url']); return SimpleSAML_Utilities::addURLparameter($as_url, $res); }
SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL()); } } # module.php/virtualorg/data_oauth_json.php $baseurl = 'http://vo.rnd.feide.no/simplesaml/'; $key = 'key'; $secret = 'secret'; $consumer = new sspmod_oauth_Consumer($key, $secret); if (isset($_REQUEST['step']) && $_REQUEST['step'] == '1') { $oauthsess = SimpleSAML_Utilities::generateID(); // Get the request token $requestToken = $consumer->getRequestToken($baseurl . '/module.php/oauth/requestToken.php'); #print_r($requestToken); exit; $session->setData('oauthSess', $oauthsess, serialize($requestToken)); # echo "Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]\n"; $callback = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('step' => '2', 'oauthsess' => $oauthsess)); // Authorize the request token $url = $consumer->getAuthorizeRequest($baseurl . '/module.php/oauth/authorize.php', $requestToken, TRUE, $callback); # echo('Go to this URL to authenticate/authorize the request: ' . $url . "\n"); } elseif (isset($_REQUEST['step']) && $_REQUEST['step'] == '2') { $requestToken = unserialize($session->getData('oauthSess', $_REQUEST['oauthsess'])); # print_r($requestToken); exit; // Replace the request token with an access token $accessToken = $consumer->getAccessToken($baseurl . '/module.php/oauth/accessToken.php', $requestToken); $session->setData('accessToken', 'accesstoken', serialize($accessToken)); SimpleSAML_Utilities::redirect('index.php?step=3'); exit; } if ($adata = $session->getData('accessToken', 'accesstoken')) { $accessToken = unserialize($adata); $vomemberships = $consumer->getUserInfo($baseurl . '/module.php/virtualorg/data_oauth_json.php?method=memberOf', $accessToken);
/** * Uses the cas service validate, this provides additional attributes * * @param string $ticket * @param string $service * @return list username and attributes */ private function casServiceValidate($ticket, $service) { $url = SimpleSAML_Utilities::addURLparameter($this->_casConfig['serviceValidate'], array('ticket' => $ticket, 'service' => $service)); $result = SimpleSAML_Utilities::fetch($url); $dom = DOMDocument::loadXML($result); $xPath = new DOMXpath($dom); $xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas'); $success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user"); if ($success->length == 0) { $failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure"); throw new Exception("Error when validating CAS service ticket: " . $failure->item(0)->textContent); } else { $attributes = array(); if ($casattributes = $this->_casConfig['attributes']) { # some has attributes in the xml - attributes is a list of XPath expressions to get them foreach ($casattributes as $name => $query) { $attrs = $xPath->query($query); foreach ($attrs as $attrvalue) { $attributes[$name][] = $attrvalue->textContent; } } } $casusername = $success->item(0)->textContent; return array($casusername, $attributes); } }
} if (!array_key_exists('token', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing authToken.'); } $token = $_REQUEST['token']; if ($token !== $authTokenContactsSP) { throw new SimpleSAML_Error_Exception('Invalid AuthToken'); } $ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php'); $ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php'); $debug = $ldapconfig->getValue('ldapDebug', FALSE); $orgs = $ldapconfig->getValue('organizations'); $locationTemplate = $ldapconfig->getValue('locationTemplate'); $isAdmin = FALSE; $secretURL = NULL; $ignore = ''; if (array_key_exists('ignore', $_REQUEST)) { $ignore = '&ignore=' . $_REQUEST['ignore']; } $secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|hobbit'); $secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('key' => $secretKey)); function generateSecret($salt, $orgtest) { $secretKey = sha1('ldapstatus|' . $salt . '|' . $orgtest); return $secretKey; } header('Content-Type: text/plain'); foreach ($orgs as $orgkey => $org) { $url = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLhost() . SimpleSAML_Utilities::getFirstPathElement() . '/module.php/ldapstatus/', array('orgtest' => $orgkey, 'output' => 'text', 'key' => generateSecret(SimpleSAML_Utilities::getSecretSalt(), $orgkey))); echo "0.0.0.0 " . $orgkey . " # noconn feidesjekk:" . $url . $ignore . ";OOOKKK\n"; }
*/ if ($idpentityid === NULL) { SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco'); /* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration. * Falling back to builtin discovery service. */ if (array_key_exists('idpdisco.url', $spmetadata)) { $discourl = $spmetadata['idpdisco.url']; } elseif ($config->getString('idpdisco.url.saml20', NULL) !== NULL) { $discourl = $config->getString('idpdisco.url.saml20'); } else { $discourl = SimpleSAML_Utilities::getBaseURL() . 'saml2/sp/idpdisco.php'; } $extDiscoveryStorage = $config->getString('idpdisco.extDiscoveryStorage', NULL); if ($extDiscoveryStorage !== NULL) { SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true')); } $discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'); $discoparameters['isPassive'] = $isPassive; if (sizeof($reachableIDPs) > 0) { $discoparameters['IDPList'] = $reachableIDPs; } SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters); } /* * Create and send authentication request to the IdP. */ try { $spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-hosted'); $idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-remote'); $ar = sspmod_saml_Message::buildAuthnRequest($spMetadata, $idpMetadata);
$metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']); if (!$idpmeta->hasValue('OrganizationURL')) { throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.'); } $metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL'); } $metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';'; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addMetadataIdP11($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $metaBuilder->addContact('technical', array('emailAddress' => $config->getString('technicalcontact_email', NULL), 'name' => $config->getString('technicalcontact_name', NULL))); $metaxml = $metaBuilder->getEntityDescriptorText(); /* Sign the metadata if enabled. */ $metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'Shib 1.3 IdP'); if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') { $defaultidp = $config->getString('default-shib13-idp', NULL); $t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin'); $t->data['header'] = 'shib13-idp'; $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('output' => 'xml')); $t->data['metadata'] = htmlspecialchars($metaxml); $t->data['metadataflat'] = htmlspecialchars($metaflat); $t->data['defaultidp'] = $defaultidp; $t->show(); } else { header('Content-Type: application/xml'); echo $metaxml; exit(0); } } catch (Exception $exception) { throw new SimpleSAML_Error_Error('METADATA', $exception); }
/** * Get absolute URL to a specified module resource. * * This function creates an absolute URL to a resource stored under ".../modules/<module>/www/". * * @param string $resource Resource path, on the form "<module name>/<resource>" * @param array $parameters Extra parameters which should be added to the URL. Optional. * @return string The absolute URL to the given resource. */ public static function getModuleURL($resource, array $parameters = array()) { assert('is_string($resource)'); assert('$resource[0] !== "/"'); $url = SimpleSAML_Utilities::getBaseURL() . 'module.php/' . $resource; if (!empty($parameters)) { $url = SimpleSAML_Utilities::addURLparameter($url, $parameters); } return $url; }
$config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); $ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php'); $ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php'); $debug = $ldapconfig->getValue('ldapDebug', FALSE); $orgs = $ldapconfig->getValue('organizations'); $locationTemplate = $ldapconfig->getValue('locationTemplate'); if (array_key_exists('orgtest', $_REQUEST)) { $orgtest = $_REQUEST['orgtest']; if (!array_key_exists($orgtest, $orgs)) { throw new SimpleSAML_Error_NotFound('The organization ' . var_export($orgtest, TRUE) . ' could not be found.'); } $orgConfig = SimpleSAML_Configuration::loadFromArray($orgs[$orgtest], 'org:[' . $orgtest . ']'); $secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $_REQUEST['orgtest']); $secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('orgtest' => $_REQUEST['orgtest'], 'key' => $secretKey)); } else { $orgtest = NULL; $orgConfig = NULL; $secretKey = NULL; $secretURL = NULL; } $authsource = $ldapconfig->getString('ldapstatusAuth', NULL); if ($session->isValid($authsource)) { $attributes = $session->getAttributes(); } else { $attributes = array(); } $useridattr = $ldapconfig->getString('useridattr', 'eduPersonPrincipalName'); if (isset($attributes[$useridattr][0])) { $userId = $attributes[$useridattr][0];
/** * Retrieve an URL that can be used to log the user out. * * @param string|NULL $returnTo * The page the user should be returned to afterwards. If this parameter * is NULL, the user will be returned to the current page. * @return string * An URL which is suitable for use in link-elements. */ public function getLogoutURL($returnTo = NULL) { assert('is_null($returnTo) || is_string($returnTo)'); if ($returnTo === NULL) { $returnTo = SimpleSAML_Utilities::selfURL(); } $logout = SimpleSAML_Module::getModuleURL('core/as_logout.php'); $logout = SimpleSAML_Utilities::addURLparameter($logout, array('AuthId' => $this->authSource, 'ReturnTo' => $returnTo)); return $logout; }
/** * Helper function for sending CDC messages. * * @param string $to The URL the message should be delivered to. * @param string $parameter The query parameter the message should be sent in. * @param array $message The CDC message. */ private function send($to, $parameter, array $message) { assert('is_string($to)'); assert('is_string($parameter)'); $message['timestamp'] = time(); $message = json_encode($message); $message = base64_encode($message); $signature = $this->calcSignature($message); $params = array($parameter => $message, 'Signature' => $signature); $url = SimpleSAML_Utilities::addURLparameter($to, $params); if (strlen($url) < 2048) { SimpleSAML_Utilities::redirectTrustedURL($url); } else { SimpleSAML_Utilities::postRedirect($to, $params); } }
/** * Receive an authentication request. * * @param SimpleSAML_IdP $idp The IdP we are receiving it for. */ public static function receiveAuthnRequest(SimpleSAML_IdP $idp) { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $supportedBindings = array(SAML2_Const::BINDING_HTTP_POST); if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) { $supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT; } if ($idpMetadata->getBoolean('saml20.hok.assertion', FALSE)) { $supportedBindings[] = SAML2_Const::BINDING_HOK_SSO; } if (isset($_REQUEST['spentityid'])) { /* IdP initiated authentication. */ if (isset($_REQUEST['cookieTime'])) { $cookieTime = (int) $_REQUEST['cookieTime']; if ($cookieTime + 5 > time()) { /* * Less than five seconds has passed since we were * here the last time. Cookies are probably disabled. */ SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL()); } } $spEntityId = (string) $_REQUEST['spentityid']; $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); if (isset($_REQUEST['RelayState'])) { $relayState = (string) $_REQUEST['RelayState']; } else { $relayState = NULL; } if (isset($_REQUEST['binding'])) { $protocolBinding = (string) $_REQUEST['binding']; } else { $protocolBinding = NULL; } if (isset($_REQUEST['NameIDFormat'])) { $nameIDFormat = (string) $_REQUEST['NameIDFormat']; } else { $nameIDFormat = NULL; } $requestId = NULL; $IDPList = array(); $ProxyCount = NULL; $RequesterID = NULL; $forceAuthn = FALSE; $isPassive = FALSE; $consumerURL = NULL; $consumerIndex = NULL; $extensions = NULL; $allowCreate = TRUE; $idpInit = TRUE; SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: ' . var_export($spEntityId, TRUE)); } else { $binding = SAML2_Binding::getCurrentBinding(); $request = $binding->receive(); if (!$request instanceof SAML2_AuthnRequest) { throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.'); } $spEntityId = $request->getIssuer(); if ($spEntityId === NULL) { throw new SimpleSAML_Error_BadRequest('Received message on authentication request endpoint without issuer.'); } $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $request); $relayState = $request->getRelayState(); $requestId = $request->getId(); $IDPList = $request->getIDPList(); $ProxyCount = $request->getProxyCount(); if ($ProxyCount !== null) { $ProxyCount--; } $RequesterID = $request->getRequesterID(); $forceAuthn = $request->getForceAuthn(); $isPassive = $request->getIsPassive(); $consumerURL = $request->getAssertionConsumerServiceURL(); $protocolBinding = $request->getProtocolBinding(); $consumerIndex = $request->getAssertionConsumerServiceIndex(); $extensions = $request->getExtensions(); $nameIdPolicy = $request->getNameIdPolicy(); if (isset($nameIdPolicy['Format'])) { $nameIDFormat = $nameIdPolicy['Format']; } else { $nameIDFormat = NULL; } if (isset($nameIdPolicy['AllowCreate'])) { $allowCreate = $nameIdPolicy['AllowCreate']; } else { $allowCreate = FALSE; } $idpInit = FALSE; SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: ' . var_export($spEntityId, TRUE)); } SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'forceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'protocol' => 'saml2', 'idpInit' => $idpInit)); $acsEndpoint = self::getAssertionConsumerService($supportedBindings, $spMetadata, $consumerURL, $protocolBinding, $consumerIndex); $IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array()))); if ($ProxyCount == null) { $ProxyCount = $spMetadata->getInteger('ProxyCount', null); } if (!$forceAuthn) { $forceAuthn = $spMetadata->getBoolean('ForceAuthn', FALSE); } $sessionLostParams = array('spentityid' => $spEntityId, 'cookieTime' => time()); if ($relayState !== NULL) { $sessionLostParams['RelayState'] = $relayState; } $sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), $sessionLostParams); $state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendResponse'), SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC => array('sspmod_saml_IdP_SAML2', 'handleAuthError'), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'SPMetadata' => $spMetadata->toArray(), 'saml:RelayState' => $relayState, 'saml:RequestId' => $requestId, 'saml:IDPList' => $IDPList, 'saml:ProxyCount' => $ProxyCount, 'saml:RequesterID' => $RequesterID, 'ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'saml:ConsumerURL' => $acsEndpoint['Location'], 'saml:Binding' => $acsEndpoint['Binding'], 'saml:NameIDFormat' => $nameIDFormat, 'saml:AllowCreate' => $allowCreate, 'saml:Extensions' => $extensions); $idp->handleAuthenticationRequest($state); }
<?php $languages = $this->getLanguageList(); $langnames = array('no' => 'Bokmål', 'nn' => 'Nynorsk', 'se' => 'Sámegiella', 'sam' => 'Åarjelh-saemien giele', 'da' => 'Dansk', 'en' => 'English', 'de' => 'Deutsch', 'sv' => 'Svenska', 'fi' => 'Suomeksi', 'es' => 'Español', 'fr' => 'Français', 'it' => 'Italiano', 'nl' => 'Nederlands', 'lb' => 'Luxembourgish', 'cs' => 'Czech', 'sl' => 'Slovenščina', 'lt' => 'Lietuvių kalba', 'hr' => 'Hrvatski', 'hu' => 'Magyar', 'pl' => 'Polski', 'pt' => 'Português', 'pt-BR' => 'Português brasileiro', 'ru' => 'русский язык', 'et' => 'Eesti keel', 'tr' => 'Türkçe', 'el' => 'ελληνικά', 'ja' => '日本語', 'zh-tw' => '中文', 'ar' => 'العربية', 'fa' => 'پارسی', 'ur' => 'اردو', 'he' => 'עִבְרִית'); if (empty($_POST)) { foreach ($languages as $lang => $current) { if ($current) { echo '<li class="pull-right dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown">' . '<span class="glyphicon glyphicon-flag"></span> ' . $langnames[$lang] . ' <b class="caret"></b></a>'; } } echo '<ul class="dropdown-menu">'; $textarray = array(); foreach ($languages as $lang => $current) { if (!$current) { $url = htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('language' => $lang))); $title = $langnames[$lang]; echo '<li><a href="' . $url . '">' . $title . '</a></li>'; } } echo '</ul>'; }
} if (isset($this->data['hideLanguageBar']) && $this->data['hideLanguageBar'] === TRUE) { $includeLanguageBar = FALSE; } if ($includeLanguageBar) { $languages = $this->getLanguageList(); if (count($languages) > 1) { echo '<div id="languagebar">'; $langnames = array('no' => 'Bokmål', 'nn' => 'Nynorsk', 'se' => 'Sámegiella', 'sam' => 'Åarjelh-saemien giele', 'da' => 'Dansk', 'en' => 'English', 'de' => 'Deutsch', 'sv' => 'Svenska', 'fi' => 'Suomeksi', 'es' => 'Español', 'fr' => 'Français', 'it' => 'Italiano', 'nl' => 'Nederlands', 'lb' => 'Lëtzebuergesch', 'cs' => 'Čeština', 'sl' => 'Slovenščina', 'lt' => 'Lietuvių kalba', 'hr' => 'Hrvatski', 'hu' => 'Magyar', 'pl' => 'Język polski', 'pt' => 'Português', 'pt-br' => 'Português brasileiro', 'ru' => 'русский язык', 'et' => 'eesti keel', 'tr' => 'Türkçe', 'el' => 'ελληνικά', 'ja' => '日本語', 'zh' => '简体中文', 'zh-tw' => '繁體中文', 'ar' => 'العربية', 'fa' => 'پارسی', 'ur' => 'اردو', 'he' => 'עִבְרִית', 'id' => 'Bahasa Indonesia', 'sr' => 'Srpski', 'lv' => 'Latviešu', 'ro' => 'Românește', 'eu' => 'Euskara'); $textarray = array(); foreach ($languages as $lang => $current) { $lang = strtolower($lang); if ($current) { $textarray[] = $langnames[$lang]; } else { $textarray[] = '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array($this->languageParameterName => $lang))) . '">' . $langnames[$lang] . '</a>'; } } echo join(' | ', $textarray); echo '</div>'; } } ?> <br> <h6 class="muted text-center">This template is proportioned by Raptor</h6> <h6 class="muted text-center">Please edit this template in: web/SSO/simplesamlphp/modules/core/template/raptorloginuserpass.php</h6><br> </div> <!-- // main-content --> </div>
$emailadr = $idpsend[$_POST['sendtoidp']]['send_metadata_email']; $from = $_POST['email']; $message = '<h1>simpleSAMLphp SAML 2.0 Service Provider Metadata</h1> <p>Metadata was sent to you from a simpleSAMLphp SAML 2.0 Service Provider. The service provider requests to connect to the following Identity Provider: <ul> <li><tt>' . htmlentities($_POST['sendtoidp']) . '</tt></li> </ul> </p> <p>SAML 2.0 Service Provider EntityID :</p> <pre>' . htmlentities($spentityid) . '</pre> <p>Links to metadata at service provider <ul> <li><a href="' . htmlentities(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('output' => 'xhtml'))) . '">SimpleSAMLphp Metadata page</a></li> <li><a href="' . htmlentities(SimpleSAML_Utilities::selfURLNoQuery()) . '">SimpleSAMLphp Metadata (XML only)</a></li> </ul> </p> <p>SAML 2.0 XML Metadata :</p> <pre>' . htmlentities($metaxml) . '</pre> <p>Metadata in SimpleSAMLphp format :</p> <pre>' . htmlentities($metaflat) . '</pre> <p>SimpleSAMLphp version: ' . $config->getVersion() . '</p> '; $email = new SimpleSAML_XHTML_EMail($emailadr, 'simpleSAMLphp SAML 2.0 Service Provider Metadata', $from); $email->setBody($message);