Loads a configuration from the given array.
| public static loadFromArray ( array $config, string $location = '[ARRAY]', string | null $instance = null ) : SimpleSAML_Configuration | ||
| $config | array | The configuration array. |
| $location | string | The location which will be given when an error occurs. Optional. |
| $instance | string | null | The name of this instance. If specified, the configuration will be loaded and an instance with that name will be kept for it to be retrieved later with getInstance($instance). If null, the configuration will not be kept for later use. Defaults to null. |
| return | SimpleSAML_Configuration | The configuration object. |
/**
* Handle authentication error.
*
* SimpleSAML_Error_Exception $exception The exception.
* @param array $state The error state.
*/
public static function handleAuthError(SimpleSAML_Error_Exception $exception, array $state)
{
assert('isset($state["SPMetadata"])');
assert('isset($state["saml:ConsumerURL"])');
assert('array_key_exists("saml:RequestId", $state)');
// Can be NULL.
assert('array_key_exists("saml:RelayState", $state)');
// Can be NULL.
$spMetadata = $state["SPMetadata"];
$spEntityId = $spMetadata['entityid'];
$spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']');
$requestId = $state['saml:RequestId'];
$relayState = $state['saml:RelayState'];
$consumerURL = $state['saml:ConsumerURL'];
$protocolBinding = $state['saml:Binding'];
$idp = SimpleSAML_IdP::getByState($state);
$idpMetadata = $idp->getConfig();
$error = sspmod_saml_Error::fromException($exception);
SimpleSAML_Logger::warning('Returning error to sp: ' . var_export($spEntityId, TRUE));
$error->logWarning();
$ar = self::buildResponse($idpMetadata, $spMetadata, $consumerURL);
$ar->setInResponseTo($requestId);
$ar->setRelayState($relayState);
$ar->setStatus(array('Code' => $error->getStatus(), 'SubCode' => $error->getSubStatus(), 'Message' => $error->getStatusMessage()));
$binding = SAML2_Binding::getBinding($protocolBinding);
$binding->send($ar);
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
// Call the parent constructor first, as required by the interface
parent::__construct($info, $config);
$cfgHelper = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE));
$this->orgs = array();
$this->ldapOrgs = array();
foreach ($config as $name => $value) {
if ($name === 'username_organization_method') {
$usernameOrgMethod = $cfgHelper->getValueValidate('username_organization_method', array('none', 'allow', 'force'));
$this->setUsernameOrgMethod($usernameOrgMethod);
continue;
}
if ($name === 'include_organization_in_username') {
$this->includeOrgInUsername = $cfgHelper->getBoolean('include_organization_in_username', FALSE);
continue;
}
$orgCfg = $cfgHelper->getArray($name);
$orgId = $name;
if (array_key_exists('description', $orgCfg)) {
$this->orgs[$orgId] = $orgCfg['description'];
} else {
$this->orgs[$orgId] = $orgId;
}
$orgCfg = new sspmod_ldap_ConfigHelper($orgCfg, 'Authentication source ' . var_export($this->authId, TRUE) . ', organization ' . var_export($orgId, TRUE));
$this->ldapOrgs[$orgId] = $orgCfg;
}
}
/**
* Test the SimpleSAML\Utils\Time::initTimezone() method.
*
* @covers SimpleSAML\Utils\Time::initTimezone
*/
public function testInitTimezone()
{
$tz = 'UTC';
$os = @date_default_timezone_get();
if ($os === 'UTC') {
// avoid collisions
$tz = 'Europe/Oslo';
}
// test guessing timezone from the OS
\SimpleSAML_Configuration::loadFromArray(array('timezone' => null), '[ARRAY]', 'simplesaml');
@Time::initTimezone();
$this->assertEquals($os, @date_default_timezone_get());
// clear initialization
$c = new \ReflectionProperty('\\SimpleSAML\\Utils\\Time', 'tz_initialized');
$c->setAccessible(true);
$c->setValue(false);
// test unknown timezone
\SimpleSAML_Configuration::loadFromArray(array('timezone' => 'INVALID'), '[ARRAY]', 'simplesaml');
try {
@Time::initTimezone();
$this->fail('Failed to recognize an invalid timezone.');
} catch (\SimpleSAML_Error_Exception $e) {
$this->assertEquals('Invalid timezone set in the "timezone" option in config.php.', $e->getMessage());
}
// test a valid timezone
\SimpleSAML_Configuration::loadFromArray(array('timezone' => $tz), '[ARRAY]', 'simplesaml');
@Time::initTimezone();
$this->assertEquals($tz, @date_default_timezone_get());
// make sure initialization happens only once
\SimpleSAML_Configuration::loadFromArray(array('timezone' => 'Europe/Madrid'), '[ARRAY]', 'simplesaml');
@Time::initTimezone();
$this->assertEquals($tz, @date_default_timezone_get());
}
/**
* Construct
*
* @param array $authSourceconfig Configuration array for the selected authsource
* @param array $writeConfig Configuration array for the selected catalogue backend
* @param array $attributes The user attributes to be saved
*/
public function __construct($authSourceConfig, $writeConfig, $attributes, $hashAlgo)
{
$asc = SimpleSAML_Configuration::loadFromArray($authSourceConfig);
try {
$this->dbh = new PDO($asc->getString('dsn'), $asc->getString('username'), $asc->getString('password'));
} catch (PDOException $e) {
throw new Exception($e->getMessage());
}
$driver = explode(':', $asc->getString('dsn'), 2);
$driver = strtolower($driver[0]);
/* Driver specific initialization. */
switch ($driver) {
case 'mysql':
/* Use UTF-8. */
$this->dbh->exec("SET NAMES utf8");
$this->dbh->exec("SET CHARACTER SET utf8;");
break;
case 'pgsql':
/* Use UTF-8. */
$this->dbh->exec("SET NAMES 'UTF8'");
break;
}
$this->dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$this->attributes = $attributes;
$this->hashAlgo = $hashAlgo;
$this->salt = bin2hex(SimpleSAML_Utilities::generateRandomBytes(64, FALSE));
$wc = SimpleSAML_Configuration::loadFromArray($writeConfig);
$this->userIdAttr = $wc->getString('user.id.param');
}
/**
* Send a response to the SP.
*
* @param array $state The authentication state.
*/
public static function sendResponse(array $state)
{
assert('isset($state["Attributes"])');
assert('isset($state["SPMetadata"])');
assert('isset($state["saml:shire"])');
assert('array_key_exists("saml:target", $state)');
// Can be NULL
$spMetadata = $state["SPMetadata"];
$spEntityId = $spMetadata['entityid'];
$spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']');
SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE));
$attributes = $state['Attributes'];
$shire = $state['saml:shire'];
$target = $state['saml:target'];
$idp = SimpleSAML_IdP::getByState($state);
$idpMetadata = $idp->getConfig();
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'protocol' => 'saml1');
if (isset($state['saml:AuthnRequestReceivedAt'])) {
$statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt'];
}
SimpleSAML_Stats::log('saml:idp:Response', $statsData);
// Generate and send response.
$ar = new SimpleSAML_XML_Shib13_AuthnResponse();
$authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);
$httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
$httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire);
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
// Call the parent constructor first, as required by the interface
parent::__construct($info, $config);
// Parse configuration.
$config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, true));
$this->servers = $config->getArray('servers', array());
/* For backwards compatibility. */
if (empty($this->servers)) {
$this->hostname = $config->getString('hostname');
$this->port = $config->getIntegerRange('port', 1, 65535, 1812);
$this->secret = $config->getString('secret');
$this->servers[] = array('hostname' => $this->hostname, 'port' => $this->port, 'secret' => $this->secret);
}
$this->timeout = $config->getInteger('timeout', 5);
$this->retries = $config->getInteger('retries', 3);
$this->realm = $config->getString('realm', null);
$this->usernameAttribute = $config->getString('username_attribute', null);
$this->nasIdentifier = $config->getString('nas_identifier', \SimpleSAML\Utils\HTTP::getSelfHost());
$this->vendor = $config->getInteger('attribute_vendor', null);
if ($this->vendor !== null) {
$this->vendorType = $config->getInteger('attribute_vendor_type');
}
}
protected function createLogoutResponse($testrun, $logoutRequest, $logoutRelayState)
{
$this->log($testrun, 'Creating response with relaystate [' . $logoutRelayState . ']');
$idpMetadata = SimpleSAML_Configuration::loadFromArray($this->idpmetadata);
$spMetadata = SimpleSAML_Configuration::loadFromArray($this->metadata);
// Get SingleLogoutService URL
$consumerURLf = $spMetadata->getDefaultEndpoint('SingleLogoutService', array('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'));
$consumerURL = $consumerURLf['Location'];
/* Create an send response. */
$response = sspmod_saml2_Message::buildLogoutResponse($idpMetadata, $spMetadata);
$response->setRelayState($logoutRequest->getRelayState());
$response->setInResponseTo($logoutRequest->getId());
$keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE);
$certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE);
$privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$privateKey->loadKey($keyArray['PEM'], FALSE);
$response->setSignatureKey($privateKey);
if ($certArray === NULL) {
throw new Exception('No certificates found. [1]');
}
if (!array_key_exists('PEM', $certArray)) {
throw new Exception('No certificates found. [2]');
}
$response->setCertificates(array($certArray['PEM']));
#$this->tweakResponse($testrun, $response);
$msgStr = $response->toUnsignedXML();
#$this->tweakResponseDOM($testrun, $msgStr);
$msgStr = $msgStr->ownerDocument->saveXML($msgStr);
# echo '<pre>'; echo(htmlspecialchars($msgStr)); exit;
# $msgStr = base64_encode($msgStr);
# $msgStr = htmlspecialchars($msgStr);
return array('url' => $consumerURL, 'Response' => $msgStr, 'ResponseObj' => $response, 'RelayState' => $logoutRelayState);
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
/* Parse configuration. */
$config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE));
$this->servers = $config->getArray('servers', array());
/* For backwards compatibility. */
if (empty($this->servers)) {
$this->hostname = $config->getString('hostname');
$this->port = $config->getIntegerRange('port', 1, 65535, 1812);
$this->secret = $config->getString('secret');
$this->servers[] = array('hostname' => $this->hostname, 'port' => $this->port, 'secret' => $this->secret);
}
$this->timeout = $config->getInteger('timeout', 5);
$this->retries = $config->getInteger('retries', 3);
$this->usernameAttribute = $config->getString('username_attribute', NULL);
$this->nasIdentifier = $config->getString('nas_identifier', isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost');
$this->vendor = $config->getInteger('attribute_vendor', NULL);
if ($this->vendor !== NULL) {
$this->vendorType = $config->getInteger('attribute_vendor_type');
}
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config The configuration of the module
*
* @throws Exception If the KRB5 extension is not installed or active.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
if (!extension_loaded('krb5')) {
throw new Exception('KRB5 Extension not installed');
}
// call the parent constructor first, as required by the interface
parent::__construct($info, $config);
$config = SimpleSAML_Configuration::loadFromArray($config);
$this->backend = $config->getString('fallback');
$this->hostname = $config->getString('hostname');
$this->port = $config->getInteger('port', 389);
$this->referrals = $config->getBoolean('referrals', true);
$this->enableTLS = $config->getBoolean('enable_tls', false);
$this->debugLDAP = $config->getBoolean('debugLDAP', false);
$this->timeout = $config->getInteger('timeout', 30);
$this->keytab = $config->getString('keytab');
$this->base = $config->getArrayizeString('base');
$this->attr = $config->getString('attr', 'uid');
$this->subnet = $config->getArray('subnet', null);
$this->admin_user = $config->getString('adminUser', null);
$this->admin_pw = $config->getString('adminPassword', null);
$this->attributes = $config->getArray('attributes', null);
}
/**
* Initialize this filter, parse configuration
*
* @param array $config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
public function __construct($config, $reserved)
{
parent::__construct($config, $reserved);
assert('is_array($config)');
$config = SimpleSAML_Configuration::loadFromArray($config, 'ScopeFromAttribute');
$this->targetAttribute = $config->getString('targetAttribute');
$this->sourceAttribute = $config->getString('sourceAttribute');
}
/**
* CriticalConfigurationError constructor.
*
* @param string|null $reason The reason for this critical error.
* @param string|null $file The configuration file that originated this error.
* @param array|null The configuration array that led to this problem.
*/
public function __construct($reason = null, $file = null, $config = null)
{
if ($config === null) {
$config = self::$minimum_config;
$config['baseurlpath'] = \SimpleSAML\Utils\HTTP::guessBasePath();
}
\SimpleSAML_Configuration::loadFromArray($config, '', 'simplesaml');
parent::__construct($reason, $file);
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
$cfgParse = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']');
$this->api_key = $cfgParse->getString('api_key');
$this->secret = $cfgParse->getString('secret');
$this->req_perms = $cfgParse->getString('req_perms', NULL);
}
/**
* Constructor for this metadata handler.
*
* Parses configuration.
*
* @param array $config The configuration for this metadata handler.
*/
public function __construct($config)
{
assert('is_array($config)');
$globalConfig = SimpleSAML_Configuration::getInstance();
$cfgHelp = SimpleSAML_Configuration::loadFromArray($config, 'serialize metadata source');
$this->directory = $cfgHelp->getString('directory');
/* Resolve this directory relative to the simpleSAMLphp directory (unless it is
* an absolute path).
*/
$this->directory = $globalConfig->resolvePath($this->directory);
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
$configObject = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']');
$this->key = $configObject->getString('key');
$this->secret = $configObject->getString('secret');
$this->force_login = $configObject->getBoolean('force_login', FALSE);
}
/**
* @param SAML2_Response $response
* @param SimpleSAML_Configuration $idpConfig
*/
private function addSigns(SAML2_Response $response, SimpleSAML_Configuration $idpConfig)
{
$assertions = $response->getAssertions();
$className = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getMessageUtilClassName();
// Special case the 'normal' message verification class name so we have IDE support.
if ($className === 'sspmod_saml_Message') {
sspmod_saml_Message::addSign($idpConfig, SimpleSAML_Configuration::loadFromArray(array()), $assertions[0]);
return;
}
$className::addSign($idpConfig, SimpleSAML_Configuration::loadFromArray(array()), $assertions[0]);
}
/**
* Test SimpleSAML\Locale\Translate::t().
*/
public function testTFallback()
{
$c = \SimpleSAML_Configuration::loadFromArray(array());
$t = new Translate($c);
$testString = 'Blablabla';
// $fallbackdefault = true
$result = 'not translated (' . $testString . ')';
$this->assertEquals($result, $t->t($testString));
// $fallbackdefault = false, should be a noop
$this->assertEquals($testString, $t->t($testString, array(), false));
}
/**
* Test SimpleSAML\Locale\Localization::activateDomain().
*/
public function testAddDomain()
{
$c = \SimpleSAML_Configuration::loadFromArray(array('language.i18n.backend' => 'gettext/gettext'));
$l = new Localization($c);
$newDomain = 'test';
$newDomainLocaleDir = $l->getLocaleDir();
$l->addDomain($newDomainLocaleDir, $newDomain);
$registeredDomains = $l->getRegisteredDomains();
$this->assertArrayHasKey($newDomain, $registeredDomains);
$this->assertEquals($registeredDomains[$newDomain], $newDomainLocaleDir);
}
public function getMetadata()
{
$idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php';
$metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleSignOnService.php', 'SingleLogoutService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleLogoutService.php', 'certificate' => 'server.crt');
$metaArrayConfig = SimpleSAML_Configuration::loadFromArray($metaArray);
$certInfo = SimpleSAML_Utilities::loadPublicKey($metaArrayConfig, TRUE);
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
$metaBuilder->addMetadataIdP20($metaArray);
$metaBuilder->addOrganizationInfo($metaArray);
$metaBuilder->addContact('technical', array('emailAddress' => $this->config->getString('technicalcontact_email', NULL), 'name' => $this->config->getString('technicalcontact_name', NULL)));
$metaxml = $metaBuilder->getEntityDescriptorText();
return $metaxml;
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
$cfgParse = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE));
$this->target = $cfgParse->getString('target', NULL);
$this->realm = $cfgParse->getString('realm', NULL);
$this->optionalAttributes = $cfgParse->getArray('attributes.optional', array());
$this->requiredAttributes = $cfgParse->getArray('attributes.required', array());
$this->optionalAXAttributes = $cfgParse->getArray('attributes.ax_optional', array());
$this->requiredAXAttributes = $cfgParse->getArray('attributes.ax_required', array());
$this->validateSReg = $cfgParse->getBoolean('sreg.validate', TRUE);
}
/**
* Constructor for this configuration parser.
*
* @param array $config Configuration.
* @param string $location The location of this configuration. Used for error reporting.
*/
public function __construct($config, $location)
{
assert('is_array($config)');
assert('is_string($location)');
$this->location = $location;
/* Parse configuration. */
$config = SimpleSAML_Configuration::loadFromArray($config, $location);
$this->drupalroot = $config->getString('drupalroot');
$this->debug = $config->getBoolean('debug', FALSE);
$this->attributes = $config->getArray('attributes', NULL);
$this->cookie_name = $config->getString('cookie_name', 'drupalauth4ssp');
$this->drupal_logout_url = $config->getString('drupal_logout_url', NULL);
$this->drupal_login_url = $config->getString('drupal_login_url', NULL);
}
/**
* Test SimpleSAML\Utils\HTTP::getSelfHostWithPort(), with and without custom port.
*/
public function testGetSelfHostWithPort()
{
\SimpleSAML_Configuration::loadFromArray(array('baseurlpath' => ''), '[ARRAY]', 'simplesaml');
// standard port for HTTP
$_SERVER['SERVER_PORT'] = '80';
$this->assertEquals('localhost', HTTP::getSelfHostWithNonStandardPort());
// non-standard port
$_SERVER['SERVER_PORT'] = '3030';
$this->assertEquals('localhost:3030', HTTP::getSelfHostWithNonStandardPort());
// standard port for HTTPS
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = '443';
$this->assertEquals('localhost', HTTP::getSelfHostWithNonStandardPort());
}
/**
* Hook to run a cron job.
*
* @param array &$croninfo Output
*/
function metarefresh_hook_cron(&$croninfo)
{
assert('is_array($croninfo)');
assert('array_key_exists("summary", $croninfo)');
assert('array_key_exists("tag", $croninfo)');
SimpleSAML_Logger::info('cron [metarefresh]: Running cron in cron tag [' . $croninfo['tag'] . '] ');
try {
$config = SimpleSAML_Configuration::getInstance();
$mconfig = SimpleSAML_Configuration::getConfig('config-metarefresh.php');
$sets = $mconfig->getConfigList('sets');
foreach ($sets as $setkey => $set) {
// Only process sets where cron matches the current cron tag.
$cronTags = $set->getArray('cron');
if (!in_array($croninfo['tag'], $cronTags)) {
continue;
}
SimpleSAML_Logger::info('cron [metarefresh]: Executing set [' . $setkey . ']');
$expireAfter = $set->getInteger('expireAfter', NULL);
if ($expireAfter !== NULL) {
$expire = time() + $expireAfter;
} else {
$expire = NULL;
}
$metaloader = new sspmod_metarefresh_MetaLoader($expire);
foreach ($set->getArray('sources') as $source) {
SimpleSAML_Logger::debug('cron [metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']');
$metaloader->loadSource($source);
}
$outputDir = $set->getString('outputDir');
$outputDir = $config->resolvePath($outputDir);
$outputFormat = $set->getValueValidate('outputFormat', array('flatfile', 'serialize'), 'flatfile');
switch ($outputFormat) {
case 'flatfile':
$metaloader->writeMetadataFiles($outputDir);
break;
case 'serialize':
$metaloader->writeMetadataSerialize($outputDir);
break;
}
if ($set->hasValue('arp')) {
$arpconfig = SimpleSAML_Configuration::loadFromArray($set->getValue('arp'));
$metaloader->writeARPfile($arpconfig);
}
}
} catch (Exception $e) {
$croninfo['summary'][] = 'Error during metarefresh: ' . $e->getMessage();
}
}
/**
* Construct
*
* @param array $authSourceconfig Configuration array for the selected authsource
* @param array $ldapWriteConfig Configuration array for the selected catalogue backend
* @param array $attributes The user attributes to be saved
*/
public function __construct($authSourceConfig, $ldapWriteConfig, $attributes)
{
$asc = SimpleSAML_Configuration::loadFromArray($authSourceConfig);
parent::__construct($asc->getString('hostname'), $asc->getBoolean('enable_tls', FALSE), $asc->getBoolean('debug', FALSE), $asc->getInteger('timeout', 0));
$this->searchBase = $asc->getArrayize('search.base');
$this->dnPattern = $asc->getString('dnpattern');
$this->searchDn = $asc->getString('search.username', NULL);
$this->searchPw = $asc->getString('search.password', NULL);
$lwc = SimpleSAML_Configuration::loadFromArray($ldapWriteConfig);
$this->adminDn = $lwc->getString('admin.dn');
$this->adminPw = $lwc->getString('admin.pw');
$this->objectClass = $lwc->getArray('objectClass');
$this->userIdAttr = $lwc->getString('user.id.param', 'uid');
$this->pswEncrypt = $lwc->getString('psw.encrypt', 'sha1');
$this->attributes = $attributes;
}
/**
* Constructor for SAML SP authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
if (!isset($config['entityID'])) {
$config['entityID'] = $this->getMetadataURL();
}
/* For compatibility with code that assumes that $metadata->getString('entityid') gives the entity id. */
$config['entityid'] = $config['entityID'];
$this->metadata = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']');
$this->entityId = $this->metadata->getString('entityID');
$this->idp = $this->metadata->getString('idp', NULL);
$this->discoURL = $this->metadata->getString('discoURL', NULL);
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
$cfg = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, true));
$cfg->getValueValidate('type', array('app'), 'app');
$this->app_id = $cfg->getString('app_id');
$this->private_key = $cfg->getString('private_key', null);
// accept these arguments with '_' for consistency
// accept these arguments without '_' for backwards compatibility
$this->server_id = $cfg->getString('serverid', null);
if ($this->server_id === null) {
$this->server_id = $cfg->getString('server_id');
}
$this->server_url = $cfg->getString('serverurl', null);
if ($this->server_url === null) {
$this->server_url = $cfg->getString('server_url');
}
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
/* Parse configuration. */
$config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE));
$this->hostname = $config->getString('hostname');
$this->port = $config->getIntegerRange('port', 1, 65535, 1812);
$this->secret = $config->getString('secret');
$this->timeout = $config->getInteger('timeout', 5);
$this->retries = $config->getInteger('retries', 3);
$this->usernameAttribute = $config->getString('username_attribute', NULL);
$this->vendor = $config->getInteger('attribute_vendor', NULL);
if ($this->vendor !== NULL) {
$this->vendorType = $config->getInteger('attribute_vendor_type');
}
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config The configuration of the module
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
parent::__construct($info, $config);
$config = SimpleSAML_Configuration::loadFromArray($config);
$this->ldap_hostname = $config->getString('ldap.hostname');
$this->ldap_port = $config->getString('ldap.port', 389);
$this->ldap_timeout = $config->getString('ldap.timeout', 10);
$this->ldap_enableTLS = $config->getString('ldap.enableTLS', false);
$this->ldap_debug = $config->getString('ldap.debug', false);
$this->ldap_referrals = $config->getString('ldap.referrals', true);
$this->ldap_admin_user = $config->getString('ldap.admin_user', null);
$this->ldap_admin_password = $config->getString('ldap.admin_password', null);
$this->ldap_base = $config->getArrayizeString('ldap.base');
$this->ldap_identifier = $config->getString('ldap.identifier');
$this->attributes = $config->getArrayizeString('attributes', null);
$this->subnets = $config->getArrayizeString('subnets', null);
$this->subnets_exclude = $config->getArrayizeString('subnets_exclude', null);
$this->auth_fallback = $config->getString('auth_fallback');
}
/**
* Send a response to the SP.
*
* @param array $state The authentication state.
*/
public static function sendResponse(array $state)
{
assert('isset($state["Attributes"])');
assert('isset($state["SPMetadata"])');
assert('isset($state["saml:shire"])');
assert('array_key_exists("saml:target", $state)');
// Can be NULL.
$spMetadata = $state["SPMetadata"];
$spEntityId = $spMetadata['entityid'];
$spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']');
SimpleSAML_Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE));
$attributes = $state['Attributes'];
$shire = $state['saml:shire'];
$target = $state['saml:target'];
$idp = SimpleSAML_IdP::getByState($state);
$idpMetadata = $idp->getConfig();
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/* Generate and send response. */
$ar = new SimpleSAML_XML_Shib13_AuthnResponse();
$authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);
$httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
$httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire);
}
/**
* Test SimpleSAML\Utils\HTTP::checkURLAllowed(), with the regex as a
* subdomain of an evil domain.
*/
public function testCheckURLAllowedWithRegexWithoutDelimiters()
{
$original = $_SERVER;
\SimpleSAML_Configuration::loadFromArray(array('trusted.url.domains' => array('app\\.example\\.com'), 'trusted.url.regex' => true), '[ARRAY]', 'simplesaml');
$_SERVER['REQUEST_URI'] = '/module.php';
$this->setExpectedException('SimpleSAML_Error_Exception');
HTTP::checkURLAllowed('https://app.example.com.evil.com');
$_SERVER = $original;
}
/**
* Add metadata of a SAML attribute authority.
*
* @param array $metadata The AttributeAuthorityDescriptor, in the format returned by
* SimpleSAML_Metadata_SAMLParser.
*/
public function addAttributeAuthority(array $metadata)
{
assert('is_array($metadata)');
assert('isset($metadata["entityid"])');
assert('isset($metadata["metadata-set"])');
$metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']);
$e = new \SAML2\XML\md\AttributeAuthorityDescriptor();
$e->protocolSupportEnumeration = $metadata->getArray('protocols', array());
$this->addExtensions($metadata, $e);
$this->addCertificate($e, $metadata);
$e->AttributeService = self::createEndpoints($metadata->getEndpoints('AttributeService'), false);
$e->AssertionIDRequestService = self::createEndpoints($metadata->getEndpoints('AssertionIDRequestService'), false);
$e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', array());
$this->entityDescriptor->RoleDescriptor[] = $e;
}
