public function serve($serviceName)
{
// Get the configuration for EngineBlock in it's IdP role.
$engineIdpEntityId = $this->_server->getUrl('idpMetadataService');
$engineIdpEntity = $this->_server->getRepository()->fetchIdentityProviderByEntityId($engineIdpEntityId);
$edugainEntities = array();
$ssoServiceReplacer = new ServiceReplacer($engineIdpEntity, 'SingleSignOnService', ServiceReplacer::REQUIRED);
$slServiceReplacer = new ServiceReplacer($engineIdpEntity, 'SingleLogoutService', ServiceReplacer::OPTIONAL);
$remoteEntities = $this->_server->getRepository()->findEntitiesPublishableInEdugain();
foreach ($remoteEntities as $entity) {
// Use EngineBlock certificates
$entity->certificates = $engineIdpEntity->certificates;
// Ignore the NameIDFormats the IdP supports, any requests made on this endpoint will use EngineBlock
// NameIDs, so advertise that.
unset($entity->nameIdFormat);
$entity->supportedNameIdFormats = $engineIdpEntity->supportedNameIdFormats;
// For IdP's replace the SingleSignService with the one from EB
if ($entity instanceof IdentityProvider) {
// Replace service locations and bindings with those of EB
$transparentSsoUrl = $this->_server->getUrl('singleSignOnService', $entity->entityId);
$ssoServiceReplacer->replace($entity, $transparentSsoUrl);
$transparentSlUrl = $this->_server->getUrl('singleLogoutService');
$slServiceReplacer->replace($entity, $transparentSlUrl);
}
$entity->contactPersons = $engineIdpEntity->contactPersons;
$entity = $this->_addRequestAttributes($entity);
$edugainEntities[] = $entity;
}
// Map the IdP configuration to a Corto XMLToArray structured document array
$mapper = new EngineBlock_Corto_Mapper_Metadata_EdugainDocument($this->_server->getNewId(\OpenConext\Component\EngineBlockFixtures\IdFrame::ID_USAGE_SAML2_METADATA), $this->_server->timeStamp($this->_server->getConfig('metadataValidUntilSeconds', 86400)), true);
$document = $mapper->setEntities($edugainEntities)->map();
// Sign the document
$document = $this->_server->sign($document);
// Convert the document to XML
$xml = EngineBlock_Corto_XmlToArray::array2xml($document);
// If debugging is enabled then validate it according to the schema
if ($this->_server->getConfig('debug', false)) {
$validator = new EngineBlock_Xml_Validator('http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd');
$validator->validate($xml);
}
// The spec dictates we use a custom mimetype, but debugging is easier with a normal mimetype
// also no single SP / IdP complains over this.
//$this->_server->sendHeader('Content-Type', 'application/samlmetadata+xml');
$this->_server->sendHeader('Content-Type', 'application/xml');
$this->_server->sendOutput($xml);
}
public function serve($serviceName)
{
// Get the configuration for EngineBlock in it's IdP / SP role without the VO.
$this->_server->setProcessingMode();
$engineEntityId = $this->_server->getUrl($serviceName);
$this->_server->unsetProcessingMode();
$engineEntity = $this->_server->getRepository()->fetchEntityByEntityId($engineEntityId);
// Override the EntityID and SSO location to optionally append VO id
$externalEngineEntityId = $this->_server->getUrl($serviceName);
$engineEntity->entityId = $externalEngineEntityId;
if ($serviceName === 'idpMetadataService') {
$ssoServiceReplacer = new ServiceReplacer($engineEntity, 'SingleSignOnService', ServiceReplacer::REQUIRED);
$ssoLocation = $this->_server->getUrl('singleSignOnService');
$ssoServiceReplacer->replace($engineEntity, $ssoLocation);
}
// Override Single Logout Service Location with generated url
$slServiceReplacer = new ServiceReplacer($engineEntity, 'SingleLogoutService', ServiceReplacer::OPTIONAL);
$slLocation = $this->_server->getUrl('singleLogoutService');
$slServiceReplacer->replace($engineEntity, $slLocation);
// Map the IdP configuration to a Corto XMLToArray structured document array
$mapper = new EngineBlock_Corto_Mapper_Metadata_EdugainDocument($this->_server->getNewId(IdFrame::ID_USAGE_SAML2_METADATA), $this->_server->timeStamp($this->_server->getConfig('metadataValidUntilSeconds', 86400)), false);
$document = $mapper->setEntity($engineEntity)->map();
// Sign the document
$document = $this->_server->sign($document);
// Convert the document to XML
$xml = EngineBlock_Corto_XmlToArray::array2xml($document);
// If debugging is enabled then validate it according to the schema
if ($this->_server->getConfig('debug', false)) {
$validator = new EngineBlock_Xml_Validator('http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd');
$validator->validate($xml);
}
// The spec dictates we use a custom mimetype, but debugging is easier with a normal mimetype
// also no single SP / IdP complains over this.
//$this->_server->sendHeader('Content-Type', 'application/samlmetadata+xml');
$this->_server->sendHeader('Content-Type', 'application/xml');
$this->_server->sendOutput($xml);
}
public function serve($serviceName)
{
// Fetch SP Entity Descriptor for the SP Entity ID that is fetched from the request
$request = EngineBlock_ApplicationSingleton::getInstance()->getHttpRequest();
$spEntityId = $request->getQueryParameter('sp-entity-id');
if ($spEntityId) {
// See if an sp-entity-id was specified for which we need to use sp specific metadata
$spEntity = $this->_server->getRepository()->fetchServiceProviderByEntityId($spEntityId);
}
// Get the configuration for EngineBlock in it's IdP role.
$engineIdpEntityId = $this->_server->getUrl('idpMetadataService');
$engineIdentityProvider = $this->_server->getRepository()->fetchIdentityProviderByEntityId($engineIdpEntityId);
$idpEntities = array();
// Note that Shibboleth likes to see it's self in the metadata, so if an sp-entity-id was passed along
// we make sure the first thing is the Service Provider
if (isset($spEntity)) {
$idpEntities[] = $spEntity;
}
$ssoServiceReplacer = new ServiceReplacer($engineIdentityProvider, 'SingleSignOnService', ServiceReplacer::REQUIRED);
$slServiceReplacer = new ServiceReplacer($engineIdentityProvider, 'SingleLogoutService', ServiceReplacer::OPTIONAL);
if (isset($spEntity)) {
$identityProviders = $this->_server->getRepository()->findIdentityProvidersByEntityId($this->_server->getRepository()->findAllowedIdpEntityIdsForSp($spEntity));
} else {
$identityProviders = $this->_server->getRepository()->findIdentityProviders();
}
foreach ($identityProviders as $entity) {
// Don't add ourselves
if ($entity->entityId === $engineIdentityProvider->entityId) {
continue;
}
if ($entity->hidden) {
continue;
}
// Use EngineBlock certificates
$entity->certificates = $engineIdentityProvider->certificates;
// Ignore the NameIDFormats the IdP supports, any requests made on this endpoint will use EngineBlock
// NameIDs, so advertise that.
unset($entity->nameIdFormat);
$entity->supportedNameIdFormats = $engineIdentityProvider->supportedNameIdFormats;
// Replace service locations and bindings with those of EB
$transparentSsoUrl = $this->_server->getUrl('singleSignOnService', $entity->entityId);
$ssoServiceReplacer->replace($entity, $transparentSsoUrl);
$transparentSlUrl = $this->_server->getUrl('singleLogoutService');
$slServiceReplacer->replace($entity, $transparentSlUrl);
$entity->contactPersons = $engineIdentityProvider->contactPersons;
$idpEntities[] = $entity;
}
// Map the IdP configuration to a Corto XMLToArray structured document array
$mapper = new EngineBlock_Corto_Mapper_Metadata_EdugainDocument($this->_server->getNewId(\OpenConext\Component\EngineBlockFixtures\IdFrame::ID_USAGE_SAML2_METADATA), $this->_server->timeStamp($this->_server->getConfig('metadataValidUntilSeconds', 86400)), false);
$document = $mapper->setEntities($idpEntities)->map();
// Sign the document
$document = $this->_server->sign($document);
// Convert the document to XML
$xml = EngineBlock_Corto_XmlToArray::array2xml($document);
// If debugging is enabled then validate it according to the schema
if ($this->_server->getConfig('debug', false)) {
$validator = new EngineBlock_Xml_Validator('http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd');
$validator->validate($xml);
}
// The spec dictates we use a custom mimetype, but debugging is easier with a normal mimetype
// also no single SP / IdP complains over this.
//$this->_server->sendHeader('Content-Type', 'application/samlmetadata+xml');
$this->_server->sendHeader('Content-Type', 'application/xml');
$this->_server->sendOutput($xml);
}
