/**
* Get the NameID value.
*
* @param array $state The state array.
* @return string|null The NameID value.
*/
protected function getValue(array &$state)
{
if (!isset($state['Destination']['entityid'])) {
SimpleSAML\Logger::warning('No SP entity ID - not generating persistent NameID.');
return null;
}
$spEntityId = $state['Destination']['entityid'];
if (!isset($state['Source']['entityid'])) {
SimpleSAML\Logger::warning('No IdP entity ID - not generating persistent NameID.');
return null;
}
$idpEntityId = $state['Source']['entityid'];
if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
SimpleSAML\Logger::warning('Missing attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
return null;
}
if (count($state['Attributes'][$this->attribute]) > 1) {
SimpleSAML\Logger::warning('More than one value in attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
return null;
}
$uid = array_values($state['Attributes'][$this->attribute]);
// just in case the first index is no longer 0
$uid = $uid[0];
if (empty($uid)) {
SimpleSAML\Logger::warning('Empty value in attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
return null;
}
$secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
$uidData .= strlen($spEntityId) . ':' . $spEntityId;
$uidData .= strlen($uid) . ':' . $uid;
$uidData .= $secretSalt;
return sha1($uidData);
}
/**
* @param $secretSalt Must be random and unique per installation
* @param $lifeTime Token lifetime in seconds
* @param $skew Allowed time skew between server that generates and the one that calculates the token
*/
public function __construct($lifetime = 900, $secretSalt = NULL, $skew = 1)
{
if ($secretSalt === NULL) {
$secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
}
$this->secretSalt = $secretSalt;
$this->lifetime = $lifetime;
$this->skew = $skew;
}
/**
* Calculate the NameID value that should be used.
*
* @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP.
* @param SimpleSAML_Configuration $dstMetadata The metadata of the SP.
* @param array &$state The authentication state of the user.
* @return string The NameID value.
*/
private static function generateNameIdValue(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, array &$state)
{
$attribute = $spMetadata->getString('simplesaml.nameidattribute', NULL);
if ($attribute === NULL) {
$attribute = $idpMetadata->getString('simplesaml.nameidattribute', NULL);
if ($attribute === NULL) {
if (!isset($state['UserID'])) {
SimpleSAML_Logger::error('Unable to generate NameID. Check the userid.attribute option.');
}
$attributeValue = $state['UserID'];
$idpEntityId = $idpMetadata->getString('entityid');
$spEntityId = $spMetadata->getString('entityid');
$secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
$uidData .= strlen($spEntityId) . ':' . $spEntityId;
$uidData .= strlen($attributeValue) . ':' . $attributeValue;
$uidData .= $secretSalt;
return hash('sha1', $uidData);
}
}
$attributes = $state['Attributes'];
if (!array_key_exists($attribute, $attributes)) {
SimpleSAML_Logger::error('Unable to add NameID: Missing ' . var_export($attribute, TRUE) . ' in the attributes of the user.');
return NULL;
}
return $attributes[$attribute][0];
}
/**
* Load a configuration file from a configuration set.
*
* This function will return a configuration object even if the file does not exist.
*
* @param string $filename The name of the configuration file.
* @param string $configSet The configuration set. Optional, defaults to 'simplesaml'.
*
* @return SimpleSAML_Configuration A configuration object.
* @throws Exception If the configuration set is not initialized.
*/
public static function getOptionalConfig($filename = 'config.php', $configSet = 'simplesaml')
{
assert('is_string($filename)');
assert('is_string($configSet)');
if (!array_key_exists($configSet, self::$configDirs)) {
if ($configSet !== 'simplesaml') {
throw new Exception('Configuration set \'' . $configSet . '\' not initialized.');
} else {
self::$configDirs['simplesaml'] = SimpleSAML\Utils\Config::getConfigDir();
}
}
$dir = self::$configDirs[$configSet];
$filePath = $dir . '/' . $filename;
return self::loadFromFile($filePath, false);
}
*
* See PHP bug: https://bugs.php.net/bug.php?id=47987
*/
return false;
}
if ($errno & SimpleSAML_Utilities::$logMask || !($errno & error_reporting())) {
// masked error
return false;
}
static $limit = 5;
$limit -= 1;
if ($limit < 0) {
// we have reached the limit in the number of backtraces we will log
return false;
}
// show an error with a full backtrace
$e = new SimpleSAML_Error_Exception('Error ' . $errno . ' - ' . $errstr);
$e->logError();
// resume normal error processing
return false;
}
set_error_handler('SimpleSAML_error_handler');
$configdir = SimpleSAML\Utils\Config::getConfigDir();
if (!file_exists($configdir . '/config.php')) {
header('Content-Type: text/plain');
echo "You have not yet created the simpleSAMLphp configuration files.\n";
echo "See: https://simplesamlphp.org/docs/devel/simplesamlphp-install-repo\n";
exit(1);
}
// set the timezone
SimpleSAML\Utils\Time::initTimezone();
/**
* Generate a unique targeted identifier
*
* @param string $userid The user id
* @param string $source The source id
* @param string $destination The destination id
*
* @return string SHA1 of the user id, source id, destination id and salt
*/
public static function getTargetedID($userid, $source, $destination)
{
return hash('sha1', $userid . '|' . SimpleSAML\Utils\Config::getSecretSalt() . '|' . $source . '|' . $destination);
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\Config::getSecretSalt() instead.
*/
public static function getSecretSalt()
{
return SimpleSAML\Utils\Config::getSecretSalt();
}
#!/usr/bin/env php
<?php
$baseDir = dirname(dirname(__FILE__));
require_once $baseDir . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . '_autoload.php';
require_once SimpleSAML\Utils\Config::getConfigDir() . DIRECTORY_SEPARATOR . 'config.php';
# Iterate through configured metadata sources and ensure
# that a PDO source exists.
foreach ($config['metadata.sources'] as $s) {
# If pdo is configured, create the new handler and add in the metadata sets.
if ($s['type'] === "pdo") {
$mdshp = new SimpleSAML_Metadata_MetaDataStorageHandlerPdo($s);
$mdshp->initDatabase();
foreach (glob("metadata/*.php") as $filename) {
$metadata = array();
require_once $filename;
$set = basename($filename, ".php");
echo "importing set '{$set}'..." . PHP_EOL;
foreach ($metadata as $k => $v) {
echo "\t{$k}" . PHP_EOL;
$mdshp->addEntry($k, $set, $v);
}
}
}
}
/**
* Apply filter to add the targeted ID.
*
* @param array &$state The current state.
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Attributes", $state)');
if ($this->attribute === NULL) {
if (!array_key_exists('UserID', $state)) {
throw new Exception('core:TargetedID: Missing UserID for this user. Please' . ' check the \'userid.attribute\' option in the metadata against the' . ' attributes provided by the authentication source.');
}
$userID = $state['UserID'];
} else {
if (!array_key_exists($this->attribute, $state['Attributes'])) {
throw new Exception('core:TargetedID: Missing attribute \'' . $this->attribute . '\', which is needed to generate the targeted ID.');
}
$userID = $state['Attributes'][$this->attribute][0];
}
$secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
if (array_key_exists('Source', $state)) {
$srcID = self::getEntityId($state['Source']);
} else {
$srcID = '';
}
if (array_key_exists('Destination', $state)) {
$dstID = self::getEntityId($state['Destination']);
} else {
$dstID = '';
}
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($srcID) . ':' . $srcID;
$uidData .= strlen($dstID) . ':' . $dstID;
$uidData .= strlen($userID) . ':' . $userID;
$uidData .= $secretSalt;
$uid = hash('sha1', $uidData);
if ($this->generateNameId) {
/* Convert the targeted ID to a SAML 2.0 name identifier element. */
$nameId = array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'Value' => $uid);
if (isset($state['Source']['entityid'])) {
$nameId['NameQualifier'] = $state['Source']['entityid'];
}
if (isset($state['Destination']['entityid'])) {
$nameId['SPNameQualifier'] = $state['Destination']['entityid'];
}
$doc = new DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);
SAML2_Utils::addNameId($root, $nameId);
$uid = $doc->saveXML($root->firstChild);
}
$state['Attributes']['eduPersonTargetedID'] = array($uid);
}
/**
* Calculate a signature of some data.
*
* This function calculates a signature of the data.
*
* @param string $data The data which should be signed.
*
* @return string The signed data.
*/
private static function _sign($data)
{
assert('is_string($data)');
$secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
return sha1($secretSalt . $data . $secretSalt) . ':' . $data;
}
