Example #1
0
 /**
  * Get the NameID value.
  *
  * @param array $state The state array.
  * @return string|null The NameID value.
  */
 protected function getValue(array &$state)
 {
     if (!isset($state['Destination']['entityid'])) {
         SimpleSAML\Logger::warning('No SP entity ID - not generating persistent NameID.');
         return null;
     }
     $spEntityId = $state['Destination']['entityid'];
     if (!isset($state['Source']['entityid'])) {
         SimpleSAML\Logger::warning('No IdP entity ID - not generating persistent NameID.');
         return null;
     }
     $idpEntityId = $state['Source']['entityid'];
     if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
         SimpleSAML\Logger::warning('Missing attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
         return null;
     }
     if (count($state['Attributes'][$this->attribute]) > 1) {
         SimpleSAML\Logger::warning('More than one value in attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
         return null;
     }
     $uid = array_values($state['Attributes'][$this->attribute]);
     // just in case the first index is no longer 0
     $uid = $uid[0];
     if (empty($uid)) {
         SimpleSAML\Logger::warning('Empty value in attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
         return null;
     }
     $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
     $uidData = 'uidhashbase' . $secretSalt;
     $uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
     $uidData .= strlen($spEntityId) . ':' . $spEntityId;
     $uidData .= strlen($uid) . ':' . $uid;
     $uidData .= $secretSalt;
     return sha1($uidData);
 }
Example #2
0
 /**
  * @param $secretSalt Must be random and unique per installation
  * @param $lifeTime Token lifetime in seconds
  * @param $skew  Allowed time skew between server that generates and the one that calculates the token
  */
 public function __construct($lifetime = 900, $secretSalt = NULL, $skew = 1)
 {
     if ($secretSalt === NULL) {
         $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
     }
     $this->secretSalt = $secretSalt;
     $this->lifetime = $lifetime;
     $this->skew = $skew;
 }
Example #3
0
 /**
  * Calculate the NameID value that should be used.
  *
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the IdP.
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the SP.
  * @param array &$state  The authentication state of the user.
  * @return string  The NameID value.
  */
 private static function generateNameIdValue(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, array &$state)
 {
     $attribute = $spMetadata->getString('simplesaml.nameidattribute', NULL);
     if ($attribute === NULL) {
         $attribute = $idpMetadata->getString('simplesaml.nameidattribute', NULL);
         if ($attribute === NULL) {
             if (!isset($state['UserID'])) {
                 SimpleSAML_Logger::error('Unable to generate NameID. Check the userid.attribute option.');
             }
             $attributeValue = $state['UserID'];
             $idpEntityId = $idpMetadata->getString('entityid');
             $spEntityId = $spMetadata->getString('entityid');
             $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
             $uidData = 'uidhashbase' . $secretSalt;
             $uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
             $uidData .= strlen($spEntityId) . ':' . $spEntityId;
             $uidData .= strlen($attributeValue) . ':' . $attributeValue;
             $uidData .= $secretSalt;
             return hash('sha1', $uidData);
         }
     }
     $attributes = $state['Attributes'];
     if (!array_key_exists($attribute, $attributes)) {
         SimpleSAML_Logger::error('Unable to add NameID: Missing ' . var_export($attribute, TRUE) . ' in the attributes of the user.');
         return NULL;
     }
     return $attributes[$attribute][0];
 }
Example #4
0
 /**
  * Generate a unique targeted identifier
  *
  * @param string $userid      The user id
  * @param string $source      The source id
  * @param string $destination The destination id
  *
  * @return string SHA1 of the user id, source id, destination id and salt 
  */
 public static function getTargetedID($userid, $source, $destination)
 {
     return hash('sha1', $userid . '|' . SimpleSAML\Utils\Config::getSecretSalt() . '|' . $source . '|' . $destination);
 }
Example #5
0
 /**
  * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\Config::getSecretSalt() instead.
  */
 public static function getSecretSalt()
 {
     return SimpleSAML\Utils\Config::getSecretSalt();
 }
Example #6
0
 /**
  * Apply filter to add the targeted ID.
  *
  * @param array &$state  The current state.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     assert('array_key_exists("Attributes", $state)');
     if ($this->attribute === NULL) {
         if (!array_key_exists('UserID', $state)) {
             throw new Exception('core:TargetedID: Missing UserID for this user. Please' . ' check the \'userid.attribute\' option in the metadata against the' . ' attributes provided by the authentication source.');
         }
         $userID = $state['UserID'];
     } else {
         if (!array_key_exists($this->attribute, $state['Attributes'])) {
             throw new Exception('core:TargetedID: Missing attribute \'' . $this->attribute . '\', which is needed to generate the targeted ID.');
         }
         $userID = $state['Attributes'][$this->attribute][0];
     }
     $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
     if (array_key_exists('Source', $state)) {
         $srcID = self::getEntityId($state['Source']);
     } else {
         $srcID = '';
     }
     if (array_key_exists('Destination', $state)) {
         $dstID = self::getEntityId($state['Destination']);
     } else {
         $dstID = '';
     }
     $uidData = 'uidhashbase' . $secretSalt;
     $uidData .= strlen($srcID) . ':' . $srcID;
     $uidData .= strlen($dstID) . ':' . $dstID;
     $uidData .= strlen($userID) . ':' . $userID;
     $uidData .= $secretSalt;
     $uid = hash('sha1', $uidData);
     if ($this->generateNameId) {
         /* Convert the targeted ID to a SAML 2.0 name identifier element. */
         $nameId = array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'Value' => $uid);
         if (isset($state['Source']['entityid'])) {
             $nameId['NameQualifier'] = $state['Source']['entityid'];
         }
         if (isset($state['Destination']['entityid'])) {
             $nameId['SPNameQualifier'] = $state['Destination']['entityid'];
         }
         $doc = new DOMDocument();
         $root = $doc->createElement('root');
         $doc->appendChild($root);
         SAML2_Utils::addNameId($root, $nameId);
         $uid = $doc->saveXML($root->firstChild);
     }
     $state['Attributes']['eduPersonTargetedID'] = array($uid);
 }
Example #7
0
 /**
  * Calculate a signature of some data.
  *
  * This function calculates a signature of the data.
  *
  * @param string $data The data which should be signed.
  *
  * @return string The signed data.
  */
 private static function _sign($data)
 {
     assert('is_string($data)');
     $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
     return sha1($secretSalt . $data . $secretSalt) . ':' . $data;
 }