public function getMetadata()
{
$idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php';
$metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleSignOnService.php', 'SingleLogoutService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleLogoutService.php', 'certificate' => 'server.crt');
$metaArrayConfig = SimpleSAML_Configuration::loadFromArray($metaArray);
$certInfo = SimpleSAML_Utilities::loadPublicKey($metaArrayConfig, TRUE);
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
$metaBuilder->addMetadataIdP20($metaArray);
$metaBuilder->addOrganizationInfo($metaArray);
$metaBuilder->addContact('technical', array('emailAddress' => $this->config->getString('technicalcontact_email', NULL), 'name' => $this->config->getString('technicalcontact_name', NULL)));
$metaxml = $metaBuilder->getEntityDescriptorText();
return $metaxml;
}
/**
* Show the error to the user.
*
* This function does not return.
*/
public function show()
{
header('HTTP/1.0 500 Internal Server Error');
$errorData = $this->saveError();
$session = SimpleSAML_Session::getInstance();
$attributes = $session->getAttributes();
if (isset($attributes['mail'][0])) {
$email = $attributes['mail'][0];
} else {
$email = '';
}
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:no_state.tpl.php');
/* Enable error reporting if we have a valid technical contact email. */
if ($globalConfig->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') {
/* Enable error reporting. */
$baseurl = SimpleSAML_Utilities::getBaseURL();
$t->data['errorReportAddress'] = $baseurl . 'errorreport.php';
$t->data['reportId'] = $errorData['reportId'];
$t->data['email'] = $email;
}
$t->show();
exit;
}
throw new SimpleSAML_Error_Error('METADATA', $exception);
}
/*
* If no IdP can be resolved, send the user to the SAML 2.0 Discovery Service
*/
if ($idpentityid === NULL) {
SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
/* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
* Falling back to builtin discovery service.
*/
if (array_key_exists('idpdisco.url', $spmetadata)) {
$discourl = $spmetadata['idpdisco.url'];
} elseif ($config->getString('idpdisco.url.saml20', NULL) !== NULL) {
$discourl = $config->getString('idpdisco.url.saml20');
} else {
$discourl = SimpleSAML_Utilities::getBaseURL() . 'saml2/sp/idpdisco.php';
}
$extDiscoveryStorage = $config->getString('idpdisco.extDiscoveryStorage', NULL);
if ($extDiscoveryStorage !== NULL) {
SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true'));
}
$discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid');
$discoparameters['isPassive'] = $isPassive;
if (sizeof($reachableIDPs) > 0) {
$discoparameters['IDPList'] = $reachableIDPs;
}
SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters);
}
/*
* Create and send authentication request to the IdP.
*/
if ($config->getBoolean('admin.protectindexpage', false)) {
SimpleSAML_Utilities::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utilities::isAdmin();
$links = array();
$links_welcome = array();
$links_config = array();
$links_auth = array();
$links_federation = array();
$links_auth[] = array('href' => 'authenticate.php', 'text' => '{core:frontpage:authtest}');
if ($config->getValue('enable.saml20-sp') === true) {
$links_auth[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'example-simple/saml2-example.php', 'text' => '{core:frontpage:link_saml2example}', 'deprecated' => TRUE);
}
if ($config->getValue('enable.shib13-sp') === true) {
$links_auth[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'example-simple/shib13-example.php', 'text' => '{core:frontpage:link_shib13example}', 'deprecated' => TRUE);
}
$allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation);
SimpleSAML_Module::callHooks('frontpage', $allLinks);
$t = new SimpleSAML_XHTML_Template($config, 'core:frontpage_auth.tpl.php');
$t->data['pageid'] = 'frontpage_auth';
$t->data['isadmin'] = $isadmin;
$t->data['loginurl'] = $loginurl;
$t->data['header'] = 'simpleSAMLphp installation page';
$t->data['icon'] = 'compass_l.png';
$t->data['links'] = $links;
$t->data['links_welcome'] = $links_welcome;
$t->data['links_config'] = $links_config;
$t->data['links_auth'] = $links_auth;
$t->data['links_federation'] = $links_federation;
$t->show();
<?php
require_once '../_include.php';
/* Load simpleSAMLphp, configuration */
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
/* Check if valid local session exists.. */
SimpleSAML_Utilities::requireAdmin();
$attributes = array();
$attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']);
$attributes['HTTPS'] = array($_SERVER['HTTPS']);
$attributes['SERVER_PROTOCOL'] = array($_SERVER['SERVER_PROTOCOL']);
$attributes['SERVER_PORT'] = array($_SERVER['SERVER_PORT']);
$attributes['Utilities_getBaseURL()'] = array(SimpleSAML_Utilities::getBaseURL());
$attributes['Utilities_getSelfHost()'] = array(SimpleSAML_Utilities::getSelfHost());
$attributes['Utilities_selfURLhost()'] = array(SimpleSAML_Utilities::selfURLhost());
$attributes['Utilities_selfURLNoQuery()'] = array(SimpleSAML_Utilities::selfURLNoQuery());
$attributes['Utilities_getSelfHostWithPath()'] = array(SimpleSAML_Utilities::getSelfHostWithPath());
$attributes['Utilities_getFirstPathElement()'] = array(SimpleSAML_Utilities::getFirstPathElement());
$attributes['Utilities_selfURL()'] = array(SimpleSAML_Utilities::selfURL());
$et = new SimpleSAML_XHTML_Template($config, 'status.php');
$et->data['header'] = '{status:header_diagnostics}';
$et->data['remaining'] = 'na';
$et->data['attributes'] = $attributes;
$et->data['valid'] = 'na';
$et->data['logout'] = null;
$et->show();
/**
* Resolve a (possibly) relative URL relative to a given base URL.
*
* This function supports these forms of relative URLs:
* ^\w+: Absolute URL
* ^// Same protocol.
* ^/ Same protocol and host.
* ^? Same protocol, host and path, replace query string & fragment
* ^# Same protocol, host, path and query, replace fragment
* The rest: Relative to the base path.
*
* @param $url The relative URL.
* @param $base The base URL. Defaults to the base URL of this installation of simpleSAMLphp.
* @return An absolute URL for the given relative URL.
*/
public static function resolveURL($url, $base = NULL)
{
if ($base === NULL) {
$base = SimpleSAML_Utilities::getBaseURL();
}
if (!preg_match('$^((((\\w+:)//[^/]+)(/[^?#]*))(?:\\?[^#]*)?)(?:#.*)?$', $base, $baseParsed)) {
throw new Exception('Unable to parse base url: ' . $base);
}
$baseDir = dirname($baseParsed[5] . 'filename');
$baseScheme = $baseParsed[4];
$baseHost = $baseParsed[3];
$basePath = $baseParsed[2];
$baseQuery = $baseParsed[1];
if (preg_match('$^\\w+:$', $url)) {
return $url;
}
if (substr($url, 0, 2) === '//') {
return $baseScheme . $url;
}
$firstChar = substr($url, 0, 1);
if ($firstChar === '/') {
return $baseHost . $url;
}
if ($firstChar === '?') {
return $basePath . $url;
}
if ($firstChar === '#') {
return $baseQuery . $url;
}
/* We have a relative path. Remove query string/fragment and save it as $tail. */
$queryPos = strpos($url, '?');
$fragmentPos = strpos($url, '#');
if ($queryPos !== FALSE || $fragmentPos !== FALSE) {
if ($queryPos === FALSE) {
$tailPos = $fragmentPos;
} elseif ($fragmentPos === FALSE) {
$tailPos = $queryPos;
} elseif ($queryPos < $fragmentPos) {
$tailPos = $queryPos;
} else {
$tailPos = $fragmentPos;
}
$tail = substr($url, $tailPos);
$dir = substr($url, 0, $tailPos);
} else {
$dir = $url;
$tail = '';
}
$dir = self::resolvePath($dir, $baseDir);
return $baseHost . $dir . $tail;
}
<?php
$session = SimpleSAML_Session::getInstance();
SimpleSAML_Logger::debug('IdP Endpoint accessed....');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$samlredir = new SAML2_HTTPRedirect();
$request = $samlredir->receive();
$entityid = $request->getIssuer();
error_log('Entity ID was [' . $entityid . ']');
$idpm = new sspmod_fedlab_IdPMetadata($config);
$spm = new sspmod_fedlab_SPMetadata($entityid, TRUE);
#$spm->debug();
$idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php';
$idpmetadata = array('entityid' => $idpentityid, 'certificate' => 'server.crt', 'privatekey' => 'server.pem');
$test = new sspmod_fedlab_BasicSPTest($idpmetadata, $spm->parsed, $entity, $initurl, $initslo, $attributeurl);
$crawler = new sspmod_fedlab_SAMLCrawler();
$requestRaw = sspmod_fedlab_SAMLCrawler::getHTTPRedirectMessage();
echo '<h2>Request</h2>' . "\n";
echo '<textarea style="width: 90%; height: 300px">';
echo htmlspecialchars(SimpleSAML_Utilities::formatXMLString($requestRaw));
echo '</textarea>';
# print_r($request);
$relaystate = NULL;
if (isset($_REQUEST['RelayState'])) {
$relaystate = $_REQUEST['RelayState'];
}
# createResponse($testrun, $request, $relayState = NULL) {
$samlResponse = $test->createResponseP('idp', $request, $relaystate);
echo '<h2>Prepared Response</h2>' . "\n";
echo '<textarea style="width: 90%; height: 300px">';
$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
$keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => $hasNewCert ? FALSE : TRUE, 'X509Certificate' => $certInfo['certData']);
if ($idpmeta->hasValue('https.certificate')) {
$httpsCert = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE, 'https.');
assert('isset($httpsCert["certData"])');
$keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => FALSE, 'X509Certificate' => $httpsCert['certData']);
}
$metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'), 'SingleLogoutService' => $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted'));
if (count($keys) === 1) {
$metaArray['certData'] = $keys[0]['X509Certificate'];
} else {
$metaArray['keys'] = $keys;
}
if ($idpmeta->getBoolean('saml20.sendartifact', FALSE)) {
/* Artifact sending enabled. */
$metaArray['ArtifactResolutionService'][] = array('index' => 0, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/ArtifactResolutionService.php', 'Binding' => SAML2_Const::BINDING_SOAP);
}
$metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
if ($idpmeta->hasValue('OrganizationName')) {
$metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName');
$metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']);
if (!$idpmeta->hasValue('OrganizationURL')) {
throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL');
}
if ($idpmeta->hasValue('scope')) {
$metaArray['scope'] = $idpmeta->getArray('scope');
}
$metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';';
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
$availableCerts['https.crt'] = $httpsCert;
$keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => FALSE, 'X509Certificate' => $httpsCert['certData']);
}
$metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => array(0 => array('Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, 'Location' => $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'))), 'SingleLogoutService' => $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted'));
if (count($keys) === 1) {
$metaArray['certData'] = $keys[0]['X509Certificate'];
} else {
$metaArray['keys'] = $keys;
}
if ($idpmeta->getBoolean('saml20.sendartifact', FALSE)) {
/* Artifact sending enabled. */
$metaArray['ArtifactResolutionService'][] = array('index' => 0, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/ArtifactResolutionService.php', 'Binding' => SAML2_Const::BINDING_SOAP);
}
if ($idpmeta->getBoolean('saml20.hok.assertion', FALSE)) {
/* Prepend HoK SSO Service endpoint. */
array_unshift($metaArray['SingleSignOnService'], array('hoksso:ProtocolBinding' => SAML2_Const::BINDING_HTTP_REDIRECT, 'Binding' => SAML2_Const::BINDING_HOK_SSO, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/SSOService.php'));
}
$metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
if ($idpmeta->hasValue('OrganizationName')) {
$metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName');
$metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']);
if (!$idpmeta->hasValue('OrganizationURL')) {
throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL');
}
if ($idpmeta->hasValue('scope')) {
$metaArray['scope'] = $idpmeta->getArray('scope');
}
if ($idpmeta->hasValue('EntityAttributes')) {
$metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes');
if (count($keys) === 1) {
$metaArray['certData'] = $keys[0]['X509Certificate'];
} else {
$metaArray['keys'] = $keys;
}
if ($idpmeta->getBoolean('saml20.sendartifact', false)) {
// Artifact sending enabled
$metaArray['ArtifactResolutionService'][] = array('index' => 0, 'Location' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'saml2/idp/ArtifactResolutionService.php', 'Binding' => SAML2_Const::BINDING_SOAP);
}
if ($idpmeta->getBoolean('saml20.hok.assertion', false)) {
// Prepend HoK SSO Service endpoint.
array_unshift($metaArray['SingleSignOnService'], array('hoksso:ProtocolBinding' => SAML2_Const::BINDING_HTTP_REDIRECT, 'Binding' => SAML2_Const::BINDING_HOK_SSO, 'Location' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'saml2/idp/SSOService.php'));
}
if ($idpmeta->getBoolean('saml20.ecp', FALSE)) {
/* ECP enabled. */
$metaArray['SingleSignOnService'][] = array('index' => 0, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/SSOService.php', 'Binding' => SAML2_Const::BINDING_SOAP);
}
$metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
if ($idpmeta->hasValue('OrganizationName')) {
$metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName');
$metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']);
if (!$idpmeta->hasValue('OrganizationURL')) {
throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL');
}
if ($idpmeta->hasValue('scope')) {
$metaArray['scope'] = $idpmeta->getArray('scope');
}
if ($idpmeta->hasValue('EntityAttributes')) {
$metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes');
$session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
SimpleSAML_Utilities::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utilities::isAdmin();
$links = array();
$links_welcome = array();
$links_config = array();
$links_auth = array();
$links_federation = array();
if ($config->getBoolean('idpdisco.enableremember', FALSE)) {
$links_federation[] = array('href' => 'cleardiscochoices.php', 'text' => '{core:frontpage:link_cleardiscochoices}');
}
$links_federation[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/metadata-converter.php', 'text' => '{core:frontpage:link_xmlconvert}');
$allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation);
SimpleSAML_Module::callHooks('frontpage', $allLinks);
$metadataHosted = array();
SimpleSAML_Module::callHooks('metadata_hosted', $metadataHosted);
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$metaentries = array('hosted' => $metadataHosted, 'remote' => array());
if ($isadmin) {
$metaentries['remote']['saml20-idp-remote'] = $metadata->getList('saml20-idp-remote');
$metaentries['remote']['shib13-idp-remote'] = $metadata->getList('shib13-idp-remote');
}
if ($config->getBoolean('enable.saml20-sp', TRUE) === true) {
try {
$metaentries['hosted']['saml20-sp'] = $metadata->getMetaDataCurrent('saml20-sp-hosted');
$metaentries['hosted']['saml20-sp']['deprecated'] = TRUE;
$metaentries['hosted']['saml20-sp']['metadata-url'] = '/' . $config->getBaseURL() . 'saml2/sp/metadata.php?output=xhtml';
<?php
$config = SimpleSAML_Configuration::getInstance();
#$statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php');
$session = SimpleSAML_Session::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab';
$metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleSignOnService.php', 'SingleLogoutService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleLogoutService.php', 'certificate' => 'server.crt');
$metaArrayConfig = SimpleSAML_Configuration::loadFromArray($metaArray);
$certInfo = SimpleSAML_Utilities::loadPublicKey($metaArrayConfig, TRUE);
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
$metaBuilder->addMetadataIdP20($metaArray);
$metaBuilder->addOrganizationInfo($metaArray);
$metaBuilder->addContact('technical', array('emailAddress' => $config->getString('technicalcontact_email', NULL), 'name' => $config->getString('technicalcontact_name', NULL)));
$metaxml = $metaBuilder->getEntityDescriptorText();
if (isset($_REQUEST['xmlmetadata'])) {
$session->setData('fedlab', 'xmlmetadata', $_REQUEST['xmlmetadata']);
}
if (isset($_REQUEST['initurl'])) {
$session->setData('fedlab', 'initurl', $_REQUEST['initurl']);
}
if (isset($_REQUEST['initslo'])) {
$session->setData('fedlab', 'initslo', $_REQUEST['initslo']);
}
$xmldata = $session->getData('fedlab', 'xmlmetadata');
$initurl = $session->getData('fedlab', 'initurl');
$initslo = $session->getData('fedlab', 'initslo');
if (isset($_REQUEST['output']) && $_REQUEST['output'] == 'xml') {
header('Content-type: text/xml');
echo $metaxml;
exit;
$availableCerts['new_aa.crt'] = $certInfo;
$keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => true, 'X509Certificate' => $certInfo['certData']);
$hasNewCert = true;
} else {
$hasNewCert = false;
}
$certInfo = SimpleSAML_Utilities::loadPublicKey($aameta, true);
$availableCerts['aa.crt'] = $certInfo;
$keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => $hasNewCert ? false : true, 'X509Certificate' => $certInfo['certData']);
if ($aameta->hasValue('https.certificate')) {
$httpsCert = SimpleSAML_Utilities::loadPublicKey($aameta, true, 'https.');
assert('isset($httpsCert["certData"])');
$availableCerts['https.crt'] = $httpsCert;
$keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => false, 'X509Certificate' => $httpsCert['certData']);
}
$metaArray = array('metadata-set' => 'attributeauthority-hosted', 'entityid' => $aaentityid, 'protocols' => array(SAML2_Const::NS_SAMLP), 'AttributeService' => array(0 => array('Binding' => SAML2_Const::BINDING_SOAP, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'module.php/aa/attributeserver.php')));
if (count($keys) === 1) {
$metaArray['certData'] = $keys[0]['X509Certificate'];
} else {
$metaArray['keys'] = $keys;
}
$metaArray['NameIDFormat'] = array(SAML2_Const::NAMEID_PERSISTENT, SAML2_Const::NAMEID_TRANSIENT);
if ($aameta->hasValue('OrganizationName')) {
$metaArray['OrganizationName'] = $aameta->getLocalizedString('OrganizationName');
$metaArray['OrganizationDisplayName'] = $aameta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']);
if (!$aameta->hasValue('OrganizationURL')) {
throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metaArray['OrganizationURL'] = $aameta->getLocalizedString('OrganizationURL');
}
if ($aameta->hasValue('scope')) {
private function generateDynamicHostedEntityID($set)
{
/* Get the configuration. */
$baseurl = SimpleSAML_Utilities::getBaseURL();
if ($set === 'saml20-idp-hosted') {
return $baseurl . 'saml2/idp/metadata.php';
} elseif ($set === 'saml20-sp-hosted') {
return $baseurl . 'saml2/sp/metadata.php';
} elseif ($set === 'shib13-idp-hosted') {
return $baseurl . 'shib13/idp/metadata.php';
} elseif ($set === 'shib13-sp-hosted') {
return $baseurl . 'shib13/sp/metadata.php';
} elseif ($set === 'wsfed-sp-hosted') {
return 'urn:federation:' . SimpleSAML_Utilities::getSelfHost();
} elseif ($set === 'adfs-idp-hosted') {
return 'urn:federation:' . SimpleSAML_Utilities::getSelfHost() . ':idp';
} else {
throw new Exception('Can not generate dynamic EntityID for metadata of this type: [' . $set . ']');
}
}
/**
* Display this error.
*
* This method displays a standard simpleSAMLphp error page and exits.
*/
public function show()
{
$this->setHTTPCode();
/* Log the error message. */
$this->logError();
$errorData = $this->saveError();
$config = SimpleSAML_Configuration::getInstance();
$data['showerrors'] = $config->getBoolean('showerrors', true);
$data['error'] = $errorData;
$data['errorCode'] = $this->errorCode;
$data['parameters'] = $this->parameters;
$data['module'] = $this->module;
$data['dictTitle'] = $this->dictTitle;
$data['dictDescr'] = $this->dictDescr;
$data['includeTemplate'] = $this->includeTemplate;
/* Check if there is a valid technical contact email address. */
if ($config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') {
/* Enable error reporting. */
$baseurl = SimpleSAML_Utilities::getBaseURL();
$data['errorReportAddress'] = $baseurl . 'errorreport.php';
}
$session = SimpleSAML_Session::getInstance();
$attributes = $session->getAttributes();
if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
$data['email'] = $attributes['mail'][0];
} else {
$data['email'] = '';
}
$show_function = $config->getArray('errors.show_function', NULL);
if (isset($show_function)) {
assert('is_callable($show_function)');
call_user_func($show_function, $config, $data);
assert('FALSE');
} else {
$t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
$t->data = array_merge($t->data, $data);
$t->show();
}
exit;
}
/**
* Get absolute URL to a specified module resource.
*
* This function creates an absolute URL to a resource stored under ".../modules/<module>/www/".
*
* @param string $resource Resource path, on the form "<module name>/<resource>"
* @param array $parameters Extra parameters which should be added to the URL. Optional.
* @return string The absolute URL to the given resource.
*/
public static function getModuleURL($resource, array $parameters = array())
{
assert('is_string($resource)');
assert('$resource[0] !== "/"');
$url = SimpleSAML_Utilities::getBaseURL() . 'module.php/' . $resource;
if (!empty($parameters)) {
$url = SimpleSAML_Utilities::addURLparameter($url, $parameters);
}
return $url;
}
public static function sendLogoutResponse(SimpleSAML_IdP $idp, array $state)
{
// NB:: we don't know from which SP the logout request came from
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
SimpleSAML_Utilities::redirect($idpMetadata->getValue('redirect-after-logout', SimpleSAML_Utilities::getBaseURL()));
}
if ($config->getValue('secretsalt') === 'defaultsecretsalt') {
$warnings[] = '{core:frontpage:warnings_secretsalt}';
}
if (extension_loaded('suhosin')) {
$suhosinLength = ini_get('suhosin.get.max_value_length');
if (empty($suhosinLength) || (int) $suhosinLength < 2048) {
$warnings[] = '{core:frontpage:warnings_suhosin_url_length}';
}
}
$links = array();
$links_welcome = array();
$links_config = array();
$links_auth = array();
$links_federation = array();
$links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'example-simple/hostnames.php?dummy=1', 'text' => '{core:frontpage:link_diagnostics}');
$links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/phpinfo.php', 'text' => '{core:frontpage:link_phpinfo}');
$allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation);
SimpleSAML_Module::callHooks('frontpage', $allLinks);
$enablematrix = array('saml20-idp' => $config->getBoolean('enable.saml20-idp', false), 'shib13-idp' => $config->getBoolean('enable.shib13-idp', false));
$functionchecks = array('hash' => array('required', 'Hashing function'), 'gzinflate' => array('required', 'ZLib'), 'openssl_sign' => array('required', 'OpenSSL'), 'simplexml_import_dom' => array('required', 'SimpleXML'), 'dom_import_simplexml' => array('required', 'XML DOM'), 'preg_match' => array('required', 'RegEx support'), 'mcrypt_module_open' => array('required', 'MCrypt'), 'mysql_connect' => array('optional', 'MySQL support'));
if (SimpleSAML_Module::isModuleEnabled('ldap')) {
$functionchecks['ldap_bind'] = array('required_ldap', 'LDAP Extension');
}
if (SimpleSAML_Module::isModuleEnabled('radius')) {
$functionchecks['radius_auth_open'] = array('required_radius', 'Radius Extension');
}
$funcmatrix = array();
$funcmatrix[] = array('required' => 'required', 'descr' => 'PHP Version >= 5.2. You run: ' . phpversion(), 'enabled' => version_compare(phpversion(), '5.2', '>='));
foreach ($functionchecks as $func => $descr) {
$funcmatrix[] = array('descr' => $descr[1], 'required' => $descr[0], 'enabled' => function_exists($func));
}
/**
* Display this error.
*
* This method displays a standard simpleSAMLphp error page and exits.
*/
public function show()
{
$this->setHTTPCode();
/* Log the error message. */
$this->logError();
$errorData = $this->saveError();
$config = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
$t->data['showerrors'] = $config->getBoolean('showerrors', true);
$t->data['error'] = $errorData;
$t->data['errorCode'] = $this->errorCode;
$t->data['parameters'] = $this->parameters;
/* Check if there is a valid technical contact email address. */
if ($config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') {
/* Enable error reporting. */
$baseurl = SimpleSAML_Utilities::getBaseURL();
$t->data['errorReportAddress'] = $baseurl . 'errorreport.php';
}
$session = SimpleSAML_Session::getInstance();
$attributes = $session->getAttributes();
if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
$email = $attributes['mail'][0];
} else {
$email = '';
}
$t->data['email'] = $email;
$t->show();
exit;
}
