/** * Loads and merges in a file with a attribute map. * * @param string $fileName Name of attribute map file. Expected to be in the attributemap directory in the root * of the SimpleSAMLphp installation, or in the root of a module. * * @throws Exception If the filter could not load the requested attribute map file. */ private function loadMapFile($fileName) { $config = SimpleSAML_Configuration::getInstance(); $m = explode(':', $fileName); if (count($m) === 2) { // we are asked for a file in a module if (!SimpleSAML\Module::isModuleEnabled($m[0])) { throw new Exception("Module '{$m['0']}' is not enabled."); } $filePath = SimpleSAML\Module::getModuleDir($m[0]) . '/attributemap/' . $m[1] . '.php'; } else { $filePath = $config->getPathValue('attributenamemapdir', 'attributemap/') . $fileName . '.php'; } if (!file_exists($filePath)) { throw new Exception('Could not find attribute map file: ' . $filePath); } $attributemap = null; include $filePath; if (!is_array($attributemap)) { throw new Exception('Attribute map file "' . $filePath . '" didn\'t define an attribute map.'); } if ($this->duplicate) { $this->map = array_merge_recursive($this->map, $attributemap); } else { $this->map = array_merge($this->map, $attributemap); } }
/** * Constructor for SAML SP authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); if (!isset($config['entityID'])) { $config['entityID'] = $this->getMetadataURL(); } /* For compatibility with code that assumes that $metadata->getString('entityid') gives the entity id. */ $config['entityid'] = $config['entityID']; $this->metadata = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']'); $this->entityId = $this->metadata->getString('entityID'); $this->idp = $this->metadata->getString('idp', NULL); $this->discoURL = $this->metadata->getString('discoURL', NULL); if (empty($this->discoURL) && SimpleSAML\Module::isModuleEnabled('discojuice')) { $this->discoURL = SimpleSAML\Module::getModuleURL('discojuice/central.php'); } }
<?php $modules = SimpleSAML\Module::getModules(); sort($modules); $modinfo = array(); foreach ($modules as $m) { $modinfo[$m] = array('enabled' => SimpleSAML\Module::isModuleEnabled($m)); } $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'modinfo:modlist.php'); $t->data['modules'] = $modinfo; $t->show();
#!/usr/bin/env php <?php /* * This script can be used to generate metadata for SimpleSAMLphp * based on an XML metadata file. */ // This is the base directory of the SimpleSAMLphp installation $baseDir = dirname(dirname(dirname(dirname(__FILE__)))); // Add library autoloader. require_once $baseDir . '/lib/_autoload.php'; if (!SimpleSAML\Module::isModuleEnabled('metarefresh')) { echo "You need to enable the metarefresh module before this script can be used.\n"; echo "You can enable it by running the following command:\n"; echo ' echo >"' . $baseDir . '/modules/metarefresh/enable' . "\"\n"; exit(1); } /* Initialize the configuration. */ $configdir = SimpleSAML\Utils\Config::getConfigDir(); SimpleSAML_Configuration::setConfigDir($configdir); /* $outputDir contains the directory we will store the generated metadata in. */ $outputDir = $baseDir . '/metadata-generated'; /* $toStdOut is a boolean telling us wheter we will print the output to stdout instead * of writing it to files in $outputDir. */ $toStdOut = FALSE; /* $certificates contains the certificates which should be used to check the signature of the signed * EntityDescriptor in the metadata, or NULL if signature verification shouldn't be done. */ $certificates = NULL; /* $validateFingerprint contains the fingerprint of the certificate which should have been used * to sign the EntityDescriptor in the metadata, or NULL if fingerprint validation shouldn't be
$latest = json_decode($response, true); $session->setData("core:latest_simplesamlphp_version", "version", $latest); } curl_close($ch); } if ($latest && version_compare($current, ltrim($latest['tag_name'], 'v'), 'lt')) { $outdated = true; $warnings[] = array('{core:frontpage:warnings_outdated}', array('%LATEST_URL%' => $latest['html_url'])); } } $enablematrix = array('saml20-idp' => $config->getBoolean('enable.saml20-idp', false), 'shib13-idp' => $config->getBoolean('enable.shib13-idp', false)); $functionchecks = array('time' => array('required', 'Date/Time Extension'), 'hash' => array('required', 'Hashing function'), 'gzinflate' => array('required', 'ZLib'), 'openssl_sign' => array('required', 'OpenSSL'), 'dom_import_simplexml' => array('required', 'XML DOM'), 'preg_match' => array('required', 'RegEx support'), 'json_decode' => array('required', 'JSON support'), 'class_implements' => array('required', 'Standard PHP Library (SPL)'), 'curl_init' => array('optional', 'cURL (required if automatic version checks are used, also by some modules.'), 'mcrypt_module_open' => array('optional', 'MCrypt (required if digital signatures or encryption are used)'), 'session_start' => array('optional', 'Session Extension (required if PHP sessions are used)'), 'pdo_drivers' => array('optional', 'PDO Extension (required if a database backend is used)'), 'memcache_debug' => array('optional', 'Memcache Extension (required if a Memcached backend is used)')); if (SimpleSAML\Module::isModuleEnabled('ldap')) { $functionchecks['ldap_bind'] = array('optional', 'LDAP Extension (required if an LDAP backend is used)'); } if (SimpleSAML\Module::isModuleEnabled('radius')) { $functionchecks['radius_auth_open'] = array('optional', 'Radius Extension (required if a Radius backend is used)'); } $funcmatrix = array(); $funcmatrix[] = array('required' => 'required', 'descr' => 'PHP Version >= 5.3. You run: ' . phpversion(), 'enabled' => version_compare(phpversion(), '5.3', '>=')); foreach ($functionchecks as $func => $descr) { $funcmatrix[] = array('descr' => $descr[1], 'required' => $descr[0], 'enabled' => function_exists($func)); } /* Some basic configuration checks */ if ($config->getString('technicalcontact_email', '*****@*****.**') === '*****@*****.**') { $mail_ok = FALSE; } else { $mail_ok = TRUE; } $funcmatrix[] = array('required' => 'recommended', 'descr' => 'technicalcontact_email option set', 'enabled' => $mail_ok); if ($config->getString('auth.adminpassword', '123') === '123') {
assert('substr($url, 0, 1) === "/"'); /* clear the PATH_INFO option, so that a script can detect whether it is called with anything following the *'.php'-ending. */ unset($_SERVER['PATH_INFO']); $modEnd = strpos($url, '/', 1); if ($modEnd === false) { // the path must always be on the form /module/ throw new SimpleSAML_Error_NotFound('The URL must at least contain a module name followed by a slash.'); } $module = substr($url, 1, $modEnd - 1); $url = substr($url, $modEnd + 1); if ($url === false) { $url = ''; } if (!SimpleSAML\Module::isModuleEnabled($module)) { throw new SimpleSAML_Error_NotFound('The module \'' . $module . '\' was either not found, or wasn\'t enabled.'); } /* Make sure that the request isn't suspicious (contains references to current directory or parent directory or * anything like that. Searching for './' in the URL will detect both '../' and './'. Searching for '\' will detect * attempts to use Windows-style paths. */ if (strpos($url, '\\') !== false) { throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.'); } elseif (strpos($url, './') !== false) { throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.'); } $moduleDir = SimpleSAML\Module::getModuleDir($module) . '/www/'; // check for '.php/' in the path, the presence of which indicates that another php-script should handle the request for ($phpPos = strpos($url, '.php/'); $phpPos !== false; $phpPos = strpos($url, '.php/', $phpPos + 1)) { $newURL = substr($url, 0, $phpPos + 4);