/**
* Loads and merges in a file with a attribute map.
*
* @param string $fileName Name of attribute map file. Expected to be in the attributemap directory in the root
* of the SimpleSAMLphp installation, or in the root of a module.
*
* @throws Exception If the filter could not load the requested attribute map file.
*/
private function loadMapFile($fileName)
{
$config = SimpleSAML_Configuration::getInstance();
$m = explode(':', $fileName);
if (count($m) === 2) {
// we are asked for a file in a module
if (!SimpleSAML\Module::isModuleEnabled($m[0])) {
throw new Exception("Module '{$m['0']}' is not enabled.");
}
$filePath = SimpleSAML\Module::getModuleDir($m[0]) . '/attributemap/' . $m[1] . '.php';
} else {
$filePath = $config->getPathValue('attributenamemapdir', 'attributemap/') . $fileName . '.php';
}
if (!file_exists($filePath)) {
throw new Exception('Could not find attribute map file: ' . $filePath);
}
$attributemap = null;
include $filePath;
if (!is_array($attributemap)) {
throw new Exception('Attribute map file "' . $filePath . '" didn\'t define an attribute map.');
}
if ($this->duplicate) {
$this->map = array_merge_recursive($this->map, $attributemap);
} else {
$this->map = array_merge($this->map, $attributemap);
}
}
/**
* Constructor for SAML SP authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
// Call the parent constructor first, as required by the interface
parent::__construct($info, $config);
if (!isset($config['entityID'])) {
$config['entityID'] = $this->getMetadataURL();
}
/* For compatibility with code that assumes that $metadata->getString('entityid') gives the entity id. */
$config['entityid'] = $config['entityID'];
$this->metadata = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']');
$this->entityId = $this->metadata->getString('entityID');
$this->idp = $this->metadata->getString('idp', NULL);
$this->discoURL = $this->metadata->getString('discoURL', NULL);
if (empty($this->discoURL) && SimpleSAML\Module::isModuleEnabled('discojuice')) {
$this->discoURL = SimpleSAML\Module::getModuleURL('discojuice/central.php');
}
}
<?php
$modules = SimpleSAML\Module::getModules();
sort($modules);
$modinfo = array();
foreach ($modules as $m) {
$modinfo[$m] = array('enabled' => SimpleSAML\Module::isModuleEnabled($m));
}
$config = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($config, 'modinfo:modlist.php');
$t->data['modules'] = $modinfo;
$t->show();
#!/usr/bin/env php
<?php
/*
* This script can be used to generate metadata for SimpleSAMLphp
* based on an XML metadata file.
*/
// This is the base directory of the SimpleSAMLphp installation
$baseDir = dirname(dirname(dirname(dirname(__FILE__))));
// Add library autoloader.
require_once $baseDir . '/lib/_autoload.php';
if (!SimpleSAML\Module::isModuleEnabled('metarefresh')) {
echo "You need to enable the metarefresh module before this script can be used.\n";
echo "You can enable it by running the following command:\n";
echo ' echo >"' . $baseDir . '/modules/metarefresh/enable' . "\"\n";
exit(1);
}
/* Initialize the configuration. */
$configdir = SimpleSAML\Utils\Config::getConfigDir();
SimpleSAML_Configuration::setConfigDir($configdir);
/* $outputDir contains the directory we will store the generated metadata in. */
$outputDir = $baseDir . '/metadata-generated';
/* $toStdOut is a boolean telling us wheter we will print the output to stdout instead
* of writing it to files in $outputDir.
*/
$toStdOut = FALSE;
/* $certificates contains the certificates which should be used to check the signature of the signed
* EntityDescriptor in the metadata, or NULL if signature verification shouldn't be done.
*/
$certificates = NULL;
/* $validateFingerprint contains the fingerprint of the certificate which should have been used
* to sign the EntityDescriptor in the metadata, or NULL if fingerprint validation shouldn't be
$latest = json_decode($response, true);
$session->setData("core:latest_simplesamlphp_version", "version", $latest);
}
curl_close($ch);
}
if ($latest && version_compare($current, ltrim($latest['tag_name'], 'v'), 'lt')) {
$outdated = true;
$warnings[] = array('{core:frontpage:warnings_outdated}', array('%LATEST_URL%' => $latest['html_url']));
}
}
$enablematrix = array('saml20-idp' => $config->getBoolean('enable.saml20-idp', false), 'shib13-idp' => $config->getBoolean('enable.shib13-idp', false));
$functionchecks = array('time' => array('required', 'Date/Time Extension'), 'hash' => array('required', 'Hashing function'), 'gzinflate' => array('required', 'ZLib'), 'openssl_sign' => array('required', 'OpenSSL'), 'dom_import_simplexml' => array('required', 'XML DOM'), 'preg_match' => array('required', 'RegEx support'), 'json_decode' => array('required', 'JSON support'), 'class_implements' => array('required', 'Standard PHP Library (SPL)'), 'curl_init' => array('optional', 'cURL (required if automatic version checks are used, also by some modules.'), 'mcrypt_module_open' => array('optional', 'MCrypt (required if digital signatures or encryption are used)'), 'session_start' => array('optional', 'Session Extension (required if PHP sessions are used)'), 'pdo_drivers' => array('optional', 'PDO Extension (required if a database backend is used)'), 'memcache_debug' => array('optional', 'Memcache Extension (required if a Memcached backend is used)'));
if (SimpleSAML\Module::isModuleEnabled('ldap')) {
$functionchecks['ldap_bind'] = array('optional', 'LDAP Extension (required if an LDAP backend is used)');
}
if (SimpleSAML\Module::isModuleEnabled('radius')) {
$functionchecks['radius_auth_open'] = array('optional', 'Radius Extension (required if a Radius backend is used)');
}
$funcmatrix = array();
$funcmatrix[] = array('required' => 'required', 'descr' => 'PHP Version >= 5.3. You run: ' . phpversion(), 'enabled' => version_compare(phpversion(), '5.3', '>='));
foreach ($functionchecks as $func => $descr) {
$funcmatrix[] = array('descr' => $descr[1], 'required' => $descr[0], 'enabled' => function_exists($func));
}
/* Some basic configuration checks */
if ($config->getString('technicalcontact_email', '*****@*****.**') === '*****@*****.**') {
$mail_ok = FALSE;
} else {
$mail_ok = TRUE;
}
$funcmatrix[] = array('required' => 'recommended', 'descr' => 'technicalcontact_email option set', 'enabled' => $mail_ok);
if ($config->getString('auth.adminpassword', '123') === '123') {
assert('substr($url, 0, 1) === "/"');
/* clear the PATH_INFO option, so that a script can detect whether it is called with anything following the
*'.php'-ending.
*/
unset($_SERVER['PATH_INFO']);
$modEnd = strpos($url, '/', 1);
if ($modEnd === false) {
// the path must always be on the form /module/
throw new SimpleSAML_Error_NotFound('The URL must at least contain a module name followed by a slash.');
}
$module = substr($url, 1, $modEnd - 1);
$url = substr($url, $modEnd + 1);
if ($url === false) {
$url = '';
}
if (!SimpleSAML\Module::isModuleEnabled($module)) {
throw new SimpleSAML_Error_NotFound('The module \'' . $module . '\' was either not found, or wasn\'t enabled.');
}
/* Make sure that the request isn't suspicious (contains references to current directory or parent directory or
* anything like that. Searching for './' in the URL will detect both '../' and './'. Searching for '\' will detect
* attempts to use Windows-style paths.
*/
if (strpos($url, '\\') !== false) {
throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.');
} elseif (strpos($url, './') !== false) {
throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.');
}
$moduleDir = SimpleSAML\Module::getModuleDir($module) . '/www/';
// check for '.php/' in the path, the presence of which indicates that another php-script should handle the request
for ($phpPos = strpos($url, '.php/'); $phpPos !== false; $phpPos = strpos($url, '.php/', $phpPos + 1)) {
$newURL = substr($url, 0, $phpPos + 4);
