/**
* Attach the data to the token, and establish the Callback URL (and verifier for 1.0a protocol handling)
* @param $requestTokenKey RequestToken that was authorized
* @param $data Data that is authorized and to be attached to the requestToken
* @return array(string:url, string:verifier) ; empty verifier for 1.0-response
*/
public function authorize($requestTokenKey, $data)
{
$url = null;
$verifier = '';
$version = $this->defaultversion;
// See whether to remember values from the original requestToken request:
$request_attributes = $this->store->get('requesttorequest', $requestTokenKey, '');
// must be there ..
if ($request_attributes['value']) {
// establish version to work with
$v = $request_attributes['value']['version'];
if ($v) {
$version = $v;
}
// establish callback to use
if ($request_attributes['value']['callback']) {
$url = $request_attributes['value']['callback'];
}
}
// Is there a callback registered? This is leading, even over a supplied oauth_callback-parameter
$oConsumer = $this->lookup_consumer($request_attributes['value']['consumerKey']);
if ($oConsumer && $oConsumer->callback_url) {
$url = $oConsumer->callback_url;
}
if ($version == '1.0a') {
$verifier = SimpleSAML_Utilities::generateID();
$url = SimpleSAML_Utilities::addURLparameter($url, array("oauth_verifier" => $verifier));
}
$this->store->set('authorized', $requestTokenKey, $verifier, $data, $this->config->getValue('requestTokenDuration', 60 * 30));
return array($url, $verifier);
}
/**
* Create the redirect URL for a message.
*
* @param SAML2_Message $message The message.
* @return string The URL the user should be redirected to in order to send a message.
* @throws Exception
*/
public function getRedirectURL(SAML2_Message $message)
{
$store = SimpleSAML_Store::getInstance();
if ($store === FALSE) {
throw new Exception('Unable to send artifact without a datastore configured.');
}
$generatedId = pack('H*', (string) SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(20)));
$artifact = base64_encode("" . sha1($message->getIssuer(), TRUE) . $generatedId);
$artifactData = $message->toUnsignedXML();
$artifactDataString = $artifactData->ownerDocument->saveXML($artifactData);
$store->set('artifact', $artifact, $artifactDataString, time() + 15 * 60);
$params = array('SAMLart' => $artifact);
$relayState = $message->getRelayState();
if ($relayState !== NULL) {
$params['RelayState'] = $relayState;
}
return SimpleSAML_Utilities::addURLparameter($message->getDestination(), $params);
}
/**
* Log-in using Twitter platform
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
/* We are going to need the authId in order to retrieve this authentication source later. */
$state[self::AUTHID] = $this->authId;
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
$consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
// Get the request token
$linkback = SimpleSAML_Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID));
$requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback));
SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]");
$state['authtwitter:authdata:requestToken'] = $requestToken;
SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
// Authorize the request token
$url = 'https://api.twitter.com/oauth/authenticate';
if ($this->force_login) {
$url = SimpleSAML_Utilities::addURLparameter($url, array('force_login' => 'true'));
}
$consumer->getAuthorizeRequest($url, $requestToken);
}
$links_welcome = array();
$links_config = array();
$links_auth = array();
$links_federation = array();
if ($config->getBoolean('idpdisco.enableremember', FALSE)) {
$links_federation[] = array('href' => 'cleardiscochoices.php', 'text' => '{core:frontpage:link_cleardiscochoices}');
}
$publishURL = $config->getString('metashare.publishurl', NULL);
if ($publishURL !== NULL) {
$metadataSources = array('saml20-idp' => 'saml2/idp/metadata.php', 'saml20-sp' => 'saml2/sp/metadata.php', 'shib13-idp' => 'shib13/idp/metadata.php', 'shib13-sp' => 'shib13/sp/metadata.php');
foreach ($metadataSources as $name => $url) {
if (!$config->getBoolean('enable.' . $name, FALSE)) {
continue;
}
$url = SimpleSAML_Utilities::getBaseURL() . $url;
$linkTarget = SimpleSAML_Utilities::addURLparameter($publishURL, array('url' => $url));
$links_federation[] = array('href' => $linkTarget, 'text' => '{core:frontpage:link_publish_' . $name . '}');
}
}
$links_federation[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/metadata.php', 'text' => '{core:frontpage:link_meta_overview}');
$links_federation[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/metadata-converter.php', 'text' => '{core:frontpage:link_xmlconvert}');
$allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation);
SimpleSAML_Module::callHooks('frontpage', $allLinks);
$metadataHosted = array();
SimpleSAML_Module::callHooks('metadata_hosted', $metadataHosted);
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$metaentries = array('hosted' => $metadataHosted, 'remote' => array());
if ($isadmin) {
$metaentries['remote']['saml20-idp-remote'] = $metadata->getList('saml20-idp-remote');
$metaentries['remote']['shib13-idp-remote'] = $metadata->getList('shib13-idp-remote');
}
/**
* Save the state, and return an URL that can contain a reference to the state.
*
* @param string $page The name of the page.
* @param array $state The state array.
* @return string An URL with the state ID as a parameter.
*/
private function getStateURL($page, array $state)
{
assert('is_string($page)');
$stateId = SimpleSAML_Auth_State::saveState($state, 'openidProvider:resumeState');
$stateURL = SimpleSAML_Module::getModuleURL('openidProvider/' . $page);
$stateURL = SimpleSAML_Utilities::addURLparameter($stateURL, array('StateID' => $stateId));
return $stateURL;
}
}
if ($needAuth && !$isPassive) {
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Will go to authentication module ' . $idpmetadata['auth']);
$authId = SimpleSAML_Utilities::generateID();
$session->setAuthnRequest('saml2', $authId, $requestcache);
$redirectTo = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($authId);
if ($authSource) {
/* Authenticate with an AuthSource. */
/* The user will be redirected to this URL if the session is lost. This will cause an
* unsoliced authentication response to be sent to the SP.
*/
$sessionLostParams = array('spentityid' => $requestcache['Issuer']);
if (isset($requestcache['RelayState'])) {
$sessionLostParams['RelayState'] = $requestcache['RelayState'];
}
$sessionLostURL = SimpleSAML_Utilities::addURLparameter($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'), $sessionLostParams);
$hints = array('SPMetadata' => $metadata->getMetaData($requestcache['Issuer'], 'saml20-sp-remote'), 'IdPMetadata' => $idpmetadata, SimpleSAML_Auth_State::RESTART => $sessionLostURL);
SimpleSAML_Auth_Default::initLogin($idpmetadata['auth'], $redirectTo, $redirectTo, $hints);
} else {
$authurl = '/' . $config->getBaseURL() . $idpmetadata['auth'];
SimpleSAML_Utilities::redirect($authurl, array('RelayState' => $redirectTo, 'AuthId' => $authId, 'protocol' => 'saml2'));
}
} elseif ($needAuth) {
/* We have a passive request, but need authentication. Send back a response indicating that
* the user didn't have a valid session.
*/
handleError(new SimpleSAML_Error_NoPassive('Passive authentication requested, but no session available.'));
/**
* We got an request, and we have a valid session. Then we send an AuthnResponse back to the
* service.
*/
$site = $op[1];
$site = pack("H*", $site);
$server->removeTrustRoot($identity, $site);
}
}
SimpleSAML_Utilities::redirect($identity);
}
if ($ownPage) {
$trustedSites = $server->getTrustRoots($identity);
} else {
$trustedSites = array();
}
$userBase = SimpleSAML_Module::getModuleURL('openidProvider/user.php');
$xrds = SimpleSAML_Module::getModuleURL('openidProvider/xrds.php');
if ($userId !== FALSE) {
$xrds = SimpleSAML_Utilities::addURLparameter($xrds, array('user' => $userId));
}
$as = $server->getAuthSource();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'openidProvider:user.tpl.php');
$t->data['identity'] = $identity;
$t->data['loggedInAs'] = $server->getUserId();
$t->data['loginURL'] = $as->getLoginURL($userBase);
$t->data['logoutURL'] = $as->getLogoutURL();
$t->data['ownPage'] = $ownPage;
$t->data['serverURL'] = $server->getServerURL();
$t->data['trustedSites'] = $trustedSites;
$t->data['userId'] = $userId;
$t->data['userIdURL'] = $userBase . '/' . $userId;
$t->data['xrdsURL'] = $xrds;
$t->show();
exit(0);
throw new sspmod_selfregister_Error_UserException('void_value', 'mail', '', 'Validation of user input failed.' . ' Field:' . 'mail' . ' is empty');
} else {
throw new sspmod_selfregister_Error_UserException('illegale_value', 'mail', $rawValue, 'Validation of user input failed.' . ' Field:' . 'mail' . ' Value:' . $rawValue);
}
}
$store = sspmod_selfregister_Storage_UserCatalogue::instantiateStorage();
if ($store->isRegistered('mail', $email)) {
$html = new SimpleSAML_XHTML_Template($config, 'selfregister:step5_mailUsed.tpl.php', 'selfregister:selfregister');
$html->data['systemName'] = $systemName;
$html->show();
} else {
$tg = new SimpleSAML_Auth_TimeLimitedToken($tokenLifetime);
$tg->addVerificationData($email);
$newToken = $tg->generate_token();
$url = SimpleSAML_Utilities::selfURL();
$registerurl = SimpleSAML_Utilities::addURLparameter($url, array('email' => $email, 'token' => $newToken));
$mailt = new SimpleSAML_XHTML_Template($config, 'selfregister:mail1_token.tpl.php', 'selfregister:selfregister');
$mailt->data['email'] = $email;
$mailt->data['registerurl'] = $registerurl;
$mailt->data['systemName'] = $systemName;
$mailer = new sspmod_selfregister_XHTML_Mailer($email, $uregconf->getString('mail.subject'), $uregconf->getString('mail.from'), NULL, $uregconf->getString('mail.replyto'));
$mailer->setTemplate($mailt);
$mailer->send();
$html = new SimpleSAML_XHTML_Template($config, 'selfregister:step2_sent.tpl.php', 'selfregister:selfregister');
$html->data['systemName'] = $systemName;
$html->show();
}
} catch (sspmod_selfregister_Error_UserException $e) {
$et = new SimpleSAML_XHTML_Template($config, 'selfregister:step1_email.tpl.php', 'selfregister:selfregister');
$et->data['email'] = $_POST['emailreg'];
$et->data['systemName'] = $systemName;
/**
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$supportedBindings = array(SAML2_Const::BINDING_HTTP_POST);
if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) {
$supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT;
}
if (isset($_REQUEST['spentityid'])) {
/* IdP initiated authentication. */
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int) $_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL());
}
}
$spEntityId = (string) $_REQUEST['spentityid'];
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
if (isset($_REQUEST['RelayState'])) {
$relayState = (string) $_REQUEST['RelayState'];
} else {
$relayState = NULL;
}
if (isset($_REQUEST['binding'])) {
$protocolBinding = (string) $_REQUEST['binding'];
} else {
$protocolBinding = NULL;
}
if (isset($_REQUEST['NameIDFormat'])) {
$nameIDFormat = (string) $_REQUEST['NameIDFormat'];
} else {
$nameIDFormat = NULL;
}
$requestId = NULL;
$IDPList = array();
$ProxyCount = NULL;
$RequesterID = NULL;
$forceAuthn = FALSE;
$isPassive = FALSE;
$consumerURL = NULL;
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: ' . var_export($spEntityId, TRUE));
} else {
$binding = SAML2_Binding::getCurrentBinding();
$request = $binding->receive();
if (!$request instanceof SAML2_AuthnRequest) {
throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.');
}
$spEntityId = $request->getIssuer();
if ($spEntityId === NULL) {
throw new SimpleSAML_Error_BadRequest('Received message on authentication request endpoint without issuer.');
}
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $request);
$relayState = $request->getRelayState();
$requestId = $request->getId();
$IDPList = $request->getIDPList();
$ProxyCount = $request->getProxyCount();
if ($ProxyCount !== null) {
$ProxyCount--;
}
$RequesterID = $request->getRequesterID();
$forceAuthn = $request->getForceAuthn();
$isPassive = $request->getIsPassive();
$consumerURL = $request->getAssertionConsumerServiceURL();
$protocolBinding = $request->getProtocolBinding();
$nameIdPolicy = $request->getNameIdPolicy();
if (isset($nameIdPolicy['Format'])) {
$nameIDFormat = $nameIdPolicy['Format'];
} else {
$nameIDFormat = NULL;
}
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: ' . var_export($spEntityId, TRUE));
}
if ($protocolBinding === NULL || !in_array($protocolBinding, $supportedBindings, TRUE)) {
/*
* No binding specified or unsupported binding requested - default to HTTP-POST.
* TODO: Select any supported binding based on default endpoint?
*/
$protocolBinding = SAML2_Const::BINDING_HTTP_POST;
}
if ($consumerURL !== NULL) {
$found = FALSE;
foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
if ($ep['Binding'] !== $protocolBinding) {
continue;
}
if ($ep['Location'] !== $consumerURL) {
continue;
}
$found = TRUE;
break;
}
if (!$found) {
SimpleSAML_Logger::warning('Authentication request from ' . var_export($spEntityId, TRUE) . ' contains invalid AssertionConsumerService URL. Was ' . var_export($consumerURL, TRUE) . '.');
$consumerURL = NULL;
}
}
if ($consumerURL === NULL) {
/* Not specified or invalid. Use default. */
$consumerURL = $spMetadata->getDefaultEndpoint('AssertionConsumerService', array($protocolBinding));
$consumerURL = $consumerURL['Location'];
}
$IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array())));
if ($ProxyCount == null) {
$ProxyCount = $spMetadata->getInteger('ProxyCount', null);
}
if (!$forceAuthn) {
$forceAuthn = $spMetadata->getBoolean('ForceAuthn', FALSE);
}
$sessionLostParams = array('spentityid' => $spEntityId, 'cookieTime' => time());
if ($relayState !== NULL) {
$sessionLostParams['RelayState'] = $relayState;
}
$sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), $sessionLostParams);
$state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendResponse'), SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC => array('sspmod_saml_IdP_SAML2', 'handleAuthError'), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'SPMetadata' => $spMetadata->toArray(), 'saml:RelayState' => $relayState, 'saml:RequestId' => $requestId, 'saml:IDPList' => $IDPList, 'saml:ProxyCount' => $ProxyCount, 'saml:RequesterID' => $RequesterID, 'ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'saml:ConsumerURL' => $consumerURL, 'saml:Binding' => $protocolBinding, 'saml:NameIDFormat' => $nameIDFormat);
$idp->handleAuthenticationRequest($state);
}
<?php
if (empty($_REQUEST['entityID'])) {
throw new Exception('Missing parameter [entityID]');
}
if (empty($_REQUEST['return'])) {
throw new Exception('Missing parameter [return]');
}
$djconfig = SimpleSAML_Configuration::getOptionalConfig('discojuice.php');
$config = SimpleSAML_Configuration::getInstance();
// EntityID
$entityid = $_REQUEST['entityID'];
// Return to...
$returnidparam = !empty($_REQUEST['returnIDParam']) ? $_REQUEST['returnIDParam'] : 'entityID';
$href = SimpleSAML_Utilities::addURLparameter($_REQUEST['return'], array($returnidparam => ''));
$hostedConfig = array($djconfig->getString('name', 'Service'), $entityid, SimpleSAML_Module::getModuleURL('discojuice/response.html'), $djconfig->getArray('feeds', array('edugain')), $href);
/*
"a.signin", "Teest Demooo",
"https://example.org/saml2/entityid",
"' . SimpleSAML_Module::getModuleURL('discojuice/discojuice/discojuiceDiscoveryResponse.html') . '", ["kalmar"], "http://example.org/login?idp="
*/
$t = new SimpleSAML_XHTML_Template($config, 'discojuice:central.tpl.php');
$t->data['hostedConfig'] = $hostedConfig;
$t->data['enableCentralStorage'] = $djconfig->getBoolean('enableCentralStorage', true);
$t->data['additionalFeeds'] = $djconfig->getArray('additionalFeeds', null);
$t->show();
* renew
* gateway
*
*/
if (!array_key_exists('service', $_GET)) {
throw new Exception('Required URL query parameter [service] not provided. (CAS Server)');
}
$service = $_GET['service'];
$forceAuthn = isset($_GET['renew']) && $_GET['renew'];
$isPassive = isset($_GET['gateway']) && $_GET['gateway'];
$config = SimpleSAML_Configuration::getInstance();
$casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
$legal_service_urls = $casconfig->getValue('legal_service_urls');
if (!checkServiceURL($service, $legal_service_urls)) {
throw new Exception('Service parameter provided to CAS server is not listed as a legal service: [service] = ' . $service);
}
$auth = $casconfig->getValue('auth', 'saml2');
if (!in_array($auth, array('saml2', 'shib13'))) {
throw new Exception('CAS Service configured to use [auth] = ' . $auth . ' only [saml2,shib13] is legal.');
}
$as = new SimpleSAML_Auth_Simple($auth);
if (!$as->isAuthenticated()) {
$params = array('ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive);
$as->login($params);
}
$attributes = $as->getAttributes();
$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', '/tmp'));
$ticket = str_replace('_', 'ST-', SimpleSAML_Utilities::generateID());
storeTicket($ticket, $path, array('service' => $service, 'forceAuthn' => $forceAuthn, 'attributes' => $attributes, 'proxies' => array(), 'validbefore' => time() + 5));
SimpleSAML_Utilities::redirectTrustedURL(SimpleSAML_Utilities::addURLparameter($service, array('ticket' => $ticket)));
/**
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int) $_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL());
}
}
if (!isset($_REQUEST['providerId'])) {
throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');
}
$spEntityId = (string) $_REQUEST['providerId'];
if (!isset($_REQUEST['shire'])) {
throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');
}
$shire = (string) $_REQUEST['shire'];
if (isset($_REQUEST['target'])) {
$target = $_REQUEST['target'];
} else {
$target = NULL;
}
SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.');
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
$found = FALSE;
foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {
continue;
}
if ($ep['Location'] !== $shire) {
continue;
}
$found = TRUE;
break;
}
if (!$found) {
throw new Exception('Invalid AssertionConsumerService for SP ' . var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));
}
SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'protocol' => 'saml1'));
$sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('cookieTime' => time()));
$state = array('Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'), 'SPMetadata' => $spMetadata->toArray(), 'saml:shire' => $shire, 'saml:target' => $target, 'saml:AuthnRequestReceivedAt' => microtime(TRUE));
$idp->handleAuthenticationRequest($state);
}
/**
* Start an IdP discovery service operation.
*
* @param array $state The state array.
*/
private function startDisco(array $state)
{
$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
$config = SimpleSAML_Configuration::getInstance();
$discoURL = $this->discoURL;
if ($discoURL === NULL) {
/* Fallback to internal discovery service. */
$discoURL = SimpleSAML_Module::getModuleURL('saml/disco.php');
}
$returnTo = SimpleSAML_Module::getModuleURL('saml/sp/discoresp.php');
$returnTo = SimpleSAML_Utilities::addURLparameter($returnTo, array('AuthID' => $id));
SimpleSAML_Utilities::redirect($discoURL, array('entityID' => $this->entityId, 'return' => $returnTo, 'returnIDParam' => 'idpentityid'));
}
$server->add_signature_method($hmac_method);
$server->add_signature_method($plaintext_method);
$server->add_signature_method($rsa_method);
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
$as = $oauthconfig->getString('auth');
if (!$session->isValid($as)) {
SimpleSAML_Auth_Default::initLogin($as, SimpleSAML_Utilities::selfURL());
}
if (!empty($_REQUEST['consent'])) {
$consumer = $store->lookup_consumer_by_requestToken($requestToken);
$t = new SimpleSAML_XHTML_Template($config, 'oauth:consent.php');
$t->data['header'] = '{status:header_saml20_sp}';
$t->data['consumer'] = $consumer;
// array containint {name, description, key, secret, owner} keys
$t->data['urlAgree'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array("consent" => "yes"));
$t->data['logouturl'] = SimpleSAML_Utilities::selfURLNoQuery() . '?logout';
$t->show();
exit;
// and be done.
}
$attributes = $session->getAttributes();
// Assume user consent at this point and proceed with authorizing the token
list($url, $verifier) = $store->authorize($requestToken, $attributes);
if ($url) {
// If authorize() returns a URL, take user there (oauth1.0a)
SimpleSAML_Utilities::redirectTrustedURL($url);
} else {
if (isset($_REQUEST['oauth_callback'])) {
// If callback was provided in the request (oauth1.0)
SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['oauth_callback']);
'hu' => 'Magyar', // Hungarian
'pl' => 'Język polski', // Polish
'pt' => 'Português', // Portuguese
'pt-BR' => 'Português brasileiro', // Portuguese
'tr' => 'Türkçe',
'el' => 'ελληνικά',
'ja' => '日本語',
'zh-tw' => '中文',
);
$textarray = array();
foreach ($languages AS $lang => $current) {
if ($current) {
$textarray[] = $langnames[$lang];
} else {
$textarray[] = '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('language' => $lang))) . '">' .
$langnames[$lang] . '</a>';
}
}
echo join(' | ', $textarray);
echo '</div>';
}
?>
<div id="content">
public function getAuthorizeRequest($url, $requestToken, $redirect = TRUE, $callback = NULL)
{
$params = array('oauth_token' => $requestToken->key);
if ($callback) {
$params['oauth_callback'] = $callback;
}
$authorizeURL = SimpleSAML_Utilities::addURLparameter($url, $params);
if ($redirect) {
SimpleSAML_Utilities::redirectTrustedURL($authorizeURL);
exit;
}
return $authorizeURL;
}
/**
* Initiate authentication. Returns a URL to redirect the user to.
*
* @param string $app_url The SSP URL to return to after authenticating (similar to an ACS).
*/
public function request_authentication($app_url)
{
$res = $this->call_aselect('authenticate', array('app_id' => $this->app_id, 'app_url' => $app_url));
$as_url = $res['as_url'];
unset($res['as_url']);
return SimpleSAML_Utilities::addURLparameter($as_url, $res);
}
SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL());
}
}
# module.php/virtualorg/data_oauth_json.php
$baseurl = 'http://vo.rnd.feide.no/simplesaml/';
$key = 'key';
$secret = 'secret';
$consumer = new sspmod_oauth_Consumer($key, $secret);
if (isset($_REQUEST['step']) && $_REQUEST['step'] == '1') {
$oauthsess = SimpleSAML_Utilities::generateID();
// Get the request token
$requestToken = $consumer->getRequestToken($baseurl . '/module.php/oauth/requestToken.php');
#print_r($requestToken); exit;
$session->setData('oauthSess', $oauthsess, serialize($requestToken));
# echo "Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]\n";
$callback = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('step' => '2', 'oauthsess' => $oauthsess));
// Authorize the request token
$url = $consumer->getAuthorizeRequest($baseurl . '/module.php/oauth/authorize.php', $requestToken, TRUE, $callback);
# echo('Go to this URL to authenticate/authorize the request: ' . $url . "\n");
} elseif (isset($_REQUEST['step']) && $_REQUEST['step'] == '2') {
$requestToken = unserialize($session->getData('oauthSess', $_REQUEST['oauthsess']));
# print_r($requestToken); exit;
// Replace the request token with an access token
$accessToken = $consumer->getAccessToken($baseurl . '/module.php/oauth/accessToken.php', $requestToken);
$session->setData('accessToken', 'accesstoken', serialize($accessToken));
SimpleSAML_Utilities::redirect('index.php?step=3');
exit;
}
if ($adata = $session->getData('accessToken', 'accesstoken')) {
$accessToken = unserialize($adata);
$vomemberships = $consumer->getUserInfo($baseurl . '/module.php/virtualorg/data_oauth_json.php?method=memberOf', $accessToken);
/**
* Uses the cas service validate, this provides additional attributes
*
* @param string $ticket
* @param string $service
* @return list username and attributes
*/
private function casServiceValidate($ticket, $service)
{
$url = SimpleSAML_Utilities::addURLparameter($this->_casConfig['serviceValidate'], array('ticket' => $ticket, 'service' => $service));
$result = SimpleSAML_Utilities::fetch($url);
$dom = DOMDocument::loadXML($result);
$xPath = new DOMXpath($dom);
$xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
$success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
if ($success->length == 0) {
$failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure");
throw new Exception("Error when validating CAS service ticket: " . $failure->item(0)->textContent);
} else {
$attributes = array();
if ($casattributes = $this->_casConfig['attributes']) {
# some has attributes in the xml - attributes is a list of XPath expressions to get them
foreach ($casattributes as $name => $query) {
$attrs = $xPath->query($query);
foreach ($attrs as $attrvalue) {
$attributes[$name][] = $attrvalue->textContent;
}
}
}
$casusername = $success->item(0)->textContent;
return array($casusername, $attributes);
}
}
}
if (!array_key_exists('token', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing authToken.');
}
$token = $_REQUEST['token'];
if ($token !== $authTokenContactsSP) {
throw new SimpleSAML_Error_Exception('Invalid AuthToken');
}
$ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php');
$ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php');
$debug = $ldapconfig->getValue('ldapDebug', FALSE);
$orgs = $ldapconfig->getValue('organizations');
$locationTemplate = $ldapconfig->getValue('locationTemplate');
$isAdmin = FALSE;
$secretURL = NULL;
$ignore = '';
if (array_key_exists('ignore', $_REQUEST)) {
$ignore = '&ignore=' . $_REQUEST['ignore'];
}
$secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|hobbit');
$secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('key' => $secretKey));
function generateSecret($salt, $orgtest)
{
$secretKey = sha1('ldapstatus|' . $salt . '|' . $orgtest);
return $secretKey;
}
header('Content-Type: text/plain');
foreach ($orgs as $orgkey => $org) {
$url = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLhost() . SimpleSAML_Utilities::getFirstPathElement() . '/module.php/ldapstatus/', array('orgtest' => $orgkey, 'output' => 'text', 'key' => generateSecret(SimpleSAML_Utilities::getSecretSalt(), $orgkey)));
echo "0.0.0.0 " . $orgkey . " # noconn feidesjekk:" . $url . $ignore . ";OOOKKK\n";
}
*/
if ($idpentityid === NULL) {
SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
/* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
* Falling back to builtin discovery service.
*/
if (array_key_exists('idpdisco.url', $spmetadata)) {
$discourl = $spmetadata['idpdisco.url'];
} elseif ($config->getString('idpdisco.url.saml20', NULL) !== NULL) {
$discourl = $config->getString('idpdisco.url.saml20');
} else {
$discourl = SimpleSAML_Utilities::getBaseURL() . 'saml2/sp/idpdisco.php';
}
$extDiscoveryStorage = $config->getString('idpdisco.extDiscoveryStorage', NULL);
if ($extDiscoveryStorage !== NULL) {
SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true'));
}
$discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid');
$discoparameters['isPassive'] = $isPassive;
if (sizeof($reachableIDPs) > 0) {
$discoparameters['IDPList'] = $reachableIDPs;
}
SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters);
}
/*
* Create and send authentication request to the IdP.
*/
try {
$spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-hosted');
$idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-remote');
$ar = sspmod_saml_Message::buildAuthnRequest($spMetadata, $idpMetadata);
$metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']);
if (!$idpmeta->hasValue('OrganizationURL')) {
throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL');
}
$metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';';
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
$metaBuilder->addMetadataIdP11($metaArray);
$metaBuilder->addOrganizationInfo($metaArray);
$metaBuilder->addContact('technical', array('emailAddress' => $config->getString('technicalcontact_email', NULL), 'name' => $config->getString('technicalcontact_name', NULL)));
$metaxml = $metaBuilder->getEntityDescriptorText();
/* Sign the metadata if enabled. */
$metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'Shib 1.3 IdP');
if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') {
$defaultidp = $config->getString('default-shib13-idp', NULL);
$t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin');
$t->data['header'] = 'shib13-idp';
$t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('output' => 'xml'));
$t->data['metadata'] = htmlspecialchars($metaxml);
$t->data['metadataflat'] = htmlspecialchars($metaflat);
$t->data['defaultidp'] = $defaultidp;
$t->show();
} else {
header('Content-Type: application/xml');
echo $metaxml;
exit(0);
}
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('METADATA', $exception);
}
/**
* Get absolute URL to a specified module resource.
*
* This function creates an absolute URL to a resource stored under ".../modules/<module>/www/".
*
* @param string $resource Resource path, on the form "<module name>/<resource>"
* @param array $parameters Extra parameters which should be added to the URL. Optional.
* @return string The absolute URL to the given resource.
*/
public static function getModuleURL($resource, array $parameters = array())
{
assert('is_string($resource)');
assert('$resource[0] !== "/"');
$url = SimpleSAML_Utilities::getBaseURL() . 'module.php/' . $resource;
if (!empty($parameters)) {
$url = SimpleSAML_Utilities::addURLparameter($url, $parameters);
}
return $url;
}
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
$ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php');
$ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php');
$debug = $ldapconfig->getValue('ldapDebug', FALSE);
$orgs = $ldapconfig->getValue('organizations');
$locationTemplate = $ldapconfig->getValue('locationTemplate');
if (array_key_exists('orgtest', $_REQUEST)) {
$orgtest = $_REQUEST['orgtest'];
if (!array_key_exists($orgtest, $orgs)) {
throw new SimpleSAML_Error_NotFound('The organization ' . var_export($orgtest, TRUE) . ' could not be found.');
}
$orgConfig = SimpleSAML_Configuration::loadFromArray($orgs[$orgtest], 'org:[' . $orgtest . ']');
$secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $_REQUEST['orgtest']);
$secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('orgtest' => $_REQUEST['orgtest'], 'key' => $secretKey));
} else {
$orgtest = NULL;
$orgConfig = NULL;
$secretKey = NULL;
$secretURL = NULL;
}
$authsource = $ldapconfig->getString('ldapstatusAuth', NULL);
if ($session->isValid($authsource)) {
$attributes = $session->getAttributes();
} else {
$attributes = array();
}
$useridattr = $ldapconfig->getString('useridattr', 'eduPersonPrincipalName');
if (isset($attributes[$useridattr][0])) {
$userId = $attributes[$useridattr][0];
/**
* Retrieve an URL that can be used to log the user out.
*
* @param string|NULL $returnTo
* The page the user should be returned to afterwards. If this parameter
* is NULL, the user will be returned to the current page.
* @return string
* An URL which is suitable for use in link-elements.
*/
public function getLogoutURL($returnTo = NULL)
{
assert('is_null($returnTo) || is_string($returnTo)');
if ($returnTo === NULL) {
$returnTo = SimpleSAML_Utilities::selfURL();
}
$logout = SimpleSAML_Module::getModuleURL('core/as_logout.php');
$logout = SimpleSAML_Utilities::addURLparameter($logout, array('AuthId' => $this->authSource, 'ReturnTo' => $returnTo));
return $logout;
}
/**
* Helper function for sending CDC messages.
*
* @param string $to The URL the message should be delivered to.
* @param string $parameter The query parameter the message should be sent in.
* @param array $message The CDC message.
*/
private function send($to, $parameter, array $message)
{
assert('is_string($to)');
assert('is_string($parameter)');
$message['timestamp'] = time();
$message = json_encode($message);
$message = base64_encode($message);
$signature = $this->calcSignature($message);
$params = array($parameter => $message, 'Signature' => $signature);
$url = SimpleSAML_Utilities::addURLparameter($to, $params);
if (strlen($url) < 2048) {
SimpleSAML_Utilities::redirectTrustedURL($url);
} else {
SimpleSAML_Utilities::postRedirect($to, $params);
}
}
/**
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$supportedBindings = array(SAML2_Const::BINDING_HTTP_POST);
if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) {
$supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT;
}
if ($idpMetadata->getBoolean('saml20.hok.assertion', FALSE)) {
$supportedBindings[] = SAML2_Const::BINDING_HOK_SSO;
}
if (isset($_REQUEST['spentityid'])) {
/* IdP initiated authentication. */
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int) $_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL());
}
}
$spEntityId = (string) $_REQUEST['spentityid'];
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
if (isset($_REQUEST['RelayState'])) {
$relayState = (string) $_REQUEST['RelayState'];
} else {
$relayState = NULL;
}
if (isset($_REQUEST['binding'])) {
$protocolBinding = (string) $_REQUEST['binding'];
} else {
$protocolBinding = NULL;
}
if (isset($_REQUEST['NameIDFormat'])) {
$nameIDFormat = (string) $_REQUEST['NameIDFormat'];
} else {
$nameIDFormat = NULL;
}
$requestId = NULL;
$IDPList = array();
$ProxyCount = NULL;
$RequesterID = NULL;
$forceAuthn = FALSE;
$isPassive = FALSE;
$consumerURL = NULL;
$consumerIndex = NULL;
$extensions = NULL;
$allowCreate = TRUE;
$idpInit = TRUE;
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: ' . var_export($spEntityId, TRUE));
} else {
$binding = SAML2_Binding::getCurrentBinding();
$request = $binding->receive();
if (!$request instanceof SAML2_AuthnRequest) {
throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.');
}
$spEntityId = $request->getIssuer();
if ($spEntityId === NULL) {
throw new SimpleSAML_Error_BadRequest('Received message on authentication request endpoint without issuer.');
}
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $request);
$relayState = $request->getRelayState();
$requestId = $request->getId();
$IDPList = $request->getIDPList();
$ProxyCount = $request->getProxyCount();
if ($ProxyCount !== null) {
$ProxyCount--;
}
$RequesterID = $request->getRequesterID();
$forceAuthn = $request->getForceAuthn();
$isPassive = $request->getIsPassive();
$consumerURL = $request->getAssertionConsumerServiceURL();
$protocolBinding = $request->getProtocolBinding();
$consumerIndex = $request->getAssertionConsumerServiceIndex();
$extensions = $request->getExtensions();
$nameIdPolicy = $request->getNameIdPolicy();
if (isset($nameIdPolicy['Format'])) {
$nameIDFormat = $nameIdPolicy['Format'];
} else {
$nameIDFormat = NULL;
}
if (isset($nameIdPolicy['AllowCreate'])) {
$allowCreate = $nameIdPolicy['AllowCreate'];
} else {
$allowCreate = FALSE;
}
$idpInit = FALSE;
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: ' . var_export($spEntityId, TRUE));
}
SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'forceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'protocol' => 'saml2', 'idpInit' => $idpInit));
$acsEndpoint = self::getAssertionConsumerService($supportedBindings, $spMetadata, $consumerURL, $protocolBinding, $consumerIndex);
$IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array())));
if ($ProxyCount == null) {
$ProxyCount = $spMetadata->getInteger('ProxyCount', null);
}
if (!$forceAuthn) {
$forceAuthn = $spMetadata->getBoolean('ForceAuthn', FALSE);
}
$sessionLostParams = array('spentityid' => $spEntityId, 'cookieTime' => time());
if ($relayState !== NULL) {
$sessionLostParams['RelayState'] = $relayState;
}
$sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), $sessionLostParams);
$state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendResponse'), SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC => array('sspmod_saml_IdP_SAML2', 'handleAuthError'), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'SPMetadata' => $spMetadata->toArray(), 'saml:RelayState' => $relayState, 'saml:RequestId' => $requestId, 'saml:IDPList' => $IDPList, 'saml:ProxyCount' => $ProxyCount, 'saml:RequesterID' => $RequesterID, 'ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'saml:ConsumerURL' => $acsEndpoint['Location'], 'saml:Binding' => $acsEndpoint['Binding'], 'saml:NameIDFormat' => $nameIDFormat, 'saml:AllowCreate' => $allowCreate, 'saml:Extensions' => $extensions);
$idp->handleAuthenticationRequest($state);
}
<?php
$languages = $this->getLanguageList();
$langnames = array('no' => 'Bokmål', 'nn' => 'Nynorsk', 'se' => 'Sámegiella', 'sam' => 'Åarjelh-saemien giele', 'da' => 'Dansk', 'en' => 'English', 'de' => 'Deutsch', 'sv' => 'Svenska', 'fi' => 'Suomeksi', 'es' => 'Español', 'fr' => 'Français', 'it' => 'Italiano', 'nl' => 'Nederlands', 'lb' => 'Luxembourgish', 'cs' => 'Czech', 'sl' => 'Slovenščina', 'lt' => 'Lietuvių kalba', 'hr' => 'Hrvatski', 'hu' => 'Magyar', 'pl' => 'Polski', 'pt' => 'Português', 'pt-BR' => 'Português brasileiro', 'ru' => 'русский язык', 'et' => 'Eesti keel', 'tr' => 'Türkçe', 'el' => 'ελληνικά', 'ja' => '日本語', 'zh-tw' => '中文', 'ar' => 'العربية', 'fa' => 'پارسی', 'ur' => 'اردو', 'he' => 'עִבְרִית');
if (empty($_POST)) {
foreach ($languages as $lang => $current) {
if ($current) {
echo '<li class="pull-right dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown">' . '<span class="glyphicon glyphicon-flag"></span> ' . $langnames[$lang] . ' <b class="caret"></b></a>';
}
}
echo '<ul class="dropdown-menu">';
$textarray = array();
foreach ($languages as $lang => $current) {
if (!$current) {
$url = htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('language' => $lang)));
$title = $langnames[$lang];
echo '<li><a href="' . $url . '">' . $title . '</a></li>';
}
}
echo '</ul>';
}
}
if (isset($this->data['hideLanguageBar']) && $this->data['hideLanguageBar'] === TRUE) {
$includeLanguageBar = FALSE;
}
if ($includeLanguageBar) {
$languages = $this->getLanguageList();
if (count($languages) > 1) {
echo '<div id="languagebar">';
$langnames = array('no' => 'Bokmål', 'nn' => 'Nynorsk', 'se' => 'Sámegiella', 'sam' => 'Åarjelh-saemien giele', 'da' => 'Dansk', 'en' => 'English', 'de' => 'Deutsch', 'sv' => 'Svenska', 'fi' => 'Suomeksi', 'es' => 'Español', 'fr' => 'Français', 'it' => 'Italiano', 'nl' => 'Nederlands', 'lb' => 'Lëtzebuergesch', 'cs' => 'Čeština', 'sl' => 'Slovenščina', 'lt' => 'Lietuvių kalba', 'hr' => 'Hrvatski', 'hu' => 'Magyar', 'pl' => 'Język polski', 'pt' => 'Português', 'pt-br' => 'Português brasileiro', 'ru' => 'русский язык', 'et' => 'eesti keel', 'tr' => 'Türkçe', 'el' => 'ελληνικά', 'ja' => '日本語', 'zh' => '简体中文', 'zh-tw' => '繁體中文', 'ar' => 'العربية', 'fa' => 'پارسی', 'ur' => 'اردو', 'he' => 'עִבְרִית', 'id' => 'Bahasa Indonesia', 'sr' => 'Srpski', 'lv' => 'Latviešu', 'ro' => 'Românește', 'eu' => 'Euskara');
$textarray = array();
foreach ($languages as $lang => $current) {
$lang = strtolower($lang);
if ($current) {
$textarray[] = $langnames[$lang];
} else {
$textarray[] = '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array($this->languageParameterName => $lang))) . '">' . $langnames[$lang] . '</a>';
}
}
echo join(' | ', $textarray);
echo '</div>';
}
}
?>
<br>
<h6 class="muted text-center">This template is proportioned by Raptor</h6>
<h6 class="muted text-center">Please edit this template in: web/SSO/simplesamlphp/modules/core/template/raptorloginuserpass.php</h6><br>
</div>
<!-- // main-content -->
</div>
$emailadr = $idpsend[$_POST['sendtoidp']]['send_metadata_email'];
$from = $_POST['email'];
$message = '<h1>simpleSAMLphp SAML 2.0 Service Provider Metadata</h1>
<p>Metadata was sent to you from a simpleSAMLphp SAML 2.0 Service Provider. The service provider requests to connect to the following Identity Provider:
<ul>
<li><tt>' . htmlentities($_POST['sendtoidp']) . '</tt></li>
</ul>
</p>
<p>SAML 2.0 Service Provider EntityID :</p>
<pre>' . htmlentities($spentityid) . '</pre>
<p>Links to metadata at service provider
<ul>
<li><a href="' . htmlentities(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('output' => 'xhtml'))) . '">SimpleSAMLphp Metadata page</a></li>
<li><a href="' . htmlentities(SimpleSAML_Utilities::selfURLNoQuery()) . '">SimpleSAMLphp Metadata (XML only)</a></li>
</ul>
</p>
<p>SAML 2.0 XML Metadata :</p>
<pre>' . htmlentities($metaxml) . '</pre>
<p>Metadata in SimpleSAMLphp format :</p>
<pre>' . htmlentities($metaflat) . '</pre>
<p>SimpleSAMLphp version: ' . $config->getVersion() . '</p>
';
$email = new SimpleSAML_XHTML_EMail($emailadr, 'simpleSAMLphp SAML 2.0 Service Provider Metadata', $from);
$email->setBody($message);
