private function generateDynamicHostedEntityID($set) { /* Get the configuration. */ $config = SimpleSAML_Configuration::getInstance(); $baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL(); if ($set === 'saml20-idp-hosted') { return $baseurl . 'saml2/idp/metadata.php'; } elseif ($set === 'saml20-sp-hosted') { return $baseurl . 'saml2/sp/metadata.php'; } elseif ($set === 'shib13-idp-hosted') { return $baseurl . 'shib13/idp/metadata.php'; } elseif ($set === 'shib13-sp-hosted') { return $baseurl . 'shib13/sp/metadata.php'; } elseif ($set === 'wsfed-sp-hosted') { return 'urn:federation:' . SimpleSAML_Utilities::getSelfHost(); } else { throw new Exception('Can not generate dynamic EntityID for metadata of this type: [' . $set . ']'); } }
private function lookupIndexFromEntityId($entityId, $set) { assert('is_string($entityId)'); assert('isset($set)'); $metadataSet = $this->getMetadataSet($set); /* Check for hostname. */ $currenthost = SimpleSAML_Utilities::getSelfHost(); // sp.example.org if (strpos($currenthost, ":") !== FALSE) { $currenthostdecomposed = explode(":", $currenthost); $currenthost = $currenthostdecomposed[0]; } foreach ($metadataSet as $index => $entry) { if ($index === $entityId) { return $index; } if ($entry['entityid'] === $entityId) { if ($entry['host'] === '__DEFAULT__' || $entry['host'] === $currenthost) { return $index; } } } return NULL; }
/** * This function requests a url with a GET request. * * @param $curl The curl handle which should be used. * @param $url The url which should be requested. * @param $parameters Associative array with parameters which should be appended to the url. * @return The content of the returned page. */ function getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10) { if (empty($url)) { throw new Exception('Trying to crawl an empty URL'); } if ($maxredirs < 0) { throw new Exception('Max redirection reached...'); } $p = ''; foreach ($parameters as $k => $v) { if ($p != '') { $p .= '&'; } $p .= urlencode($k) . '=' . urlencode($v); } switch ($type) { case 'post': curl_setopt($this->curl, CURLOPT_POSTFIELDS, $p); curl_setopt($this->curl, CURLOPT_POST, TRUE); break; case 'get': default: if (!empty($parameters)) { if (strpos($url, '?') === FALSE) { $url .= '?' . $p; } else { $url .= '&' . $p; } } curl_setopt($this->curl, CURLOPT_HTTPGET, TRUE); } curl_setopt($this->curl, CURLOPT_URL, $url); $this->log('Contacting URL [' . $url . ']'); $response = curl_exec($this->curl); if ($response === FALSE) { #echo('Failed to get url: ' . $url . "\n"); #echo('Curl error: ' . curl_error($curl) . "\n"); return FALSE; } $header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE); $result['header'] = substr($response, 0, $header_size); $result['body'] = substr($response, $header_size); $result['http_code'] = curl_getinfo($this->curl, CURLINFO_HTTP_CODE); $result['last_url'] = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL); $result['headerout'] = curl_getinfo($this->curl, CURLINFO_HEADER_OUT); // $this->log('header out :' . $result['headerout']); $info = curl_getinfo($this->curl); $headers = self::parseHeaders($result['header']); // error_log('headers: ' . var_export($headers, TRUE)); // error_log('headers raw: ' . var_export($result['header'], TRUE)); // error_log('info: ' . var_export($info, TRUE)); if (isset($headers['location'])) { $nexturl = $headers['location']; $this->log('Location header found [' . $nexturl . ']'); if (substr($nexturl, 0, 1) == '/') { if (preg_match('|(http(s)?://.*?)/|', $info['url'], $matches)) { $nexturl = $matches[1] . $nexturl; $this->log('Constructed new URL [' . $nexturl . ']'); } } # $url = $info['url']; $urlp = parse_url($nexturl); # echo '<p>Next url [' . $nexturl . ']'; // If next step is server; then look for AuthnRequest... #error_log('Location header query part: ' . $urlp['query']); $this->log('Next URL host is [' . (string) $urlp['host'] . '] comparing with my host [' . (string) SimpleSAML_Utilities::getSelfHost() . ']'); if (strcmp((string) $urlp['host'], (string) SimpleSAML_Utilities::getSelfHost()) == 0) { #echo "FOUND REQUEST"; #print_r($urlp['query']); $_SERVER['QUERY_STRING'] = $urlp['query']; $samlredir = new SAML2_HTTPRedirect(); if (strstr($urlp['query'], 'SAMLRequest=') || strstr($urlp['query'], 'SAMLResponse=')) { $result['RequestRaw'] = self::getHTTPRedirectMessage(); $result['Request'] = $samlredir->receive(); # $params = parse_str($urlp['query']); $result['RelayState'] = $result['Request']->getRelayState(); # $this->log('Parameters: ' . var_export($params, TRUE)); # if (isset($params['RelayState'])) $result['RelayState'] = $params['RelayState']; } return $result; } // Follow redirects return $this->getURLraw($nexturl, $parameters, $type, $maxredirs - 1); } return $result; }
<?php require_once '../_include.php'; /* Load simpleSAMLphp, configuration */ $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); /* Check if valid local session exists.. */ SimpleSAML_Utilities::requireAdmin(); $attributes = array(); $attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']); $attributes['HTTPS'] = array($_SERVER['HTTPS']); $attributes['SERVER_PROTOCOL'] = array($_SERVER['SERVER_PROTOCOL']); $attributes['SERVER_PORT'] = array($_SERVER['SERVER_PORT']); $attributes['Utilities_getBaseURL()'] = array(SimpleSAML_Utilities::getBaseURL()); $attributes['Utilities_getSelfHost()'] = array(SimpleSAML_Utilities::getSelfHost()); $attributes['Utilities_selfURLhost()'] = array(SimpleSAML_Utilities::selfURLhost()); $attributes['Utilities_selfURLNoQuery()'] = array(SimpleSAML_Utilities::selfURLNoQuery()); $attributes['Utilities_getSelfHostWithPath()'] = array(SimpleSAML_Utilities::getSelfHostWithPath()); $attributes['Utilities_getFirstPathElement()'] = array(SimpleSAML_Utilities::getFirstPathElement()); $attributes['Utilities_selfURL()'] = array(SimpleSAML_Utilities::selfURL()); $et = new SimpleSAML_XHTML_Template($config, 'status.php'); $et->data['header'] = '{status:header_diagnostics}'; $et->data['remaining'] = 'na'; $et->data['attributes'] = $attributes; $et->data['valid'] = 'na'; $et->data['logout'] = null; $et->show();
/** * Load the given configuration file. * * @param string $filename The full path of the configuration file. * @param bool @required Whether the file is required. * @return SimpleSAML_Configuration The configuration file. An exception will be thrown if the * configuration file is missing. */ private static function loadFromFile($filename, $required) { assert('is_string($filename)'); assert('is_bool($required)'); if (array_key_exists($filename, self::$loadedConfigs)) { return self::$loadedConfigs[$filename]; } if (file_exists($filename)) { $config = 'UNINITIALIZED'; /* The file initializes a variable named '$config'. */ require $filename; /* Check that $config is initialized to an array. */ if (!is_array($config)) { throw new Exception('Invalid configuration file: ' . $filename); } } elseif ($required) { /* File does not exist, but is required. */ throw new Exception('Missing configuration file: ' . $filename); } else { /* File does not exist, but is optional. */ $config = array(); } if (array_key_exists('override.host', $config)) { $host = SimpleSAML_Utilities::getSelfHost(); if (array_key_exists($host, $config['override.host'])) { $ofs = $config['override.host'][$host]; foreach (SimpleSAML_Utilities::arrayize($ofs) as $of) { $overrideFile = dirname($filename) . '/' . $of; if (!file_exists($overrideFile)) { throw new Exception('Config file [' . $filename . '] requests override for host ' . $host . ' but file does not exists [' . $of . ']'); } require $overrideFile; } } } $cfg = new SimpleSAML_Configuration($config, $filename); $cfg->filename = $filename; self::$loadedConfigs[$filename] = $cfg; return $cfg; }
/** * This function locates the current entity id based on the hostname/path combination the user accessed. * It will throw an exception if it is unable to locate the entity id. * * @param $set The set we look for the entity id in. * @param $type Do you want to return the metaindex or the entityID. [entityid|metaindex] * @return The entity id which is associated with the current hostname/path combination. */ public function getMetaDataCurrentEntityID($set = 'saml20-sp-hosted', $type = 'entityid') { assert('is_string($set)'); /* First we look for the hostname/path combination. */ $currenthostwithpath = SimpleSAML_Utilities::getSelfHostWithPath(); // sp.example.org/university foreach ($this->sources as $source) { $index = $source->getEntityIdFromHostPath($currenthostwithpath, $set, $type); if ($index !== NULL) { return $index; } } /* Then we look for the hostname. */ $currenthost = SimpleSAML_Utilities::getSelfHost(); // sp.example.org if (strpos($currenthost, ":") !== FALSE) { $currenthostdecomposed = explode(":", $currenthost); $currenthost = $currenthostdecomposed[0]; } foreach ($this->sources as $source) { $index = $source->getEntityIdFromHostPath($currenthost, $set, $type); if ($index !== NULL) { return $index; } } /* Then we look for the DEFAULT entry. */ foreach ($this->sources as $source) { $entityId = $source->getEntityIdFromHostPath('__DEFAULT__', $set, $type); if ($entityId !== NULL) { return $entityId; } } /* We were unable to find the hostname/path in any metadata source. */ throw new Exception('Could not find any default metadata entities in set [' . $set . '] for host [' . $currenthost . ' : ' . $currenthostwithpath . ']'); }
/** * This function requests a url with a GET request. * * @param $curl The curl handle which should be used. * @param $url The url which should be requested. * @param $parameters Associative array with parameters which should be appended to the url. * @return The content of the returned page. */ function getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10, $cookies = NULL) { if (empty($url)) { throw new Exception('Trying to crawl an empty URL'); } if ($maxredirs < 0) { throw new Exception('Max redirection reached...'); } $p = ''; foreach ($parameters as $k => $v) { if ($p != '') { $p .= '&'; } $p .= urlencode($k) . '=' . urlencode($v); } switch ($type) { case 'post': curl_setopt($this->curl, CURLOPT_POSTFIELDS, $p); curl_setopt($this->curl, CURLOPT_POST, TRUE); break; case 'get': default: if (!empty($parameters)) { if (strpos($url, '?') === FALSE) { $url .= '?' . $p; } else { $url .= '&' . $p; } } curl_setopt($this->curl, CURLOPT_HTTPGET, TRUE); } curl_setopt($this->curl, CURLOPT_URL, $url); if (isset($cookies)) { $cookieline = join('; ', $cookies); curl_setopt($this->curl, CURLOPT_COOKIE, $cookieline); $this->log('Set cookies in request to [' . $cookieline . ']'); } $this->log('Contacting URL [' . $url . ']'); $response = curl_exec($this->curl); if ($response === FALSE) { #echo('Failed to get url: ' . $url . "\n"); #echo('Curl error: ' . curl_error($curl) . "\n"); $this->log('Error retrieving URL: ' . curl_error($this->curl)); return FALSE; } $header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE); $result['header'] = substr($response, 0, $header_size); $result['body'] = substr($response, $header_size); $result['http_code'] = curl_getinfo($this->curl, CURLINFO_HTTP_CODE); $result['last_url'] = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL); $result['headerout'] = curl_getinfo($this->curl, CURLINFO_HEADER_OUT); $result['setCookies'] = $this->parseCookiesFromHeader($result['header']); // $this->log('Header :' . $result['header']); if (!empty($result['setCookies'])) { $this->log('Cookies :' . var_export($result['setCookies'], TRUE)); } $info = curl_getinfo($this->curl); $headers = self::parseHeaders($result['header']); // error_log('headers: ' . var_export($headers, TRUE)); // error_log('headers raw: ' . var_export($result['header'], TRUE)); // error_log('info: ' . var_export($info, TRUE)); if (isset($headers['location'])) { $nexturl = $headers['location']; $this->log('Location header found [' . $nexturl . ']'); if (substr($nexturl, 0, 1) == '/') { if (preg_match('|(http(s)?://.*?)/|', $info['url'], $matches)) { $nexturl = $matches[1] . $nexturl; $this->log('Constructed new URL [' . $nexturl . ']'); } } # $url = $info['url']; $urlp = parse_url($nexturl); # echo '<p>Next url [' . $nexturl . ']'; // If next step is server; then look for AuthnRequest... #error_log('Location header query part: ' . $urlp['query']); $this->log('Next URL host is [' . (string) $urlp['host'] . '] comparing with my host [' . (string) SimpleSAML_Utilities::getSelfHost() . ']'); if (strcmp((string) $urlp['host'], (string) SimpleSAML_Utilities::getSelfHost()) == 0) { #echo "FOUND REQUEST"; #print_r($urlp['query']); $_SERVER['QUERY_STRING'] = $urlp['query']; $samlredir = new SAML2_HTTPRedirect(); if (strstr($urlp['query'], 'SAMLRequest=') || strstr($urlp['query'], 'SAMLResponse=')) { $result['RequestRaw'] = self::getHTTPRedirectMessage(); $result['Request'] = $samlredir->receive(); # $params = parse_str($urlp['query']); $result['RelayState'] = $result['Request']->getRelayState(); # $this->log('Parameters: ' . var_export($params, TRUE)); # if (isset($params['RelayState'])) $result['RelayState'] = $params['RelayState']; } return $result; } // Follow redirects return $this->getURLraw($nexturl, $parameters, $type, $maxredirs - 1, $cookies); } if (preg_match('/method="POST"/', $result['body'])) { $body = $result['body']; $action = null; if (preg_match('|action="(.*?)"|', $body, $matches)) { $action = $matches[1]; } $data = array(); if (preg_match_all('|type="hidden" name="([^"]*?)" value="([^"]*?)"|', $body, $matches, PREG_SET_ORDER)) { foreach ($matches as $m) { $data[$m[1]] = htmlspecialchars_decode($m[2]); } } foreach ($data as $k => $v) { error_log('key : ' . $k); error_log('value : ' . $v); } //error_log('WS-Fed Hack: ' . $result['body']); error_log('Action : ' . $action); if (empty($data) || empty($action)) { throw new Exception('Could not get WS-Fed Form data....'); } // getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10, $cookies = NULL) { $this->getURLraw($action, $data, 'post'); } $this->log('Accessed a page with neither a redirect nor a SAML message'); $this->log('body: ' . strip_tags($result['body'])); return $result; }
/** * ADFS PRP IDP protocol support for simpleSAMLphp. * * @author Hans Zandbelt, SURFnet BV. <*****@*****.**> * @package simpleSAMLphp * @version $Id$ */ $config = SimpleSAML_Configuration::getInstance(); $adfsconfig = SimpleSAML_Configuration::getConfig('adfs-idp-hosted.php'); $session = SimpleSAML_Session::getInstance(); SimpleSAML_Logger::info('ADFS - IdP.SSOService: Accessing ADFS IdP endpoint SSOService'); try { if (array_key_exists('entityId', $config)) { $idpentityid = $config['entityId']; } else { $idpentityid = 'urn:federation:' . SimpleSAML_Utilities::getSelfHost() . ':idp'; } } catch (Exception $exception) { SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception); } SimpleSAML_Logger::info('ADFS - IdP.SSOService: Accessing ADFS IdP endpoint SSOService'); function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes) { # $nameid = '*****@*****.**'; $issueInstant = SimpleSAML_Utilities::generateTimestamp(); $notBefore = SimpleSAML_Utilities::generateTimestamp(time() - 30); $assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5); $assertionID = SimpleSAML_Utilities::generateID(); $nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN'; $result = '<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"> <wst:RequestedSecurityToken>
<?php /** * * * @author Mathias Meisfjordskar, University of Oslo. * <*****@*****.**> * @package simpleSAMLphp * @version $Id$ */ $globalConfig = SimpleSAML_Configuration::getInstance(); setcookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'True', mktime(0, 0, 0, 1, 1, 2038), '/', SimpleSAML_Utilities::getSelfHost(), FALSE, TRUE); $session = SimpleSAML_Session::getInstance(); $session->setData('negotiate:disable', 'session', FALSE, 24 * 60 * 60); $t = new SimpleSAML_XHTML_Template($globalConfig, 'negotiate:disable.php'); $t->show();
<?php /** * * * @author Mathias Meisfjordskar, University of Oslo. * <*****@*****.**> * @package simpleSAMLphp * @version $Id$ */ $globalConfig = SimpleSAML_Configuration::getInstance(); setcookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'False', time() - 3600, '/', SimpleSAML_Utilities::getSelfHost(), FALSE, TRUE); $session = SimpleSAML_Session::getInstance(); $session->setData('negotiate:disable', 'session', FALSE, 24 * 60 * 60); $t = new SimpleSAML_XHTML_Template($globalConfig, 'negotiate:enable.php'); $t->show();