/**
* This function is used to generate some metadata elements automatically.
*
* @param $property The metadata property which should be autogenerated.
* @param $set The set we the property comes from.
* @return The autogenerated metadata property.
*/
public function getGenerated($property, $set = 'saml20-sp-hosted')
{
/* First we check if the user has overridden this property in the metadata. */
try {
$metadataSet = $this->getMetaDataCurrent($set);
if (array_key_exists($property, $metadataSet)) {
return $metadataSet[$property];
}
} catch (Exception $e) {
/* Probably metadata wasn't found. In any case we continue by generating the metadata. */
}
/* Get the configuration. */
$config = SimpleSAML_Configuration::getInstance();
assert($config instanceof SimpleSAML_Configuration);
$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
if ($set == 'saml20-sp-hosted') {
switch ($property) {
case 'AssertionConsumerService':
return $baseurl . 'saml2/sp/AssertionConsumerService.php';
case 'SingleLogoutService':
return $baseurl . 'saml2/sp/SingleLogoutService.php';
case 'SingleLogoutServiceBinding':
return SAML2_Const::BINDING_HTTP_REDIRECT;
}
} elseif ($set == 'saml20-idp-hosted') {
switch ($property) {
case 'SingleSignOnService':
return $baseurl . 'saml2/idp/SSOService.php';
case 'SingleSignOnServiceBinding':
return SAML2_Const::BINDING_HTTP_REDIRECT;
case 'SingleLogoutService':
return $baseurl . 'saml2/idp/SingleLogoutService.php';
case 'SingleLogoutServiceBinding':
return SAML2_Const::BINDING_HTTP_REDIRECT;
}
} elseif ($set == 'shib13-sp-hosted') {
switch ($property) {
case 'AssertionConsumerService':
return $baseurl . 'shib13/sp/AssertionConsumerService.php';
}
} elseif ($set == 'shib13-idp-hosted') {
switch ($property) {
case 'SingleSignOnService':
return $baseurl . 'shib13/idp/SSOService.php';
}
}
throw new Exception('Could not generate metadata property ' . $property . ' for set ' . $set . '.');
}
/**
* Retrieve the trust root for this openid site.
*
* @return string The trust root.
*/
private function getTrustRoot()
{
if (!empty($this->realm)) {
return $this->realm;
} else {
return SimpleSAML_Utilities::selfURLhost();
}
}
private function generateDynamicHostedEntityID($set)
{
/* Get the configuration. */
$config = SimpleSAML_Configuration::getInstance();
$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
if ($set === 'saml20-idp-hosted') {
return $baseurl . 'saml2/idp/metadata.php';
} elseif ($set === 'saml20-sp-hosted') {
return $baseurl . 'saml2/sp/metadata.php';
} elseif ($set === 'shib13-idp-hosted') {
return $baseurl . 'shib13/idp/metadata.php';
} elseif ($set === 'shib13-sp-hosted') {
return $baseurl . 'shib13/sp/metadata.php';
} elseif ($set === 'wsfed-sp-hosted') {
return 'urn:federation:' . SimpleSAML_Utilities::getSelfHost();
} else {
throw new Exception('Can not generate dynamic EntityID for metadata of this type: [' . $set . ']');
}
}
<?php
require_once '../_include.php';
/* Load simpleSAMLphp, configuration */
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
/* Check if valid local session exists.. */
SimpleSAML_Utilities::requireAdmin();
$attributes = array();
$attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']);
$attributes['HTTPS'] = array($_SERVER['HTTPS']);
$attributes['SERVER_PROTOCOL'] = array($_SERVER['SERVER_PROTOCOL']);
$attributes['SERVER_PORT'] = array($_SERVER['SERVER_PORT']);
$attributes['Utilities_getBaseURL()'] = array(SimpleSAML_Utilities::getBaseURL());
$attributes['Utilities_getSelfHost()'] = array(SimpleSAML_Utilities::getSelfHost());
$attributes['Utilities_selfURLhost()'] = array(SimpleSAML_Utilities::selfURLhost());
$attributes['Utilities_selfURLNoQuery()'] = array(SimpleSAML_Utilities::selfURLNoQuery());
$attributes['Utilities_getSelfHostWithPath()'] = array(SimpleSAML_Utilities::getSelfHostWithPath());
$attributes['Utilities_getFirstPathElement()'] = array(SimpleSAML_Utilities::getFirstPathElement());
$attributes['Utilities_selfURL()'] = array(SimpleSAML_Utilities::selfURL());
$et = new SimpleSAML_XHTML_Template($config, 'status.php');
$et->data['header'] = '{status:header_diagnostics}';
$et->data['remaining'] = 'na';
$et->data['attributes'] = $attributes;
$et->data['valid'] = 'na';
$et->data['logout'] = null;
$et->show();
/**
* Retrieve the absolute base URL for the simpleSAMLphp installation.
*
* This function will return the absolute base URL for the simpleSAMLphp
* installation. For example: https://idp.example.org/simplesaml/
*
* The URL will always end with a '/'.
*
* @return string The absolute base URL for the simpleSAMLphp installation.
*/
public static function getBaseURL()
{
$globalConfig = SimpleSAML_Configuration::getInstance();
$ret = SimpleSAML_Utilities::selfURLhost() . '/' . $globalConfig->getBaseURL();
if (substr($ret, -1) !== '/') {
throw new SimpleSAML_Error_Exception('Invalid value of \'baseurl\' in ' . 'config.php. It must end with a \'/\'.');
}
return $ret;
}
/**
* Get absolute URL to a specified module resource.
*
* This function creates an absolute URL to a resource stored under ".../modules/<module>/www/".
*
* @param string $resource Resource path, on the form "<module name>/<resource>"
* @return string The absolute URL to the given resource.
*/
public static function getModuleURL($resource)
{
assert('is_string($resource)');
assert('$resource[0] !== "/"');
$config = SimpleSAML_Configuration::getInstance();
return SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL() . 'module.php/' . $resource;
}
}
if (!array_key_exists('token', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing authToken.');
}
$token = $_REQUEST['token'];
if ($token !== $authTokenContactsSP) {
throw new SimpleSAML_Error_Exception('Invalid AuthToken');
}
$ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php');
$ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php');
$debug = $ldapconfig->getValue('ldapDebug', FALSE);
$orgs = $ldapconfig->getValue('organizations');
$locationTemplate = $ldapconfig->getValue('locationTemplate');
$isAdmin = FALSE;
$secretURL = NULL;
$ignore = '';
if (array_key_exists('ignore', $_REQUEST)) {
$ignore = '&ignore=' . $_REQUEST['ignore'];
}
$secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|hobbit');
$secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('key' => $secretKey));
function generateSecret($salt, $orgtest)
{
$secretKey = sha1('ldapstatus|' . $salt . '|' . $orgtest);
return $secretKey;
}
header('Content-Type: text/plain');
foreach ($orgs as $orgkey => $org) {
$url = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLhost() . SimpleSAML_Utilities::getFirstPathElement() . '/module.php/ldapstatus/', array('orgtest' => $orgkey, 'output' => 'text', 'key' => generateSecret(SimpleSAML_Utilities::getSecretSalt(), $orgkey)));
echo "0.0.0.0 " . $orgkey . " # noconn feidesjekk:" . $url . $ignore . ";OOOKKK\n";
}
/**
* This function logs a error message to the error log and shows the
* message to the user. Script execution terminates afterwards.
*
* @param $title Short title for the error message.
* @param $message The error message.
*/
public static function fatalError($trackid = 'na', $errorcode = null, Exception $e = null, $level = LOG_ERR)
{
$config = SimpleSAML_Configuration::getInstance();
// Get the exception message if there is any exception provided.
$emsg = empty($e) ? 'No exception available' : $e->getMessage();
$etrace = empty($e) ? 'No exception available' : $e->getTraceAsString();
// Log a error message
SimpleSAML_Logger::error($_SERVER['PHP_SELF'] . ' - UserError: ErrCode:' . (!empty($errorcode) ? $errorcode : 'na') . ': ' . urlencode($emsg));
$languagefile = null;
if (isset($errorcode)) {
$languagefile = 'errors.php';
}
// Initialize a template
$t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile);
$t->data['errorcode'] = $errorcode;
$t->data['showerrors'] = $config->getValue('showerrors', true);
/* Check if there is a valid technical contact email address. */
if ($config->getValue('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') {
/* Enable error reporting. */
$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
$t->data['errorreportaddress'] = $baseurl . 'errorreport.php';
} else {
/* Disable error reporting. */
$t->data['errorreportaddress'] = NULL;
}
$t->data['exceptionmsg'] = $emsg;
$t->data['exceptiontrace'] = $etrace;
$t->data['trackid'] = $trackid;
$t->data['version'] = $config->getValue('version', 'na');
$t->data['url'] = self::selfURLNoQuery();
$t->show();
exit;
}
public static function getURL()
{
$config = SimpleSAML_Configuration::getInstance('foodle');
$url = $config->getString('url', SimpleSAML_Utilities::selfURLhost());
return $url . '/' . $config->getValue('baseurlpath', '');
}
protected static function _getSpIdentifier($state)
{
if (isset($state["saml:RelayState"])) {
// We're running in IDP mode. RelayState is the page we are actually logging into.
$url = $state["saml:RelayState"];
} else {
if (isset($state['SimpleSAML_Auth_Default.ReturnURL'])) {
// We're probably running in local mode.
$url = $state['SimpleSAML_Auth_Default.ReturnURL'];
} else {
// Nothing to go by. Fall back to our own hostname.
$url = SimpleSAML_Utilities::selfURLhost();
}
}
$host = parse_url($url, PHP_URL_HOST);
return $host;
}
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
/*
* If no IdP can be resolved, send the user to the SAML 2.0 Discovery Service
*/
if ($idpentityid === NULL) {
SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
/* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
* Falling back to builtin discovery service.
*/
if (array_key_exists('idpdisco.url', $spmetadata)) {
$discourl = $spmetadata['idpdisco.url'];
} elseif ($config->getString('idpdisco.url.saml20', NULL) !== NULL) {
$discourl = $config->getString('idpdisco.url.saml20');
} else {
$discourl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL() . 'saml2/sp/idpdisco.php';
}
if ($config->getBoolean('idpdisco.extDiscoveryStorage', NULL) != NULL) {
$extDiscoveryStorage = $config->getBoolean('idpdisco.extDiscoveryStorage');
SimpleSAML_Utilities::redirect($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true'));
}
$discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid');
$discoparameters['isPassive'] = $isPassive;
if (sizeof($reachableIDPs) > 0) {
$discoparameters['IDPList'] = $reachableIDPs;
}
SimpleSAML_Utilities::redirect($discourl, $discoparameters);
}
/*
* Create and send authentication request to the IdP.
*/
/**
* This function is used to generate some metadata elements automatically.
*
* @param $property The metadata property which should be autogenerated.
* @param $set The set we the property comes from.
* @return The autogenerated metadata property.
*/
public function getGenerated($property, $set = 'saml20-sp-hosted', $options = array())
{
/* First we check if the user has overridden this property in the metadata. */
try {
$metadataSet = $this->getMetaDataCurrent($set);
if (array_key_exists($property, $metadataSet)) {
return $metadataSet[$property];
}
} catch (Exception $e) {
/* Probably metadata wasn't found. In any case we continue by generating the metadata. */
}
/* Get the configuration. */
$config = SimpleSAML_Configuration::getInstance();
assert($config instanceof SimpleSAML_Configuration);
$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
if ($set == 'saml20-sp-hosted') {
switch ($property) {
case 'AssertionConsumerService':
return $baseurl . 'saml2/sp/AssertionConsumerService.php';
case 'SingleLogoutService':
return $baseurl . 'saml2/sp/SingleLogoutService.php';
}
} elseif ($set == 'saml20-idp-hosted') {
$logouttype = 'traditional';
if (array_key_exists('logouttype', $options)) {
$logouttype = $options['logouttype'];
}
if (!in_array($logouttype, array('traditional', 'iframe'))) {
throw new Exception('Invalid logout type [' . $logouttype . '] in IdP Hosted Metadata');
}
switch ($property) {
case 'SingleSignOnService':
return $baseurl . 'saml2/idp/SSOService.php';
case 'SingleLogoutService':
switch ($logouttype) {
case 'iframe':
return $baseurl . 'saml2/idp/SingleLogoutServiceiFrame.php';
case 'traditional':
default:
return $baseurl . 'saml2/idp/SingleLogoutService.php';
}
case 'SingleLogoutServiceResponse':
switch ($logouttype) {
case 'iframe':
return $baseurl . 'saml2/idp/SingleLogoutServiceiFrameResponse.php';
case 'traditional':
default:
return $baseurl . 'saml2/idp/SingleLogoutService.php';
}
}
} elseif ($set == 'shib13-sp-hosted') {
switch ($property) {
case 'AssertionConsumerService':
return $baseurl . 'shib13/sp/AssertionConsumerService.php';
}
} elseif ($set == 'shib13-idp-hosted') {
switch ($property) {
case 'SingleSignOnService':
return $baseurl . 'shib13/idp/SSOService.php';
}
}
throw new Exception('Could not generate metadata property ' . $property . ' for set ' . $set . '.');
}
/**
* Show and log fatal error message.
*
* This function logs a error message to the error log and shows the
* message to the user. Script execution terminates afterwards.
*
* The error code comes from the errors-dictionary. It can optionally include parameters, which
* will be substituted into the output string.
*
* @param string $trackid The trackid of the user, from $session->getTrackID().
* @param mixed $errorcode Either a string with the error code, or an array with the error code and
* additional parameters.
* @param Exception $e The exception which caused the error.
*/
public static function fatalError($trackid = 'na', $errorcode = null, Exception $e = null)
{
$config = SimpleSAML_Configuration::getInstance();
if (is_array($errorcode)) {
$parameters = $errorcode;
unset($parameters[0]);
$errorcode = $errorcode[0];
} else {
$parameters = array();
}
// Get the exception message if there is any exception provided.
$emsg = empty($e) ? 'No exception available' : $e->getMessage();
$etrace = empty($e) ? 'No exception available' : self::formatBacktrace($e);
if (!empty($errorcode) && count($parameters) > 0) {
$reptext = array();
foreach ($parameters as $k => $v) {
$reptext[] = '"' . $k . '"' . ' => "' . $v . '"';
}
$reptext = '(' . implode(', ', $reptext) . ')';
$error = $errorcode . $reptext;
} elseif (!empty($errorcode)) {
$error = $errorcode;
} else {
$error = 'na';
}
// Log a error message
SimpleSAML_Logger::error($_SERVER['PHP_SELF'] . ' - UserError: ErrCode:' . $error . ': ' . urlencode($emsg));
$languagefile = null;
if (isset($errorcode)) {
$languagefile = 'errors';
}
// Initialize a template
$t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile);
$t->data['errorcode'] = $errorcode;
$t->data['parameters'] = $parameters;
$t->data['showerrors'] = $config->getBoolean('showerrors', true);
/* Check if there is a valid technical contact email address. */
if ($config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') {
/* Enable error reporting. */
$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
$t->data['errorreportaddress'] = $baseurl . 'errorreport.php';
} else {
/* Disable error reporting. */
$t->data['errorreportaddress'] = NULL;
}
$session = SimpleSAML_Session::getInstance();
$attributes = $session->getAttributes();
if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
$email = $attributes['mail'][0];
} else {
$email = '';
}
$t->data['email'] = $email;
$t->data['exceptionmsg'] = $emsg;
$t->data['exceptiontrace'] = $etrace;
$t->data['trackid'] = $trackid;
$t->data['version'] = $config->getVersion();
$t->data['url'] = self::selfURLNoQuery();
$t->show();
exit;
}
function getTrustRoot()
{
return SimpleSAML_Utilities::selfURLhost();
}
