/** * This function is used to generate some metadata elements automatically. * * @param $property The metadata property which should be autogenerated. * @param $set The set we the property comes from. * @return The autogenerated metadata property. */ public function getGenerated($property, $set = 'saml20-sp-hosted') { /* First we check if the user has overridden this property in the metadata. */ try { $metadataSet = $this->getMetaDataCurrent($set); if (array_key_exists($property, $metadataSet)) { return $metadataSet[$property]; } } catch (Exception $e) { /* Probably metadata wasn't found. In any case we continue by generating the metadata. */ } /* Get the configuration. */ $config = SimpleSAML_Configuration::getInstance(); assert($config instanceof SimpleSAML_Configuration); $baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL(); if ($set == 'saml20-sp-hosted') { switch ($property) { case 'AssertionConsumerService': return $baseurl . 'saml2/sp/AssertionConsumerService.php'; case 'SingleLogoutService': return $baseurl . 'saml2/sp/SingleLogoutService.php'; case 'SingleLogoutServiceBinding': return SAML2_Const::BINDING_HTTP_REDIRECT; } } elseif ($set == 'saml20-idp-hosted') { switch ($property) { case 'SingleSignOnService': return $baseurl . 'saml2/idp/SSOService.php'; case 'SingleSignOnServiceBinding': return SAML2_Const::BINDING_HTTP_REDIRECT; case 'SingleLogoutService': return $baseurl . 'saml2/idp/SingleLogoutService.php'; case 'SingleLogoutServiceBinding': return SAML2_Const::BINDING_HTTP_REDIRECT; } } elseif ($set == 'shib13-sp-hosted') { switch ($property) { case 'AssertionConsumerService': return $baseurl . 'shib13/sp/AssertionConsumerService.php'; } } elseif ($set == 'shib13-idp-hosted') { switch ($property) { case 'SingleSignOnService': return $baseurl . 'shib13/idp/SSOService.php'; } } throw new Exception('Could not generate metadata property ' . $property . ' for set ' . $set . '.'); }
/** * Retrieve the trust root for this openid site. * * @return string The trust root. */ private function getTrustRoot() { if (!empty($this->realm)) { return $this->realm; } else { return SimpleSAML_Utilities::selfURLhost(); } }
private function generateDynamicHostedEntityID($set) { /* Get the configuration. */ $config = SimpleSAML_Configuration::getInstance(); $baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL(); if ($set === 'saml20-idp-hosted') { return $baseurl . 'saml2/idp/metadata.php'; } elseif ($set === 'saml20-sp-hosted') { return $baseurl . 'saml2/sp/metadata.php'; } elseif ($set === 'shib13-idp-hosted') { return $baseurl . 'shib13/idp/metadata.php'; } elseif ($set === 'shib13-sp-hosted') { return $baseurl . 'shib13/sp/metadata.php'; } elseif ($set === 'wsfed-sp-hosted') { return 'urn:federation:' . SimpleSAML_Utilities::getSelfHost(); } else { throw new Exception('Can not generate dynamic EntityID for metadata of this type: [' . $set . ']'); } }
<?php require_once '../_include.php'; /* Load simpleSAMLphp, configuration */ $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); /* Check if valid local session exists.. */ SimpleSAML_Utilities::requireAdmin(); $attributes = array(); $attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']); $attributes['HTTPS'] = array($_SERVER['HTTPS']); $attributes['SERVER_PROTOCOL'] = array($_SERVER['SERVER_PROTOCOL']); $attributes['SERVER_PORT'] = array($_SERVER['SERVER_PORT']); $attributes['Utilities_getBaseURL()'] = array(SimpleSAML_Utilities::getBaseURL()); $attributes['Utilities_getSelfHost()'] = array(SimpleSAML_Utilities::getSelfHost()); $attributes['Utilities_selfURLhost()'] = array(SimpleSAML_Utilities::selfURLhost()); $attributes['Utilities_selfURLNoQuery()'] = array(SimpleSAML_Utilities::selfURLNoQuery()); $attributes['Utilities_getSelfHostWithPath()'] = array(SimpleSAML_Utilities::getSelfHostWithPath()); $attributes['Utilities_getFirstPathElement()'] = array(SimpleSAML_Utilities::getFirstPathElement()); $attributes['Utilities_selfURL()'] = array(SimpleSAML_Utilities::selfURL()); $et = new SimpleSAML_XHTML_Template($config, 'status.php'); $et->data['header'] = '{status:header_diagnostics}'; $et->data['remaining'] = 'na'; $et->data['attributes'] = $attributes; $et->data['valid'] = 'na'; $et->data['logout'] = null; $et->show();
/** * Retrieve the absolute base URL for the simpleSAMLphp installation. * * This function will return the absolute base URL for the simpleSAMLphp * installation. For example: https://idp.example.org/simplesaml/ * * The URL will always end with a '/'. * * @return string The absolute base URL for the simpleSAMLphp installation. */ public static function getBaseURL() { $globalConfig = SimpleSAML_Configuration::getInstance(); $ret = SimpleSAML_Utilities::selfURLhost() . '/' . $globalConfig->getBaseURL(); if (substr($ret, -1) !== '/') { throw new SimpleSAML_Error_Exception('Invalid value of \'baseurl\' in ' . 'config.php. It must end with a \'/\'.'); } return $ret; }
/** * Get absolute URL to a specified module resource. * * This function creates an absolute URL to a resource stored under ".../modules/<module>/www/". * * @param string $resource Resource path, on the form "<module name>/<resource>" * @return string The absolute URL to the given resource. */ public static function getModuleURL($resource) { assert('is_string($resource)'); assert('$resource[0] !== "/"'); $config = SimpleSAML_Configuration::getInstance(); return SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL() . 'module.php/' . $resource; }
} if (!array_key_exists('token', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing authToken.'); } $token = $_REQUEST['token']; if ($token !== $authTokenContactsSP) { throw new SimpleSAML_Error_Exception('Invalid AuthToken'); } $ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php'); $ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php'); $debug = $ldapconfig->getValue('ldapDebug', FALSE); $orgs = $ldapconfig->getValue('organizations'); $locationTemplate = $ldapconfig->getValue('locationTemplate'); $isAdmin = FALSE; $secretURL = NULL; $ignore = ''; if (array_key_exists('ignore', $_REQUEST)) { $ignore = '&ignore=' . $_REQUEST['ignore']; } $secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|hobbit'); $secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('key' => $secretKey)); function generateSecret($salt, $orgtest) { $secretKey = sha1('ldapstatus|' . $salt . '|' . $orgtest); return $secretKey; } header('Content-Type: text/plain'); foreach ($orgs as $orgkey => $org) { $url = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLhost() . SimpleSAML_Utilities::getFirstPathElement() . '/module.php/ldapstatus/', array('orgtest' => $orgkey, 'output' => 'text', 'key' => generateSecret(SimpleSAML_Utilities::getSecretSalt(), $orgkey))); echo "0.0.0.0 " . $orgkey . " # noconn feidesjekk:" . $url . $ignore . ";OOOKKK\n"; }
/** * This function logs a error message to the error log and shows the * message to the user. Script execution terminates afterwards. * * @param $title Short title for the error message. * @param $message The error message. */ public static function fatalError($trackid = 'na', $errorcode = null, Exception $e = null, $level = LOG_ERR) { $config = SimpleSAML_Configuration::getInstance(); // Get the exception message if there is any exception provided. $emsg = empty($e) ? 'No exception available' : $e->getMessage(); $etrace = empty($e) ? 'No exception available' : $e->getTraceAsString(); // Log a error message SimpleSAML_Logger::error($_SERVER['PHP_SELF'] . ' - UserError: ErrCode:' . (!empty($errorcode) ? $errorcode : 'na') . ': ' . urlencode($emsg)); $languagefile = null; if (isset($errorcode)) { $languagefile = 'errors.php'; } // Initialize a template $t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile); $t->data['errorcode'] = $errorcode; $t->data['showerrors'] = $config->getValue('showerrors', true); /* Check if there is a valid technical contact email address. */ if ($config->getValue('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') { /* Enable error reporting. */ $baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL(); $t->data['errorreportaddress'] = $baseurl . 'errorreport.php'; } else { /* Disable error reporting. */ $t->data['errorreportaddress'] = NULL; } $t->data['exceptionmsg'] = $emsg; $t->data['exceptiontrace'] = $etrace; $t->data['trackid'] = $trackid; $t->data['version'] = $config->getValue('version', 'na'); $t->data['url'] = self::selfURLNoQuery(); $t->show(); exit; }
public static function getURL() { $config = SimpleSAML_Configuration::getInstance('foodle'); $url = $config->getString('url', SimpleSAML_Utilities::selfURLhost()); return $url . '/' . $config->getValue('baseurlpath', ''); }
protected static function _getSpIdentifier($state) { if (isset($state["saml:RelayState"])) { // We're running in IDP mode. RelayState is the page we are actually logging into. $url = $state["saml:RelayState"]; } else { if (isset($state['SimpleSAML_Auth_Default.ReturnURL'])) { // We're probably running in local mode. $url = $state['SimpleSAML_Auth_Default.ReturnURL']; } else { // Nothing to go by. Fall back to our own hostname. $url = SimpleSAML_Utilities::selfURLhost(); } } $host = parse_url($url, PHP_URL_HOST); return $host; }
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception); } /* * If no IdP can be resolved, send the user to the SAML 2.0 Discovery Service */ if ($idpentityid === NULL) { SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco'); /* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration. * Falling back to builtin discovery service. */ if (array_key_exists('idpdisco.url', $spmetadata)) { $discourl = $spmetadata['idpdisco.url']; } elseif ($config->getString('idpdisco.url.saml20', NULL) !== NULL) { $discourl = $config->getString('idpdisco.url.saml20'); } else { $discourl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL() . 'saml2/sp/idpdisco.php'; } if ($config->getBoolean('idpdisco.extDiscoveryStorage', NULL) != NULL) { $extDiscoveryStorage = $config->getBoolean('idpdisco.extDiscoveryStorage'); SimpleSAML_Utilities::redirect($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true')); } $discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'); $discoparameters['isPassive'] = $isPassive; if (sizeof($reachableIDPs) > 0) { $discoparameters['IDPList'] = $reachableIDPs; } SimpleSAML_Utilities::redirect($discourl, $discoparameters); } /* * Create and send authentication request to the IdP. */
/** * This function is used to generate some metadata elements automatically. * * @param $property The metadata property which should be autogenerated. * @param $set The set we the property comes from. * @return The autogenerated metadata property. */ public function getGenerated($property, $set = 'saml20-sp-hosted', $options = array()) { /* First we check if the user has overridden this property in the metadata. */ try { $metadataSet = $this->getMetaDataCurrent($set); if (array_key_exists($property, $metadataSet)) { return $metadataSet[$property]; } } catch (Exception $e) { /* Probably metadata wasn't found. In any case we continue by generating the metadata. */ } /* Get the configuration. */ $config = SimpleSAML_Configuration::getInstance(); assert($config instanceof SimpleSAML_Configuration); $baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL(); if ($set == 'saml20-sp-hosted') { switch ($property) { case 'AssertionConsumerService': return $baseurl . 'saml2/sp/AssertionConsumerService.php'; case 'SingleLogoutService': return $baseurl . 'saml2/sp/SingleLogoutService.php'; } } elseif ($set == 'saml20-idp-hosted') { $logouttype = 'traditional'; if (array_key_exists('logouttype', $options)) { $logouttype = $options['logouttype']; } if (!in_array($logouttype, array('traditional', 'iframe'))) { throw new Exception('Invalid logout type [' . $logouttype . '] in IdP Hosted Metadata'); } switch ($property) { case 'SingleSignOnService': return $baseurl . 'saml2/idp/SSOService.php'; case 'SingleLogoutService': switch ($logouttype) { case 'iframe': return $baseurl . 'saml2/idp/SingleLogoutServiceiFrame.php'; case 'traditional': default: return $baseurl . 'saml2/idp/SingleLogoutService.php'; } case 'SingleLogoutServiceResponse': switch ($logouttype) { case 'iframe': return $baseurl . 'saml2/idp/SingleLogoutServiceiFrameResponse.php'; case 'traditional': default: return $baseurl . 'saml2/idp/SingleLogoutService.php'; } } } elseif ($set == 'shib13-sp-hosted') { switch ($property) { case 'AssertionConsumerService': return $baseurl . 'shib13/sp/AssertionConsumerService.php'; } } elseif ($set == 'shib13-idp-hosted') { switch ($property) { case 'SingleSignOnService': return $baseurl . 'shib13/idp/SSOService.php'; } } throw new Exception('Could not generate metadata property ' . $property . ' for set ' . $set . '.'); }
/** * Show and log fatal error message. * * This function logs a error message to the error log and shows the * message to the user. Script execution terminates afterwards. * * The error code comes from the errors-dictionary. It can optionally include parameters, which * will be substituted into the output string. * * @param string $trackid The trackid of the user, from $session->getTrackID(). * @param mixed $errorcode Either a string with the error code, or an array with the error code and * additional parameters. * @param Exception $e The exception which caused the error. */ public static function fatalError($trackid = 'na', $errorcode = null, Exception $e = null) { $config = SimpleSAML_Configuration::getInstance(); if (is_array($errorcode)) { $parameters = $errorcode; unset($parameters[0]); $errorcode = $errorcode[0]; } else { $parameters = array(); } // Get the exception message if there is any exception provided. $emsg = empty($e) ? 'No exception available' : $e->getMessage(); $etrace = empty($e) ? 'No exception available' : self::formatBacktrace($e); if (!empty($errorcode) && count($parameters) > 0) { $reptext = array(); foreach ($parameters as $k => $v) { $reptext[] = '"' . $k . '"' . ' => "' . $v . '"'; } $reptext = '(' . implode(', ', $reptext) . ')'; $error = $errorcode . $reptext; } elseif (!empty($errorcode)) { $error = $errorcode; } else { $error = 'na'; } // Log a error message SimpleSAML_Logger::error($_SERVER['PHP_SELF'] . ' - UserError: ErrCode:' . $error . ': ' . urlencode($emsg)); $languagefile = null; if (isset($errorcode)) { $languagefile = 'errors'; } // Initialize a template $t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile); $t->data['errorcode'] = $errorcode; $t->data['parameters'] = $parameters; $t->data['showerrors'] = $config->getBoolean('showerrors', true); /* Check if there is a valid technical contact email address. */ if ($config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') { /* Enable error reporting. */ $baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL(); $t->data['errorreportaddress'] = $baseurl . 'errorreport.php'; } else { /* Disable error reporting. */ $t->data['errorreportaddress'] = NULL; } $session = SimpleSAML_Session::getInstance(); $attributes = $session->getAttributes(); if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) { $email = $attributes['mail'][0]; } else { $email = ''; } $t->data['email'] = $email; $t->data['exceptionmsg'] = $emsg; $t->data['exceptiontrace'] = $etrace; $t->data['trackid'] = $trackid; $t->data['version'] = $config->getVersion(); $t->data['url'] = self::selfURLNoQuery(); $t->show(); exit; }
function getTrustRoot() { return SimpleSAML_Utilities::selfURLhost(); }