コード例 #1
0
 /**
  * Get the NameID value.
  *
  * @param array $state The state array.
  * @return string|null The NameID value.
  */
 protected function getValue(array &$state)
 {
     if (!isset($state['Destination']['entityid'])) {
         SimpleSAML\Logger::warning('No SP entity ID - not generating persistent NameID.');
         return null;
     }
     $spEntityId = $state['Destination']['entityid'];
     if (!isset($state['Source']['entityid'])) {
         SimpleSAML\Logger::warning('No IdP entity ID - not generating persistent NameID.');
         return null;
     }
     $idpEntityId = $state['Source']['entityid'];
     if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
         SimpleSAML\Logger::warning('Missing attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
         return null;
     }
     if (count($state['Attributes'][$this->attribute]) > 1) {
         SimpleSAML\Logger::warning('More than one value in attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
         return null;
     }
     $uid = array_values($state['Attributes'][$this->attribute]);
     // just in case the first index is no longer 0
     $uid = $uid[0];
     if (empty($uid)) {
         SimpleSAML\Logger::warning('Empty value in attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
         return null;
     }
     $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
     $uidData = 'uidhashbase' . $secretSalt;
     $uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
     $uidData .= strlen($spEntityId) . ':' . $spEntityId;
     $uidData .= strlen($uid) . ':' . $uid;
     $uidData .= $secretSalt;
     return sha1($uidData);
 }
コード例 #2
0
 /**
  * @param $secretSalt Must be random and unique per installation
  * @param $lifeTime Token lifetime in seconds
  * @param $skew  Allowed time skew between server that generates and the one that calculates the token
  */
 public function __construct($lifetime = 900, $secretSalt = NULL, $skew = 1)
 {
     if ($secretSalt === NULL) {
         $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
     }
     $this->secretSalt = $secretSalt;
     $this->lifetime = $lifetime;
     $this->skew = $skew;
 }
コード例 #3
0
ファイル: SAML2.php プロジェクト: rediris-es/simplesamlphp
 /**
  * Calculate the NameID value that should be used.
  *
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the IdP.
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the SP.
  * @param array &$state  The authentication state of the user.
  * @return string  The NameID value.
  */
 private static function generateNameIdValue(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, array &$state)
 {
     $attribute = $spMetadata->getString('simplesaml.nameidattribute', NULL);
     if ($attribute === NULL) {
         $attribute = $idpMetadata->getString('simplesaml.nameidattribute', NULL);
         if ($attribute === NULL) {
             if (!isset($state['UserID'])) {
                 SimpleSAML_Logger::error('Unable to generate NameID. Check the userid.attribute option.');
             }
             $attributeValue = $state['UserID'];
             $idpEntityId = $idpMetadata->getString('entityid');
             $spEntityId = $spMetadata->getString('entityid');
             $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
             $uidData = 'uidhashbase' . $secretSalt;
             $uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
             $uidData .= strlen($spEntityId) . ':' . $spEntityId;
             $uidData .= strlen($attributeValue) . ':' . $attributeValue;
             $uidData .= $secretSalt;
             return hash('sha1', $uidData);
         }
     }
     $attributes = $state['Attributes'];
     if (!array_key_exists($attribute, $attributes)) {
         SimpleSAML_Logger::error('Unable to add NameID: Missing ' . var_export($attribute, TRUE) . ' in the attributes of the user.');
         return NULL;
     }
     return $attributes[$attribute][0];
 }
コード例 #4
0
 /**
  * Load a configuration file from a configuration set.
  *
  * This function will return a configuration object even if the file does not exist.
  *
  * @param string $filename The name of the configuration file.
  * @param string $configSet The configuration set. Optional, defaults to 'simplesaml'.
  *
  * @return SimpleSAML_Configuration A configuration object.
  * @throws Exception If the configuration set is not initialized.
  */
 public static function getOptionalConfig($filename = 'config.php', $configSet = 'simplesaml')
 {
     assert('is_string($filename)');
     assert('is_string($configSet)');
     if (!array_key_exists($configSet, self::$configDirs)) {
         if ($configSet !== 'simplesaml') {
             throw new Exception('Configuration set \'' . $configSet . '\' not initialized.');
         } else {
             self::$configDirs['simplesaml'] = SimpleSAML\Utils\Config::getConfigDir();
         }
     }
     $dir = self::$configDirs[$configSet];
     $filePath = $dir . '/' . $filename;
     return self::loadFromFile($filePath, false);
 }
コード例 #5
0
ファイル: _include.php プロジェクト: Chialab/simplesamlphp
         *
         * See PHP bug: https://bugs.php.net/bug.php?id=47987
         */
        return false;
    }
    if ($errno & SimpleSAML_Utilities::$logMask || !($errno & error_reporting())) {
        // masked error
        return false;
    }
    static $limit = 5;
    $limit -= 1;
    if ($limit < 0) {
        // we have reached the limit in the number of backtraces we will log
        return false;
    }
    // show an error with a full backtrace
    $e = new SimpleSAML_Error_Exception('Error ' . $errno . ' - ' . $errstr);
    $e->logError();
    // resume normal error processing
    return false;
}
set_error_handler('SimpleSAML_error_handler');
$configdir = SimpleSAML\Utils\Config::getConfigDir();
if (!file_exists($configdir . '/config.php')) {
    header('Content-Type: text/plain');
    echo "You have not yet created the simpleSAMLphp configuration files.\n";
    echo "See: https://simplesamlphp.org/docs/devel/simplesamlphp-install-repo\n";
    exit(1);
}
// set the timezone
SimpleSAML\Utils\Time::initTimezone();
コード例 #6
0
ファイル: Consent.php プロジェクト: palantirnet/simplesamlphp
 /**
  * Generate a unique targeted identifier
  *
  * @param string $userid      The user id
  * @param string $source      The source id
  * @param string $destination The destination id
  *
  * @return string SHA1 of the user id, source id, destination id and salt 
  */
 public static function getTargetedID($userid, $source, $destination)
 {
     return hash('sha1', $userid . '|' . SimpleSAML\Utils\Config::getSecretSalt() . '|' . $source . '|' . $destination);
 }
コード例 #7
0
ファイル: Utilities.php プロジェクト: jstormes/simplesamlphp
 /**
  * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\Config::getSecretSalt() instead.
  */
 public static function getSecretSalt()
 {
     return SimpleSAML\Utils\Config::getSecretSalt();
 }
コード例 #8
0
#!/usr/bin/env php
<?php 
$baseDir = dirname(dirname(__FILE__));
require_once $baseDir . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . '_autoload.php';
require_once SimpleSAML\Utils\Config::getConfigDir() . DIRECTORY_SEPARATOR . 'config.php';
# Iterate through configured metadata sources and ensure
# that a PDO source exists.
foreach ($config['metadata.sources'] as $s) {
    # If pdo is configured, create the new handler and add in the metadata sets.
    if ($s['type'] === "pdo") {
        $mdshp = new SimpleSAML_Metadata_MetaDataStorageHandlerPdo($s);
        $mdshp->initDatabase();
        foreach (glob("metadata/*.php") as $filename) {
            $metadata = array();
            require_once $filename;
            $set = basename($filename, ".php");
            echo "importing set '{$set}'..." . PHP_EOL;
            foreach ($metadata as $k => $v) {
                echo "\t{$k}" . PHP_EOL;
                $mdshp->addEntry($k, $set, $v);
            }
        }
    }
}
コード例 #9
0
 /**
  * Apply filter to add the targeted ID.
  *
  * @param array &$state  The current state.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     assert('array_key_exists("Attributes", $state)');
     if ($this->attribute === NULL) {
         if (!array_key_exists('UserID', $state)) {
             throw new Exception('core:TargetedID: Missing UserID for this user. Please' . ' check the \'userid.attribute\' option in the metadata against the' . ' attributes provided by the authentication source.');
         }
         $userID = $state['UserID'];
     } else {
         if (!array_key_exists($this->attribute, $state['Attributes'])) {
             throw new Exception('core:TargetedID: Missing attribute \'' . $this->attribute . '\', which is needed to generate the targeted ID.');
         }
         $userID = $state['Attributes'][$this->attribute][0];
     }
     $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
     if (array_key_exists('Source', $state)) {
         $srcID = self::getEntityId($state['Source']);
     } else {
         $srcID = '';
     }
     if (array_key_exists('Destination', $state)) {
         $dstID = self::getEntityId($state['Destination']);
     } else {
         $dstID = '';
     }
     $uidData = 'uidhashbase' . $secretSalt;
     $uidData .= strlen($srcID) . ':' . $srcID;
     $uidData .= strlen($dstID) . ':' . $dstID;
     $uidData .= strlen($userID) . ':' . $userID;
     $uidData .= $secretSalt;
     $uid = hash('sha1', $uidData);
     if ($this->generateNameId) {
         /* Convert the targeted ID to a SAML 2.0 name identifier element. */
         $nameId = array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'Value' => $uid);
         if (isset($state['Source']['entityid'])) {
             $nameId['NameQualifier'] = $state['Source']['entityid'];
         }
         if (isset($state['Destination']['entityid'])) {
             $nameId['SPNameQualifier'] = $state['Destination']['entityid'];
         }
         $doc = new DOMDocument();
         $root = $doc->createElement('root');
         $doc->appendChild($root);
         SAML2_Utils::addNameId($root, $nameId);
         $uid = $doc->saveXML($root->firstChild);
     }
     $state['Attributes']['eduPersonTargetedID'] = array($uid);
 }
コード例 #10
0
 /**
  * Calculate a signature of some data.
  *
  * This function calculates a signature of the data.
  *
  * @param string $data The data which should be signed.
  *
  * @return string The signed data.
  */
 private static function _sign($data)
 {
     assert('is_string($data)');
     $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
     return sha1($secretSalt . $data . $secretSalt) . ':' . $data;
 }