/** * Get the NameID value. * * @return string|NULL The NameID value. */ protected function getValue(array &$state) { if (!isset($state['Destination']['entityid'])) { SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.'); return NULL; } $spEntityId = $state['Destination']['entityid']; if (!isset($state['Source']['entityid'])) { SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.'); return NULL; } $idpEntityId = $state['Source']['entityid']; if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) { SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.'); return NULL; } if (count($state['Attributes'][$this->attribute]) > 1) { SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.'); return NULL; } $uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */ $uid = $uid[0]; $secretSalt = SimpleSAML_Utilities::getSecretSalt(); $uidData = 'uidhashbase' . $secretSalt; $uidData .= strlen($idpEntityId) . ':' . $idpEntityId; $uidData .= strlen($spEntityId) . ':' . $spEntityId; $uidData .= strlen($uid) . ':' . $uid; $uidData .= $secretSalt; return sha1($uidData); }
/** * @param $secretSalt Must be random and unique per installation * @param $lifeTime Token lifetime in seconds * @param $skew Allowed time skew between server that generates and the one that calculates the token */ public function __construct($lifetime = 900, $secretSalt = NULL, $skew = 1) { if ($secretSalt === NULL) { $secretSalt = SimpleSAML_Utilities::getSecretSalt(); } $this->secretSalt = $secretSalt; $this->lifetime = $lifetime; $this->skew = $skew; }
/** * Get the NameID value. * * @return string|NULL The NameID value. */ protected function getValue(array &$state) { if (!isset($state['Destination']['entityid'])) { SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.'); return; } $spEntityId = $state['Destination']['entityid']; if (!isset($state['Source']['entityid'])) { SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.'); return; } $idpEntityId = $state['Source']['entityid']; if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) { SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.'); return; } if (count($state['Attributes'][$this->attribute]) > 1) { SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.'); return; } $uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */ $uid = $uid[0]; $secretSalt = SimpleSAML_Utilities::getSecretSalt(); $uidData = $spEntityId . '!' . $uid . '!' . $secretSalt; $uid = base64_encode(hash('sha1', $uidData, true)); // Convert the targeted ID to a SAML 2.0 name identifier element. $nameId = array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'Value' => $uid); if (isset($state['Source']['entityid'])) { $nameId['NameQualifier'] = $state['Source']['entityid']; } if (isset($state['Destination']['entityid'])) { $nameId['SPNameQualifier'] = $state['Destination']['entityid']; } $doc = new DOMDocument(); $root = $doc->createElement('root'); $doc->appendChild($root); SAML2_Utils::addNameId($root, $nameId); $uid = $doc->saveXML($root->firstChild); $state['Attributes']['eduPersonTargetedID'] = array($uid); }
/** * Calculate the NameID value that should be used. * * @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP. * @param SimpleSAML_Configuration $dstMetadata The metadata of the SP. * @param array &$state The authentication state of the user. * @return string The NameID value. */ private static function generateNameIdValue(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, array &$state) { $attribute = $spMetadata->getString('simplesaml.nameidattribute', NULL); if ($attribute === NULL) { $attribute = $idpMetadata->getString('simplesaml.nameidattribute', NULL); if ($attribute === NULL) { if (!isset($state['UserID'])) { SimpleSAML_Logger::error('Unable to generate NameID. Check the userid.attribute option.'); } $attributeValue = $state['UserID']; $idpEntityId = $idpMetadata->getString('entityid'); $spEntityId = $spMetadata->getString('entityid'); $secretSalt = SimpleSAML_Utilities::getSecretSalt(); $uidData = 'uidhashbase' . $secretSalt; $uidData .= strlen($idpEntityId) . ':' . $idpEntityId; $uidData .= strlen($spEntityId) . ':' . $spEntityId; $uidData .= strlen($attributeValue) . ':' . $attributeValue; $uidData .= $secretSalt; return hash('sha1', $uidData); } } $attributes = $state['Attributes']; if (!array_key_exists($attribute, $attributes)) { SimpleSAML_Logger::error('Unable to add NameID: Missing ' . var_export($attribute, TRUE) . ' in the attributes of the user.'); return NULL; } return $attributes[$attribute][0]; }
/** * Generate a unique targeted identifier * * @param string $userid The user id * @param string $source The source id * @param string $destination The destination id * * @return string SHA1 of the user id, source id, destination id and salt */ public static function getTargetedID($userid, $source, $destination) { return hash('sha1', $userid . '|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $source . '|' . $destination); }
/** * Calculate a signature of some data. * * This function calculates a signature of the data. * * @param string $data The data which should be signed. * * @return string The signed data. */ private static function _sign($data) { assert('is_string($data)'); $secretSalt = SimpleSAML_Utilities::getSecretSalt(); return sha1($secretSalt . $data . $secretSalt) . ':' . $data; }
<?php $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); $ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php'); $ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php'); $debug = $ldapconfig->getValue('ldapDebug', FALSE); $orgs = $ldapconfig->getValue('organizations'); $locationTemplate = $ldapconfig->getValue('locationTemplate'); if (array_key_exists('orgtest', $_REQUEST)) { $orgtest = $_REQUEST['orgtest']; if (!array_key_exists($orgtest, $orgs)) { throw new SimpleSAML_Error_NotFound('The organization ' . var_export($orgtest, TRUE) . ' could not be found.'); } $orgConfig = SimpleSAML_Configuration::loadFromArray($orgs[$orgtest], 'org:[' . $orgtest . ']'); $secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $_REQUEST['orgtest']); $secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('orgtest' => $_REQUEST['orgtest'], 'key' => $secretKey)); } else { $orgtest = NULL; $orgConfig = NULL; $secretKey = NULL; $secretURL = NULL; } $authsource = $ldapconfig->getString('ldapstatusAuth', NULL); if ($session->isValid($authsource)) { $attributes = $session->getAttributes(); } else { $attributes = array(); } $useridattr = $ldapconfig->getString('useridattr', 'eduPersonPrincipalName'); if (isset($attributes[$useridattr][0])) {
} if (!array_key_exists('token', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing authToken.'); } $token = $_REQUEST['token']; if ($token !== $authTokenContactsSP) { throw new SimpleSAML_Error_Exception('Invalid AuthToken'); } $ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php'); $ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php'); $debug = $ldapconfig->getValue('ldapDebug', FALSE); $orgs = $ldapconfig->getValue('organizations'); $locationTemplate = $ldapconfig->getValue('locationTemplate'); $isAdmin = FALSE; $secretURL = NULL; $ignore = ''; if (array_key_exists('ignore', $_REQUEST)) { $ignore = '&ignore=' . $_REQUEST['ignore']; } $secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|hobbit'); $secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('key' => $secretKey)); function generateSecret($salt, $orgtest) { $secretKey = sha1('ldapstatus|' . $salt . '|' . $orgtest); return $secretKey; } header('Content-Type: text/plain'); foreach ($orgs as $orgkey => $org) { $url = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLhost() . SimpleSAML_Utilities::getFirstPathElement() . '/module.php/ldapstatus/', array('orgtest' => $orgkey, 'output' => 'text', 'key' => generateSecret(SimpleSAML_Utilities::getSecretSalt(), $orgkey))); echo "0.0.0.0 " . $orgkey . " # noconn feidesjekk:" . $url . $ignore . ";OOOKKK\n"; }
/** * Apply filter to add the targeted ID. * * @param array &$state The current state. */ public function process(&$state) { assert('is_array($state)'); assert('array_key_exists("Attributes", $state)'); if ($this->attribute === NULL) { if (!array_key_exists('UserID', $state)) { throw new Exception('core:TargetedID: Missing UserID for this user. Please' . ' check the \'userid.attribute\' option in the metadata against the' . ' attributes provided by the authentication source.'); } $userID = $state['UserID']; } else { if (!array_key_exists($this->attribute, $state['Attributes'])) { throw new Exception('core:TargetedID: Missing attribute \'' . $this->attribute . '\', which is needed to generate the targeted ID.'); } $userID = $state['Attributes'][$this->attribute][0]; } $secretSalt = SimpleSAML_Utilities::getSecretSalt(); if (array_key_exists('Source', $state)) { $srcID = self::getEntityId($state['Source']); } else { $srcID = ''; } if (array_key_exists('Destination', $state)) { $dstID = self::getEntityId($state['Destination']); } else { $dstID = ''; } $uidData = 'uidhashbase' . $secretSalt; $uidData .= strlen($srcID) . ':' . $srcID; $uidData .= strlen($dstID) . ':' . $dstID; $uidData .= strlen($userID) . ':' . $userID; $uidData .= $secretSalt; $uid = hash('sha1', $uidData); if ($this->generateNameId) { /* Convert the targeted ID to a SAML 2.0 name identifier element. */ $nameId = array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'Value' => $uid); if (isset($state['Source']['entityid'])) { $nameId['NameQualifier'] = $state['Source']['entityid']; } if (isset($state['Destination']['entityid'])) { $nameId['SPNameQualifier'] = $state['Destination']['entityid']; } $doc = new DOMDocument(); $root = $doc->createElement('root'); $doc->appendChild($root); SAML2_Utils::addNameId($root, $nameId); $uid = $doc->saveXML($root->firstChild); } $state['Attributes']['eduPersonTargetedID'] = array($uid); }