public function getMetadata() { $idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php'; $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleSignOnService.php', 'SingleLogoutService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleLogoutService.php', 'certificate' => 'server.crt'); $metaArrayConfig = SimpleSAML_Configuration::loadFromArray($metaArray); $certInfo = SimpleSAML_Utilities::loadPublicKey($metaArrayConfig, TRUE); $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addMetadataIdP20($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $metaBuilder->addContact('technical', array('emailAddress' => $this->config->getString('technicalcontact_email', NULL), 'name' => $this->config->getString('technicalcontact_name', NULL))); $metaxml = $metaBuilder->getEntityDescriptorText(); return $metaxml; }
public function getMetadataDocument() { // Get metadata entries $entities = $this->getSources(); // Generate XML Document $xml = new DOMDocument(); $entitiesDescriptor = $xml->createElementNS('urn:oasis:names:tc:SAML:2.0:metadata', 'EntitiesDescriptor'); $entitiesDescriptor->setAttribute('Name', $this->id); $xml->appendChild($entitiesDescriptor); $maxDuration = $this->getMaxDuration(); $reconstruct = $this->getReconstruct(); /* Build EntityDescriptor elements for them. */ foreach ($entities as $entity => $sets) { $entityDescriptor = NULL; foreach ($sets as $set => $metadata) { if (!array_key_exists('entityDescriptor', $metadata)) { /* One of the sets doesn't contain an EntityDescriptor element. */ $entityDescriptor = FALSE; break; } if ($entityDescriptor == NULL) { /* First EntityDescriptor elements. */ $entityDescriptor = $metadata['entityDescriptor']; continue; } assert('is_string($entityDescriptor)'); if ($entityDescriptor !== $metadata['entityDescriptor']) { /* Entity contains multiple different EntityDescriptor elements. */ $entityDescriptor = FALSE; break; } } if (is_string($entityDescriptor) && !$reconstruct) { /* All metadata sets for the entity contain the same entity descriptor. Use that one. */ $tmp = new DOMDocument(); $tmp->loadXML(base64_decode($entityDescriptor)); $entityDescriptor = $tmp->documentElement; } else { $tmp = new SimpleSAML_Metadata_SAMLBuilder($entity, $maxDuration, $maxDuration); $orgmeta = NULL; foreach ($sets as $set => $metadata) { $tmp->addMetadata($set, $metadata); $orgmeta = $metadata; } $tmp->addOrganizationInfo($orgmeta); $entityDescriptor = $tmp->getEntityDescriptor(); } $entitiesDescriptor->appendChild($xml->importNode($entityDescriptor, TRUE)); } /* Sign the metadata if enabled. */ if ($this->shouldSign()) { $signer = new SimpleSAML_XML_Signer($this->getSigningInfo()); $signer->sign($entitiesDescriptor, $entitiesDescriptor, $entitiesDescriptor->firstChild); } return $xml; }
$metaArray11 = array('AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/' . $sourceId)); $spconfig = $source->getMetadata(); if ($spconfig->getBoolean('saml11.binding.artifact.enable', FALSE)) { $metaArray11['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/' . $sourceId . '/artifact'); } $metaArray20 = array('AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $sourceId), 'SingleLogoutService' => SimpleSAML_Module::getModuleURL('saml/sp/saml2-logout.php/' . $sourceId)); if ($spconfig->getBoolean('saml20.binding.artifact.enable', FALSE)) { $metaArray20['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $sourceId); } $certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig->toArray()); if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) { $certData = $certInfo['certData']; $metaArray11['certData'] = $certData; $metaArray20['certData'] = $certData; } $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId); $metaBuilder->addMetadataSP11($metaArray11); $metaBuilder->addMetadataSP20($metaArray20); $config = SimpleSAML_Configuration::getInstance(); $metaBuilder->addContact('technical', array('emailAddress' => $config->getString('technicalcontact_email', NULL), 'name' => $config->getString('technicalcontact_name', NULL))); $xml = $metaBuilder->getEntityDescriptorText(); if (array_key_exists('output', $_REQUEST) && $_REQUEST['output'] == 'xhtml') { $t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin'); $t->data['header'] = 'saml20-sp'; $t->data['metadata'] = htmlspecialchars($xml); $t->data['metadataflat'] = '$metadata[' . var_export($entityId, TRUE) . '] = ' . var_export($metaArray20, TRUE) . ';'; $t->data['metaurl'] = $source->getMetadataURL(); $t->data['idpsend'] = array(); $t->data['sentok'] = FALSE; $t->data['adminok'] = FALSE; $t->data['adminlogin'] = NULL;
$metaArray['scope'] = $idpmeta->getArray('scope'); } if ($idpmeta->hasValue('EntityAttributes')) { $metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes'); } if ($idpmeta->hasValue('UIInfo')) { $metaArray['UIInfo'] = $idpmeta->getArray('UIInfo'); } if ($idpmeta->hasValue('DiscoHints')) { $metaArray['DiscoHints'] = $idpmeta->getArray('DiscoHints'); } if ($idpmeta->hasValue('RegistrationInfo')) { $metaArray['RegistrationInfo'] = $idpmeta->getArray('RegistrationInfo'); } $metaflat = '$metadata[' . var_export($idpentityid, true) . '] = ' . var_export($metaArray, true) . ';'; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addSecurityTokenServiceType($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $technicalContactEmail = $config->getString('technicalcontact_email', null); if ($technicalContactEmail && $technicalContactEmail !== '*****@*****.**') { $metaBuilder->addContact('technical', \SimpleSAML\Utils\Config\Metadata::getContact(array('emailAddress' => $technicalContactEmail, 'name' => $config->getString('technicalcontact_name', null), 'contactType' => 'technical'))); } $output_xhtml = array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml'; $metaxml = $metaBuilder->getEntityDescriptorText($output_xhtml); if (!$output_xhtml) { $metaxml = str_replace("\n", '', $metaxml); } // sign the metadata if enabled $metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'ADFS IdP'); if ($output_xhtml) { $defaultidp = $config->getString('default-adfs-idp', null);
if (count($keys) === 1) { $metaArray['certData'] = $keys[0]['X509Certificate']; } else { $metaArray['keys'] = $keys; } $metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:mace:shibboleth:1.0:nameIdentifier'); if ($idpmeta->hasValue('OrganizationName')) { $metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName'); $metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']); if (!$idpmeta->hasValue('OrganizationURL')) { throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.'); } $metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL'); } $metaflat = '$metadata[' . var_export($idpentityid, true) . '] = ' . var_export($metaArray, true) . ';'; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addMetadataIdP11($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $metaBuilder->addContact('technical', \SimpleSAML\Utils\Config\Metadata::getContact(array('emailAddress' => $config->getString('technicalcontact_email', null), 'name' => $config->getString('technicalcontact_name', null), 'contactType' => 'technical'))); $metaxml = $metaBuilder->getEntityDescriptorText(); // sign the metadata if enabled $metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'Shib 1.3 IdP'); if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') { $defaultidp = $config->getString('default-shib13-idp', null); $t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin'); $t->data['clipboard.js'] = true; $t->data['header'] = 'shib13-idp'; $t->data['metaurl'] = \SimpleSAML\Utils\HTTP::addURLParameters(\SimpleSAML\Utils\HTTP::getSelfURLNoQuery(), array('output' => 'xml')); $t->data['metadata'] = htmlspecialchars($metaxml); $t->data['metadataflat'] = htmlspecialchars($metaflat); $t->data['defaultidp'] = $defaultidp;
// add additional contacts $contacts = $spconfig->getArray('contacts', array()); // add certificate if (count($keys) === 1) { $metaArray20['certData'] = $keys[0]['X509Certificate']; } elseif (count($keys) > 1) { $metaArray20['keys'] = $keys; } // add UIInfo extension if ($spconfig->hasValue('UIInfo')) { $metaArray20['UIInfo'] = $spconfig->getArray('UIInfo'); } $supported_protocols = array('urn:oasis:names:tc:SAML:1.1:protocol', SAML2_Const::NS_SAMLP); $metaArray20['metadata-set'] = 'saml20-sp-remote'; $metaArray20['entityid'] = $entityId; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId); $metaBuilder->addMetadataSP20($metaArray20, $supported_protocols); $metaBuilder->addOrganizationInfo($metaArray20); if (!empty($contact)) { $metaBuilder->addContact('technical', $contact); } foreach ($contacts as $c) { $metaBuilder->addContact($c['contactType'], $c); } $xml = $metaBuilder->getEntityDescriptorText(); unset($metaArray20['attributes.required']); unset($metaArray20['UIInfo']); unset($metaArray20['metadata-set']); unset($metaArray20['entityid']); /* Sign the metadata if enabled. */ $xml = SimpleSAML_Metadata_Signer::sign($xml, $spconfig->toArray(), 'SAML 2 SP');
$metaArray['redirect.sign'] = $idpmeta->getBoolean('redirect.validate'); } if ($idpmeta->hasValue('contacts')) { $contacts = $idpmeta->getArray('contacts'); foreach ($contacts as $contact) { $metaArray['contacts'][] = \SimpleSAML\Utils\Config\Metadata::getContact($contact); } } $technicalContactEmail = $config->getString('technicalcontact_email', false); if ($technicalContactEmail && $technicalContactEmail !== '*****@*****.**') { $techcontact['emailAddress'] = $technicalContactEmail; $techcontact['name'] = $config->getString('technicalcontact_name', null); $techcontact['contactType'] = 'technical'; $metaArray['contacts'][] = \SimpleSAML\Utils\Config\Metadata::getContact($techcontact); } $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addMetadataIdP20($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $metaxml = $metaBuilder->getEntityDescriptorText(); $metaflat = '$metadata[' . var_export($idpentityid, true) . '] = ' . var_export($metaArray, true) . ';'; // sign the metadata if enabled $metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'SAML 2 IdP'); if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') { $defaultidp = $config->getString('default-saml20-idp', null); $t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin'); $t->data['clipboard.js'] = true; $t->data['available_certs'] = $availableCerts; $t->data['header'] = 'saml20-idp'; $t->data['metaurl'] = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery(); $t->data['metadata'] = htmlspecialchars($metaxml); $t->data['metadataflat'] = htmlspecialchars($metaflat);
$metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL'); } if ($idpmeta->hasValue('scope')) { $metaArray['scope'] = $idpmeta->getArray('scope'); } if ($idpmeta->hasValue('EntityAttributes')) { $metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes'); } if ($idpmeta->hasValue('UIInfo')) { $metaArray['UIInfo'] = $idpmeta->getArray('UIInfo'); } if ($idpmeta->hasValue('DiscoHints')) { $metaArray['DiscoHints'] = $idpmeta->getArray('DiscoHints'); } $metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';'; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addMetadataIdP20($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $technicalContactEmail = $config->getString('technicalcontact_email', NULL); if ($technicalContactEmail && $technicalContactEmail !== '*****@*****.**') { $metaBuilder->addContact('technical', array('emailAddress' => $technicalContactEmail, 'name' => $config->getString('technicalcontact_name', NULL))); } $metaxml = $metaBuilder->getEntityDescriptorText(); /* Sign the metadata if enabled. */ $metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'SAML 2 IdP'); if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') { $defaultidp = $config->getString('default-saml20-idp', NULL); $t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin'); $t->data['available_certs'] = $availableCerts; $t->data['header'] = 'saml20-idp'; $t->data['metaurl'] = SimpleSAML_Utilities::selfURLNoQuery();
if ($spconfig->hasValue('RegistrationInfo')) { $metaArray20['RegistrationInfo'] = $spconfig->getArray('RegistrationInfo'); } // add signature options if ($spconfig->hasValue('WantAssertionsSigned')) { $metaArray20['saml20.sign.assertion'] = $spconfig->getBoolean('WantAssertionsSigned'); } if ($spconfig->hasValue('redirect.sign')) { $metaArray20['redirect.validate'] = $spconfig->getBoolean('redirect.sign'); } elseif ($spconfig->hasValue('sign.authnrequest')) { $metaArray20['validate.authnrequest'] = $spconfig->getBoolean('sign.authnrequest'); } $supported_protocols = array('urn:oasis:names:tc:SAML:1.1:protocol', SAML2_Const::NS_SAMLP); $metaArray20['metadata-set'] = 'saml20-sp-remote'; $metaArray20['entityid'] = $entityId; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId); $metaBuilder->addMetadataSP20($metaArray20, $supported_protocols); $metaBuilder->addOrganizationInfo($metaArray20); $xml = $metaBuilder->getEntityDescriptorText(); unset($metaArray20['UIInfo']); unset($metaArray20['metadata-set']); unset($metaArray20['entityid']); // sanitize the attributes array to remove friendly names if (isset($metaArray20['attributes']) && is_array($metaArray20['attributes'])) { $metaArray20['attributes'] = array_values($metaArray20['attributes']); } /* Sign the metadata if enabled. */ $xml = SimpleSAML_Metadata_Signer::sign($xml, $spconfig->toArray(), 'SAML 2 SP'); if (array_key_exists('output', $_REQUEST) && $_REQUEST['output'] == 'xhtml') { $t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin'); $t->data['header'] = 'saml20-sp';
/** * Test the requeste attributes are valued correctly. */ public function testAttributes() { $entityId = 'https://entity.example.com/id'; // test SP20 array parsing, no friendly name $set = 'saml20-sp-remote'; $metadata = array('entityid' => $entityId, 'name' => array('en' => 'Test SP'), 'metadata-set' => $set, 'attributes' => array('urn:oid:1.3.6.1.4.1.5923.1.1.1.10', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', 'urn:oid:0.9.2342.19200300.100.1.3', 'urn:oid:2.5.4.3')); $samlBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId); $samlBuilder->addMetadata($set, $metadata); $spDesc = $samlBuilder->getEntityDescriptor(); $acs = $spDesc->getElementsByTagName("AttributeConsumingService"); $this->assertEquals(1, $acs->length); $attributes = $acs->item(0)->getElementsByTagName("RequestedAttribute"); $this->assertEquals(4, $attributes->length); for ($c = 0; $c < $attributes->length; $c++) { $curAttribute = $attributes->item($c); $this->assertTrue($curAttribute->hasAttribute("Name")); $this->assertFalse($curAttribute->hasAttribute("FriendlyName")); $this->assertEquals($metadata['attributes'][$c], $curAttribute->getAttribute("Name")); } // test SP20 array parsing, no friendly name $set = 'saml20-sp-remote'; $metadata = array('entityid' => $entityId, 'name' => array('en' => 'Test SP'), 'metadata-set' => $set, 'attributes' => array('eduPersonTargetedID' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10', 'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', 'eduPersonOrgDN' => 'urn:oid:0.9.2342.19200300.100.1.3', 'cn' => 'urn:oid:2.5.4.3')); $samlBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId); $samlBuilder->addMetadata($set, $metadata); $spDesc = $samlBuilder->getEntityDescriptor(); $acs = $spDesc->getElementsByTagName("AttributeConsumingService"); $this->assertEquals(1, $acs->length); $attributes = $acs->item(0)->getElementsByTagName("RequestedAttribute"); $this->assertEquals(4, $attributes->length); $keys = array_keys($metadata['attributes']); for ($c = 0; $c < $attributes->length; $c++) { $curAttribute = $attributes->item($c); $this->assertTrue($curAttribute->hasAttribute("Name")); $this->assertTrue($curAttribute->hasAttribute("FriendlyName")); $this->assertEquals($metadata['attributes'][$keys[$c]], $curAttribute->getAttribute("Name")); $this->assertEquals($keys[$c], $curAttribute->getAttribute("FriendlyName")); } // test SP13 array parsing, no friendly name $set = 'shib13-sp-remote'; $metadata = array('entityid' => $entityId, 'name' => array('en' => 'Test SP'), 'metadata-set' => $set, 'attributes' => array('urn:oid:1.3.6.1.4.1.5923.1.1.1.10', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', 'urn:oid:0.9.2342.19200300.100.1.3', 'urn:oid:2.5.4.3')); $samlBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId); $samlBuilder->addMetadata($set, $metadata); $spDesc = $samlBuilder->getEntityDescriptor(); $acs = $spDesc->getElementsByTagName("AttributeConsumingService"); $this->assertEquals(1, $acs->length); $attributes = $acs->item(0)->getElementsByTagName("RequestedAttribute"); $this->assertEquals(4, $attributes->length); for ($c = 0; $c < $attributes->length; $c++) { $curAttribute = $attributes->item($c); $this->assertTrue($curAttribute->hasAttribute("Name")); $this->assertFalse($curAttribute->hasAttribute("FriendlyName")); $this->assertEquals($metadata['attributes'][$c], $curAttribute->getAttribute("Name")); } // test SP20 array parsing, no friendly name $set = 'shib13-sp-remote'; $metadata = array('entityid' => $entityId, 'name' => array('en' => 'Test SP'), 'metadata-set' => $set, 'attributes' => array('eduPersonTargetedID' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10', 'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', 'eduPersonOrgDN' => 'urn:oid:0.9.2342.19200300.100.1.3', 'cn' => 'urn:oid:2.5.4.3')); $samlBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId); $samlBuilder->addMetadata($set, $metadata); $spDesc = $samlBuilder->getEntityDescriptor(); $acs = $spDesc->getElementsByTagName("AttributeConsumingService"); $this->assertEquals(1, $acs->length); $attributes = $acs->item(0)->getElementsByTagName("RequestedAttribute"); $this->assertEquals(4, $attributes->length); $keys = array_keys($metadata['attributes']); for ($c = 0; $c < $attributes->length; $c++) { $curAttribute = $attributes->item($c); $this->assertTrue($curAttribute->hasAttribute("Name")); $this->assertTrue($curAttribute->hasAttribute("FriendlyName")); $this->assertEquals($metadata['attributes'][$keys[$c]], $curAttribute->getAttribute("Name")); $this->assertEquals($keys[$c], $curAttribute->getAttribute("FriendlyName")); } }
public function getMetadataDocument() { // Get metadata entries $entities = $this->getSources(); $maxDuration = $this->getMaxDuration(); $reconstruct = $this->getReconstruct(); $entitiesDescriptor = new SAML2_XML_md_EntitiesDescriptor(); $entitiesDescriptor->Name = $this->id; $entitiesDescriptor->validUntil = time() + $maxDuration; // add RegistrationInfo extension if enabled if ($this->gConfig->hasValue('RegistrationInfo')) { $ri = new SAML2_XML_mdrpi_RegistrationInfo(); foreach ($this->gConfig->getArray('RegistrationInfo') as $riName => $riValues) { switch ($riName) { case 'authority': $ri->registrationAuthority = $riValues; break; case 'instant': $ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues); break; case 'policies': $ri->RegistrationPolicy = $riValues; break; } } $entitiesDescriptor->Extensions[] = $ri; } /* Build EntityDescriptor elements for them. */ foreach ($entities as $entity => $sets) { $entityDescriptor = NULL; foreach ($sets as $set => $metadata) { if (!array_key_exists('entityDescriptor', $metadata)) { /* One of the sets doesn't contain an EntityDescriptor element. */ $entityDescriptor = FALSE; break; } if ($entityDescriptor == NULL) { /* First EntityDescriptor elements. */ $entityDescriptor = $metadata['entityDescriptor']; continue; } assert('is_string($entityDescriptor)'); if ($entityDescriptor !== $metadata['entityDescriptor']) { /* Entity contains multiple different EntityDescriptor elements. */ $entityDescriptor = FALSE; break; } } if (is_string($entityDescriptor) && !$reconstruct) { /* All metadata sets for the entity contain the same entity descriptor. Use that one. */ $tmp = new DOMDocument(); $tmp->loadXML(base64_decode($entityDescriptor)); $entitiesDescriptor->children[] = new SAML2_XML_md_EntityDescriptor($tmp->documentElement); } else { $tmp = new SimpleSAML_Metadata_SAMLBuilder($entity, $maxDuration, $maxDuration); $orgmeta = NULL; foreach ($sets as $set => $metadata) { $tmp->addMetadata($set, $metadata); $orgmeta = $metadata; } $tmp->addOrganizationInfo($orgmeta); $entitiesDescriptor->children[] = $tmp->getEntityDescriptor(); } } $document = $entitiesDescriptor->toXML(); // sign the metadata if enabled if ($this->shouldSign()) { $signer = new SimpleSAML_XML_Signer($this->getSigningInfo()); $signer->sign($document, $document, $document->firstChild); } return $document; }
private static function getMetadata($eid, $revision, $type = null, array $option = null) { assert('ctype_digit($eid)'); assert('ctype_digit($revision)'); $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); if (!($entity = $entityController->setEntity($eid, $revision))) { self::$_error = array('Entity could not be loaded - Eid: ' . $eid . ' Revisionid: ' . $revision); return false; } $metadata_raw = $entityController->getMetadata(); // Get metadata fields $nm_mb = new sspmod_janus_MetadataFieldBuilder($janus_config->getArray('metadatafields.' . $entity->getType())); $metadatafields_required = $nm_mb->getMetadataFields(); // Get required metadata fields $required = array(); foreach ($metadatafields_required as $mf) { if (isset($mf->required) && $mf->required === true) { $required[] = $mf->name; } } // Get metadata to me tested $metadata = array(); foreach ($metadata_raw as $k => $v) { // Metadata field not defined if (!isset($metadatafields_required[$v->getKey()])) { continue; } // Value not set for metadata if (is_string($v->getValue()) && $v->getValue() == '') { continue; } // Compute is the default values is allowed $default_allow = false; if (isset($metadatafields_required[$v->getKey()]->default_allow) && is_bool($metadatafields_required[$v->getKey()]->default_allow)) { $default_allow = $metadatafields_required[$v->getKey()]->default_allow; } /* * Do not include metadata if value is set to default and default * is not allowed. */ if (!$default_allow && (isset($metadatafields_required[$v->getKey()]->default) && $v->getValue() == $metadatafields_required[$v->getKey()]->default)) { continue; } $metadata[] = $v->getKey(); } // Compute missing metadata that is required $missing_required = array_diff($required, $metadata); $entityId = $entity->getEntityid(); if (!empty($missing_required)) { SimpleSAML_Logger::error('JANUS - Missing required metadata fields. Entity_id:' . $entityId); self::$_error = $missing_required; return false; } try { $metaArray = $entityController->getMetaArray(); $metaArray['eid'] = $eid; $blockedEntities = $entityController->getBlockedEntities(); $allowedEntities = $entityController->getAllowedEntities(); $disabledConsent = $entityController->getDisableConsent(); $metaFlat = '// Revision: ' . $entity->getRevisionid() . "\n"; $metaFlat .= var_export($entityId, TRUE) . ' => ' . var_export($metaArray, TRUE) . ','; // Add authproc filter to block blocked entities if (!empty($blockedEntities) || !empty($allowedEntities)) { $metaFlat = substr($metaFlat, 0, -2); if (!empty($allowedEntities)) { $metaFlat .= " 'allowed' => array(\n"; $metaArray['allowed'] = array(); foreach ($allowedEntities as $allowedEntity) { $metaFlat .= " '" . $allowedEntity['remoteentityid'] . "',\n"; $metaArray['allowed'][] = $allowedEntity['remoteentityid']; } $metaFlat .= " ),\n"; } if (!empty($blockedEntities)) { $metaFlat .= " 'blocked' => array(\n"; $metaArray['blocked'] = array(); foreach ($blockedEntities as $blockedEntity) { $metaFlat .= " '" . $blockedEntity['remoteentityid'] . "',\n"; $metaArray['blocked'][] = $blockedEntity['remoteentityid']; } $metaFlat .= " ),\n"; } $metaFlat .= '),'; } // Add disable consent if (!empty($disabledConsent)) { $metaFlat = substr($metaFlat, 0, -2); $metaFlat .= " 'consent.disable' => array(\n"; foreach ($disabledConsent as $key => $value) { $metaFlat .= " '" . $key . "',\n"; } $metaFlat .= " ),\n"; $metaFlat .= '),'; } $maxCache = isset($option['maxCache']) ? $option['maxCache'] : null; $maxDuration = isset($option['maxDuration']) ? $option['maxDuration'] : null; try { $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId, $maxCache, $maxDuration); $metaBuilder->addMetadata($metaArray['metadata-set'], $metaArray); } catch (Exception $e) { SimpleSAML_Logger::error('JANUS - Entity_id:' . $entityId . ' - Error generating XML metadata - ' . var_export($e, true)); self::$_error = array('Error generating XML metadata - ' . $e->getMessage()); return false; } // Add organization info if (!empty($metaArray['OrganizationName']) && !empty($metaArray['OrganizationDisplayName']) && !empty($metaArray['OrganizationURL'])) { $metaBuilder->addOrganizationInfo(array('OrganizationName' => $metaArray['OrganizationName'], 'OrganizationDisplayName' => $metaArray['OrganizationDisplayName'], 'OrganizationURL' => $metaArray['OrganizationURL'])); } // Add contact info if (!empty($metaArray['contact'])) { $metaBuilder->addContact('technical', $metaArray['contact']); } switch ($type) { case self::XML: return $metaBuilder->getEntityDescriptor(); case self::XMLREADABLE: return $metaBuilder->getEntityDescriptorText(); case self::PHPARRAY: return $metaArray; case self::FLATFILE: default: return $metaFlat; } } catch (Exception $exception) { $session = SimpleSAML_Session::getInstance(); SimpleSAML_Utilities::fatalError($session->getTrackID(), 'JANUS - Metadatageneration', $exception); return false; } }
$metaArray['scope'] = $idpmeta->getArray('scope'); } if ($idpmeta->hasValue('EntityAttributes')) { $metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes'); } if ($idpmeta->hasValue('UIInfo')) { $metaArray['UIInfo'] = $idpmeta->getArray('UIInfo'); } if ($idpmeta->hasValue('DiscoHints')) { $metaArray['DiscoHints'] = $idpmeta->getArray('DiscoHints'); } if ($idpmeta->hasValue('RegistrationInfo')) { $metaArray['RegistrationInfo'] = $idpmeta->getArray('RegistrationInfo'); } $metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';'; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addSecurityTokenServiceType($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $technicalContactEmail = $config->getString('technicalcontact_email', NULL); if ($technicalContactEmail && $technicalContactEmail !== '*****@*****.**') { $metaBuilder->addContact('technical', array('emailAddress' => $technicalContactEmail, 'name' => $config->getString('technicalcontact_name', NULL))); } $output_xhtml = array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml'; $metaxml = $metaBuilder->getEntityDescriptorText($output_xhtml); if (!$output_xhtml) { $metaxml = str_replace("\n", '', $metaxml); } /* Sign the metadata if enabled. */ $metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'ADFS IdP'); if ($output_xhtml) { $defaultidp = $config->getString('default-adfs-idp', NULL);
$metaArray['keys'] = $keys; } $metaArray['NameIDFormat'] = array(SAML2_Const::NAMEID_PERSISTENT, SAML2_Const::NAMEID_TRANSIENT); if ($aameta->hasValue('OrganizationName')) { $metaArray['OrganizationName'] = $aameta->getLocalizedString('OrganizationName'); $metaArray['OrganizationDisplayName'] = $aameta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']); if (!$aameta->hasValue('OrganizationURL')) { throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.'); } $metaArray['OrganizationURL'] = $aameta->getLocalizedString('OrganizationURL'); } if ($aameta->hasValue('scope')) { $metaArray['scope'] = $aameta->getArray('scope'); } $metaflat = '$metadata[' . var_export($aaentityid, true) . '] = ' . var_export($metaArray, true) . ';'; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($aaentityid); $metaBuilder->addAttributeAuthority($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $technicalContactEmail = $config->getString('technicalcontact_email', null); $technicalContactName = $config->getString('technicalcontact_name', null); if ($technicalContactEmail and $technicalContactEmail !== '*****@*****.**') { $metaBuilder->addContact('technical', array('contactType' => 'technical', 'emailAddress' => $technicalContactEmail, 'name' => $technicalContactName)); } $metaxml = $metaBuilder->getEntityDescriptorText(); /* Sign the metadata if enabled. */ $metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $aameta->toArray(), 'SAML 2 IdP'); if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') { $defaultaa = null; $t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin'); $t->data['header'] = 'saml20-aa'; $t->data['metaurl'] = SimpleSAML_Utilities::selfURLNoQuery();