/**
* Get the NameID value.
*
* @return string|NULL The NameID value.
*/
protected function getValue(array &$state)
{
if (!isset($state['Destination']['entityid'])) {
SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.');
return NULL;
}
$spEntityId = $state['Destination']['entityid'];
if (!isset($state['Source']['entityid'])) {
SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.');
return NULL;
}
$idpEntityId = $state['Source']['entityid'];
if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
return NULL;
}
if (count($state['Attributes'][$this->attribute]) > 1) {
SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
return NULL;
}
$uid = array_values($state['Attributes'][$this->attribute]);
/* Just in case the first index is no longer 0. */
$uid = $uid[0];
$secretSalt = SimpleSAML_Utilities::getSecretSalt();
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
$uidData .= strlen($spEntityId) . ':' . $spEntityId;
$uidData .= strlen($uid) . ':' . $uid;
$uidData .= $secretSalt;
return sha1($uidData);
}
/**
* @param $secretSalt Must be random and unique per installation
* @param $lifeTime Token lifetime in seconds
* @param $skew Allowed time skew between server that generates and the one that calculates the token
*/
public function __construct($lifetime = 900, $secretSalt = NULL, $skew = 1)
{
if ($secretSalt === NULL) {
$secretSalt = SimpleSAML_Utilities::getSecretSalt();
}
$this->secretSalt = $secretSalt;
$this->lifetime = $lifetime;
$this->skew = $skew;
}
/**
* Get the NameID value.
*
* @return string|NULL The NameID value.
*/
protected function getValue(array &$state)
{
if (!isset($state['Destination']['entityid'])) {
SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.');
return;
}
$spEntityId = $state['Destination']['entityid'];
if (!isset($state['Source']['entityid'])) {
SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.');
return;
}
$idpEntityId = $state['Source']['entityid'];
if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
return;
}
if (count($state['Attributes'][$this->attribute]) > 1) {
SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, true) . ' on user - not generating persistent NameID.');
return;
}
$uid = array_values($state['Attributes'][$this->attribute]);
/* Just in case the first index is no longer 0. */
$uid = $uid[0];
$secretSalt = SimpleSAML_Utilities::getSecretSalt();
$uidData = $spEntityId . '!' . $uid . '!' . $secretSalt;
$uid = base64_encode(hash('sha1', $uidData, true));
// Convert the targeted ID to a SAML 2.0 name identifier element.
$nameId = array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'Value' => $uid);
if (isset($state['Source']['entityid'])) {
$nameId['NameQualifier'] = $state['Source']['entityid'];
}
if (isset($state['Destination']['entityid'])) {
$nameId['SPNameQualifier'] = $state['Destination']['entityid'];
}
$doc = new DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);
SAML2_Utils::addNameId($root, $nameId);
$uid = $doc->saveXML($root->firstChild);
$state['Attributes']['eduPersonTargetedID'] = array($uid);
}
/**
* Calculate the NameID value that should be used.
*
* @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP.
* @param SimpleSAML_Configuration $dstMetadata The metadata of the SP.
* @param array &$state The authentication state of the user.
* @return string The NameID value.
*/
private static function generateNameIdValue(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, array &$state)
{
$attribute = $spMetadata->getString('simplesaml.nameidattribute', NULL);
if ($attribute === NULL) {
$attribute = $idpMetadata->getString('simplesaml.nameidattribute', NULL);
if ($attribute === NULL) {
if (!isset($state['UserID'])) {
SimpleSAML_Logger::error('Unable to generate NameID. Check the userid.attribute option.');
}
$attributeValue = $state['UserID'];
$idpEntityId = $idpMetadata->getString('entityid');
$spEntityId = $spMetadata->getString('entityid');
$secretSalt = SimpleSAML_Utilities::getSecretSalt();
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
$uidData .= strlen($spEntityId) . ':' . $spEntityId;
$uidData .= strlen($attributeValue) . ':' . $attributeValue;
$uidData .= $secretSalt;
return hash('sha1', $uidData);
}
}
$attributes = $state['Attributes'];
if (!array_key_exists($attribute, $attributes)) {
SimpleSAML_Logger::error('Unable to add NameID: Missing ' . var_export($attribute, TRUE) . ' in the attributes of the user.');
return NULL;
}
return $attributes[$attribute][0];
}
/**
* Generate a unique targeted identifier
*
* @param string $userid The user id
* @param string $source The source id
* @param string $destination The destination id
*
* @return string SHA1 of the user id, source id, destination id and salt
*/
public static function getTargetedID($userid, $source, $destination)
{
return hash('sha1', $userid . '|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $source . '|' . $destination);
}
/**
* Calculate a signature of some data.
*
* This function calculates a signature of the data.
*
* @param string $data The data which should be signed.
*
* @return string The signed data.
*/
private static function _sign($data)
{
assert('is_string($data)');
$secretSalt = SimpleSAML_Utilities::getSecretSalt();
return sha1($secretSalt . $data . $secretSalt) . ':' . $data;
}
<?php
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
$ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php');
$ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php');
$debug = $ldapconfig->getValue('ldapDebug', FALSE);
$orgs = $ldapconfig->getValue('organizations');
$locationTemplate = $ldapconfig->getValue('locationTemplate');
if (array_key_exists('orgtest', $_REQUEST)) {
$orgtest = $_REQUEST['orgtest'];
if (!array_key_exists($orgtest, $orgs)) {
throw new SimpleSAML_Error_NotFound('The organization ' . var_export($orgtest, TRUE) . ' could not be found.');
}
$orgConfig = SimpleSAML_Configuration::loadFromArray($orgs[$orgtest], 'org:[' . $orgtest . ']');
$secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $_REQUEST['orgtest']);
$secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('orgtest' => $_REQUEST['orgtest'], 'key' => $secretKey));
} else {
$orgtest = NULL;
$orgConfig = NULL;
$secretKey = NULL;
$secretURL = NULL;
}
$authsource = $ldapconfig->getString('ldapstatusAuth', NULL);
if ($session->isValid($authsource)) {
$attributes = $session->getAttributes();
} else {
$attributes = array();
}
$useridattr = $ldapconfig->getString('useridattr', 'eduPersonPrincipalName');
if (isset($attributes[$useridattr][0])) {
}
if (!array_key_exists('token', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing authToken.');
}
$token = $_REQUEST['token'];
if ($token !== $authTokenContactsSP) {
throw new SimpleSAML_Error_Exception('Invalid AuthToken');
}
$ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php');
$ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php');
$debug = $ldapconfig->getValue('ldapDebug', FALSE);
$orgs = $ldapconfig->getValue('organizations');
$locationTemplate = $ldapconfig->getValue('locationTemplate');
$isAdmin = FALSE;
$secretURL = NULL;
$ignore = '';
if (array_key_exists('ignore', $_REQUEST)) {
$ignore = '&ignore=' . $_REQUEST['ignore'];
}
$secretKey = sha1('ldapstatus|' . SimpleSAML_Utilities::getSecretSalt() . '|hobbit');
$secretURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('key' => $secretKey));
function generateSecret($salt, $orgtest)
{
$secretKey = sha1('ldapstatus|' . $salt . '|' . $orgtest);
return $secretKey;
}
header('Content-Type: text/plain');
foreach ($orgs as $orgkey => $org) {
$url = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLhost() . SimpleSAML_Utilities::getFirstPathElement() . '/module.php/ldapstatus/', array('orgtest' => $orgkey, 'output' => 'text', 'key' => generateSecret(SimpleSAML_Utilities::getSecretSalt(), $orgkey)));
echo "0.0.0.0 " . $orgkey . " # noconn feidesjekk:" . $url . $ignore . ";OOOKKK\n";
}
/**
* Apply filter to add the targeted ID.
*
* @param array &$state The current state.
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Attributes", $state)');
if ($this->attribute === NULL) {
if (!array_key_exists('UserID', $state)) {
throw new Exception('core:TargetedID: Missing UserID for this user. Please' . ' check the \'userid.attribute\' option in the metadata against the' . ' attributes provided by the authentication source.');
}
$userID = $state['UserID'];
} else {
if (!array_key_exists($this->attribute, $state['Attributes'])) {
throw new Exception('core:TargetedID: Missing attribute \'' . $this->attribute . '\', which is needed to generate the targeted ID.');
}
$userID = $state['Attributes'][$this->attribute][0];
}
$secretSalt = SimpleSAML_Utilities::getSecretSalt();
if (array_key_exists('Source', $state)) {
$srcID = self::getEntityId($state['Source']);
} else {
$srcID = '';
}
if (array_key_exists('Destination', $state)) {
$dstID = self::getEntityId($state['Destination']);
} else {
$dstID = '';
}
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($srcID) . ':' . $srcID;
$uidData .= strlen($dstID) . ':' . $dstID;
$uidData .= strlen($userID) . ':' . $userID;
$uidData .= $secretSalt;
$uid = hash('sha1', $uidData);
if ($this->generateNameId) {
/* Convert the targeted ID to a SAML 2.0 name identifier element. */
$nameId = array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'Value' => $uid);
if (isset($state['Source']['entityid'])) {
$nameId['NameQualifier'] = $state['Source']['entityid'];
}
if (isset($state['Destination']['entityid'])) {
$nameId['SPNameQualifier'] = $state['Destination']['entityid'];
}
$doc = new DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);
SAML2_Utils::addNameId($root, $nameId);
$uid = $doc->saveXML($root->firstChild);
}
$state['Attributes']['eduPersonTargetedID'] = array($uid);
}
