public function getMetadata() { $idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php'; $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleSignOnService.php', 'SingleLogoutService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleLogoutService.php', 'certificate' => 'server.crt'); $metaArrayConfig = SimpleSAML_Configuration::loadFromArray($metaArray); $certInfo = SimpleSAML_Utilities::loadPublicKey($metaArrayConfig, TRUE); $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addMetadataIdP20($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $metaBuilder->addContact('technical', array('emailAddress' => $this->config->getString('technicalcontact_email', NULL), 'name' => $this->config->getString('technicalcontact_name', NULL))); $metaxml = $metaBuilder->getEntityDescriptorText(); return $metaxml; }
/** * Show the error to the user. * * This function does not return. */ public function show() { header('HTTP/1.0 500 Internal Server Error'); $errorData = $this->saveError(); $session = SimpleSAML_Session::getInstance(); $attributes = $session->getAttributes(); if (isset($attributes['mail'][0])) { $email = $attributes['mail'][0]; } else { $email = ''; } $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'core:no_state.tpl.php'); /* Enable error reporting if we have a valid technical contact email. */ if ($globalConfig->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') { /* Enable error reporting. */ $baseurl = SimpleSAML_Utilities::getBaseURL(); $t->data['errorReportAddress'] = $baseurl . 'errorreport.php'; $t->data['reportId'] = $errorData['reportId']; $t->data['email'] = $email; } $t->show(); exit; }
throw new SimpleSAML_Error_Error('METADATA', $exception); } /* * If no IdP can be resolved, send the user to the SAML 2.0 Discovery Service */ if ($idpentityid === NULL) { SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco'); /* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration. * Falling back to builtin discovery service. */ if (array_key_exists('idpdisco.url', $spmetadata)) { $discourl = $spmetadata['idpdisco.url']; } elseif ($config->getString('idpdisco.url.saml20', NULL) !== NULL) { $discourl = $config->getString('idpdisco.url.saml20'); } else { $discourl = SimpleSAML_Utilities::getBaseURL() . 'saml2/sp/idpdisco.php'; } $extDiscoveryStorage = $config->getString('idpdisco.extDiscoveryStorage', NULL); if ($extDiscoveryStorage !== NULL) { SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true')); } $discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'); $discoparameters['isPassive'] = $isPassive; if (sizeof($reachableIDPs) > 0) { $discoparameters['IDPList'] = $reachableIDPs; } SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters); } /* * Create and send authentication request to the IdP. */
if ($config->getBoolean('admin.protectindexpage', false)) { SimpleSAML_Utilities::requireAdmin(); } $loginurl = SimpleSAML_Utilities::getAdminLoginURL(); $isadmin = SimpleSAML_Utilities::isAdmin(); $links = array(); $links_welcome = array(); $links_config = array(); $links_auth = array(); $links_federation = array(); $links_auth[] = array('href' => 'authenticate.php', 'text' => '{core:frontpage:authtest}'); if ($config->getValue('enable.saml20-sp') === true) { $links_auth[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'example-simple/saml2-example.php', 'text' => '{core:frontpage:link_saml2example}', 'deprecated' => TRUE); } if ($config->getValue('enable.shib13-sp') === true) { $links_auth[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'example-simple/shib13-example.php', 'text' => '{core:frontpage:link_shib13example}', 'deprecated' => TRUE); } $allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation); SimpleSAML_Module::callHooks('frontpage', $allLinks); $t = new SimpleSAML_XHTML_Template($config, 'core:frontpage_auth.tpl.php'); $t->data['pageid'] = 'frontpage_auth'; $t->data['isadmin'] = $isadmin; $t->data['loginurl'] = $loginurl; $t->data['header'] = 'simpleSAMLphp installation page'; $t->data['icon'] = 'compass_l.png'; $t->data['links'] = $links; $t->data['links_welcome'] = $links_welcome; $t->data['links_config'] = $links_config; $t->data['links_auth'] = $links_auth; $t->data['links_federation'] = $links_federation; $t->show();
<?php require_once '../_include.php'; /* Load simpleSAMLphp, configuration */ $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); /* Check if valid local session exists.. */ SimpleSAML_Utilities::requireAdmin(); $attributes = array(); $attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']); $attributes['HTTPS'] = array($_SERVER['HTTPS']); $attributes['SERVER_PROTOCOL'] = array($_SERVER['SERVER_PROTOCOL']); $attributes['SERVER_PORT'] = array($_SERVER['SERVER_PORT']); $attributes['Utilities_getBaseURL()'] = array(SimpleSAML_Utilities::getBaseURL()); $attributes['Utilities_getSelfHost()'] = array(SimpleSAML_Utilities::getSelfHost()); $attributes['Utilities_selfURLhost()'] = array(SimpleSAML_Utilities::selfURLhost()); $attributes['Utilities_selfURLNoQuery()'] = array(SimpleSAML_Utilities::selfURLNoQuery()); $attributes['Utilities_getSelfHostWithPath()'] = array(SimpleSAML_Utilities::getSelfHostWithPath()); $attributes['Utilities_getFirstPathElement()'] = array(SimpleSAML_Utilities::getFirstPathElement()); $attributes['Utilities_selfURL()'] = array(SimpleSAML_Utilities::selfURL()); $et = new SimpleSAML_XHTML_Template($config, 'status.php'); $et->data['header'] = '{status:header_diagnostics}'; $et->data['remaining'] = 'na'; $et->data['attributes'] = $attributes; $et->data['valid'] = 'na'; $et->data['logout'] = null; $et->show();
/** * Resolve a (possibly) relative URL relative to a given base URL. * * This function supports these forms of relative URLs: * ^\w+: Absolute URL * ^// Same protocol. * ^/ Same protocol and host. * ^? Same protocol, host and path, replace query string & fragment * ^# Same protocol, host, path and query, replace fragment * The rest: Relative to the base path. * * @param $url The relative URL. * @param $base The base URL. Defaults to the base URL of this installation of simpleSAMLphp. * @return An absolute URL for the given relative URL. */ public static function resolveURL($url, $base = NULL) { if ($base === NULL) { $base = SimpleSAML_Utilities::getBaseURL(); } if (!preg_match('$^((((\\w+:)//[^/]+)(/[^?#]*))(?:\\?[^#]*)?)(?:#.*)?$', $base, $baseParsed)) { throw new Exception('Unable to parse base url: ' . $base); } $baseDir = dirname($baseParsed[5] . 'filename'); $baseScheme = $baseParsed[4]; $baseHost = $baseParsed[3]; $basePath = $baseParsed[2]; $baseQuery = $baseParsed[1]; if (preg_match('$^\\w+:$', $url)) { return $url; } if (substr($url, 0, 2) === '//') { return $baseScheme . $url; } $firstChar = substr($url, 0, 1); if ($firstChar === '/') { return $baseHost . $url; } if ($firstChar === '?') { return $basePath . $url; } if ($firstChar === '#') { return $baseQuery . $url; } /* We have a relative path. Remove query string/fragment and save it as $tail. */ $queryPos = strpos($url, '?'); $fragmentPos = strpos($url, '#'); if ($queryPos !== FALSE || $fragmentPos !== FALSE) { if ($queryPos === FALSE) { $tailPos = $fragmentPos; } elseif ($fragmentPos === FALSE) { $tailPos = $queryPos; } elseif ($queryPos < $fragmentPos) { $tailPos = $queryPos; } else { $tailPos = $fragmentPos; } $tail = substr($url, $tailPos); $dir = substr($url, 0, $tailPos); } else { $dir = $url; $tail = ''; } $dir = self::resolvePath($dir, $baseDir); return $baseHost . $dir . $tail; }
<?php $session = SimpleSAML_Session::getInstance(); SimpleSAML_Logger::debug('IdP Endpoint accessed....'); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $samlredir = new SAML2_HTTPRedirect(); $request = $samlredir->receive(); $entityid = $request->getIssuer(); error_log('Entity ID was [' . $entityid . ']'); $idpm = new sspmod_fedlab_IdPMetadata($config); $spm = new sspmod_fedlab_SPMetadata($entityid, TRUE); #$spm->debug(); $idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php'; $idpmetadata = array('entityid' => $idpentityid, 'certificate' => 'server.crt', 'privatekey' => 'server.pem'); $test = new sspmod_fedlab_BasicSPTest($idpmetadata, $spm->parsed, $entity, $initurl, $initslo, $attributeurl); $crawler = new sspmod_fedlab_SAMLCrawler(); $requestRaw = sspmod_fedlab_SAMLCrawler::getHTTPRedirectMessage(); echo '<h2>Request</h2>' . "\n"; echo '<textarea style="width: 90%; height: 300px">'; echo htmlspecialchars(SimpleSAML_Utilities::formatXMLString($requestRaw)); echo '</textarea>'; # print_r($request); $relaystate = NULL; if (isset($_REQUEST['RelayState'])) { $relaystate = $_REQUEST['RelayState']; } # createResponse($testrun, $request, $relayState = NULL) { $samlResponse = $test->createResponseP('idp', $request, $relaystate); echo '<h2>Prepared Response</h2>' . "\n"; echo '<textarea style="width: 90%; height: 300px">';
$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE); $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => $hasNewCert ? FALSE : TRUE, 'X509Certificate' => $certInfo['certData']); if ($idpmeta->hasValue('https.certificate')) { $httpsCert = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE, 'https.'); assert('isset($httpsCert["certData"])'); $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => FALSE, 'X509Certificate' => $httpsCert['certData']); } $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'), 'SingleLogoutService' => $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')); if (count($keys) === 1) { $metaArray['certData'] = $keys[0]['X509Certificate']; } else { $metaArray['keys'] = $keys; } if ($idpmeta->getBoolean('saml20.sendartifact', FALSE)) { /* Artifact sending enabled. */ $metaArray['ArtifactResolutionService'][] = array('index' => 0, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/ArtifactResolutionService.php', 'Binding' => SAML2_Const::BINDING_SOAP); } $metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'); if ($idpmeta->hasValue('OrganizationName')) { $metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName'); $metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']); if (!$idpmeta->hasValue('OrganizationURL')) { throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.'); } $metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL'); } if ($idpmeta->hasValue('scope')) { $metaArray['scope'] = $idpmeta->getArray('scope'); } $metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';'; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
$availableCerts['https.crt'] = $httpsCert; $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => FALSE, 'X509Certificate' => $httpsCert['certData']); } $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => array(0 => array('Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, 'Location' => $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'))), 'SingleLogoutService' => $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')); if (count($keys) === 1) { $metaArray['certData'] = $keys[0]['X509Certificate']; } else { $metaArray['keys'] = $keys; } if ($idpmeta->getBoolean('saml20.sendartifact', FALSE)) { /* Artifact sending enabled. */ $metaArray['ArtifactResolutionService'][] = array('index' => 0, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/ArtifactResolutionService.php', 'Binding' => SAML2_Const::BINDING_SOAP); } if ($idpmeta->getBoolean('saml20.hok.assertion', FALSE)) { /* Prepend HoK SSO Service endpoint. */ array_unshift($metaArray['SingleSignOnService'], array('hoksso:ProtocolBinding' => SAML2_Const::BINDING_HTTP_REDIRECT, 'Binding' => SAML2_Const::BINDING_HOK_SSO, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/SSOService.php')); } $metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'); if ($idpmeta->hasValue('OrganizationName')) { $metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName'); $metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']); if (!$idpmeta->hasValue('OrganizationURL')) { throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.'); } $metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL'); } if ($idpmeta->hasValue('scope')) { $metaArray['scope'] = $idpmeta->getArray('scope'); } if ($idpmeta->hasValue('EntityAttributes')) { $metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes');
if (count($keys) === 1) { $metaArray['certData'] = $keys[0]['X509Certificate']; } else { $metaArray['keys'] = $keys; } if ($idpmeta->getBoolean('saml20.sendartifact', false)) { // Artifact sending enabled $metaArray['ArtifactResolutionService'][] = array('index' => 0, 'Location' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'saml2/idp/ArtifactResolutionService.php', 'Binding' => SAML2_Const::BINDING_SOAP); } if ($idpmeta->getBoolean('saml20.hok.assertion', false)) { // Prepend HoK SSO Service endpoint. array_unshift($metaArray['SingleSignOnService'], array('hoksso:ProtocolBinding' => SAML2_Const::BINDING_HTTP_REDIRECT, 'Binding' => SAML2_Const::BINDING_HOK_SSO, 'Location' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'saml2/idp/SSOService.php')); } if ($idpmeta->getBoolean('saml20.ecp', FALSE)) { /* ECP enabled. */ $metaArray['SingleSignOnService'][] = array('index' => 0, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/SSOService.php', 'Binding' => SAML2_Const::BINDING_SOAP); } $metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'); if ($idpmeta->hasValue('OrganizationName')) { $metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName'); $metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']); if (!$idpmeta->hasValue('OrganizationURL')) { throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.'); } $metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL'); } if ($idpmeta->hasValue('scope')) { $metaArray['scope'] = $idpmeta->getArray('scope'); } if ($idpmeta->hasValue('EntityAttributes')) { $metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes');
$session = SimpleSAML_Session::getSessionFromRequest(); /* Check if valid local session exists.. */ if ($config->getBoolean('admin.protectindexpage', false)) { SimpleSAML_Utilities::requireAdmin(); } $loginurl = SimpleSAML_Utilities::getAdminLoginURL(); $isadmin = SimpleSAML_Utilities::isAdmin(); $links = array(); $links_welcome = array(); $links_config = array(); $links_auth = array(); $links_federation = array(); if ($config->getBoolean('idpdisco.enableremember', FALSE)) { $links_federation[] = array('href' => 'cleardiscochoices.php', 'text' => '{core:frontpage:link_cleardiscochoices}'); } $links_federation[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/metadata-converter.php', 'text' => '{core:frontpage:link_xmlconvert}'); $allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation); SimpleSAML_Module::callHooks('frontpage', $allLinks); $metadataHosted = array(); SimpleSAML_Module::callHooks('metadata_hosted', $metadataHosted); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $metaentries = array('hosted' => $metadataHosted, 'remote' => array()); if ($isadmin) { $metaentries['remote']['saml20-idp-remote'] = $metadata->getList('saml20-idp-remote'); $metaentries['remote']['shib13-idp-remote'] = $metadata->getList('shib13-idp-remote'); } if ($config->getBoolean('enable.saml20-sp', TRUE) === true) { try { $metaentries['hosted']['saml20-sp'] = $metadata->getMetaDataCurrent('saml20-sp-hosted'); $metaentries['hosted']['saml20-sp']['deprecated'] = TRUE; $metaentries['hosted']['saml20-sp']['metadata-url'] = '/' . $config->getBaseURL() . 'saml2/sp/metadata.php?output=xhtml';
<?php $config = SimpleSAML_Configuration::getInstance(); #$statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php'); $session = SimpleSAML_Session::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab'; $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleSignOnService.php', 'SingleLogoutService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleLogoutService.php', 'certificate' => 'server.crt'); $metaArrayConfig = SimpleSAML_Configuration::loadFromArray($metaArray); $certInfo = SimpleSAML_Utilities::loadPublicKey($metaArrayConfig, TRUE); $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addMetadataIdP20($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $metaBuilder->addContact('technical', array('emailAddress' => $config->getString('technicalcontact_email', NULL), 'name' => $config->getString('technicalcontact_name', NULL))); $metaxml = $metaBuilder->getEntityDescriptorText(); if (isset($_REQUEST['xmlmetadata'])) { $session->setData('fedlab', 'xmlmetadata', $_REQUEST['xmlmetadata']); } if (isset($_REQUEST['initurl'])) { $session->setData('fedlab', 'initurl', $_REQUEST['initurl']); } if (isset($_REQUEST['initslo'])) { $session->setData('fedlab', 'initslo', $_REQUEST['initslo']); } $xmldata = $session->getData('fedlab', 'xmlmetadata'); $initurl = $session->getData('fedlab', 'initurl'); $initslo = $session->getData('fedlab', 'initslo'); if (isset($_REQUEST['output']) && $_REQUEST['output'] == 'xml') { header('Content-type: text/xml'); echo $metaxml; exit;
$availableCerts['new_aa.crt'] = $certInfo; $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => true, 'X509Certificate' => $certInfo['certData']); $hasNewCert = true; } else { $hasNewCert = false; } $certInfo = SimpleSAML_Utilities::loadPublicKey($aameta, true); $availableCerts['aa.crt'] = $certInfo; $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => $hasNewCert ? false : true, 'X509Certificate' => $certInfo['certData']); if ($aameta->hasValue('https.certificate')) { $httpsCert = SimpleSAML_Utilities::loadPublicKey($aameta, true, 'https.'); assert('isset($httpsCert["certData"])'); $availableCerts['https.crt'] = $httpsCert; $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => false, 'X509Certificate' => $httpsCert['certData']); } $metaArray = array('metadata-set' => 'attributeauthority-hosted', 'entityid' => $aaentityid, 'protocols' => array(SAML2_Const::NS_SAMLP), 'AttributeService' => array(0 => array('Binding' => SAML2_Const::BINDING_SOAP, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'module.php/aa/attributeserver.php'))); if (count($keys) === 1) { $metaArray['certData'] = $keys[0]['X509Certificate']; } else { $metaArray['keys'] = $keys; } $metaArray['NameIDFormat'] = array(SAML2_Const::NAMEID_PERSISTENT, SAML2_Const::NAMEID_TRANSIENT); if ($aameta->hasValue('OrganizationName')) { $metaArray['OrganizationName'] = $aameta->getLocalizedString('OrganizationName'); $metaArray['OrganizationDisplayName'] = $aameta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']); if (!$aameta->hasValue('OrganizationURL')) { throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.'); } $metaArray['OrganizationURL'] = $aameta->getLocalizedString('OrganizationURL'); } if ($aameta->hasValue('scope')) {
private function generateDynamicHostedEntityID($set) { /* Get the configuration. */ $baseurl = SimpleSAML_Utilities::getBaseURL(); if ($set === 'saml20-idp-hosted') { return $baseurl . 'saml2/idp/metadata.php'; } elseif ($set === 'saml20-sp-hosted') { return $baseurl . 'saml2/sp/metadata.php'; } elseif ($set === 'shib13-idp-hosted') { return $baseurl . 'shib13/idp/metadata.php'; } elseif ($set === 'shib13-sp-hosted') { return $baseurl . 'shib13/sp/metadata.php'; } elseif ($set === 'wsfed-sp-hosted') { return 'urn:federation:' . SimpleSAML_Utilities::getSelfHost(); } elseif ($set === 'adfs-idp-hosted') { return 'urn:federation:' . SimpleSAML_Utilities::getSelfHost() . ':idp'; } else { throw new Exception('Can not generate dynamic EntityID for metadata of this type: [' . $set . ']'); } }
/** * Display this error. * * This method displays a standard simpleSAMLphp error page and exits. */ public function show() { $this->setHTTPCode(); /* Log the error message. */ $this->logError(); $errorData = $this->saveError(); $config = SimpleSAML_Configuration::getInstance(); $data['showerrors'] = $config->getBoolean('showerrors', true); $data['error'] = $errorData; $data['errorCode'] = $this->errorCode; $data['parameters'] = $this->parameters; $data['module'] = $this->module; $data['dictTitle'] = $this->dictTitle; $data['dictDescr'] = $this->dictDescr; $data['includeTemplate'] = $this->includeTemplate; /* Check if there is a valid technical contact email address. */ if ($config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') { /* Enable error reporting. */ $baseurl = SimpleSAML_Utilities::getBaseURL(); $data['errorReportAddress'] = $baseurl . 'errorreport.php'; } $session = SimpleSAML_Session::getInstance(); $attributes = $session->getAttributes(); if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) { $data['email'] = $attributes['mail'][0]; } else { $data['email'] = ''; } $show_function = $config->getArray('errors.show_function', NULL); if (isset($show_function)) { assert('is_callable($show_function)'); call_user_func($show_function, $config, $data); assert('FALSE'); } else { $t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors'); $t->data = array_merge($t->data, $data); $t->show(); } exit; }
/** * Get absolute URL to a specified module resource. * * This function creates an absolute URL to a resource stored under ".../modules/<module>/www/". * * @param string $resource Resource path, on the form "<module name>/<resource>" * @param array $parameters Extra parameters which should be added to the URL. Optional. * @return string The absolute URL to the given resource. */ public static function getModuleURL($resource, array $parameters = array()) { assert('is_string($resource)'); assert('$resource[0] !== "/"'); $url = SimpleSAML_Utilities::getBaseURL() . 'module.php/' . $resource; if (!empty($parameters)) { $url = SimpleSAML_Utilities::addURLparameter($url, $parameters); } return $url; }
public static function sendLogoutResponse(SimpleSAML_IdP $idp, array $state) { // NB:: we don't know from which SP the logout request came from $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); SimpleSAML_Utilities::redirect($idpMetadata->getValue('redirect-after-logout', SimpleSAML_Utilities::getBaseURL())); }
if ($config->getValue('secretsalt') === 'defaultsecretsalt') { $warnings[] = '{core:frontpage:warnings_secretsalt}'; } if (extension_loaded('suhosin')) { $suhosinLength = ini_get('suhosin.get.max_value_length'); if (empty($suhosinLength) || (int) $suhosinLength < 2048) { $warnings[] = '{core:frontpage:warnings_suhosin_url_length}'; } } $links = array(); $links_welcome = array(); $links_config = array(); $links_auth = array(); $links_federation = array(); $links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'example-simple/hostnames.php?dummy=1', 'text' => '{core:frontpage:link_diagnostics}'); $links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/phpinfo.php', 'text' => '{core:frontpage:link_phpinfo}'); $allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation); SimpleSAML_Module::callHooks('frontpage', $allLinks); $enablematrix = array('saml20-idp' => $config->getBoolean('enable.saml20-idp', false), 'shib13-idp' => $config->getBoolean('enable.shib13-idp', false)); $functionchecks = array('hash' => array('required', 'Hashing function'), 'gzinflate' => array('required', 'ZLib'), 'openssl_sign' => array('required', 'OpenSSL'), 'simplexml_import_dom' => array('required', 'SimpleXML'), 'dom_import_simplexml' => array('required', 'XML DOM'), 'preg_match' => array('required', 'RegEx support'), 'mcrypt_module_open' => array('required', 'MCrypt'), 'mysql_connect' => array('optional', 'MySQL support')); if (SimpleSAML_Module::isModuleEnabled('ldap')) { $functionchecks['ldap_bind'] = array('required_ldap', 'LDAP Extension'); } if (SimpleSAML_Module::isModuleEnabled('radius')) { $functionchecks['radius_auth_open'] = array('required_radius', 'Radius Extension'); } $funcmatrix = array(); $funcmatrix[] = array('required' => 'required', 'descr' => 'PHP Version >= 5.2. You run: ' . phpversion(), 'enabled' => version_compare(phpversion(), '5.2', '>=')); foreach ($functionchecks as $func => $descr) { $funcmatrix[] = array('descr' => $descr[1], 'required' => $descr[0], 'enabled' => function_exists($func)); }
/** * Display this error. * * This method displays a standard simpleSAMLphp error page and exits. */ public function show() { $this->setHTTPCode(); /* Log the error message. */ $this->logError(); $errorData = $this->saveError(); $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors'); $t->data['showerrors'] = $config->getBoolean('showerrors', true); $t->data['error'] = $errorData; $t->data['errorCode'] = $this->errorCode; $t->data['parameters'] = $this->parameters; /* Check if there is a valid technical contact email address. */ if ($config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') { /* Enable error reporting. */ $baseurl = SimpleSAML_Utilities::getBaseURL(); $t->data['errorReportAddress'] = $baseurl . 'errorreport.php'; } $session = SimpleSAML_Session::getInstance(); $attributes = $session->getAttributes(); if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) { $email = $attributes['mail'][0]; } else { $email = ''; } $t->data['email'] = $email; $t->show(); exit; }