private function generateDynamicHostedEntityID($set)
{
/* Get the configuration. */
$config = SimpleSAML_Configuration::getInstance();
$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
if ($set === 'saml20-idp-hosted') {
return $baseurl . 'saml2/idp/metadata.php';
} elseif ($set === 'saml20-sp-hosted') {
return $baseurl . 'saml2/sp/metadata.php';
} elseif ($set === 'shib13-idp-hosted') {
return $baseurl . 'shib13/idp/metadata.php';
} elseif ($set === 'shib13-sp-hosted') {
return $baseurl . 'shib13/sp/metadata.php';
} elseif ($set === 'wsfed-sp-hosted') {
return 'urn:federation:' . SimpleSAML_Utilities::getSelfHost();
} else {
throw new Exception('Can not generate dynamic EntityID for metadata of this type: [' . $set . ']');
}
}
private function lookupIndexFromEntityId($entityId, $set)
{
assert('is_string($entityId)');
assert('isset($set)');
$metadataSet = $this->getMetadataSet($set);
/* Check for hostname. */
$currenthost = SimpleSAML_Utilities::getSelfHost();
// sp.example.org
if (strpos($currenthost, ":") !== FALSE) {
$currenthostdecomposed = explode(":", $currenthost);
$currenthost = $currenthostdecomposed[0];
}
foreach ($metadataSet as $index => $entry) {
if ($index === $entityId) {
return $index;
}
if ($entry['entityid'] === $entityId) {
if ($entry['host'] === '__DEFAULT__' || $entry['host'] === $currenthost) {
return $index;
}
}
}
return NULL;
}
/**
* This function requests a url with a GET request.
*
* @param $curl The curl handle which should be used.
* @param $url The url which should be requested.
* @param $parameters Associative array with parameters which should be appended to the url.
* @return The content of the returned page.
*/
function getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10)
{
if (empty($url)) {
throw new Exception('Trying to crawl an empty URL');
}
if ($maxredirs < 0) {
throw new Exception('Max redirection reached...');
}
$p = '';
foreach ($parameters as $k => $v) {
if ($p != '') {
$p .= '&';
}
$p .= urlencode($k) . '=' . urlencode($v);
}
switch ($type) {
case 'post':
curl_setopt($this->curl, CURLOPT_POSTFIELDS, $p);
curl_setopt($this->curl, CURLOPT_POST, TRUE);
break;
case 'get':
default:
if (!empty($parameters)) {
if (strpos($url, '?') === FALSE) {
$url .= '?' . $p;
} else {
$url .= '&' . $p;
}
}
curl_setopt($this->curl, CURLOPT_HTTPGET, TRUE);
}
curl_setopt($this->curl, CURLOPT_URL, $url);
$this->log('Contacting URL [' . $url . ']');
$response = curl_exec($this->curl);
if ($response === FALSE) {
#echo('Failed to get url: ' . $url . "\n");
#echo('Curl error: ' . curl_error($curl) . "\n");
return FALSE;
}
$header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE);
$result['header'] = substr($response, 0, $header_size);
$result['body'] = substr($response, $header_size);
$result['http_code'] = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);
$result['last_url'] = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL);
$result['headerout'] = curl_getinfo($this->curl, CURLINFO_HEADER_OUT);
// $this->log('header out :' . $result['headerout']);
$info = curl_getinfo($this->curl);
$headers = self::parseHeaders($result['header']);
// error_log('headers: ' . var_export($headers, TRUE));
// error_log('headers raw: ' . var_export($result['header'], TRUE));
// error_log('info: ' . var_export($info, TRUE));
if (isset($headers['location'])) {
$nexturl = $headers['location'];
$this->log('Location header found [' . $nexturl . ']');
if (substr($nexturl, 0, 1) == '/') {
if (preg_match('|(http(s)?://.*?)/|', $info['url'], $matches)) {
$nexturl = $matches[1] . $nexturl;
$this->log('Constructed new URL [' . $nexturl . ']');
}
}
# $url = $info['url'];
$urlp = parse_url($nexturl);
# echo '<p>Next url [' . $nexturl . ']';
// If next step is server; then look for AuthnRequest...
#error_log('Location header query part: ' . $urlp['query']);
$this->log('Next URL host is [' . (string) $urlp['host'] . '] comparing with my host [' . (string) SimpleSAML_Utilities::getSelfHost() . ']');
if (strcmp((string) $urlp['host'], (string) SimpleSAML_Utilities::getSelfHost()) == 0) {
#echo "FOUND REQUEST";
#print_r($urlp['query']);
$_SERVER['QUERY_STRING'] = $urlp['query'];
$samlredir = new SAML2_HTTPRedirect();
if (strstr($urlp['query'], 'SAMLRequest=') || strstr($urlp['query'], 'SAMLResponse=')) {
$result['RequestRaw'] = self::getHTTPRedirectMessage();
$result['Request'] = $samlredir->receive();
# $params = parse_str($urlp['query']);
$result['RelayState'] = $result['Request']->getRelayState();
# $this->log('Parameters: ' . var_export($params, TRUE));
# if (isset($params['RelayState'])) $result['RelayState'] = $params['RelayState'];
}
return $result;
}
// Follow redirects
return $this->getURLraw($nexturl, $parameters, $type, $maxredirs - 1);
}
return $result;
}
<?php
require_once '../_include.php';
/* Load simpleSAMLphp, configuration */
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
/* Check if valid local session exists.. */
SimpleSAML_Utilities::requireAdmin();
$attributes = array();
$attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']);
$attributes['HTTPS'] = array($_SERVER['HTTPS']);
$attributes['SERVER_PROTOCOL'] = array($_SERVER['SERVER_PROTOCOL']);
$attributes['SERVER_PORT'] = array($_SERVER['SERVER_PORT']);
$attributes['Utilities_getBaseURL()'] = array(SimpleSAML_Utilities::getBaseURL());
$attributes['Utilities_getSelfHost()'] = array(SimpleSAML_Utilities::getSelfHost());
$attributes['Utilities_selfURLhost()'] = array(SimpleSAML_Utilities::selfURLhost());
$attributes['Utilities_selfURLNoQuery()'] = array(SimpleSAML_Utilities::selfURLNoQuery());
$attributes['Utilities_getSelfHostWithPath()'] = array(SimpleSAML_Utilities::getSelfHostWithPath());
$attributes['Utilities_getFirstPathElement()'] = array(SimpleSAML_Utilities::getFirstPathElement());
$attributes['Utilities_selfURL()'] = array(SimpleSAML_Utilities::selfURL());
$et = new SimpleSAML_XHTML_Template($config, 'status.php');
$et->data['header'] = '{status:header_diagnostics}';
$et->data['remaining'] = 'na';
$et->data['attributes'] = $attributes;
$et->data['valid'] = 'na';
$et->data['logout'] = null;
$et->show();
/**
* Load the given configuration file.
*
* @param string $filename The full path of the configuration file.
* @param bool @required Whether the file is required.
* @return SimpleSAML_Configuration The configuration file. An exception will be thrown if the
* configuration file is missing.
*/
private static function loadFromFile($filename, $required)
{
assert('is_string($filename)');
assert('is_bool($required)');
if (array_key_exists($filename, self::$loadedConfigs)) {
return self::$loadedConfigs[$filename];
}
if (file_exists($filename)) {
$config = 'UNINITIALIZED';
/* The file initializes a variable named '$config'. */
require $filename;
/* Check that $config is initialized to an array. */
if (!is_array($config)) {
throw new Exception('Invalid configuration file: ' . $filename);
}
} elseif ($required) {
/* File does not exist, but is required. */
throw new Exception('Missing configuration file: ' . $filename);
} else {
/* File does not exist, but is optional. */
$config = array();
}
if (array_key_exists('override.host', $config)) {
$host = SimpleSAML_Utilities::getSelfHost();
if (array_key_exists($host, $config['override.host'])) {
$ofs = $config['override.host'][$host];
foreach (SimpleSAML_Utilities::arrayize($ofs) as $of) {
$overrideFile = dirname($filename) . '/' . $of;
if (!file_exists($overrideFile)) {
throw new Exception('Config file [' . $filename . '] requests override for host ' . $host . ' but file does not exists [' . $of . ']');
}
require $overrideFile;
}
}
}
$cfg = new SimpleSAML_Configuration($config, $filename);
$cfg->filename = $filename;
self::$loadedConfigs[$filename] = $cfg;
return $cfg;
}
/**
* This function locates the current entity id based on the hostname/path combination the user accessed.
* It will throw an exception if it is unable to locate the entity id.
*
* @param $set The set we look for the entity id in.
* @param $type Do you want to return the metaindex or the entityID. [entityid|metaindex]
* @return The entity id which is associated with the current hostname/path combination.
*/
public function getMetaDataCurrentEntityID($set = 'saml20-sp-hosted', $type = 'entityid')
{
assert('is_string($set)');
/* First we look for the hostname/path combination. */
$currenthostwithpath = SimpleSAML_Utilities::getSelfHostWithPath();
// sp.example.org/university
foreach ($this->sources as $source) {
$index = $source->getEntityIdFromHostPath($currenthostwithpath, $set, $type);
if ($index !== NULL) {
return $index;
}
}
/* Then we look for the hostname. */
$currenthost = SimpleSAML_Utilities::getSelfHost();
// sp.example.org
if (strpos($currenthost, ":") !== FALSE) {
$currenthostdecomposed = explode(":", $currenthost);
$currenthost = $currenthostdecomposed[0];
}
foreach ($this->sources as $source) {
$index = $source->getEntityIdFromHostPath($currenthost, $set, $type);
if ($index !== NULL) {
return $index;
}
}
/* Then we look for the DEFAULT entry. */
foreach ($this->sources as $source) {
$entityId = $source->getEntityIdFromHostPath('__DEFAULT__', $set, $type);
if ($entityId !== NULL) {
return $entityId;
}
}
/* We were unable to find the hostname/path in any metadata source. */
throw new Exception('Could not find any default metadata entities in set [' . $set . '] for host [' . $currenthost . ' : ' . $currenthostwithpath . ']');
}
/**
* This function requests a url with a GET request.
*
* @param $curl The curl handle which should be used.
* @param $url The url which should be requested.
* @param $parameters Associative array with parameters which should be appended to the url.
* @return The content of the returned page.
*/
function getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10, $cookies = NULL)
{
if (empty($url)) {
throw new Exception('Trying to crawl an empty URL');
}
if ($maxredirs < 0) {
throw new Exception('Max redirection reached...');
}
$p = '';
foreach ($parameters as $k => $v) {
if ($p != '') {
$p .= '&';
}
$p .= urlencode($k) . '=' . urlencode($v);
}
switch ($type) {
case 'post':
curl_setopt($this->curl, CURLOPT_POSTFIELDS, $p);
curl_setopt($this->curl, CURLOPT_POST, TRUE);
break;
case 'get':
default:
if (!empty($parameters)) {
if (strpos($url, '?') === FALSE) {
$url .= '?' . $p;
} else {
$url .= '&' . $p;
}
}
curl_setopt($this->curl, CURLOPT_HTTPGET, TRUE);
}
curl_setopt($this->curl, CURLOPT_URL, $url);
if (isset($cookies)) {
$cookieline = join('; ', $cookies);
curl_setopt($this->curl, CURLOPT_COOKIE, $cookieline);
$this->log('Set cookies in request to [' . $cookieline . ']');
}
$this->log('Contacting URL [' . $url . ']');
$response = curl_exec($this->curl);
if ($response === FALSE) {
#echo('Failed to get url: ' . $url . "\n");
#echo('Curl error: ' . curl_error($curl) . "\n");
$this->log('Error retrieving URL: ' . curl_error($this->curl));
return FALSE;
}
$header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE);
$result['header'] = substr($response, 0, $header_size);
$result['body'] = substr($response, $header_size);
$result['http_code'] = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);
$result['last_url'] = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL);
$result['headerout'] = curl_getinfo($this->curl, CURLINFO_HEADER_OUT);
$result['setCookies'] = $this->parseCookiesFromHeader($result['header']);
// $this->log('Header :' . $result['header']);
if (!empty($result['setCookies'])) {
$this->log('Cookies :' . var_export($result['setCookies'], TRUE));
}
$info = curl_getinfo($this->curl);
$headers = self::parseHeaders($result['header']);
// error_log('headers: ' . var_export($headers, TRUE));
// error_log('headers raw: ' . var_export($result['header'], TRUE));
// error_log('info: ' . var_export($info, TRUE));
if (isset($headers['location'])) {
$nexturl = $headers['location'];
$this->log('Location header found [' . $nexturl . ']');
if (substr($nexturl, 0, 1) == '/') {
if (preg_match('|(http(s)?://.*?)/|', $info['url'], $matches)) {
$nexturl = $matches[1] . $nexturl;
$this->log('Constructed new URL [' . $nexturl . ']');
}
}
# $url = $info['url'];
$urlp = parse_url($nexturl);
# echo '<p>Next url [' . $nexturl . ']';
// If next step is server; then look for AuthnRequest...
#error_log('Location header query part: ' . $urlp['query']);
$this->log('Next URL host is [' . (string) $urlp['host'] . '] comparing with my host [' . (string) SimpleSAML_Utilities::getSelfHost() . ']');
if (strcmp((string) $urlp['host'], (string) SimpleSAML_Utilities::getSelfHost()) == 0) {
#echo "FOUND REQUEST";
#print_r($urlp['query']);
$_SERVER['QUERY_STRING'] = $urlp['query'];
$samlredir = new SAML2_HTTPRedirect();
if (strstr($urlp['query'], 'SAMLRequest=') || strstr($urlp['query'], 'SAMLResponse=')) {
$result['RequestRaw'] = self::getHTTPRedirectMessage();
$result['Request'] = $samlredir->receive();
# $params = parse_str($urlp['query']);
$result['RelayState'] = $result['Request']->getRelayState();
# $this->log('Parameters: ' . var_export($params, TRUE));
# if (isset($params['RelayState'])) $result['RelayState'] = $params['RelayState'];
}
return $result;
}
// Follow redirects
return $this->getURLraw($nexturl, $parameters, $type, $maxredirs - 1, $cookies);
}
if (preg_match('/method="POST"/', $result['body'])) {
$body = $result['body'];
$action = null;
if (preg_match('|action="(.*?)"|', $body, $matches)) {
$action = $matches[1];
}
$data = array();
if (preg_match_all('|type="hidden" name="([^"]*?)" value="([^"]*?)"|', $body, $matches, PREG_SET_ORDER)) {
foreach ($matches as $m) {
$data[$m[1]] = htmlspecialchars_decode($m[2]);
}
}
foreach ($data as $k => $v) {
error_log('key : ' . $k);
error_log('value : ' . $v);
}
//error_log('WS-Fed Hack: ' . $result['body']);
error_log('Action : ' . $action);
if (empty($data) || empty($action)) {
throw new Exception('Could not get WS-Fed Form data....');
}
// getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10, $cookies = NULL) {
$this->getURLraw($action, $data, 'post');
}
$this->log('Accessed a page with neither a redirect nor a SAML message');
$this->log('body: ' . strip_tags($result['body']));
return $result;
}
/**
* ADFS PRP IDP protocol support for simpleSAMLphp.
*
* @author Hans Zandbelt, SURFnet BV. <*****@*****.**>
* @package simpleSAMLphp
* @version $Id$
*/
$config = SimpleSAML_Configuration::getInstance();
$adfsconfig = SimpleSAML_Configuration::getConfig('adfs-idp-hosted.php');
$session = SimpleSAML_Session::getInstance();
SimpleSAML_Logger::info('ADFS - IdP.SSOService: Accessing ADFS IdP endpoint SSOService');
try {
if (array_key_exists('entityId', $config)) {
$idpentityid = $config['entityId'];
} else {
$idpentityid = 'urn:federation:' . SimpleSAML_Utilities::getSelfHost() . ':idp';
}
} catch (Exception $exception) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
SimpleSAML_Logger::info('ADFS - IdP.SSOService: Accessing ADFS IdP endpoint SSOService');
function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes)
{
# $nameid = '*****@*****.**';
$issueInstant = SimpleSAML_Utilities::generateTimestamp();
$notBefore = SimpleSAML_Utilities::generateTimestamp(time() - 30);
$assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);
$assertionID = SimpleSAML_Utilities::generateID();
$nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
$result = '<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken>
<?php
/**
*
*
* @author Mathias Meisfjordskar, University of Oslo.
* <*****@*****.**>
* @package simpleSAMLphp
* @version $Id$
*/
$globalConfig = SimpleSAML_Configuration::getInstance();
setcookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'True', mktime(0, 0, 0, 1, 1, 2038), '/', SimpleSAML_Utilities::getSelfHost(), FALSE, TRUE);
$session = SimpleSAML_Session::getInstance();
$session->setData('negotiate:disable', 'session', FALSE, 24 * 60 * 60);
$t = new SimpleSAML_XHTML_Template($globalConfig, 'negotiate:disable.php');
$t->show();
<?php
/**
*
*
* @author Mathias Meisfjordskar, University of Oslo.
* <*****@*****.**>
* @package simpleSAMLphp
* @version $Id$
*/
$globalConfig = SimpleSAML_Configuration::getInstance();
setcookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'False', time() - 3600, '/', SimpleSAML_Utilities::getSelfHost(), FALSE, TRUE);
$session = SimpleSAML_Session::getInstance();
$session->setData('negotiate:disable', 'session', FALSE, 24 * 60 * 60);
$t = new SimpleSAML_XHTML_Template($globalConfig, 'negotiate:enable.php');
$t->show();
