Loads a configuration from the given array.
public static loadFromArray ( array $config, string $location = '[ARRAY]', string | null $instance = null ) : SimpleSAML_Configuration | ||
$config | array | The configuration array. |
$location | string | The location which will be given when an error occurs. Optional. |
$instance | string | null | The name of this instance. If specified, the configuration will be loaded and an instance with that name will be kept for it to be retrieved later with getInstance($instance). If null, the configuration will not be kept for later use. Defaults to null. |
return | SimpleSAML_Configuration | The configuration object. |
/** * Handle authentication error. * * SimpleSAML_Error_Exception $exception The exception. * @param array $state The error state. */ public static function handleAuthError(SimpleSAML_Error_Exception $exception, array $state) { assert('isset($state["SPMetadata"])'); assert('isset($state["saml:ConsumerURL"])'); assert('array_key_exists("saml:RequestId", $state)'); // Can be NULL. assert('array_key_exists("saml:RelayState", $state)'); // Can be NULL. $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']'); $requestId = $state['saml:RequestId']; $relayState = $state['saml:RelayState']; $consumerURL = $state['saml:ConsumerURL']; $protocolBinding = $state['saml:Binding']; $idp = SimpleSAML_IdP::getByState($state); $idpMetadata = $idp->getConfig(); $error = sspmod_saml_Error::fromException($exception); SimpleSAML_Logger::warning('Returning error to sp: ' . var_export($spEntityId, TRUE)); $error->logWarning(); $ar = self::buildResponse($idpMetadata, $spMetadata, $consumerURL); $ar->setInResponseTo($requestId); $ar->setRelayState($relayState); $ar->setStatus(array('Code' => $error->getStatus(), 'SubCode' => $error->getSubStatus(), 'Message' => $error->getStatusMessage())); $binding = SAML2_Binding::getBinding($protocolBinding); $binding->send($ar); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); $cfgHelper = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE)); $this->orgs = array(); $this->ldapOrgs = array(); foreach ($config as $name => $value) { if ($name === 'username_organization_method') { $usernameOrgMethod = $cfgHelper->getValueValidate('username_organization_method', array('none', 'allow', 'force')); $this->setUsernameOrgMethod($usernameOrgMethod); continue; } if ($name === 'include_organization_in_username') { $this->includeOrgInUsername = $cfgHelper->getBoolean('include_organization_in_username', FALSE); continue; } $orgCfg = $cfgHelper->getArray($name); $orgId = $name; if (array_key_exists('description', $orgCfg)) { $this->orgs[$orgId] = $orgCfg['description']; } else { $this->orgs[$orgId] = $orgId; } $orgCfg = new sspmod_ldap_ConfigHelper($orgCfg, 'Authentication source ' . var_export($this->authId, TRUE) . ', organization ' . var_export($orgId, TRUE)); $this->ldapOrgs[$orgId] = $orgCfg; } }
/** * Test the SimpleSAML\Utils\Time::initTimezone() method. * * @covers SimpleSAML\Utils\Time::initTimezone */ public function testInitTimezone() { $tz = 'UTC'; $os = @date_default_timezone_get(); if ($os === 'UTC') { // avoid collisions $tz = 'Europe/Oslo'; } // test guessing timezone from the OS \SimpleSAML_Configuration::loadFromArray(array('timezone' => null), '[ARRAY]', 'simplesaml'); @Time::initTimezone(); $this->assertEquals($os, @date_default_timezone_get()); // clear initialization $c = new \ReflectionProperty('\\SimpleSAML\\Utils\\Time', 'tz_initialized'); $c->setAccessible(true); $c->setValue(false); // test unknown timezone \SimpleSAML_Configuration::loadFromArray(array('timezone' => 'INVALID'), '[ARRAY]', 'simplesaml'); try { @Time::initTimezone(); $this->fail('Failed to recognize an invalid timezone.'); } catch (\SimpleSAML_Error_Exception $e) { $this->assertEquals('Invalid timezone set in the "timezone" option in config.php.', $e->getMessage()); } // test a valid timezone \SimpleSAML_Configuration::loadFromArray(array('timezone' => $tz), '[ARRAY]', 'simplesaml'); @Time::initTimezone(); $this->assertEquals($tz, @date_default_timezone_get()); // make sure initialization happens only once \SimpleSAML_Configuration::loadFromArray(array('timezone' => 'Europe/Madrid'), '[ARRAY]', 'simplesaml'); @Time::initTimezone(); $this->assertEquals($tz, @date_default_timezone_get()); }
/** * Construct * * @param array $authSourceconfig Configuration array for the selected authsource * @param array $writeConfig Configuration array for the selected catalogue backend * @param array $attributes The user attributes to be saved */ public function __construct($authSourceConfig, $writeConfig, $attributes, $hashAlgo) { $asc = SimpleSAML_Configuration::loadFromArray($authSourceConfig); try { $this->dbh = new PDO($asc->getString('dsn'), $asc->getString('username'), $asc->getString('password')); } catch (PDOException $e) { throw new Exception($e->getMessage()); } $driver = explode(':', $asc->getString('dsn'), 2); $driver = strtolower($driver[0]); /* Driver specific initialization. */ switch ($driver) { case 'mysql': /* Use UTF-8. */ $this->dbh->exec("SET NAMES utf8"); $this->dbh->exec("SET CHARACTER SET utf8;"); break; case 'pgsql': /* Use UTF-8. */ $this->dbh->exec("SET NAMES 'UTF8'"); break; } $this->dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $this->attributes = $attributes; $this->hashAlgo = $hashAlgo; $this->salt = bin2hex(SimpleSAML_Utilities::generateRandomBytes(64, FALSE)); $wc = SimpleSAML_Configuration::loadFromArray($writeConfig); $this->userIdAttr = $wc->getString('user.id.param'); }
/** * Send a response to the SP. * * @param array $state The authentication state. */ public static function sendResponse(array $state) { assert('isset($state["Attributes"])'); assert('isset($state["SPMetadata"])'); assert('isset($state["saml:shire"])'); assert('array_key_exists("saml:target", $state)'); // Can be NULL $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']'); SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE)); $attributes = $state['Attributes']; $shire = $state['saml:shire']; $target = $state['saml:target']; $idp = SimpleSAML_IdP::getByState($state); $idpMetadata = $idp->getConfig(); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'protocol' => 'saml1'); if (isset($state['saml:AuthnRequestReceivedAt'])) { $statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt']; } SimpleSAML_Stats::log('saml:idp:Response', $statsData); // Generate and send response. $ar = new SimpleSAML_XML_Shib13_AuthnResponse(); $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes); $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata); $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); // Parse configuration. $config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, true)); $this->servers = $config->getArray('servers', array()); /* For backwards compatibility. */ if (empty($this->servers)) { $this->hostname = $config->getString('hostname'); $this->port = $config->getIntegerRange('port', 1, 65535, 1812); $this->secret = $config->getString('secret'); $this->servers[] = array('hostname' => $this->hostname, 'port' => $this->port, 'secret' => $this->secret); } $this->timeout = $config->getInteger('timeout', 5); $this->retries = $config->getInteger('retries', 3); $this->realm = $config->getString('realm', null); $this->usernameAttribute = $config->getString('username_attribute', null); $this->nasIdentifier = $config->getString('nas_identifier', \SimpleSAML\Utils\HTTP::getSelfHost()); $this->vendor = $config->getInteger('attribute_vendor', null); if ($this->vendor !== null) { $this->vendorType = $config->getInteger('attribute_vendor_type'); } }
protected function createLogoutResponse($testrun, $logoutRequest, $logoutRelayState) { $this->log($testrun, 'Creating response with relaystate [' . $logoutRelayState . ']'); $idpMetadata = SimpleSAML_Configuration::loadFromArray($this->idpmetadata); $spMetadata = SimpleSAML_Configuration::loadFromArray($this->metadata); // Get SingleLogoutService URL $consumerURLf = $spMetadata->getDefaultEndpoint('SingleLogoutService', array('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect')); $consumerURL = $consumerURLf['Location']; /* Create an send response. */ $response = sspmod_saml2_Message::buildLogoutResponse($idpMetadata, $spMetadata); $response->setRelayState($logoutRequest->getRelayState()); $response->setInResponseTo($logoutRequest->getId()); $keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE); $certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE); $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private')); $privateKey->loadKey($keyArray['PEM'], FALSE); $response->setSignatureKey($privateKey); if ($certArray === NULL) { throw new Exception('No certificates found. [1]'); } if (!array_key_exists('PEM', $certArray)) { throw new Exception('No certificates found. [2]'); } $response->setCertificates(array($certArray['PEM'])); #$this->tweakResponse($testrun, $response); $msgStr = $response->toUnsignedXML(); #$this->tweakResponseDOM($testrun, $msgStr); $msgStr = $msgStr->ownerDocument->saveXML($msgStr); # echo '<pre>'; echo(htmlspecialchars($msgStr)); exit; # $msgStr = base64_encode($msgStr); # $msgStr = htmlspecialchars($msgStr); return array('url' => $consumerURL, 'Response' => $msgStr, 'ResponseObj' => $response, 'RelayState' => $logoutRelayState); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); /* Parse configuration. */ $config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE)); $this->servers = $config->getArray('servers', array()); /* For backwards compatibility. */ if (empty($this->servers)) { $this->hostname = $config->getString('hostname'); $this->port = $config->getIntegerRange('port', 1, 65535, 1812); $this->secret = $config->getString('secret'); $this->servers[] = array('hostname' => $this->hostname, 'port' => $this->port, 'secret' => $this->secret); } $this->timeout = $config->getInteger('timeout', 5); $this->retries = $config->getInteger('retries', 3); $this->usernameAttribute = $config->getString('username_attribute', NULL); $this->nasIdentifier = $config->getString('nas_identifier', isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost'); $this->vendor = $config->getInteger('attribute_vendor', NULL); if ($this->vendor !== NULL) { $this->vendorType = $config->getInteger('attribute_vendor_type'); } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config The configuration of the module * * @throws Exception If the KRB5 extension is not installed or active. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); if (!extension_loaded('krb5')) { throw new Exception('KRB5 Extension not installed'); } // call the parent constructor first, as required by the interface parent::__construct($info, $config); $config = SimpleSAML_Configuration::loadFromArray($config); $this->backend = $config->getString('fallback'); $this->hostname = $config->getString('hostname'); $this->port = $config->getInteger('port', 389); $this->referrals = $config->getBoolean('referrals', true); $this->enableTLS = $config->getBoolean('enable_tls', false); $this->debugLDAP = $config->getBoolean('debugLDAP', false); $this->timeout = $config->getInteger('timeout', 30); $this->keytab = $config->getString('keytab'); $this->base = $config->getArrayizeString('base'); $this->attr = $config->getString('attr', 'uid'); $this->subnet = $config->getArray('subnet', null); $this->admin_user = $config->getString('adminUser', null); $this->admin_pw = $config->getString('adminPassword', null); $this->attributes = $config->getArray('attributes', null); }
/** * Initialize this filter, parse configuration * * @param array $config Configuration information about this filter. * @param mixed $reserved For future use. */ public function __construct($config, $reserved) { parent::__construct($config, $reserved); assert('is_array($config)'); $config = SimpleSAML_Configuration::loadFromArray($config, 'ScopeFromAttribute'); $this->targetAttribute = $config->getString('targetAttribute'); $this->sourceAttribute = $config->getString('sourceAttribute'); }
/** * CriticalConfigurationError constructor. * * @param string|null $reason The reason for this critical error. * @param string|null $file The configuration file that originated this error. * @param array|null The configuration array that led to this problem. */ public function __construct($reason = null, $file = null, $config = null) { if ($config === null) { $config = self::$minimum_config; $config['baseurlpath'] = \SimpleSAML\Utils\HTTP::guessBasePath(); } \SimpleSAML_Configuration::loadFromArray($config, '', 'simplesaml'); parent::__construct($reason, $file); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); $cfgParse = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']'); $this->api_key = $cfgParse->getString('api_key'); $this->secret = $cfgParse->getString('secret'); $this->req_perms = $cfgParse->getString('req_perms', NULL); }
/** * Constructor for this metadata handler. * * Parses configuration. * * @param array $config The configuration for this metadata handler. */ public function __construct($config) { assert('is_array($config)'); $globalConfig = SimpleSAML_Configuration::getInstance(); $cfgHelp = SimpleSAML_Configuration::loadFromArray($config, 'serialize metadata source'); $this->directory = $cfgHelp->getString('directory'); /* Resolve this directory relative to the simpleSAMLphp directory (unless it is * an absolute path). */ $this->directory = $globalConfig->resolvePath($this->directory); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); $configObject = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']'); $this->key = $configObject->getString('key'); $this->secret = $configObject->getString('secret'); $this->force_login = $configObject->getBoolean('force_login', FALSE); }
/** * @param SAML2_Response $response * @param SimpleSAML_Configuration $idpConfig */ private function addSigns(SAML2_Response $response, SimpleSAML_Configuration $idpConfig) { $assertions = $response->getAssertions(); $className = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getMessageUtilClassName(); // Special case the 'normal' message verification class name so we have IDE support. if ($className === 'sspmod_saml_Message') { sspmod_saml_Message::addSign($idpConfig, SimpleSAML_Configuration::loadFromArray(array()), $assertions[0]); return; } $className::addSign($idpConfig, SimpleSAML_Configuration::loadFromArray(array()), $assertions[0]); }
/** * Test SimpleSAML\Locale\Translate::t(). */ public function testTFallback() { $c = \SimpleSAML_Configuration::loadFromArray(array()); $t = new Translate($c); $testString = 'Blablabla'; // $fallbackdefault = true $result = 'not translated (' . $testString . ')'; $this->assertEquals($result, $t->t($testString)); // $fallbackdefault = false, should be a noop $this->assertEquals($testString, $t->t($testString, array(), false)); }
/** * Test SimpleSAML\Locale\Localization::activateDomain(). */ public function testAddDomain() { $c = \SimpleSAML_Configuration::loadFromArray(array('language.i18n.backend' => 'gettext/gettext')); $l = new Localization($c); $newDomain = 'test'; $newDomainLocaleDir = $l->getLocaleDir(); $l->addDomain($newDomainLocaleDir, $newDomain); $registeredDomains = $l->getRegisteredDomains(); $this->assertArrayHasKey($newDomain, $registeredDomains); $this->assertEquals($registeredDomains[$newDomain], $newDomainLocaleDir); }
public function getMetadata() { $idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php'; $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleSignOnService.php', 'SingleLogoutService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleLogoutService.php', 'certificate' => 'server.crt'); $metaArrayConfig = SimpleSAML_Configuration::loadFromArray($metaArray); $certInfo = SimpleSAML_Utilities::loadPublicKey($metaArrayConfig, TRUE); $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); $metaBuilder->addMetadataIdP20($metaArray); $metaBuilder->addOrganizationInfo($metaArray); $metaBuilder->addContact('technical', array('emailAddress' => $this->config->getString('technicalcontact_email', NULL), 'name' => $this->config->getString('technicalcontact_name', NULL))); $metaxml = $metaBuilder->getEntityDescriptorText(); return $metaxml; }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); $cfgParse = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE)); $this->target = $cfgParse->getString('target', NULL); $this->realm = $cfgParse->getString('realm', NULL); $this->optionalAttributes = $cfgParse->getArray('attributes.optional', array()); $this->requiredAttributes = $cfgParse->getArray('attributes.required', array()); $this->optionalAXAttributes = $cfgParse->getArray('attributes.ax_optional', array()); $this->requiredAXAttributes = $cfgParse->getArray('attributes.ax_required', array()); $this->validateSReg = $cfgParse->getBoolean('sreg.validate', TRUE); }
/** * Constructor for this configuration parser. * * @param array $config Configuration. * @param string $location The location of this configuration. Used for error reporting. */ public function __construct($config, $location) { assert('is_array($config)'); assert('is_string($location)'); $this->location = $location; /* Parse configuration. */ $config = SimpleSAML_Configuration::loadFromArray($config, $location); $this->drupalroot = $config->getString('drupalroot'); $this->debug = $config->getBoolean('debug', FALSE); $this->attributes = $config->getArray('attributes', NULL); $this->cookie_name = $config->getString('cookie_name', 'drupalauth4ssp'); $this->drupal_logout_url = $config->getString('drupal_logout_url', NULL); $this->drupal_login_url = $config->getString('drupal_login_url', NULL); }
/** * Test SimpleSAML\Utils\HTTP::getSelfHostWithPort(), with and without custom port. */ public function testGetSelfHostWithPort() { \SimpleSAML_Configuration::loadFromArray(array('baseurlpath' => ''), '[ARRAY]', 'simplesaml'); // standard port for HTTP $_SERVER['SERVER_PORT'] = '80'; $this->assertEquals('localhost', HTTP::getSelfHostWithNonStandardPort()); // non-standard port $_SERVER['SERVER_PORT'] = '3030'; $this->assertEquals('localhost:3030', HTTP::getSelfHostWithNonStandardPort()); // standard port for HTTPS $_SERVER['HTTPS'] = 'on'; $_SERVER['SERVER_PORT'] = '443'; $this->assertEquals('localhost', HTTP::getSelfHostWithNonStandardPort()); }
/** * Hook to run a cron job. * * @param array &$croninfo Output */ function metarefresh_hook_cron(&$croninfo) { assert('is_array($croninfo)'); assert('array_key_exists("summary", $croninfo)'); assert('array_key_exists("tag", $croninfo)'); SimpleSAML_Logger::info('cron [metarefresh]: Running cron in cron tag [' . $croninfo['tag'] . '] '); try { $config = SimpleSAML_Configuration::getInstance(); $mconfig = SimpleSAML_Configuration::getConfig('config-metarefresh.php'); $sets = $mconfig->getConfigList('sets'); foreach ($sets as $setkey => $set) { // Only process sets where cron matches the current cron tag. $cronTags = $set->getArray('cron'); if (!in_array($croninfo['tag'], $cronTags)) { continue; } SimpleSAML_Logger::info('cron [metarefresh]: Executing set [' . $setkey . ']'); $expireAfter = $set->getInteger('expireAfter', NULL); if ($expireAfter !== NULL) { $expire = time() + $expireAfter; } else { $expire = NULL; } $metaloader = new sspmod_metarefresh_MetaLoader($expire); foreach ($set->getArray('sources') as $source) { SimpleSAML_Logger::debug('cron [metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']'); $metaloader->loadSource($source); } $outputDir = $set->getString('outputDir'); $outputDir = $config->resolvePath($outputDir); $outputFormat = $set->getValueValidate('outputFormat', array('flatfile', 'serialize'), 'flatfile'); switch ($outputFormat) { case 'flatfile': $metaloader->writeMetadataFiles($outputDir); break; case 'serialize': $metaloader->writeMetadataSerialize($outputDir); break; } if ($set->hasValue('arp')) { $arpconfig = SimpleSAML_Configuration::loadFromArray($set->getValue('arp')); $metaloader->writeARPfile($arpconfig); } } } catch (Exception $e) { $croninfo['summary'][] = 'Error during metarefresh: ' . $e->getMessage(); } }
/** * Construct * * @param array $authSourceconfig Configuration array for the selected authsource * @param array $ldapWriteConfig Configuration array for the selected catalogue backend * @param array $attributes The user attributes to be saved */ public function __construct($authSourceConfig, $ldapWriteConfig, $attributes) { $asc = SimpleSAML_Configuration::loadFromArray($authSourceConfig); parent::__construct($asc->getString('hostname'), $asc->getBoolean('enable_tls', FALSE), $asc->getBoolean('debug', FALSE), $asc->getInteger('timeout', 0)); $this->searchBase = $asc->getArrayize('search.base'); $this->dnPattern = $asc->getString('dnpattern'); $this->searchDn = $asc->getString('search.username', NULL); $this->searchPw = $asc->getString('search.password', NULL); $lwc = SimpleSAML_Configuration::loadFromArray($ldapWriteConfig); $this->adminDn = $lwc->getString('admin.dn'); $this->adminPw = $lwc->getString('admin.pw'); $this->objectClass = $lwc->getArray('objectClass'); $this->userIdAttr = $lwc->getString('user.id.param', 'uid'); $this->pswEncrypt = $lwc->getString('psw.encrypt', 'sha1'); $this->attributes = $attributes; }
/** * Constructor for SAML SP authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!isset($config['entityID'])) { $config['entityID'] = $this->getMetadataURL(); } /* For compatibility with code that assumes that $metadata->getString('entityid') gives the entity id. */ $config['entityid'] = $config['entityID']; $this->metadata = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']'); $this->entityId = $this->metadata->getString('entityID'); $this->idp = $this->metadata->getString('idp', NULL); $this->discoURL = $this->metadata->getString('discoURL', NULL); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); $cfg = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, true)); $cfg->getValueValidate('type', array('app'), 'app'); $this->app_id = $cfg->getString('app_id'); $this->private_key = $cfg->getString('private_key', null); // accept these arguments with '_' for consistency // accept these arguments without '_' for backwards compatibility $this->server_id = $cfg->getString('serverid', null); if ($this->server_id === null) { $this->server_id = $cfg->getString('server_id'); } $this->server_url = $cfg->getString('serverurl', null); if ($this->server_url === null) { $this->server_url = $cfg->getString('server_url'); } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); /* Parse configuration. */ $config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE)); $this->hostname = $config->getString('hostname'); $this->port = $config->getIntegerRange('port', 1, 65535, 1812); $this->secret = $config->getString('secret'); $this->timeout = $config->getInteger('timeout', 5); $this->retries = $config->getInteger('retries', 3); $this->usernameAttribute = $config->getString('username_attribute', NULL); $this->vendor = $config->getInteger('attribute_vendor', NULL); if ($this->vendor !== NULL) { $this->vendorType = $config->getInteger('attribute_vendor_type'); } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config The configuration of the module */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); parent::__construct($info, $config); $config = SimpleSAML_Configuration::loadFromArray($config); $this->ldap_hostname = $config->getString('ldap.hostname'); $this->ldap_port = $config->getString('ldap.port', 389); $this->ldap_timeout = $config->getString('ldap.timeout', 10); $this->ldap_enableTLS = $config->getString('ldap.enableTLS', false); $this->ldap_debug = $config->getString('ldap.debug', false); $this->ldap_referrals = $config->getString('ldap.referrals', true); $this->ldap_admin_user = $config->getString('ldap.admin_user', null); $this->ldap_admin_password = $config->getString('ldap.admin_password', null); $this->ldap_base = $config->getArrayizeString('ldap.base'); $this->ldap_identifier = $config->getString('ldap.identifier'); $this->attributes = $config->getArrayizeString('attributes', null); $this->subnets = $config->getArrayizeString('subnets', null); $this->subnets_exclude = $config->getArrayizeString('subnets_exclude', null); $this->auth_fallback = $config->getString('auth_fallback'); }
/** * Send a response to the SP. * * @param array $state The authentication state. */ public static function sendResponse(array $state) { assert('isset($state["Attributes"])'); assert('isset($state["SPMetadata"])'); assert('isset($state["saml:shire"])'); assert('array_key_exists("saml:target", $state)'); // Can be NULL. $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']'); SimpleSAML_Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE)); $attributes = $state['Attributes']; $shire = $state['saml:shire']; $target = $state['saml:target']; $idp = SimpleSAML_IdP::getByState($state); $idpMetadata = $idp->getConfig(); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); /* Generate and send response. */ $ar = new SimpleSAML_XML_Shib13_AuthnResponse(); $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes); $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata); $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire); }
/** * Test SimpleSAML\Utils\HTTP::checkURLAllowed(), with the regex as a * subdomain of an evil domain. */ public function testCheckURLAllowedWithRegexWithoutDelimiters() { $original = $_SERVER; \SimpleSAML_Configuration::loadFromArray(array('trusted.url.domains' => array('app\\.example\\.com'), 'trusted.url.regex' => true), '[ARRAY]', 'simplesaml'); $_SERVER['REQUEST_URI'] = '/module.php'; $this->setExpectedException('SimpleSAML_Error_Exception'); HTTP::checkURLAllowed('https://app.example.com.evil.com'); $_SERVER = $original; }
/** * Add metadata of a SAML attribute authority. * * @param array $metadata The AttributeAuthorityDescriptor, in the format returned by * SimpleSAML_Metadata_SAMLParser. */ public function addAttributeAuthority(array $metadata) { assert('is_array($metadata)'); assert('isset($metadata["entityid"])'); assert('isset($metadata["metadata-set"])'); $metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']); $e = new \SAML2\XML\md\AttributeAuthorityDescriptor(); $e->protocolSupportEnumeration = $metadata->getArray('protocols', array()); $this->addExtensions($metadata, $e); $this->addCertificate($e, $metadata); $e->AttributeService = self::createEndpoints($metadata->getEndpoints('AttributeService'), false); $e->AssertionIDRequestService = self::createEndpoints($metadata->getEndpoints('AssertionIDRequestService'), false); $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', array()); $this->entityDescriptor->RoleDescriptor[] = $e; }