/** * Obtain a URL where we can redirect to securely post a form with the given data to a specific destination. * * @param string $destination The destination URL. * @param array $data An associative array containing the data to be posted to $destination. * * @return string A URL which allows to securely post a form to $destination. * * @author Jaime Perez, UNINETT AS <*****@*****.**> */ private static function getSecurePOSTRedirectURL($destination, $data) { $session = \SimpleSAML_Session::getSessionFromRequest(); $id = self::savePOSTData($session, $destination, $data); // encrypt the session ID and the random ID $info = base64_encode(Crypto::aesEncrypt($session->getSessionId() . ':' . $id)); $url = Module::getModuleURL('core/postredirect.php', array('RedirInfo' => $info)); return preg_replace('#^https:#', 'http:', $url); }
$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted'); $availableCerts = array(); $keys = array(); $certInfo = Crypto::loadPublicKey($idpmeta, false, 'new_'); if ($certInfo !== null) { $availableCerts['new_idp.crt'] = $certInfo; $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => true, 'X509Certificate' => $certInfo['certData']); $hasNewCert = true; } else { $hasNewCert = false; } $certInfo = Crypto::loadPublicKey($idpmeta, true); $availableCerts['idp.crt'] = $certInfo; $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => $hasNewCert ? false : true, 'X509Certificate' => $certInfo['certData']); if ($idpmeta->hasValue('https.certificate')) { $httpsCert = Crypto::loadPublicKey($idpmeta, true, 'https.'); assert('isset($httpsCert["certData"])'); $availableCerts['https.crt'] = $httpsCert; $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => false, 'X509Certificate' => $httpsCert['certData']); } $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid); $ssob = $metadata->getGenerated('SingleSignOnServiceBinding', 'saml20-idp-hosted'); $slob = $metadata->getGenerated('SingleLogoutServiceBinding', 'saml20-idp-hosted'); $ssol = $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'); $slol = $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted'); if (is_array($ssob)) { foreach ($ssob as $binding) { $metaArray['SingleSignOnService'][] = array('Binding' => $binding, 'Location' => $ssol); } } else { $metaArray['SingleSignOnService'][] = array('Binding' => $ssob, 'Location' => $ssol);