IdP/SAML2: Add https.certificate option

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2303 44740490-163a-0410-bde0-09ae8108e29a

IdP/SAML2: Add https.certificate option
0a29156b · Olav Morken · 3946cb84 · 0a29156b · 0a29156b · 0a29156b
Commit 0a29156b authored 14 years ago by Olav Morken
--- a/docs/simplesamlphp-reference-idp-hosted.txt
+++ b/docs/simplesamlphp-reference-idp-hosted.txt
@@ -156,6 +156,11 @@ The following SAML 2.0 options are available:
    any value in the SP-remote metadata overrides the one configured
    in the IdP metadata.

+`https.certificate`
+:   The certificate used by the webserver when handling connections.
+    This certificate will be added to the generated metadata of the IdP,
+    which is required by some SPs when using the HTTP-Artifact binding.
+
 `SingleSignOnService`
 :   Override the default URL for the SingleSignOnService for this
    IdP. This is an absolute URL. The default value is

--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -586,15 +586,15 @@ class SimpleSAML_Metadata_SAMLBuilder {
 	private function addCertificate(SAML2_XML_md_RoleDescriptor $rd, SimpleSAML_Configuration $metadata) {

 		$certInfo = SimpleSAML_Utilities::loadPublicKey($metadata);
-		if ($certInfo === NULL || !array_key_exists('certData', $certInfo)) {
-			/* No certificate to add. */
-			return;
+		if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
+			$certData = $certInfo['certData'];
+			$this->addX509KeyDescriptor($rd, 'signing', $certData);
+			$this->addX509KeyDescriptor($rd, 'encryption', $certData);
 		}

-		$certData = $certInfo['certData'];
-
-		$this->addX509KeyDescriptor($rd, 'signing', $certData);
-		$this->addX509KeyDescriptor($rd, 'encryption', $certData);
+		if ($metadata->hasValue('https.certData')) {
+			$this->addX509KeyDescriptor($rd, 'signing', $metadata->getString('https.certData'));
+		}
 	}

 }
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -60,6 +60,12 @@ try {
 		$metaArray['scope'] = $idpmeta->getArray('scope');
 	}

+	if ($idpmeta->hasValue('https.certificate')) {
+		$httpsCert = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE, 'https.');
+		assert('isset($httpsCert["certData"])');
+		$metaArray['https.certData'] = $httpsCert['certData'];
+	}
+

 	$metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';';