From 0a29156b16b99b49027fd2626937fa54cd4a65ea Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Wed, 19 May 2010 09:26:36 +0000 Subject: [PATCH] IdP/SAML2: Add https.certificate option git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2303 44740490-163a-0410-bde0-09ae8108e29a --- docs/simplesamlphp-reference-idp-hosted.txt | 5 +++++ lib/SimpleSAML/Metadata/SAMLBuilder.php | 14 +++++++------- www/saml2/idp/metadata.php | 6 ++++++ 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/docs/simplesamlphp-reference-idp-hosted.txt b/docs/simplesamlphp-reference-idp-hosted.txt index ca70f4f64..9e2d14d09 100644 --- a/docs/simplesamlphp-reference-idp-hosted.txt +++ b/docs/simplesamlphp-reference-idp-hosted.txt @@ -156,6 +156,11 @@ The following SAML 2.0 options are available: any value in the SP-remote metadata overrides the one configured in the IdP metadata. +`https.certificate` +: The certificate used by the webserver when handling connections. + This certificate will be added to the generated metadata of the IdP, + which is required by some SPs when using the HTTP-Artifact binding. + `SingleSignOnService` : Override the default URL for the SingleSignOnService for this IdP. This is an absolute URL. The default value is diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php index aeffb1af6..edd176e52 100644 --- a/lib/SimpleSAML/Metadata/SAMLBuilder.php +++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php @@ -586,15 +586,15 @@ class SimpleSAML_Metadata_SAMLBuilder { private function addCertificate(SAML2_XML_md_RoleDescriptor $rd, SimpleSAML_Configuration $metadata) { $certInfo = SimpleSAML_Utilities::loadPublicKey($metadata); - if ($certInfo === NULL || !array_key_exists('certData', $certInfo)) { - /* No certificate to add. */ - return; + if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) { + $certData = $certInfo['certData']; + $this->addX509KeyDescriptor($rd, 'signing', $certData); + $this->addX509KeyDescriptor($rd, 'encryption', $certData); } - $certData = $certInfo['certData']; - - $this->addX509KeyDescriptor($rd, 'signing', $certData); - $this->addX509KeyDescriptor($rd, 'encryption', $certData); + if ($metadata->hasValue('https.certData')) { + $this->addX509KeyDescriptor($rd, 'signing', $metadata->getString('https.certData')); + } } } diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php index 965fa3914..9cd1f9601 100644 --- a/www/saml2/idp/metadata.php +++ b/www/saml2/idp/metadata.php @@ -60,6 +60,12 @@ try { $metaArray['scope'] = $idpmeta->getArray('scope'); } + if ($idpmeta->hasValue('https.certificate')) { + $httpsCert = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE, 'https.'); + assert('isset($httpsCert["certData"])'); + $metaArray['https.certData'] = $httpsCert['certData']; + } + $metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';'; -- GitLab