Skip to content
Snippets Groups Projects
Commit 116529cd authored by Mads Freek Petersen's avatar Mads Freek Petersen
Browse files

Transplanted the consent code from saml2/idp/SSOService.php 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@588 44740490-163a-0410-bde0-09ae8108e29a
parent ba67ec8d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
www/shib13/idp/SSOService.php
+ 39
0
View file @ 116529cd
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
require_once('../../../www/_include.php'); require_once('../../../www/_include.php');
require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php'); require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Consent/Consent.php');
require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Session.php'); require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Session.php');
require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Logger.php'); require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Logger.php');
require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Metadata/MetaDataStorageHandler.php'); require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Metadata/MetaDataStorageHandler.php');
...@@ -144,6 +145,7 @@ if (!$session->isAuthenticated($authority) ) { ...@@ -144,6 +145,7 @@ if (!$session->isAuthenticated($authority) ) {
$spentityid = $requestcache['Issuer']; $spentityid = $requestcache['Issuer'];
$spmetadata = $metadata->getMetaData($spentityid, 'shib13-sp-remote'); $spmetadata = $metadata->getMetaData($spentityid, 'shib13-sp-remote');
$sp_name = (isset($spmetadata['name']) ? $spmetadata['name'] : $spentityid);
/* /*
* Attribute handling * Attribute handling
...@@ -173,7 +175,44 @@ if (!$session->isAuthenticated($authority) ) { ...@@ -173,7 +175,44 @@ if (!$session->isAuthenticated($authority) ) {
$filteredattributes = $afilter->getAttributes(); $filteredattributes = $afilter->getAttributes();
/*
* Dealing with attribute release consent.
*/
$requireconsent = false;
if (isset($idpmetadata['requireconsent'])) {
if (is_bool($idpmetadata['requireconsent'])) {
$requireconsent = $idpmetadata['requireconsent'];
} else {
throw new Exception('Shib1.3 IdP hosted metadata parameter [requireconsent] is in illegal format, must be a PHP boolean type.');
}
}
if ($requireconsent) {
$consent = new SimpleSAML_Consent_Consent($config, $session, $spentityid, $idpentityid, $attributes, $filteredattributes, $requestcache['ConsentCookie']);
if (!$consent->consent()) {
/* Save the request information. */
$authId = SimpleSAML_Utilities::generateID();
$session->setAuthnRequest('shib13', $authId, $requestcache);
$t = new SimpleSAML_XHTML_Template($config, 'consent.php', 'attributes.php');
$t->data['header'] = 'Consent';
$t->data['sp_name'] = $sp_name;
$t->data['attributes'] = $filteredattributes;
$t->data['consenturl'] = SimpleSAML_Utilities::selfURLNoQuery();
$t->data['requestid'] = $authId;
$t->data['consent_cookie'] = $requestcache['ConsentCookie'];
$t->data['usestorage'] = $consent->useStorage();
$t->data['noconsent'] = '/' . $config->getBaseURL() . 'noconsent.php';
$t->show();
exit;
}
}
// END ATTRIBUTE CONSENT CODE
// Generating a Shibboleth 1.3 Response. // Generating a Shibboleth 1.3 Response.
$ar = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata); $ar = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata);
$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'], $authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'],
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment