Skip to content
Snippets Groups Projects
Commit 133fd05f authored by Thijs Kinkhorst's avatar Thijs Kinkhorst Committed by GitHub
Browse files

Merge pull request #481 from tvdijen/patch-5 

PSR-2 fix for ADFS module
parents 05ab9308 da4ef8da
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 322 additions and 301 deletions
modules/adfs/lib/IdP/ADFS.php
+ 212
195
View file @ 133fd05f
<?php
class sspmod_adfs_IdP_ADFS {
public static function receiveAuthnRequest(SimpleSAML_IdP $idp) {
try {
// accomodate for disfunctional $_GET "windows" slash decoding in PHP
$wctx = $_GET['wctx'];
foreach (explode('&', $_SERVER['REQUEST_URI']) as $e) {
$a = explode('=', $e);
if ($a[0] == 'wctx') $wctx = urldecode($a[1]);
}
$requestid = $wctx;
$issuer = $_GET['wtrealm'];
$requestcache = array(
'RequestID' => $requestid,
'Issuer' => $issuer,
'RelayState' => $requestid
);
$spEntityId = $requestcache['Issuer'];
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'adfs-sp-remote');
SimpleSAML\Logger::info('ADFS - IdP.prp: Incoming Authentication request: '.$issuer.' id '.$requestid);
} catch(Exception $exception) {
throw new SimpleSAML_Error_Error('PROCESSAUTHNREQUEST', $exception);
}
$sessionLostURL = NULL; // TODO?
$forceAuthn = FALSE;
$isPassive = FALSE;
$state = array(
'Responder' => array('sspmod_adfs_IdP_ADFS', 'sendResponse'),
'SPMetadata' => $spMetadata->toArray(),
'ForceAuthn' => $forceAuthn,
'isPassive' => $isPassive,
'adfs:wctx' => $wctx,
);
$idp->handleAuthenticationRequest($state);
}
public static function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes) {
$issueInstant = SimpleSAML\Utils\Time::generateTimestamp();
$notBefore = SimpleSAML\Utils\Time::generateTimestamp(time() - 30);
$assertionExpire = SimpleSAML\Utils\Time::generateTimestamp(time() + 60 * 5);
$assertionID = SimpleSAML\Utils\Random::generateID();
$nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
$result =
'<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken>
<saml:Assertion Issuer="' . $issuer . '" IssueInstant="' . $issueInstant . '" AssertionID="' . $assertionID . '" MinorVersion="1" MajorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotOnOrAfter="' . $assertionExpire . '" NotBefore="' . $notBefore . '">
<saml:AudienceRestrictionCondition>
<saml:Audience>' . $target .'</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="' . $issueInstant . '">
<saml:Subject>
<saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
</saml:Subject>';
foreach ($attributes as $name => $values) {
if ((!is_array($values)) || (count($values) == 0)) continue;
$hasValue = FALSE;
$r = '<saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="' . htmlspecialchars($name) .'">';
foreach ($values as $value) {
if ( (!isset($value)) || ($value === '')) continue;
$r .= '<saml:AttributeValue>' . htmlspecialchars($value) . '</saml:AttributeValue>';
$hasValue = TRUE;
}
$r .= '</saml:Attribute>';
if ($hasValue) $result .= $r;
}
$result .= '
</saml:AttributeStatement>
</saml:Assertion>
class sspmod_adfs_IdP_ADFS
{
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
try {
parse_str($_SERVER['QUERY_STRING'], $query);
$requestid = $query['wctx'];
$issuer = $query['wtrealm'];
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($issuer, 'adfs-sp-remote');
SimpleSAML\Logger::info('ADFS - IdP.prp: Incoming Authentication request: '.$issuer.' id '.$requestid);
} catch(Exception $exception) {
throw new SimpleSAML_Error_Error('PROCESSAUTHNREQUEST', $exception);
}
$state = array(
'Responder' => array('sspmod_adfs_IdP_ADFS', 'sendResponse'),
'SPMetadata' => $spMetadata->toArray(),
'ForceAuthn' => false,
'isPassive' => false,
'adfs:wctx' => $requestid,
);
$idp->handleAuthenticationRequest($state);
}
private static function generateResponse($issuer, $target, $nameid, $attributes)
{
$issueInstant = SimpleSAML\Utils\Time::generateTimestamp();
$notBefore = SimpleSAML\Utils\Time::generateTimestamp(time() - 30);
$assertionExpire = SimpleSAML\Utils\Time::generateTimestamp(time() + 60 * 5);
$assertionID = SimpleSAML\Utils\Random::generateID();
$nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
$nameid = htmlspecialchars($nameid);
$result = <<<MSG
<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken>
<saml:Assertion Issuer="$issuer" IssueInstant="$issueInstant" AssertionID="$assertionID" MinorVersion="1" MajorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotOnOrAfter="$assertionExpire" NotBefore="$notBefore">
<saml:AudienceRestrictionCondition>
<saml:Audience>$target</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="$issueInstant">
<saml:Subject>
<saml:NameIdentifier Format="$nameidFormat">$nameid</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier Format="$nameidFormat">$nameid</saml:NameIdentifier>
</saml:Subject>
MSG;
foreach ($attributes as $name => $values) {
if ((!is_array($values)) || (count($values) == 0)) {
continue;
}
$name = htmlspecialchars($name);
foreach ($values as $value) {
if ((!isset($value)) || ($value === '')) {
continue;
}
$value = htmlspecialchars($value);
$result .= <<<MSG
<saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="$name">
<saml:AttributeValue>$value</saml:AttributeValue>
</saml:Attribute>
MSG;
}
}
$result .= <<<MSG
</saml:AttributeStatement>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsa:Address>' . $target . '</wsa:Address>
</wsa:EndpointReference></wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>';
return $result;
}
public static function ADFS_SignResponse($response, $key, $cert) {
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys = array('AssertionID');
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
array('id_name' => 'AssertionID'));
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
$objKey->loadKey($key, TRUE);
$objXMLSecDSig->sign($objKey);
if ($cert) {
$public_cert = file_get_contents($cert);
$objXMLSecDSig->add509Cert($public_cert, TRUE);
}
$newSig = $responsedom->importNode($objXMLSecDSig->sigNode, TRUE);
$firstassertionroot->appendChild($newSig);
return $responsedom->saveXML();
}
public static function ADFS_PostResponse($url, $wresult, $wctx) {
print '
<body onload="document.forms[0].submit()"><form method="post" action="' . $url . '" enctype="multipart/form-data">
<input type="hidden" name="wa" value="wsignin1.0">
<input type="hidden" name="wresult" value="' . htmlspecialchars($wresult) . '">
<input type="hidden" name="wctx" value="' . htmlspecialchars($wctx) . '">
<noscript><input type="submit" value="Continue"></noscript>
</form></body>';
exit;
}
public static function sendResponse(array $state) {
$spMetadata = $state["SPMetadata"];
$spEntityId = $spMetadata['entityid'];
$spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata,
'$metadata[' . var_export($spEntityId, TRUE) . ']');
$attributes = $state['Attributes'];
$nameidattribute = $spMetadata->getValue('simplesaml.nameidattribute');
if (!empty($nameidattribute)) {
if (!array_key_exists($nameidattribute, $attributes)) {
throw new Exception('simplesaml.nameidattribute does not exist in resulting attribute set');
}
$nameid = $attributes[$nameidattribute][0];
} else {
$nameid = SimpleSAML\Utils\Random::generateID();
}
$idp = SimpleSAML_IdP::getByState($state);
$idpMetadata = $idp->getConfig();
$idpEntityId = $idpMetadata->getString('entityid');
$idp->addAssociation(array(
'id' => 'adfs:' . $spEntityId,
'Handler' => 'sspmod_adfs_IdP_ADFS',
'adfs:entityID' => $spEntityId,
));
$response = sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse($idpEntityId, $spEntityId, $nameid, $attributes);
$privateKeyFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('privatekey'));
$certificateFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('certificate'));
$wresult = sspmod_adfs_IdP_ADFS::ADFS_SignResponse($response, $privateKeyFile, $certificateFile);
$wctx = $state['adfs:wctx'];
sspmod_adfs_IdP_ADFS::ADFS_PostResponse($spMetadata->getValue('prp'), $wresult, $wctx);
}
/*
public static function handleAuthError(SimpleSAML_Error_Exception $exception, array $state) {
}
*/
public static function sendLogoutResponse(SimpleSAML_IdP $idp, array $state) {
// NB:: we don't know from which SP the logout request came from
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
\SimpleSAML\Utils\HTTP::redirectTrustedURL($idpMetadata->getValue('redirect-after-logout', \SimpleSAML\Utils\HTTP::getBaseURL()));
}
public static function receiveLogoutMessage(SimpleSAML_IdP $idp) {
// if a redirect is to occur based on wreply, we will redirect to url as
// this implies an override to normal sp notification
if(isset($_GET['wreply']) && !empty($_GET['wreply'])) {
$idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['wreply']));
assert(FALSE);
}
$state = array(
'Responder' => array('sspmod_adfs_IdP_ADFS', 'sendLogoutResponse'),
);
$assocId = NULL;
// TODO: verify that this is really no problem for:
// a) SSP, because there's no caller SP.
// b) ADFS SP because caller will be called back..
$idp->handleLogoutRequest($state, $assocId);
}
// accepts an association array, and returns a URL that can be accessed to terminate the association
public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState) {
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($association['adfs:entityID'], 'adfs-sp-remote');
$returnTo = SimpleSAML\Module::getModuleURL('adfs/idp/prp.php?assocId=' . urlencode($association["id"]) . '&relayState=' . urlencode($relayState));
return $spMetadata->getValue('prp') . '?' . 'wa=wsignoutcleanup1.0&wreply=' . urlencode($returnTo);
}
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsa:Address>$target</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>
MSG;
return $result;
}
private static function signResponse($response, $key, $cert)
{
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys = array('AssertionID');
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
$objXMLSecDSig->addReferenceList(
array($firstassertionroot), XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
array('id_name' => 'AssertionID')
);
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
$objKey->loadKey($key, true);
$objXMLSecDSig->sign($objKey);
if ($cert) {
$public_cert = file_get_contents($cert);
$objXMLSecDSig->add509Cert($public_cert, true);
}
$newSig = $responsedom->importNode($objXMLSecDSig->sigNode, true);
$firstassertionroot->appendChild($newSig);
return $responsedom->saveXML();
}
private static function postResponse($url, $wresult, $wctx)
{
$wresult = htmlspecialchars($wresult);
$wctx = htmlspecialchars($wctx);
$post = <<<MSG
<body onload="document.forms[0].submit()">
<form method="post" action="$url">
<input type="hidden" name="wa" value="wsignin1.0">
<input type="hidden" name="wresult" value="$wresult">
<input type="hidden" name="wctx" value="$wctx">
<noscript>
<input type="submit" value="Continue">
</noscript>
</form>
</body>
MSG;
echo $post;
exit;
}
public static function sendResponse(array $state)
{
$spMetadata = $state["SPMetadata"];
$spEntityId = $spMetadata['entityid'];
$spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata,
'$metadata[' . var_export($spEntityId, true) . ']');
$attributes = $state['Attributes'];
$nameidattribute = $spMetadata->getValue('simplesaml.nameidattribute');
if (!empty($nameidattribute)) {
if (!array_key_exists($nameidattribute, $attributes)) {
throw new Exception('simplesaml.nameidattribute does not exist in resulting attribute set');
}
$nameid = $attributes[$nameidattribute][0];
} else {
$nameid = SimpleSAML\Utils\Random::generateID();
}
$idp = SimpleSAML_IdP::getByState($state);
$idpMetadata = $idp->getConfig();
$idpEntityId = $idpMetadata->getString('entityid');
$idp->addAssociation(array(
'id' => 'adfs:' . $spEntityId,
'Handler' => 'sspmod_adfs_IdP_ADFS',
'adfs:entityID' => $spEntityId,
));
$response = sspmod_adfs_IdP_ADFS::generateResponse($idpEntityId, $spEntityId, $nameid, $attributes);
$privateKeyFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('privatekey'));
$certificateFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('certificate'));
$wresult = sspmod_adfs_IdP_ADFS::signResponse($response, $privateKeyFile, $certificateFile);
$wctx = $state['adfs:wctx'];
sspmod_adfs_IdP_ADFS::postResponse($spMetadata->getValue('prp'), $wresult, $wctx);
}
public static function sendLogoutResponse(SimpleSAML_IdP $idp, array $state)
{
// NB:: we don't know from which SP the logout request came from
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
\SimpleSAML\Utils\HTTP::redirectTrustedURL($idpMetadata->getValue('redirect-after-logout', \SimpleSAML\Utils\HTTP::getBaseURL()));
}
public static function receiveLogoutMessage(SimpleSAML_IdP $idp)
{
// if a redirect is to occur based on wreply, we will redirect to url as
// this implies an override to normal sp notification
if (isset($_GET['wreply']) && !empty($_GET['wreply'])) {
$idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['wreply']));
assert('false');
}
$state = array(
'Responder' => array('sspmod_adfs_IdP_ADFS', 'sendLogoutResponse'),
);
$assocId = null;
// TODO: verify that this is really no problem for:
// a) SSP, because there's no caller SP.
// b) ADFS SP because caller will be called back..
$idp->handleLogoutRequest($state, $assocId);
}
// accepts an association array, and returns a URL that can be accessed to terminate the association
public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState)
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($association['adfs:entityID'], 'adfs-sp-remote');
$returnTo = SimpleSAML\Module::getModuleURL('adfs/idp/prp.php?assocId=' . urlencode($association["id"]) . '&relayState=' . urlencode($relayState));
return $spMetadata->getValue('prp') . '?' . 'wa=wsignoutcleanup1.0&wreply=' . urlencode($returnTo);
}
}
modules/adfs/lib/SAML2/XML/fed/Const.php
+ 6
5
View file @ 133fd05f
......@@ -4,9 +4,10 @@
*
* @package SimpleSAMLphp
*/
class sspmod_adfs_SAML2_XML_fed_Const {
/**
* The namespace for WS-FED protocol.
*/
const NS_FED = 'http://docs.oasis-open.org/wsfed/federation/200706';
class sspmod_adfs_SAML2_XML_fed_Const
{
/**
* The namespace for WS-FED protocol.
*/
const NS_FED = 'http://docs.oasis-open.org/wsfed/federation/200706';
}
modules/adfs/lib/SAML2/XML/fed/Endpoint.php
+ 21
20
View file @ 133fd05f
......@@ -4,28 +4,29 @@
*
* @package SimpleSAMLphp
*/
class sspmod_adfs_SAML2_XML_fed_Endpoint {
/**
* Add this endpoint to an XML element.
*
* @param DOMElement $parent The element we should append this endpoint to.
* @param string $name The name of the element we should create.
*/
public static function appendXML(DOMElement $parent, $name, $address) {
assert('is_string($name)');
assert('is_string($address)');
class sspmod_adfs_SAML2_XML_fed_Endpoint
{
/**
* Add this endpoint to an XML element.
*
* @param DOMElement $parent The element we should append this endpoint to.
* @param string $name The name of the element we should create.
*/
public static function appendXML(DOMElement $parent, $name, $address)
{
assert('is_string($name)');
assert('is_string($address)');
$e = $parent->ownerDocument->createElement($name);
$parent->appendChild($e);
$e = $parent->ownerDocument->createElement($name);
$parent->appendChild($e);
$endpoint = $parent->ownerDocument->createElement('EndpointReference');
$endpoint->setAttribute('xmlns', 'http://www.w3.org/2005/08/addressing');
$e->appendChild($endpoint);
$endpoint = $parent->ownerDocument->createElement('EndpointReference');
$endpoint->setAttribute('xmlns', 'http://www.w3.org/2005/08/addressing');
$e->appendChild($endpoint);
$address = $parent->ownerDocument->createElement('Address', $address);
$endpoint->appendChild($address);
return $e;
}
$address = $parent->ownerDocument->createElement('Address', $address);
$endpoint->appendChild($address);
return $e;
}
}
modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
+ 48
48
View file @ 133fd05f
......@@ -4,52 +4,52 @@
*
* @package SimpleSAMLphp
*/
class sspmod_adfs_SAML2_XML_fed_SecurityTokenServiceType extends SAML2_XML_md_RoleDescriptor {
/**
* List of supported protocols.
*
* @var array
*/
public $protocolSupportEnumeration = array(sspmod_adfs_SAML2_XML_fed_Const::NS_FED);
/**
* The Location of Services.
*
* @var string
*/
public $Location;
/**
* Initialize a SecurityTokenServiceType element.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL) {
parent::__construct('RoleDescriptor', $xml);
if ($xml === NULL) {
return;
}
}
/**
* Convert this SecurityTokenServiceType RoleDescriptor to XML.
*
* @param DOMElement $parent The element we should add this contact to.
* @return DOMElement The new ContactPerson-element.
*/
public function toXML(DOMElement $parent) {
assert('is_string($this->Location)');
$e = parent::toXML($parent);
$e->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:fed', sspmod_adfs_SAML2_XML_fed_Const::NS_FED);
$e->setAttributeNS(\SAML2\Constants::NS_XSI, 'xsi:type', 'fed:SecurityTokenServiceType');
sspmod_adfs_SAML2_XML_fed_TokenTypesOffered::appendXML($e);
sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'SecurityTokenServiceEndpoint', $this->Location);
sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'fed:PassiveRequestorEndpoint', $this->Location);
return $e;
}
class sspmod_adfs_SAML2_XML_fed_SecurityTokenServiceType extends SAML2_XML_md_RoleDescriptor
{
/**
* List of supported protocols.
*
* @var array
*/
public $protocolSupportEnumeration = array(sspmod_adfs_SAML2_XML_fed_Const::NS_FED);
/**
* The Location of Services.
*
* @var string
*/
public $Location;
/**
* Initialize a SecurityTokenServiceType element.
*
* @param DOMElement|null $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = null)
{
parent::__construct('RoleDescriptor', $xml);
if ($xml === null) {
return;
}
}
/**
* Convert this SecurityTokenServiceType RoleDescriptor to XML.
*
* @param DOMElement $parent The element we should add this contact to.
* @return DOMElement The new ContactPerson-element.
*/
public function toXML(DOMElement $parent)
{
assert('is_string($this->Location)');
$e = parent::toXML($parent);
$e->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:fed', sspmod_adfs_SAML2_XML_fed_Const::NS_FED);
$e->setAttributeNS(\SAML2\Constants::NS_XSI, 'xsi:type', 'fed:SecurityTokenServiceType');
sspmod_adfs_SAML2_XML_fed_TokenTypesOffered::appendXML($e);
sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'SecurityTokenServiceEndpoint', $this->Location);
sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'fed:PassiveRequestorEndpoint', $this->Location);
return $e;
}
}
modules/adfs/lib/SAML2/XML/fed/TokenTypesOffered.php
+ 16
16
View file @ 133fd05f
......@@ -4,22 +4,22 @@
*
* @package SimpleSAMLphp
*/
class sspmod_adfs_SAML2_XML_fed_TokenTypesOffered {
/**
* Add tokentypesoffered to an XML element.
*
* @param DOMElement $parent The element we should append this endpoint to.
*/
public static function appendXML(DOMElement $parent) {
class sspmod_adfs_SAML2_XML_fed_TokenTypesOffered
{
/**
* Add tokentypesoffered to an XML element.
*
* @param DOMElement $parent The element we should append this endpoint to.
*/
public static function appendXML(DOMElement $parent)
{
$e = $parent->ownerDocument->createElementNS(sspmod_adfs_SAML2_XML_fed_Const::NS_FED, 'fed:TokenTypesOffered');
$parent->appendChild($e);
$e = $parent->ownerDocument->createElementNS(sspmod_adfs_SAML2_XML_fed_Const::NS_FED, 'fed:TokenTypesOffered');
$parent->appendChild($e);
$tokentype = $parent->ownerDocument->createElementNS(sspmod_adfs_SAML2_XML_fed_Const::NS_FED, 'fed:TokenType');
$tokentype->setAttribute('Uri', 'urn:oasis:names:tc:SAML:1.0:assertion');
$e->appendChild($tokentype);
return $e;
}
$tokentype = $parent->ownerDocument->createElementNS(sspmod_adfs_SAML2_XML_fed_Const::NS_FED, 'fed:TokenType');
$tokentype->setAttribute('Uri', 'urn:oasis:names:tc:SAML:1.0:assertion');
$e->appendChild($tokentype);
return $e;
}
}
modules/adfs/lib/XMLSecurityDSig.php
+ 7
5
View file @ 133fd05f
......@@ -12,14 +12,16 @@
* @author Daniel Tsosie
* @package SimpleSAMLphp
*/
class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
function __construct($metaxml) {
class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig
{
function __construct($metaxml)
{
$template = '';
if (strpos("\n", $metaxml) === FALSE) {
foreach (explode("\n", self::template) as $line)
if (strpos("\n", $metaxml) === false) {
foreach (explode("\n", self::template) as $line) {
$template .= trim($line);
}
} else {
$template = self::template;
}
......
modules/adfs/www/idp/prp.php
+ 12
12
View file @ 133fd05f
......@@ -13,16 +13,16 @@ $idpEntityId = $metadata->getMetaDataCurrentEntityID('adfs-idp-hosted');
$idp = SimpleSAML_IdP::getById('adfs:' . $idpEntityId);
if (isset($_GET['wa'])) {
if ($_GET['wa'] === 'wsignout1.0') {
sspmod_adfs_IdP_ADFS::receiveLogoutMessage($idp);
} else if ($_GET['wa'] === 'wsignin1.0') {
sspmod_adfs_IdP_ADFS::receiveAuthnRequest($idp);
}
assert('FALSE');
} elseif(isset($_GET['assocId'])) {
// logout response from ADFS SP
$assocId = $_GET['assocId']; // Association ID of the SP that sent the logout response
$relayState = $_GET['relayState']; // Data that was sent in the logout request to the SP. Can be null
$logoutError = NULL; /* NULL on success, or an instance of a SimpleSAML_Error_Exception on failure. */
$idp->handleLogoutResponse($assocId, $relayState, $logoutError);
if ($_GET['wa'] === 'wsignout1.0') {
sspmod_adfs_IdP_ADFS::receiveLogoutMessage($idp);
} else if ($_GET['wa'] === 'wsignin1.0') {
sspmod_adfs_IdP_ADFS::receiveAuthnRequest($idp);
}
assert('false');
} elseif (isset($_GET['assocId'])) {
// logout response from ADFS SP
$assocId = $_GET['assocId']; // Association ID of the SP that sent the logout response
$relayState = $_GET['relayState']; // Data that was sent in the logout request to the SP. Can be null
$logoutError = null; // null on success, or an instance of a SimpleSAML_Error_Exception on failure.
$idp->handleLogoutResponse($assocId, $relayState, $logoutError);
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment