Scope parsing in metadata for SAML 2.0 IdPs

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1206 44740490-163a-0410-bde0-09ae8108e29a

Scope parsing in metadata for SAML 2.0 IdPs
1694905b · Andreas Åkre Solberg · 6128084e · 1694905b · 1694905b
Commit 1694905b authored 16 years ago by Andreas Åkre Solberg
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -681,7 +681,10 @@ class SimpleSAML_Metadata_SAMLParser {
 		if (array_key_exists('expire', $idp)) {
 			$ret['expire'] = $idp['expire'];
 		}
-
+		
+		if (array_key_exists('scopes', $idp))
+			$ret['scopes'] = $idp['scopes'];
+		

 		/* Enable redirect.sign if WantAuthnRequestsSigned is enabled. */
 		if ($idp['wantAuthnRequestsSigned']) {
@@ -769,6 +772,7 @@ class SimpleSAML_Metadata_SAMLParser {
 		}

 		$sd['protocols'] = self::getSupportedProtocols($element);
+		

 		/* Find all SingleLogoutService elements. */
 		$sd['singleLogoutServices'] = array();
@@ -836,6 +840,13 @@ class SimpleSAML_Metadata_SAMLParser {
 		assert('is_null($expireTime) || is_int($expireTime)');

 		$idp = self::parseSSODescriptor($element, $expireTime);
+		
+		$extensions = SimpleSAML_Utilities::getDOMChildren($element, 'Extensions', '@md');
+		if (!empty($extensions)) 
+			$this->processExtensions($extensions[0]);
+
+		if (!empty($this->scopes)) $idp['scopes'] = $this->scopes;
+		

 		/* Find all SingleSignOnService elements. */
 		$idp['singleSignOnServices'] = array();
@@ -861,7 +872,8 @@ class SimpleSAML_Metadata_SAMLParser {
 	 */
 	private function processExtensions($element) {
 		assert('$element instanceof DOMElement');
-
+		
+		
 		for($i = 0; $i < $element->childNodes->length; $i++) {
 			$child = $element->childNodes->item($i);


--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -33,15 +33,16 @@ class sspmod_metarefresh_MetaLoader {
 	public function loadSource($source) {

 		$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile($source['src']);
-	
+		$ca = NULL;
 		foreach($entities as $entity) {
-			if($source['validateFingerprint'] !== NULL) {
+			if(array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== NULL) {
 				if(!$entity->validateFingerprint($source['validateFingerprint'])) {
 					SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n");
 					continue;
 				}
 			}
 	
+			// TODO: $ca is always null
 			if($ca !== NULL) {
 				if(!$entity->validateCA($ca)) {
 					SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify certificate.' . "\n");