Skip to content
Snippets Groups Projects
Commit 16e591a8 authored by Tim van Dijen's avatar Tim van Dijen
Browse files

PSR-2

parent c4752c3e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/saml/lib/IdP/SAML1.php
+ 122
122
View file @ 16e591a8
...@@ -6,130 +6,130 @@ use SimpleSAML\Bindings\Shib13\HTTPPost; ...@@ -6,130 +6,130 @@ use SimpleSAML\Bindings\Shib13\HTTPPost;
* *
* @package SimpleSAMLphp * @package SimpleSAMLphp
*/ */
class sspmod_saml_IdP_SAML1 { class sspmod_saml_IdP_SAML1
{
/** /**
* Send a response to the SP. * Send a response to the SP.
* *
* @param array $state The authentication state. * @param array $state The authentication state.
*/ */
public static function sendResponse(array $state) { public static function sendResponse(array $state)
assert(isset($state['Attributes'])); {
assert(isset($state['SPMetadata'])); assert(isset($state['Attributes']));
assert(isset($state['saml:shire'])); assert(isset($state['SPMetadata']));
assert(array_key_exists('saml:target', $state)); // Can be NULL assert(isset($state['saml:shire']));
assert(array_key_exists('saml:target', $state)); // Can be NULL
$spMetadata = $state["SPMetadata"];
$spEntityId = $spMetadata['entityid']; $spMetadata = $state["SPMetadata"];
$spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, $spEntityId = $spMetadata['entityid'];
'$metadata[' . var_export($spEntityId, TRUE) . ']'); $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata,
'$metadata[' . var_export($spEntityId, true) . ']');
SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE));
SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, true));
$attributes = $state['Attributes'];
$shire = $state['saml:shire']; $attributes = $state['Attributes'];
$target = $state['saml:target']; $shire = $state['saml:shire'];
$target = $state['saml:target'];
$idp = SimpleSAML_IdP::getByState($state);
$idp = SimpleSAML_IdP::getByState($state);
$idpMetadata = $idp->getConfig();
$idpMetadata = $idp->getConfig();
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$statsData = array(
'spEntityID' => $spEntityId, $statsData = array(
'idpEntityID' => $idpMetadata->getString('entityid'), 'spEntityID' => $spEntityId,
'protocol' => 'saml1', 'idpEntityID' => $idpMetadata->getString('entityid'),
); 'protocol' => 'saml1',
if (isset($state['saml:AuthnRequestReceivedAt'])) { );
$statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt']; if (isset($state['saml:AuthnRequestReceivedAt'])) {
} $statsData['logintime'] = microtime(true) - $state['saml:AuthnRequestReceivedAt'];
SimpleSAML_Stats::log('saml:idp:Response', $statsData); }
SimpleSAML_Stats::log('saml:idp:Response', $statsData);
// Generate and send response.
$ar = new \SimpleSAML\XML\Shib13\AuthnResponse(); // Generate and send response.
$authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes); $ar = new \SimpleSAML\XML\Shib13\AuthnResponse();
$authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);
$httppost = new HTTPPost($config, $metadata);
$httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire); $httppost = new HTTPPost($config, $metadata);
$httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire);
}
/**
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int)$_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
\SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL());
}
}
if (!isset($_REQUEST['providerId'])) {
throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');
}
$spEntityId = (string)$_REQUEST['providerId'];
if (!isset($_REQUEST['shire'])) {
throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');
}
$shire = (string)$_REQUEST['shire'];
if (isset($_REQUEST['target'])) {
$target = $_REQUEST['target'];
} else {
$target = null;
}
SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, true) . '.');
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
$found = false;
foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {
continue;
}
if ($ep['Location'] !== $shire) {
continue;
}
$found = true;
break;
}
if (!$found) {
throw new Exception('Invalid AssertionConsumerService for SP ' .
var_export($spEntityId, true) . ': ' . var_export($shire, true));
} }
SimpleSAML_Stats::log('saml:idp:AuthnRequest', array(
'spEntityID' => $spEntityId,
'protocol' => 'saml1',
));
/** $sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp) {
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int)$_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
\SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL());
}
}
if (!isset($_REQUEST['providerId'])) {
throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');
}
$spEntityId = (string)$_REQUEST['providerId'];
if (!isset($_REQUEST['shire'])) {
throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');
}
$shire = (string)$_REQUEST['shire'];
if (isset($_REQUEST['target'])) {
$target = $_REQUEST['target'];
} else {
$target = NULL;
}
SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.');
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
$found = FALSE;
foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {
continue;
}
if ($ep['Location'] !== $shire) {
continue;
}
$found = TRUE;
break;
}
if (!$found) {
throw new Exception('Invalid AssertionConsumerService for SP ' .
var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));
}
SimpleSAML_Stats::log('saml:idp:AuthnRequest', array(
'spEntityID' => $spEntityId,
'protocol' => 'saml1',
));
$sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(
\SimpleSAML\Utils\HTTP::getSelfURL(), \SimpleSAML\Utils\HTTP::getSelfURL(),
array('cookieTime' => time())); array('cookieTime' => time()));
$state = array( $state = array(
'Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'), 'Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'),
'SPMetadata' => $spMetadata->toArray(), 'SPMetadata' => $spMetadata->toArray(),
SimpleSAML_Auth_State::RESTART => $sessionLostURL, SimpleSAML_Auth_State::RESTART => $sessionLostURL,
'saml:shire' => $shire, 'saml:shire' => $shire,
'saml:target' => $target, 'saml:target' => $target,
'saml:AuthnRequestReceivedAt' => microtime(TRUE), 'saml:AuthnRequestReceivedAt' => microtime(true),
); );
$idp->handleAuthenticationRequest($state); $idp->handleAuthenticationRequest($state);
} }
} }
modules/saml/lib/IdP/SQLNameID.php
+ 173
170
View file @ 16e591a8
...@@ -5,174 +5,177 @@ ...@@ -5,174 +5,177 @@
* *
* @package SimpleSAMLphp * @package SimpleSAMLphp
*/ */
class sspmod_saml_IdP_SQLNameID { class sspmod_saml_IdP_SQLNameID
{
/** /**
* Create NameID table in SQL, if it is missing. * Create NameID table in SQL, if it is missing.
* *
* @param \SimpleSAML\Store\SQL $store The datastore. * @param \SimpleSAML\Store\SQL $store The datastore.
*/ */
private static function createTable(\SimpleSAML\Store\SQL $store) { private static function createTable(\SimpleSAML\Store\SQL $store)
{
if ($store->getTableVersion('saml_PersistentNameID') === 1) { if ($store->getTableVersion('saml_PersistentNameID') === 1) {
return; return;
} }
$query = 'CREATE TABLE ' . $store->prefix . '_saml_PersistentNameID ( $query = 'CREATE TABLE ' . $store->prefix . '_saml_PersistentNameID (
_idp VARCHAR(256) NOT NULL, _idp VARCHAR(256) NOT NULL,
_sp VARCHAR(256) NOT NULL, _sp VARCHAR(256) NOT NULL,
_user VARCHAR(256) NOT NULL, _user VARCHAR(256) NOT NULL,
_value VARCHAR(40) NOT NULL, _value VARCHAR(40) NOT NULL,
UNIQUE (_idp, _sp, _user) UNIQUE (_idp, _sp, _user)
)'; )';
$store->pdo->exec($query); $store->pdo->exec($query);
$query = 'CREATE INDEX ' . $store->prefix . '_saml_PersistentNameID_idp_sp ON ' . $store->prefix . '_saml_PersistentNameID (_idp, _sp)'; $query = 'CREATE INDEX ' . $store->prefix . '_saml_PersistentNameID_idp_sp ON ' . $store->prefix . '_saml_PersistentNameID (_idp, _sp)';
$store->pdo->exec($query); $store->pdo->exec($query);
$store->setTableVersion('saml_PersistentNameID', 1); $store->setTableVersion('saml_PersistentNameID', 1);
} }
/** /**
* Retrieve the SQL datastore. * Retrieve the SQL datastore.
* *
* Will also ensure that the NameID table is present. * Will also ensure that the NameID table is present.
* *
* @return \SimpleSAML\Store\SQL SQL datastore. * @return \SimpleSAML\Store\SQL SQL datastore.
*/ */
private static function getStore() { private static function getStore()
{
$store = \SimpleSAML\Store::getInstance(); $store = \SimpleSAML\Store::getInstance();
if (!($store instanceof \SimpleSAML\Store\SQL)) { if (!($store instanceof \SimpleSAML\Store\SQL)) {
throw new SimpleSAML_Error_Exception('SQL NameID store requires SimpleSAMLphp to be configured with a SQL datastore.'); throw new SimpleSAML_Error_Exception('SQL NameID store requires SimpleSAMLphp to be configured with a SQL datastore.');
} }
self::createTable($store); self::createTable($store);
return $store; return $store;
} }
/** /**
* Add a NameID into the database. * Add a NameID into the database.
* *
* @param \SimpleSAML\Store\SQL $store The data store. * @param \SimpleSAML\Store\SQL $store The data store.
* @param string $idpEntityId The IdP entityID. * @param string $idpEntityId The IdP entityID.
* @param string $spEntityId The SP entityID. * @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username). * @param string $user The user's unique identificator (e.g. username).
* @param string $value The NameID value. * @param string $value The NameID value.
*/ */
public static function add($idpEntityId, $spEntityId, $user, $value) { public static function add($idpEntityId, $spEntityId, $user, $value)
assert(is_string($idpEntityId)); {
assert(is_string($spEntityId)); assert(is_string($idpEntityId));
assert(is_string($user)); assert(is_string($spEntityId));
assert(is_string($value)); assert(is_string($user));
assert(is_string($value));
$store = self::getStore();
$store = self::getStore();
$params = array(
'_idp' => $idpEntityId, $params = array(
'_sp' => $spEntityId, '_idp' => $idpEntityId,
'_user' => $user, '_sp' => $spEntityId,
'_value' => $value, '_user' => $user,
); '_value' => $value,
);
$query = 'INSERT INTO ' . $store->prefix . '_saml_PersistentNameID (_idp, _sp, _user, _value) VALUES(:_idp, :_sp, :_user, :_value)';
$query = $store->pdo->prepare($query); $query = 'INSERT INTO ' . $store->prefix . '_saml_PersistentNameID (_idp, _sp, _user, _value) VALUES(:_idp, :_sp, :_user, :_value)';
$query->execute($params); $query = $store->pdo->prepare($query);
} $query->execute($params);
}
/**
* Retrieve a NameID into from database. /**
* * Retrieve a NameID into from database.
* @param string $idpEntityId The IdP entityID. *
* @param string $spEntityId The SP entityID. * @param string $idpEntityId The IdP entityID.
* @param string $user The user's unique identificator (e.g. username). * @param string $spEntityId The SP entityID.
* @return string|NULL $value The NameID value, or NULL of no NameID value was found. * @param string $user The user's unique identificator (e.g. username).
*/ * @return string|NULL $value The NameID value, or NULL of no NameID value was found.
public static function get($idpEntityId, $spEntityId, $user) { */
assert(is_string($idpEntityId)); public static function get($idpEntityId, $spEntityId, $user)
assert(is_string($spEntityId)); {
assert(is_string($user)); assert(is_string($idpEntityId));
assert(is_string($spEntityId));
$store = self::getStore(); assert(is_string($user));
$params = array( $store = self::getStore();
'_idp' => $idpEntityId,
'_sp' => $spEntityId, $params = array(
'_user' => $user, '_idp' => $idpEntityId,
); '_sp' => $spEntityId,
'_user' => $user,
$query = 'SELECT _value FROM ' . $store->prefix . '_saml_PersistentNameID WHERE _idp = :_idp AND _sp = :_sp AND _user = :_user'; );
$query = $store->pdo->prepare($query);
$query->execute($params); $query = 'SELECT _value FROM ' . $store->prefix . '_saml_PersistentNameID WHERE _idp = :_idp AND _sp = :_sp AND _user = :_user';
$query = $store->pdo->prepare($query);
$row = $query->fetch(PDO::FETCH_ASSOC); $query->execute($params);
if ($row === FALSE) {
// No NameID found $row = $query->fetch(PDO::FETCH_ASSOC);
return NULL; if ($row === false) {
} // No NameID found
return null;
return $row['_value']; }
}
return $row['_value'];
}
/**
* Delete a NameID from the database.
* /**
* @param string $idpEntityId The IdP entityID. * Delete a NameID from the database.
* @param string $spEntityId The SP entityID. *
* @param string $user The user's unique identificator (e.g. username). * @param string $idpEntityId The IdP entityID.
*/ * @param string $spEntityId The SP entityID.
public static function delete($idpEntityId, $spEntityId, $user) { * @param string $user The user's unique identificator (e.g. username).
assert(is_string($idpEntityId)); */
assert(is_string($spEntityId)); public static function delete($idpEntityId, $spEntityId, $user)
assert(is_string($user)); {
assert(is_string($idpEntityId));
$store = self::getStore(); assert(is_string($spEntityId));
assert(is_string($user));
$params = array(
'_idp' => $idpEntityId, $store = self::getStore();
'_sp' => $spEntityId,
'_user' => $user, $params = array(
); '_idp' => $idpEntityId,
'_sp' => $spEntityId,
$query = 'DELETE FROM ' . $store->prefix . '_saml_PersistentNameID WHERE _idp = :_idp AND _sp = :_sp AND _user = :_user'; '_user' => $user,
$query = $store->pdo->prepare($query); );
$query->execute($params);
} $query = 'DELETE FROM ' . $store->prefix . '_saml_PersistentNameID WHERE _idp = :_idp AND _sp = :_sp AND _user = :_user';
$query = $store->pdo->prepare($query);
$query->execute($params);
/** }
* Retrieve all federated identities for an IdP-SP pair.
*
* @param string $idpEntityId The IdP entityID. /**
* @param string $spEntityId The SP entityID. * Retrieve all federated identities for an IdP-SP pair.
* @return array Array of userid => NameID. *
*/ * @param string $idpEntityId The IdP entityID.
public static function getIdentities($idpEntityId, $spEntityId) { * @param string $spEntityId The SP entityID.
assert(is_string($idpEntityId)); * @return array Array of userid => NameID.
assert(is_string($spEntityId)); */
public static function getIdentities($idpEntityId, $spEntityId)
$store = self::getStore(); {
assert(is_string($idpEntityId));
$params = array( assert(is_string($spEntityId));
'_idp' => $idpEntityId,
'_sp' => $spEntityId, $store = self::getStore();
);
$params = array(
$query = 'SELECT _user, _value FROM ' . $store->prefix . '_saml_PersistentNameID WHERE _idp = :_idp AND _sp = :_sp'; '_idp' => $idpEntityId,
$query = $store->pdo->prepare($query); '_sp' => $spEntityId,
$query->execute($params); );
$res = array(); $query = 'SELECT _user, _value FROM ' . $store->prefix . '_saml_PersistentNameID WHERE _idp = :_idp AND _sp = :_sp';
while ( ($row = $query->fetch(PDO::FETCH_ASSOC)) !== FALSE) { $query = $store->pdo->prepare($query);
$res[$row['_user']] = $row['_value']; $query->execute($params);
}
$res = array();
return $res; while (($row = $query->fetch(PDO::FETCH_ASSOC)) !== false) {
} $res[$row['_user']] = $row['_value'];
}
return $res;
}
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment