diff --git a/dictionaries/error_CACHEAUTHNREQUEST.php b/dictionaries/error_CACHEAUTHNREQUEST.php
new file mode 100644
index 0000000000000000000000000000000000000000..00a7b3fde1acdc3c3bc02796b463d4c0a1210a23
--- /dev/null
+++ b/dictionaries/error_CACHEAUTHNREQUEST.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error making single sign-on to service',
+ 'descr' => 'You can authenticated and are ready to be sent back to the service that requested authentication, but we could not find your cached authentication request. The request is only cached for a limited amount of time. If you leaved your browser open for hours before entering your username and password, this could be one possible explaination. If this could be the case in your situation, try to go back to the service you want to access, and start a new login process. If this issue continues, please report the problem.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_CREATEREQUEST.php b/dictionaries/error_CREATEREQUEST.php
new file mode 100644
index 0000000000000000000000000000000000000000..fccbba9481bd37b895146f0bbe3d4184f8e7d95f
--- /dev/null
+++ b/dictionaries/error_CREATEREQUEST.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error creating AuthNRequest',
+ 'descr' => 'An error occured when trying to create the authentication request.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_DISCOPARAMS.php b/dictionaries/error_DISCOPARAMS.php
new file mode 100644
index 0000000000000000000000000000000000000000..2c714f2586bf07adaf38043293f7cbb0bf6548cc
--- /dev/null
+++ b/dictionaries/error_DISCOPARAMS.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Bad request to discovery service',
+ 'descr' => 'The parameters sent to the discovery service were not following the specification.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_GENERATEAUTHNRESPONSE.php b/dictionaries/error_GENERATEAUTHNRESPONSE.php
new file mode 100644
index 0000000000000000000000000000000000000000..365459c2a2ad01de2c564e66f3ca64d6376066dc
--- /dev/null
+++ b/dictionaries/error_GENERATEAUTHNRESPONSE.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Could not create authentication response',
+ 'descr' => 'When this identity provider tried to create an authentication response, an error occured.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_LDAPERROR.php b/dictionaries/error_LDAPERROR.php
new file mode 100644
index 0000000000000000000000000000000000000000..28d36170dbd26c9bde33ef7b5d8808405735f9b1
--- /dev/null
+++ b/dictionaries/error_LDAPERROR.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'LDAP Error',
+ 'descr' => 'LDAP is the user database, and when you try to login, we need to contact an LDAP database. When we tried it this time an error occured.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_LOGOUTREQUEST.php b/dictionaries/error_LOGOUTREQUEST.php
new file mode 100644
index 0000000000000000000000000000000000000000..69ad2f52d6fc24c688521033b21adb6e049a2609
--- /dev/null
+++ b/dictionaries/error_LOGOUTREQUEST.php
@@ -0,0 +1,9 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error processing Logout Request',
+ 'descr' => 'An error occured when trying to process the Logout Request.'
+
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_LOGOUTRESPONSE.php b/dictionaries/error_LOGOUTRESPONSE.php
new file mode 100644
index 0000000000000000000000000000000000000000..1ae382aecc9c768c1159cb9c3c758fff4c28cbb5
--- /dev/null
+++ b/dictionaries/error_LOGOUTRESPONSE.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error processing Logout Response',
+ 'descr' => 'An error occured when trying to process the Logout Response.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_METADATA.php b/dictionaries/error_METADATA.php
new file mode 100644
index 0000000000000000000000000000000000000000..beac8c36af43d5c77383cc3e5f40e5cc12595f39
--- /dev/null
+++ b/dictionaries/error_METADATA.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error loading metadata',
+ 'descr' => 'There is some misconfiguration of your simpleSAMLphp installation. If you are the administrator of this service, you should make sure your metadata configuration is correctly setup.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_NORELAYSTATE.php b/dictionaries/error_NORELAYSTATE.php
new file mode 100644
index 0000000000000000000000000000000000000000..01f5786fe8335d244bcb505573d1bf7a1a21456e
--- /dev/null
+++ b/dictionaries/error_NORELAYSTATE.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'No RelayState',
+ 'descr' => 'The initiator of this request did not provide an RelayState parameter, that tells where to go next.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_NOSESSION.php b/dictionaries/error_NOSESSION.php
new file mode 100644
index 0000000000000000000000000000000000000000..cdb51dae33f1feb027ee09e78a7b3ff31db50b57
--- /dev/null
+++ b/dictionaries/error_NOSESSION.php
@@ -0,0 +1,12 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'No session found',
+ 'descr' => 'Unfortuneately we could not get your session. This could be because your browser do not support cookies, or cookies is disabled.'
+ ),
+ 'no' => array(
+ 'title' => 'Kunne ikke etablere sesjon',
+ 'descr' => 'Desverre kunne vi ikke etablere en sesjon for deg. Dette kan skyldes at din nettleser ikke støtter cookies, eller at cookies er slått av.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_PROCESSASSERTION.php b/dictionaries/error_PROCESSASSERTION.php
new file mode 100644
index 0000000000000000000000000000000000000000..486605e906209f3931550d557037875feb499e55
--- /dev/null
+++ b/dictionaries/error_PROCESSASSERTION.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error processing response from IdP',
+ 'descr' => 'We did not accept the response sent from the Identity Provider.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_PROCESSAUTHNREQUEST.php b/dictionaries/error_PROCESSAUTHNREQUEST.php
new file mode 100644
index 0000000000000000000000000000000000000000..f0866cb55f5f5bfe1e816fbd33ab4870fc000463
--- /dev/null
+++ b/dictionaries/error_PROCESSAUTHNREQUEST.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error processing request from Service Provider',
+ 'descr' => 'This IdP received an authentication request from a service provider, but an error occured when trying to process the request.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_SSOSERVICEPARAMS.php b/dictionaries/error_SSOSERVICEPARAMS.php
new file mode 100644
index 0000000000000000000000000000000000000000..cdf0717416eec09362f642b514023a29b3a2cfad
--- /dev/null
+++ b/dictionaries/error_SSOSERVICEPARAMS.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Wrong parameters provided',
+ 'descr' => 'You must either provide a SAML Request message or a RequestID on this interface.'
+ )
+);
\ No newline at end of file
diff --git a/extra/receiveinfo.php b/extra/receiveinfo.php
new file mode 100644
index 0000000000000000000000000000000000000000..9a881a16707121c1ab4ac5c169dc230850a0c4bf
--- /dev/null
+++ b/extra/receiveinfo.php
@@ -0,0 +1,62 @@
+/**
+ * Copy and paste this file into a page in your drupal installation, or similar CMS system.
+ * Make sure the Input mode in your new page is PHP Mode.
+ *
+ * Then when you click save, notice the URL of your new page. This URL should be entered in the
+ * config.php of your simpleSAMLphp installation.
+ *
+ */
+
+<p>Thanks for sending information to us from simpleSAMLphp.</p>
+
+
+<?php
+
+#$to = 'andreas.solberg@uninett.no, moria-support@uninett.no';
+$to = 'andreas.solberg@uninett.no';
+
+if (isset($_POST['action'])) {
+
+
+
+ $to = 'andreas.solberg@uninett.no';
+ $from = (isset($_POST['email']) ? $_POST['email'] : 'Anonymous <simplesamlphp@example.org>');
+ $headers = 'From: ' . $from . "\r\n" . 'X-Mailer: PHP/' . phpversion();
+
+ if ($_POST['action'] == 'metadata') {
+
+ echo '<p>We have received your metadata.';
+ $subject = 'SAML 2.0 Metadata from '. $_POST['email'];
+ $message = 'Someone just used simpleSAMLphp to send metadata to Feide. Here is the metadata: ' . "\r\n\r\n------- BEGIN SAML 2.0 METADATA ----------\r\n" .
+ html_entity_decode(base64_decode(urldecode($_POST['metadata']))) . "\r\n------- END SAML 2.0 METADATA ----------\r\n\r\nDefault IdP: " . $_POST['defaultidp'] . "\r\nSent by simpleSAMLphp :)";
+
+} elseif($_POST['action'] == 'error') {
+
+ echo '<p>We have received your error report.';
+
+ $subject = 'Error report from '. $_POST['email'];
+ $message = 'Someone just used simpleSAMLphp to send an error message to Feide. Here is the exception:
+------------------
+Exception message: ' . html_entity_decode(base64_decode(urldecode($_POST['exceptionmsg']))) . '
+------------------
+Exception stacktrace:
+' . html_entity_decode(base64_decode(urldecode($_POST['exceptiontrace']))) . '
+------------------
+Description from user:
+' . $_POST['text'] . '
+
+TrackID [' . $_POST['trackid'] . ']
+
+simpleSAMLphp version: ' . $_POST['version'] . '
+Technical contact at server: ' . $_POST['techemail'] . '
+
+Sent using simpleSAMLphp';
+
+}
+
+
+mail($to, $subject, $message, $headers);
+}
+
+?>
+
diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php
index e1bea16b6e76d9540baf5764be03745c8e6d8b55..9336ac43e74e10e0b6fabfaa50ded8b1d186762b 100644
--- a/lib/SimpleSAML/Logger.php
+++ b/lib/SimpleSAML/Logger.php
@@ -30,11 +30,14 @@ class SimpleSAML_Logger {
* Log a message to syslog.
*/
public function log($priority, $trackid = null, $module, $submodule, $eventtype, $content, $message) {
- if ($priority < $this->loglevel) return;
-
+ error_log('This entry is ' . $priority . ' and configuration says minimum ' . $this->loglevel);
+ error_log('LOG_ERR is ' . LOG_ERR . ' and LOGINFO is ' . LOG_INFO);
+ if ($priority > $this->loglevel) return;
+ error_log('Log2');
if ($trackid == null) {
- $session = SimpleSAML_Session::getInstance(true);
- $trackid = $session->getTrackID();
+ $trackid = 'na';
+ //$session = SimpleSAML_Session::getInstance(true);
+ //$trackid = $session->getTrackID();
}
$contentstring = '';
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index e177b4b642c45f88f999d30acb15ca3e3a836ace..822a97ddd96708ef6d49ea3e8b294680ecc8d4ca 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -2,6 +2,7 @@
require_once('SimpleSAML/Configuration.php');
require_once('SimpleSAML/XHTML/Template.php');
+require_once('SimpleSAML/Logger.php');
/**
* Misc static functions that is used several places.in example parsing and id generation.
@@ -268,22 +269,46 @@ class SimpleSAML_Utilities {
}
- /* This function logs a error message to the error log and shows the
+ /**
+ * This function logs a error message to the error log and shows the
* message to the user. Script execution terminates afterwards.
*
- * Parameters:
- * $title Short title for the error message.
- * $message The error message.
+ * @param $title Short title for the error message.
+ * @param $message The error message.
*/
- public static function fatalError($title, $message) {
- error_log($title . ': ' . $message);
-
+ public static function fatalError($trackid = 'na', $errorcode = null, Exception $e = null, $level = LOG_ERR) {
+
$config = SimpleSAML_Configuration::getInstance();
- $t = new SimpleSAML_XHTML_Template($config, 'error.php');
- $t->data['header'] = $title;
- $t->data['message'] = $message;
+
+ // Get the exception message if there is any exception provided.
+ $emsg = (empty($e) ? 'No exception available' : $e->getMessage());
+ $etrace = (empty($e) ? 'No exception available' : $e->getTraceAsString());
+
+ // Log a error message
+ $logger = new SimpleSAML_Logger();
+ $logger->log($level, $trackid, $_SERVER['PHP_SELF'], '-', 'UserError', (!empty($errorcode) ? $errorcode : 'na'),
+ urlencode($emsg) );
+
+ $languagefile = null;
+ if (isset($errorcode)) $languagefile = 'error_' . $errorcode . '.php';
+
+ // Initialize a template
+ $t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile);
+
+
+ $t->data['showerrors'] = $config->getValue('showerrors', true);
+ $t->data['errorreportaddress'] = $config->getValue('errorreportaddress', null);
+
+ $t->data['exceptionmsg'] = $emsg;
+ $t->data['exceptiontrace'] = $etrace;
+
+ $t->data['trackid'] = $trackid;
+
+ $t->data['version'] = $config->getValue('version', 'na');
+ $t->data['email'] = $config->getValue('technicalcontact_email', 'na');
+
$t->show();
-
+
exit;
}
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index bb50bd7e052997371ff5285f001db3788d8810d8..a13ed17187d6abff179bfa0fe87e153935ccd947 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -1,7 +1,8 @@
<?php
require_once('SimpleSAML/Configuration.php');
-
+require_once('SimpleSAML/Logger.php');
+
/**
* A minimalistic XHTML PHP based template system implemented for simpleSAMLphp.
*
@@ -15,36 +16,42 @@ class SimpleSAML_XHTML_Template {
private $template = 'default.php';
private $language = null;
+ private $langtext = null;
+
public $data = null;
- function __construct(SimpleSAML_Configuration $configuration, $template) {
+ function __construct(SimpleSAML_Configuration $configuration, $template, $languagefile = null) {
$this->configuration = $configuration;
$this->template = $template;
$this->data['baseurlpath'] = $this->configuration->getValue('baseurlpath');
+
+ if (!empty($languagefile)) $this->includeLanguageFile($languagefile);
}
public function setLanguage($language) {
$this->language = $language;
- setcookie('language', $language);
+ // setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] )
+ // time()+60*60*24*900 expires 900 days from now.
+ setcookie('language', $language, time()+60*60*24*900);
}
public function getLanguage() {
-
+
+ // Language is set in object
if (isset($this->language)) {
-
return $this->language;
-
+
+ // Language is provided in query string
} else if (isset($_GET['language'])) {
-
$this->setLanguage($_GET['language']);
-
+
+ // Language is provided in a stored COOKIE
} else if (isset($_COOKIE['language'])) {
-
$this->language = $_COOKIE['language'];
+ // Language is not set, and we get the default language from the configuration.
} else {
-
return $this->configuration->getValue('language.default');
}
@@ -71,33 +78,67 @@ class SimpleSAML_XHTML_Template {
private function includeAtLanguageBase($file) {
$data = $this->data;
$filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' ;
+
+ if (!file_exists($filebase . $file)) {
+ $filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') .
+ $this->configuration->getValue('language.default') . '/';
+
+
+ if (!file_exists($filebase . $file) ) {
+ $logger = new SimpleSAML_Logger();
+ $logger->log(LOG_ERR, null, $_SERVER['PHP_SELF'], '-', 'Template', 'CannotFindFile',
+ 'Could not find template file [' . $this->template . '] at [' . $filename . ']');
+ return;
+ }
+ }
include($filebase . $file);
}
+
+ private function includeLanguageFile($file) {
+ $data = $this->data;
+ $filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('dictionarydir');
+
+ if (!file_exists($filebase . $file)) {
+ $logger = new SimpleSAML_Logger();
+ $logger->log(LOG_ERR, null, $_SERVER['PHP_SELF'], '-', 'Template', 'CannotFindFile',
+ 'Could not find template file [' . $this->template . '] at [' . $filebase . $file . ']');
+ return;
+ }
+ include($filebase . $file);
+ if (isset($lang)) {
+
+ if (array_key_exists($this->getLanguage(), $lang) ) {
+ foreach ($lang[$this->getLanguage()] AS $key => $text) {
+ $this->data[$key] = $text;
+ }
+ } elseif (array_key_exists($this->configuration->getValue('language.default', 'en'), $lang) ) {
+ foreach ($lang[$this->configuration->getValue('language.default')] AS $key => $text) {
+ $this->data[$key] = $text;
+ }
+ }
+ }
+ }
public function show() {
$data = $this->data;
$filename = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' .
$this->template;
-
-
-
+
if (!file_exists($filename)) {
-
-// echo 'Could not find template file [' . $this->template . '] at [' . $filename . ']';
-// exit(0);
-
+
$filename = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') .
$this->configuration->getValue('language.default') . '/' . $this->template;
-
if (!file_exists($filename)) {
- echo 'Could not find template file [' . $this->template . '] at [' . $filename . ']';
+ $logger = new SimpleSAML_Logger();
+ $logger->log(LOG_ERR, null, $_SERVER['PHP_SELF'], '-', 'Template', 'CannotFindFile',
+ 'Could not find template file [' . $this->template . '] at [' . $filename . ']');
+
+ echo 'Fatal error: Could not find template file [' . $this->template . '] at [' . $filename . ']';
exit(0);
- throw new Exception('Could not find template file [' . $this->template . '] at [' . $filename . ']');
}
-
}
require_once($filename);
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index dabd787f0e043e0912c1812bf66d813b13b07b45..c7ffb9b19739c25cb81e6b0975ab9a299bd5bab0 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -13,6 +13,7 @@ require_once('xmlseclibs.php');
* An SAML 2.0 Authentication Response
*
* @author Andreas Ă…kre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @author Olav Morken, UNINETT AS
* @package simpleSAMLphp
* @version $Id$
*/
diff --git a/templates/default/en/error.php b/templates/default/en/error.php
index 4e32e0a64466c736fc3c3578b544ff4c17b39d51..4aea13acb4df3b19c796d97e0a88b7348c8851eb 100644
--- a/templates/default/en/error.php
+++ b/templates/default/en/error.php
@@ -1,36 +1,70 @@
-<?php $this->includeAtTemplateBase('includes/header.php'); ?>
+<?php
+ $this->data['header'] = 'simpleSAMLphp error';
+ $this->includeAtTemplateBase('includes/header.php');
+?>
<div id="content">
+ <h2><?php echo (isset($this->data['title']) ? $this->data['title'] : 'simpleSAMLphp error'); ?></h2>
+
+ <p><?php echo $this->data['descr']; ?></p>
+ <div class="trackidtext">
+ If you report this error the track ID makes it possible to track your session in the logs available to the system adinistrator:
+ <span class="trackid"><?php echo $this->data['trackid']; ?><span>
-
- <h2><?php if (isset($data['header'])) { echo $data['header']; } else { echo "Some error occured"; } ?></h2>
+ </div>
- <p>
-
- <?php echo $data['message']; ?>
-
- </p>
<?php
/* Print out exception only if the exception is available. */
-if (array_key_exists('e', $data)) {
+if ($this->data['showerrors']) {
?>
-
+ <h2>Debug information</h2>
<p>The debug information below may be interesting for the administrator / help desk:</p>
<div style="border: 1px solid #eee; padding: 1em; font-size: x-small">
- <p style="margin: 1px"><?php echo htmlentities($data['e']->getMessage()); ?></p>
+ <p style="margin: 1px"><?php echo htmlentities($this->data['exceptionmsg']); ?></p>
<div style=" padding: 1em; font-family: monospace; ">
- <?php echo htmlentities($data['e']->getTraceAsString()); ?>
+ <?php echo htmlentities($this->data['exceptiontrace']); ?>
</div>
</div>
<?php
}
?>
+
+<?php
+/* Print out exception only if the exception is available. */
+if (!empty($this->data['errorreportaddress'])) {
+?>
+
+ <h2>Report errors</h2>
+ <form action="<?php echo $this->data['errorreportaddress']; ?>" method="post">
+
+ <p>Optionally enter your email address, for the administrators to be able contact you for further questions about your issue: </p>
+ <p>E-mail address: <input type="text" size="25" name="email" value="" />
+
+ <p>
+ <textarea style="width: 300px; height: 100px" name="text">Explain what you did to get this error...</textarea>
+ </p></p>
+ <input type="hidden" name="action" value="error" />
+ <input type="hidden" name="techemail" value="<?php echo $this->data['email']; ?>" />
+ <input type="hidden" name="version" value="<?php echo $this->data['version']; ?>" />
+ <input type="hidden" name="trackid" value="<?php echo $this->data['trackid']; ?>" />
+ <input type="hidden" name="exceptionmsg" value="<?php echo urlencode(base64_encode($this->data['exceptionmsg'])); ?>" />
+ <input type="hidden" name="exceptiontrace" value="<?php echo urlencode(base64_encode($this->data['exceptiontrace'])); ?>" />
+
+ <input type="submit" name="send" value="Send error report" />
+ </p>
+ </form>
+<?php
+}
+?>
+
+
+
<h2 style="clear: both">How to get help</h2>
diff --git a/templates/default/en/metadata.php b/templates/default/en/metadata.php
index 7559cd6468ac86fab586632392951d789483c280..cfecf08037d64d08d1da8434b418d7632f9e9617 100644
--- a/templates/default/en/metadata.php
+++ b/templates/default/en/metadata.php
@@ -15,14 +15,12 @@
<pre style="overflow: scroll; border: 1px solid #eee; padding: 2px"><?php echo $data['metadata']; ?></pre>
- <?php if($data['feide']) { ?>
+ <?php if(array_key_exists('sendmetadatato', $this->data) { ?>
<div style="border: 1px solid #444; margin: 2em; padding: 1em; background: #eee">
- <img src="http://clippings.erlang.no/ZZ076BD170.jpg" style="float: right; " />
-
- <h2>Send your metadata to Feide</h2>
+ <h2>Send your metadata to <?php $this->data['federationname']; ?></h2>
<p>simpleSAMLphp has detected that you have configured Feide as your default IdP.</p>
@@ -30,15 +28,17 @@
contact Feide to add you as a new service, you will be asked to send your metadata. Here you can easily send
the metadata to Feide by clicking the button below.</p>
- <form action="http://rnd.feide.no/post-metadata/index.php" method="post">
+ <form action="<?php $this->data['sendmetadatato']; ?>" method="post">
<p>Feide needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
<input type="text" size="25" name="email" value="" />
</p>
<input type="hidden" name="metadata" value="<?php echo urlencode(base64_encode($data['metadata'])); ?>" />
+ <input type="hidden" name="techemail" value="<?php echo $_POST['techemail']; ?>" />
+ <input type="hidden" name="version" value="<?php echo $_POST['version']; ?>" />
<input type="hidden" name="defaultidp" value="<?php echo htmlspecialchars($data['defaultidp']); ?>" />
- <input type="submit" name="send" value="Send my metadata to Feide" />
+ <input type="submit" name="send" value="Send my metadata to <?php $this->data['federationname']; ?>" />
</form>
diff --git a/templates/default/includes/header.php b/templates/default/includes/header.php
index a6347b6bab4d4a81ad7b948ffee08b6b037348a1..82ae5abe680a2596bc55915ac7ed244da7bf8c27 100644
--- a/templates/default/includes/header.php
+++ b/templates/default/includes/header.php
@@ -16,7 +16,7 @@ if(array_key_exists('header', $data)) {
<body>
<div id="wrap">
-
+
<div id="header">
<h1><a style="text-decoration: none; color: white" href="/<?php echo $data['baseurlpath']; ?>"><?php
echo (isset($data['header']) ? $data['header'] : 'simpleSAMLphp');
diff --git a/www/auth/login-auto.php b/www/auth/login-auto.php
index fb49849652fbf36dfaeddfdb8a4367f7e7b3b499..b2188e2d2563de7ee18c0eec841c6183276a4079 100644
--- a/www/auth/login-auto.php
+++ b/www/auth/login-auto.php
@@ -33,24 +33,12 @@ $delay_login = (int)$config->getValue('auth.auto.delay_login');
/* Verify that this authentication handler is enabled. */
if(!$enable) {
- SimpleSAML_Utilities::fatalError(
- 'login-auto not enabled',
- 'You attempted to use the login-auto authentication handler,' .
- ' but this handler isn\'t enabled in the configuration. If' .
- ' you want to enable this authentication handler, set' .
- ' \'auth.auto.enable\' to true.'
- );
+ throw new Exception('login-auto not enabled: You attempted to use the login-auto authentication handler, but this handler isn\'t enabled in the configuration. If you want to enable this authentication handler, set \'auth.auto.enable\' to true.');
}
/* Verify that the 'auth.auto.attributes' option is configured. */
if(!is_array($attributes)) {
- SimpleSAML_Utilities::fatalError(
- 'login-auto not configured',
- 'The login-auto authentication handler is enabled, but no' .
- ' attributes are configured. Please set' .
- ' \'auth.auto.attributes\' to the attributes you want to' .
- ' give users.'
- );
+ throw new Exception('login-auto not configured: The login-auto authentication handler is enabled, but no attributes are configured. Please set \'auth.auto.attributes\' to the attributes you want to give users.');
}
@@ -75,12 +63,9 @@ usleep($delay_login * 1000);
/* Load the session of the current user. */
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getInstance(true);
if($session == NULL) {
- SimpleSAML_Utilities::fatalError(
- 'Missing session',
- 'No session was found. Are cookies disabled?'
- );
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOSESSION');
}
/* Set the user as authenticated and add the attributes from the
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index 6e63a68207096ed01fd175fde2eb57633b826bb4..a3ceb29d026a8bfa3c3a38d2fc5120a56e1462d3 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -23,79 +23,91 @@ $logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'ldap-multi', 'EVENT', 'A
$error = null;
$attributes = array();
-
-if (isset($_POST['username'])) {
- $ldapconfig = $ldapmulti[$_POST['org']];
-
-
+/* Load the RelayState argument. The RelayState argument contains the address
+ * we should redirect the user to after a successful authentication.
+ */
+if (!array_key_exists('RelayState', $_REQUEST)) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
+}
- $dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
- $pwd = $_POST['password'];
+if (isset($_POST['username'])) {
- $ds = ldap_connect($ldapconfig['hostname']);
+ try {
- if ($ds) {
+ $ldapconfig = $ldapmulti[$_POST['org']];
+
+
- if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+ $dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
+ $pwd = $_POST['password'];
+
+ $ds = ldap_connect($ldapconfig['hostname']);
+
+ if ($ds) {
- $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
+ if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
- echo "Failed to set LDAP Protocol version to 3";
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
+
+ $error = "Failed to set LDAP Protocol version to 3";
+ }
+ /*
+ if (!ldap_start_tls($ds)) {
+ echo "Failed to start TLS";
exit;
- }
- /*
- if (!ldap_start_tls($ds)) {
- echo "Failed to start TLS";
- exit;
- }
- */
- if (!ldap_bind($ds, $dn, $pwd)) {
- $error = 'Bind failed, wrong username or password.' .
- ' Tried with DN=[' . $dn . '] DNPattern=[' .
- $ldapconfig['dnpattern'] . '] Error=[' .
- ldap_error($ds) . "] ErrNo=[" .
- ldap_errno($ds) . "]";
-
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'Fail', $_POST['username'], $_POST['username'] . ' failed to authenticate');
-
- } else {
- $sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
- $ldapentries = ldap_get_entries($ds, $sr);
-
-
- for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
- $values = array();
- if ($ldapentries[0][$i] == 'jpegphoto') continue;
- for ($j = 0; $j < $ldapentries[0][$ldapentries[0][$i]]['count']; $j++) {
- $values[] = $ldapentries[0][$ldapentries[0][$i]][$j];
+ }
+ */
+ if (!ldap_bind($ds, $dn, $pwd)) {
+ $error = 'Bind failed, wrong username or password.' .
+ ' Tried with DN=[' . $dn . '] DNPattern=[' .
+ $ldapconfig['dnpattern'] . '] Error=[' .
+ ldap_error($ds) . "] ErrNo=[" .
+ ldap_errno($ds) . "]";
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'Fail', $_POST['username'], $_POST['username'] . ' failed to authenticate');
+
+ } else {
+ $sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
+ $ldapentries = ldap_get_entries($ds, $sr);
+
+
+ for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
+ $values = array();
+ if ($ldapentries[0][$i] == 'jpegphoto') continue;
+ for ($j = 0; $j < $ldapentries[0][$ldapentries[0][$i]]['count']; $j++) {
+ $values[] = $ldapentries[0][$ldapentries[0][$i]][$j];
+ }
+
+ $attributes[$ldapentries[0][$i]] = $values;
}
+
+ // generelt ldap_next_entry for flere, men bare ett her
+ //print_r($ldapentries);
+ //print_r($attributes);
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
- $attributes[$ldapentries[0][$i]] = $values;
+
+ $session->setAuthenticated(true, 'login-ldapmulti');
+ $session->setAttributes($attributes);
+
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
+
+ $returnto = $_REQUEST['RelayState'];
+ SimpleSAML_Utilities::redirect($returnto);
+
}
-
- // generelt ldap_next_entry for flere, men bare ett her
- //print_r($ldapentries);
- //print_r($attributes);
-
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
-
-
- $session->setAuthenticated(true, 'login-ldapmulti');
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
- $returnto = $_REQUEST['RelayState'];
- SimpleSAML_Utilities::redirect($returnto);
-
+ // ldap_close() om du vil, men frigjoeres naar skriptet slutter
}
- // ldap_close() om du vil, men frigjoeres naar skriptet slutter
- }
-
+ } catch (Exception $e) {
+
+ $error = $e->getMessage();
+
+ }
}
diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php
index 1f50f32d42ae6f392e4b3322b523e9fcc3376eff..a36eca74aa6061c91fee7eaab3e5331ff2e31384 100644
--- a/www/auth/login-radius.php
+++ b/www/auth/login-radius.php
@@ -17,7 +17,14 @@ $logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'radius', 'EVENT', 'Acces
$error = null;
$attributes = array();
-
+
+/* Load the RelayState argument. The RelayState argument contains the address
+ * we should redirect the user to after a successful authentication.
+ */
+if (!array_key_exists('RelayState', $_REQUEST)) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
+}
+
if (isset($_POST['username'])) {
diff --git a/www/auth/login.php b/www/auth/login.php
index f79792673ca792380e033f5ed4e1aa5ba8340a18..ee09d764288618075c4798058a00cc77c9236620 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -14,7 +14,7 @@ require_once('SimpleSAML/Logger.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getInstance(true);
$logger = new SimpleSAML_Logger();
$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'ldap', 'EVENT', 'Access', 'Accessing auth endpoint login');
@@ -28,10 +28,7 @@ $username = null;
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
- SimpleSAML_Utilities::fatalError(
- 'Invalid access of LDAP login page',
- 'Missing RelayState argument to LDAP authenticator.'
- );
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
$relaystate = $_REQUEST['RelayState'];
@@ -39,119 +36,121 @@ $relaystate = $_REQUEST['RelayState'];
if (isset($_POST['username'])) {
- /* Validate and sanitize form data. */
- /* First, make sure that the password field is included. */
- if (!array_key_exists('password', $_POST)) {
- SimpleSAML_Utilities::fatalError(
- 'Invalid access of LDAP login page',
- 'Invalid form data posted to login form. Missing' .
- ' required password form field.'
- );
- }
-
- $username = $_POST['username'];
- $password = $_POST['password'];
-
- /* Escape any characters with a special meaning in LDAP. The following
- * characters have a special meaning (according to RFC 2253):
- * ',', '+', '"', '\', '<', '>', ';', '*'
- * These characters are escaped by prefixing them with '\'.
- */
- $ldapusername = addcslashes($username, ',+"\\<>;*');
-
- /* Insert the LDAP username into the pattern configured in the
- * 'auth.ldap.dnpattern' option.
- */
- $dn = str_replace('%username%', $ldapusername,
- $config->getValue('auth.ldap.dnpattern'));
-
- /* Connect to the LDAP server. */
- $ds = ldap_connect($config->getValue('auth.ldap.hostname'));
+ try {
- if ($ds) {
+ /* Validate and sanitize form data. */
- if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
-
- $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
-
- echo "Failed to set LDAP Protocol version to 3";
- exit;
- }
- /*
- if (!ldap_start_tls($ds)) {
- echo "Failed to start TLS";
- exit;
+ /* First, make sure that the password field is included. */
+ if (!array_key_exists('password', $_POST)) {
+ $error = 'You sent something to the login page, but for some reason the password was not sent. Try again please.';
+ continue;
}
- */
- if (!@ldap_bind($ds, $dn, $password)) {
- $error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $config->getValue('auth.ldap.dnpattern')
- . "] Error=[" . ldap_error($ds) . "] ErrNo=[" . ldap_errno($ds) . "]";
-
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'Fail', $username, $username . ' failed to authenticate');
+
+ $username = $_POST['username'];
+ $password = $_POST['password'];
+
+ /* Escape any characters with a special meaning in LDAP. The following
+ * characters have a special meaning (according to RFC 2253):
+ * ',', '+', '"', '\', '<', '>', ';', '*'
+ * These characters are escaped by prefixing them with '\'.
+ */
+ $ldapusername = addcslashes($username, ',+"\\<>;*');
+
+ /* Insert the LDAP username into the pattern configured in the
+ * 'auth.ldap.dnpattern' option.
+ */
+ $dn = str_replace('%username%', $ldapusername,
+ $config->getValue('auth.ldap.dnpattern'));
+
+ /* Connect to the LDAP server. */
+ $ds = ldap_connect($config->getValue('auth.ldap.hostname'));
+
+ if ($ds) {
+
+ if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
- } else {
- $sr = ldap_read($ds, $dn, $config->getValue('auth.ldap.attributes'));
- $ldapentries = ldap_get_entries($ds, $sr);
-
- /* Check if we have any entries in the search result.
- */
- if($ldapentries['count'] == 0) {
- throw new Exception('LDAP: No entries in the' .
- ' search result.');
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
+
+ throw new Exception("Failed to set LDAP Protocol version to 3");
}
-
- /* Currently we only care about the first entry. We
- * write a message to the error log if we have more.
- */
- if($ldapentries['count'] > 1) {
- error_log('LDAP: we have more than one entry' .
- ' in the search result.');
+ /*
+ if (!ldap_start_tls($ds)) {
+ echo "Failed to start TLS";
+ exit;
}
-
- /* Iterate over all the attributes in the first
- * result. $ldapentries[0]['count'] contains the
- * attribute count, while $ldapentries[0][$i]
- * contains the name of the $i'th attribute.
- */
- for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
- $name = $ldapentries[0][$i];
-
- /* We currently ignore the 'jpegphoto'
- * attribute since it is relatively big.
+ */
+ if (!@ldap_bind($ds, $dn, $password)) {
+ $error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $config->getValue('auth.ldap.dnpattern')
+ . "] Error=[" . ldap_error($ds) . "] ErrNo=[" . ldap_errno($ds) . "]";
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'Fail', $username, $username . ' failed to authenticate');
+
+ } else {
+ $sr = ldap_read($ds, $dn, $config->getValue('auth.ldap.attributes'));
+ $ldapentries = ldap_get_entries($ds, $sr);
+
+ /* Check if we have any entries in the search result.
*/
- if ($name === 'jpegphoto') {
- continue;
+ if($ldapentries['count'] == 0) {
+ throw new Exception('LDAP: No entries in the search result.');
}
-
- $attribute = $ldapentries[0][$name];
-
- $values = array();
-
- for ($j = 0; $j < $attribute['count']; $j++) {
- $values[] = $attribute[$j];
+
+ /* Currently we only care about the first entry. We
+ * write a message to the error log if we have more.
+ */
+ if($ldapentries['count'] > 1) {
+ error_log('LDAP: we have more than one entry in the search result.');
}
-
- assert(!array_key_exists($name, $attributes));
- $attributes[$name] = $values;
+
+ /* Iterate over all the attributes in the first
+ * result. $ldapentries[0]['count'] contains the
+ * attribute count, while $ldapentries[0][$i]
+ * contains the name of the $i'th attribute.
+ */
+ for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
+ $name = $ldapentries[0][$i];
+
+ /* We currently ignore the 'jpegphoto'
+ * attribute since it is relatively big.
+ */
+ if ($name === 'jpegphoto') {
+ continue;
+ }
+
+ $attribute = $ldapentries[0][$name];
+
+ $values = array();
+
+ for ($j = 0; $j < $attribute['count']; $j++) {
+ $values[] = $attribute[$j];
+ }
+
+ assert(!array_key_exists($name, $attributes));
+ $attributes[$name] = $values;
+ }
+
+ $session->setAuthenticated(true, 'login');
+
+ $session->setAttributes($attributes);
+
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'OK', $username, $username . ' successfully authenticated');
+
+
+ SimpleSAML_Utilities::redirect($relaystate);
}
-
- $session->setAuthenticated(true, 'login');
-
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'OK', $username, $username . ' successfully authenticated');
-
-
- SimpleSAML_Utilities::redirect($relaystate);
+ // ldap_close() om du vil, men frigjoeres naar skriptet slutter
}
- // ldap_close() om du vil, men frigjoeres naar skriptet slutter
+
+
+
+ } catch (Exception $e) {
+ $error = $e->getMessage();
}
-
}
diff --git a/www/resources/default.css b/www/resources/default.css
index 40a504f3d7056bcac0a8b745db679e705424b3ec..f6830d909964db154c2f12bed845e6f464527ffc 100644
--- a/www/resources/default.css
+++ b/www/resources/default.css
@@ -75,4 +75,19 @@ dl dd {
font-weight: bold;
color: #200;
margin: .3em;
+}
+
+.trackidtext {
+ border: 1px dashed #aaa;
+ background: #eaeaea;
+ padding: .6em;
+ margin: .4em;
+}
+.trackidtext .trackid {
+ border: 1px solid #ccc;
+ background: #eee;
+ margin: .4em;
+ padding: .4em;
+ font-family: monospace;
+ font-size: large;
}
\ No newline at end of file
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 401118ee2f2112c1d9fddca3682d8ac2ce31f0be..5c2c6fdcdffbd406b90ec9b9d6eca2fd668af142 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -29,8 +29,12 @@ $session = SimpleSAML_Session::getInstance(true);
$logger = new SimpleSAML_Logger();
-$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-$idpmeta = $metadata->getMetaDataCurrent('saml20-idp-hosted');
+try {
+ $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+ $idpmeta = $metadata->getMetaDataCurrent('saml20-idp-hosted');
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
$requestid = null;
@@ -75,15 +79,7 @@ if (isset($_GET['SAMLRequest'])) {
'Incomming Authentication request');
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error getting incomming request';
- $et->data['message'] = 'Something bad happened when simpleSAML got the incomming authentication request';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'PROCESSAUTHNREQUEST', $exception);
}
/*
@@ -108,31 +104,12 @@ if (isset($_GET['SAMLRequest'])) {
if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error retrieving authnrequest cache';
- $et->data['message'] = 'simpleSAML cannot find the authnrequest that it earlier stored.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CACHEAUTHNREQUEST', $exception);
}
} else {
- /*
- * We did neither get a request or a requestID as a parameter. Then throw an error.
- */
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'No parameters found';
- $et->data['message'] = 'You must either provide a SAML Request message or a RequestID on this interface.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SSOSERVICEPARAMS');
}
@@ -231,14 +208,7 @@ if (!isset($session) || !$session->isValid($authority) ) {
);
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error sending response to service';
- $et->data['message'] = 'Some error occured when trying to issue the authentication response, and send it back to the SP.';
- $et->data['e'] = $exception;
-
- $et->show();
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $exception);
}
}
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index d77de77293e4299a52969dac6f92b5a10a5d51f0..21ba347a1db197bd292544467b5c9738804eb4dc 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -106,12 +106,7 @@ try {
} catch(Exception $exception) {
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Some error occured when trying to generate metadata.';
- $et->data['e'] = $exception;
-
- $et->show();
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 650ee213d1285f0e41160f2966fda89f86c5748a..dabcc554712a5ae13b9cfada15cb7ae54c22426c 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -41,29 +41,21 @@ try {
$binding = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
$authnResponse = $binding->decodeResponse($_POST);
-
+
$authnResponse->process();
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.AssertionConsumerService', 'AuthnResponse', '-',
- 'Successfully created local session from Authentication Response');
-
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.AssertionConsumerService', 'AuthnResponse', '-',
+ 'Successfully created local session from Authentication Response');
+
$relayState = $authnResponse->getRelayState();
if (isset($relayState)) {
SimpleSAML_Utilities::redirect($relayState);
} else {
- throw new Exception('Could not find RelayState parameter, you are stuck here.');
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error receiving response from IdP';
- $et->data['message'] = 'Some error occured when trying to issue the authentication request to the IdP.';
- $et->data['e'] = $exception;
-
- $et->show();
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'PROCESSASSERTION', $exception);
}
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
index 7714692381f714e10b5702f825dad0b6ae0e4484..d14649d3b1874b88bf1705c88019e99f19b3eb3d 100644
--- a/www/saml2/sp/SingleLogoutService.php
+++ b/www/saml2/sp/SingleLogoutService.php
@@ -13,28 +13,19 @@ require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
require_once('SimpleSAML/XHTML/Template.php');
-$config = SimpleSAML_Configuration::getInstance();
+$config = SimpleSAML_Configuration::getInstance(true);
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
// Get the local session
$session = SimpleSAML_Session::getInstance();
-/* Get the tracking id for this session if we have a valid session. Use an
- * empty string if we don't have a valid session.
- */
-if($session !== NULL) {
- $trackId = $session->getTrackId();
-} else {
- $trackId = '';
-}
$logger = new SimpleSAML_Logger();
-
-$logger->log(LOG_INFO, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'EVENT', 'Access',
+$logger->log(LOG_INFO, $session->getTrackId(), 'SAML2.0', 'SP.SingleLogoutService', 'EVENT', 'Access',
'Accessing SAML 2.0 SP endpoint SingleLogoutService');
// Destroy local session if exists.
-if (isset($session) && $session->isAuthenticated() ) {
+if (isset($session) ) {
$session->setAuthenticated(false);
$session->clean();
}
@@ -60,40 +51,32 @@ if (isset($_GET['SAMLRequest'])) {
//$responder = $config->getValue('saml2-hosted-sp');
$responder = $metadata->getMetaDataCurrentEntityID();
-
+
+ $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutRequest', $requestid,
+ 'IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ')');
+
+
+ // Create a logout response
+ $lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
+ $logoutResponseXML = $lr->generate($responder, $requester, $requestid, 'SP');
+
+
+ // Create a HTTP Redirect binding.
+ $httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
+
+
+ $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutResponse', '-',
+ 'SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')');
+
+ // Send the Logout response using HTTP POST binding.
+ $httpredirect->sendMessage($logoutResponseXML, $responser, $requester, $logoutrequest->getRelayState(), 'SingleLogoutServiceResponse', 'SAMLResponse');
+
} catch(Exception $exception) {
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error in received logout request';
- $et->data['message'] = 'An error occured when trying to read logout request.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTREQUEST', $exception);
}
-
- $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutRequest', $requestid,
- 'IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ')');
-
-
- // Create a logout response
- $lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
- $logoutResponseXML = $lr->generate($responder, $requester, $requestid, 'SP');
-
-
- // Create a HTTP Redirect binding.
- $httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
-
-
- $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutResponse', '-',
- 'SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')');
-
- // Send the Logout response using HTTP POST binding.
- $httpredirect->sendMessage($logoutResponseXML, $responser, $requester, $logoutrequest->getRelayState(), 'SingleLogoutServiceResponse', 'SAMLResponse');
-
} elseif(isset($_GET['SAMLResponse'])) {
// Create a HTTPRedirect binding
@@ -108,24 +91,13 @@ if (isset($_GET['SAMLRequest'])) {
}
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error in received logout response';
- $et->data['message'] = 'An error occured when trying to read logout response.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTRESPONSE', $exception);
}
if (isset($_GET['RelayState'])) {
SimpleSAML_Utilities::redirect($_GET['RelayState']);
} else {
-
- echo 'You are now successfully logged out.';
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
}
diff --git a/www/saml2/sp/idpdisco.php b/www/saml2/sp/idpdisco.php
index f941e0262bd9d9bf936096348902a4ff14f3a5af..a2762fe96c90c91b7b637a3012e4badd61c54804 100644
--- a/www/saml2/sp/idpdisco.php
+++ b/www/saml2/sp/idpdisco.php
@@ -7,10 +7,6 @@ require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/XHTML/Template.php');
require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
-require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
-//require_once('SimpleSAML/XML/SAML20/AuthnResponse.php');
-require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
-//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
@@ -29,12 +25,7 @@ try {
$returnidparam = $_GET['returnIDParam'];
} catch (Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
- $et->data['message'] = 'Error getting required parameters for IdP Discovery Service';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'DISCOPARAMS', $exception);
}
@@ -45,12 +36,14 @@ if (isset($_GET['idpentityid'])) {
$returnurl = SimpleSAML_Utilities::addURLparameter($return, $returnidparam . '=' . $idpentityid);
SimpleSAML_Utilities::redirect($returnurl);
-
+
}
-
-$idplist = $metadata->getList('saml20-idp-remote');
-
+try {
+ $idplist = $metadata->getList('saml20-idp-remote');
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
if ($config->getValue('idpdisco.layout') == 'dropdown') {
$t = new SimpleSAML_XHTML_Template($config, 'selectidp-dropdown.php');
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
index 508b8f1541bc4eab18f5414971ba889e8f84a078..57df4250033d31e44ed3bfeceb914b25c4069f36 100644
--- a/www/saml2/sp/initSSO.php
+++ b/www/saml2/sp/initSSO.php
@@ -17,17 +17,17 @@ $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(true);
-$logger = new SimpleSAML_Logger();
-
-/*
+/**
* Incomming URL parameters
*
- * idpentityid The entityid of the wanted IdP to authenticate with. If not provided will use default.
- * spentityid The entityid of the SP config to use. If not provided will use default to host.
+ * idpentityid optional The entityid of the wanted IdP to authenticate with. If not provided will use default.
+ * spentityid optional The entityid of the SP config to use. If not provided will use default to host.
+ * RelayState required Where to send the user back to after authentication.
*
*/
+$logger = new SimpleSAML_Logger();
$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'EVENT', 'Access',
'Accessing SAML 2.0 SP initSSO script');
@@ -38,12 +38,7 @@ try {
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
} catch (Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
- $et->data['message'] = 'Error loading SAML 2.0 metadata';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
if (!isset($session) || !$session->isValid('saml2') ) {
@@ -76,20 +71,13 @@ if (!isset($session) || !$session->isValid('saml2') ) {
}
$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'AuthnRequest', $idpentityid,
- 'SP (' . $spentityid . ') is sending authenticatino request to IdP (' . $idpentityid . ')');
+ 'SP (' . $spentityid . ') is sending authentication request to IdP (' . $idpentityid . ')');
$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState);
- } catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Some error occured when trying to issue the authentication request to the IdP.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
+ } catch(Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
}
} else {
@@ -104,14 +92,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
SimpleSAML_Utilities::redirect($relaystate);
} else {
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Could not get relay state, do not know where to send the user.';
- $et->data['e'] = new Exception();
-
- $et->show();
-
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
}
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index d53cd801e1793723866744d67c03de334b09265d..09bcb30fb5cf2659991ed0d86095d61f3e8302bf 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -10,7 +10,24 @@ require_once('SimpleSAML/XHTML/Template.php');
/* Load simpleSAMLphp, configuration and metadata */
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getInstance(TRUE);
+
+
+/**
+ * Preconfigured to help out some federations. This makes it easier for users to report metadata
+ * to the administrators of the IdP.
+ */
+$send_metadata_to_idp = array(
+ 'sam.feide.no' => array(
+ 'name' => 'Feide',
+ 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
+ ),
+ 'max.feide.no' => array(
+ 'name' => 'Feide',
+ 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
+ )
+);
+
try {
@@ -53,6 +70,12 @@ try {
$et->data['header'] = 'SAML 2.0 SP Metadata';
$et->data['metadata'] = htmlentities($metaxml);
+
+ if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
+ $et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
+ $et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
+ }
+
$et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
$et->data['defaultidp'] = $defaultidp;
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index fa06e20528cf3272fc1841d68d04f56ca89fe885..323806a2901d1c9dbfbdaa73c9ad2936212d3d13 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -51,14 +51,8 @@ if (isset($_GET['shire'])) {
$authnrequest = new SimpleSAML_XML_Shib13_AuthnRequest($config, $metadata);
$authnrequest->parseGet($_GET);
- //$session = $authnrequest->createSession();
-
$requestid = $authnrequest->getRequestID();
- //$session->setShibAuthnRequest($authnrequest);
-
-
-
/*
* Create an assoc array of the request to store in the session cache.
*/
@@ -107,29 +101,12 @@ if (isset($_GET['shire'])) {
if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error retrieving authnrequest cache';
- $et->data['message'] = 'simpleSAML cannot find the authnrequest that it earlier stored.';
- $et->data['e'] = $exception;
-
- $et->show();
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CACHEAUTHNREQUEST', $exception);
}
-
-} else {
- /*
- * We did neither get a request or a requestID as a parameter. Then throw an error.
- */
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'No parameters found';
- $et->data['message'] = 'You must either provide a Shibboleth Request message or a RequestID on this interface.';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+} else {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SSOSERVICEPARAMS');
}
$authority = isset($idpmeta['authority']) ? $idpmeta['authority'] : null;
@@ -205,15 +182,7 @@ if (!$session->isAuthenticated($authority) ) {
$idpentityid, $issuer, isset($requestcache['RelayState']) ? $requestcache['RelayState'] : null, $shire);
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error sending response to service';
- $et->data['message'] = 'Some error occured when trying to issue the authentication response, and send it back to the SP.';
- $et->data['e'] = $exception;
-
- $et->show();
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $exception);
}
}
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
index ccbaa847210c91fc5921b1d44482338de4fa7dad..2baf66945cda9621db91545c60f4ca5191914133 100644
--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -12,54 +12,29 @@ require_once('SimpleSAML/XHTML/Template.php');
try {
- /*
- echo '<pre>';
- print_r($_POST);
- echo '</pre>';
- */
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- #print_r($metadata->getMetaData('sam.feide.no'));
-# $sr = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata);
-
$binding = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
$authnResponse = $binding->decodeResponse($_POST);
- $xml = $authnResponse->getXML();
- /*
- echo '<pre>';
- echo $xml;
- echo '</pre>';
- */
-
$authnResponse->validate();
- $session = $authnResponse->createSession();
-
-
+ $session = $authnResponse->createSession(true);
if (isset($session)) {
$relayState = $authnResponse->getRelayState();
if (isset($relayState)) {
SimpleSAML_Utilities::redirect($relayState);
} else {
- echo 'Could not find RelayState parameter, you are stucked here.';
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
} else {
- throw new Exception('Unkown error. Could not get session.');
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOSESSION');
}
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Some error occured when trying to issue the authentication request to the IdP.';
- $et->data['e'] = $exception;
-
- $et->show();
-
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $exception);
}
diff --git a/www/shib13/sp/idpdisco.php b/www/shib13/sp/idpdisco.php
index 29d117d05724140fb7cc7aaa93d72701f07a0157..ab45917ab2a4f873888bfe41db904e12c62d74bc 100644
--- a/www/shib13/sp/idpdisco.php
+++ b/www/shib13/sp/idpdisco.php
@@ -25,12 +25,7 @@ try {
$returnidparam = $_GET['returnIDParam'];
} catch (Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
- $et->data['message'] = 'Error getting required parameters for IdP Discovery Service';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'DISCOPARAMS', $exception);
}
@@ -44,8 +39,11 @@ if (isset($_GET['idpentityid'])) {
}
-
-$idplist = $metadata->getList('shib13-idp-remote');
+try {
+ $idplist = $metadata->getList('shib13-idp-remote');
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
if ($config->getValue('idpdisco.layout') == 'dropdown') {
$t = new SimpleSAML_XHTML_Template($config, 'selectidp-dropdown.php');
diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php
index 95f2d2f90ab980957871d3c3153178836c543174..736600b97d18cd458655d31e7d5bce9852efd120 100644
--- a/www/shib13/sp/initSSO.php
+++ b/www/shib13/sp/initSSO.php
@@ -30,12 +30,7 @@ try {
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted');
} catch (Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
- $et->data['message'] = 'Error loading SAML 2.0 metadata';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
@@ -61,15 +56,8 @@ if (!isset($session) || !$session->isValid('shib13') ) {
$url = $ar->createRedirect($idpentityid);
SimpleSAML_Utilities::redirect($url);
- } catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Some error occured when trying to issue the authentication request to the IdP.';
- $et->data['e'] = $exception;
-
- $et->show();
-
+ } catch(Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
}
} else {
@@ -80,14 +68,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
if (isset($relaystate) && !empty($relaystate)) {
SimpleSAML_Utilities::redirect($relaystate);
} else {
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Could not get relay state, do not know where to send the user.';
- $et->data['e'] = new Exception();
-
- $et->show();
-
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
}