From 1f8b1da56751fe28fceb539275efbf93d7579bcf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Thu, 31 Jan 2008 15:08:12 +0000
Subject: [PATCH] Implementeed better error handling. Separate static function
for fatal error in utitilies that present a error the user. This page to the
user shows a error text that can be localized to several languages, the error
page also shows debug text, and a way to submit errors to the administrators.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@232 44740490-163a-0410-bde0-09ae8108e29a
---
dictionaries/error_CACHEAUTHNREQUEST.php | 8 +
dictionaries/error_CREATEREQUEST.php | 8 +
dictionaries/error_DISCOPARAMS.php | 8 +
dictionaries/error_GENERATEAUTHNRESPONSE.php | 8 +
dictionaries/error_LDAPERROR.php | 8 +
dictionaries/error_LOGOUTREQUEST.php | 9 +
dictionaries/error_LOGOUTRESPONSE.php | 8 +
dictionaries/error_METADATA.php | 8 +
dictionaries/error_NORELAYSTATE.php | 8 +
dictionaries/error_NOSESSION.php | 12 ++
dictionaries/error_PROCESSASSERTION.php | 8 +
dictionaries/error_PROCESSAUTHNREQUEST.php | 8 +
dictionaries/error_SSOSERVICEPARAMS.php | 8 +
extra/receiveinfo.php | 62 ++++++
lib/SimpleSAML/Logger.php | 11 +-
lib/SimpleSAML/Utilities.php | 47 ++++-
lib/SimpleSAML/XHTML/Template.php | 83 ++++++--
lib/SimpleSAML/XML/SAML20/AuthnResponse.php | 1 +
templates/default/en/error.php | 58 +++--
templates/default/en/metadata.php | 12 +-
templates/default/includes/header.php | 2 +-
www/auth/login-auto.php | 23 +-
www/auth/login-ldapmulti.php | 132 ++++++------
www/auth/login-radius.php | 9 +-
www/auth/login.php | 209 +++++++++----------
www/resources/default.css | 15 ++
www/saml2/idp/SSOService.php | 50 +----
www/saml2/idp/metadata.php | 7 +-
www/saml2/sp/AssertionConsumerService.php | 20 +-
www/saml2/sp/SingleLogoutService.php | 80 +++----
www/saml2/sp/idpdisco.php | 21 +-
www/saml2/sp/initSSO.php | 39 +---
www/saml2/sp/metadata.php | 25 ++-
www/shib13/idp/SSOService.php | 39 +---
www/shib13/sp/AssertionConsumerService.php | 33 +--
www/shib13/sp/idpdisco.php | 14 +-
www/shib13/sp/initSSO.php | 27 +--
37 files changed, 635 insertions(+), 493 deletions(-)
create mode 100644 dictionaries/error_CACHEAUTHNREQUEST.php
create mode 100644 dictionaries/error_CREATEREQUEST.php
create mode 100644 dictionaries/error_DISCOPARAMS.php
create mode 100644 dictionaries/error_GENERATEAUTHNRESPONSE.php
create mode 100644 dictionaries/error_LDAPERROR.php
create mode 100644 dictionaries/error_LOGOUTREQUEST.php
create mode 100644 dictionaries/error_LOGOUTRESPONSE.php
create mode 100644 dictionaries/error_METADATA.php
create mode 100644 dictionaries/error_NORELAYSTATE.php
create mode 100644 dictionaries/error_NOSESSION.php
create mode 100644 dictionaries/error_PROCESSASSERTION.php
create mode 100644 dictionaries/error_PROCESSAUTHNREQUEST.php
create mode 100644 dictionaries/error_SSOSERVICEPARAMS.php
create mode 100644 extra/receiveinfo.php
diff --git a/dictionaries/error_CACHEAUTHNREQUEST.php b/dictionaries/error_CACHEAUTHNREQUEST.php
new file mode 100644
index 000000000..00a7b3fde
--- /dev/null
+++ b/dictionaries/error_CACHEAUTHNREQUEST.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error making single sign-on to service',
+ 'descr' => 'You can authenticated and are ready to be sent back to the service that requested authentication, but we could not find your cached authentication request. The request is only cached for a limited amount of time. If you leaved your browser open for hours before entering your username and password, this could be one possible explaination. If this could be the case in your situation, try to go back to the service you want to access, and start a new login process. If this issue continues, please report the problem.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_CREATEREQUEST.php b/dictionaries/error_CREATEREQUEST.php
new file mode 100644
index 000000000..fccbba948
--- /dev/null
+++ b/dictionaries/error_CREATEREQUEST.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error creating AuthNRequest',
+ 'descr' => 'An error occured when trying to create the authentication request.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_DISCOPARAMS.php b/dictionaries/error_DISCOPARAMS.php
new file mode 100644
index 000000000..2c714f258
--- /dev/null
+++ b/dictionaries/error_DISCOPARAMS.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Bad request to discovery service',
+ 'descr' => 'The parameters sent to the discovery service were not following the specification.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_GENERATEAUTHNRESPONSE.php b/dictionaries/error_GENERATEAUTHNRESPONSE.php
new file mode 100644
index 000000000..365459c2a
--- /dev/null
+++ b/dictionaries/error_GENERATEAUTHNRESPONSE.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Could not create authentication response',
+ 'descr' => 'When this identity provider tried to create an authentication response, an error occured.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_LDAPERROR.php b/dictionaries/error_LDAPERROR.php
new file mode 100644
index 000000000..28d36170d
--- /dev/null
+++ b/dictionaries/error_LDAPERROR.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'LDAP Error',
+ 'descr' => 'LDAP is the user database, and when you try to login, we need to contact an LDAP database. When we tried it this time an error occured.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_LOGOUTREQUEST.php b/dictionaries/error_LOGOUTREQUEST.php
new file mode 100644
index 000000000..69ad2f52d
--- /dev/null
+++ b/dictionaries/error_LOGOUTREQUEST.php
@@ -0,0 +1,9 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error processing Logout Request',
+ 'descr' => 'An error occured when trying to process the Logout Request.'
+
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_LOGOUTRESPONSE.php b/dictionaries/error_LOGOUTRESPONSE.php
new file mode 100644
index 000000000..1ae382aec
--- /dev/null
+++ b/dictionaries/error_LOGOUTRESPONSE.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error processing Logout Response',
+ 'descr' => 'An error occured when trying to process the Logout Response.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_METADATA.php b/dictionaries/error_METADATA.php
new file mode 100644
index 000000000..beac8c36a
--- /dev/null
+++ b/dictionaries/error_METADATA.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error loading metadata',
+ 'descr' => 'There is some misconfiguration of your simpleSAMLphp installation. If you are the administrator of this service, you should make sure your metadata configuration is correctly setup.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_NORELAYSTATE.php b/dictionaries/error_NORELAYSTATE.php
new file mode 100644
index 000000000..01f5786fe
--- /dev/null
+++ b/dictionaries/error_NORELAYSTATE.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'No RelayState',
+ 'descr' => 'The initiator of this request did not provide an RelayState parameter, that tells where to go next.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_NOSESSION.php b/dictionaries/error_NOSESSION.php
new file mode 100644
index 000000000..cdb51dae3
--- /dev/null
+++ b/dictionaries/error_NOSESSION.php
@@ -0,0 +1,12 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'No session found',
+ 'descr' => 'Unfortuneately we could not get your session. This could be because your browser do not support cookies, or cookies is disabled.'
+ ),
+ 'no' => array(
+ 'title' => 'Kunne ikke etablere sesjon',
+ 'descr' => 'Desverre kunne vi ikke etablere en sesjon for deg. Dette kan skyldes at din nettleser ikke støtter cookies, eller at cookies er slått av.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_PROCESSASSERTION.php b/dictionaries/error_PROCESSASSERTION.php
new file mode 100644
index 000000000..486605e90
--- /dev/null
+++ b/dictionaries/error_PROCESSASSERTION.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error processing response from IdP',
+ 'descr' => 'We did not accept the response sent from the Identity Provider.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_PROCESSAUTHNREQUEST.php b/dictionaries/error_PROCESSAUTHNREQUEST.php
new file mode 100644
index 000000000..f0866cb55
--- /dev/null
+++ b/dictionaries/error_PROCESSAUTHNREQUEST.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Error processing request from Service Provider',
+ 'descr' => 'This IdP received an authentication request from a service provider, but an error occured when trying to process the request.'
+ )
+);
\ No newline at end of file
diff --git a/dictionaries/error_SSOSERVICEPARAMS.php b/dictionaries/error_SSOSERVICEPARAMS.php
new file mode 100644
index 000000000..cdf071741
--- /dev/null
+++ b/dictionaries/error_SSOSERVICEPARAMS.php
@@ -0,0 +1,8 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title' => 'Wrong parameters provided',
+ 'descr' => 'You must either provide a SAML Request message or a RequestID on this interface.'
+ )
+);
\ No newline at end of file
diff --git a/extra/receiveinfo.php b/extra/receiveinfo.php
new file mode 100644
index 000000000..9a881a167
--- /dev/null
+++ b/extra/receiveinfo.php
@@ -0,0 +1,62 @@
+/**
+ * Copy and paste this file into a page in your drupal installation, or similar CMS system.
+ * Make sure the Input mode in your new page is PHP Mode.
+ *
+ * Then when you click save, notice the URL of your new page. This URL should be entered in the
+ * config.php of your simpleSAMLphp installation.
+ *
+ */
+
+<p>Thanks for sending information to us from simpleSAMLphp.</p>
+
+
+<?php
+
+#$to = 'andreas.solberg@uninett.no, moria-support@uninett.no';
+$to = 'andreas.solberg@uninett.no';
+
+if (isset($_POST['action'])) {
+
+
+
+ $to = 'andreas.solberg@uninett.no';
+ $from = (isset($_POST['email']) ? $_POST['email'] : 'Anonymous <simplesamlphp@example.org>');
+ $headers = 'From: ' . $from . "\r\n" . 'X-Mailer: PHP/' . phpversion();
+
+ if ($_POST['action'] == 'metadata') {
+
+ echo '<p>We have received your metadata.';
+ $subject = 'SAML 2.0 Metadata from '. $_POST['email'];
+ $message = 'Someone just used simpleSAMLphp to send metadata to Feide. Here is the metadata: ' . "\r\n\r\n------- BEGIN SAML 2.0 METADATA ----------\r\n" .
+ html_entity_decode(base64_decode(urldecode($_POST['metadata']))) . "\r\n------- END SAML 2.0 METADATA ----------\r\n\r\nDefault IdP: " . $_POST['defaultidp'] . "\r\nSent by simpleSAMLphp :)";
+
+} elseif($_POST['action'] == 'error') {
+
+ echo '<p>We have received your error report.';
+
+ $subject = 'Error report from '. $_POST['email'];
+ $message = 'Someone just used simpleSAMLphp to send an error message to Feide. Here is the exception:
+------------------
+Exception message: ' . html_entity_decode(base64_decode(urldecode($_POST['exceptionmsg']))) . '
+------------------
+Exception stacktrace:
+' . html_entity_decode(base64_decode(urldecode($_POST['exceptiontrace']))) . '
+------------------
+Description from user:
+' . $_POST['text'] . '
+
+TrackID [' . $_POST['trackid'] . ']
+
+simpleSAMLphp version: ' . $_POST['version'] . '
+Technical contact at server: ' . $_POST['techemail'] . '
+
+Sent using simpleSAMLphp';
+
+}
+
+
+mail($to, $subject, $message, $headers);
+}
+
+?>
+
diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php
index e1bea16b6..9336ac43e 100644
--- a/lib/SimpleSAML/Logger.php
+++ b/lib/SimpleSAML/Logger.php
@@ -30,11 +30,14 @@ class SimpleSAML_Logger {
* Log a message to syslog.
*/
public function log($priority, $trackid = null, $module, $submodule, $eventtype, $content, $message) {
- if ($priority < $this->loglevel) return;
-
+ error_log('This entry is ' . $priority . ' and configuration says minimum ' . $this->loglevel);
+ error_log('LOG_ERR is ' . LOG_ERR . ' and LOGINFO is ' . LOG_INFO);
+ if ($priority > $this->loglevel) return;
+ error_log('Log2');
if ($trackid == null) {
- $session = SimpleSAML_Session::getInstance(true);
- $trackid = $session->getTrackID();
+ $trackid = 'na';
+ //$session = SimpleSAML_Session::getInstance(true);
+ //$trackid = $session->getTrackID();
}
$contentstring = '';
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index e177b4b64..822a97ddd 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -2,6 +2,7 @@
require_once('SimpleSAML/Configuration.php');
require_once('SimpleSAML/XHTML/Template.php');
+require_once('SimpleSAML/Logger.php');
/**
* Misc static functions that is used several places.in example parsing and id generation.
@@ -268,22 +269,46 @@ class SimpleSAML_Utilities {
}
- /* This function logs a error message to the error log and shows the
+ /**
+ * This function logs a error message to the error log and shows the
* message to the user. Script execution terminates afterwards.
*
- * Parameters:
- * $title Short title for the error message.
- * $message The error message.
+ * @param $title Short title for the error message.
+ * @param $message The error message.
*/
- public static function fatalError($title, $message) {
- error_log($title . ': ' . $message);
-
+ public static function fatalError($trackid = 'na', $errorcode = null, Exception $e = null, $level = LOG_ERR) {
+
$config = SimpleSAML_Configuration::getInstance();
- $t = new SimpleSAML_XHTML_Template($config, 'error.php');
- $t->data['header'] = $title;
- $t->data['message'] = $message;
+
+ // Get the exception message if there is any exception provided.
+ $emsg = (empty($e) ? 'No exception available' : $e->getMessage());
+ $etrace = (empty($e) ? 'No exception available' : $e->getTraceAsString());
+
+ // Log a error message
+ $logger = new SimpleSAML_Logger();
+ $logger->log($level, $trackid, $_SERVER['PHP_SELF'], '-', 'UserError', (!empty($errorcode) ? $errorcode : 'na'),
+ urlencode($emsg) );
+
+ $languagefile = null;
+ if (isset($errorcode)) $languagefile = 'error_' . $errorcode . '.php';
+
+ // Initialize a template
+ $t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile);
+
+
+ $t->data['showerrors'] = $config->getValue('showerrors', true);
+ $t->data['errorreportaddress'] = $config->getValue('errorreportaddress', null);
+
+ $t->data['exceptionmsg'] = $emsg;
+ $t->data['exceptiontrace'] = $etrace;
+
+ $t->data['trackid'] = $trackid;
+
+ $t->data['version'] = $config->getValue('version', 'na');
+ $t->data['email'] = $config->getValue('technicalcontact_email', 'na');
+
$t->show();
-
+
exit;
}
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index bb50bd7e0..a13ed1718 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -1,7 +1,8 @@
<?php
require_once('SimpleSAML/Configuration.php');
-
+require_once('SimpleSAML/Logger.php');
+
/**
* A minimalistic XHTML PHP based template system implemented for simpleSAMLphp.
*
@@ -15,36 +16,42 @@ class SimpleSAML_XHTML_Template {
private $template = 'default.php';
private $language = null;
+ private $langtext = null;
+
public $data = null;
- function __construct(SimpleSAML_Configuration $configuration, $template) {
+ function __construct(SimpleSAML_Configuration $configuration, $template, $languagefile = null) {
$this->configuration = $configuration;
$this->template = $template;
$this->data['baseurlpath'] = $this->configuration->getValue('baseurlpath');
+
+ if (!empty($languagefile)) $this->includeLanguageFile($languagefile);
}
public function setLanguage($language) {
$this->language = $language;
- setcookie('language', $language);
+ // setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] )
+ // time()+60*60*24*900 expires 900 days from now.
+ setcookie('language', $language, time()+60*60*24*900);
}
public function getLanguage() {
-
+
+ // Language is set in object
if (isset($this->language)) {
-
return $this->language;
-
+
+ // Language is provided in query string
} else if (isset($_GET['language'])) {
-
$this->setLanguage($_GET['language']);
-
+
+ // Language is provided in a stored COOKIE
} else if (isset($_COOKIE['language'])) {
-
$this->language = $_COOKIE['language'];
+ // Language is not set, and we get the default language from the configuration.
} else {
-
return $this->configuration->getValue('language.default');
}
@@ -71,33 +78,67 @@ class SimpleSAML_XHTML_Template {
private function includeAtLanguageBase($file) {
$data = $this->data;
$filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' ;
+
+ if (!file_exists($filebase . $file)) {
+ $filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') .
+ $this->configuration->getValue('language.default') . '/';
+
+
+ if (!file_exists($filebase . $file) ) {
+ $logger = new SimpleSAML_Logger();
+ $logger->log(LOG_ERR, null, $_SERVER['PHP_SELF'], '-', 'Template', 'CannotFindFile',
+ 'Could not find template file [' . $this->template . '] at [' . $filename . ']');
+ return;
+ }
+ }
include($filebase . $file);
}
+
+ private function includeLanguageFile($file) {
+ $data = $this->data;
+ $filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('dictionarydir');
+
+ if (!file_exists($filebase . $file)) {
+ $logger = new SimpleSAML_Logger();
+ $logger->log(LOG_ERR, null, $_SERVER['PHP_SELF'], '-', 'Template', 'CannotFindFile',
+ 'Could not find template file [' . $this->template . '] at [' . $filebase . $file . ']');
+ return;
+ }
+ include($filebase . $file);
+ if (isset($lang)) {
+
+ if (array_key_exists($this->getLanguage(), $lang) ) {
+ foreach ($lang[$this->getLanguage()] AS $key => $text) {
+ $this->data[$key] = $text;
+ }
+ } elseif (array_key_exists($this->configuration->getValue('language.default', 'en'), $lang) ) {
+ foreach ($lang[$this->configuration->getValue('language.default')] AS $key => $text) {
+ $this->data[$key] = $text;
+ }
+ }
+ }
+ }
public function show() {
$data = $this->data;
$filename = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' .
$this->template;
-
-
-
+
if (!file_exists($filename)) {
-
-// echo 'Could not find template file [' . $this->template . '] at [' . $filename . ']';
-// exit(0);
-
+
$filename = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') .
$this->configuration->getValue('language.default') . '/' . $this->template;
-
if (!file_exists($filename)) {
- echo 'Could not find template file [' . $this->template . '] at [' . $filename . ']';
+ $logger = new SimpleSAML_Logger();
+ $logger->log(LOG_ERR, null, $_SERVER['PHP_SELF'], '-', 'Template', 'CannotFindFile',
+ 'Could not find template file [' . $this->template . '] at [' . $filename . ']');
+
+ echo 'Fatal error: Could not find template file [' . $this->template . '] at [' . $filename . ']';
exit(0);
- throw new Exception('Could not find template file [' . $this->template . '] at [' . $filename . ']');
}
-
}
require_once($filename);
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index dabd787f0..c7ffb9b19 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -13,6 +13,7 @@ require_once('xmlseclibs.php');
* An SAML 2.0 Authentication Response
*
* @author Andreas Ă…kre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @author Olav Morken, UNINETT AS
* @package simpleSAMLphp
* @version $Id$
*/
diff --git a/templates/default/en/error.php b/templates/default/en/error.php
index 4e32e0a64..4aea13acb 100644
--- a/templates/default/en/error.php
+++ b/templates/default/en/error.php
@@ -1,36 +1,70 @@
-<?php $this->includeAtTemplateBase('includes/header.php'); ?>
+<?php
+ $this->data['header'] = 'simpleSAMLphp error';
+ $this->includeAtTemplateBase('includes/header.php');
+?>
<div id="content">
+ <h2><?php echo (isset($this->data['title']) ? $this->data['title'] : 'simpleSAMLphp error'); ?></h2>
+
+ <p><?php echo $this->data['descr']; ?></p>
+ <div class="trackidtext">
+ If you report this error the track ID makes it possible to track your session in the logs available to the system adinistrator:
+ <span class="trackid"><?php echo $this->data['trackid']; ?><span>
-
- <h2><?php if (isset($data['header'])) { echo $data['header']; } else { echo "Some error occured"; } ?></h2>
+ </div>
- <p>
-
- <?php echo $data['message']; ?>
-
- </p>
<?php
/* Print out exception only if the exception is available. */
-if (array_key_exists('e', $data)) {
+if ($this->data['showerrors']) {
?>
-
+ <h2>Debug information</h2>
<p>The debug information below may be interesting for the administrator / help desk:</p>
<div style="border: 1px solid #eee; padding: 1em; font-size: x-small">
- <p style="margin: 1px"><?php echo htmlentities($data['e']->getMessage()); ?></p>
+ <p style="margin: 1px"><?php echo htmlentities($this->data['exceptionmsg']); ?></p>
<div style=" padding: 1em; font-family: monospace; ">
- <?php echo htmlentities($data['e']->getTraceAsString()); ?>
+ <?php echo htmlentities($this->data['exceptiontrace']); ?>
</div>
</div>
<?php
}
?>
+
+<?php
+/* Print out exception only if the exception is available. */
+if (!empty($this->data['errorreportaddress'])) {
+?>
+
+ <h2>Report errors</h2>
+ <form action="<?php echo $this->data['errorreportaddress']; ?>" method="post">
+
+ <p>Optionally enter your email address, for the administrators to be able contact you for further questions about your issue: </p>
+ <p>E-mail address: <input type="text" size="25" name="email" value="" />
+
+ <p>
+ <textarea style="width: 300px; height: 100px" name="text">Explain what you did to get this error...</textarea>
+ </p></p>
+ <input type="hidden" name="action" value="error" />
+ <input type="hidden" name="techemail" value="<?php echo $this->data['email']; ?>" />
+ <input type="hidden" name="version" value="<?php echo $this->data['version']; ?>" />
+ <input type="hidden" name="trackid" value="<?php echo $this->data['trackid']; ?>" />
+ <input type="hidden" name="exceptionmsg" value="<?php echo urlencode(base64_encode($this->data['exceptionmsg'])); ?>" />
+ <input type="hidden" name="exceptiontrace" value="<?php echo urlencode(base64_encode($this->data['exceptiontrace'])); ?>" />
+
+ <input type="submit" name="send" value="Send error report" />
+ </p>
+ </form>
+<?php
+}
+?>
+
+
+
<h2 style="clear: both">How to get help</h2>
diff --git a/templates/default/en/metadata.php b/templates/default/en/metadata.php
index 7559cd646..cfecf0803 100644
--- a/templates/default/en/metadata.php
+++ b/templates/default/en/metadata.php
@@ -15,14 +15,12 @@
<pre style="overflow: scroll; border: 1px solid #eee; padding: 2px"><?php echo $data['metadata']; ?></pre>
- <?php if($data['feide']) { ?>
+ <?php if(array_key_exists('sendmetadatato', $this->data) { ?>
<div style="border: 1px solid #444; margin: 2em; padding: 1em; background: #eee">
- <img src="http://clippings.erlang.no/ZZ076BD170.jpg" style="float: right; " />
-
- <h2>Send your metadata to Feide</h2>
+ <h2>Send your metadata to <?php $this->data['federationname']; ?></h2>
<p>simpleSAMLphp has detected that you have configured Feide as your default IdP.</p>
@@ -30,15 +28,17 @@
contact Feide to add you as a new service, you will be asked to send your metadata. Here you can easily send
the metadata to Feide by clicking the button below.</p>
- <form action="http://rnd.feide.no/post-metadata/index.php" method="post">
+ <form action="<?php $this->data['sendmetadatato']; ?>" method="post">
<p>Feide needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
<input type="text" size="25" name="email" value="" />
</p>
<input type="hidden" name="metadata" value="<?php echo urlencode(base64_encode($data['metadata'])); ?>" />
+ <input type="hidden" name="techemail" value="<?php echo $_POST['techemail']; ?>" />
+ <input type="hidden" name="version" value="<?php echo $_POST['version']; ?>" />
<input type="hidden" name="defaultidp" value="<?php echo htmlspecialchars($data['defaultidp']); ?>" />
- <input type="submit" name="send" value="Send my metadata to Feide" />
+ <input type="submit" name="send" value="Send my metadata to <?php $this->data['federationname']; ?>" />
</form>
diff --git a/templates/default/includes/header.php b/templates/default/includes/header.php
index a6347b6ba..82ae5abe6 100644
--- a/templates/default/includes/header.php
+++ b/templates/default/includes/header.php
@@ -16,7 +16,7 @@ if(array_key_exists('header', $data)) {
<body>
<div id="wrap">
-
+
<div id="header">
<h1><a style="text-decoration: none; color: white" href="/<?php echo $data['baseurlpath']; ?>"><?php
echo (isset($data['header']) ? $data['header'] : 'simpleSAMLphp');
diff --git a/www/auth/login-auto.php b/www/auth/login-auto.php
index fb4984965..b2188e2d2 100644
--- a/www/auth/login-auto.php
+++ b/www/auth/login-auto.php
@@ -33,24 +33,12 @@ $delay_login = (int)$config->getValue('auth.auto.delay_login');
/* Verify that this authentication handler is enabled. */
if(!$enable) {
- SimpleSAML_Utilities::fatalError(
- 'login-auto not enabled',
- 'You attempted to use the login-auto authentication handler,' .
- ' but this handler isn\'t enabled in the configuration. If' .
- ' you want to enable this authentication handler, set' .
- ' \'auth.auto.enable\' to true.'
- );
+ throw new Exception('login-auto not enabled: You attempted to use the login-auto authentication handler, but this handler isn\'t enabled in the configuration. If you want to enable this authentication handler, set \'auth.auto.enable\' to true.');
}
/* Verify that the 'auth.auto.attributes' option is configured. */
if(!is_array($attributes)) {
- SimpleSAML_Utilities::fatalError(
- 'login-auto not configured',
- 'The login-auto authentication handler is enabled, but no' .
- ' attributes are configured. Please set' .
- ' \'auth.auto.attributes\' to the attributes you want to' .
- ' give users.'
- );
+ throw new Exception('login-auto not configured: The login-auto authentication handler is enabled, but no attributes are configured. Please set \'auth.auto.attributes\' to the attributes you want to give users.');
}
@@ -75,12 +63,9 @@ usleep($delay_login * 1000);
/* Load the session of the current user. */
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getInstance(true);
if($session == NULL) {
- SimpleSAML_Utilities::fatalError(
- 'Missing session',
- 'No session was found. Are cookies disabled?'
- );
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOSESSION');
}
/* Set the user as authenticated and add the attributes from the
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index 6e63a6820..a3ceb29d0 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -23,79 +23,91 @@ $logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'ldap-multi', 'EVENT', 'A
$error = null;
$attributes = array();
-
-if (isset($_POST['username'])) {
- $ldapconfig = $ldapmulti[$_POST['org']];
-
-
+/* Load the RelayState argument. The RelayState argument contains the address
+ * we should redirect the user to after a successful authentication.
+ */
+if (!array_key_exists('RelayState', $_REQUEST)) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
+}
- $dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
- $pwd = $_POST['password'];
+if (isset($_POST['username'])) {
- $ds = ldap_connect($ldapconfig['hostname']);
+ try {
- if ($ds) {
+ $ldapconfig = $ldapmulti[$_POST['org']];
+
+
- if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+ $dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
+ $pwd = $_POST['password'];
+
+ $ds = ldap_connect($ldapconfig['hostname']);
+
+ if ($ds) {
- $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
+ if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
- echo "Failed to set LDAP Protocol version to 3";
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
+
+ $error = "Failed to set LDAP Protocol version to 3";
+ }
+ /*
+ if (!ldap_start_tls($ds)) {
+ echo "Failed to start TLS";
exit;
- }
- /*
- if (!ldap_start_tls($ds)) {
- echo "Failed to start TLS";
- exit;
- }
- */
- if (!ldap_bind($ds, $dn, $pwd)) {
- $error = 'Bind failed, wrong username or password.' .
- ' Tried with DN=[' . $dn . '] DNPattern=[' .
- $ldapconfig['dnpattern'] . '] Error=[' .
- ldap_error($ds) . "] ErrNo=[" .
- ldap_errno($ds) . "]";
-
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'Fail', $_POST['username'], $_POST['username'] . ' failed to authenticate');
-
- } else {
- $sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
- $ldapentries = ldap_get_entries($ds, $sr);
-
-
- for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
- $values = array();
- if ($ldapentries[0][$i] == 'jpegphoto') continue;
- for ($j = 0; $j < $ldapentries[0][$ldapentries[0][$i]]['count']; $j++) {
- $values[] = $ldapentries[0][$ldapentries[0][$i]][$j];
+ }
+ */
+ if (!ldap_bind($ds, $dn, $pwd)) {
+ $error = 'Bind failed, wrong username or password.' .
+ ' Tried with DN=[' . $dn . '] DNPattern=[' .
+ $ldapconfig['dnpattern'] . '] Error=[' .
+ ldap_error($ds) . "] ErrNo=[" .
+ ldap_errno($ds) . "]";
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'Fail', $_POST['username'], $_POST['username'] . ' failed to authenticate');
+
+ } else {
+ $sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
+ $ldapentries = ldap_get_entries($ds, $sr);
+
+
+ for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
+ $values = array();
+ if ($ldapentries[0][$i] == 'jpegphoto') continue;
+ for ($j = 0; $j < $ldapentries[0][$ldapentries[0][$i]]['count']; $j++) {
+ $values[] = $ldapentries[0][$ldapentries[0][$i]][$j];
+ }
+
+ $attributes[$ldapentries[0][$i]] = $values;
}
+
+ // generelt ldap_next_entry for flere, men bare ett her
+ //print_r($ldapentries);
+ //print_r($attributes);
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
- $attributes[$ldapentries[0][$i]] = $values;
+
+ $session->setAuthenticated(true, 'login-ldapmulti');
+ $session->setAttributes($attributes);
+
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
+
+ $returnto = $_REQUEST['RelayState'];
+ SimpleSAML_Utilities::redirect($returnto);
+
}
-
- // generelt ldap_next_entry for flere, men bare ett her
- //print_r($ldapentries);
- //print_r($attributes);
-
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
-
-
- $session->setAuthenticated(true, 'login-ldapmulti');
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
- $returnto = $_REQUEST['RelayState'];
- SimpleSAML_Utilities::redirect($returnto);
-
+ // ldap_close() om du vil, men frigjoeres naar skriptet slutter
}
- // ldap_close() om du vil, men frigjoeres naar skriptet slutter
- }
-
+ } catch (Exception $e) {
+
+ $error = $e->getMessage();
+
+ }
}
diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php
index 1f50f32d4..a36eca74a 100644
--- a/www/auth/login-radius.php
+++ b/www/auth/login-radius.php
@@ -17,7 +17,14 @@ $logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'radius', 'EVENT', 'Acces
$error = null;
$attributes = array();
-
+
+/* Load the RelayState argument. The RelayState argument contains the address
+ * we should redirect the user to after a successful authentication.
+ */
+if (!array_key_exists('RelayState', $_REQUEST)) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
+}
+
if (isset($_POST['username'])) {
diff --git a/www/auth/login.php b/www/auth/login.php
index f79792673..ee09d7642 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -14,7 +14,7 @@ require_once('SimpleSAML/Logger.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getInstance(true);
$logger = new SimpleSAML_Logger();
$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'ldap', 'EVENT', 'Access', 'Accessing auth endpoint login');
@@ -28,10 +28,7 @@ $username = null;
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
- SimpleSAML_Utilities::fatalError(
- 'Invalid access of LDAP login page',
- 'Missing RelayState argument to LDAP authenticator.'
- );
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
$relaystate = $_REQUEST['RelayState'];
@@ -39,119 +36,121 @@ $relaystate = $_REQUEST['RelayState'];
if (isset($_POST['username'])) {
- /* Validate and sanitize form data. */
- /* First, make sure that the password field is included. */
- if (!array_key_exists('password', $_POST)) {
- SimpleSAML_Utilities::fatalError(
- 'Invalid access of LDAP login page',
- 'Invalid form data posted to login form. Missing' .
- ' required password form field.'
- );
- }
-
- $username = $_POST['username'];
- $password = $_POST['password'];
-
- /* Escape any characters with a special meaning in LDAP. The following
- * characters have a special meaning (according to RFC 2253):
- * ',', '+', '"', '\', '<', '>', ';', '*'
- * These characters are escaped by prefixing them with '\'.
- */
- $ldapusername = addcslashes($username, ',+"\\<>;*');
-
- /* Insert the LDAP username into the pattern configured in the
- * 'auth.ldap.dnpattern' option.
- */
- $dn = str_replace('%username%', $ldapusername,
- $config->getValue('auth.ldap.dnpattern'));
-
- /* Connect to the LDAP server. */
- $ds = ldap_connect($config->getValue('auth.ldap.hostname'));
+ try {
- if ($ds) {
+ /* Validate and sanitize form data. */
- if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
-
- $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
-
- echo "Failed to set LDAP Protocol version to 3";
- exit;
- }
- /*
- if (!ldap_start_tls($ds)) {
- echo "Failed to start TLS";
- exit;
+ /* First, make sure that the password field is included. */
+ if (!array_key_exists('password', $_POST)) {
+ $error = 'You sent something to the login page, but for some reason the password was not sent. Try again please.';
+ continue;
}
- */
- if (!@ldap_bind($ds, $dn, $password)) {
- $error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $config->getValue('auth.ldap.dnpattern')
- . "] Error=[" . ldap_error($ds) . "] ErrNo=[" . ldap_errno($ds) . "]";
-
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'Fail', $username, $username . ' failed to authenticate');
+
+ $username = $_POST['username'];
+ $password = $_POST['password'];
+
+ /* Escape any characters with a special meaning in LDAP. The following
+ * characters have a special meaning (according to RFC 2253):
+ * ',', '+', '"', '\', '<', '>', ';', '*'
+ * These characters are escaped by prefixing them with '\'.
+ */
+ $ldapusername = addcslashes($username, ',+"\\<>;*');
+
+ /* Insert the LDAP username into the pattern configured in the
+ * 'auth.ldap.dnpattern' option.
+ */
+ $dn = str_replace('%username%', $ldapusername,
+ $config->getValue('auth.ldap.dnpattern'));
+
+ /* Connect to the LDAP server. */
+ $ds = ldap_connect($config->getValue('auth.ldap.hostname'));
+
+ if ($ds) {
+
+ if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
- } else {
- $sr = ldap_read($ds, $dn, $config->getValue('auth.ldap.attributes'));
- $ldapentries = ldap_get_entries($ds, $sr);
-
- /* Check if we have any entries in the search result.
- */
- if($ldapentries['count'] == 0) {
- throw new Exception('LDAP: No entries in the' .
- ' search result.');
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
+
+ throw new Exception("Failed to set LDAP Protocol version to 3");
}
-
- /* Currently we only care about the first entry. We
- * write a message to the error log if we have more.
- */
- if($ldapentries['count'] > 1) {
- error_log('LDAP: we have more than one entry' .
- ' in the search result.');
+ /*
+ if (!ldap_start_tls($ds)) {
+ echo "Failed to start TLS";
+ exit;
}
-
- /* Iterate over all the attributes in the first
- * result. $ldapentries[0]['count'] contains the
- * attribute count, while $ldapentries[0][$i]
- * contains the name of the $i'th attribute.
- */
- for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
- $name = $ldapentries[0][$i];
-
- /* We currently ignore the 'jpegphoto'
- * attribute since it is relatively big.
+ */
+ if (!@ldap_bind($ds, $dn, $password)) {
+ $error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $config->getValue('auth.ldap.dnpattern')
+ . "] Error=[" . ldap_error($ds) . "] ErrNo=[" . ldap_errno($ds) . "]";
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'Fail', $username, $username . ' failed to authenticate');
+
+ } else {
+ $sr = ldap_read($ds, $dn, $config->getValue('auth.ldap.attributes'));
+ $ldapentries = ldap_get_entries($ds, $sr);
+
+ /* Check if we have any entries in the search result.
*/
- if ($name === 'jpegphoto') {
- continue;
+ if($ldapentries['count'] == 0) {
+ throw new Exception('LDAP: No entries in the search result.');
}
-
- $attribute = $ldapentries[0][$name];
-
- $values = array();
-
- for ($j = 0; $j < $attribute['count']; $j++) {
- $values[] = $attribute[$j];
+
+ /* Currently we only care about the first entry. We
+ * write a message to the error log if we have more.
+ */
+ if($ldapentries['count'] > 1) {
+ error_log('LDAP: we have more than one entry in the search result.');
}
-
- assert(!array_key_exists($name, $attributes));
- $attributes[$name] = $values;
+
+ /* Iterate over all the attributes in the first
+ * result. $ldapentries[0]['count'] contains the
+ * attribute count, while $ldapentries[0][$i]
+ * contains the name of the $i'th attribute.
+ */
+ for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
+ $name = $ldapentries[0][$i];
+
+ /* We currently ignore the 'jpegphoto'
+ * attribute since it is relatively big.
+ */
+ if ($name === 'jpegphoto') {
+ continue;
+ }
+
+ $attribute = $ldapentries[0][$name];
+
+ $values = array();
+
+ for ($j = 0; $j < $attribute['count']; $j++) {
+ $values[] = $attribute[$j];
+ }
+
+ assert(!array_key_exists($name, $attributes));
+ $attributes[$name] = $values;
+ }
+
+ $session->setAuthenticated(true, 'login');
+
+ $session->setAttributes($attributes);
+
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'OK', $username, $username . ' successfully authenticated');
+
+
+ SimpleSAML_Utilities::redirect($relaystate);
}
-
- $session->setAuthenticated(true, 'login');
-
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'OK', $username, $username . ' successfully authenticated');
-
-
- SimpleSAML_Utilities::redirect($relaystate);
+ // ldap_close() om du vil, men frigjoeres naar skriptet slutter
}
- // ldap_close() om du vil, men frigjoeres naar skriptet slutter
+
+
+
+ } catch (Exception $e) {
+ $error = $e->getMessage();
}
-
}
diff --git a/www/resources/default.css b/www/resources/default.css
index 40a504f3d..f6830d909 100644
--- a/www/resources/default.css
+++ b/www/resources/default.css
@@ -75,4 +75,19 @@ dl dd {
font-weight: bold;
color: #200;
margin: .3em;
+}
+
+.trackidtext {
+ border: 1px dashed #aaa;
+ background: #eaeaea;
+ padding: .6em;
+ margin: .4em;
+}
+.trackidtext .trackid {
+ border: 1px solid #ccc;
+ background: #eee;
+ margin: .4em;
+ padding: .4em;
+ font-family: monospace;
+ font-size: large;
}
\ No newline at end of file
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 401118ee2..5c2c6fdcd 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -29,8 +29,12 @@ $session = SimpleSAML_Session::getInstance(true);
$logger = new SimpleSAML_Logger();
-$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-$idpmeta = $metadata->getMetaDataCurrent('saml20-idp-hosted');
+try {
+ $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+ $idpmeta = $metadata->getMetaDataCurrent('saml20-idp-hosted');
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
$requestid = null;
@@ -75,15 +79,7 @@ if (isset($_GET['SAMLRequest'])) {
'Incomming Authentication request');
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error getting incomming request';
- $et->data['message'] = 'Something bad happened when simpleSAML got the incomming authentication request';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'PROCESSAUTHNREQUEST', $exception);
}
/*
@@ -108,31 +104,12 @@ if (isset($_GET['SAMLRequest'])) {
if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error retrieving authnrequest cache';
- $et->data['message'] = 'simpleSAML cannot find the authnrequest that it earlier stored.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CACHEAUTHNREQUEST', $exception);
}
} else {
- /*
- * We did neither get a request or a requestID as a parameter. Then throw an error.
- */
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'No parameters found';
- $et->data['message'] = 'You must either provide a SAML Request message or a RequestID on this interface.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SSOSERVICEPARAMS');
}
@@ -231,14 +208,7 @@ if (!isset($session) || !$session->isValid($authority) ) {
);
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error sending response to service';
- $et->data['message'] = 'Some error occured when trying to issue the authentication response, and send it back to the SP.';
- $et->data['e'] = $exception;
-
- $et->show();
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $exception);
}
}
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index d77de7729..21ba347a1 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -106,12 +106,7 @@ try {
} catch(Exception $exception) {
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Some error occured when trying to generate metadata.';
- $et->data['e'] = $exception;
-
- $et->show();
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 650ee213d..dabcc5547 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -41,29 +41,21 @@ try {
$binding = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
$authnResponse = $binding->decodeResponse($_POST);
-
+
$authnResponse->process();
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.AssertionConsumerService', 'AuthnResponse', '-',
- 'Successfully created local session from Authentication Response');
-
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.AssertionConsumerService', 'AuthnResponse', '-',
+ 'Successfully created local session from Authentication Response');
+
$relayState = $authnResponse->getRelayState();
if (isset($relayState)) {
SimpleSAML_Utilities::redirect($relayState);
} else {
- throw new Exception('Could not find RelayState parameter, you are stuck here.');
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error receiving response from IdP';
- $et->data['message'] = 'Some error occured when trying to issue the authentication request to the IdP.';
- $et->data['e'] = $exception;
-
- $et->show();
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'PROCESSASSERTION', $exception);
}
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
index 771469238..d14649d3b 100644
--- a/www/saml2/sp/SingleLogoutService.php
+++ b/www/saml2/sp/SingleLogoutService.php
@@ -13,28 +13,19 @@ require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
require_once('SimpleSAML/XHTML/Template.php');
-$config = SimpleSAML_Configuration::getInstance();
+$config = SimpleSAML_Configuration::getInstance(true);
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
// Get the local session
$session = SimpleSAML_Session::getInstance();
-/* Get the tracking id for this session if we have a valid session. Use an
- * empty string if we don't have a valid session.
- */
-if($session !== NULL) {
- $trackId = $session->getTrackId();
-} else {
- $trackId = '';
-}
$logger = new SimpleSAML_Logger();
-
-$logger->log(LOG_INFO, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'EVENT', 'Access',
+$logger->log(LOG_INFO, $session->getTrackId(), 'SAML2.0', 'SP.SingleLogoutService', 'EVENT', 'Access',
'Accessing SAML 2.0 SP endpoint SingleLogoutService');
// Destroy local session if exists.
-if (isset($session) && $session->isAuthenticated() ) {
+if (isset($session) ) {
$session->setAuthenticated(false);
$session->clean();
}
@@ -60,40 +51,32 @@ if (isset($_GET['SAMLRequest'])) {
//$responder = $config->getValue('saml2-hosted-sp');
$responder = $metadata->getMetaDataCurrentEntityID();
-
+
+ $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutRequest', $requestid,
+ 'IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ')');
+
+
+ // Create a logout response
+ $lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
+ $logoutResponseXML = $lr->generate($responder, $requester, $requestid, 'SP');
+
+
+ // Create a HTTP Redirect binding.
+ $httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
+
+
+ $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutResponse', '-',
+ 'SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')');
+
+ // Send the Logout response using HTTP POST binding.
+ $httpredirect->sendMessage($logoutResponseXML, $responser, $requester, $logoutrequest->getRelayState(), 'SingleLogoutServiceResponse', 'SAMLResponse');
+
} catch(Exception $exception) {
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error in received logout request';
- $et->data['message'] = 'An error occured when trying to read logout request.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTREQUEST', $exception);
}
-
- $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutRequest', $requestid,
- 'IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ')');
-
-
- // Create a logout response
- $lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
- $logoutResponseXML = $lr->generate($responder, $requester, $requestid, 'SP');
-
-
- // Create a HTTP Redirect binding.
- $httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
-
-
- $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutResponse', '-',
- 'SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')');
-
- // Send the Logout response using HTTP POST binding.
- $httpredirect->sendMessage($logoutResponseXML, $responser, $requester, $logoutrequest->getRelayState(), 'SingleLogoutServiceResponse', 'SAMLResponse');
-
} elseif(isset($_GET['SAMLResponse'])) {
// Create a HTTPRedirect binding
@@ -108,24 +91,13 @@ if (isset($_GET['SAMLRequest'])) {
}
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error in received logout response';
- $et->data['message'] = 'An error occured when trying to read logout response.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTRESPONSE', $exception);
}
if (isset($_GET['RelayState'])) {
SimpleSAML_Utilities::redirect($_GET['RelayState']);
} else {
-
- echo 'You are now successfully logged out.';
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
}
diff --git a/www/saml2/sp/idpdisco.php b/www/saml2/sp/idpdisco.php
index f941e0262..a2762fe96 100644
--- a/www/saml2/sp/idpdisco.php
+++ b/www/saml2/sp/idpdisco.php
@@ -7,10 +7,6 @@ require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/XHTML/Template.php');
require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
-require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
-//require_once('SimpleSAML/XML/SAML20/AuthnResponse.php');
-require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
-//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
@@ -29,12 +25,7 @@ try {
$returnidparam = $_GET['returnIDParam'];
} catch (Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
- $et->data['message'] = 'Error getting required parameters for IdP Discovery Service';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'DISCOPARAMS', $exception);
}
@@ -45,12 +36,14 @@ if (isset($_GET['idpentityid'])) {
$returnurl = SimpleSAML_Utilities::addURLparameter($return, $returnidparam . '=' . $idpentityid);
SimpleSAML_Utilities::redirect($returnurl);
-
+
}
-
-$idplist = $metadata->getList('saml20-idp-remote');
-
+try {
+ $idplist = $metadata->getList('saml20-idp-remote');
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
if ($config->getValue('idpdisco.layout') == 'dropdown') {
$t = new SimpleSAML_XHTML_Template($config, 'selectidp-dropdown.php');
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
index 508b8f154..57df42500 100644
--- a/www/saml2/sp/initSSO.php
+++ b/www/saml2/sp/initSSO.php
@@ -17,17 +17,17 @@ $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(true);
-$logger = new SimpleSAML_Logger();
-
-/*
+/**
* Incomming URL parameters
*
- * idpentityid The entityid of the wanted IdP to authenticate with. If not provided will use default.
- * spentityid The entityid of the SP config to use. If not provided will use default to host.
+ * idpentityid optional The entityid of the wanted IdP to authenticate with. If not provided will use default.
+ * spentityid optional The entityid of the SP config to use. If not provided will use default to host.
+ * RelayState required Where to send the user back to after authentication.
*
*/
+$logger = new SimpleSAML_Logger();
$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'EVENT', 'Access',
'Accessing SAML 2.0 SP initSSO script');
@@ -38,12 +38,7 @@ try {
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
} catch (Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
- $et->data['message'] = 'Error loading SAML 2.0 metadata';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
if (!isset($session) || !$session->isValid('saml2') ) {
@@ -76,20 +71,13 @@ if (!isset($session) || !$session->isValid('saml2') ) {
}
$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'AuthnRequest', $idpentityid,
- 'SP (' . $spentityid . ') is sending authenticatino request to IdP (' . $idpentityid . ')');
+ 'SP (' . $spentityid . ') is sending authentication request to IdP (' . $idpentityid . ')');
$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState);
- } catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Some error occured when trying to issue the authentication request to the IdP.';
- $et->data['e'] = $exception;
-
- $et->show();
- exit(0);
+ } catch(Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
}
} else {
@@ -104,14 +92,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
SimpleSAML_Utilities::redirect($relaystate);
} else {
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Could not get relay state, do not know where to send the user.';
- $et->data['e'] = new Exception();
-
- $et->show();
-
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
}
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index d53cd801e..09bcb30fb 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -10,7 +10,24 @@ require_once('SimpleSAML/XHTML/Template.php');
/* Load simpleSAMLphp, configuration and metadata */
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getInstance(TRUE);
+
+
+/**
+ * Preconfigured to help out some federations. This makes it easier for users to report metadata
+ * to the administrators of the IdP.
+ */
+$send_metadata_to_idp = array(
+ 'sam.feide.no' => array(
+ 'name' => 'Feide',
+ 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
+ ),
+ 'max.feide.no' => array(
+ 'name' => 'Feide',
+ 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
+ )
+);
+
try {
@@ -53,6 +70,12 @@ try {
$et->data['header'] = 'SAML 2.0 SP Metadata';
$et->data['metadata'] = htmlentities($metaxml);
+
+ if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
+ $et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
+ $et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
+ }
+
$et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
$et->data['defaultidp'] = $defaultidp;
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index fa06e2052..323806a29 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -51,14 +51,8 @@ if (isset($_GET['shire'])) {
$authnrequest = new SimpleSAML_XML_Shib13_AuthnRequest($config, $metadata);
$authnrequest->parseGet($_GET);
- //$session = $authnrequest->createSession();
-
$requestid = $authnrequest->getRequestID();
- //$session->setShibAuthnRequest($authnrequest);
-
-
-
/*
* Create an assoc array of the request to store in the session cache.
*/
@@ -107,29 +101,12 @@ if (isset($_GET['shire'])) {
if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error retrieving authnrequest cache';
- $et->data['message'] = 'simpleSAML cannot find the authnrequest that it earlier stored.';
- $et->data['e'] = $exception;
-
- $et->show();
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CACHEAUTHNREQUEST', $exception);
}
-
-} else {
- /*
- * We did neither get a request or a requestID as a parameter. Then throw an error.
- */
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'No parameters found';
- $et->data['message'] = 'You must either provide a Shibboleth Request message or a RequestID on this interface.';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+} else {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SSOSERVICEPARAMS');
}
$authority = isset($idpmeta['authority']) ? $idpmeta['authority'] : null;
@@ -205,15 +182,7 @@ if (!$session->isAuthenticated($authority) ) {
$idpentityid, $issuer, isset($requestcache['RelayState']) ? $requestcache['RelayState'] : null, $shire);
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['header'] = 'Error sending response to service';
- $et->data['message'] = 'Some error occured when trying to issue the authentication response, and send it back to the SP.';
- $et->data['e'] = $exception;
-
- $et->show();
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $exception);
}
}
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
index ccbaa8472..2baf66945 100644
--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -12,54 +12,29 @@ require_once('SimpleSAML/XHTML/Template.php');
try {
- /*
- echo '<pre>';
- print_r($_POST);
- echo '</pre>';
- */
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- #print_r($metadata->getMetaData('sam.feide.no'));
-# $sr = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata);
-
$binding = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
$authnResponse = $binding->decodeResponse($_POST);
- $xml = $authnResponse->getXML();
- /*
- echo '<pre>';
- echo $xml;
- echo '</pre>';
- */
-
$authnResponse->validate();
- $session = $authnResponse->createSession();
-
-
+ $session = $authnResponse->createSession(true);
if (isset($session)) {
$relayState = $authnResponse->getRelayState();
if (isset($relayState)) {
SimpleSAML_Utilities::redirect($relayState);
} else {
- echo 'Could not find RelayState parameter, you are stucked here.';
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
} else {
- throw new Exception('Unkown error. Could not get session.');
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOSESSION');
}
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Some error occured when trying to issue the authentication request to the IdP.';
- $et->data['e'] = $exception;
-
- $et->show();
-
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $exception);
}
diff --git a/www/shib13/sp/idpdisco.php b/www/shib13/sp/idpdisco.php
index 29d117d05..ab45917ab 100644
--- a/www/shib13/sp/idpdisco.php
+++ b/www/shib13/sp/idpdisco.php
@@ -25,12 +25,7 @@ try {
$returnidparam = $_GET['returnIDParam'];
} catch (Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
- $et->data['message'] = 'Error getting required parameters for IdP Discovery Service';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'DISCOPARAMS', $exception);
}
@@ -44,8 +39,11 @@ if (isset($_GET['idpentityid'])) {
}
-
-$idplist = $metadata->getList('shib13-idp-remote');
+try {
+ $idplist = $metadata->getList('shib13-idp-remote');
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
if ($config->getValue('idpdisco.layout') == 'dropdown') {
$t = new SimpleSAML_XHTML_Template($config, 'selectidp-dropdown.php');
diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php
index 95f2d2f90..736600b97 100644
--- a/www/shib13/sp/initSSO.php
+++ b/www/shib13/sp/initSSO.php
@@ -30,12 +30,7 @@ try {
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted');
} catch (Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
- $et->data['message'] = 'Error loading SAML 2.0 metadata';
- $et->data['e'] = $exception;
- $et->show();
- exit(0);
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
@@ -61,15 +56,8 @@ if (!isset($session) || !$session->isValid('shib13') ) {
$url = $ar->createRedirect($idpentityid);
SimpleSAML_Utilities::redirect($url);
- } catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Some error occured when trying to issue the authentication request to the IdP.';
- $et->data['e'] = $exception;
-
- $et->show();
-
+ } catch(Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
}
} else {
@@ -80,14 +68,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
if (isset($relaystate) && !empty($relaystate)) {
SimpleSAML_Utilities::redirect($relaystate);
} else {
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Could not get relay state, do not know where to send the user.';
- $et->data['e'] = new Exception();
-
- $et->show();
-
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
}
--
GitLab