Added error message when access is denied by the enable.* options in the config.php file

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@299 44740490-163a-0410-bde0-09ae8108e29a

www/saml2/idp/SSOService.php

@@ -38,6 +38,10 @@ $requestid = null;
 
 SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService');
 
+if (!$config->getValue('enable.saml20-idp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
 /*
  * If the SAMLRequest query parameter is set, we got an incomming Authentication Request 
  * at this interface.

www/saml2/idp/SingleLogoutService.php

@@ -31,8 +31,10 @@ $session = SimpleSAML_Session::getInstance();
 $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
 
 SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService');
-	
-	
+
+if (!$config->getValue('enable.saml20-idp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
 
 /**
  * If we get an incomming LogoutRequest then we initiate the logout process.

www/saml2/idp/metadata.php

@@ -14,6 +14,8 @@ $config = SimpleSAML_Configuration::getInstance();
 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance(true);
 
+if (!$config->getValue('enable.saml20-idp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
 
 /* Check if valid local session exists.. */

www/saml2/sp/AssertionConsumerService.php

@@ -29,6 +29,10 @@ $session = SimpleSAML_Session::getInstance(TRUE);
 
 SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2.0 SP endpoint AssertionConsumerService');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+	
 try {
 	
 	$config = SimpleSAML_Configuration::getInstance();	

www/saml2/sp/SingleLogoutService.php

@@ -22,6 +22,11 @@ $session = SimpleSAML_Session::getInstance(true);
 
 SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: Accessing SAML 2.0 SP endpoint SingleLogoutService');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
+
 // Destroy local session if exists.
 if (isset($session) ) {
 	$session->setAuthenticated(false);

www/saml2/sp/idpdisco.php

@@ -17,6 +17,10 @@ $session = SimpleSAML_Session::getInstance();
 
 SimpleSAML_Logger::info('SAML2.0 - SP.idpDisco: Accessing SAML 2.0 discovery service');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+	
 try {
 
 	if (!isset($_GET['entityID'])) throw new Exception('Missing parameter: entityID');

www/saml2/sp/initSLO.php

@@ -14,6 +14,10 @@ $session = SimpleSAML_Session::getInstance();
 
 SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO script');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+	
 if (isset($session) ) {
 	
 	try {

www/saml2/sp/initSSO.php

@@ -15,6 +15,7 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance(true);
 
 
+
 /**
  * Incomming URL parameters
  *
@@ -26,6 +27,8 @@ $session = SimpleSAML_Session::getInstance(true);
 
 SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: Accessing SAML 2.0 SP initSSO script');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
 try {
 

www/saml2/sp/metadata.php

@@ -13,6 +13,10 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance(TRUE);
 
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
 /**
  * Preconfigured to help out some federations. This makes it easier for users to report metadata
  * to the administrators of the IdP.

www/shib13/idp/SSOService.php

@@ -35,6 +35,11 @@ $requestid = null;
 
 SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP endpoint SSOService');
 
+if (!$config->getValue('enable.shib13-idp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
+
 /*
  * If the shire query parameter is set, we got an incomming Authentication Request 
  * at this interface.

www/shib13/sp/AssertionConsumerService.php

@@ -15,6 +15,9 @@ $session = SimpleSAML_Session::getInstance(TRUE);
 
 SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Accessing Shibboleth 1.3 SP endpoint AssertionConsumerService');
 
+if (!$config->getValue('enable.shib13-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
 try {
 
 	$config = SimpleSAML_Configuration::getInstance();

www/shib13/sp/idpdisco.php

@@ -16,6 +16,10 @@ $session = SimpleSAML_Session::getInstance();
 
 SimpleSAML_Logger::info('Shib1.3 - SP.idpDisco : Accessing Shib 1.3 discovery service');
 
+if (!$config->getValue('enable.shib13-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
 try {
 
 	if (!isset($_GET['entityID'])) throw new Exception('Missing parameter: entityID');

www/shib13/sp/initSSO.php

@@ -27,6 +27,10 @@ $session = SimpleSAML_Session::getInstance();
 
 SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Accessing Shib 1.3 SP initSSO script');
 
+if (!$config->getValue('enable.shib13-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
 try {
 
 	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getValue('default-shib13-idp') ;