From 26df6bb4f8f15c78580e700bc8a1a2472dfae42f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Thu, 14 Feb 2008 13:28:57 +0000
Subject: [PATCH] Added error message when access is denied by the enable.*
 options in the config.php file

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@299 44740490-163a-0410-bde0-09ae8108e29a
---
 www/saml2/idp/SSOService.php               | 4 ++++
 www/saml2/idp/SingleLogoutService.php      | 6 ++++--
 www/saml2/idp/metadata.php                 | 2 ++
 www/saml2/sp/AssertionConsumerService.php  | 4 ++++
 www/saml2/sp/SingleLogoutService.php       | 5 +++++
 www/saml2/sp/idpdisco.php                  | 4 ++++
 www/saml2/sp/initSLO.php                   | 4 ++++
 www/saml2/sp/initSSO.php                   | 3 +++
 www/saml2/sp/metadata.php                  | 4 ++++
 www/shib13/idp/SSOService.php              | 5 +++++
 www/shib13/sp/AssertionConsumerService.php | 3 +++
 www/shib13/sp/idpdisco.php                 | 4 ++++
 www/shib13/sp/initSSO.php                  | 4 ++++
 13 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 55fe924a9..ca92e057a 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -38,6 +38,10 @@ $requestid = null;
 
 SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService');
 
+if (!$config->getValue('enable.saml20-idp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
 /*
  * If the SAMLRequest query parameter is set, we got an incomming Authentication Request 
  * at this interface.
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index cf197d1ef..d49a080a3 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -31,8 +31,10 @@ $session = SimpleSAML_Session::getInstance();
 $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
 
 SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService');
-	
-	
+
+if (!$config->getValue('enable.saml20-idp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
 
 /**
  * If we get an incomming LogoutRequest then we initiate the logout process.
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 21ba347a1..6d62d956c 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -14,6 +14,8 @@ $config = SimpleSAML_Configuration::getInstance();
 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance(true);
 
+if (!$config->getValue('enable.saml20-idp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
 
 /* Check if valid local session exists.. */
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 7208ca3eb..99e001871 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -29,6 +29,10 @@ $session = SimpleSAML_Session::getInstance(TRUE);
 
 SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2.0 SP endpoint AssertionConsumerService');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+	
 try {
 	
 	$config = SimpleSAML_Configuration::getInstance();	
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
index 86a2ab047..e88e25f6b 100644
--- a/www/saml2/sp/SingleLogoutService.php
+++ b/www/saml2/sp/SingleLogoutService.php
@@ -22,6 +22,11 @@ $session = SimpleSAML_Session::getInstance(true);
 
 SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: Accessing SAML 2.0 SP endpoint SingleLogoutService');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
+
 // Destroy local session if exists.
 if (isset($session) ) {
 	$session->setAuthenticated(false);
diff --git a/www/saml2/sp/idpdisco.php b/www/saml2/sp/idpdisco.php
index 54759d005..ce16c0bfe 100644
--- a/www/saml2/sp/idpdisco.php
+++ b/www/saml2/sp/idpdisco.php
@@ -17,6 +17,10 @@ $session = SimpleSAML_Session::getInstance();
 
 SimpleSAML_Logger::info('SAML2.0 - SP.idpDisco: Accessing SAML 2.0 discovery service');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+	
 try {
 
 	if (!isset($_GET['entityID'])) throw new Exception('Missing parameter: entityID');
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
index 494f58cd7..70ce06cdc 100644
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -14,6 +14,10 @@ $session = SimpleSAML_Session::getInstance();
 
 SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO script');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+	
 if (isset($session) ) {
 	
 	try {
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
index 4e4982af6..50d64c573 100644
--- a/www/saml2/sp/initSSO.php
+++ b/www/saml2/sp/initSSO.php
@@ -15,6 +15,7 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance(true);
 
 
+
 /**
  * Incomming URL parameters
  *
@@ -26,6 +27,8 @@ $session = SimpleSAML_Session::getInstance(true);
 
 SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: Accessing SAML 2.0 SP initSSO script');
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
 try {
 
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index 9ff76a86f..321c94d8e 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -13,6 +13,10 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance(TRUE);
 
 
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
 /**
  * Preconfigured to help out some federations. This makes it easier for users to report metadata
  * to the administrators of the IdP.
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index 885cd9053..3d50db4b2 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -35,6 +35,11 @@ $requestid = null;
 
 SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP endpoint SSOService');
 
+if (!$config->getValue('enable.shib13-idp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
+
 /*
  * If the shire query parameter is set, we got an incomming Authentication Request 
  * at this interface.
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
index 70e149446..b6f34e85b 100644
--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -15,6 +15,9 @@ $session = SimpleSAML_Session::getInstance(TRUE);
 
 SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Accessing Shibboleth 1.3 SP endpoint AssertionConsumerService');
 
+if (!$config->getValue('enable.shib13-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
 try {
 
 	$config = SimpleSAML_Configuration::getInstance();
diff --git a/www/shib13/sp/idpdisco.php b/www/shib13/sp/idpdisco.php
index 55d4503e3..fad842e83 100644
--- a/www/shib13/sp/idpdisco.php
+++ b/www/shib13/sp/idpdisco.php
@@ -16,6 +16,10 @@ $session = SimpleSAML_Session::getInstance();
 
 SimpleSAML_Logger::info('Shib1.3 - SP.idpDisco : Accessing Shib 1.3 discovery service');
 
+if (!$config->getValue('enable.shib13-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
 try {
 
 	if (!isset($_GET['entityID'])) throw new Exception('Missing parameter: entityID');
diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php
index 49a93a6a4..eb8de42dd 100644
--- a/www/shib13/sp/initSSO.php
+++ b/www/shib13/sp/initSSO.php
@@ -27,6 +27,10 @@ $session = SimpleSAML_Session::getInstance();
 
 SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Accessing Shib 1.3 SP initSSO script');
 
+if (!$config->getValue('enable.shib13-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
 try {
 
 	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getValue('default-shib13-idp') ;
-- 
GitLab