diff --git a/modules/aggregator2/docs/aggregator2.txt b/modules/aggregator2/docs/aggregator2.txt
index 43483323d4d1d6ef059f706c7316071e10423e58..564f439426f975c44b6f2a84ff203640fb9629b7 100644
--- a/modules/aggregator2/docs/aggregator2.txt
+++ b/modules/aggregator2/docs/aggregator2.txt
@@ -66,6 +66,24 @@ The aggregator can be configured with the following options:
This certificate is included in the generated metadata.
The path to the certificate can be absolute, or it can be relative to the `cert`-directory.
+`RegistrationInfo`
+: Allows to specify information about the registrar of this aggregate. Please refer to the
+ 'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
+ for further information on this topic. This option accepts an array with the following
+ options:
+
+: - `authority`: The unique identifier of the authority that registered the entity.
+ It is recommended that this be a URL that resolves to a human readable page describing
+ the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
+
+: - `instant`: The instant the entity was registered with the authority. Time values
+ must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
+ is OPTIONAL.
+
+: - `policies`: The policy under which the entity was registered. An indexed array with
+ URLs pointing to the localized versions of the policy. Each index will be used as the
+ language identifier. This parameter is OPTIONAL.
+
### Aggregator source configuration
diff --git a/modules/aggregator2/lib/Aggregator.php b/modules/aggregator2/lib/Aggregator.php
index caf283a72f5ca58723854dcfd719faa91574d896..5d0ae2f2edb5ac6feae948f62545f72ff120e616 100644
--- a/modules/aggregator2/lib/Aggregator.php
+++ b/modules/aggregator2/lib/Aggregator.php
@@ -119,6 +119,14 @@ class sspmod_aggregator2_Aggregator {
protected $cacheTag;
+ /**
+ * The registration information for our generated metadata.
+ *
+ * @var array
+ */
+ protected $regInfo;
+
+
/**
* Initialize this aggregator.
*
@@ -172,6 +180,8 @@ class sspmod_aggregator2_Aggregator {
$this->sslCAFile = $config->getString('ssl.cafile', NULL);
+ $this->regInfo = $config->getArray('RegistrationInfo', NULL);
+
$this->initSources($config->getConfigList('sources'));
}
@@ -379,6 +389,29 @@ class sspmod_aggregator2_Aggregator {
protected function getEntitiesDescriptor() {
$ret = new SAML2_XML_md_EntitiesDescriptor();
+
+ $now = time();
+
+ // add RegistrationInfo extension if enabled
+ if ($this->regInfo !== NULL) {
+ $ri = new SAML2_XML_mdrpi_RegistrationInfo();
+ $ri->registrationInstant = $now;
+ foreach ($this->regInfo as $riName => $riValues) {
+ switch ($riName) {
+ case 'authority':
+ $ri->registrationAuthority = $riValues;
+ break;
+ case 'instant':
+ $ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues);
+ break;
+ case 'policies':
+ $ri->RegistrationPolicy = $riValues;
+ break;
+ }
+ }
+ $ret->Extensions[] = $ri;
+ }
+
foreach ($this->sources as $source) {
$m = $source->getMetadata();
if ($m === NULL) {
@@ -387,7 +420,7 @@ class sspmod_aggregator2_Aggregator {
$ret->children[] = $m;
}
- $ret->validUntil = time() + $this->validLength;
+ $ret->validUntil = $now + $this->validLength;
return $ret;
}
diff --git a/modules/aggregator2/www/get.php b/modules/aggregator2/www/get.php
index bb47f8d696e296dcae02785031105f1d8f68a234..016eef2956118412f6948142a5d2d48b8820e5b0 100644
--- a/modules/aggregator2/www/get.php
+++ b/modules/aggregator2/www/get.php
@@ -3,7 +3,6 @@
if (!isset($_REQUEST['id'])) {
throw new SimpleSAML_Error_BadRequest('Missing required id-parameter.');
}
-
$id = (string)$_REQUEST['id'];
$aggregator = sspmod_aggregator2_Aggregator::getAggregator($id);
@@ -11,4 +10,11 @@ $xml = $aggregator->getMetadata();
header('Content-Type: application/samlmetadata+xml');
header('Content-Length: ' . strlen($xml));
+
+/*
+ * At this point, if the ID was forged, getMetadata() would
+ * have failed to find a valid metadata set, so we can trust it.
+ */
+header('Content-Disposition: filename='.$id.'.xml');
+
echo($xml);