diff --git a/dictionaries/error_CACHEAUTHNREQUEST.php b/dictionaries/error_CACHEAUTHNREQUEST.php
deleted file mode 100644
index 00a7b3fde1acdc3c3bc02796b463d4c0a1210a23..0000000000000000000000000000000000000000
--- a/dictionaries/error_CACHEAUTHNREQUEST.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Error making single sign-on to service',
- 'descr' => 'You can authenticated and are ready to be sent back to the service that requested authentication, but we could not find your cached authentication request. The request is only cached for a limited amount of time. If you leaved your browser open for hours before entering your username and password, this could be one possible explaination. If this could be the case in your situation, try to go back to the service you want to access, and start a new login process. If this issue continues, please report the problem.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_CREATEREQUEST.php b/dictionaries/error_CREATEREQUEST.php
deleted file mode 100644
index e6ff68139736736eeb2ac8ba7759c9290ba358b2..0000000000000000000000000000000000000000
--- a/dictionaries/error_CREATEREQUEST.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Error creating request',
- 'descr' => 'An error occured when trying to create the SAML request.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_DISCOPARAMS.php b/dictionaries/error_DISCOPARAMS.php
deleted file mode 100644
index 2c714f2586bf07adaf38043293f7cbb0bf6548cc..0000000000000000000000000000000000000000
--- a/dictionaries/error_DISCOPARAMS.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Bad request to discovery service',
- 'descr' => 'The parameters sent to the discovery service were not following the specification.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_GENERATEAUTHNRESPONSE.php b/dictionaries/error_GENERATEAUTHNRESPONSE.php
deleted file mode 100644
index 365459c2a2ad01de2c564e66f3ca64d6376066dc..0000000000000000000000000000000000000000
--- a/dictionaries/error_GENERATEAUTHNRESPONSE.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Could not create authentication response',
- 'descr' => 'When this identity provider tried to create an authentication response, an error occured.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_LDAPERROR.php b/dictionaries/error_LDAPERROR.php
deleted file mode 100644
index 28d36170dbd26c9bde33ef7b5d8808405735f9b1..0000000000000000000000000000000000000000
--- a/dictionaries/error_LDAPERROR.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'LDAP Error',
- 'descr' => 'LDAP is the user database, and when you try to login, we need to contact an LDAP database. When we tried it this time an error occured.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_LOGOUTREQUEST.php b/dictionaries/error_LOGOUTREQUEST.php
deleted file mode 100644
index 69ad2f52d6fc24c688521033b21adb6e049a2609..0000000000000000000000000000000000000000
--- a/dictionaries/error_LOGOUTREQUEST.php
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Error processing Logout Request',
- 'descr' => 'An error occured when trying to process the Logout Request.'
-
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_LOGOUTRESPONSE.php b/dictionaries/error_LOGOUTRESPONSE.php
deleted file mode 100644
index 1ae382aecc9c768c1159cb9c3c758fff4c28cbb5..0000000000000000000000000000000000000000
--- a/dictionaries/error_LOGOUTRESPONSE.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Error processing Logout Response',
- 'descr' => 'An error occured when trying to process the Logout Response.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_METADATA.php b/dictionaries/error_METADATA.php
deleted file mode 100644
index beac8c36af43d5c77383cc3e5f40e5cc12595f39..0000000000000000000000000000000000000000
--- a/dictionaries/error_METADATA.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Error loading metadata',
- 'descr' => 'There is some misconfiguration of your simpleSAMLphp installation. If you are the administrator of this service, you should make sure your metadata configuration is correctly setup.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_NOACCESS.php b/dictionaries/error_NOACCESS.php
deleted file mode 100644
index 4181fd00ec2b76dc3af06ef608d034461a8a914b..0000000000000000000000000000000000000000
--- a/dictionaries/error_NOACCESS.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'No Access',
- 'descr' => 'This endpoint is not enabled. Check the enable options in your configuration of simpleSAMLphp.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_NORELAYSTATE.php b/dictionaries/error_NORELAYSTATE.php
deleted file mode 100644
index 01f5786fe8335d244bcb505573d1bf7a1a21456e..0000000000000000000000000000000000000000
--- a/dictionaries/error_NORELAYSTATE.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'No RelayState',
- 'descr' => 'The initiator of this request did not provide an RelayState parameter, that tells where to go next.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_NOSESSION.php b/dictionaries/error_NOSESSION.php
deleted file mode 100644
index cdb51dae33f1feb027ee09e78a7b3ff31db50b57..0000000000000000000000000000000000000000
--- a/dictionaries/error_NOSESSION.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'No session found',
- 'descr' => 'Unfortuneately we could not get your session. This could be because your browser do not support cookies, or cookies is disabled.'
- ),
- 'no' => array(
- 'title' => 'Kunne ikke etablere sesjon',
- 'descr' => 'Desverre kunne vi ikke etablere en sesjon for deg. Dette kan skyldes at din nettleser ikke støtter cookies, eller at cookies er slått av.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_PROCESSASSERTION.php b/dictionaries/error_PROCESSASSERTION.php
deleted file mode 100644
index 486605e906209f3931550d557037875feb499e55..0000000000000000000000000000000000000000
--- a/dictionaries/error_PROCESSASSERTION.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Error processing response from IdP',
- 'descr' => 'We did not accept the response sent from the Identity Provider.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_PROCESSAUTHNREQUEST.php b/dictionaries/error_PROCESSAUTHNREQUEST.php
deleted file mode 100644
index f0866cb55f5f5bfe1e816fbd33ab4870fc000463..0000000000000000000000000000000000000000
--- a/dictionaries/error_PROCESSAUTHNREQUEST.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Error processing request from Service Provider',
- 'descr' => 'This IdP received an authentication request from a service provider, but an error occured when trying to process the request.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/error_SSOSERVICEPARAMS.php b/dictionaries/error_SSOSERVICEPARAMS.php
deleted file mode 100644
index cdf0717416eec09362f642b514023a29b3a2cfad..0000000000000000000000000000000000000000
--- a/dictionaries/error_SSOSERVICEPARAMS.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$lang = array(
- 'en' => array(
- 'title' => 'Wrong parameters provided',
- 'descr' => 'You must either provide a SAML Request message or a RequestID on this interface.'
- )
-);
\ No newline at end of file
diff --git a/dictionaries/errors.php b/dictionaries/errors.php
new file mode 100644
index 0000000000000000000000000000000000000000..49a654a64bcee3f3e52a8ff09b4d981b2cfd2616
--- /dev/null
+++ b/dictionaries/errors.php
@@ -0,0 +1,54 @@
+<?php
+
+$lang = array(
+ 'en' => array(
+ 'title_CACHEAUTHNREQUEST' => 'Error making single sign-on to service',
+ 'descr_CACHEAUTHNREQUEST' => 'You can authenticated and are ready to be sent back to the service that requested authentication, but we could not find your cached authentication request. The request is only cached for a limited amount of time. If you leaved your browser open for hours before entering your username and password, this could be one possible explaination. If this could be the case in your situation, try to go back to the service you want to access, and start a new login process. If this issue continues, please report the problem.',
+
+ 'title_CREATEREQUEST' => 'Error creating request',
+ 'descr_CREATEREQUEST' => 'An error occured when trying to create the SAML request.',
+
+ 'title_DISCOPARAMS' => 'Bad request to discovery service',
+ 'descr_DISCOPARAMS' => 'The parameters sent to the discovery service were not following the specification.',
+
+ 'title_GENERATEAUTHNRESPONSE' => 'Could not create authentication response',
+ 'descr_GENERATEAUTHNRESPONSE' => 'When this identity provider tried to create an authentication response, an error occured.',
+
+ 'title_LDAPERROR' => 'LDAP Error',
+ 'descr_LDAPERROR' => 'LDAP is the user database, and when you try to login, we need to contact an LDAP database. When we tried it this time an error occured.',
+
+ 'title_LOGOUTREQUEST' => 'Error processing Logout Request',
+ 'descr_LOGOUTREQUEST' => 'An error occured when trying to process the Logout Request.',
+
+ 'title_LOGOUTRESPONSE' => 'Error processing Logout Response',
+ 'descr_LOGOUTRESPONSE' => 'An error occured when trying to process the Logout Response.',
+
+ 'title_METADATA' => 'Error loading metadata',
+ 'descr_METADATA' => 'There is some misconfiguration of your simpleSAMLphp installation. If you are the administrator of this service, you should make sure your metadata configuration is correctly setup.',
+
+ 'title_NOACCESS' => 'No access',
+ 'descr_NOACCESS' => 'This endpoint is not enabled. Check the enable options in your configuration of simpleSAMLphp.',
+
+ 'title_NORELAYSTATE' => 'No RelayState',
+ 'descr_NORELAYSTATE' => 'The initiator of this request did not provide an RelayState parameter, that tells where to go next.',
+
+ 'title_NOSESSION' => 'No session found',
+ 'descr_NOSESSION' => 'Unfortuneately we could not get your session. This could be because your browser do not support cookies, or cookies is disabled.',
+
+ 'title_PROCESSASSERTION' => 'Error processing response from IdP',
+ 'descr_PROCESSASSERTION' => 'We did not accept the response sent from the Identity Provider.',
+
+ 'title_PROCESSAUTHNRESPONSE' => 'Error processing request from Service Provider',
+ 'descr_PROCESSAUTHNRESPONSE' => 'This IdP received an authentication request from a service provider, but an error occured when trying to process the request.',
+
+ 'title_SSOSERVICEPARAMS' => 'Wrong parameters provided',
+ 'descr_SSOSERVICEPARAMS' => 'You must either provide a SAML Request message or a RequestID on this interface.',
+
+ 'title_SLOSERVICEPARAMS' => 'No SAML message provided',
+ 'descr_SLOSERVICEPARAMS' => 'You accessed the SingleLogoutService interface, but did not provide a SAML LogoutRequest or LogoutResponse.',
+
+ 'title_ACSPARAMS' => 'No SAML response provided',
+ 'descr_ACSPARAMS' => 'You accessed the Assertion Consumer Service interface, but did not provide a SAML Authentication Response.'
+ )
+
+);
\ No newline at end of file
diff --git a/lib/SimpleSAML/Auth/LDAP.php b/lib/SimpleSAML/Auth/LDAP.php
index bfceb59acec5f5d4e59731cfa1a56c3810f96556..b26e4ba085ad1524083b06ada74deea9de28135a 100644
--- a/lib/SimpleSAML/Auth/LDAP.php
+++ b/lib/SimpleSAML/Auth/LDAP.php
@@ -2,6 +2,7 @@
require_once('SimpleSAML/Configuration.php');
require_once('SimpleSAML/Utilities.php');
+require_once('SimpleSAML/Logger.php');
/**
* The LDAP class holds helper functions to access an LDAP database.
@@ -43,6 +44,10 @@ class SimpleSAML_Auth_LDAP {
public function searchfordn($searchbase, $searchattr, $searchvalue) {
+
+ SimpleSAML_Logger::debug('Library - LDAP: Search for DN (base:' .
+ $searchbase . ' attr:' . $searchattr . ' value:' . $searchvalue . ')');
+
// Search for ePPN
$search = '(' . $searchattr . '=' . $searchvalue. ')';
$search_result = @ldap_search($this->ldap, $searchbase, $search);
@@ -78,8 +83,10 @@ class SimpleSAML_Auth_LDAP {
*/
public function bind($dn, $password) {
if (@ldap_bind($this->ldap, $dn, $password)) {
+ SimpleSAML_Logger::debug('Library - LDAP: Bind successfull with ' . $dn);
return true;
}
+ SimpleSAML_Logger::debug('Library - LDAP: Bind failed with ' . $dn);
return false;
}
@@ -89,7 +96,7 @@ class SimpleSAML_Auth_LDAP {
*/
public function getAttributes($dn, $search) {
-
+ SimpleSAML_Logger::debug('Library - LDAP: Get attributes from ' . $dn . ' (' . $search . ')');
$sr = @ldap_read($this->ldap, $dn, $search );
if ($sr === false)
@@ -111,6 +118,8 @@ class SimpleSAML_Auth_LDAP {
$attributes[$ldapentries[0][$i]] = $values;
}
+
+ SimpleSAML_Logger::debug('Library - LDAP: Found attributes (' . join(',', array_keys($attributes)) . ')');
return $attributes;
}
diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php
index 2a2cdb8ac8c9356913acb01f653d7414d3f9892f..80555738e27c08042fd550c9fdc108a722dcbdb4 100644
--- a/lib/SimpleSAML/Logger.php
+++ b/lib/SimpleSAML/Logger.php
@@ -100,7 +100,7 @@ class SimpleSAML_Logger {
* get trackid, prefixes all logstrings
*/
$session = SimpleSAML_Session::getInstance();
- self::$trackid = $session->getTrackID();
+ self::$trackid = (isset($session) ? $session->getTrackID() : 'NA');
/* If 'session.handler' is NULL or unset, then we want
* to fall back to the default PHP session handler.
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 2fa078b356691a67f1d093e5d7356856b23cfaff..8cf5309f29de7d4f0eaee9cd23c86d9379bffbcd 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -78,6 +78,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
$this->sessionduration = $configuration->getValue('session.duration');
$this->trackid = SimpleSAML_Utilities::generateTrackID();
+
}
@@ -161,6 +162,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
// *** *** *** *** *** *** *** *** *** *** ***
public function add_sp_session($entityid) {
+ SimpleSAML_Logger::debug('Library - Session: Adding SP session: ' . $entityid);
$this->sp_at_idpsessions[$entityid] = self::STATE_ONLINE;
}
@@ -191,6 +193,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
}
public function set_sp_logout_completed($entityid) {
+ SimpleSAML_Logger::debug('Library - Session: Setting SP state completed for : ' . $entityid);
$this->dirty = true;
$this->sp_at_idpsessions[$entityid] = self::STATE_LOGGEDOUT;
}
@@ -272,6 +275,8 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
public function setIdP($idp) {
+
+ SimpleSAML_Logger::debug('Library - Session: Set IdP to : ' . $idp);
$this->dirty = true;
$this->idp = $idp;
}
@@ -284,6 +289,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
public function setLogoutRequest($requestcache) {
+ SimpleSAML_Logger::debug('Library - Session: Adding LogoutRequest cache.');
$this->dirty = true;
$this->logoutrequest = $requestcache;
}
@@ -297,6 +303,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
public function setSessionIndex($sessionindex) {
+ SimpleSAML_Logger::debug('Library - Session: Set sessionindex: ' . $sessionindex);
$this->dirty = true;
$this->sessionindex = $sessionindex;
}
@@ -304,6 +311,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
return $this->sessionindex;
}
public function setNameID($nameid) {
+ SimpleSAML_Logger::debug('Library - Session: Set nameID: ');
$this->dirty = true;
$this->nameid = $nameid;
}
@@ -313,6 +321,8 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
public function setAuthenticated($auth, $authority = null) {
+ SimpleSAML_Logger::debug('Library - Session: Set authenticated ' . ($auth ? 'yes': 'no'). ' authority:' .
+ (isset($authority) ? $authority : 'null'));
$this->authority = $authority;
$this->authenticated = $auth;
@@ -322,6 +332,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
}
public function setSessionDuration($duration) {
+ SimpleSAML_Logger::debug('Library - Session: Set session duration ' . $duration);
$this->dirty = true;
$this->sessionduration = $duration;
}
@@ -332,6 +343,12 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
* This function will return false after the user has timed out.
*/
public function isValid($authority = null) {
+ SimpleSAML_Logger::debug('Library - Session: Check if session is valid.' .
+ ' checkauthority:' . (isset($authority) ? $authority : 'null') .
+ ' thisauthority:' . (isset($this->authority) ? $this->authority : 'null') .
+ ' isauthenticated:' . ($this->isAuthenticated() ? 'yes' : 'no') .
+ ' remainingtime:' . $this->remainingTime());
+
if (!$this->isAuthenticated()) return false;
if (!empty($authority) && ($authority != $this->authority) ) return false;
return $this->remainingTime() > 0;
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index ac6d1a2aab88d6e40d86380cc8b7252f4e8fd8fc..f32f4a41965fe1dc67e662f99a3ce8067df07ac8 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -290,12 +290,14 @@ class SimpleSAML_Utilities {
SimpleSAML_Logger::error($_SERVER['PHP_SELF'].' - UserError: ErrCode:'.(!empty($errorcode) ? $errorcode : 'na').': '.urlencode($emsg) );
$languagefile = null;
- if (isset($errorcode)) $languagefile = 'error_' . $errorcode . '.php';
+ if (isset($errorcode)) $languagefile = 'errors.php';
// Initialize a template
$t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile);
+ $t->data['errorcode'] = $errorcode;
+
$t->data['showerrors'] = $config->getValue('showerrors', true);
$t->data['errorreportaddress'] = $config->getValue('errorreportaddress', null);
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index 2ccc13501523f18c1ce8fb8f9a7e5929af67db3e..742882de397f1bd6039c055eb520af43524194ce 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -92,8 +92,10 @@ class SimpleSAML_XHTML_Template {
include($filebase . $file);
}
+ /**
+ * Include language file from the dictionaries directory.
+ */
private function includeLanguageFile($file) {
- $data = $this->data;
$filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('dictionarydir');
if (!file_exists($filebase . $file)) {
@@ -115,7 +117,9 @@ class SimpleSAML_XHTML_Template {
}
}
-
+ /**
+ * Show the template to the user.
+ */
public function show() {
$data = $this->data;
$filename = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' .
@@ -128,7 +132,7 @@ class SimpleSAML_XHTML_Template {
if (!file_exists($filename)) {
- SimpleSAML_Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']');
+ SimpleSAML_Logger::critical($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']');
echo 'Fatal error: Could not find template file [' . $this->template . '] at [' . $filename . ']';
exit(0);
diff --git a/templates/default/en/error.php b/templates/default/en/error.php
index 221b1ff8db54027086829ed90de9213eadfb5fa1..9f8f12f5a9bf2765bc52c86ed6010fa4861800e2 100644
--- a/templates/default/en/error.php
+++ b/templates/default/en/error.php
@@ -5,13 +5,15 @@
?>
- <div id="content">
-
- <h2><?php echo (isset($this->data['title']) ? $this->data['title'] : 'simpleSAMLphp error'); ?></h2>
+<div id="content">
+
+ <h2><?php
+ echo (isset($this->data['title_' . $this->data['errorcode']]) ? $this->data['title_' . $this->data['errorcode']] : 'simpleSAMLphp error');
+ ?></h2>
<?php
-if(array_key_exists('descr', $this->data)) {
- echo '<p>' . $this->data['descr'] . '</p>';
+if(array_key_exists('descr_' . $this->data['errorcode'], $this->data)) {
+ echo '<p>' . $this->data['descr_' . $this->data['errorcode']] . '</p>';
}
?>
@@ -77,10 +79,10 @@ if (!empty($this->data['errorreportaddress'])) {
- <h2 style="clear: both">How to get help</h2>
-
-
- <p>This error probably is due to some unexpected behaviour or to misconfiguration of simpleSAMLphp. Contact the administrator of this login service, and send them the error message above.</p>
+ <h2 style="clear: both">How to get help</h2>
+
+
+ <p>This error probably is due to some unexpected behaviour or to misconfiguration of simpleSAMLphp. Contact the administrator of this login service, and send them the error message above.</p>
diff --git a/templates/default/en/status.php b/templates/default/en/status.php
index da93738c16bbcff7539f11bbe5f94b76c78daabc..dd9c13b011317080fea3cfc878c6ef670d85e7b1 100644
--- a/templates/default/en/status.php
+++ b/templates/default/en/status.php
@@ -1,43 +1,43 @@
<?php $this->includeAtTemplateBase('includes/header.php'); ?>
- <div id="content">
+<div id="content">
- <h2><?php if (isset($data['header'])) { echo $data['header']; } else { echo "Some error occured"; } ?></h2>
-
- <p>Hi, this is the status page of simpleSAMLphp. Here you can see if your session is timed out, how long it lasts until it times out and all the attributes that is attached to your session.</p>
-
- <p><?php echo $data['valid']; ?>. Your session is valid for <?php echo $data['remaining']; ?> seconds from now.</p>
-
- <p>Session size: <?php echo isset($data['sessionsize']) ? $data['sessionsize'] : 'na'; ?>
-
- <h2>Your attributes</h2>
+ <h2><?php if (isset($data['header'])) { echo $data['header']; } else { echo "Some error occured"; } ?></h2>
+
+ <p>Hi, this is the status page of simpleSAMLphp. Here you can see if your session is timed out, how long it lasts until it times out and all the attributes that is attached to your session.</p>
+
+ <p>Your session is valid for <?php echo $data['remaining']; ?> seconds from now.</p>
+
+ <p>Session size: <?php echo isset($data['sessionsize']) ? $data['sessionsize'] : 'na'; ?>
+
+ <h2>Your attributes</h2>
+
+ <table>
+ <?php
- <table>
- <?php
-
- $attributes = $data['attributes'];
- foreach ($attributes AS $name => $value) {
- if (sizeof($value) > 1) {
- echo '<tr><td>' . htmlspecialchars($name) . '</td><td><ul>';
- foreach ($value AS $v) {
- echo '<li>' . htmlspecialchars($v) . '</li>';
- }
- echo '</ul></td></tr>';
- } else {
- echo '<tr><td>' . htmlspecialchars($name) . '</td><td>' . htmlspecialchars($value[0]) . '</td></tr>';
+ $attributes = $data['attributes'];
+ foreach ($attributes AS $name => $value) {
+ if (sizeof($value) > 1) {
+ echo '<tr><td>' . htmlspecialchars($name) . '</td><td><ul>';
+ foreach ($value AS $v) {
+ echo '<li>' . htmlspecialchars($v) . '</li>';
}
+ echo '</ul></td></tr>';
+ } else {
+ echo '<tr><td>' . htmlspecialchars($name) . '</td><td>' . htmlspecialchars($value[0]) . '</td></tr>';
}
-
- ?>
- </table>
+ }
+
+ ?>
+ </table>
- <h2>Logout</h2>
+ <h2>Logout</h2>
- <p><?php echo $data['logout']; ?></p>
-
- <h2>About simpleSAMLphp</h2>
- <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
- You can find more information about simpleSAMLphp at <a href="http://rnd.feide.no">the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
-
+ <p><?php echo $data['logout']; ?></p>
+
+ <h2>About simpleSAMLphp</h2>
+ <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
+ You can find more information about simpleSAMLphp at <a href="http://rnd.feide.no">the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
+
<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
\ No newline at end of file
diff --git a/templates/default/includes/footer.php b/templates/default/includes/footer.php
index 4cb1ec8d99bc232fbcd8488c98c21625138c377c..7cdc13c9a90fdc0eeebb69f5b3db43851090ae68 100644
--- a/templates/default/includes/footer.php
+++ b/templates/default/includes/footer.php
@@ -1,6 +1,6 @@
<hr />
- Copyright © 2007 <a href="http://rnd.feide.no/">Feide RnD</a>
+ Copyright © 2007-2008 <a href="http://rnd.feide.no/">Feide RnD</a>
<hr />
diff --git a/www/example-simple/saml2-example.php b/www/example-simple/saml2-example.php
index 394cc9f97381e29ee18a3bc36d7e33fbbe2b5cfc..c483c0eb10ca8b4d657a343116ddde325658dfb3 100644
--- a/www/example-simple/saml2-example.php
+++ b/www/example-simple/saml2-example.php
@@ -1,25 +1,48 @@
<?php
+/**
+ * The _include script sets simpleSAMLphp libraries in the PHP PATH, as well as
+ * initialize the simpleSAMLphp config class with the correct path.
+ */
require_once('../_include.php');
+/**
+ * We need to load a few classes from simpleSAMLphp. These are available because
+ * the _include script above did set the PHP class PATH properly.
+ */
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
-require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
require_once('SimpleSAML/XHTML/Template.php');
/* Load simpleSAMLphp, configuration and metadata */
$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getInstance(true);
+$session = SimpleSAML_Session::getInstance(TRUE);
-/* Check if valid local session exists.. */
-if (!isset($session) || !$session->isValid('saml2') ) {
+/**
+ * Check if valid local session exists, and the authority is the SAML 2.0 SP
+ * part of simpleSAMLphp. If the currenct session is not valid, the user is
+ * redirected to the initSSO.php script. This script will send the user to
+ * a SAML 2.0 IdP with an authentication request, and thereafter the user
+ * will be asked at the SAML 2.0 IdP to authenticate. You add one important
+ * parameter when you send the user to the initSSO script, the RelayState.
+ * The RelayState URL is the URL that you want to send the user to after
+ * authentication is complete - and usually you want to send the user back
+ * to this very page. To get the URL of the current page we use the selfURL()
+ * helper function.
+ *
+ * When the user is complete authenticating at the IdP, the user will be sent
+ * back to the AssertionConsumerService.php script in simpleSAMLphp. The assertion
+ * is validated, and if trusted, the user's session is set to be valid, and the user
+ * is redirected back to the RelayState URL. And then the user is here again, but
+ * authenticated, and therefore passes the if sentence below, and moves on to
+ * retrieving attributes from the session.
+ */
+if (!$session->isValid('saml2') ) {
SimpleSAML_Utilities::redirect(
- '/' . $config->getValue('baseurlpath') .
- 'saml2/sp/initSSO.php',
+ '/' . $config->getValue('baseurlpath') . 'saml2/sp/initSSO.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
- );
+ );
}
$attributes = $session->getAttributes();
@@ -34,18 +57,16 @@ $attributes = $session->getAttributes();
*
*/
-$et = new SimpleSAML_XHTML_Template($config, 'status.php');
+$t = new SimpleSAML_XHTML_Template($config, 'status.php');
-$et->data['header'] = 'SAML 2.0 SP Demo Example';
-$et->data['remaining'] = $session->remainingTime();
-$et->data['sessionsize'] = $session->getSize();
-$et->data['attributes'] = $attributes;
-$et->data['valid'] = $session->isValid() ? 'Session is valid' : 'Session is invalid';
- $et->data['icon'] = 'bino.png';
-$et->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=/' .
+$t->data['header'] = 'SAML 2.0 SP Demo Example';
+$t->data['remaining'] = $session->remainingTime();
+$t->data['sessionsize'] = $session->getSize();
+$t->data['attributes'] = $attributes;
+$t->data['icon'] = 'bino.png';
+$t->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=/' .
$config->getValue('baseurlpath') . 'logout.html">Logout</a> ]';
-
-$et->show();
+$t->show();
?>
\ No newline at end of file
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index d49a080a3663b2df24f1d51922b10bb6eda5af15..a265542b126d3c71fa947ff3c102d57641df5cad 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -28,12 +28,16 @@ $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
-$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-
SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService');
if (!$config->getValue('enable.saml20-idp', false))
- SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+ SimpleSAML_Utilities::fatalError(isset($session) ? $session->getTrackID() : null, 'NOACCESS');
+
+try {
+ $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
/**
@@ -147,6 +151,9 @@ if (isset($_GET['SAMLRequest'])) {
$session->set_sp_logout_completed($loginresponse->getIssuer());
SimpleSAML_Logger::notice('SAML2.0 - IDP.SingleLogoutService: got LogoutResponse from ' . $loginresponse->getIssuer());
+} else {
+
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SLOSERVICEPARAMS');
}
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 13fad5ce9e79b886387d734ad8adf8236dd66a0c..b864958ee33ab252709f621f703d9378b47b1c73 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -34,6 +34,9 @@ SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2
if (!$config->getValue('enable.saml20-sp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+if (empty($_POST['SAMLResponse']))
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'ACSPARAMS', $exception);
+
try {
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
index e88e25f6bf56a593723ecc52453a9f20ae266e89..0086022163a1fe43d55544a1b22c5a1089ea06b0 100644
--- a/www/saml2/sp/SingleLogoutService.php
+++ b/www/saml2/sp/SingleLogoutService.php
@@ -101,6 +101,9 @@ if (isset($_GET['SAMLRequest'])) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
+} else {
+
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SLOSERVICEPARAMS');
}
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index 3d50db4b2dd084ffc1f8fe683755bccf7d778ed6..db38d9d011e740bcbe8390eefc407aaa236adade 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -28,9 +28,6 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(true);
-$idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
-$idpmetadata = $metadata->getMetaDataCurrent('shib13-idp-hosted');
-
$requestid = null;
SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP endpoint SSOService');
@@ -38,7 +35,12 @@ SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP
if (!$config->getValue('enable.shib13-idp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
-
+try {
+ $idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
+ $idpmetadata = $metadata->getMetaDataCurrent('shib13-idp-hosted');
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
/*
* If the shire query parameter is set, we got an incomming Authentication Request
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
index 675172a28f4411d4c0cd794f1ba1a263cff42e43..68bb7fd1e5e52d0ced9345ff847c120bf7fbc320 100644
--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -21,6 +21,9 @@ SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Accessing Shibbo
if (!$config->getValue('enable.shib13-sp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+if (empty($_POST['SAMLResponse']))
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'ACSPARAMS', $exception);
+
try {
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();