From 37fa7090389ccb7499b9a390d420c270fc391ee0 Mon Sep 17 00:00:00 2001
From: Jaime Perez <jaime.perez@uninett.no>
Date: Wed, 5 Mar 2014 10:31:01 +0100
Subject: [PATCH] Remove old SP interfaces in www/{saml2|shib13|wsfed}/sp.
---
www/saml2/sp/AssertionConsumerService.php | 184 --------------------
www/saml2/sp/SingleLogoutService.php | 108 ------------
www/saml2/sp/idpdisco.php | 29 ----
www/saml2/sp/initSLO.php | 75 --------
www/saml2/sp/initSSO.php | 189 ---------------------
www/shib13/sp/AssertionConsumerService.php | 125 --------------
www/shib13/sp/idpdisco.php | 29 ----
www/shib13/sp/initSSO.php | 110 ------------
www/wsfed/sp/idpdisco.php | 29 ----
www/wsfed/sp/initSLO.php | 71 --------
www/wsfed/sp/initSSO.php | 75 --------
www/wsfed/sp/prp.php | 166 ------------------
12 files changed, 1190 deletions(-)
delete mode 100644 www/saml2/sp/AssertionConsumerService.php
delete mode 100644 www/saml2/sp/SingleLogoutService.php
delete mode 100644 www/saml2/sp/idpdisco.php
delete mode 100644 www/saml2/sp/initSLO.php
delete mode 100644 www/saml2/sp/initSSO.php
delete mode 100644 www/shib13/sp/AssertionConsumerService.php
delete mode 100644 www/shib13/sp/idpdisco.php
delete mode 100644 www/shib13/sp/initSSO.php
delete mode 100644 www/wsfed/sp/idpdisco.php
delete mode 100644 www/wsfed/sp/initSLO.php
delete mode 100644 www/wsfed/sp/initSSO.php
delete mode 100644 www/wsfed/sp/prp.php
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
deleted file mode 100644
index 1f3412627..000000000
--- a/www/saml2/sp/AssertionConsumerService.php
+++ /dev/null
@@ -1,184 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-/**
- * This SAML 2.0 endpoint is the endpoint at the SAML 2.0 SP that takes an Authentication Response
- * as HTTP-POST in, and parses and processes it before it redirects the use to the RelayState.
- *
- * @author Andreas Aakre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
- * @package simpleSAMLphp
- * @abstract
- */
-
-$config = SimpleSAML_Configuration::getInstance();
-
-SimpleSAML_Logger::warning('The file saml2/sp/AssertionConsumerService.php is deprecated and will be removed in future versions.');
-
-/* Get the session object for the user. Create a new session if no session
- * exists for this user.
- */
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-
-/**
- * Finish login operation.
- *
- * This helper function finishes a login operation and redirects the user back to the page which
- * requested the login.
- *
- * @param array $authProcState The state of the authentication process.
- */
-function finishLogin($authProcState) {
- assert('is_array($authProcState)');
- assert('array_key_exists("Attributes", $authProcState)');
- assert('array_key_exists("core:saml20-sp:NameID", $authProcState)');
- assert('array_key_exists("core:saml20-sp:SessionIndex", $authProcState)');
- assert('array_key_exists("core:saml20-sp:TargetURL", $authProcState)');
- assert('array_key_exists("Source", $authProcState)');
- assert('array_key_exists("entityid", $authProcState["Source"])');
-
- $authData = array(
- 'Attributes' => $authProcState['Attributes'],
- 'saml:sp:NameID' => $authProcState['core:saml20-sp:NameID'],
- 'saml:sp:SessionIndex' => $authProcState['core:saml20-sp:SessionIndex'],
- 'saml:sp:IdP' => $authProcState['Source']['entityid'],
- );
-
- global $session;
- $session->doLogin('saml2', $authData);
-
- SimpleSAML_Utilities::redirectTrustedURL($authProcState['core:saml20-sp:TargetURL']);
-}
-
-SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2.0 SP endpoint AssertionConsumerService');
-
-if (!$config->getBoolean('enable.saml20-sp', TRUE))
- throw new SimpleSAML_Error_Error('NOACCESS');
-
-if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
- /* We have returned from the authentication processing filters. */
-
- $authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
-
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($authProcId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
- $authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
- finishLogin($authProcState);
-}
-
-
-try {
- $metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- $sp = $metadataHandler->getMetaDataCurrentEntityID();
- $spMetadata = $metadataHandler->getMetaDataConfig($sp, 'saml20-sp-hosted');
-
- $b = SAML2_Binding::getCurrentBinding();
- if ($b instanceof SAML2_HTTPArtifact) {
- $b->setSPMetadata($spMetadata);
- }
-
- $response = $b->receive();
- if (!($response instanceof SAML2_Response)) {
- throw new SimpleSAML_Error_BadRequest('Invalid message received to AssertionConsumerService endpoint.');
- }
-
- $idp = $response->getIssuer();
- if ($idp === NULL) {
- throw new Exception('Missing <saml:Issuer> in message delivered to AssertionConsumerService.');
- }
-
-
- $idpMetadata = $metadataHandler->getMetaDataConfig($idp, 'saml20-idp-remote');
-
- /* Fetch the request information if it exists, fall back to RelayState if not. */
- $requestId = $response->getInResponseTo();
- $info = $session->getData('SAML2:SP:SSO:Info', $requestId);
- if($info === NULL) {
- /* Fall back to RelayState. */
- $info = array();
- $info['RelayState'] = SimpleSAML_Utilities::checkURLAllowed($response->getRelayState());
- if(empty($info['RelayState'])) {
- $info['RelayState'] = $spMetadata->getString('RelayState', NULL);
- }
- if(empty($info['RelayState'])) {
- /* RelayState missing. */
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
- }
- }
-
-
- try {
- $assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
- if (count($assertion) > 1) {
- throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
- }
- $assertion = $assertion[0];
- } catch (sspmod_saml_Error $e) {
- /* The status of the response wasn't "success". */
-
- $status = $response->getStatus();
- if(array_key_exists('OnError', $info)) {
- /* We have an error handler. Return the error to it. */
- SimpleSAML_Utilities::redirectTrustedURL($info['OnError'], array('StatusCode' => $status['Code']));
- }
-
- /* We don't have an error handler. Show an error page. */
- throw new SimpleSAML_Error_Error('RESPONSESTATUSNOSUCCESS', $e);
- }
-
-
- SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Successful response from IdP');
-
- /*
- * Attribute handling
- */
- $attributes = $assertion->getAttributes();
-
- SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadataHandler->getMetaDataCurrentEntityID() . ' ' . $idp . ' NA');
-
-
- $nameId = $assertion->getNameId();
-
- /* Begin module attribute processing */
-
- $spMetadataArray = $spMetadata->toArray();
- $idpMetadataArray = $idpMetadata->toArray();
-
- $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadataArray, $spMetadataArray, 'sp');
-
- $authProcState = array(
- 'core:saml20-sp:NameID' => $nameId,
- 'core:saml20-sp:SessionIndex' => $assertion->getSessionIndex(),
- 'core:saml20-sp:TargetURL' => $info['RelayState'],
- 'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(),
- 'Attributes' => $attributes,
- 'Destination' => $spMetadataArray,
- 'Source' => $idpMetadataArray,
- );
-
- $pc->processState($authProcState);
- /* Since this function returns, processing has completed and attributes have
- * been updated.
- */
-
- finishLogin($authProcState);
-
-} catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('PROCESSASSERTION', $exception);
-}
-
-
-?>
\ No newline at end of file
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
deleted file mode 100644
index e21b65ccb..000000000
--- a/www/saml2/sp/SingleLogoutService.php
+++ /dev/null
@@ -1,108 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-SimpleSAML_Logger::warning('The file saml2/sp/SingleLogoutService.php is deprecated and will be removed in future versions.');
-
-// Get the local session
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-
-SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: Accessing SAML 2.0 SP endpoint SingleLogoutService');
-
-if (!$config->getBoolean('enable.saml20-sp', TRUE))
- throw new SimpleSAML_Error_Error('NOACCESS');
-
-
-
-// Destroy local session if exists.
-$session->doLogout('saml2');
-
-$binding = SAML2_Binding::getCurrentBinding();
-$message = $binding->receive();
-
-$idpEntityId = $message->getIssuer();
-if ($idpEntityId === NULL) {
- /* Without an issuer we have no way to respond to the message. */
- throw new SimpleSAML_Error_BadRequest('Received message on logout endpoint without issuer.');
-}
-
-$spEntityId = $metadata->getMetaDataCurrentEntityId('saml20-sp-hosted');
-
-$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
-$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
-
-sspmod_saml_Message::validateMessage($idpMetadata, $spMetadata, $message);
-
-if ($message instanceof SAML2_LogoutRequest) {
-
- try {
- // Extract some parameters from the logout request
- $requestid = $message->getId();
-
- SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: IdP (' . $idpEntityId .
- ') is sending logout request to me SP (' . $spEntityId . ') requestid '.$requestid);
- SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId);
-
- /* Create response. */
- $lr = sspmod_saml_Message::buildLogoutResponse($spMetadata, $idpMetadata);
- $lr->setRelayState($message->getRelayState());
- $lr->setInResponseTo($message->getId());
-
- SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: SP me (' . $spEntityId . ') is sending logout response to IdP (' . $idpEntityId . ')');
-
- $dst = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
- SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_HTTP_POST)
- );
-
- if (!$binding instanceof SAML2_SOAP) {
- $binding = SAML2_Binding::getBinding($dst['Binding']);
- if (isset($dst['ResponseLocation'])) {
- $dst = $dst['ResponseLocation'];
- } else {
- $dst = $dst['Location'];
- }
- $binding->setDestination($dst);
- }
-
- /* Send response. */
- $binding->send($lr);
- } catch (Exception $exception) {
- throw new SimpleSAML_Error_Error('LOGOUTREQUEST', $exception);
- }
-
-} elseif ($message instanceof SAML2_LogoutResponse) {
-
- SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $spEntityId . ' ' . $idpEntityId);
-
- $id = $message->getRelayState();
- if (empty($id)) {
- /* For backwardscompatibility. */
- $id = $message->getInResponseTo();
- }
-
- // 'spLogoutReturnTo' is checked before storing it in the
- // session, so we trust it here.
- $returnTo = $session->getData('spLogoutReturnTo', $id);
- if (empty($returnTo)) {
- throw new SimpleSAML_Error_Error('LOGOUTINFOLOST');
- }
-
- SimpleSAML_Utilities::redirectTrustedURL($returnTo);
-
-} else {
- throw new SimpleSAML_Error_Error('SLOSERVICEPARAMS');
-}
-
diff --git a/www/saml2/sp/idpdisco.php b/www/saml2/sp/idpdisco.php
deleted file mode 100644
index b7cdff381..000000000
--- a/www/saml2/sp/idpdisco.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-SimpleSAML_Logger::warning('The file saml2/sp/idpdisco.php is deprecated and will be removed in future versions.');
-
-try {
- $discoHandler = new SimpleSAML_XHTML_IdPDisco(array('saml20-idp-remote'), 'saml20');
-} catch (Exception $exception) {
- /* An error here should be caused by invalid query parameters. */
- throw new SimpleSAML_Error_Error('DISCOPARAMS', $exception);
-}
-
-try {
- $discoHandler->handleRequest();
-} catch(Exception $exception) {
- /* An error here should be caused by metadata. */
- throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-?>
\ No newline at end of file
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
deleted file mode 100644
index 50b2d035f..000000000
--- a/www/saml2/sp/initSLO.php
+++ /dev/null
@@ -1,75 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file saml2/sp/initSLO.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO script');
-
-if (!$config->getBoolean('enable.saml20-sp', TRUE))
- throw new SimpleSAML_Error_Error('NOACCESS');
-
-
-if (isset($_REQUEST['RelayState'])) {
- $returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
-} else {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-
-try {
- $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
- $idpEntityId = $session->getAuthData('saml2', 'saml:sp:IdP');
- if ($idpEntityId === NULL) {
- SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: User not authenticated with an IdP.');
- SimpleSAML_Utilities::redirectTrustedURL($returnTo);
- }
- $idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
- $SLOendpoint = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
- SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_HTTP_POST),
- NULL);
- if ($SLOendpoint === NULL) {
- $session->doLogout('saml2');
- SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: No SingleLogoutService endpoint supported in the IdP.');
- SimpleSAML_Utilities::redirectTrustedURL($returnTo);
- }
-
- $spEntityId = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
- $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
-
- $nameId = $session->getAuthData('saml2', 'saml:sp:NameID');
-
- $lr = sspmod_saml_Message::buildLogoutRequest($spMetadata, $idpMetadata);
- $lr->setNameId($nameId);
- $lr->setSessionIndex($session->getAuthData('saml2', 'saml:sp:SessionIndex'));
- $lr->setDestination($SLOendpoint['Location']);
-
- $session->doLogout('saml2');
-
- /* Save the $returnTo URL until the user returns from the IdP. */
- $session->setData('spLogoutReturnTo', $lr->getId(), $returnTo);
-
- SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: SP (' . $spEntityId . ') is sending logout request to IdP (' . $idpEntityId . ')');
-
- $b = SAML2_Binding::getBinding($SLOendpoint['Binding']);
- $b->send($lr);
-
-
-} catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
-}
-
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
deleted file mode 100644
index ef1acc239..000000000
--- a/www/saml2/sp/initSSO.php
+++ /dev/null
@@ -1,189 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file saml2/sp/initSSO.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: Accessing SAML 2.0 SP initSSO script');
-
-if (!$config->getBoolean('enable.saml20-sp', TRUE))
- throw new SimpleSAML_Error_Error('NOACCESS');
-
-/*
- * Incomming URL parameters
- *
- * idpentityid optional The entityid of the wanted IdP to authenticate with. If not provided will use default.
- * spentityid optional The entityid of the SP config to use. If not provided will use default to host.
- * RelayState required Where to send the user back to after authentication.
- */
-
-if (empty($_GET['RelayState'])) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-$returnTo = SimpleSAML_Utilities::checkURLAllowed($_GET['RelayState']);
-
-$reachableIDPs = array();
-
-try {
-
- $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getString('default-saml20-idp', NULL) ;
- $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-
- $isPassive = isset($_GET['IsPassive']) && ($_GET['IsPassive'] === 'true' || $_GET['IsPassive'] === '1');
- $forceAuthn = isset($_GET['ForceAuthn']) && ($_GET['ForceAuthn'] === 'true' || $_GET['ForceAuthn'] === '1');
-
- /* We are going to need the SP metadata to determine which IdP discovery service we should use.
- And for checking for scoping parameters. */
- $spmetadata = $metadata->getMetaDataCurrent('saml20-sp-hosted');
-
- $IDPList = array();
-
- /* Configured idp overrides one given by Scope */
- if($idpentityid === NULL && array_key_exists('idpentityid', $spmetadata)) {
- $idpentityid = $spmetadata['idpentityid'];
- }
-
- /* AuthId is set if we are on the sp side on a proxy/bridge */
- $authid = isset($_GET['AuthId']) ? $_GET['AuthId'] : FALSE;
- if ($authid) {
- $authrequestcache = $session->getAuthnRequest('saml2', $authid);
- $isPassive = $isPassive || $authrequestcache['IsPassive'];
- $forceAuthn = $forceAuthn || $authrequestcache['ForceAuthn'];
-
- /* keep the IDPList, it MUST be sent it to the next idp,
- we are only allowed to add idps */
- if (isset($authrequestcache['IDPList']) && is_array($authrequestcache['IDPList'])) {
- $IDPList = $authrequestcache['IDPList'];
- }
- if ($idpentityid === NULL) {
- /* only consider ProviderIDs we know ... */
-
- $reachableIDPs = array_intersect($IDPList, array_keys($metadata->getList()));
-
- if (sizeof($reachableIDPs) === 1) {
- $idpentityid = array_shift($reachableIDPs);
- }
- }
- }
-
-
-} catch (Exception $exception) {
- throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-/*
- * If no IdP can be resolved, send the user to the SAML 2.0 Discovery Service
- */
-if ($idpentityid === NULL) {
-
- SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
-
- /* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
- * Falling back to builtin discovery service.
- */
-
- if(array_key_exists('idpdisco.url', $spmetadata)) {
- $discourl = $spmetadata['idpdisco.url'];
- } elseif($config->getString('idpdisco.url.saml20', NULL) !== NULL) {
- $discourl = $config->getString('idpdisco.url.saml20');
- } else {
- $discourl = SimpleSAML_Utilities::getBaseURL() . 'saml2/sp/idpdisco.php';
- }
-
- $extDiscoveryStorage = $config->getString('idpdisco.extDiscoveryStorage', NULL);
- if ($extDiscoveryStorage !== NULL) {
- SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array(
- 'entityID' => $spentityid,
- 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array(
- 'return' => SimpleSAML_Utilities::selfURL(),
- 'remember' => 'true',
- 'entityID' => $spentityid,
- 'returnIDParam' => 'idpentityid',
- )),
- 'returnIDParam' => 'idpentityid',
- 'isPassive' => 'true')
- );
- }
-
- $discoparameters = array(
- 'entityID' => $spentityid,
- 'return' => SimpleSAML_Utilities::selfURL(),
- 'returnIDParam' => 'idpentityid');
-
- $discoparameters['isPassive'] = $isPassive;
-
- if (sizeof($reachableIDPs) > 0) {
- $discoparameters['IDPList'] = $reachableIDPs;
- }
-
- SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters);
-}
-
-
-/*
- * Create and send authentication request to the IdP.
- */
-try {
-
- $spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-hosted');
- $idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-remote');
-
- $ar = sspmod_saml_Message::buildAuthnRequest($spMetadata, $idpMetadata);
-
- $assertionConsumerServiceURL = $metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted');
- $ar->setAssertionConsumerServiceURL($assertionConsumerServiceURL);
- $ar->setRelayState($returnTo);
-
- if ($isPassive) {
- $ar->setIsPassive(TRUE);
- }
- if ($forceAuthn) {
- $ar->setForceAuthn(TRUE);
- }
-
- if(array_key_exists('IDPList', $spmetadata)) {
- $IDPList = array_unique(array_merge($IDPList, $spmetadata['IDPList']));
- }
-
- if (isset($_GET['IDPList']) && !empty($_GET['IDPList'])) {
- $providers = $_GET['IDPList'];
- if (!is_array($providers)) $providers = array($providers);
- $IDPList = array_merge($IDPList, $providers);
- };
- $ar->setIDPList($IDPList);
-
- /* Save request information. */
- $info = array();
- $info['RelayState'] = $returnTo;
- if(array_key_exists('OnError', $_REQUEST)) {
- $info['OnError'] = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['OnError']);
- }
- $session->setData('SAML2:SP:SSO:Info', $ar->getId(), $info);
-
- /* Select appropriate SSO endpoint */
- if ($ar->getProtocolBinding() === SAML2_Const::BINDING_HOK_SSO) {
- $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(SAML2_Const::BINDING_HOK_SSO));
- } else {
- $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(SAML2_Const::BINDING_HTTP_REDIRECT, SAML2_Const::BINDING_HTTP_POST));
- }
- $ar->setDestination($dst['Location']);
-
- $b = SAML2_Binding::getBinding($dst['Binding']);
- $b->send($ar);
-
-} catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
-}
-
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
deleted file mode 100644
index ab1fd6874..000000000
--- a/www/shib13/sp/AssertionConsumerService.php
+++ /dev/null
@@ -1,125 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-
-SimpleSAML_Logger::warning('The file shib13/sp/AssertionConsumerService.php is deprecated and will be removed in future versions.');
-
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-
-/**
- * Finish login operation.
- *
- * This helper function finishes a login operation and redirects the user back to the page which
- * requested the login.
- *
- * @param array $authProcState The state of the authentication process.
- */
-function finishLogin($authProcState) {
- assert('is_array($authProcState)');
- assert('array_key_exists("Attributes", $authProcState)');
- assert('array_key_exists("core:shib13-sp:NameID", $authProcState)');
- assert('array_key_exists("core:shib13-sp:SessionIndex", $authProcState)');
- assert('array_key_exists("core:shib13-sp:TargetURL", $authProcState)');
- assert('array_key_exists("Source", $authProcState)');
- assert('array_key_exists("entityid", $authProcState["Source"])');
-
- $authData = array(
- 'Attributes' => $authProcState['Attributes'],
- 'saml:sp:NameID' => $authProcState['core:shib13-sp:NameID'],
- 'saml:sp:SessionIndex' => $authProcState['core:shib13-sp:SessionIndex'],
- 'saml:sp:IdP' => $authProcState['Source']['entityid'],
- );
-
- global $session;
- $session->doLogin('shib13', $authData);
-
- SimpleSAML_Utilities::redirectTrustedURL($authProcState['core:shib13-sp:TargetURL']);
-}
-
-
-SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Accessing Shibboleth 1.3 SP endpoint AssertionConsumerService');
-
-if (!$config->getBoolean('enable.shib13-sp', false))
- throw new SimpleSAML_Error_Error('NOACCESS');
-
-if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
- /* We have returned from the authentication processing filters. */
-
- $authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
-
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($authProcId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
- $authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
- finishLogin($authProcState);
-}
-
-if (empty($_POST['SAMLResponse']))
- throw new SimpleSAML_Error_Error('ACSPARAMS', $exception);
-
-try {
-
- $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
- $binding = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
- $authnResponse = $binding->decodeResponse($_POST);
-
- $authnResponse->validate();
-
- /* Successfully authenticated. */
-
- $idpmetadata = $metadata->getMetadata($authnResponse->getIssuer(), 'shib13-idp-remote');
-
- SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Successful authentication to IdP ' . $idpmetadata['entityid']);
-
-
- SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $idpmetadata['entityid'] . ' NA');
-
-
- $relayState = $authnResponse->getRelayState();
- if (!isset($relayState)) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
- }
-
- $spmetadata = $metadata->getMetaData(NULL, 'shib13-sp-hosted');
-
- /* Begin module attribute processing */
- $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'sp');
-
- $authProcState = array(
- 'core:shib13-sp:NameID' => $authnResponse->getNameID(),
- 'core:shib13-sp:SessionIndex' => $authnResponse->getSessionIndex(),
- 'core:shib13-sp:TargetURL' => SimpleSAML_Utilities::checkURLAllowed($relayState),
- 'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(),
- 'Attributes' => $authnResponse->getAttributes(),
- 'Destination' => $spmetadata,
- 'Source' => $idpmetadata,
- );
-
- $pc->processState($authProcState);
- /* Since this function returns, processing has completed and attributes have
- * been updated.
- */
-
- finishLogin($authProcState);
-
-} catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('GENERATEAUTHNRESPONSE', $exception);
-}
-
-
-?>
\ No newline at end of file
diff --git a/www/shib13/sp/idpdisco.php b/www/shib13/sp/idpdisco.php
deleted file mode 100644
index 85822edd0..000000000
--- a/www/shib13/sp/idpdisco.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-SimpleSAML_Logger::warning('The file shib13/sp/idpdisco.php is deprecated and will be removed in future versions.');
-
-try {
- $discoHandler = new SimpleSAML_XHTML_IdPDisco(array('shib13-idp-remote'), 'shib13');
-} catch (Exception $exception) {
- /* An error here should be caused by invalid query parameters. */
- throw new SimpleSAML_Error_Error('DISCOPARAMS', $exception);
-}
-
-try {
- $discoHandler->handleRequest();
-} catch(Exception $exception) {
- /* An error here should be caused by metadata. */
- throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-?>
\ No newline at end of file
diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php
deleted file mode 100644
index 2cceb210e..000000000
--- a/www/shib13/sp/initSSO.php
+++ /dev/null
@@ -1,110 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-SimpleSAML_Logger::warning('The file shib13/sp/initSSO.php is deprecated and will be removed in future versions.');
-
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-
-/*
- * Incomming URL parameters
- *
- * idpentityid optional The entityid of the wanted IdP to authenticate with. If not provided will use default.
- * spentityid optional The entityid of the SP config to use. If not provided will use default to host.
- * RelayState required Where to send the user back to after authentication.
- *
- */
-
-SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Accessing Shib 1.3 SP initSSO script');
-
-if (!$config->getBoolean('enable.shib13-sp', false))
- throw new SimpleSAML_Error_Error('NOACCESS');
-
-
-try {
-
- $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getString('default-shib13-idp', NULL) ;
- $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted');
-
- if($idpentityid === NULL) {
- /* We are going to need the SP metadata to determine which IdP discovery service we should use. */
- $spmetadata = $metadata->getMetaDataCurrent('shib13-sp-hosted');
- }
-
-
-} catch (Exception $exception) {
- throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-
-
-if (!isset($session) || !$session->isValid('shib13') ) {
-
- if ($idpentityid == null) {
-
- SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: No chosen or default IdP, go to Shib13disco');
-
- /* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
- * Falling back to builtin discovery service.
- */
- if(array_key_exists('idpdisco.url', $spmetadata)) {
- $discservice = $spmetadata['idpdisco.url'];
- } elseif($config->getString('idpdisco.url.shib13', NULL) !== NULL) {
- $discservice = $config->getString('idpdisco.url.shib13');
- } else {
- $discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php';
- }
-
- SimpleSAML_Utilities::redirectTrustedURL($discservice, array(
- 'entityID' => $spentityid,
- 'return' => SimpleSAML_Utilities::selfURL(),
- 'returnIDParam' => 'idpentityid',
- ));
- }
-
-
- try {
- $ar = new SimpleSAML_XML_Shib13_AuthnRequest();
- $ar->setIssuer($spentityid);
- if(isset($_GET['RelayState']))
- $ar->setRelayState(SimpleSAML_Utilities::checkURLAllowed($_GET['RelayState']));
-
- SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
-
- $url = $ar->createRedirect($idpentityid);
- SimpleSAML_Utilities::redirectTrustedURL($url);
-
- } catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
- }
-
-} else {
-
-
- $relaystate = $_GET['RelayState'];
-
- if (isset($relaystate) && !empty($relaystate)) {
- SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
- SimpleSAML_Utilities::redirectUntrustedURL($relaystate);
- } else {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
- }
-
-}
-
-
-
-
-?>
\ No newline at end of file
diff --git a/www/wsfed/sp/idpdisco.php b/www/wsfed/sp/idpdisco.php
deleted file mode 100644
index f48f9c9ea..000000000
--- a/www/wsfed/sp/idpdisco.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-SimpleSAML_Logger::warning('The file wsfed/sp/idpdisco.php is deprecated and will be removed in future versions.');
-
-try {
- $discoHandler = new SimpleSAML_XHTML_IdPDisco(array('wsfed-idp-remote'), 'wsfed');
-} catch (Exception $exception) {
- /* An error here should be caused by invalid query parameters. */
- throw new SimpleSAML_Error_Error('DISCOPARAMS', $exception);
-}
-
-try {
- $discoHandler->handleRequest();
-} catch(Exception $exception) {
- /* An error here should be caused by metadata. */
- throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-?>
\ No newline at end of file
diff --git a/www/wsfed/sp/initSLO.php b/www/wsfed/sp/initSLO.php
deleted file mode 100644
index a30e294c9..000000000
--- a/www/wsfed/sp/initSLO.php
+++ /dev/null
@@ -1,71 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-
-SimpleSAML_Logger::warning('The file wsfed/sp/initSLO.php is deprecated and will be removed in future versions.');
-
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::info('WS-Fed - SP.initSLO: Accessing WS-Fed SP initSLO script');
-
-if (!$config->getBoolean('enable.wsfed-sp', false))
- throw new SimpleSAML_Error_Error('NOACCESS');
-
-
-if (isset($_REQUEST['RelayState'])) {
- $returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
-} else {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-
-if (isset($session) ) {
-
- try {
-
- $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
- $idpentityid = $session->getAuthData('wsfed', 'saml:sp:IdP');
- $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-
- /**
- * Create a logout request
- */
-
- $session->doLogout('wsfed');
-
- SimpleSAML_Logger::info('WS-Fed - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
-
- $idpmeta = $metadata->getMetaData($idpentityid, 'wsfed-idp-remote');
-
- SimpleSAML_Utilities::redirectTrustedURL($idpmeta['prp'], array(
- 'wa' => 'wsignout1.0',
- 'wct' => gmdate('Y-m-d\TH:i:s\Z', time()),
- 'wtrealm' => $spentityid,
- 'wctx' => $returnTo
- ));
-
-
- } catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
- }
-
-} else {
-
- SimpleSAML_Logger::info('WS-Fed - SP.initSLO: User is already logged out. Go back to relaystate');
- SimpleSAML_Utilities::redirectTrustedURL($returnTo);
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/www/wsfed/sp/initSSO.php b/www/wsfed/sp/initSSO.php
deleted file mode 100644
index 0b95bf237..000000000
--- a/www/wsfed/sp/initSSO.php
+++ /dev/null
@@ -1,75 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-/**
- * WS-Federation/ADFS PRP protocol support for simpleSAMLphp.
- *
- * The initSSO handler relays an internal request from a simpleSAMLphp
- * Service Provider as a WS-Federation Resource Partner using the Passive
- * Requestor Profile (PRP) to an Account Partner.
- *
- * @author Hans Zandbelt, SURFnet BV. <hans.zandbelt@surfnet.nl>
- * @package simpleSAMLphp
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-SimpleSAML_Logger::warning('The file wsfed/sp/initSSO.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('WS-Fed - SP.initSSO: Accessing WS-Fed SP initSSO script');
-
-if (!$config->getBoolean('enable.wsfed-sp', false))
- throw new SimpleSAML_Error_Error('NOACCESS');
-
-if (empty($_GET['RelayState'])) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-try {
-
- $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getString('default-wsfed-idp', NULL);
- $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('wsfed-sp-hosted');
-
-} catch (Exception $exception) {
- throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-if ($idpentityid == null) {
-
- SimpleSAML_Logger::info('WS-Fed - SP.initSSO: No chosen or default IdP, go to WSFeddisco');
-
- SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'wsfed/sp/idpdisco.php', array(
- 'entityID' => $spentityid,
- 'return' => SimpleSAML_Utilities::selfURL(),
- 'returnIDParam' => 'idpentityid')
- );
-}
-
-try {
- $relaystate = SimpleSAML_Utilities::checkURLAllowed($_GET['RelayState']);
-
- $idpmeta = $metadata->getMetaData($idpentityid, 'wsfed-idp-remote');
- $spmeta = $metadata->getMetaData($spentityid, 'wsfed-sp-hosted');
-
- SimpleSAML_Utilities::redirectTrustedURL($idpmeta['prp'], array(
- 'wa' => 'wsignin1.0',
- 'wct' => gmdate('Y-m-d\TH:i:s\Z', time()),
- 'wtrealm' => $spentityid,
- 'wctx' => $relaystate
- ));
-
-} catch (Exception $exception) {
- throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
-}
-
-?>
\ No newline at end of file
diff --git a/www/wsfed/sp/prp.php b/www/wsfed/sp/prp.php
deleted file mode 100644
index 57e5f23d5..000000000
--- a/www/wsfed/sp/prp.php
+++ /dev/null
@@ -1,166 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-/**
- * WS-Federation/ADFS PRP protocol support for simpleSAMLphp.
- *
- * The AssertionConsumerService handler accepts responses from a WS-Federation
- * Account Partner using the Passive Requestor Profile (PRP) and handles it as
- * a Resource Partner. It receives a response, parses it and passes on the
- * authentication+attributes.
- *
- * @author Hans Zandbelt, SURFnet BV. <hans.zandbelt@surfnet.nl>
- * @package simpleSAMLphp
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$session = SimpleSAML_Session::getSessionFromRequest();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-SimpleSAML_Logger::warning('The file wsfed/sp/prp.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('WS-Fed - SP.AssertionConsumerService: Accessing WS-Fed SP endpoint AssertionConsumerService');
-
-if (!$config->getBoolean('enable.wsfed-sp', false))
- throw new SimpleSAML_Error_Error('NOACCESS');
-
-if (!empty($_GET['wa']) and ($_GET['wa'] == 'wsignoutcleanup1.0')) {
- if (isset($session) && $session->isValid('wsfed')) {
- $session->doLogout('wsfed');
- }
- if (!empty($_GET['wreply'])) {
- SimpleSAML_Utilities::redirectUntrustedURL(urldecode($_GET['wreply']));
- }
- exit;
-}
-
-/* Make sure that the correct query parameters are passed to this script. */
-try {
- if (empty($_POST['wresult'])) {
- throw new Exception('Missing wresult parameter');
- }
- if (empty($_POST['wa'])) {
- throw new Exception('Missing wa parameter');
- }
- if (empty($_POST['wctx'])) {
- throw new Exception('Missing wctx parameter');
- }
-} catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('ACSPARAMS', $exception);
-}
-
-
-try {
-
- $wa = $_POST['wa'];
- $wresult = $_POST['wresult'];
- $wctx = $_POST['wctx'];
-
- /* Load and parse the XML. */
- $dom = new DOMDocument();
- /* Accommodate for MS-ADFS escaped quotes */
- $wresult = str_replace('\"', '"', $wresult);
- $dom->loadXML(str_replace ("\r", "", $wresult));
-
- $xpath = new DOMXpath($dom);
- $xpath->registerNamespace('wst', 'http://schemas.xmlsoap.org/ws/2005/02/trust');
- $xpath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
-
- /* Find the saml:Assertion element in the response. */
- $assertions = $xpath->query('/wst:RequestSecurityTokenResponse/wst:RequestedSecurityToken/saml:Assertion');
- if ($assertions->length === 0) {
- throw new Exception('Received a response without an assertion on the WS-Fed PRP handler.');
- }
- if ($assertions->length > 1) {
- throw new Exception('The WS-Fed PRP handler currently only supports a single assertion in a response.');
- }
- $assertion = $assertions->item(0);
-
- /* Find the entity id of the issuer. */
- $idpEntityId = $assertion->getAttribute('Issuer');
-
- /* Load the IdP metadata. */
- $idpMetadata = $metadata->getMetaData($idpEntityId, 'wsfed-idp-remote');
-
- /* Find the certificate used by the IdP. */
- if(array_key_exists('certificate', $idpMetadata)) {
- $certFile = SimpleSAML_Utilities::resolveCert($idpMetadata['certificate']);
- } else {
- throw new Exception('Missing \'certificate\' metadata option in the \'wsfed-idp-remote\' metadata' .
- ' for the IdP \'' . $idpEntityId . '\'.');
- }
-
- /* Load the certificate. */
- $certData = file_get_contents($certFile);
- if($certData === FALSE) {
- throw new Exception('Unable to load certificate file \'' . $certFile . '\' for wsfed-idp \'' .
- $idpEntityId . '\'.');
- }
-
- /* Verify that the assertion is signed by the issuer. */
- $validator = new SimpleSAML_XML_Validator($assertion, 'AssertionID', $certData);
- if(!$validator->isNodeValidated($assertion)) {
- throw new Exception('The assertion was not correctly signed by the WS-Fed IdP \'' .
- $idpEntityId . '\'.');
- }
-
- /* Check time constraints of contitions (if present). */
- foreach($xpath->query('./saml:Conditions', $assertion) as $condition) {
- $notBefore = $condition->getAttribute('NotBefore');
- $notOnOrAfter = $condition->getAttribute('NotOnOrAfter');
- if(!SimpleSAML_Utilities::checkDateConditions($notBefore, $notOnOrAfter)) {
- throw new Exception('The response has expired.');
- }
- }
-
-
- /* Extract the name identifier from the response. */
- $nameid = $xpath->query('./saml:AuthenticationStatement/saml:Subject/saml:NameIdentifier', $assertion);
- if ($nameid->length === 0) {
- throw new Exception('Could not find the name identifier in the response from the WS-Fed IdP \'' .
- $idpEntityId . '\'.');
- }
- $nameid = array(
- 'Format' => $nameid->item(0)->getAttribute('Format'),
- 'Value' => $nameid->item(0)->textContent,
- );
-
-
- /* Extract the attributes from the response. */
- $attributes = array();
- $attributeValues = $xpath->query('./saml:AttributeStatement/saml:Attribute/saml:AttributeValue', $assertion);
- foreach($attributeValues as $attribute) {
- $name = $attribute->parentNode->getAttribute('AttributeName');
- $value = $attribute->textContent;
- if(!array_key_exists($name, $attributes)) {
- $attributes[$name] = array();
- }
- $attributes[$name][] = $value;
- }
-
-
- /* Mark the user as logged in. */
- $authData = array(
- 'Attributes' => $attributes,
- 'saml:sp:NameID' => $nameid,
- 'saml:sp:IdP' => $idpEntityId,
- );
- $session->doLogin('wsfed', $authData);
-
- /* Redirect the user back to the page which requested the login. */
- SimpleSAML_Utilities::redirectUntrustedURL($wctx);
-
-} catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('PROCESSASSERTION', $exception);
-}
-
-?>
\ No newline at end of file
--
GitLab