diff --git a/config/config-template.php b/config/config-template.php
index 5e31f2fe6f123c542862a4c645cadf3aa1f2fa4a..baaf2b4eb9fb9102c4a62398efe795145af143ea 100644
--- a/config/config-template.php
+++ b/config/config-template.php
@@ -48,6 +48,7 @@ $config = array (
*/
'auth.adminpassword' => '123',
'admin.protectindexpage' => false,
+ 'admin.protectmetadata' => false,
/*
* Some information about the technical persons running this installation.
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index 8da4453c59c1f69d0de04da27af625882f1f40bf..3885779989cb89095e6e086c10ab8ad83ac94ad8 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -8,7 +8,7 @@ require_once('SimpleSAML/XML/AuthnResponse.php');
require_once('SimpleSAML/XML/Validator.php');
require_once('xmlseclibs.php');
-
+
/**
* An SAML 2.0 Authentication Response
*
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 19e3208310e7f28eeeb552171c75228a14c14425..2a75154d180ced5c56faa5d240545a0daf46c422 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -17,7 +17,14 @@ $session = SimpleSAML_Session::getInstance(true);
if (!$config->getValue('enable.saml20-idp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
-
+/* Check if valid local session exists.. */
+if ($config->getValue('admin.protectmetadata', false)) {
+ if (!isset($session) || !$session->isValid('login-admin') ) {
+ SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
+ array('RelayState' => SimpleSAML_Utilities::selfURL())
+ );
+ }
+}
try {
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index 7ebe40ba150e6d276a48f6140e1e19af242fc2f6..fea3f5ee27e6bc703e815b49375846ac205be577 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -16,6 +16,15 @@ $session = SimpleSAML_Session::getInstance(TRUE);
if (!$config->getValue('enable.saml20-sp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+/* Check if valid local session exists.. */
+if ($config->getValue('admin.protectmetadata', false)) {
+ if (!isset($session) || !$session->isValid('login-admin') ) {
+ SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
+ array('RelayState' => SimpleSAML_Utilities::selfURL())
+ );
+ }
+}
+
/**
* Preconfigured to help out some federations. This makes it easier for users to report metadata
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index d13013353d1faaea015ac22714b022e7e96ee8b1..6e09d8c7ad47ef73b47d7ddd84190e58c855a659 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -17,7 +17,14 @@ $session = SimpleSAML_Session::getInstance(true);
if (!$config->getValue('enable.shib13-idp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
-
+/* Check if valid local session exists.. */
+if ($config->getValue('admin.protectmetadata', false)) {
+ if (!isset($session) || !$session->isValid('login-admin') ) {
+ SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
+ array('RelayState' => SimpleSAML_Utilities::selfURL())
+ );
+ }
+}
try {
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index e7a71c472969222c288c9aad02b1c4a701c7910a..75deaa7d89bb1fd63b17b2b787ec51c54ecdd216 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -16,6 +16,14 @@ $session = SimpleSAML_Session::getInstance(TRUE);
if (!$config->getValue('enable.shib13-sp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+/* Check if valid local session exists.. */
+if ($config->getValue('admin.protectmetadata', false)) {
+ if (!isset($session) || !$session->isValid('login-admin') ) {
+ SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
+ array('RelayState' => SimpleSAML_Utilities::selfURL())
+ );
+ }
+}
try {