From 431308535a03584d7dff46ab1785a150c46fb7e9 Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst <thijs@kinkhorst.com> Date: Wed, 5 Jan 2022 10:54:38 +0000 Subject: [PATCH] admin: Fix metadata urls when having >1 IdP The metadata endpoint requires an entityID, not authsource to find the corresponding IdP. Which makes sense because that is the unique identifier - different IdPs can make use of the same backend auth source. --- modules/admin/lib/Controller/Federation.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/admin/lib/Controller/Federation.php b/modules/admin/lib/Controller/Federation.php index 72aaef919..ffb6568bb 100644 --- a/modules/admin/lib/Controller/Federation.php +++ b/modules/admin/lib/Controller/Federation.php @@ -193,18 +193,19 @@ class Federation try { $idps = $this->mdHandler->getList('saml20-idp-hosted'); $saml2entities = []; + $httpUtils = new Utils\HTTP(); + $metadataBase = $httpUtils->getBaseURL() . 'saml2/idp/metadata.php'; if (count($idps) > 1) { foreach ($idps as $index => $idp) { - $idp['url'] = Module::getModuleURL('saml2/idp/metadata/' . $idp['auth']); + $idp['url'] = $metadataBase . '?idpentityid=' . urlencode($idp['entityid']); $idp['metadata-set'] = 'saml20-idp-hosted'; $idp['metadata-index'] = $index; $idp['metadata_array'] = SAML2_IdP::getHostedMetadata($idp['entityid']); $saml2entities[] = $idp; } } else { - $httpUtils = new Utils\HTTP(); $saml2entities['saml20-idp'] = $this->mdHandler->getMetaDataCurrent('saml20-idp-hosted'); - $saml2entities['saml20-idp']['url'] = $httpUtils->getBaseURL() . 'saml2/idp/metadata.php'; + $saml2entities['saml20-idp']['url'] = $metadataBase; $saml2entities['saml20-idp']['metadata_array'] = SAML2_IdP::getHostedMetadata( $this->mdHandler->getMetaDataCurrentEntityID('saml20-idp-hosted') ); @@ -234,7 +235,7 @@ class Federation $adfsentities = []; if (count($idps) > 1) { foreach ($idps as $index => $idp) { - $idp['url'] = Module::getModuleURL('adfs/idp/metadata/' . $idp['auth']); + $idp['url'] = Module::getModuleURL('adfs/idp/metadata/?idpentityid=' . urlencode($idp['entityid'])); $idp['metadata-set'] = 'adfs-idp-hosted'; $idp['metadata-index'] = $index; $idp['metadata_array'] = ADFS_IdP::getHostedMetadata($idp['entityid']); -- GitLab