Fixes to ADFS metadata to allow interoperability.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3364 44740490-163a-0410-bde0-09ae8108e29a

Fixes to ADFS metadata to allow interoperability.
5c65b72f · Jaime Pérez Crespo · 57ddd861 · 5c65b72f · 5c65b72f · 5c65b72f
Commit 5c65b72f authored 11 years ago by Jaime Pérez Crespo
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -173,7 +173,12 @@ class SimpleSAML_Metadata_Signer {
 		$rootNode = $xml->firstChild;

 		/* Sign the metadata with our private key. */
-		$objXMLSecDSig = new XMLSecurityDSig();
+		if ($type == 'ADFS IdP') {
+			$objXMLSecDSig = new sspmod_adfs_XMLSecurityDSig($metadataString);
+        } else {
+			$objXMLSecDSig = new XMLSecurityDSig();
+        }
+
 		$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);

 		$objXMLSecDSig->addReferenceList(array($rootNode), XMLSecurityDSig::SHA1,

--- a/modules/adfs/lib/XMLSecurityDSig.php
+++ b/modules/adfs/lib/XMLSecurityDSig.php
+<?php
+
+/**
+ * This class should be considered a temporary workaround to
+ * solve the lack of custom formatting in XMLSecurityDSig
+ * (xmlseclibs). It should be possible to either configure
+ * the original class to avoid formatting, or to use a custom
+ * template for the signature.
+ *
+ * @todo Move this functionality to xmlseclibs.
+ *
+ * @author Daniel Tsosie
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
+
+    function __construct($metaxml) {
+        $sigdoc = new DOMDocument();
+        $template = '';
+
+        if (strpos("\n", $metaxml) === FALSE) {
+            foreach (explode("\n", self::template) as $line)
+                $template .= trim($line);
+        } else {
+            $template = self::template;
+        }
+
+        $sigdoc->loadXML($template);
+        $this->sigNode = $sigdoc->documentElement;
+    }
+}
--- a/modules/adfs/www/idp/metadata.php
+++ b/modules/adfs/www/idp/metadata.php
@@ -117,14 +117,16 @@ try {
 			'name' => $config->getString('technicalcontact_name', NULL),
 		));
 	}
-	$metaxml = explode("\n", $metaBuilder->getEntityDescriptorText());
-    unset($metaxml[0]);
-    $metaxml = implode("\n", $metaxml);
+	$output_xhtml = array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml';
+	$metaxml = $metaBuilder->getEntityDescriptorText($output_xhtml);
+	if (!$output_xhtml) {
+        $metaxml = str_replace("\n", '', $metaxml);
+    }

 	/* Sign the metadata if enabled. */
 	$metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'ADFS IdP');

-	if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') {
+	if ($output_xhtml) {
 		$defaultidp = $config->getString('default-adfs-idp', NULL);

 		$t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin');
@@ -138,19 +140,17 @@ try {
 		$t->show();

 	} else {
-
 		header('Content-Type: application/xml');

+        // make sure to export only the md:EntityDescriptor
+		$metaxml = substr($metaxml, strpos($metaxml, '<md:EntityDescriptor'));
+        // 22 = strlen('</md:EntityDescriptor>')
+		$metaxml = substr($metaxml, 0,  strrpos($metaxml, '</md:EntityDescriptor>') + 22);
 		echo $metaxml;
-		exit(0);

+		exit(0);
 	}

-
-
 } catch(Exception $exception) {
-
 	throw new SimpleSAML_Error_Error('METADATA', $exception);
-
 }
-