diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 7905999ce7519be093732cbb4209d54184712639..c4388baf4dacf1da4c3eb3c9208e58324fa38b29 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -1,199 +1,236 @@
<?php
-class sspmod_adfs_IdP_ADFS {
-
- public static function receiveAuthnRequest(SimpleSAML_IdP $idp) {
- try {
- // accomodate for disfunctional $_GET "windows" slash decoding in PHP
- $wctx = $_GET['wctx'];
- foreach (explode('&', $_SERVER['REQUEST_URI']) as $e) {
- $a = explode('=', $e);
- if ($a[0] == 'wctx') $wctx = urldecode($a[1]);
- }
- $requestid = $wctx;
- $issuer = $_GET['wtrealm'];
- $requestcache = array(
- 'RequestID' => $requestid,
- 'Issuer' => $issuer,
- 'RelayState' => $requestid
- );
-
- $spEntityId = $requestcache['Issuer'];
- $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'adfs-sp-remote');
-
- SimpleSAML\Logger::info('ADFS - IdP.prp: Incoming Authentication request: '.$issuer.' id '.$requestid);
-
- } catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('PROCESSAUTHNREQUEST', $exception);
- }
-
- $sessionLostURL = NULL; // TODO?
- $forceAuthn = FALSE;
- $isPassive = FALSE;
-
- $state = array(
- 'Responder' => array('sspmod_adfs_IdP_ADFS', 'sendResponse'),
- 'SPMetadata' => $spMetadata->toArray(),
- 'ForceAuthn' => $forceAuthn,
- 'isPassive' => $isPassive,
- 'adfs:wctx' => $wctx,
- );
-
- $idp->handleAuthenticationRequest($state);
- }
-
- public static function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes) {
- $issueInstant = SimpleSAML\Utils\Time::generateTimestamp();
- $notBefore = SimpleSAML\Utils\Time::generateTimestamp(time() - 30);
- $assertionExpire = SimpleSAML\Utils\Time::generateTimestamp(time() + 60 * 5);
- $assertionID = SimpleSAML\Utils\Random::generateID();
- $nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
- $result =
-'<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
- <wst:RequestedSecurityToken>
- <saml:Assertion Issuer="' . $issuer . '" IssueInstant="' . $issueInstant . '" AssertionID="' . $assertionID . '" MinorVersion="1" MajorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
- <saml:Conditions NotOnOrAfter="' . $assertionExpire . '" NotBefore="' . $notBefore . '">
- <saml:AudienceRestrictionCondition>
- <saml:Audience>' . $target .'</saml:Audience>
- </saml:AudienceRestrictionCondition>
- </saml:Conditions>
- <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="' . $issueInstant . '">
- <saml:Subject>
- <saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
- </saml:Subject>
- </saml:AuthenticationStatement>
- <saml:AttributeStatement>
- <saml:Subject>
- <saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
- </saml:Subject>';
- foreach ($attributes as $name => $values) {
- if ((!is_array($values)) || (count($values) == 0)) continue;
- $hasValue = FALSE;
- $r = '<saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="' . htmlspecialchars($name) .'">';
- foreach ($values as $value) {
- if ( (!isset($value)) || ($value === '')) continue;
- $r .= '<saml:AttributeValue>' . htmlspecialchars($value) . '</saml:AttributeValue>';
- $hasValue = TRUE;
- }
- $r .= '</saml:Attribute>';
- if ($hasValue) $result .= $r;
- }
- $result .= '
- </saml:AttributeStatement>
- </saml:Assertion>
+class sspmod_adfs_IdP_ADFS
+{
+ public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
+ {
+ try {
+ // accomodate for disfunctional $_GET "windows" slash decoding in PHP
+ $wctx = $_GET['wctx'];
+ foreach (explode('&', $_SERVER['REQUEST_URI']) as $e) {
+ $a = explode('=', $e);
+ if ($a[0] == 'wctx') {
+ $wctx = urldecode($a[1]);
+ }
+ }
+ $requestid = $wctx;
+ $issuer = $_GET['wtrealm'];
+ $requestcache = array(
+ 'RequestID' => $requestid,
+ 'Issuer' => $issuer,
+ 'RelayState' => $requestid
+ );
+
+ $spEntityId = $requestcache['Issuer'];
+ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+ $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'adfs-sp-remote');
+
+ SimpleSAML\Logger::info('ADFS - IdP.prp: Incoming Authentication request: '.$issuer.' id '.$requestid);
+
+ } catch(Exception $exception) {
+ throw new SimpleSAML_Error_Error('PROCESSAUTHNREQUEST', $exception);
+ }
+
+ $sessionLostURL = null; // TODO?
+ $forceAuthn = false;
+ $isPassive = false;
+
+ $state = array(
+ 'Responder' => array('sspmod_adfs_IdP_ADFS', 'sendResponse'),
+ 'SPMetadata' => $spMetadata->toArray(),
+ 'ForceAuthn' => $forceAuthn,
+ 'isPassive' => $isPassive,
+ 'adfs:wctx' => $wctx,
+ );
+
+ $idp->handleAuthenticationRequest($state);
+ }
+
+ public static function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes)
+ {
+ $issueInstant = SimpleSAML\Utils\Time::generateTimestamp();
+ $notBefore = SimpleSAML\Utils\Time::generateTimestamp(time() - 30);
+ $assertionExpire = SimpleSAML\Utils\Time::generateTimestamp(time() + 60 * 5);
+ $assertionID = SimpleSAML\Utils\Random::generateID();
+ $nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
+ $nameid = htmlspecialchars($nameid);
+
+ $result = <<<MSG
+<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
+ <wst:RequestedSecurityToken>
+ <saml:Assertion Issuer="$issuer" IssueInstant="$issueInstant" AssertionID="$assertionID" MinorVersion="1" MajorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:Conditions NotOnOrAfter="$assertionExpire" NotBefore="$notBefore">
+ <saml:AudienceRestrictionCondition>
+ <saml:Audience>$target</saml:Audience>
+ </saml:AudienceRestrictionCondition>
+ </saml:Conditions>
+ <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="$issueInstant">
+ <saml:Subject>
+ <saml:NameIdentifier Format="$nameidFormat">$nameid</saml:NameIdentifier>
+ </saml:Subject>
+ </saml:AuthenticationStatement>
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier Format="$nameidFormat">$nameid</saml:NameIdentifier>
+ </saml:Subject>
+MSG;
+
+ foreach ($attributes as $name => $values) {
+ if ((!is_array($values)) || (count($values) == 0)) {
+ continue;
+ }
+ $name = $htmlspecialchars($name);
+ foreach ($values as $value) {
+ if ((!isset($value)) || ($value === '')) {
+ continue;
+ }
+ $value = htmlspecialchars($value);
+
+ $result .= <<<MSG
+ <saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="$name">
+ <saml:AttributeValue>$value</saml:AttributeValue>
+ </saml:Attribute>
+MSG;
+
+ }
+ }
+
+ $result .= <<<MSG
+ </saml:AttributeStatement>
+ </saml:Assertion>
</wst:RequestedSecurityToken>
- <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
- <wsa:Address>' . $target . '</wsa:Address>
- </wsa:EndpointReference></wsp:AppliesTo>
- </wst:RequestSecurityTokenResponse>';
- return $result;
- }
-
- public static function ADFS_SignResponse($response, $key, $cert) {
- $objXMLSecDSig = new XMLSecurityDSig();
- $objXMLSecDSig->idKeys = array('AssertionID');
- $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
- $responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
- $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
- $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
- array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
- array('id_name' => 'AssertionID'));
- $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
- $objKey->loadKey($key, TRUE);
- $objXMLSecDSig->sign($objKey);
- if ($cert) {
- $public_cert = file_get_contents($cert);
- $objXMLSecDSig->add509Cert($public_cert, TRUE);
- }
- $newSig = $responsedom->importNode($objXMLSecDSig->sigNode, TRUE);
- $firstassertionroot->appendChild($newSig);
- return $responsedom->saveXML();
- }
-
- public static function ADFS_PostResponse($url, $wresult, $wctx) {
- print '
-<body onload="document.forms[0].submit()"><form method="post" action="' . $url . '" enctype="multipart/form-data">
- <input type="hidden" name="wa" value="wsignin1.0">
- <input type="hidden" name="wresult" value="' . htmlspecialchars($wresult) . '">
- <input type="hidden" name="wctx" value="' . htmlspecialchars($wctx) . '">
- <noscript><input type="submit" value="Continue"></noscript>
-</form></body>';
- exit;
- }
-
- public static function sendResponse(array $state) {
- $spMetadata = $state["SPMetadata"];
- $spEntityId = $spMetadata['entityid'];
- $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata,
- '$metadata[' . var_export($spEntityId, TRUE) . ']');
-
- $attributes = $state['Attributes'];
-
- $nameidattribute = $spMetadata->getValue('simplesaml.nameidattribute');
- if (!empty($nameidattribute)) {
- if (!array_key_exists($nameidattribute, $attributes)) {
- throw new Exception('simplesaml.nameidattribute does not exist in resulting attribute set');
- }
- $nameid = $attributes[$nameidattribute][0];
- } else {
- $nameid = SimpleSAML\Utils\Random::generateID();
- }
-
- $idp = SimpleSAML_IdP::getByState($state);
- $idpMetadata = $idp->getConfig();
- $idpEntityId = $idpMetadata->getString('entityid');
-
- $idp->addAssociation(array(
- 'id' => 'adfs:' . $spEntityId,
- 'Handler' => 'sspmod_adfs_IdP_ADFS',
- 'adfs:entityID' => $spEntityId,
- ));
-
- $response = sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse($idpEntityId, $spEntityId, $nameid, $attributes);
-
- $privateKeyFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('privatekey'));
- $certificateFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('certificate'));
- $wresult = sspmod_adfs_IdP_ADFS::ADFS_SignResponse($response, $privateKeyFile, $certificateFile);
-
- $wctx = $state['adfs:wctx'];
- sspmod_adfs_IdP_ADFS::ADFS_PostResponse($spMetadata->getValue('prp'), $wresult, $wctx);
- }
+ <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
+ <wsa:Address>$target</wsa:Address>
+ </wsa:EndpointReference>
+ </wsp:AppliesTo>
+</wst:RequestSecurityTokenResponse>
+MSG;
+
+ return $result;
+ }
+
+ public static function ADFS_SignResponse($response, $key, $cert)
+ {
+ $objXMLSecDSig = new XMLSecurityDSig();
+ $objXMLSecDSig->idKeys = array('AssertionID');
+ $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
+ $responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
+ $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
+ $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
+ array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
+ array('id_name' => 'AssertionID'));
+ $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
+ $objKey->loadKey($key, true);
+ $objXMLSecDSig->sign($objKey);
+ if ($cert) {
+ $public_cert = file_get_contents($cert);
+ $objXMLSecDSig->add509Cert($public_cert, true);
+ }
+ $newSig = $responsedom->importNode($objXMLSecDSig->sigNode, true);
+ $firstassertionroot->appendChild($newSig);
+ return $responsedom->saveXML();
+ }
+
+ public static function ADFS_PostResponse($url, $wresult, $wctx)
+ {
+ $wresult = htmlspecialchars($wresult);
+ $wctx = htmlspecialchars($wctx);
+
+ $post = <<<MSG
+ <body onload="document.forms[0].submit()">
+ <form method="post" action="$url" enctype="multipart/form-data">
+ <input type="hidden" name="wa" value="wsignin1.0">
+ <input type="hidden" name="wresult" value="$wresult">
+ <input type="hidden" name="wctx" value="$wctx">
+ <noscript>
+ <input type="submit" value="Continue">
+ </noscript>
+ </form>
+ </body>
+MSG;
+
+ echo $post;
+ exit;
+ }
+
+ public static function sendResponse(array $state)
+ {
+ $spMetadata = $state["SPMetadata"];
+ $spEntityId = $spMetadata['entityid'];
+ $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata,
+ '$metadata[' . var_export($spEntityId, true) . ']');
+
+ $attributes = $state['Attributes'];
+
+ $nameidattribute = $spMetadata->getValue('simplesaml.nameidattribute');
+ if (!empty($nameidattribute)) {
+ if (!array_key_exists($nameidattribute, $attributes)) {
+ throw new Exception('simplesaml.nameidattribute does not exist in resulting attribute set');
+ }
+ $nameid = $attributes[$nameidattribute][0];
+ } else {
+ $nameid = SimpleSAML\Utils\Random::generateID();
+ }
+
+ $idp = SimpleSAML_IdP::getByState($state);
+ $idpMetadata = $idp->getConfig();
+ $idpEntityId = $idpMetadata->getString('entityid');
+
+ $idp->addAssociation(array(
+ 'id' => 'adfs:' . $spEntityId,
+ 'Handler' => 'sspmod_adfs_IdP_ADFS',
+ 'adfs:entityID' => $spEntityId,
+ ));
+
+ $response = sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse($idpEntityId, $spEntityId, $nameid, $attributes);
+
+ $privateKeyFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('privatekey'));
+ $certificateFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('certificate'));
+ $wresult = sspmod_adfs_IdP_ADFS::ADFS_SignResponse($response, $privateKeyFile, $certificateFile);
+
+ $wctx = $state['adfs:wctx'];
+ sspmod_adfs_IdP_ADFS::ADFS_PostResponse($spMetadata->getValue('prp'), $wresult, $wctx);
+ }
/*
- public static function handleAuthError(SimpleSAML_Error_Exception $exception, array $state) {
- }
+ public static function handleAuthError(SimpleSAML_Error_Exception $exception, array $state)
+ {
+ }
*/
- public static function sendLogoutResponse(SimpleSAML_IdP $idp, array $state) {
- // NB:: we don't know from which SP the logout request came from
- $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- $idpMetadata = $idp->getConfig();
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($idpMetadata->getValue('redirect-after-logout', \SimpleSAML\Utils\HTTP::getBaseURL()));
- }
-
- public static function receiveLogoutMessage(SimpleSAML_IdP $idp) {
- // if a redirect is to occur based on wreply, we will redirect to url as
- // this implies an override to normal sp notification
- if(isset($_GET['wreply']) && !empty($_GET['wreply'])) {
- $idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['wreply']));
- assert(FALSE);
- }
-
- $state = array(
- 'Responder' => array('sspmod_adfs_IdP_ADFS', 'sendLogoutResponse'),
- );
- $assocId = NULL;
- // TODO: verify that this is really no problem for:
- // a) SSP, because there's no caller SP.
- // b) ADFS SP because caller will be called back..
- $idp->handleLogoutRequest($state, $assocId);
- }
-
- // accepts an association array, and returns a URL that can be accessed to terminate the association
- public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState) {
- $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- $idpMetadata = $idp->getConfig();
- $spMetadata = $metadata->getMetaDataConfig($association['adfs:entityID'], 'adfs-sp-remote');
- $returnTo = SimpleSAML\Module::getModuleURL('adfs/idp/prp.php?assocId=' . urlencode($association["id"]) . '&relayState=' . urlencode($relayState));
- return $spMetadata->getValue('prp') . '?' . 'wa=wsignoutcleanup1.0&wreply=' . urlencode($returnTo);
- }
+ public static function sendLogoutResponse(SimpleSAML_IdP $idp, array $state)
+ {
+ // NB:: we don't know from which SP the logout request came from
+ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+ $idpMetadata = $idp->getConfig();
+ \SimpleSAML\Utils\HTTP::redirectTrustedURL($idpMetadata->getValue('redirect-after-logout', \SimpleSAML\Utils\HTTP::getBaseURL()));
+ }
+
+ public static function receiveLogoutMessage(SimpleSAML_IdP $idp)
+ {
+ // if a redirect is to occur based on wreply, we will redirect to url as
+ // this implies an override to normal sp notification
+ if (isset($_GET['wreply']) && !empty($_GET['wreply'])) {
+ $idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['wreply']));
+ assert('false');
+ }
+
+ $state = array(
+ 'Responder' => array('sspmod_adfs_IdP_ADFS', 'sendLogoutResponse'),
+ );
+ $assocId = null;
+ // TODO: verify that this is really no problem for:
+ // a) SSP, because there's no caller SP.
+ // b) ADFS SP because caller will be called back..
+ $idp->handleLogoutRequest($state, $assocId);
+ }
+
+ // accepts an association array, and returns a URL that can be accessed to terminate the association
+ public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState)
+ {
+ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+ $idpMetadata = $idp->getConfig();
+ $spMetadata = $metadata->getMetaDataConfig($association['adfs:entityID'], 'adfs-sp-remote');
+ $returnTo = SimpleSAML\Module::getModuleURL('adfs/idp/prp.php?assocId=' . urlencode($association["id"]) . '&relayState=' . urlencode($relayState));
+ return $spMetadata->getValue('prp') . '?' . 'wa=wsignoutcleanup1.0&wreply=' . urlencode($returnTo);
+ }
}
diff --git a/modules/adfs/lib/SAML2/XML/fed/Const.php b/modules/adfs/lib/SAML2/XML/fed/Const.php
index 2603b3562b2e69de6abd220f7f5cb4848ddea5bc..d24436ca32e6033db669d6cd5e986b8ae9f39b86 100644
--- a/modules/adfs/lib/SAML2/XML/fed/Const.php
+++ b/modules/adfs/lib/SAML2/XML/fed/Const.php
@@ -4,9 +4,10 @@
*
* @package SimpleSAMLphp
*/
-class sspmod_adfs_SAML2_XML_fed_Const {
- /**
- * The namespace for WS-FED protocol.
- */
- const NS_FED = 'http://docs.oasis-open.org/wsfed/federation/200706';
+class sspmod_adfs_SAML2_XML_fed_Const
+{
+ /**
+ * The namespace for WS-FED protocol.
+ */
+ const NS_FED = 'http://docs.oasis-open.org/wsfed/federation/200706';
}
diff --git a/modules/adfs/lib/SAML2/XML/fed/Endpoint.php b/modules/adfs/lib/SAML2/XML/fed/Endpoint.php
index a5c10c1d94b52f5cb4743f3ed99bc4768ad9ca29..8adcc9337700acf836a80fd09710002cca44a80d 100644
--- a/modules/adfs/lib/SAML2/XML/fed/Endpoint.php
+++ b/modules/adfs/lib/SAML2/XML/fed/Endpoint.php
@@ -4,28 +4,29 @@
*
* @package SimpleSAMLphp
*/
-class sspmod_adfs_SAML2_XML_fed_Endpoint {
- /**
- * Add this endpoint to an XML element.
- *
- * @param DOMElement $parent The element we should append this endpoint to.
- * @param string $name The name of the element we should create.
- */
- public static function appendXML(DOMElement $parent, $name, $address) {
- assert('is_string($name)');
- assert('is_string($address)');
+class sspmod_adfs_SAML2_XML_fed_Endpoint
+{
+ /**
+ * Add this endpoint to an XML element.
+ *
+ * @param DOMElement $parent The element we should append this endpoint to.
+ * @param string $name The name of the element we should create.
+ */
+ public static function appendXML(DOMElement $parent, $name, $address)
+ {
+ assert('is_string($name)');
+ assert('is_string($address)');
- $e = $parent->ownerDocument->createElement($name);
- $parent->appendChild($e);
+ $e = $parent->ownerDocument->createElement($name);
+ $parent->appendChild($e);
- $endpoint = $parent->ownerDocument->createElement('EndpointReference');
- $endpoint->setAttribute('xmlns', 'http://www.w3.org/2005/08/addressing');
- $e->appendChild($endpoint);
+ $endpoint = $parent->ownerDocument->createElement('EndpointReference');
+ $endpoint->setAttribute('xmlns', 'http://www.w3.org/2005/08/addressing');
+ $e->appendChild($endpoint);
- $address = $parent->ownerDocument->createElement('Address', $address);
- $endpoint->appendChild($address);
-
- return $e;
- }
+ $address = $parent->ownerDocument->createElement('Address', $address);
+ $endpoint->appendChild($address);
+ return $e;
+ }
}
diff --git a/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php b/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
index 7e8a89878d2588fc580a6b217ce8f939a9897982..c57c06280aac3401f7ddcb68cc0a737c680fd51e 100644
--- a/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
+++ b/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
@@ -4,52 +4,52 @@
*
* @package SimpleSAMLphp
*/
-class sspmod_adfs_SAML2_XML_fed_SecurityTokenServiceType extends SAML2_XML_md_RoleDescriptor {
-
- /**
- * List of supported protocols.
- *
- * @var array
- */
- public $protocolSupportEnumeration = array(sspmod_adfs_SAML2_XML_fed_Const::NS_FED);
-
- /**
- * The Location of Services.
- *
- * @var string
- */
- public $Location;
-
- /**
- * Initialize a SecurityTokenServiceType element.
- *
- * @param DOMElement|NULL $xml The XML element we should load.
- */
- public function __construct(DOMElement $xml = NULL) {
-
- parent::__construct('RoleDescriptor', $xml);
-
- if ($xml === NULL) {
- return;
- }
- }
-
- /**
- * Convert this SecurityTokenServiceType RoleDescriptor to XML.
- *
- * @param DOMElement $parent The element we should add this contact to.
- * @return DOMElement The new ContactPerson-element.
- */
- public function toXML(DOMElement $parent) {
- assert('is_string($this->Location)');
-
- $e = parent::toXML($parent);
- $e->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:fed', sspmod_adfs_SAML2_XML_fed_Const::NS_FED);
- $e->setAttributeNS(\SAML2\Constants::NS_XSI, 'xsi:type', 'fed:SecurityTokenServiceType');
- sspmod_adfs_SAML2_XML_fed_TokenTypesOffered::appendXML($e);
- sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'SecurityTokenServiceEndpoint', $this->Location);
- sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'fed:PassiveRequestorEndpoint', $this->Location);
-
- return $e;
- }
+class sspmod_adfs_SAML2_XML_fed_SecurityTokenServiceType extends SAML2_XML_md_RoleDescriptor
+{
+ /**
+ * List of supported protocols.
+ *
+ * @var array
+ */
+ public $protocolSupportEnumeration = array(sspmod_adfs_SAML2_XML_fed_Const::NS_FED);
+
+ /**
+ * The Location of Services.
+ *
+ * @var string
+ */
+ public $Location;
+
+ /**
+ * Initialize a SecurityTokenServiceType element.
+ *
+ * @param DOMElement|null $xml The XML element we should load.
+ */
+ public function __construct(DOMElement $xml = null)
+ {
+ parent::__construct('RoleDescriptor', $xml);
+ if ($xml === null) {
+ return;
+ }
+ }
+
+ /**
+ * Convert this SecurityTokenServiceType RoleDescriptor to XML.
+ *
+ * @param DOMElement $parent The element we should add this contact to.
+ * @return DOMElement The new ContactPerson-element.
+ */
+ public function toXML(DOMElement $parent)
+ {
+ assert('is_string($this->Location)');
+
+ $e = parent::toXML($parent);
+ $e->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:fed', sspmod_adfs_SAML2_XML_fed_Const::NS_FED);
+ $e->setAttributeNS(\SAML2\Constants::NS_XSI, 'xsi:type', 'fed:SecurityTokenServiceType');
+ sspmod_adfs_SAML2_XML_fed_TokenTypesOffered::appendXML($e);
+ sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'SecurityTokenServiceEndpoint', $this->Location);
+ sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'fed:PassiveRequestorEndpoint', $this->Location);
+
+ return $e;
+ }
}
diff --git a/modules/adfs/lib/SAML2/XML/fed/TokenTypesOffered.php b/modules/adfs/lib/SAML2/XML/fed/TokenTypesOffered.php
index 8db01dd6cb978019084b7478506cab2f3eed38bf..280b80c3aecd261a764a2d1efb3ad74285bacb2f 100644
--- a/modules/adfs/lib/SAML2/XML/fed/TokenTypesOffered.php
+++ b/modules/adfs/lib/SAML2/XML/fed/TokenTypesOffered.php
@@ -4,22 +4,22 @@
*
* @package SimpleSAMLphp
*/
-class sspmod_adfs_SAML2_XML_fed_TokenTypesOffered {
- /**
- * Add tokentypesoffered to an XML element.
- *
- * @param DOMElement $parent The element we should append this endpoint to.
- */
- public static function appendXML(DOMElement $parent) {
+class sspmod_adfs_SAML2_XML_fed_TokenTypesOffered
+{
+ /**
+ * Add tokentypesoffered to an XML element.
+ *
+ * @param DOMElement $parent The element we should append this endpoint to.
+ */
+ public static function appendXML(DOMElement $parent)
+ {
+ $e = $parent->ownerDocument->createElementNS(sspmod_adfs_SAML2_XML_fed_Const::NS_FED, 'fed:TokenTypesOffered');
+ $parent->appendChild($e);
- $e = $parent->ownerDocument->createElementNS(sspmod_adfs_SAML2_XML_fed_Const::NS_FED, 'fed:TokenTypesOffered');
- $parent->appendChild($e);
-
- $tokentype = $parent->ownerDocument->createElementNS(sspmod_adfs_SAML2_XML_fed_Const::NS_FED, 'fed:TokenType');
- $tokentype->setAttribute('Uri', 'urn:oasis:names:tc:SAML:1.0:assertion');
- $e->appendChild($tokentype);
-
- return $e;
- }
+ $tokentype = $parent->ownerDocument->createElementNS(sspmod_adfs_SAML2_XML_fed_Const::NS_FED, 'fed:TokenType');
+ $tokentype->setAttribute('Uri', 'urn:oasis:names:tc:SAML:1.0:assertion');
+ $e->appendChild($tokentype);
+ return $e;
+ }
}
diff --git a/modules/adfs/lib/XMLSecurityDSig.php b/modules/adfs/lib/XMLSecurityDSig.php
index b851a18cdadaa01dfa1ec4897f0231fe65dd1766..80b029efb40859f8bc0714eccf9385a57dcec862 100644
--- a/modules/adfs/lib/XMLSecurityDSig.php
+++ b/modules/adfs/lib/XMLSecurityDSig.php
@@ -12,14 +12,16 @@
* @author Daniel Tsosie
* @package SimpleSAMLphp
*/
-class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
-
- function __construct($metaxml) {
+class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig
+{
+ function __construct($metaxml)
+ {
$template = '';
- if (strpos("\n", $metaxml) === FALSE) {
- foreach (explode("\n", self::template) as $line)
+ if (strpos("\n", $metaxml) === false) {
+ foreach (explode("\n", self::template) as $line) {
$template .= trim($line);
+ }
} else {
$template = self::template;
}
diff --git a/modules/adfs/www/idp/prp.php b/modules/adfs/www/idp/prp.php
index e30ce4d0b69728ea34ba0780a56022436b8e8ace..807e36506f73c45484d07c3773521ad3c9deddc6 100644
--- a/modules/adfs/www/idp/prp.php
+++ b/modules/adfs/www/idp/prp.php
@@ -13,16 +13,16 @@ $idpEntityId = $metadata->getMetaDataCurrentEntityID('adfs-idp-hosted');
$idp = SimpleSAML_IdP::getById('adfs:' . $idpEntityId);
if (isset($_GET['wa'])) {
- if ($_GET['wa'] === 'wsignout1.0') {
- sspmod_adfs_IdP_ADFS::receiveLogoutMessage($idp);
- } else if ($_GET['wa'] === 'wsignin1.0') {
- sspmod_adfs_IdP_ADFS::receiveAuthnRequest($idp);
- }
- assert('FALSE');
-} elseif(isset($_GET['assocId'])) {
- // logout response from ADFS SP
- $assocId = $_GET['assocId']; // Association ID of the SP that sent the logout response
- $relayState = $_GET['relayState']; // Data that was sent in the logout request to the SP. Can be null
- $logoutError = NULL; /* NULL on success, or an instance of a SimpleSAML_Error_Exception on failure. */
- $idp->handleLogoutResponse($assocId, $relayState, $logoutError);
+ if ($_GET['wa'] === 'wsignout1.0') {
+ sspmod_adfs_IdP_ADFS::receiveLogoutMessage($idp);
+ } else if ($_GET['wa'] === 'wsignin1.0') {
+ sspmod_adfs_IdP_ADFS::receiveAuthnRequest($idp);
+ }
+ assert('false');
+} elseif (isset($_GET['assocId'])) {
+ // logout response from ADFS SP
+ $assocId = $_GET['assocId']; // Association ID of the SP that sent the logout response
+ $relayState = $_GET['relayState']; // Data that was sent in the logout request to the SP. Can be null
+ $logoutError = null; // null on success, or an instance of a SimpleSAML_Error_Exception on failure.
+ $idp->handleLogoutResponse($assocId, $relayState, $logoutError);
}