diff --git a/www/admin/metadata.php b/www/admin/metadata.php new file mode 100644 index 0000000000000000000000000000000000000000..2ddc42b521bed685044b6e9c31b08c8a74a64fb3 --- /dev/null +++ b/www/admin/metadata.php @@ -0,0 +1,105 @@ +<?php + +require_once('../../_include.php'); + +require_once('SimpleSAML/Utilities.php'); +require_once('SimpleSAML/Session.php'); +require_once('SimpleSAML/XML/MetaDataStore.php'); +require_once('SimpleSAML/XHTML/Template.php'); + +/* Load simpleSAMLphp, configuration and metadata */ +$config = SimpleSAML_Configuration::getInstance(); +$metadata = new SimpleSAML_XML_MetaDataStore($config); +$session = SimpleSAML_Session::getInstance(); + +try { + + $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted'); + $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); + + $publiccert = $config->getBaseDir() . '/cert/' . $idpmeta['certificate']; + + if (!file_exists($publiccert)) + throw new Exception('Could not find certificate [' . $publiccert . '] to attach to the authentication resposne'); + + $cert = file_get_contents($publiccert); + $data = XMLSecurityDSig::get509XCert($cert, true); + + + + + $metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?> + <EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + entityID="' . $idpentityid . '"> + <IDPSSODescriptor + WantAuthnRequestsSigned="false" + protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>' . $data . '</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + + + + <!-- Logout endpoints --> + <SingleLogoutService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="' . $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted') . '" + ResponseLocation="' . $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted') . '" + index="0" + isDefault="true" + /> + + + <!-- Supported Name Identifier Formats --> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + + <!-- AuthenticationRequest Consumer endpoint --> + <SingleSignOnService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="' . $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted') . '" + index="0" + isDefault="true" + /> + + </IDPSSODescriptor> +</EntityDescriptor>'; + + + if ($_GET['output'] == 'xml') { + header('Content-Type: application/xml'); + + echo $metaxml; + exit(0); + } + + + $defaultidp = $config->getValue('default-saml20-idp'); + + $et = new SimpleSAML_XHTML_Template($config, 'metadata.php'); + + + $et->data['header'] = 'SAML 2.0 IdP Metadata'; + $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml'); + $et->data['metadata'] = htmlentities($metaxml); + $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no')); + $et->data['defaultidp'] = $defaultidp; + + $et->show(); + +} catch(Exception $exception) { + + $et = new SimpleSAML_XHTML_Template($config, 'error.php'); + + $et->data['message'] = 'Some error occured when trying to generate metadata.'; + $et->data['e'] = $exception; + + $et->show(); + +} + +?> \ No newline at end of file