From 784c2cf8da66df6376c7901c247eedd71dab67ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Thu, 28 Aug 2008 19:50:21 +0000
Subject: [PATCH] First iteration of experimental support for Extended Identity
 Provider Discovery Protocol

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@845 44740490-163a-0410-bde0-09ae8108e29a
---
 .../source/simplesamlphp-advancedfeatures.xml |  2 +-
 docs/source/simplesamlphp-idp.xml             |  2 +-
 docs/source/simplesamlphp-modules.xml         |  2 +-
 lib/SimpleSAML/XHTML/IdPDisco.php             | 62 ++++++++++++++++++-
 4 files changed, 63 insertions(+), 5 deletions(-)

diff --git a/docs/source/simplesamlphp-advancedfeatures.xml b/docs/source/simplesamlphp-advancedfeatures.xml
index 278fcd394..c28c4f205 100644
--- a/docs/source/simplesamlphp-advancedfeatures.xml
+++ b/docs/source/simplesamlphp-advancedfeatures.xml
@@ -7,7 +7,7 @@
   <articleinfo>
     <date>...</date>
 
-    <pubdate>Thu Mar 27 20:44:55 2008</pubdate>
+    <pubdate>Thu Aug 28 16:24:40 2008</pubdate>
 
     <author>
       <firstname>Andreas Ă…kre</firstname>
diff --git a/docs/source/simplesamlphp-idp.xml b/docs/source/simplesamlphp-idp.xml
index 916c175c6..0b8e67e91 100644
--- a/docs/source/simplesamlphp-idp.xml
+++ b/docs/source/simplesamlphp-idp.xml
@@ -7,7 +7,7 @@
   <articleinfo>
     <date>2007-10-15</date>
 
-    <pubdate>Thu Aug 21 10:31:08 2008</pubdate>
+    <pubdate>Thu Aug 28 16:25:10 2008</pubdate>
 
     <author>
       <firstname>Andreas Ă…kre</firstname>
diff --git a/docs/source/simplesamlphp-modules.xml b/docs/source/simplesamlphp-modules.xml
index 1b771bdf2..2e1c8da97 100644
--- a/docs/source/simplesamlphp-modules.xml
+++ b/docs/source/simplesamlphp-modules.xml
@@ -7,7 +7,7 @@
   <articleinfo>
     <date>2008-08-21</date>
 
-    <pubdate>Thu Aug 21 10:45:26 2008</pubdate>
+    <pubdate>Thu Aug 28 16:26:12 2008</pubdate>
 
     <author>
       <firstname>Olav</firstname>
diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php
index 2b7c07c1c..b80b93d4d 100644
--- a/lib/SimpleSAML/XHTML/IdPDisco.php
+++ b/lib/SimpleSAML/XHTML/IdPDisco.php
@@ -4,7 +4,11 @@
  * This class implements a generic IdP discovery service, for use in various IdP
  * discovery service pages. This should reduce code duplication.
  *
+ * Experimental support added for Extended IdP Metadata Discovery Protocol by Andreas 2008-08-28
+ * More information: http://rnd.feide.no/content/extended-identity-provider-discovery-service-protocol
+ *
  * @author Olav Morken, UNINETT AS.
+ * @author Andreas Ă…kre Solberg <andreas@uninett.no>, UNINETT AS.
  * @package simpleSAMLphp
  * @version $Id$
  */
@@ -54,6 +58,17 @@ class SimpleSAML_XHTML_IdPDisco {
 	 * The entity id of the SP which accesses this IdP discovery service.
 	 */
 	private $spEntityId;
+	
+	/*
+	 * HTTP parameter from the request, indicating whether the discovery service
+	 * can interact with the user or not.
+	 */
+	private $isPassive;
+	
+	/*
+	 * The SP request to set the IdPentityID... 
+	 */
+	private $setIdPentityID = NULL;
 
 
 	/**
@@ -114,6 +129,15 @@ class SimpleSAML_XHTML_IdPDisco {
 		} else {
 			$this->returnURL = $_GET['return'];
 		}
+		
+		$this->isPassive = FALSE;
+		if (!array_key_exists('isPassive', $_GET)) {
+			if ($_GET['isPassive'] === 'true') $this->isPassive = TRUE;
+		}
+		
+		if (!array_key_exists('IdPentityID', $_GET)) {
+			$setIdPentityID = $_GET['IdPentityID'];
+		}
 
 	}
 
@@ -186,6 +210,10 @@ class SimpleSAML_XHTML_IdPDisco {
 			return NULL;
 		}
 
+		if(!$this->config->getBoolean('idpdisco.validate', TRUE)) {
+			return $idp;
+		}
+
 		try {
 			$this->metadata->getMetaData($idp, $this->discoType['metadata']);
 			return $idp;
@@ -206,6 +234,15 @@ class SimpleSAML_XHTML_IdPDisco {
 	 */
 	private function getSelectedIdP() {
 
+
+		/*
+		 * Parameter set from the Extended IdP Metadata Discovery Service Protocol
+		 */
+		if(array_key_exists('IdPentityID', $_GET)) {
+			return $this->validateIdP($_GET['IdPentityID']);
+		}
+
+		// Set by the user, clicking on a link
 		if(array_key_exists('idpentityid', $_GET)) {
 			return $this->validateIdP($_GET['idpentityid']);
 		}
@@ -346,8 +383,29 @@ class SimpleSAML_XHTML_IdPDisco {
 
 		$idp = $this->getTargetIdp();
 		if($idp !== NULL) {
-			$this->log('Choice made [' . $idp . '] (Redirecting the user back)');
-			SimpleSAML_Utilities::redirect($this->returnURL, array($this->returnIdParam => $idp));
+		
+			if ($this->config->getValue('idpdisco.extDiscoveryStorage', NULL) != NULL) {
+				$extDiscoveryStorage = $this->config->getValue('idpdisco.extDiscoveryStorage');
+				$this->log('Choice made [' . $idp . '] (Forwarding to external discovery storage)');
+				SimpleSAML_Utilities::redirect($extDiscoveryStorage, array(
+					$this->returnIdParam => $idp,
+					'IdPentityID' => $idp,
+					'returnIdParam' => $this->returnIdParam,
+					'isPassive' => 'true',
+					'return' => $this->returnURL
+				));
+				
+			} else {
+				$this->log('Choice made [' . $idp . '] (Redirecting the user back)');
+				SimpleSAML_Utilities::redirect($this->returnURL, array($this->returnIdParam => $idp));
+			}
+			
+			return;
+		}
+		
+		if ($this->isPassive) {
+			$this->log('Choice not made. (Redirecting the user back without answer)');
+			SimpleSAML_Utilities::redirect($this->returnURL);
 			return;
 		}
 
-- 
GitLab