diff --git a/docs/simplesamlphp-artifact-idp.md b/docs/simplesamlphp-artifact-idp.md index 75286aeaf58da4f7316b5f3d499453650a7d98f2..6d993fa9e6f374eac9b8599f09d1dca4a236ea0a 100644 --- a/docs/simplesamlphp-artifact-idp.md +++ b/docs/simplesamlphp-artifact-idp.md @@ -35,7 +35,7 @@ Enabling artifact on the IdP To enable the IdP to send artifacts, you must add the `saml20.sendartifact` option to the `saml20-idp-hosted` metadata file: - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:example-idp'] = [ [....] 'auth' => 'example-userpass', 'saml20.sendartifact' => TRUE, @@ -89,7 +89,7 @@ You may therefore have to add the webserver certificate to the metadata that you To do this, you need to set the `https.certificate` option in the `saml20-idp-hosted` metadata file. That option should refer to a file containing the webserver certificate. - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:example-idp'] = [ [....] 'auth' => 'example-userpass', 'saml20.sendartifact' => TRUE, diff --git a/docs/simplesamlphp-authproc.md b/docs/simplesamlphp-authproc.md index 478070c5cc575bcf217883f44c60cd3c2673eb79..a8ab604b702e70fc4064d528c7ef51eff36bbfc8 100644 --- a/docs/simplesamlphp-authproc.md +++ b/docs/simplesamlphp-authproc.md @@ -98,15 +98,17 @@ The filters in `authproc.sp` will be executed at the SP side regardless of which Filters can be added both in `hosted` and `remote` metadata. Here is an example of a filter added in a metadata file: - '__DYNAMIC:1__' => [ - 'host' => '__DEFAULT_', - 'privatekey' => 'example.org.pem', - 'certificate' => 'example.org.crt', - 'auth' => 'feide', - 'authproc' => [ - 40 => 'core:TargetedID', - ], - ] +```php +'urn:x-simplesamlphp:example-idp' => [ + 'host' => '__DEFAULT_', + 'privatekey' => 'example.org.pem', + 'certificate' => 'example.org.crt', + 'auth' => 'feide', + 'authproc' => [ + 40 => 'core:TargetedID', + ], +] +``` The example above is in `saml20-idp-hosted`. diff --git a/docs/simplesamlphp-customauth.md b/docs/simplesamlphp-customauth.md index 83013f0860e4b9f074c0be7bb3de62dd9c790467..cb3fe97739167c30ea7f2e80e45c9af937792acf 100644 --- a/docs/simplesamlphp-customauth.md +++ b/docs/simplesamlphp-customauth.md @@ -120,7 +120,7 @@ In that file you should locate the `auth`-option for your IdP, and change it to <?php /* ... */ - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:example-idp'] = [ /* ... */ /* * Authentication source to use. Must be one that is configured in diff --git a/docs/simplesamlphp-ecp-idp.md b/docs/simplesamlphp-ecp-idp.md index 566df182d610f989b349ee5a74aa4631d5ff3f3d..c61818dcc437672139091ec900ba4bf3b4736bbc 100644 --- a/docs/simplesamlphp-ecp-idp.md +++ b/docs/simplesamlphp-ecp-idp.md @@ -19,7 +19,7 @@ Enabling ECP Profile on the IdP To enable the IdP to send ECP assertions you must add the `saml20.ecp` option to the `saml20-idp-hosted` metadata file: - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:example-idp'] = [ [....] 'auth' => 'example-userpass', 'saml20.ecp' => true, diff --git a/docs/simplesamlphp-googleapps.md b/docs/simplesamlphp-googleapps.md index e0ac5fc4f119f3307a8274280002f97053f9e7c4..4086994a02f73855c9c8df89bdf5ce51287cf7fe 100644 --- a/docs/simplesamlphp-googleapps.md +++ b/docs/simplesamlphp-googleapps.md @@ -130,18 +130,20 @@ If you want to setup a SAML 2.0 IdP for Google Workspace, you need to configure This is the configuration of the IdP itself. Here is some example config: - // The SAML entity ID is the index of this config. Dynamic:X will automatically generate an entity ID (recommended) - $metadata['__DYNAMIC:1__'] => [ - - // The hostname of the server (VHOST) that this SAML entity will use. - 'host' => '__DEFAULT__', - - // X.509 key and certificate. Relative to the cert directory. - 'privatekey' => 'googleworkspaceidp.pem', - 'certificate' => 'googleappsidp.crt', - - 'auth' => 'example-userpass', - ] +```php +// The SAML entity ID is the index of this config. +$metadata['urn:x-simplesamlphp:example-idp'] => [ + + // The hostname of the server (VHOST) that this SAML entity will use. + 'host' => '__DEFAULT__', + + // X.509 key and certificate. Relative to the cert directory. + 'privatekey' => 'googleworkspaceidp.pem', + 'certificate' => 'googleappsidp.crt', + + 'auth' => 'example-userpass', +] +``` **Note**: You can only have one entry in the file with host equal to `__DEFAULT__`, therefore you should replace the existing entry with this one, instead of adding this entry as a new entry in the file. diff --git a/docs/simplesamlphp-hok-idp.md b/docs/simplesamlphp-hok-idp.md index 7bf375e1b332baaaa0f53f2309b53a813defbda6..872fc05bfa7b1effb697a926a3226d953279a9f6 100644 --- a/docs/simplesamlphp-hok-idp.md +++ b/docs/simplesamlphp-hok-idp.md @@ -29,7 +29,7 @@ Enabling HoK SSO Profile on the IdP To enable the IdP to send HoK assertions you must add the `saml20.hok.assertion` option to the `saml20-idp-hosted` metadata file: - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:example-idp'] = [ [....] 'auth' => 'example-userpass', 'saml20.hok.assertion' => TRUE, diff --git a/docs/simplesamlphp-idp.md b/docs/simplesamlphp-idp.md index 20847f247f08e4db89181279a4087bc39779ff24..2ba329a11222b7cadfcbd13fcc2e508dc59d6427 100644 --- a/docs/simplesamlphp-idp.md +++ b/docs/simplesamlphp-idp.md @@ -142,7 +142,7 @@ The SAML 2.0 IdP is configured by the metadata stored in This is a minimal configuration: <?php - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:example-idp'] = [ /* * The hostname for this IdP. This makes it possible to run multiple * IdPs from the same configuration. '__DEFAULT__' means that this one diff --git a/docs/simplesamlphp-metadata-extensions-rpi.md b/docs/simplesamlphp-metadata-extensions-rpi.md index f824f6ae275f3260c33ea4e45c9203688b5b6631..9371cd89c2e71e0352ca8852b128aa58d888ed1e 100644 --- a/docs/simplesamlphp-metadata-extensions-rpi.md +++ b/docs/simplesamlphp-metadata-extensions-rpi.md @@ -72,7 +72,7 @@ Service Provider: Identity Provider: - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:example-idp'] = [ 'host' => '__DEFAULT__', ... 'RegistrationInfo' => [ diff --git a/docs/simplesamlphp-modules.md b/docs/simplesamlphp-modules.md index c53527ff4d3eb68161b47b6bd7fcb5dfcddfa809..15fcdf08dd12ba7280c7c126a5818b99f3f3d185 100644 --- a/docs/simplesamlphp-modules.md +++ b/docs/simplesamlphp-modules.md @@ -154,7 +154,7 @@ this: To use this authentication source in a SAML 2.0 IdP, set the `auth`-option of the IdP to `'example-static'`: - '__DYNAMIC:1__' => [ + 'urn:x-simplesamlphp:example-idp' => [ 'host' => '__DEFAULT__', 'privatekey' => 'example.org.pem', 'certificate' => 'example.org.crt', diff --git a/docs/simplesamlphp-reference-idp-hosted.md b/docs/simplesamlphp-reference-idp-hosted.md index ea64aa3b30424d87a294546bd1efb9e4cb907e83..25d7fc7259ffbdd5ce28f980f52e7d6bb91fcf6b 100644 --- a/docs/simplesamlphp-reference-idp-hosted.md +++ b/docs/simplesamlphp-reference-idp-hosted.md @@ -18,9 +18,7 @@ Both files have the following format: ]; /* ... */ -The entity ID should be an URI. It can, also be on the form -`__DYNAMIC:1__`, `__DYNAMIC:2__`, `...`. In that case, the entity ID -will be generated automatically. +The entity ID should be an URI. The `host` option is the hostname of the IdP, and will be used to select the correct configuration. One entry in the metadata-list can @@ -392,11 +390,8 @@ These are some examples of IdP metadata ### Minimal SAML 2.0 IdP ### <?php - /* - * We use the '__DYNAMIC:1__' entity ID so that the entity ID - * will be autogenerated. - */ - $metadata['__DYNAMIC:1__'] = [ + + $metadata['urn:x-simplesamlphp:example-idp'] = [ /* * We use '__DEFAULT__' as the hostname so we won't have to * enter a hostname. @@ -425,7 +420,7 @@ $republishTarget = $dom->createElementNS('http://eduid.cz/schema/metadata/1.0', $republishRequest->appendChild($republishTarget); $ext = [new \SAML2\XML\Chunk($republishRequest)]; -$metadata['__DYNAMIC:1__'] = [ +$metadata['urn:x-simplesamlphp:example-idp'] = [ 'host' => '__DEFAULT__', 'certificate' => 'example.org.crt', 'privatekey' => 'example.org.pem', diff --git a/metadata-templates/saml20-idp-hosted.php b/metadata-templates/saml20-idp-hosted.php index 79dc926d6a8fc2fcdabf826ddbcdb935c47b23d0..bcc7aeaf6912967c06fe4374defe1f18dcea9ab7 100644 --- a/metadata-templates/saml20-idp-hosted.php +++ b/metadata-templates/saml20-idp-hosted.php @@ -6,7 +6,7 @@ * See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-hosted */ -$metadata['__DYNAMIC:1__'] = [ +$metadata['urn:x-simplesamlphp:idp'] = [ /* * The hostname of the server (VHOST) that will use this SAML entity. * diff --git a/modules/core/docs/authproc_targetedid.md b/modules/core/docs/authproc_targetedid.md index a73fbd4a4c99a7bdd66dbaf20f807f46459016a2..deb00c725499af42be9d36c73625ce2e8bba741b 100644 --- a/modules/core/docs/authproc_targetedid.md +++ b/modules/core/docs/authproc_targetedid.md @@ -34,7 +34,7 @@ A custom attribute: Internet2 compatible `eduPersontargetedID`: /* In saml20-idp-hosted.php. */ - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:example-idp'] = [ 'host' => '__DEFAULT__', 'auth' => 'example-static', diff --git a/modules/saml/docs/keyrollover.md b/modules/saml/docs/keyrollover.md index 0bc9891bb690ff7aad5581f3d0abba7ef9623659..e211960c8619a4b7668b1d796c7b4b935240436a 100644 --- a/modules/saml/docs/keyrollover.md +++ b/modules/saml/docs/keyrollover.md @@ -48,7 +48,7 @@ In `config/authsources.php`: In `metadata/saml20-idp-hosted.php`: - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:idp'] = [ 'host' => '__DEFAULT__', 'auth' => 'example-userpass', 'privatekey' => 'old.pem', @@ -96,7 +96,7 @@ In `config/authsources.php`: In `metadata/saml20-idp-hosted.php`: - $metadata['__DYNAMIC:1__'] = [ + $metadata['urn:x-simplesamlphp:idp'] = [ 'host' => '__DEFAULT__', 'auth' => 'example-userpass', 'certificate' => 'new.crt', diff --git a/src/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php b/src/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php index bbd5d99e3a7b2c8d1dcd11b77d2cf7901659e1d4..249d4a4346a96a04142029871b73aa2c7e40aa5b 100644 --- a/src/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php +++ b/src/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php @@ -159,16 +159,10 @@ class MetaDataStorageHandlerPdo extends MetaDataStorageSource } $tableName = $this->getTableName($set); - - // according to the docs, it looks like *-idp-hosted metadata are the types - // that allow the __DYNAMIC:*__ entity id. with the current table design - // we need to lookup the specific metadata entry but also we need to lookup - // any dynamic entries to see if the dynamic hosted entity id matches if (substr($set, -10) == 'idp-hosted') { $stmt = $this->db->read( - "SELECT entity_id, entity_data FROM {$tableName} " - . "WHERE (entity_id LIKE :dynamicId OR entity_id = :entityId)", - ['dynamicId' => '__DYNAMIC%', 'entityId' => $entityId] + "SELECT entity_id, entity_data FROM {$tableName} WHERE (entity_id LIKE :entityId)", + ['entityId' => $entityId] ); } else { // other metadata types should be able to match on entity id diff --git a/src/SimpleSAML/Metadata/MetaDataStorageSource.php b/src/SimpleSAML/Metadata/MetaDataStorageSource.php index 2d3fc0246ec857409df66637fd2ebc69b18eba41..6f2864ca9d9a611c3fc9cdc684616f3e3788cc32 100644 --- a/src/SimpleSAML/Metadata/MetaDataStorageSource.php +++ b/src/SimpleSAML/Metadata/MetaDataStorageSource.php @@ -349,9 +349,8 @@ abstract class MetaDataStorageSource /** - * Updates the metadata entry's entity id and returns the modified array. If the entity id is __DYNAMIC:*__ a - * the current url is assigned. If it is explicit the entityid array key is updated to the entityId that was - * provided. + * Updates the metadata entry's entity id and returns the modified array. + * If it is explicit the entityid array key is updated to the entityId that was provided. * * @param string $metadataSet a metadata set (saml20-idp-hosted, saml20-sp-remote, etc) * @param string $entityId the entity id we are modifying @@ -362,16 +361,9 @@ abstract class MetaDataStorageSource */ protected function updateEntityID(string $metadataSet, string $entityId, array $metadataEntry): array { + // set the entityid metadata array key to the provided entity id $modifiedMetadataEntry = $metadataEntry; - - // generate a dynamic hosted url - if (preg_match('/__DYNAMIC(:[0-9]+)?__/', $entityId)) { - $modifiedMetadataEntry['entityid'] = $this->getDynamicHostedUrl($metadataSet); - } else { - // set the entityid metadata array key to the provided entity id - $modifiedMetadataEntry['entityid'] = $entityId; - } - + $modifiedMetadataEntry['entityid'] = $entityId; return $modifiedMetadataEntry; } }