diff --git a/docs/source/simplesamlphp-sp.xml b/docs/source/simplesamlphp-sp.xml index fc578b10ca129b98b5ef2afdd39401b23c48a62d..bdf9f16453936202419eb07ed4ee6d0686c37814 100644 --- a/docs/source/simplesamlphp-sp.xml +++ b/docs/source/simplesamlphp-sp.xml @@ -644,7 +644,7 @@ $session = SimpleSAML_Session::getInstance(true);</programlisting> <programlisting>/* Check if valid local session exists.. */ if (!isset($session) || !$session->isValid('saml2') ) { SimpleSAML_Utilities::redirect( - '/' . $config->getValue('baseurlpath') . + '/' . $config->getBaseURL() . 'saml2/sp/initSSO.php', array('RelayState' => SimpleSAML_Utilities::selfURL()) ); diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php index 713a797379902ed197b222e11822c382cf4a9bb4..7178606ec2b29c572826f412400b80784f8a7c08 100644 --- a/lib/SimpleSAML/Configuration.php +++ b/lib/SimpleSAML/Configuration.php @@ -58,6 +58,13 @@ class SimpleSAML_Configuration { return $this->configuration[$name]; } + + public function getBaseURL() { + if (preg_match('/^\*(.*)$/', $this->getValue('baseurlpath', ''), $matches)) { + return SimpleSAML_Utilities::getFirstPathElement(false) . $matches[1]; + } + return $this->getValue('baseurlpath', ''); + } /* Retrieve the base directory for this simpleSAMLphp installation. diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php index e80ca42bfa1404b781a90bb619e20f0c903d453d..001aecd91e2c55e4773503d827d9be786ef2f26d 100644 --- a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php +++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php @@ -109,8 +109,7 @@ abstract class SimpleSAML_Metadata_MetaDataStorageHandler { assert($config instanceof SimpleSAML_Configuration); $baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . - $config->getValue('baseurlpath'); - + $config->getBaseURL(); if ($set == 'saml20-sp-hosted') { switch ($property) { @@ -164,7 +163,8 @@ abstract class SimpleSAML_Metadata_MetaDataStorageHandler { if (!isset($this->metadata[$set])) { $this->load($set); } - $currenthost = $_SERVER['HTTP_HOST']; + $currenthost = SimpleSAML_Utilities::getSelfHost(); // sp.example.org + $currenthostwithpath = SimpleSAML_Utilities::getSelfHostWithPath(); // sp.example.org/university if(strstr($currenthost, ":")) { $currenthostdecomposed = explode(":", $currenthost); @@ -177,11 +177,12 @@ abstract class SimpleSAML_Metadata_MetaDataStorageHandler { if (!isset($currenthost)) { throw new Exception('Could not get HTTP_HOST, in order to resolve default entity ID'); } - if (!isset($this->hostmap[$set][$currenthost])) { - throw new Exception('Could not find any default metadata entities in set [' . $set . '] for host [' . $currenthost . ']'); - } - if (!$this->hostmap[$set][$currenthost]) throw new Exception('Could not find default metadata for current host'); - return $this->hostmap[$set][$currenthost]; + + + if (isset($this->hostmap[$set][$currenthostwithpath])) return $this->hostmap[$set][$currenthostwithpath]; + if (isset($this->hostmap[$set][$currenthost])) return $this->hostmap[$set][$currenthost]; + + throw new Exception('Could not find any default metadata entities in set [' . $set . '] for host [' . $currenthost . ' : ' . $currenthostwithpath . ']'); } abstract public function load($set); diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php index 7762f9f9b12088a46950d9b854c017b8dc17d9c4..a1aaf897fbc292a1d8e67396e19c965be3abd619 100644 --- a/lib/SimpleSAML/Utilities.php +++ b/lib/SimpleSAML/Utilities.php @@ -14,7 +14,9 @@ require_once('SimpleSAML/Logger.php'); class SimpleSAML_Utilities { - + /** + * Will return sp.example.org + */ public static function getSelfHost() { $currenthost = $_SERVER['HTTP_HOST']; @@ -22,9 +24,12 @@ class SimpleSAML_Utilities { $currenthostdecomposed = explode(":", $currenthost); $currenthost = $currenthostdecomposed[0]; } - return $currenthost; + return $currenthost;# . self::getFirstPathElement() ; } + /** + * Will return https + */ public static function getSelfProtocol() { $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" @@ -33,6 +38,9 @@ class SimpleSAML_Utilities { return $protocol; } + /** + * Will return https://sp.example.org + */ public static function selfURLhost() { $currenthost = self::getSelfHost(); @@ -52,18 +60,62 @@ class SimpleSAML_Utilities { } - - + /** + * Will return https://sp.example.org/universities/ruc/baz/simplesaml/saml2/SSOService.php + */ public static function selfURLNoQuery() { $selfURLhost = self::selfURLhost(); - return $selfURLhost . $_SERVER['SCRIPT_NAME']; + return $selfURLhost . self::getScriptName(); + + } + public static function getScriptName() { + $scriptname = $_SERVER['SCRIPT_NAME']; + if (preg_match('|^/.*?(/.*)$|', $_SERVER['SCRIPT_NAME'], $matches)) { + #$scriptname = $matches[1]; + } + return $scriptname; } + + + /** + * Will return sp.example.org/foo + */ + public static function getSelfHostWithPath() { + + $selfhostwithpath = self::getSelfHost(); + if (preg_match('|^(/.*?)/|', $_SERVER['SCRIPT_NAME'], $matches)) { + $selfhostwithpath .= $matches[1]; + } + return $selfhostwithpath; + + } + + /** + * Will return foo + */ + public static function getFirstPathElement($trailingslash = true) { + + if (preg_match('|^/(.*?)/|', $_SERVER['SCRIPT_NAME'], $matches)) { + return ($trailingslash ? '/' : '') . $matches[1]; + } + return ''; + } + public static function selfURL() { $selfURLhost = self::selfURLhost(); - return $selfURLhost . $_SERVER['REQUEST_URI']; + return $selfURLhost . self::getRequestURI(); + } + + public static function getRequestURI() { + + $requesturi = $_SERVER['REQUEST_URI']; + if (preg_match('|^/.*?(/.*)$|', $_SERVER['REQUEST_URI'], $matches)) { + #$requesturi = $matches[1]; + } + return $requesturi; } public static function addURLparameter($url, $parameter) { diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php index 742882de397f1bd6039c055eb520af43524194ce..d4acfa022479861a2320ed723b98efcd4aa49a78 100644 --- a/lib/SimpleSAML/XHTML/Template.php +++ b/lib/SimpleSAML/XHTML/Template.php @@ -24,7 +24,7 @@ class SimpleSAML_XHTML_Template { $this->configuration = $configuration; $this->template = $template; - $this->data['baseurlpath'] = $this->configuration->getValue('baseurlpath'); + $this->data['baseurlpath'] = $this->configuration->getBaseURL(); if (!empty($languagefile)) $this->includeLanguageFile($languagefile); } diff --git a/www/admin/memcachestat.php b/www/admin/memcachestat.php index c13653857f816950dcbf90fe3d3ff02eb45b5b81..bbe1441eda70a4229fe3a809c292ea31f9f2343b 100644 --- a/www/admin/memcachestat.php +++ b/www/admin/memcachestat.php @@ -15,7 +15,7 @@ try { /* Make sure that the user has admin access rights. */ if (!isset($session) || !$session->isValid('login-admin') ) { - SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php', + SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php', array('RelayState' => SimpleSAML_Utilities::selfURL()) ); } diff --git a/www/admin/metadata.php b/www/admin/metadata.php index d6f1761eae1fa4b0d1f6bd536b87a7727d1809e4..a40491f2cb63786d3f2139f6379f428d87edebc7 100644 --- a/www/admin/metadata.php +++ b/www/admin/metadata.php @@ -14,7 +14,7 @@ $session = SimpleSAML_Session::getInstance(true); /* Check if valid local session exists.. */ if (!isset($session) || !$session->isValid('login-admin') ) { - SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php', + SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php', array('RelayState' => SimpleSAML_Utilities::selfURL()) ); } diff --git a/www/admin/test.php b/www/admin/test.php index 285236d6d613132f57926f4f1d6074acf2dcc868..bbdde5f571ecf7b74c349a6ea8eb1be196146577 100644 --- a/www/admin/test.php +++ b/www/admin/test.php @@ -94,9 +94,9 @@ if ($op === 'login') { } if($protocol === 'saml2') { - $url = '/' . $config->getValue('baseurlpath') . 'saml2/sp/initSSO.php'; + $url = '/' . $config->getBaseURL() . 'saml2/sp/initSSO.php'; } elseif($protocol === 'shib13') { - $url = '/' . $config->getValue('baseurlpath') . 'shib13/sp/initSSO.php'; + $url = '/' . $config->getBaseURL() . 'shib13/sp/initSSO.php'; } else { error('Unable to log in with protocol "' . $protocol . '".'); } @@ -133,7 +133,7 @@ if ($op === 'login') { } if ($protocol === 'saml2') { - $url = '/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php'; + $url = '/' . $config->getBaseURL() . 'saml2/sp/initSLO.php'; } else { error('Logout unsupported for protocol "' . $protocol . '".'); } diff --git a/www/aselect/handler.php b/www/aselect/handler.php index 795456eed71280d3cafddb580aea93aba51c9eb4..448bec0d0e6745446698997522226693c2de31ab 100644 --- a/www/aselect/handler.php +++ b/www/aselect/handler.php @@ -71,11 +71,11 @@ $as_metadata = array( 'authsp' => 'simpleSAMLphp', 'app_level' => '10', 'tgt_exp_time' => '1194590521000', -# 'auth' => '/' . $config->getValue('baseurlpath') . '/auth/login.php', -# 'logout' => '/' . $config->getValue('baseurlpath') . 'logout.html', - 'auth' => '/' . $config->getValue('baseurlpath') . '/saml2/sp/initSSO.php', - 'logout' => '/' . $config->getValue('baseurlpath') . '/saml2/sp/initSLO.php', - 'loggedout_url' => '/' . $config->getValue('baseurlpath') . 'logout.html', +# 'auth' => '/' . $config->getBaseURL() . '/auth/login.php', +# 'logout' => '/' . $config->getBaseURL() . 'logout.html', + 'auth' => '/' . $config->getBaseURL() . '/saml2/sp/initSSO.php', + 'logout' => '/' . $config->getBaseURL() . '/saml2/sp/initSLO.php', + 'loggedout_url' => '/' . $config->getBaseURL() . 'logout.html', ), 'remote' => array( // so far the IDP bridging is statically configured to the first one in diff --git a/www/example-simple/hostnames.php b/www/example-simple/hostnames.php index ca049c204087a253c5506d9187a6f5ba82621fbf..325314f6a00ec259b8de20a8cf690bb97a5b85a4 100644 --- a/www/example-simple/hostnames.php +++ b/www/example-simple/hostnames.php @@ -17,7 +17,7 @@ $session = SimpleSAML_Session::getInstance(true); /* Check if valid local session exists.. */ if (!isset($session) || !$session->isValid('login-admin') ) { - SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php', + SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php', array('RelayState' => SimpleSAML_Utilities::selfURL()) ); } @@ -31,6 +31,7 @@ $attributes = array(); $attributes['selfURLhost'] = array(SimpleSAML_Utilities::selfURLhost()); $attributes['selfURLNoQuery'] = array(SimpleSAML_Utilities::selfURLNoQuery()); $attributes['selfURL'] = array(SimpleSAML_Utilities::selfURL()); +$attributes['selfHostWithPath'] = array(SimpleSAML_Utilities::getSelfHostWithPath()); $attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']); $attributes['HTTPS'] = array($_SERVER['HTTPS']); diff --git a/www/example-simple/saml2-example.php b/www/example-simple/saml2-example.php index c483c0eb10ca8b4d657a343116ddde325658dfb3..de07c4c4cc5bef6bf061d89a3264dc7ce42e8536 100644 --- a/www/example-simple/saml2-example.php +++ b/www/example-simple/saml2-example.php @@ -40,7 +40,7 @@ $session = SimpleSAML_Session::getInstance(TRUE); */ if (!$session->isValid('saml2') ) { SimpleSAML_Utilities::redirect( - '/' . $config->getValue('baseurlpath') . 'saml2/sp/initSSO.php', + '/' . $config->getBaseURL() . 'saml2/sp/initSSO.php', array('RelayState' => SimpleSAML_Utilities::selfURL()) ); } @@ -57,15 +57,15 @@ $attributes = $session->getAttributes(); * */ -$t = new SimpleSAML_XHTML_Template($config, 'status.php'); +$t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes.php'); $t->data['header'] = 'SAML 2.0 SP Demo Example'; $t->data['remaining'] = $session->remainingTime(); $t->data['sessionsize'] = $session->getSize(); $t->data['attributes'] = $attributes; $t->data['icon'] = 'bino.png'; -$t->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=/' . - $config->getValue('baseurlpath') . 'logout.html">Logout</a> ]'; +$t->data['logout'] = '<p>[ <a href="/' . $config->getBaseURL() . 'saml2/sp/initSLO.php?RelayState=/' . + $config->getBaseURL() . 'logout.html">Logout</a> ]'; $t->show(); diff --git a/www/example-simple/shib13-example.php b/www/example-simple/shib13-example.php index d70950f477b4fa0a77b7cd22197cb7ed7aeb8a82..c9876c696270327dd0232fc585cff6136d917dcf 100644 --- a/www/example-simple/shib13-example.php +++ b/www/example-simple/shib13-example.php @@ -40,7 +40,7 @@ $session = SimpleSAML_Session::getInstance(TRUE); */ if (!isset($session) || !$session->isValid('shib13') ) { SimpleSAML_Utilities::redirect( - '/' . $config->getValue('baseurlpath') . 'shib13/sp/initSSO.php', + '/' . $config->getBaseURL() . 'shib13/sp/initSSO.php', array('RelayState' => SimpleSAML_Utilities::selfURL()) ); } diff --git a/www/index.php b/www/index.php index ef77bc18e1f22a7a51e65fe822ada3db8500adf3..e8622423679c9cb3aea52fd7c9aedbd4ad964aaa 100644 --- a/www/index.php +++ b/www/index.php @@ -15,7 +15,7 @@ $session = SimpleSAML_Session::getInstance(true); /* Check if valid local session exists.. */ if ($config->getValue('admin.protectindexpage', false)) { if (!isset($session) || !$session->isValid('login-admin') ) { - SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php', + SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php', array('RelayState' => SimpleSAML_Utilities::selfURL()) ); } diff --git a/www/openid/provider/server.php b/www/openid/provider/server.php index bf5e40534764e531bf22d68d1f827e2a7d660cee..0a16ab51b608ec10b3258d32ae130430d1a4618d 100644 --- a/www/openid/provider/server.php +++ b/www/openid/provider/server.php @@ -112,7 +112,7 @@ function action_default() $relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RelayState=' . urlencode($_GET['RelayState']) . '&RequestID=' . urlencode($requestid); - $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'], + $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getBaseURL() . $idpmeta['auth'], 'RelayState=' . urlencode($relaystate)); $t->data['initssourl'] = $authurl; @@ -230,7 +230,7 @@ function check_authenticated_user() { $relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '/login'; - $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'], + $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getBaseURL() . $idpmeta['auth'], 'RelayState=' . urlencode($relaystate)); SimpleSAML_Utilities::redirect($authurl); diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php index e5e5dd04f0b41fc8d4de74c2a1e492f24f650d6f..8515634a646e0f812c38332d3ab720836cc567b7 100644 --- a/www/saml2/idp/SSOService.php +++ b/www/saml2/idp/SSOService.php @@ -132,7 +132,7 @@ if (!isset($session) || !$session->isValid($authority) ) { $relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid); - $authurl = '/' . $config->getValue('baseurlpath') . $idpmetadata['auth']; + $authurl = '/' . $config->getBaseURL() . $idpmetadata['auth']; SimpleSAML_Utilities::redirect($authurl, array('RelayState' => $relaystate)); diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php index 05ff903c73d4dd184670c1808702b7bffcd6cbaf..bdf02af69ad68c062374cbb2545033fba683a7c1 100644 --- a/www/saml2/idp/SingleLogoutService.php +++ b/www/saml2/idp/SingleLogoutService.php @@ -222,7 +222,7 @@ if ($config->getValue('debug', false)) * initiate SAML 2.0 SP Single LogOut, with the RelayState equal this URL. */ if ($session->getAuthority() == 'saml2') { - SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php', + SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php', array('RelayState' => SimpleSAML_Utilities::selfURLNoQuery()) ); } diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php index c26210b16f4f80b7050545e3d83052c19ee13c3f..b8716f84fc86cecec450ad7e93301116f2a753e6 100644 --- a/www/saml2/sp/initSSO.php +++ b/www/saml2/sp/initSSO.php @@ -47,7 +47,7 @@ if (!isset($session) || !$session->isValid('saml2') ) { SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco'); $returnURL = urlencode(SimpleSAML_Utilities::selfURL()); - $discservice = '/' . $config->getValue('baseurlpath') . 'saml2/sp/idpdisco.php?entityID=' . $spentityid . + $discservice = '/' . $config->getBaseURL() . 'saml2/sp/idpdisco.php?entityID=' . $spentityid . '&return=' . $returnURL . '&returnIDParam=idpentityid'; SimpleSAML_Utilities::redirect($discservice); } diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php index db38d9d011e740bcbe8390eefc407aaa236adade..15216908a94bb1881af3fd5bcc227040dce02f26 100644 --- a/www/shib13/idp/SSOService.php +++ b/www/shib13/idp/SSOService.php @@ -122,7 +122,7 @@ $authority = isset($idpmetadata['authority']) ? $idpmetadata['authority'] : null if (!$session->isAuthenticated($authority) ) { $relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid); - $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmetadata['auth'], + $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getBaseURL() . $idpmetadata['auth'], 'RelayState=' . urlencode($relaystate)); SimpleSAML_Utilities::redirect($authurl); diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php index bc7ec229dbcb6915ea23402fde5c7650f87645ee..6b3dba0c7786c291334c2b65761fe76c8e927995 100644 --- a/www/shib13/sp/initSSO.php +++ b/www/shib13/sp/initSSO.php @@ -49,7 +49,7 @@ if (!isset($session) || !$session->isValid('shib13') ) { SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: No chosen or default IdP, go to Shib13disco'); $returnURL = urlencode(SimpleSAML_Utilities::selfURL()); - $discservice = '/' . $config->getValue('baseurlpath') . 'shib13/sp/idpdisco.php?entityID=' . $spentityid . + $discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php?entityID=' . $spentityid . '&return=' . $returnURL . '&returnIDParam=idpentityid'; SimpleSAML_Utilities::redirect($discservice);