diff --git a/docs/source/simplesamlphp-sp.xml b/docs/source/simplesamlphp-sp.xml
index fc578b10ca129b98b5ef2afdd39401b23c48a62d..bdf9f16453936202419eb07ed4ee6d0686c37814 100644
--- a/docs/source/simplesamlphp-sp.xml
+++ b/docs/source/simplesamlphp-sp.xml
@@ -644,7 +644,7 @@ $session = SimpleSAML_Session::getInstance(true);</programlisting>
<programlisting>/* Check if valid local session exists.. */
if (!isset($session) || !$session->isValid('saml2') ) {
SimpleSAML_Utilities::redirect(
- '/' . $config->getValue('baseurlpath') .
+ '/' . $config->getBaseURL() .
'saml2/sp/initSSO.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php
index 713a797379902ed197b222e11822c382cf4a9bb4..7178606ec2b29c572826f412400b80784f8a7c08 100644
--- a/lib/SimpleSAML/Configuration.php
+++ b/lib/SimpleSAML/Configuration.php
@@ -58,6 +58,13 @@ class SimpleSAML_Configuration {
return $this->configuration[$name];
}
+
+ public function getBaseURL() {
+ if (preg_match('/^\*(.*)$/', $this->getValue('baseurlpath', ''), $matches)) {
+ return SimpleSAML_Utilities::getFirstPathElement(false) . $matches[1];
+ }
+ return $this->getValue('baseurlpath', '');
+ }
/* Retrieve the base directory for this simpleSAMLphp installation.
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php
index e80ca42bfa1404b781a90bb619e20f0c903d453d..001aecd91e2c55e4773503d827d9be786ef2f26d 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php
@@ -109,8 +109,7 @@ abstract class SimpleSAML_Metadata_MetaDataStorageHandler {
assert($config instanceof SimpleSAML_Configuration);
$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' .
- $config->getValue('baseurlpath');
-
+ $config->getBaseURL();
if ($set == 'saml20-sp-hosted') {
switch ($property) {
@@ -164,7 +163,8 @@ abstract class SimpleSAML_Metadata_MetaDataStorageHandler {
if (!isset($this->metadata[$set])) {
$this->load($set);
}
- $currenthost = $_SERVER['HTTP_HOST'];
+ $currenthost = SimpleSAML_Utilities::getSelfHost(); // sp.example.org
+ $currenthostwithpath = SimpleSAML_Utilities::getSelfHostWithPath(); // sp.example.org/university
if(strstr($currenthost, ":")) {
$currenthostdecomposed = explode(":", $currenthost);
@@ -177,11 +177,12 @@ abstract class SimpleSAML_Metadata_MetaDataStorageHandler {
if (!isset($currenthost)) {
throw new Exception('Could not get HTTP_HOST, in order to resolve default entity ID');
}
- if (!isset($this->hostmap[$set][$currenthost])) {
- throw new Exception('Could not find any default metadata entities in set [' . $set . '] for host [' . $currenthost . ']');
- }
- if (!$this->hostmap[$set][$currenthost]) throw new Exception('Could not find default metadata for current host');
- return $this->hostmap[$set][$currenthost];
+
+
+ if (isset($this->hostmap[$set][$currenthostwithpath])) return $this->hostmap[$set][$currenthostwithpath];
+ if (isset($this->hostmap[$set][$currenthost])) return $this->hostmap[$set][$currenthost];
+
+ throw new Exception('Could not find any default metadata entities in set [' . $set . '] for host [' . $currenthost . ' : ' . $currenthostwithpath . ']');
}
abstract public function load($set);
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 7762f9f9b12088a46950d9b854c017b8dc17d9c4..a1aaf897fbc292a1d8e67396e19c965be3abd619 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -14,7 +14,9 @@ require_once('SimpleSAML/Logger.php');
class SimpleSAML_Utilities {
-
+ /**
+ * Will return sp.example.org
+ */
public static function getSelfHost() {
$currenthost = $_SERVER['HTTP_HOST'];
@@ -22,9 +24,12 @@ class SimpleSAML_Utilities {
$currenthostdecomposed = explode(":", $currenthost);
$currenthost = $currenthostdecomposed[0];
}
- return $currenthost;
+ return $currenthost;# . self::getFirstPathElement() ;
}
+ /**
+ * Will return https
+ */
public static function getSelfProtocol() {
$s = empty($_SERVER["HTTPS"]) ? ''
: ($_SERVER["HTTPS"] == "on") ? "s"
@@ -33,6 +38,9 @@ class SimpleSAML_Utilities {
return $protocol;
}
+ /**
+ * Will return https://sp.example.org
+ */
public static function selfURLhost() {
$currenthost = self::getSelfHost();
@@ -52,18 +60,62 @@ class SimpleSAML_Utilities {
}
-
-
+ /**
+ * Will return https://sp.example.org/universities/ruc/baz/simplesaml/saml2/SSOService.php
+ */
public static function selfURLNoQuery() {
$selfURLhost = self::selfURLhost();
- return $selfURLhost . $_SERVER['SCRIPT_NAME'];
+ return $selfURLhost . self::getScriptName();
+
+ }
+ public static function getScriptName() {
+ $scriptname = $_SERVER['SCRIPT_NAME'];
+ if (preg_match('|^/.*?(/.*)$|', $_SERVER['SCRIPT_NAME'], $matches)) {
+ #$scriptname = $matches[1];
+ }
+ return $scriptname;
}
+
+
+ /**
+ * Will return sp.example.org/foo
+ */
+ public static function getSelfHostWithPath() {
+
+ $selfhostwithpath = self::getSelfHost();
+ if (preg_match('|^(/.*?)/|', $_SERVER['SCRIPT_NAME'], $matches)) {
+ $selfhostwithpath .= $matches[1];
+ }
+ return $selfhostwithpath;
+
+ }
+
+ /**
+ * Will return foo
+ */
+ public static function getFirstPathElement($trailingslash = true) {
+
+ if (preg_match('|^/(.*?)/|', $_SERVER['SCRIPT_NAME'], $matches)) {
+ return ($trailingslash ? '/' : '') . $matches[1];
+ }
+ return '';
+ }
+
public static function selfURL() {
$selfURLhost = self::selfURLhost();
- return $selfURLhost . $_SERVER['REQUEST_URI'];
+ return $selfURLhost . self::getRequestURI();
+ }
+
+ public static function getRequestURI() {
+
+ $requesturi = $_SERVER['REQUEST_URI'];
+ if (preg_match('|^/.*?(/.*)$|', $_SERVER['REQUEST_URI'], $matches)) {
+ #$requesturi = $matches[1];
+ }
+ return $requesturi;
}
public static function addURLparameter($url, $parameter) {
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index 742882de397f1bd6039c055eb520af43524194ce..d4acfa022479861a2320ed723b98efcd4aa49a78 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -24,7 +24,7 @@ class SimpleSAML_XHTML_Template {
$this->configuration = $configuration;
$this->template = $template;
- $this->data['baseurlpath'] = $this->configuration->getValue('baseurlpath');
+ $this->data['baseurlpath'] = $this->configuration->getBaseURL();
if (!empty($languagefile)) $this->includeLanguageFile($languagefile);
}
diff --git a/www/admin/memcachestat.php b/www/admin/memcachestat.php
index c13653857f816950dcbf90fe3d3ff02eb45b5b81..bbe1441eda70a4229fe3a809c292ea31f9f2343b 100644
--- a/www/admin/memcachestat.php
+++ b/www/admin/memcachestat.php
@@ -15,7 +15,7 @@ try {
/* Make sure that the user has admin access rights. */
if (!isset($session) || !$session->isValid('login-admin') ) {
- SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
+ SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
}
diff --git a/www/admin/metadata.php b/www/admin/metadata.php
index d6f1761eae1fa4b0d1f6bd536b87a7727d1809e4..a40491f2cb63786d3f2139f6379f428d87edebc7 100644
--- a/www/admin/metadata.php
+++ b/www/admin/metadata.php
@@ -14,7 +14,7 @@ $session = SimpleSAML_Session::getInstance(true);
/* Check if valid local session exists.. */
if (!isset($session) || !$session->isValid('login-admin') ) {
- SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
+ SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
}
diff --git a/www/admin/test.php b/www/admin/test.php
index 285236d6d613132f57926f4f1d6074acf2dcc868..bbdde5f571ecf7b74c349a6ea8eb1be196146577 100644
--- a/www/admin/test.php
+++ b/www/admin/test.php
@@ -94,9 +94,9 @@ if ($op === 'login') {
}
if($protocol === 'saml2') {
- $url = '/' . $config->getValue('baseurlpath') . 'saml2/sp/initSSO.php';
+ $url = '/' . $config->getBaseURL() . 'saml2/sp/initSSO.php';
} elseif($protocol === 'shib13') {
- $url = '/' . $config->getValue('baseurlpath') . 'shib13/sp/initSSO.php';
+ $url = '/' . $config->getBaseURL() . 'shib13/sp/initSSO.php';
} else {
error('Unable to log in with protocol "' . $protocol . '".');
}
@@ -133,7 +133,7 @@ if ($op === 'login') {
}
if ($protocol === 'saml2') {
- $url = '/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php';
+ $url = '/' . $config->getBaseURL() . 'saml2/sp/initSLO.php';
} else {
error('Logout unsupported for protocol "' . $protocol . '".');
}
diff --git a/www/aselect/handler.php b/www/aselect/handler.php
index 795456eed71280d3cafddb580aea93aba51c9eb4..448bec0d0e6745446698997522226693c2de31ab 100644
--- a/www/aselect/handler.php
+++ b/www/aselect/handler.php
@@ -71,11 +71,11 @@ $as_metadata = array(
'authsp' => 'simpleSAMLphp',
'app_level' => '10',
'tgt_exp_time' => '1194590521000',
-# 'auth' => '/' . $config->getValue('baseurlpath') . '/auth/login.php',
-# 'logout' => '/' . $config->getValue('baseurlpath') . 'logout.html',
- 'auth' => '/' . $config->getValue('baseurlpath') . '/saml2/sp/initSSO.php',
- 'logout' => '/' . $config->getValue('baseurlpath') . '/saml2/sp/initSLO.php',
- 'loggedout_url' => '/' . $config->getValue('baseurlpath') . 'logout.html',
+# 'auth' => '/' . $config->getBaseURL() . '/auth/login.php',
+# 'logout' => '/' . $config->getBaseURL() . 'logout.html',
+ 'auth' => '/' . $config->getBaseURL() . '/saml2/sp/initSSO.php',
+ 'logout' => '/' . $config->getBaseURL() . '/saml2/sp/initSLO.php',
+ 'loggedout_url' => '/' . $config->getBaseURL() . 'logout.html',
),
'remote' => array(
// so far the IDP bridging is statically configured to the first one in
diff --git a/www/example-simple/hostnames.php b/www/example-simple/hostnames.php
index ca049c204087a253c5506d9187a6f5ba82621fbf..325314f6a00ec259b8de20a8cf690bb97a5b85a4 100644
--- a/www/example-simple/hostnames.php
+++ b/www/example-simple/hostnames.php
@@ -17,7 +17,7 @@ $session = SimpleSAML_Session::getInstance(true);
/* Check if valid local session exists.. */
if (!isset($session) || !$session->isValid('login-admin') ) {
- SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
+ SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
}
@@ -31,6 +31,7 @@ $attributes = array();
$attributes['selfURLhost'] = array(SimpleSAML_Utilities::selfURLhost());
$attributes['selfURLNoQuery'] = array(SimpleSAML_Utilities::selfURLNoQuery());
$attributes['selfURL'] = array(SimpleSAML_Utilities::selfURL());
+$attributes['selfHostWithPath'] = array(SimpleSAML_Utilities::getSelfHostWithPath());
$attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']);
$attributes['HTTPS'] = array($_SERVER['HTTPS']);
diff --git a/www/example-simple/saml2-example.php b/www/example-simple/saml2-example.php
index c483c0eb10ca8b4d657a343116ddde325658dfb3..de07c4c4cc5bef6bf061d89a3264dc7ce42e8536 100644
--- a/www/example-simple/saml2-example.php
+++ b/www/example-simple/saml2-example.php
@@ -40,7 +40,7 @@ $session = SimpleSAML_Session::getInstance(TRUE);
*/
if (!$session->isValid('saml2') ) {
SimpleSAML_Utilities::redirect(
- '/' . $config->getValue('baseurlpath') . 'saml2/sp/initSSO.php',
+ '/' . $config->getBaseURL() . 'saml2/sp/initSSO.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
}
@@ -57,15 +57,15 @@ $attributes = $session->getAttributes();
*
*/
-$t = new SimpleSAML_XHTML_Template($config, 'status.php');
+$t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes.php');
$t->data['header'] = 'SAML 2.0 SP Demo Example';
$t->data['remaining'] = $session->remainingTime();
$t->data['sessionsize'] = $session->getSize();
$t->data['attributes'] = $attributes;
$t->data['icon'] = 'bino.png';
-$t->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=/' .
- $config->getValue('baseurlpath') . 'logout.html">Logout</a> ]';
+$t->data['logout'] = '<p>[ <a href="/' . $config->getBaseURL() . 'saml2/sp/initSLO.php?RelayState=/' .
+ $config->getBaseURL() . 'logout.html">Logout</a> ]';
$t->show();
diff --git a/www/example-simple/shib13-example.php b/www/example-simple/shib13-example.php
index d70950f477b4fa0a77b7cd22197cb7ed7aeb8a82..c9876c696270327dd0232fc585cff6136d917dcf 100644
--- a/www/example-simple/shib13-example.php
+++ b/www/example-simple/shib13-example.php
@@ -40,7 +40,7 @@ $session = SimpleSAML_Session::getInstance(TRUE);
*/
if (!isset($session) || !$session->isValid('shib13') ) {
SimpleSAML_Utilities::redirect(
- '/' . $config->getValue('baseurlpath') . 'shib13/sp/initSSO.php',
+ '/' . $config->getBaseURL() . 'shib13/sp/initSSO.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
}
diff --git a/www/index.php b/www/index.php
index ef77bc18e1f22a7a51e65fe822ada3db8500adf3..e8622423679c9cb3aea52fd7c9aedbd4ad964aaa 100644
--- a/www/index.php
+++ b/www/index.php
@@ -15,7 +15,7 @@ $session = SimpleSAML_Session::getInstance(true);
/* Check if valid local session exists.. */
if ($config->getValue('admin.protectindexpage', false)) {
if (!isset($session) || !$session->isValid('login-admin') ) {
- SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
+ SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
}
diff --git a/www/openid/provider/server.php b/www/openid/provider/server.php
index bf5e40534764e531bf22d68d1f827e2a7d660cee..0a16ab51b608ec10b3258d32ae130430d1a4618d 100644
--- a/www/openid/provider/server.php
+++ b/www/openid/provider/server.php
@@ -112,7 +112,7 @@ function action_default()
$relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RelayState=' . urlencode($_GET['RelayState']) .
'&RequestID=' . urlencode($requestid);
- $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'],
+ $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getBaseURL() . $idpmeta['auth'],
'RelayState=' . urlencode($relaystate));
$t->data['initssourl'] = $authurl;
@@ -230,7 +230,7 @@ function check_authenticated_user() {
$relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '/login';
- $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'],
+ $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getBaseURL() . $idpmeta['auth'],
'RelayState=' . urlencode($relaystate));
SimpleSAML_Utilities::redirect($authurl);
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index e5e5dd04f0b41fc8d4de74c2a1e492f24f650d6f..8515634a646e0f812c38332d3ab720836cc567b7 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -132,7 +132,7 @@ if (!isset($session) || !$session->isValid($authority) ) {
$relaystate = SimpleSAML_Utilities::selfURLNoQuery() .
'?RequestID=' . urlencode($requestid);
- $authurl = '/' . $config->getValue('baseurlpath') . $idpmetadata['auth'];
+ $authurl = '/' . $config->getBaseURL() . $idpmetadata['auth'];
SimpleSAML_Utilities::redirect($authurl,
array('RelayState' => $relaystate));
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index 05ff903c73d4dd184670c1808702b7bffcd6cbaf..bdf02af69ad68c062374cbb2545033fba683a7c1 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -222,7 +222,7 @@ if ($config->getValue('debug', false))
* initiate SAML 2.0 SP Single LogOut, with the RelayState equal this URL.
*/
if ($session->getAuthority() == 'saml2') {
- SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php',
+ SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php',
array('RelayState' => SimpleSAML_Utilities::selfURLNoQuery())
);
}
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
index c26210b16f4f80b7050545e3d83052c19ee13c3f..b8716f84fc86cecec450ad7e93301116f2a753e6 100644
--- a/www/saml2/sp/initSSO.php
+++ b/www/saml2/sp/initSSO.php
@@ -47,7 +47,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
$returnURL = urlencode(SimpleSAML_Utilities::selfURL());
- $discservice = '/' . $config->getValue('baseurlpath') . 'saml2/sp/idpdisco.php?entityID=' . $spentityid .
+ $discservice = '/' . $config->getBaseURL() . 'saml2/sp/idpdisco.php?entityID=' . $spentityid .
'&return=' . $returnURL . '&returnIDParam=idpentityid';
SimpleSAML_Utilities::redirect($discservice);
}
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index db38d9d011e740bcbe8390eefc407aaa236adade..15216908a94bb1881af3fd5bcc227040dce02f26 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -122,7 +122,7 @@ $authority = isset($idpmetadata['authority']) ? $idpmetadata['authority'] : null
if (!$session->isAuthenticated($authority) ) {
$relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid);
- $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmetadata['auth'],
+ $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getBaseURL() . $idpmetadata['auth'],
'RelayState=' . urlencode($relaystate));
SimpleSAML_Utilities::redirect($authurl);
diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php
index bc7ec229dbcb6915ea23402fde5c7650f87645ee..6b3dba0c7786c291334c2b65761fe76c8e927995 100644
--- a/www/shib13/sp/initSSO.php
+++ b/www/shib13/sp/initSSO.php
@@ -49,7 +49,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: No chosen or default IdP, go to Shib13disco');
$returnURL = urlencode(SimpleSAML_Utilities::selfURL());
- $discservice = '/' . $config->getValue('baseurlpath') . 'shib13/sp/idpdisco.php?entityID=' . $spentityid .
+ $discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php?entityID=' . $spentityid .
'&return=' . $returnURL . '&returnIDParam=idpentityid';
SimpleSAML_Utilities::redirect($discservice);