Skip to content
Snippets Groups Projects
Commit 931c8c01 authored by Olav Morken's avatar Olav Morken
Browse files

saml: Move sourceid into AssertionConsumerService url. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1782 44740490-163a-0410-bde0-09ae8108e29a
parent 6891e33b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/saml/lib/Auth/Source/SP.php
+ 2
2
View file @ 931c8c01
...@@ -149,7 +149,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { ...@@ -149,7 +149,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml1'); $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml1');
$ar->setRelayState($id); $ar->setRelayState($id);
$url = $ar->createRedirect($idpEntityId, SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php')); $url = $ar->createRedirect($idpEntityId, SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId));
SimpleSAML_Logger::debug('Starting SAML 1 SSO to ' . var_export($idpEntityId, TRUE) . SimpleSAML_Logger::debug('Starting SAML 1 SSO to ' . var_export($idpEntityId, TRUE) .
' from ' . var_export($this->entityId, TRUE) . '.'); ' from ' . var_export($this->entityId, TRUE) . '.');
...@@ -167,7 +167,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { ...@@ -167,7 +167,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
$ar = sspmod_saml2_Message::buildAuthnRequest($this->metadata, $idpMetadata); $ar = sspmod_saml2_Message::buildAuthnRequest($this->metadata, $idpMetadata);
$ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php')); $ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId));
$ar->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST); $ar->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml2'); $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml2');
......
modules/saml/www/sp/metadata.php
+ 4
4
View file @ 931c8c01
...@@ -17,22 +17,22 @@ if (!($source instanceof sspmod_saml_Auth_Source_SP)) { ...@@ -17,22 +17,22 @@ if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
$entityId = $source->getEntityId(); $entityId = $source->getEntityId();
$metaArray11 = array( $metaArray11 = array(
'AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php'), 'AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/' . $sourceId),
); );
$spconfig = $source->getMetadata(); $spconfig = $source->getMetadata();
if ($spconfig->getBoolean('saml11.binding.artifact.enable', FALSE)) { if ($spconfig->getBoolean('saml11.binding.artifact.enable', FALSE)) {
$metaArray11['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/artifact'); $metaArray11['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/' . $sourceId . '/artifact');
} }
$metaArray20 = array( $metaArray20 = array(
'AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php'), 'AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $sourceId),
'SingleLogoutService' => SimpleSAML_Module::getModuleURL('saml/sp/saml2-logout.php/' . $sourceId), 'SingleLogoutService' => SimpleSAML_Module::getModuleURL('saml/sp/saml2-logout.php/' . $sourceId),
); );
if ($spconfig->getBoolean('saml20.binding.artifact.enable', FALSE)) { if ($spconfig->getBoolean('saml20.binding.artifact.enable', FALSE)) {
$metaArray20['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php'); $metaArray20['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $sourceId);
} }
$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig->toArray()); $certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig->toArray());
......
modules/saml/www/sp/saml1-acs.php
+ 12
9
View file @ 931c8c01
...@@ -8,19 +8,22 @@ if (!array_key_exists('TARGET', $_REQUEST)) { ...@@ -8,19 +8,22 @@ if (!array_key_exists('TARGET', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing TARGET parameter.'); throw new SimpleSAML_Error_BadRequest('Missing TARGET parameter.');
} }
$sourceId = $_SERVER['PATH_INFO'];
$end = strpos($sourceId, '/', 1);
if ($end === FALSE) {
$end = strlen($sourceId);
}
$sourceId = substr($sourceId, 1, $end - 1);
$source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP');
$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:ssosent-saml1'); $state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:ssosent-saml1');
/* Find authentication source. */ /* Check that the authentication source is correct. */
assert('array_key_exists("saml:sp:AuthId", $state)'); assert('array_key_exists("saml:sp:AuthId", $state)');
$sourceId = $state['saml:sp:AuthId']; if ($state['saml:sp:AuthId'] !== $sourceId) {
throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
$source = SimpleSAML_Auth_Source::getById($sourceId);
if ($source === NULL) {
throw new SimpleSAML_Error_Exception('Could not find authentication source with id ' . $sourceId);
}
if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
throw new SimpleSAML_Error_Exception('Source type changed?');
} }
$idpEntityId = $state['saml:idp']; $idpEntityId = $state['saml:idp'];
......
modules/saml/www/sp/saml2-acs.php
+ 6
9
View file @ 931c8c01
...@@ -4,6 +4,9 @@ ...@@ -4,6 +4,9 @@
* Assertion consumer service handler for SAML 2.0 SP authentication client. * Assertion consumer service handler for SAML 2.0 SP authentication client.
*/ */
$sourceId = substr($_SERVER['PATH_INFO'], 1);
$source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP');
$b = SAML2_Binding::getCurrentBinding(); $b = SAML2_Binding::getCurrentBinding();
$response = $b->receive(); $response = $b->receive();
if (!($response instanceof SAML2_Response)) { if (!($response instanceof SAML2_Response)) {
...@@ -17,16 +20,10 @@ if (empty($relayState)) { ...@@ -17,16 +20,10 @@ if (empty($relayState)) {
$state = SimpleSAML_Auth_State::loadState($relayState, 'saml:sp:ssosent-saml2'); $state = SimpleSAML_Auth_State::loadState($relayState, 'saml:sp:ssosent-saml2');
/* Find authentication source. */ /* Check that the authentication source is correct. */
assert('array_key_exists("saml:sp:AuthId", $state)'); assert('array_key_exists("saml:sp:AuthId", $state)');
$sourceId = $state['saml:sp:AuthId']; if ($state['saml:sp:AuthId'] !== $sourceId) {
throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
$source = SimpleSAML_Auth_Source::getById($sourceId);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $sourceId);
}
if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
throw new SimpleSAML_Error_Exception('Source type changed?');
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment