diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php index e44f924b7229c240ea2b59a95ff22f70c0f0b8bb..3e78719e15aaf6f542eb5fe3684624a8b327b4f8 100644 --- a/lib/SimpleSAML/IdP.php +++ b/lib/SimpleSAML/IdP.php @@ -199,16 +199,7 @@ class SimpleSAML_IdP { public function getAssociations() { $session = SimpleSAML_Session::getInstance(); - - $associations = $session->getAssociations($this->associationGroup); - - foreach ($associations as &$a) { - if (!isset($a['core:IdP'])) { - $a['core:IdP'] = $this->id; - } - } - - return $associations; + return $session->getAssociations($this->associationGroup); } diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 863f5e0d1c1d6cb64cdf22ac3c7d63172a01cd79..9e6de47bfaec3eaf87cc0ac0d75124691542f643 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -41,8 +41,6 @@ class SimpleSAML_Session { private $sessionindex = null; private $nameid = null; - private $sp_at_idpsessions = array(); - private $authority = null; // Session duration parameters @@ -310,47 +308,6 @@ class SimpleSAML_Session { } - /** - * Get the NameID of the users session to the specified entity. - * - * Deprecated, remove in version 1.7. - * - * @param string $entityType The type of the entity (saml20-sp-remote, shib13-sp-remote, ...). - * @param string $entityId The entity id. - * @return array The name identifier, or NULL if no name identifier is associated with this session. - */ - public function getSessionNameId($entityType, $entityId) { - assert('is_string($entityType)'); - assert('is_string($entityId)'); - - if(!is_array($this->sessionNameId)) { - return NULL; - } - - if(!array_key_exists($entityType, $this->sessionNameId)) { - return NULL; - } - - if(!array_key_exists($entityId, $this->sessionNameId[$entityType])) { - return NULL; - } - - $nameId = $this->sessionNameId[$entityType][$entityId]; - if (array_key_exists('value', $nameId)) { - /* - * This session was saved by an old version of simpleSAMLphp. - * Convert to the new NameId format. - * - * TODO: Remove this conversion once every session should use the new format. - */ - $nameId['Value'] = $nameId['value']; - unset($nameId['value']); - } - - return $nameId; - } - - /** * Marks the user as logged in with the specified authority. * @@ -900,48 +857,6 @@ class SimpleSAML_Session { } - /** - * Upgrade the association list to the new format. - * - * Should be removed in version 1.7. - * - * @param string $idp The IdP we should add the associations to. - */ - private function upgradeAssociations($idp) { - assert('is_string($idp)'); - - $sp_at_idpsessions = $this->sp_at_idpsessions; - $this->sp_at_idpsessions = NULL; - $this->dirty = TRUE; - - $globalConfig = SimpleSAML_Configuration::getInstance(); - $sessionLifetime = time() + $globalConfig->getInteger('session.duration', 8*60*60); - - foreach ($sp_at_idpsessions as $spEntityId => $state) { - - if ($state !== 1) { /* 1 == STATE_ONLINE */ - continue; - } - - $nameId = $this->getSessionNameId('saml20-sp-remote', $spEntityId); - if($nameId === NULL) { - $nameId = $this->getNameID(); - } - - $id = 'saml:' . $spEntityId; - - $this->addAssociation($idp, array( - 'id' => $id, - 'Handler' => 'sspmod_saml_IdP_SAML2', - 'Expires' => $sessionLifetime, - 'saml:entityID' => $spEntityId, - 'saml:NameID' => $nameId, - 'saml:SessionIndex' => $this->getSessionIndex(), - )); - } - } - - /** * Add an SP association for an IdP. * @@ -955,11 +870,6 @@ class SimpleSAML_Session { assert('isset($association["id"])'); assert('isset($association["Handler"])'); - if (substr($idp, 0, 6) === 'saml2:' && !empty($this->sp_at_idpsessions)) { - /* Remove in 1.7. */ - $this->upgradeAssociations($idp); - } - if (!isset($this->associations)) { $this->associations = array(); } diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php index 12a540c7c5b686d7f8030089b3de56f4f77dc3b3..ab77ba3f66fba6490e456598c926125752c1b1cf 100644 --- a/modules/saml/lib/IdP/SAML2.php +++ b/modules/saml/lib/IdP/SAML2.php @@ -30,16 +30,7 @@ class sspmod_saml_IdP_SAML2 { $requestId = $state['saml:RequestId']; $relayState = $state['saml:RelayState']; $consumerURL = $state['saml:ConsumerURL']; - - if (isset($state['saml:Binding'])) { - $protocolBinding = $state['saml:Binding']; - } else { - /* - * To allow for upgrading while people are logging in. - * Should be removed in 1.7. - */ - $protocolBinding = SAML2_Const::BINDING_HTTP_POST; - } + $protocolBinding = $state['saml:Binding']; $idp = SimpleSAML_IdP::getByState($state); @@ -101,16 +92,7 @@ class sspmod_saml_IdP_SAML2 { $requestId = $state['saml:RequestId']; $relayState = $state['saml:RelayState']; $consumerURL = $state['saml:ConsumerURL']; - - if (isset($state['saml:Binding'])) { - $protocolBinding = $state['saml:Binding']; - } else { - /* - * To allow for upgrading while people are logging in. - * Should be removed in 1.7. - */ - $protocolBinding = SAML2_Const::BINDING_HTTP_POST; - } + $protocolBinding = $state['saml:Binding']; $idp = SimpleSAML_IdP::getByState($state); @@ -195,42 +177,6 @@ class sspmod_saml_IdP_SAML2 { SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: '. var_export($spEntityId, TRUE)); - } elseif (isset($_REQUEST['RequestID'])) { - /* - * To allow for upgrading while people are logging in. - * Should be removed in 1.7. - */ - - SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: RequestID received.'); - - $session = SimpleSAML_Session::getInstance(); - - $requestCache = $session->getAuthnRequest('saml2', (string)$_REQUEST['RequestID']); - if (!$requestCache) { - throw new Exception('Could not retrieve cached request...'); - } - - $spEntityId = $requestCache['Issuer']; - $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); - - $relayState = $requestCache['RelayState']; - $requestId = $requestCache['RequestID']; - $forceAuthn = $requestCache['ForceAuthn']; - $isPassive = $requestCache['IsPassive']; - $protocolBinding = SAML2_Const::BINDING_HTTP_POST; /* HTTP-POST was the only supported binding before 1.6. */ - - if (isset($requestCache['IDPList'])) { - $IDPList = $requestCache['IDPList']; - } else { - $IDPList = array(); - } - - if (isset($requestCache['ConsumerURL'])) { - $consumerURL = $requestCache['ConsumerURL']; - } else { - $consumerURL = NULL; - } - } else { $binding = SAML2_Binding::getCurrentBinding();