Skip to content
Snippets Groups Projects
Commit aeba0f14 authored by Thijs Kinkhorst's avatar Thijs Kinkhorst
Browse files

Merge branch 'm0ark-fix-idp-discohints'

parents de09698f b6a6e297
No related branches found
No related tags found
No related merge requests found
...@@ -158,7 +158,7 @@ abstract class SimpleSAML_Metadata_MetaDataStorageSource ...@@ -158,7 +158,7 @@ abstract class SimpleSAML_Metadata_MetaDataStorageSource
/** /**
* This function will go through all the metadata, and check the hint.cidr * This function will go through all the metadata, and check the DiscoHints->IPHint
* parameter, which defines a network space (ip range) for each remote entry. * parameter, which defines a network space (ip range) for each remote entry.
* This function returns the entityID for any of the entities that have an * This function returns the entityID for any of the entities that have an
* IP range which the IP falls within. * IP range which the IP falls within.
...@@ -176,14 +176,26 @@ abstract class SimpleSAML_Metadata_MetaDataStorageSource ...@@ -176,14 +176,26 @@ abstract class SimpleSAML_Metadata_MetaDataStorageSource
$metadataSet = $this->getMetadataSet($set); $metadataSet = $this->getMetadataSet($set);
foreach ($metadataSet as $index => $entry) { foreach ($metadataSet as $index => $entry) {
if (!array_key_exists('hint.cidr', $entry)) { $cidrHints = array();
continue;
// support hint.cidr for idp discovery
if (array_key_exists('hint.cidr', $entry) && is_array($entry['hint.cidr'])) {
$cidrHints = $entry['hint.cidr'];
}
// support discohints in idp metadata for idp discovery
if (array_key_exists('DiscoHints', $entry)
&& array_key_exists('IPHint', $entry['DiscoHints'])
&& is_array($entry['DiscoHints']['IPHint'])) {
// merge with hints derived from discohints, but prioritize hint.cidr in case it is used
$cidrHints = array_merge($entry['DiscoHints']['IPHint'], $cidrHints);
} }
if (!is_array($entry['hint.cidr'])) {
if (empty($cidrHints)) {
continue; continue;
} }
foreach ($entry['hint.cidr'] as $hint_entry) { foreach ($cidrHints as $hint_entry) {
if (SimpleSAML\Utils\Net::ipCIDRcheck($hint_entry, $ip)) { if (SimpleSAML\Utils\Net::ipCIDRcheck($hint_entry, $ip)) {
if ($type === 'entityid') { if ($type === 'entityid') {
return $entry['entityid']; return $entry['entityid'];
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment