From af179ceababf970d5eb35479365efdea6438e99f Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Wed, 4 Nov 2009 13:53:25 +0000 Subject: [PATCH] saml1: Support new endpoint format. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1951 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/Bindings/Shib13/Artifact.php | 4 ++-- lib/SimpleSAML/XML/Shib13/AuthnRequest.php | 10 ++++------ www/shib13/idp/SSOService.php | 18 ++++++++++-------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php index befa748b0..263335e37 100644 --- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php +++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php @@ -122,8 +122,8 @@ class SimpleSAML_Bindings_Shib13_Artifact { $artifacts = self::getArtifacts(); $request = self::buildRequest($artifacts); - $url = 'https://skjak.uninett.no:1245/test...'; - $url = $idpMetadata->getString('ArtifactResolutionService'); + $url = $idpMetadata->getDefaultEndpoint('ArtifactResolutionService', array('urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding')); + $url = $url['Location']; $certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata->toArray(), TRUE); if (!array_key_exists('PEM', $certData)) { diff --git a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php index 3426375af..1ea130cd6 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php @@ -75,17 +75,15 @@ class SimpleSAML_XML_Shib13_AuthnRequest { public function createRedirect($destination, $shire = NULL) { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); - $idpmetadata = $metadata->getMetaData($destination, 'shib13-idp-remote'); + $idpmetadata = $metadata->getMetaDataConfig($destination, 'shib13-idp-remote'); if ($shire === NULL) { $shire = $metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted'); } - if (!isset($idpmetadata['SingleSignOnService'])) { - throw new Exception('Could not find the SingleSignOnService parameter in the Shib 1.3 IdP Remote metadata. This parameter has changed name from an earlier version of simpleSAMLphp, when it was called SingleSignOnUrl. Please check your shib13-sp-remote.php configuration the IdP with entity id ' . $destination . ' and make sure the SingleSignOnService parameter is set.'); - } - - $desturl = $idpmetadata['SingleSignOnService']; + $desturl = $idpmetadata->getDefaultEndpoint('SingleSignOnService', array('urn:mace:shibboleth:1.0:profiles:AuthnRequest')); + $desturl = $desturl['Location']; + $target = $this->getRelayState(); $url = $desturl . '?' . diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php index 7d7b95693..704b22786 100644 --- a/www/shib13/idp/SSOService.php +++ b/www/shib13/idp/SSOService.php @@ -164,16 +164,18 @@ try { /* Validate the Shire the response should be sent to. */ $shire = $requestcache['shire']; - if (!$spMetadata->hasValue('AssertionConsumerService')) { - throw new Exception('Could not find [AssertionConsumerService] in Shib 1.3 Service Provider remote metadata.'); - } $foundACS = FALSE; - foreach ($spMetadata->getArrayizeString('AssertionConsumerService') as $acs) { - if ($acs === $shire) { - SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Found AssertionConsumerService: '. $acs); - $foundACS = TRUE; - break; + foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $acs) { + if ($acs['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') { + continue; + } + if ($acs['Location'] !== $shire) { + continue; } + + SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Found AssertionConsumerService: '. $acs); + $foundACS = TRUE; + break; } if (!$foundACS) { throw new Exception('Invalid AssertionConsumerService for SP ' . -- GitLab