From b73e5e43a0667668bcfb7c928faa83423bdb6cae Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 13 Aug 2009 07:04:53 +0000
Subject: [PATCH] saml2: Move sp-hosted metadata into authsources.php.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1656 44740490-163a-0410-bde0-09ae8108e29a
---
modules/saml2/lib/Auth/Source/SP.php | 59 +++++++++++++++++++---------
modules/saml2/www/sp/acs.php | 2 +-
modules/saml2/www/sp/logout.php | 2 +-
3 files changed, 42 insertions(+), 21 deletions(-)
diff --git a/modules/saml2/lib/Auth/Source/SP.php b/modules/saml2/lib/Auth/Source/SP.php
index ae762f993..10b6f44eb 100644
--- a/modules/saml2/lib/Auth/Source/SP.php
+++ b/modules/saml2/lib/Auth/Source/SP.php
@@ -55,6 +55,14 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
const LOGOUT_SESSIONINDEX = 'saml2:SP-Logout-SessionIndex';
+ /**
+ * The metadata for this SP.
+ *
+ * @var SimpleSAML_Configuration
+ */
+ private $metadata;
+
+
/**
* The entity id of this SP.
*/
@@ -80,17 +88,28 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
+ /* For compatibility with code that assumes that $metadata->getString('entityid') gives the entity id. */
if (array_key_exists('entityId', $config)) {
- $this->entityId = $config['entityId'];
+ $config['entityid'] = $config['entityId'];
} else {
- $this->entityId = SimpleSAML_Module::getModuleURL('saml2/sp/metadata.php?source=' . urlencode($this->authId));
+ $config['entityid'] = SimpleSAML_Module::getModuleURL('saml2/sp/metadata.php?source=' . urlencode($this->authId));
}
- if (array_key_exists('idp', $config)) {
- $this->idp = $config['idp'];
- } else {
- $this->idp = NULL;
- }
+ /* For backwards-compatibility with configuration in saml20-sp-hosted. */
+ try {
+ $metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+ $oldMetadata = $metadataHandler->getMetaData($config['entityid'], 'saml20-sp-hosted');
+
+ SimpleSAML_Logger::warning('Depreceated metadata for ' . var_export($config['entityid'], TRUE) .
+ ' in saml20-sp-hosted. The metadata in should be moved into authsources.php.');
+
+ $config = array_merge($oldMetadata, $config);
+ } catch (Exception $e) {};
+
+ $this->metadata = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']');
+
+ $this->entityId = $this->metadata->getString('entityid');
+ $this->idp = $this->metadata->getString('idp', NULL);
}
@@ -157,10 +176,9 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- $spMetadata = $metadata->getMetaDataConfig($this->getEntityId(), 'saml20-sp-hosted');
$idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote');
- $ar = sspmod_saml2_Message::buildAuthnRequest($spMetadata, $idpMetadata);
+ $ar = sspmod_saml2_Message::buildAuthnRequest($this->metadata, $idpMetadata);
$ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml2/sp/acs.php'));
$ar->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
@@ -187,6 +205,17 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
}
+ /**
+ * Retrieve the metadata for this SP.
+ *
+ * @return SimpleSAML_Configuration The metadata, as a configuration object.
+ */
+ public function getMetadata() {
+
+ return $this->metadata;
+ }
+
+
/**
* Retrieve the NameIDFormat used by this SP.
*
@@ -194,14 +223,7 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
*/
public function getNameIDFormat() {
- $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- $spmeta = $metadata->getMetadata($this->getEntityId(), 'saml20-sp-hosted');
-
- if (array_key_exists('NameIDFormat', $spmeta)) {
- return $spmeta['NameIDFormat'];
- } else {
- return 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
- }
+ return $this->metadata->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
}
@@ -256,10 +278,9 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
}
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- $spMetadata = $metadata->getMetaDataConfig($this->getEntityId(), 'saml20-sp-hosted');
$idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote');
- $lr = sspmod_saml2_Message::buildLogoutRequest($spMetadata, $idpMetadata);
+ $lr = sspmod_saml2_Message::buildLogoutRequest($this->metadata, $idpMetadata);
$lr->setNameId($nameId);
$lr->setSessionIndex($sessionIndex);
$lr->setRelayState($id);
diff --git a/modules/saml2/www/sp/acs.php b/modules/saml2/www/sp/acs.php
index 0230131f8..9cff6754a 100644
--- a/modules/saml2/www/sp/acs.php
+++ b/modules/saml2/www/sp/acs.php
@@ -33,7 +33,7 @@ if ($idp === NULL) {
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote');
-$spMetadata = $metadata->getMetaDataConfig($source->getEntityId(), 'saml20-sp-hosted');
+$spMetadata = $source->getMetadata();
/* Check if the IdP is allowed to authenticate users for this authentication source. */
if (!$source->isIdPValid($idp)) {
diff --git a/modules/saml2/www/sp/logout.php b/modules/saml2/www/sp/logout.php
index 43448c362..35c89beef 100644
--- a/modules/saml2/www/sp/logout.php
+++ b/modules/saml2/www/sp/logout.php
@@ -30,7 +30,7 @@ $spEntityId = $source->getEntityId();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
-$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
+$spMetadata = $source->getMetadata();
sspmod_saml2_Message::validateMessage($idpMetadata, $spMetadata, $message);
--
GitLab