saml2: Move sp-hosted metadata into authsources.php.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1656 44740490-163a-0410-bde0-09ae8108e29a

saml2: Move sp-hosted metadata into authsources.php.
b73e5e43 · Olav Morken · c88ead9c · b73e5e43 · b73e5e43 · b73e5e43
Commit b73e5e43 authored 15 years ago by Olav Morken
--- a/modules/saml2/lib/Auth/Source/SP.php
+++ b/modules/saml2/lib/Auth/Source/SP.php
@@ -55,6 +55,14 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
 	const LOGOUT_SESSIONINDEX = 'saml2:SP-Logout-SessionIndex';


+	/**
+	 * The metadata for this SP.
+	 *
+	 * @var SimpleSAML_Configuration
+	 */
+	private $metadata;
+
+
 	/**
 	 * The entity id of this SP.
 	 */
@@ -80,17 +88,28 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		/* Call the parent constructor first, as required by the interface. */
 		parent::__construct($info, $config);

+		/* For compatibility with code that assumes that $metadata->getString('entityid') gives the entity id. */
 		if (array_key_exists('entityId', $config)) {
-			$this->entityId = $config['entityId'];
+			$config['entityid'] = $config['entityId'];
 		} else {
-			$this->entityId = SimpleSAML_Module::getModuleURL('saml2/sp/metadata.php?source=' . urlencode($this->authId));
+			$config['entityid'] = SimpleSAML_Module::getModuleURL('saml2/sp/metadata.php?source=' . urlencode($this->authId));
 		}

-		if (array_key_exists('idp', $config)) {
-			$this->idp = $config['idp'];
-		} else {
-			$this->idp = NULL;
-		}
+		/* For backwards-compatibility with configuration in saml20-sp-hosted. */
+		try {
+			$metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+			$oldMetadata = $metadataHandler->getMetaData($config['entityid'], 'saml20-sp-hosted');
+
+			SimpleSAML_Logger::warning('Depreceated metadata for ' . var_export($config['entityid'], TRUE) .
+				' in saml20-sp-hosted. The metadata in should be moved into authsources.php.');
+
+			$config = array_merge($oldMetadata, $config);
+		} catch (Exception $e) {};
+
+		$this->metadata = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']');
+
+		$this->entityId = $this->metadata->getString('entityid');
+		$this->idp = $this->metadata->getString('idp', NULL);
 	}


@@ -157,10 +176,9 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {

 		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();

-		$spMetadata = $metadata->getMetaDataConfig($this->getEntityId(), 'saml20-sp-hosted');
 		$idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote');

-		$ar = sspmod_saml2_Message::buildAuthnRequest($spMetadata, $idpMetadata);
+		$ar = sspmod_saml2_Message::buildAuthnRequest($this->metadata, $idpMetadata);

 		$ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml2/sp/acs.php'));
 		$ar->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
@@ -187,6 +205,17 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
 	}


+	/**
+	 * Retrieve the metadata for this SP.
+	 *
+	 * @return SimpleSAML_Configuration  The metadata, as a configuration object.
+	 */
+	public function getMetadata() {
+
+		return $this->metadata;
+	}
+
+
 	/**
 	 * Retrieve the NameIDFormat used by this SP.
 	 *
@@ -194,14 +223,7 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
 	 */
 	public function getNameIDFormat() {

-		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-		$spmeta = $metadata->getMetadata($this->getEntityId(), 'saml20-sp-hosted');
-
-		if (array_key_exists('NameIDFormat', $spmeta)) {
-			return $spmeta['NameIDFormat'];
-		} else {
-			return 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
-		}
+		return $this->metadata->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
 	}


@@ -256,10 +278,9 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		}

 		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-		$spMetadata = $metadata->getMetaDataConfig($this->getEntityId(), 'saml20-sp-hosted');
 		$idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote');

-		$lr = sspmod_saml2_Message::buildLogoutRequest($spMetadata, $idpMetadata);
+		$lr = sspmod_saml2_Message::buildLogoutRequest($this->metadata, $idpMetadata);
 		$lr->setNameId($nameId);
 		$lr->setSessionIndex($sessionIndex);
 		$lr->setRelayState($id);

--- a/modules/saml2/www/sp/acs.php
+++ b/modules/saml2/www/sp/acs.php
@@ -33,7 +33,7 @@ if ($idp === NULL) {

 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote');
-$spMetadata = $metadata->getMetaDataConfig($source->getEntityId(), 'saml20-sp-hosted');
+$spMetadata = $source->getMetadata();

 /* Check if the IdP is allowed to authenticate users for this authentication source. */
 if (!$source->isIdPValid($idp)) {

--- a/modules/saml2/www/sp/logout.php
+++ b/modules/saml2/www/sp/logout.php
@@ -30,7 +30,7 @@ $spEntityId = $source->getEntityId();

 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
-$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
+$spMetadata = $source->getMetadata();

 sspmod_saml2_Message::validateMessage($idpMetadata, $spMetadata, $message);