Fix for Shibboleth POST and fixing slo endpoint in saml2 metadata

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@10 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/Bindings/Shib13/HTTPPost.php

@@ -125,7 +125,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		*/
 		
 		
-		$objXMLSecDSig->appendSignature($responseroot,false);
+		$objXMLSecDSig->appendSignature($responseroot, true);
 		
 		$response = $responsedom->saveXML();
 		

metadata-templates/saml20-sp-remote.php

@@ -22,6 +22,7 @@ $metadata = array(
 
 	'dev.andreas.feide.no' => array(
  		'assertionConsumerServiceURL'	=>	'http://dev.andreas.feide.no/saml2/sp/AssertionConsumerService.php', 
+ 		'SingleLogOutUrl'				=>	'http://dev.andreas.feide.no/saml2/sp/SingleLogoutService.php',
 		'spNameQualifier' 				=>	'dev.andreas.feide.no',
 		'ForceAuthn'					=>	'false',
 		'NameIDFormat'					=>	'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
@@ -35,7 +36,7 @@ $metadata = array(
 	 * must set the simplesaml.nameidattribute to be the name of an attribute that for this user has the value of 'john'.
 	 */
 	'google.com' => array(
- 		'assertionConsumerServiceURL'	=>	'https://www.google.com/a/foo.com/acs', 
+ 		'assertionConsumerServiceURL'	=>	'https://www.google.com/a/foo.no/acs', 
 		'spNameQualifier' 				=>	'google.com',
 		'ForceAuthn'					=>	'false',
 		'NameIDFormat'					=>	'urn:oasis:names:tc:SAML:2.0:nameid-format:email',
@@ -45,31 +46,50 @@ $metadata = array(
 	
 	"feide2.erlang.no" => array(
  		"assertionConsumerServiceURL"	=>	"https://feide2.erlang.no/saml2/sp/AssertionConsumerService.php", 
+ 		'SingleLogOutUrl'				=>	'http://feide2.erlang.no/saml2/sp/SingleLogoutService.php',
 		"spNameQualifier" 				=>	"feide2.erlang.no",
 		"ForceAuthn"					=>	"false",
 		"NameIDFormat"					=>	"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
 		'simplesaml.nameidattribute'	=>	'uid',
 		'simplesaml.attributes'			=>	true
 	),
+	
+	/*
+	 * This example is an OpenFM service provider.
+	 */
+	'services.feide.no' => array(
+ 		"assertionConsumerServiceURL"	=>	'https://services.feide.no/openfm/Consumer/metaAlias/sp_meta_alias',
+ 		'SingleLogOutUrl'				=>	'https://services.feide.no/openfm/SPSloRedirect/metaAlias/sp_meta_alias',
+		"spNameQualifier" 				=>	'services.feide.no',
+		"ForceAuthn"					=>	'false',
+		"NameIDFormat"					=>	'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
+		'simplesaml.attributes'			=>	true
+	),
 		
 	"feide3.erlang.no" => array(
  		"assertionConsumerServiceURL"	=>	"https://feide3.erlang.no/saml2/sp/AssertionConsumerService.php", //
+ 		'SingleLogOutUrl'				=>	'https://feide3.erlang.no/saml2/sp/SPSloRedirect/metaAlias/sp_meta_alias',
 		"spNameQualifier" 				=>	"feide3.erlang.no",
 		"ForceAuthn"					=>	"false",
 		"NameIDFormat"					=>	"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
 		'simplesaml.attributes'			=>	true
 	),
 	
+	/*
+	 * This example is a Shibboleth 2.0 service provider.
+	 */
 	"skjak.uninett.no" => array(
  		"assertionConsumerServiceURL"	=>	"https://skjak.uninett.no/Shibboleth.sso/SAML2/POST", //
+ 		'SingleLogOutUrl'				=>	'http://skjak.uninett.no/foo',
 		"spNameQualifier" 				=>	"skjak.uninett.no",
 		"ForceAuthn"					=>	"false",
 		"NameIDFormat"					=>	"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
 		'simplesaml.attributes'			=>	true
 		),
-	"skjak.uninett.no" => array(
+	"skjak2.uninett.no" => array(
 // 		"assertionConsumerServiceURL"	=>	"https://skjak2.uninett.no:443/fam/Consumer/metaAlias/sp_meta_alias", //
  		"assertionConsumerServiceURL"	=>	"https://skjak.uninett.no/Shibboleth.sso/SAML2/POST", //
+ 		'SingleLogOutUrl'				=>	'http://skjak.uninett.no/foo',
 		"spNameQualifier" 				=>	"skjak.uninett.no",
 		"ForceAuthn"					=>	"false",
 		"NameIDFormat"					=>	"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",