From c2c83df4eb7b9ea43e1f3c2f065ad8d28b1947f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 18 Sep 2007 15:02:40 +0000
Subject: [PATCH] Fix for Shibboleth POST and fixing slo endpoint in saml2
 metadata

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@10 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Bindings/Shib13/HTTPPost.php |  2 +-
 metadata-templates/saml20-sp-remote.php     | 24 +++++++++++++++++++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index ec7c202d8..6ff9771cf 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -125,7 +125,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		*/
 		
 		
-		$objXMLSecDSig->appendSignature($responseroot, false);
+		$objXMLSecDSig->appendSignature($responseroot, true);
 		
 		$response = $responsedom->saveXML();
 		
diff --git a/metadata-templates/saml20-sp-remote.php b/metadata-templates/saml20-sp-remote.php
index 78fc98b30..3cf919fb7 100644
--- a/metadata-templates/saml20-sp-remote.php
+++ b/metadata-templates/saml20-sp-remote.php
@@ -22,6 +22,7 @@ $metadata = array(
 
 	'dev.andreas.feide.no' => array(
  		'assertionConsumerServiceURL'	=>	'http://dev.andreas.feide.no/saml2/sp/AssertionConsumerService.php', 
+ 		'SingleLogOutUrl'				=>	'http://dev.andreas.feide.no/saml2/sp/SingleLogoutService.php',
 		'spNameQualifier' 				=>	'dev.andreas.feide.no',
 		'ForceAuthn'					=>	'false',
 		'NameIDFormat'					=>	'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
@@ -35,7 +36,7 @@ $metadata = array(
 	 * must set the simplesaml.nameidattribute to be the name of an attribute that for this user has the value of 'john'.
 	 */
 	'google.com' => array(
- 		'assertionConsumerServiceURL'	=>	'https://www.google.com/a/foo.com/acs', 
+ 		'assertionConsumerServiceURL'	=>	'https://www.google.com/a/foo.no/acs', 
 		'spNameQualifier' 				=>	'google.com',
 		'ForceAuthn'					=>	'false',
 		'NameIDFormat'					=>	'urn:oasis:names:tc:SAML:2.0:nameid-format:email',
@@ -45,31 +46,50 @@ $metadata = array(
 	
 	"feide2.erlang.no" => array(
  		"assertionConsumerServiceURL"	=>	"https://feide2.erlang.no/saml2/sp/AssertionConsumerService.php", 
+ 		'SingleLogOutUrl'				=>	'http://feide2.erlang.no/saml2/sp/SingleLogoutService.php',
 		"spNameQualifier" 				=>	"feide2.erlang.no",
 		"ForceAuthn"					=>	"false",
 		"NameIDFormat"					=>	"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
 		'simplesaml.nameidattribute'	=>	'uid',
 		'simplesaml.attributes'			=>	true
 	),
+	
+	/*
+	 * This example is an OpenFM service provider.
+	 */
+	'services.feide.no' => array(
+ 		"assertionConsumerServiceURL"	=>	'https://services.feide.no/openfm/Consumer/metaAlias/sp_meta_alias',
+ 		'SingleLogOutUrl'				=>	'https://services.feide.no/openfm/SPSloRedirect/metaAlias/sp_meta_alias',
+		"spNameQualifier" 				=>	'services.feide.no',
+		"ForceAuthn"					=>	'false',
+		"NameIDFormat"					=>	'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
+		'simplesaml.attributes'			=>	true
+	),
 		
 	"feide3.erlang.no" => array(
  		"assertionConsumerServiceURL"	=>	"https://feide3.erlang.no/saml2/sp/AssertionConsumerService.php", //
+ 		'SingleLogOutUrl'				=>	'https://feide3.erlang.no/saml2/sp/SPSloRedirect/metaAlias/sp_meta_alias',
 		"spNameQualifier" 				=>	"feide3.erlang.no",
 		"ForceAuthn"					=>	"false",
 		"NameIDFormat"					=>	"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
 		'simplesaml.attributes'			=>	true
 	),
 	
+	/*
+	 * This example is a Shibboleth 2.0 service provider.
+	 */
 	"skjak.uninett.no" => array(
  		"assertionConsumerServiceURL"	=>	"https://skjak.uninett.no/Shibboleth.sso/SAML2/POST", //
+ 		'SingleLogOutUrl'				=>	'http://skjak.uninett.no/foo',
 		"spNameQualifier" 				=>	"skjak.uninett.no",
 		"ForceAuthn"					=>	"false",
 		"NameIDFormat"					=>	"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
 		'simplesaml.attributes'			=>	true
 		),
-	"skjak.uninett.no" => array(
+	"skjak2.uninett.no" => array(
 // 		"assertionConsumerServiceURL"	=>	"https://skjak2.uninett.no:443/fam/Consumer/metaAlias/sp_meta_alias", //
  		"assertionConsumerServiceURL"	=>	"https://skjak.uninett.no/Shibboleth.sso/SAML2/POST", //
+ 		'SingleLogOutUrl'				=>	'http://skjak.uninett.no/foo',
 		"spNameQualifier" 				=>	"skjak.uninett.no",
 		"ForceAuthn"					=>	"false",
 		"NameIDFormat"					=>	"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
-- 
GitLab