From cd8d564e2c1c27728dc9907b7924922f97bcda16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Mon, 28 Jan 2008 16:21:44 +0000
Subject: [PATCH] forgot to checkin the bitmap for favicon, here it is
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@207 44740490-163a-0410-bde0-09ae8108e29a
---
config/config-template.php | 8 +++++
lib/SimpleSAML/Session.php | 33 +++++++++++++++-----
lib/SimpleSAML/XML/SAML20/AuthnRequest.php | 15 ---------
lib/SimpleSAML/XML/SAML20/AuthnResponse.php | 4 +--
lib/SimpleSAML/XML/Shib13/AuthnResponse.php | 2 +-
www/admin/metadata.php | 13 ++++++--
www/auth/login-auto.php | 2 +-
www/auth/login-ldapmulti.php | 2 +-
www/auth/login-radius.php | 2 +-
www/auth/login.php | 3 +-
www/example-simple/hostnames.php | 12 +++++--
www/example-simple/saml2-example.php | 2 +-
www/example-simple/shib13-example.php | 2 +-
www/index.php | 14 +++++++--
www/resources/icons/favicon.ico | Bin 0 -> 2238 bytes
www/saml2/idp/SSOService.php | 5 ++-
www/saml2/idp/metadata.php | 13 +++++++-
www/saml2/sp/initSSO.php | 2 +-
www/shib13/idp/SSOService.php | 4 +--
www/shib13/sp/initSSO.php | 2 +-
20 files changed, 97 insertions(+), 43 deletions(-)
create mode 100755 www/resources/icons/favicon.ico
diff --git a/config/config-template.php b/config/config-template.php
index 5f34ed762..1f4742312 100644
--- a/config/config-template.php
+++ b/config/config-template.php
@@ -48,6 +48,14 @@ $config = array (
'logging.facility' => LOG_LOCAL5,
'logging.level' => LOG_NOTICE,
+
+ /**
+ * This password must be kept secret, and modified from the default value 123.
+ * This password will give access to the installation page of simpleSAMLphp with
+ * metadata listing and diagnostics pages.
+ */
+ 'auth.adminpassword' => '123',
+
/*
* Enable
*
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 2e7b3e9da..c1b05534c 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -55,6 +55,8 @@ class SimpleSAML_Session {
private $sp_at_idpsessions = array();
+ private $authority = null;
+
// Session duration parameters
private $sessionstarted = null;
private $sessionduration = null;
@@ -66,7 +68,7 @@ class SimpleSAML_Session {
/**
* private constructor restricts instantiaton to getInstance()
*/
- private function __construct($protocol, $authenticated = true) {
+ private function __construct($authenticated = true) {
$this->protocol = $protocol;
@@ -112,14 +114,17 @@ class SimpleSAML_Session {
}
}
- public static function init($protocol, $authenticated = false) {
+ public static function init($authenticated = false, $authority = null) {
$preinstance = self::getInstance();
if (isset($preinstance)) {
- if (isset($authenticated)) $preinstance->setAuthenticated($authenticated);
+
+ $preinstance->clean();
+ if (isset($authenticated)) $preinstance->setAuthenticated($authenticated, $authority);
+
} else {
- self::$instance = new SimpleSAML_Session($protocol, $authenticated);
+ self::$instance = new SimpleSAML_Session($authenticated, $authority);
/* Save the new session with the session handler. */
$sh = SimpleSAML_SessionHandler::getSessionHandler();
@@ -139,6 +144,14 @@ class SimpleSAML_Session {
return $this->trackid;
}
+ /**
+ * Who authorized this session. could be in example saml2, shib13, login,login-admin etc.
+ */
+ public function getAuthority() {
+ return $this->authority;
+ }
+
+
// *** SP list to be used with SAML 2.0 SLO ***
// *** *** *** *** *** *** *** *** *** *** ***
@@ -293,11 +306,14 @@ class SimpleSAML_Session {
return $this->nameidformat;
}
- public function setAuthenticated($auth) {
+ public function setAuthenticated($auth, $authority = null) {
if ($auth === false) $this->dirty = false;
if ($auth != $this->authenticated) $this->dirty = false;
+
+ $this->authority = $authority;
$this->authenticated = $auth;
- if ($auth) {
+
+ if ($auth) {
$this->sessionstarted = time();
}
}
@@ -313,8 +329,9 @@ class SimpleSAML_Session {
* This function will return false after the user has timed out.
*/
- public function isValid() {
+ public function isValid($authority = null) {
if (!$this->isAuthenticated()) return false;
+ if (!empty($authority) && ($authority != $this->authority) ) return false;
return $this->remainingTime() > 0;
}
@@ -367,6 +384,8 @@ class SimpleSAML_Session {
$this->authnrequests = array();
$this->logoutrequest = null;
$this->idp = null;
+
+ $this->authority = null;
$this->authenticated = null;
$this->protocol = null;
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
index b53a18e23..aff068d20 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
@@ -104,22 +104,7 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
return $requestid;
*/
}
- /*
- public function createSession() {
-
-
- $session = SimpleSAML_Session::getInstance();
-
- if (!isset($session)) {
- SimpleSAML_Session::init(self::PROTOCOL, null, false);
- $session = SimpleSAML_Session::getInstance();
- }
-
- $session->setAuthnRequest($this->getRequestID(), $this);
- return $session;
- }
- */
public function generate($spentityid, $destination) {
$md = $this->metadata->getMetaData($spentityid);
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index a40939327..4827da4a3 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -138,8 +138,8 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
public function createSession() {
- //($protocol, $message = null, $authenticated = true) {
- SimpleSAML_Session::init(self::PROTOCOL, true);
+
+ SimpleSAML_Session::init(true, 'saml2');
$session = SimpleSAML_Session::getInstance();
$session->setAttributes($this->getAttributes());
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 98c24cbeb..8ba625a0a 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -180,7 +180,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
public function createSession() {
- SimpleSAML_Session::init(self::PROTOCOL, $this, true);
+ SimpleSAML_Session::init(true, 'shib13');
$session = SimpleSAML_Session::getInstance();
$session->setAttributes($this->getAttributes());
diff --git a/www/admin/metadata.php b/www/admin/metadata.php
index b1cdda863..4f02d559c 100644
--- a/www/admin/metadata.php
+++ b/www/admin/metadata.php
@@ -11,6 +11,15 @@ require_once('SimpleSAML/XHTML/Template.php');
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
+
+/* Check if valid local session exists.. */
+if (!isset($session) || !$session->isValid('login-admin') ) {
+ SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
+ array('RelayState' => SimpleSAML_Utilities::selfURL())
+ );
+}
+
+
try {
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
@@ -48,7 +57,7 @@ try {
foreach ($metalist AS $entityid => $mentry) {
$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
array('entityid', 'host', 'privatekey', 'certificate', 'auth'),
- array('requireconsent','request.signing')
+ array('requireconsent','request.signing', 'authority')
);
}
$et->data['metadata.saml20-idp-hosted'] = $results;
@@ -98,7 +107,7 @@ try {
foreach ($metalist AS $entityid => $mentry) {
$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
array('entityid', 'host', 'privatekey', 'certificate', 'auth'),
- array('requireconsent')
+ array('requireconsent', 'authority')
);
}
$et->data['metadata.shib13-idp-hosted'] = $results;
diff --git a/www/auth/login-auto.php b/www/auth/login-auto.php
index b2352c748..49090cdcb 100644
--- a/www/auth/login-auto.php
+++ b/www/auth/login-auto.php
@@ -86,7 +86,7 @@ if($session == NULL) {
/* Set the user as authenticated and add the attributes from the
* configuration.
*/
-$session->setAuthenticated(true);
+$session->setAuthenticated(true, 'login-auto');
$session->setAttributes($attributes);
/* Return the user to the page set in the RelayState parameter. */
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index 0171a5c58..a85f9ac98 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -81,7 +81,7 @@ if (isset($_POST['username'])) {
$logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
- $session->setAuthenticated(true);
+ $session->setAuthenticated(true, 'login-ldapmulti');
$session->setAttributes($attributes);
$session->setNameID(SimpleSAML_Utilities::generateID());
diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php
index 4bb69ad5b..f8488d512 100644
--- a/www/auth/login-radius.php
+++ b/www/auth/login-radius.php
@@ -78,7 +78,7 @@ if (isset($_POST['username'])) {
$logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'radius', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
- $session->setAuthenticated(true);
+ $session->setAuthenticated(true, 'login-radius');
$session->setAttributes($attributes);
$returnto = $_REQUEST['RelayState'];
diff --git a/www/auth/login.php b/www/auth/login.php
index 4e9b8882c..2fc4839c2 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -136,7 +136,8 @@ if (isset($_POST['username'])) {
$attributes[$name] = $values;
}
- $session->setAuthenticated(true);
+ $session->setAuthenticated(true, 'login');
+
$session->setAttributes($attributes);
$session->setNameID(SimpleSAML_Utilities::generateID());
diff --git a/www/example-simple/hostnames.php b/www/example-simple/hostnames.php
index 7afcfd590..ca049c204 100644
--- a/www/example-simple/hostnames.php
+++ b/www/example-simple/hostnames.php
@@ -11,10 +11,18 @@ require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
require_once('SimpleSAML/XHTML/Template.php');
-/* Load simpleSAMLphp, configuration and metadata */
+/* Load simpleSAMLphp, configuration */
$config = SimpleSAML_Configuration::getInstance();
+$session = SimpleSAML_Session::getInstance(true);
+
+/* Check if valid local session exists.. */
+if (!isset($session) || !$session->isValid('login-admin') ) {
+ SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
+ array('RelayState' => SimpleSAML_Utilities::selfURL())
+ );
+}
+
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
diff --git a/www/example-simple/saml2-example.php b/www/example-simple/saml2-example.php
index be04257fb..0373563aa 100644
--- a/www/example-simple/saml2-example.php
+++ b/www/example-simple/saml2-example.php
@@ -14,7 +14,7 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
/* Check if valid local session exists.. */
-if (!isset($session) || !$session->isValid() ) {
+if (!isset($session) || !$session->isValid('saml2') ) {
SimpleSAML_Utilities::redirect(
'/' . $config->getValue('baseurlpath') .
'saml2/sp/initSSO.php',
diff --git a/www/example-simple/shib13-example.php b/www/example-simple/shib13-example.php
index 339758acf..54010fc45 100644
--- a/www/example-simple/shib13-example.php
+++ b/www/example-simple/shib13-example.php
@@ -16,7 +16,7 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
-if (!isset($session) || !$session->isValid() ) {
+if (!isset($session) || !$session->isValid('shib13') ) {
SimpleSAML_Utilities::redirect(
'/' . $config->getValue('baseurlpath') .
diff --git a/www/index.php b/www/index.php
index c7bc19e3b..da695d077 100644
--- a/www/index.php
+++ b/www/index.php
@@ -8,11 +8,21 @@ require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/XHTML/Template.php');
require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
+
+
+/* Load simpleSAMLphp, configuration */
$config = SimpleSAML_Configuration::getInstance();
+$session = SimpleSAML_Session::getInstance(true);
+
+/* Check if valid local session exists.. */
+if (!isset($session) || !$session->isValid('login-admin') ) {
+ SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
+ array('RelayState' => SimpleSAML_Utilities::selfURL())
+ );
+}
+
-$session = SimpleSAML_Session::getInstance();
-
$links = array();
diff --git a/www/resources/icons/favicon.ico b/www/resources/icons/favicon.ico
new file mode 100755
index 0000000000000000000000000000000000000000..433d7eb979dc712d3c8d8bf49aadf4fbe73a8a59
GIT binary patch
literal 2238
zcmdVay>1gh6o%mwf#g)6G}I^+b>;>T$}Oa(o02vqMxyX7Oa%o(h+Cj>MS*+?q@uNi
ztJo4zmgmgIk`?06&@k(F$Mc;tXTF{Ni8ydPeHzY(@#!$)NklvYDV`(sY}1Fm8&3y2
z|6?j>Je`i6v%fK)&tv|59;<I3V=)ZTP*E@}hFGAXqCip%jgE$j0uy7XbTm{HC>BGZ
zqoJa}0<j1hDhh^Sq5MLrg=r&2&xoHG8Y&71ywK55Q6PyIIvOepOyq@*hKd5ktWI|{
zR1{c%Ckh%W3M|SG9Ss!)j0n-uP*GsO4;>8^1rqq7qoJa}B!1|~qoP0|ez-$JMS<e{
z(9uv)U_pN9Xs9S)!W23hDhmAJhmMAd0zrQ0-3i@MU;;mO3Jnznits~6Lq&nY{Ls-*
zQD8BC=xC@YU_dE48Y&8$_@Vb*q3iPy;6=IdvCBt{56dDSi+lv~cAJ>DFmG4hn!F9U
z<pzB#bK7!@ayy*Fke8L0kap8r+Q=odTu#l@lp-$h1)nj)InHp3<G+V5F5>L$EY8o*
zJEy0oaeRCnM@L7uE5+*95Fg&Z_a0Bx&Wp{?d(=nyKIJe+|9xBDe+A2o@6WkBSudmK
z++F5!bs|H;trC;%c(U4N>=u}qGG<&(mNyx@K6?D7#AH2Yu$f9%cjFP;jP4^(!n4_S
zg<N-=G1KV6n+@9;x@osEW}9`m^4+$RvC)LqyJ7#g8OuHKF=Jf)uK8I`jqYw=e9T~9
z?(Ow+ezwc3px+mlkOg{;KH-nkIuq`R_X3-INAGUwz)s&COjUw*PrN7WkE<}5+!y{g
zG2ehc+E2<?ynXEh@p5<<kB7<h(e;Dr!&e9McyX|@^cDKIWFCjZ3Rf7CIaavxeYxHt
Mzd4;Z`XA`+H*l(b6aWAK
literal 0
HcmV?d00001
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 31d590aa5..4b13c2315 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -136,6 +136,9 @@ if (isset($_GET['SAMLRequest'])) {
}
+$authority = isset($idpmeta['authority']) ? $idpmeta['authority'] : null;
+
+
/*
* As we have passed the code above, we have an accociated request that is already processed.
*
@@ -145,7 +148,7 @@ if (isset($_GET['SAMLRequest'])) {
* endpoint - then the session is authenticated and set, and the user is redirected back with a RequestID
* parameter so we can retrieve the cached information from the request.
*/
-if (!$session->isAuthenticated() ) {
+if (!isset($session) || !$session->isValid($authority) ) {
$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthNext', $idpmeta['auth'],
'Will go to authentication module ' . $idpmeta['auth']);
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 937d73a65..54176230b 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -10,7 +10,18 @@ require_once('SimpleSAML/XHTML/Template.php');
/* Load simpleSAMLphp, configuration and metadata */
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getInstance(true);
+
+
+
+/* Check if valid local session exists.. */
+if (!isset($session) || !$session->isValid('login-admin') ) {
+ SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
+ array('RelayState' => SimpleSAML_Utilities::selfURL())
+ );
+}
+
+
try {
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
index 5a8ff34b4..508b8f154 100644
--- a/www/saml2/sp/initSSO.php
+++ b/www/saml2/sp/initSSO.php
@@ -46,7 +46,7 @@ try {
exit(0);
}
-if (!isset($session) || !$session->isValid() ) {
+if (!isset($session) || !$session->isValid('saml2') ) {
if ($idpentityid == null) {
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index f5ce87b63..fa06e2052 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -132,7 +132,7 @@ if (isset($_GET['shire'])) {
}
-
+$authority = isset($idpmeta['authority']) ? $idpmeta['authority'] : null;
/*
* As we have passed the code above, we have an accociated request that is already processed.
@@ -143,7 +143,7 @@ if (isset($_GET['shire'])) {
* endpoint - then the session is authenticated and set, and the user is redirected back with a RequestID
* parameter so we can retrieve the cached information from the request.
*/
-if (!$session->isAuthenticated() ) {
+if (!$session->isAuthenticated($authority) ) {
$relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid);
$authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'],
diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php
index 55a7723fb..95f2d2f90 100644
--- a/www/shib13/sp/initSSO.php
+++ b/www/shib13/sp/initSSO.php
@@ -40,7 +40,7 @@ try {
-if (!isset($session) || !$session->isValid() ) {
+if (!isset($session) || !$session->isValid('shib13') ) {
if ($idpentityid == null) {
--
GitLab