Added functionality to automatically generate SAML 2.0 IdP metadata

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@52 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/XHTML/Template.php

@@ -68,11 +68,13 @@ class SimpleSAML_XHTML_Template {
 
 	
 	private function includeAtTemplateBase($file) {
+		$data = $this->data;
 		$filebase = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir');
 		include($filebase . $file);
 	}
 
 	private function includeAtLanguageBase($file) {
+		$data = $this->data;
 		$filebase = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' ;
 		include($filebase . $file);
 	}

lib/xmlseclibs.php

@@ -1076,7 +1076,7 @@ class XMLSecurityDSig {
 					if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) {
 						break;
 					}
-					$data .= trim($curData);
+					$data .= trim($curData) . "\n";
 				}
 			}
 		} else {

templates/default/en/metadata.php

 <?php $this->includeAtTemplateBase('includes/header.php'); ?>
 
 	<div id="header">
-		<h1>simpleSAMLphp status page</h1>
+		<h1>simpleSAMLphp Metadata</h1>
 		<div id="poweredby"><img src="/<?php echo $data['baseurlpath']; ?>resources/icons/bino.png" alt="Bino" /></div>
 	</div>
 	
@@ -11,6 +11,10 @@
 		
 		<p>Here is SAML 2.0 metadata that simpleSAMLphp has generated for you. You may send this SAML 2.0 Metadata document to trusted partners to setup a trusted federation.</p>
 		
+		<?php if (isset($data['metaurl'])) { ?>
+			<p>You can <a href="<?php echo $data['metaurl']; ?>">get the metadata xml on a dedicated URL</a>:<br />
+			<input type="text" style="width: 90%" value="<?php echo $data['metaurl']; ?>" /></p>
+		<?php } ?>
 		<h2>Metadata</h2>
 		
 		<pre style="overflow: scroll; border: 1px solid #eee; padding: 2px"><?php echo $data['metadata']; ?></pre>

www/index.html

@@ -62,6 +62,7 @@ h6 {font-size: 96%}
 		<p>After you have configured it properly as described in the documentation you may want to test one of the two examples:
 			<ul>
 				<li><a href="saml2/sp/metadata.php">Look at your SAML 2.0 SP metadata</a> - you can send this metadata document to your IdP.</a></li>
+				<li><a href="saml2/idp/metadata.php">Look at your SAML 2.0 IdP metadata</a></a></li>
 				<li><a href="example-simple/saml2-example.php">SAML 2.0 SP example</a></li>
 				<li><a href="example-simple/shib13-example.php">Shibboleth 1.3 SP example</a></li>
 			</ul>

www/saml2/idp/metadata.php

+<?php
+
+require_once('../../_include.php');
+
+require_once('SimpleSAML/Utilities.php');
+require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/XML/MetaDataStore.php');
+require_once('SimpleSAML/XHTML/Template.php');
+
+session_start();
+
+/* Load simpleSAMLphp, configuration and metadata */
+$config = SimpleSAML_Configuration::getInstance();
+$metadata = new SimpleSAML_XML_MetaDataStore($config);
+$session = SimpleSAML_Session::getInstance();
+
+try {
+
+	$idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted');
+	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+	
+	$publiccert = $config->getValue('basedir') . '/cert/' . $idpmeta['certificate'];
+
+	if (!file_exists($publiccert)) 
+		throw new Exception('Could not find certificate [' . $publiccert . '] to attach to the authentication resposne');
+	
+	$cert = file_get_contents($publiccert);
+	$data = XMLSecurityDSig::get509XCert($cert, true);
+	
+	
+	
+	
+	$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+	<EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ entityID="' . $idpentityid . '">
+    <IDPSSODescriptor
+        WantAuthnRequestsSigned="false"
+        protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        
+                <KeyDescriptor use="signing">
+                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                          <ds:X509Data>
+                                <ds:X509Certificate>' . $data . '</ds:X509Certificate>
+                        </ds:X509Data>
+                  </ds:KeyInfo>
+                </KeyDescriptor>  
+        
+
+        
+        <!-- Logout endpoints -->
+        <SingleLogoutService
+            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+            Location="' . $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted') . '"
+            ResponseLocation="' . $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted') . '" 
+            index="0" 
+            isDefault="true"
+            />
+
+        
+        <!-- Supported Name Identifier Formats -->
+        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+        
+        <!-- AuthenticationRequest Consumer endpoint -->
+        <SingleSignOnService
+            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+            Location="' . $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted') . '" 
+            index="0" 
+            isDefault="true"
+            />
+        
+    </IDPSSODescriptor>
+</EntityDescriptor>';
+	
+	
+	if ($_GET['output'] == 'xml') {
+		header('Content-type: application/xml');
+		
+		echo $metaxml;
+		exit(0);
+	}
+
+
+	$defaultidp = $config->getValue('default-saml20-idp');
+	
+	$et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+	
+
+	$et->data['header'] = 'SAML 2.0 IdP Metadata';
+	$et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+	$et->data['metadata'] = htmlentities($metaxml);
+	$et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
+	$et->data['defaultidp'] = $defaultidp;
+	
+	$et->show();
+	
+} catch(Exception $exception) {
+	
+	$et = new SimpleSAML_XHTML_Template($config, 'error.php');
+
+	$et->data['message'] = 'Some error occured when trying to generate metadata.';	
+	$et->data['e'] = $exception;
+	
+	$et->show();
+
+}
+
+?>
\ No newline at end of file