From d282957f069b4a3ac51b9796acc6304bcc525119 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no> Date: Wed, 24 Oct 2007 15:02:23 +0000 Subject: [PATCH] Added functionality to automatically generate SAML 2.0 IdP metadata git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@52 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/XHTML/Template.php | 2 + lib/xmlseclibs.php | 2 +- templates/default/en/metadata.php | 6 +- www/index.html | 1 + www/saml2/idp/metadata.php | 107 ++++++++++++++++++++++++++++++ 5 files changed, 116 insertions(+), 2 deletions(-) create mode 100644 www/saml2/idp/metadata.php diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php index cc8dce1e2..37c93f109 100644 --- a/lib/SimpleSAML/XHTML/Template.php +++ b/lib/SimpleSAML/XHTML/Template.php @@ -68,11 +68,13 @@ class SimpleSAML_XHTML_Template { private function includeAtTemplateBase($file) { + $data = $this->data; $filebase = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir'); include($filebase . $file); } private function includeAtLanguageBase($file) { + $data = $this->data; $filebase = $this->configuration->getValue('basedir') . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' ; include($filebase . $file); } diff --git a/lib/xmlseclibs.php b/lib/xmlseclibs.php index 18807ca2e..e78e2ea96 100644 --- a/lib/xmlseclibs.php +++ b/lib/xmlseclibs.php @@ -1076,7 +1076,7 @@ class XMLSecurityDSig { if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) { break; } - $data .= trim($curData); + $data .= trim($curData) . "\n"; } } } else { diff --git a/templates/default/en/metadata.php b/templates/default/en/metadata.php index e30c29123..3dd5a8e2c 100644 --- a/templates/default/en/metadata.php +++ b/templates/default/en/metadata.php @@ -1,7 +1,7 @@ <?php $this->includeAtTemplateBase('includes/header.php'); ?> <div id="header"> - <h1>simpleSAMLphp status page</h1> + <h1>simpleSAMLphp Metadata</h1> <div id="poweredby"><img src="/<?php echo $data['baseurlpath']; ?>resources/icons/bino.png" alt="Bino" /></div> </div> @@ -11,6 +11,10 @@ <p>Here is SAML 2.0 metadata that simpleSAMLphp has generated for you. You may send this SAML 2.0 Metadata document to trusted partners to setup a trusted federation.</p> + <?php if (isset($data['metaurl'])) { ?> + <p>You can <a href="<?php echo $data['metaurl']; ?>">get the metadata xml on a dedicated URL</a>:<br /> + <input type="text" style="width: 90%" value="<?php echo $data['metaurl']; ?>" /></p> + <?php } ?> <h2>Metadata</h2> <pre style="overflow: scroll; border: 1px solid #eee; padding: 2px"><?php echo $data['metadata']; ?></pre> diff --git a/www/index.html b/www/index.html index 5625c1895..c70562b4c 100644 --- a/www/index.html +++ b/www/index.html @@ -62,6 +62,7 @@ h6 {font-size: 96%} <p>After you have configured it properly as described in the documentation you may want to test one of the two examples: <ul> <li><a href="saml2/sp/metadata.php">Look at your SAML 2.0 SP metadata</a> - you can send this metadata document to your IdP.</a></li> + <li><a href="saml2/idp/metadata.php">Look at your SAML 2.0 IdP metadata</a></a></li> <li><a href="example-simple/saml2-example.php">SAML 2.0 SP example</a></li> <li><a href="example-simple/shib13-example.php">Shibboleth 1.3 SP example</a></li> </ul> diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php new file mode 100644 index 000000000..ed21a2912 --- /dev/null +++ b/www/saml2/idp/metadata.php @@ -0,0 +1,107 @@ +<?php + +require_once('../../_include.php'); + +require_once('SimpleSAML/Utilities.php'); +require_once('SimpleSAML/Session.php'); +require_once('SimpleSAML/XML/MetaDataStore.php'); +require_once('SimpleSAML/XHTML/Template.php'); + +session_start(); + +/* Load simpleSAMLphp, configuration and metadata */ +$config = SimpleSAML_Configuration::getInstance(); +$metadata = new SimpleSAML_XML_MetaDataStore($config); +$session = SimpleSAML_Session::getInstance(); + +try { + + $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted'); + $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); + + $publiccert = $config->getValue('basedir') . '/cert/' . $idpmeta['certificate']; + + if (!file_exists($publiccert)) + throw new Exception('Could not find certificate [' . $publiccert . '] to attach to the authentication resposne'); + + $cert = file_get_contents($publiccert); + $data = XMLSecurityDSig::get509XCert($cert, true); + + + + + $metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?> + <EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + entityID="' . $idpentityid . '"> + <IDPSSODescriptor + WantAuthnRequestsSigned="false" + protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>' . $data . '</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + + + + <!-- Logout endpoints --> + <SingleLogoutService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="' . $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted') . '" + ResponseLocation="' . $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted') . '" + index="0" + isDefault="true" + /> + + + <!-- Supported Name Identifier Formats --> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + + <!-- AuthenticationRequest Consumer endpoint --> + <SingleSignOnService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="' . $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted') . '" + index="0" + isDefault="true" + /> + + </IDPSSODescriptor> +</EntityDescriptor>'; + + + if ($_GET['output'] == 'xml') { + header('Content-type: application/xml'); + + echo $metaxml; + exit(0); + } + + + $defaultidp = $config->getValue('default-saml20-idp'); + + $et = new SimpleSAML_XHTML_Template($config, 'metadata.php'); + + + $et->data['header'] = 'SAML 2.0 IdP Metadata'; + $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml'); + $et->data['metadata'] = htmlentities($metaxml); + $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no')); + $et->data['defaultidp'] = $defaultidp; + + $et->show(); + +} catch(Exception $exception) { + + $et = new SimpleSAML_XHTML_Template($config, 'error.php'); + + $et->data['message'] = 'Some error occured when trying to generate metadata.'; + $et->data['e'] = $exception; + + $et->show(); + +} + +?> \ No newline at end of file -- GitLab