copying metadata files to shib13 from saml2.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@310 44740490-163a-0410-bde0-09ae8108e29a

copying metadata files to shib13 from saml2.
d294ce15 · Andreas Åkre Solberg · 8d6b7f1d · d294ce15 · d294ce15 · d294ce15
Commit d294ce15 authored 17 years ago by Andreas Åkre Solberg
--- a/templates/default/en/status.php
+++ b/templates/default/en/status.php
 <?php $this->includeAtTemplateBase('includes/header.php'); ?>

-	
 <div id="content">

 	<h2><?php if (isset($data['header'])) { echo $data['header']; } else { echo "Some error occured"; } ?></h2>

--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
+<?php
+
+require_once('../../_include.php');
+
+require_once('SimpleSAML/Utilities.php');
+require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
+require_once('SimpleSAML/XHTML/Template.php');
+
+require_once('xmlseclibs.php');
+
+/* Load simpleSAMLphp, configuration and metadata */
+$config = SimpleSAML_Configuration::getInstance();
+$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+$session = SimpleSAML_Session::getInstance(true);
+
+if (!$config->getValue('enable.saml20-idp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
+/* Check if valid local session exists.. */
+if (!isset($session) || !$session->isValid('login-admin') ) {
+	SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
+		array('RelayState' => SimpleSAML_Utilities::selfURL())
+	);
+}
+
+
+
+try {
+
+	$idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted');
+	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+	
+	$publiccert = $config->getBaseDir() . '/cert/' . $idpmeta['certificate'];
+
+	if (!file_exists($publiccert)) 
+		throw new Exception('Could not find certificate [' . $publiccert . '] to attach to the authentication resposne');
+	
+	$cert = file_get_contents($publiccert);
+	$data = XMLSecurityDSig::get509XCert($cert, true);
+	
+	
+	$metaflat = "
+	'" . htmlspecialchars($idpentityid) . "' =>  array(
+		'name'                 => 'Type in a name for this entity',
+		'description'          => 'and a proper description that would help users know when to select this IdP.',
+		'SingleSignOnService'  => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . "',
+		'SingleLogoutService'  => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . "',
+		'certFingerprint'      => '" . strtolower(sha1(base64_decode($data))) ."'
+	),
+";
+	
+	$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+	<EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ entityID="' . htmlspecialchars($idpentityid) . '">
+    <IDPSSODescriptor
+        WantAuthnRequestsSigned="false"
+        protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        
+                <KeyDescriptor use="signing">
+                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                          <ds:X509Data>
+                                <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
+                        </ds:X509Data>
+                  </ds:KeyInfo>
+                </KeyDescriptor>  
+        
+
+        
+        <!-- Logout endpoints -->
+        <SingleLogoutService
+            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+            Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
+            ResponseLocation="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
+            index="0" 
+            isDefault="true"
+            />
+
+        
+        <!-- Supported Name Identifier Formats -->
+        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+        
+        <!-- AuthenticationRequest Consumer endpoint -->
+        <SingleSignOnService
+            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+            Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . '"
+            index="0" 
+            isDefault="true"
+            />
+        
+    </IDPSSODescriptor>
+</EntityDescriptor>';
+	
+	
+	if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') {
+		header('Content-Type: application/xml');
+		
+		echo $metaxml;
+		exit(0);
+	}
+
+
+	$defaultidp = $config->getValue('default-saml20-idp');
+	
+	$et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+	
+
+	$et->data['header'] = 'SAML 2.0 IdP Metadata';
+	
+	$et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+	$et->data['metadata'] = htmlentities($metaxml);
+	$et->data['metadataflat'] = htmlentities($metaflat);
+	
+	$et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
+	$et->data['defaultidp'] = $defaultidp;
+	
+	$et->show();
+	
+} catch(Exception $exception) {
+	
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+
+}
+
+?>
\ No newline at end of file
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
+<?php
+
+require_once('../../_include.php');
+
+require_once('SimpleSAML/Utilities.php');
+require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
+require_once('SimpleSAML/XHTML/Template.php');
+
+/* Load simpleSAMLphp, configuration and metadata */
+$config = SimpleSAML_Configuration::getInstance();
+$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+$session = SimpleSAML_Session::getInstance(TRUE);
+
+
+if (!$config->getValue('enable.saml20-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
+/**
+ * Preconfigured to help out some federations. This makes it easier for users to report metadata
+ * to the administrators of the IdP.
+ */
+$send_metadata_to_idp = array(
+	'sam.feide.no'	=> array(
+		'name' 		=> 'Feide',
+		'address'	=> 'http://rnd.feide.no/content/sending-information-simplesamlphp'
+	),
+	'max.feide.no'	=> array(
+		'name' 		=> 'Feide',
+		'address'	=> 'http://rnd.feide.no/content/sending-information-simplesamlphp'
+	)
+);
+
+
+try {
+
+	$spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent();
+	$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
+	
+	/*
+	if (!$spmeta['assertionConsumerServiceURL']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: assertionConsumerServiceURL');
+	if (!$spmeta['SingleLogOutUrl']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: SingleLogOutUrl');
+	*/
+	
+	$metaflat = "
+	'" . htmlspecialchars($spentityid) . "' => array(
+ 		'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "',
+ 		'SingleLogoutService'      => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . "'
+	)
+";
+	
+	$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<SPSSODescriptor 
+		AuthnRequestsSigned="false" 
+		WantAssertionsSigned="false" 
+		protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+
+		<SingleLogoutService 
+			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
+			Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . '"/>
+		
+		<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+		
+		<AssertionConsumerService 
+			index="0" 
+			isDefault="true" 
+			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
+			Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . '" />
+
+	</SPSSODescriptor>
+
+</EntityDescriptor>';
+	
+	$defaultidp = $config->getValue('default-saml20-idp');
+	
+	$et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+	
+
+	$et->data['header'] = 'SAML 2.0 SP Metadata';
+	$et->data['metadata'] = htmlentities($metaxml);
+	$et->data['metadataflat'] = htmlentities($metaflat);
+	
+	if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
+		$et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
+		$et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
+	}
+
+	$et->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
+	$et->data['version'] = $config->getValue('version', 'na');
+	$et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
+	$et->data['defaultidp'] = $defaultidp;
+	
+	$et->show();
+	
+} catch(Exception $exception) {
+	
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+
+}
+
+?>
\ No newline at end of file