Adding support for handling the shire parameter, and do a prefix match on the...

Adding support for handling the shire parameter, and do a prefix match on the AssertionConsumerURL parameter in the sp remote metadata. This request come from Ajay in RedIRIS.



git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@65 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/Bindings/Shib13/HTTPPost.php

@@ -66,17 +66,27 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		</html>';
 	}
 	
-	public function sendResponse($response, $idpentityid, $spentityid, $relayState = null) {
+	public function sendResponse($response, $idpentityid, $spentityid, $relayState = null, $claimedacs = null) {
 
 		$idpmd = $this->metadata->getMetaData($idpentityid, 'shib13-idp-hosted');
 		$spmd = $this->metadata->getMetaData($spentityid, 'shib13-sp-remote');
 		
 		$destination = $spmd['AssertionConsumerService'];
+		
+		if (!isset($destination) or $destination == '') 
+			throw new Exception('Could not find AssertionConsumerService for SP entity ID [' . $spentityid. ']. ' . 
+				'Claimed ACS is: ' . (isset($claimedacs) ? $claimedacs : 'N/A'));
 	
 		$privatekey = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['privatekey'];
 		$publiccert = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['certificate'];
 
-
+		
+		if (strstr($claimedacs, $destination) == 0) {
+			$destination = $claimedacs;
+		} else {
+			throw new Exception('Claimed ACS (shire) and ACS in SP Metadata do not match. [' . $claimedacs. '] [' . $destination . ']');
+		}
+		
 		
 		/*
 		 * XMLDSig. Sign the complete request with the key stored in cert/server.pem

lib/SimpleSAML/XML/Shib13/AuthnRequest.php

@@ -23,6 +23,7 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
 	private $metadata = null;
 	
 	private $issuer = null;
+	private $shire = null;
 	private $relayState = null;
 	
 	private $requestid = null;
@@ -46,6 +47,14 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
 		return $this->relayState;
 	}
 	
+	public function setShire($shire) {
+		$this->shire = $shire;
+	}
+	
+	public function getShire() {
+		return $this->shire;
+	}
+	
 	public function setIssuer($issuer) {
 		$this->issuer = $issuer;
 	}
@@ -62,6 +71,8 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
 
 		$this->setIssuer($get['providerId']);
 		$this->setRelayState($get['target']);
+		
+		$this->setShire($get['shire']);
 
 	}
 	

www/shib13/idp/SSOService.php

@@ -12,11 +12,6 @@ require_once('SimpleSAML/XML/Shib13/AuthnRequest.php');
 require_once('SimpleSAML/XML/Shib13/AuthnResponse.php');
 require_once('SimpleSAML/Bindings/Shib13/HTTPPost.php');
 
-//require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
-//require_once('SimpleSAML/XML/SAML20/AuthnResponse.php');
-//require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
-//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
-
 require_once('SimpleSAML/XHTML/Template.php');
 
 
@@ -149,8 +144,13 @@ if (!$session->isAuthenticated() ) {
 		
 		//echo 'Relaystate[' . $authnrequest->getRelayState() . ']';
 		
+		$issuer = $authnrequest->getIssuer();
+		$shire = $authnrequest->getShire();
+		if ($issuer == null || $issuer == '')
+			throw new Exception('Could not retrieve issuer of the AuthNRequest (ProviderID)');
+		
 		$httppost->sendResponse($authnResponseXML, 
-			$idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState());
+			$idpentityid, $issuer, $authnrequest->getRelayState(), $shire);
 			
 	} catch(Exception $exception) {
 		

www/shib13/sp/AssertionConsumerService.php

@@ -30,10 +30,10 @@ try {
 
 	$xml = $authnResponse->getXML();
 	/*
-	echo '<pre>';
-	echo $xml;
-	echo '</pre>';
-*/
+		echo '<pre>';
+		echo $xml;
+		echo '</pre>';
+	*/
 
 	$authnResponse->validate();
 	$session = $authnResponse->createSession();