diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php index 3768893798dd2aa977772f7c482e4fdbae21bbae..0b4b07206d1955173bd132ba7f267daf603b751e 100644 --- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php @@ -66,17 +66,27 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { </html>'; } - public function sendResponse($response, $idpentityid, $spentityid, $relayState = null) { + public function sendResponse($response, $idpentityid, $spentityid, $relayState = null, $claimedacs = null) { $idpmd = $this->metadata->getMetaData($idpentityid, 'shib13-idp-hosted'); $spmd = $this->metadata->getMetaData($spentityid, 'shib13-sp-remote'); $destination = $spmd['AssertionConsumerService']; + + if (!isset($destination) or $destination == '') + throw new Exception('Could not find AssertionConsumerService for SP entity ID [' . $spentityid. ']. ' . + 'Claimed ACS is: ' . (isset($claimedacs) ? $claimedacs : 'N/A')); $privatekey = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['privatekey']; $publiccert = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['certificate']; - + + if (strstr($claimedacs, $destination) == 0) { + $destination = $claimedacs; + } else { + throw new Exception('Claimed ACS (shire) and ACS in SP Metadata do not match. [' . $claimedacs. '] [' . $destination . ']'); + } + /* * XMLDSig. Sign the complete request with the key stored in cert/server.pem diff --git a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php index 5265cf0cba942bcd949cc22e607e9503944b1768..a90526bb53ce42b99d2f010aff2f2d32eb648f78 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php @@ -23,6 +23,7 @@ class SimpleSAML_XML_Shib13_AuthnRequest { private $metadata = null; private $issuer = null; + private $shire = null; private $relayState = null; private $requestid = null; @@ -46,6 +47,14 @@ class SimpleSAML_XML_Shib13_AuthnRequest { return $this->relayState; } + public function setShire($shire) { + $this->shire = $shire; + } + + public function getShire() { + return $this->shire; + } + public function setIssuer($issuer) { $this->issuer = $issuer; } @@ -62,6 +71,8 @@ class SimpleSAML_XML_Shib13_AuthnRequest { $this->setIssuer($get['providerId']); $this->setRelayState($get['target']); + + $this->setShire($get['shire']); } diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php index d3b0986b8619e439b01ed68c46b826b40be11001..b7ccdd2b0ee3a90ed04b924b5b9268267a05c921 100644 --- a/www/shib13/idp/SSOService.php +++ b/www/shib13/idp/SSOService.php @@ -12,11 +12,6 @@ require_once('SimpleSAML/XML/Shib13/AuthnRequest.php'); require_once('SimpleSAML/XML/Shib13/AuthnResponse.php'); require_once('SimpleSAML/Bindings/Shib13/HTTPPost.php'); -//require_once('SimpleSAML/XML/SAML20/AuthnRequest.php'); -//require_once('SimpleSAML/XML/SAML20/AuthnResponse.php'); -//require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php'); -//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php'); - require_once('SimpleSAML/XHTML/Template.php'); @@ -149,8 +144,13 @@ if (!$session->isAuthenticated() ) { //echo 'Relaystate[' . $authnrequest->getRelayState() . ']'; + $issuer = $authnrequest->getIssuer(); + $shire = $authnrequest->getShire(); + if ($issuer == null || $issuer == '') + throw new Exception('Could not retrieve issuer of the AuthNRequest (ProviderID)'); + $httppost->sendResponse($authnResponseXML, - $idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState()); + $idpentityid, $issuer, $authnrequest->getRelayState(), $shire); } catch(Exception $exception) { diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php index 20daca2af066e263e275d6cbb8315304466a0d9f..0d71ddf587c372c6c7500ace2759794dd94ded53 100644 --- a/www/shib13/sp/AssertionConsumerService.php +++ b/www/shib13/sp/AssertionConsumerService.php @@ -30,10 +30,10 @@ try { $xml = $authnResponse->getXML(); /* - echo '<pre>'; - echo $xml; - echo '</pre>'; -*/ + echo '<pre>'; + echo $xml; + echo '</pre>'; + */ $authnResponse->validate(); $session = $authnResponse->createSession();