From d579e8591d78c53a6573c37ef10765a93ec4730f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no> Date: Fri, 2 Nov 2007 13:46:23 +0000 Subject: [PATCH] Adding support for handling the shire parameter, and do a prefix match on the AssertionConsumerURL parameter in the sp remote metadata. This request come from Ajay in RedIRIS. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@65 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/Bindings/Shib13/HTTPPost.php | 14 ++++++++++++-- lib/SimpleSAML/XML/Shib13/AuthnRequest.php | 11 +++++++++++ www/shib13/idp/SSOService.php | 12 ++++++------ www/shib13/sp/AssertionConsumerService.php | 8 ++++---- 4 files changed, 33 insertions(+), 12 deletions(-) diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php index 376889379..0b4b07206 100644 --- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php @@ -66,17 +66,27 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { </html>'; } - public function sendResponse($response, $idpentityid, $spentityid, $relayState = null) { + public function sendResponse($response, $idpentityid, $spentityid, $relayState = null, $claimedacs = null) { $idpmd = $this->metadata->getMetaData($idpentityid, 'shib13-idp-hosted'); $spmd = $this->metadata->getMetaData($spentityid, 'shib13-sp-remote'); $destination = $spmd['AssertionConsumerService']; + + if (!isset($destination) or $destination == '') + throw new Exception('Could not find AssertionConsumerService for SP entity ID [' . $spentityid. ']. ' . + 'Claimed ACS is: ' . (isset($claimedacs) ? $claimedacs : 'N/A')); $privatekey = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['privatekey']; $publiccert = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['certificate']; - + + if (strstr($claimedacs, $destination) == 0) { + $destination = $claimedacs; + } else { + throw new Exception('Claimed ACS (shire) and ACS in SP Metadata do not match. [' . $claimedacs. '] [' . $destination . ']'); + } + /* * XMLDSig. Sign the complete request with the key stored in cert/server.pem diff --git a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php index 5265cf0cb..a90526bb5 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php @@ -23,6 +23,7 @@ class SimpleSAML_XML_Shib13_AuthnRequest { private $metadata = null; private $issuer = null; + private $shire = null; private $relayState = null; private $requestid = null; @@ -46,6 +47,14 @@ class SimpleSAML_XML_Shib13_AuthnRequest { return $this->relayState; } + public function setShire($shire) { + $this->shire = $shire; + } + + public function getShire() { + return $this->shire; + } + public function setIssuer($issuer) { $this->issuer = $issuer; } @@ -62,6 +71,8 @@ class SimpleSAML_XML_Shib13_AuthnRequest { $this->setIssuer($get['providerId']); $this->setRelayState($get['target']); + + $this->setShire($get['shire']); } diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php index d3b0986b8..b7ccdd2b0 100644 --- a/www/shib13/idp/SSOService.php +++ b/www/shib13/idp/SSOService.php @@ -12,11 +12,6 @@ require_once('SimpleSAML/XML/Shib13/AuthnRequest.php'); require_once('SimpleSAML/XML/Shib13/AuthnResponse.php'); require_once('SimpleSAML/Bindings/Shib13/HTTPPost.php'); -//require_once('SimpleSAML/XML/SAML20/AuthnRequest.php'); -//require_once('SimpleSAML/XML/SAML20/AuthnResponse.php'); -//require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php'); -//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php'); - require_once('SimpleSAML/XHTML/Template.php'); @@ -149,8 +144,13 @@ if (!$session->isAuthenticated() ) { //echo 'Relaystate[' . $authnrequest->getRelayState() . ']'; + $issuer = $authnrequest->getIssuer(); + $shire = $authnrequest->getShire(); + if ($issuer == null || $issuer == '') + throw new Exception('Could not retrieve issuer of the AuthNRequest (ProviderID)'); + $httppost->sendResponse($authnResponseXML, - $idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState()); + $idpentityid, $issuer, $authnrequest->getRelayState(), $shire); } catch(Exception $exception) { diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php index 20daca2af..0d71ddf58 100644 --- a/www/shib13/sp/AssertionConsumerService.php +++ b/www/shib13/sp/AssertionConsumerService.php @@ -30,10 +30,10 @@ try { $xml = $authnResponse->getXML(); /* - echo '<pre>'; - echo $xml; - echo '</pre>'; -*/ + echo '<pre>'; + echo $xml; + echo '</pre>'; + */ $authnResponse->validate(); $session = $authnResponse->createSession(); -- GitLab