Skip to content
Snippets Groups Projects
Commit d579e859 authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Adding support for handling the shire parameter, and do a prefix match on the...

Adding support for handling the shire parameter, and do a prefix match on the AssertionConsumerURL parameter in the sp remote metadata. This request come from Ajay in RedIRIS.



git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@65 44740490-163a-0410-bde0-09ae8108e29a
parent 5b8c14f1
No related branches found
No related tags found
No related merge requests found
...@@ -66,17 +66,27 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -66,17 +66,27 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
</html>'; </html>';
} }
public function sendResponse($response, $idpentityid, $spentityid, $relayState = null) { public function sendResponse($response, $idpentityid, $spentityid, $relayState = null, $claimedacs = null) {
$idpmd = $this->metadata->getMetaData($idpentityid, 'shib13-idp-hosted'); $idpmd = $this->metadata->getMetaData($idpentityid, 'shib13-idp-hosted');
$spmd = $this->metadata->getMetaData($spentityid, 'shib13-sp-remote'); $spmd = $this->metadata->getMetaData($spentityid, 'shib13-sp-remote');
$destination = $spmd['AssertionConsumerService']; $destination = $spmd['AssertionConsumerService'];
if (!isset($destination) or $destination == '')
throw new Exception('Could not find AssertionConsumerService for SP entity ID [' . $spentityid. ']. ' .
'Claimed ACS is: ' . (isset($claimedacs) ? $claimedacs : 'N/A'));
$privatekey = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['privatekey']; $privatekey = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['privatekey'];
$publiccert = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['certificate']; $publiccert = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['certificate'];
if (strstr($claimedacs, $destination) == 0) {
$destination = $claimedacs;
} else {
throw new Exception('Claimed ACS (shire) and ACS in SP Metadata do not match. [' . $claimedacs. '] [' . $destination . ']');
}
/* /*
* XMLDSig. Sign the complete request with the key stored in cert/server.pem * XMLDSig. Sign the complete request with the key stored in cert/server.pem
......
...@@ -23,6 +23,7 @@ class SimpleSAML_XML_Shib13_AuthnRequest { ...@@ -23,6 +23,7 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
private $metadata = null; private $metadata = null;
private $issuer = null; private $issuer = null;
private $shire = null;
private $relayState = null; private $relayState = null;
private $requestid = null; private $requestid = null;
...@@ -46,6 +47,14 @@ class SimpleSAML_XML_Shib13_AuthnRequest { ...@@ -46,6 +47,14 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
return $this->relayState; return $this->relayState;
} }
public function setShire($shire) {
$this->shire = $shire;
}
public function getShire() {
return $this->shire;
}
public function setIssuer($issuer) { public function setIssuer($issuer) {
$this->issuer = $issuer; $this->issuer = $issuer;
} }
...@@ -62,6 +71,8 @@ class SimpleSAML_XML_Shib13_AuthnRequest { ...@@ -62,6 +71,8 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
$this->setIssuer($get['providerId']); $this->setIssuer($get['providerId']);
$this->setRelayState($get['target']); $this->setRelayState($get['target']);
$this->setShire($get['shire']);
} }
......
...@@ -12,11 +12,6 @@ require_once('SimpleSAML/XML/Shib13/AuthnRequest.php'); ...@@ -12,11 +12,6 @@ require_once('SimpleSAML/XML/Shib13/AuthnRequest.php');
require_once('SimpleSAML/XML/Shib13/AuthnResponse.php'); require_once('SimpleSAML/XML/Shib13/AuthnResponse.php');
require_once('SimpleSAML/Bindings/Shib13/HTTPPost.php'); require_once('SimpleSAML/Bindings/Shib13/HTTPPost.php');
//require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
//require_once('SimpleSAML/XML/SAML20/AuthnResponse.php');
//require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
require_once('SimpleSAML/XHTML/Template.php'); require_once('SimpleSAML/XHTML/Template.php');
...@@ -149,8 +144,13 @@ if (!$session->isAuthenticated() ) { ...@@ -149,8 +144,13 @@ if (!$session->isAuthenticated() ) {
//echo 'Relaystate[' . $authnrequest->getRelayState() . ']'; //echo 'Relaystate[' . $authnrequest->getRelayState() . ']';
$issuer = $authnrequest->getIssuer();
$shire = $authnrequest->getShire();
if ($issuer == null || $issuer == '')
throw new Exception('Could not retrieve issuer of the AuthNRequest (ProviderID)');
$httppost->sendResponse($authnResponseXML, $httppost->sendResponse($authnResponseXML,
$idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState()); $idpentityid, $issuer, $authnrequest->getRelayState(), $shire);
} catch(Exception $exception) { } catch(Exception $exception) {
......
...@@ -30,10 +30,10 @@ try { ...@@ -30,10 +30,10 @@ try {
$xml = $authnResponse->getXML(); $xml = $authnResponse->getXML();
/* /*
echo '<pre>'; echo '<pre>';
echo $xml; echo $xml;
echo '</pre>'; echo '</pre>';
*/ */
$authnResponse->validate(); $authnResponse->validate();
$session = $authnResponse->createSession(); $session = $authnResponse->createSession();
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment