diff --git a/templates/default/en/frontpage.php b/templates/default/en/frontpage.php
index bc2ff455f0f07b67985086985fc75c55d54ecbbd..909e4cfe1c439d2939654de4135ab64c96566328 100644
--- a/templates/default/en/frontpage.php
+++ b/templates/default/en/frontpage.php
@@ -5,9 +5,34 @@
<div id="content">
- <h2>Welcome to simpleSAMlphp</h2>
+<div class="enablebox">
+<table>
+
+<?php
+
+$icon_enabled = '<img src="/' . $data['baseurlpath'] . 'resources/icons/accept.png" alt="enabled" />';
+$icon_disabled = '<img src="/' . $data['baseurlpath'] . 'resources/icons/delete.png" alt="disabled" />';
+?>
+
+<tr class="<?php echo $this->data['enablematrix']['saml20-sp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 SP</td>
+ <td><?php echo $this->data['enablematrix']['saml20-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+<tr class="<?php echo $this->data['enablematrix']['saml20-idp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 IdP</td>
+ <td><?php echo $this->data['enablematrix']['saml20-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+<tr class="<?php echo $this->data['enablematrix']['shib13-sp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 SP</td>
+ <td><?php echo $this->data['enablematrix']['shib13-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+<tr class="<?php echo $this->data['enablematrix']['shib13-idp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 IdP</td>
+ <td><?php echo $this->data['enablematrix']['shib13-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+</table>
+</div>
+
+
+ <p><strong>Congratulations</strong>, you have successfully installed simpleSAMLphp. This is the start page of your installation, where you will find links to test examples, diagnostics, metadata and even links to relevant documentation.</p>
- <p>You have installed simpleSAMLphp on this web host. Here are some relevant links for your installation:
+ <h2>Useful links for your installation</h2>
<ul>
<?php
@@ -17,23 +42,42 @@
?>
</ul>
</p>
- <?php
- foreach($this->data['warnings'] AS $warning) {
-
-
- echo '<div class="caution">' . $warning . '</div>';
-
+ <h2>Metadata</h2>
+ <ul>
+ <?php
+ foreach ($this->data['links_meta'] AS $link) {
+ echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>';
+ }
+ ?>
+ </ul>
+ </p>
+
+ <h2>Documentation</h2>
+ <ul>
+ <?php
- }
+ foreach ($this->data['links_doc'] AS $link) {
+ echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>';
+ }
+ ?>
+ </ul>
+ </p>
- ?>
-
+ <?php
+ if (array_key_exists('warnings', $this->data) && is_array($this->data['warnings']) && !empty($this->data['warnings'])) {
+ echo '<h2>Warnings</h2>';
+
+ foreach($this->data['warnings'] AS $warning) {
+ echo '<div class="caution">' . $warning . '</div>';
+ }
+ }
+ ?>
+
- <h2>About simpleSAMLphp</h2>
- <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
- You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
+ <h2>About simpleSAMLphp</h2>
+ <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it? You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
\ No newline at end of file
diff --git a/templates/default/en/metadata.php b/templates/default/en/metadata.php
index 704e1799da333f3cc0182beec2b0dbb8a9dac3ab..57d48db4c85a1b1b946593ed772b502559a43376 100644
--- a/templates/default/en/metadata.php
+++ b/templates/default/en/metadata.php
@@ -31,15 +31,15 @@
<h2>Send your metadata to <?php echo $this->data['federationname']; ?></h2>
- <p>simpleSAMLphp has detected that you have configured Feide as your default IdP.</p>
+ <p>simpleSAMLphp has detected that you have configured <?php echo $this->data['federationname']; ?> as your default IdP.</p>
- <p>Before you can connect to Feide, Feide needs to add your service in its trust configuration. When you
- contact Feide to add you as a new service, you will be asked to send your metadata. Here you can easily send
- the metadata to Feide by clicking the button below.</p>
+ <p>Before you can connect to <?php echo $this->data['federationname']; ?>, <?php echo $this->data['federationname']; ?> needs to add your service in its trust configuration. When you
+ contact <?php echo $this->data['federationname']; ?> to add you as a new service, you will be asked to send your metadata. Here you can easily send
+ the metadata to <?php echo $this->data['federationname']; ?> by clicking the button below.</p>
<form action="<?php echo $this->data['sendmetadatato']; ?>" method="post">
- <p>Feide needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
+ <p><?php echo $this->data['federationname']; ?> needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
<input type="text" size="25" name="email" value="" />
</p>
diff --git a/www/index.php b/www/index.php
index 9f756764eabf47f043839c63b07faa3566fd02a2..17697b1b9f4b364cd099b96014feb8345f45b765 100644
--- a/www/index.php
+++ b/www/index.php
@@ -21,43 +21,26 @@ if ($config->getValue('admin.protectindexpage', false)) {
}
}
-
$warnings = array();
if (SimpleSAML_Utilities::getSelfProtocol() != 'https') {
- $warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS.';
+ $warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS. [ <a href="http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration">read more about simpleSAMLphp maintenance</a> ]';
}
-
-
$links = array();
-$links[] = array(
- 'href' => 'admin/metadata.php',
- 'text' => 'Meta data overview for your installation. Diagnose your meta data files.');
-
-if ($config->getValue('enable.saml20-sp') === true)
- $links[] = array(
- 'href' => 'saml2/sp/metadata.php',
- 'text' => 'SAML 2.0 Service Provider Metadata (automatically generated)');
if ($config->getValue('enable.saml20-sp') === true)
$links[] = array(
'href' => 'example-simple/saml2-example.php',
'text' => 'SAML 2.0 SP example - test logging in through your IdP');
-if ($config->getValue('enable.saml20-idp') === true)
- $links[] = array(
- 'href' => 'saml2/idp/metadata.php',
- 'text' => 'SAML 2.0 Identity Provider Metadata (automatically generated)');
-
if ($config->getValue('enable.shib13-sp') === true)
$links[] = array(
'href' => 'example-simple/shib13-example.php',
'text' => 'Shibboleth 1.3 SP example - test logging in through your Shib IdP');
-
if ($config->getValue('enable.openid-provider') === true)
$links[] = array(
'href' => 'openid/provider/server.php',
@@ -67,11 +50,79 @@ $links[] = array(
'href' => 'example-simple/hostnames.php',
'text' => 'Diagnostics on hostname, port and protocol');
+
+
+$linksmeta = array();
+
+$linksmeta[] = array(
+ 'href' => 'admin/metadata.php',
+ 'text' => 'Meta data overview for your installation. Diagnose your meta data files.');
+
+if ($config->getValue('enable.saml20-sp') === true)
+ $linksmeta[] = array(
+ 'href' => 'saml2/sp/metadata.php',
+ 'text' => 'Hosted SAML 2.0 Service Provider Metadata (automatically generated)');
+
+if ($config->getValue('enable.saml20-idp') === true)
+ $linksmeta[] = array(
+ 'href' => 'saml2/idp/metadata.php',
+ 'text' => 'Hosted SAML 2.0 Identity Provider Metadata (automatically generated)');
+
+
+
+$linksdoc = array();
+
+$linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/installing-simplesamlphp',
+ 'text' => 'Installing simpleSAMLphp');
+
+if ($config->getValue('enable.saml20-sp', false ) || $config->getValue('enable.shib13-sp', false))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/using-simplesamlphp-service-provider',
+ 'text' => 'Using simpleSAMLphp as a Service Provider');
+
+if ($config->getValue('enable.saml20-idp', false ) || $config->getValue('enable.shib13-idp', false))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/using-simplesamlphp-identity-provider',
+ 'text' => 'Using simpleSAMLphp as an Identity Provider');
+
+if ($config->getValue('enable.shib13-idp', false))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/configure-shibboleth-13-sp-work-simplesamlphp-idp',
+ 'text' => 'Configure Shibboleth 1.3 SP to work with simpleSAMLphp IdP');
+
+if ($config->getValue('enable.saml20-idp', false ))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/simplesamlphp-idp-google-apps-education',
+ 'text' => 'simpleSAMLphp as an IdP for Google Apps for Education');
+
+$linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/simplesamlphp-advanced-features',
+ 'text' => 'simpleSAMLphp Advanced Features
+');
+
+
+
+$linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration',
+ 'text' => 'simpleSAMLphp Maintenance and Configuration');
+
+$enablematrix = array(
+ 'saml20-sp' => $config->getValue('enable.saml20-sp', false),
+ 'saml20-idp' => $config->getValue('enable.saml20-idp', false),
+ 'shib13-sp' => $config->getValue('enable.shib13-sp', false),
+ 'shib13-idp' => $config->getValue('enable.shib13-idp', false),
+);
+
+
$t = new SimpleSAML_XHTML_Template($config, 'frontpage.php');
$t->data['header'] = 'simpleSAMLphp installation page';
$t->data['icon'] = 'compass_l.png';
$t->data['warnings'] = $warnings;
$t->data['links'] = $links;
+$t->data['links_meta'] = $linksmeta;
+$t->data['links_doc'] = $linksdoc;
+$t->data['enablematrix'] = $enablematrix;
$t->show();
diff --git a/www/resources/default.css b/www/resources/default.css
index 5d1eb053509e972e5907a5e41fffb2a441351b0c..5b712f5576d3c241f6d7cd1b9c68ddfcf44d0d35 100644
--- a/www/resources/default.css
+++ b/www/resources/default.css
@@ -217,4 +217,21 @@ div.caution {
th.rowtitle {
text-align: left;
}
-
+.enablebox table {
+ border: 1px solid #eee;
+ float: right;
+ margin-left: 1em;
+}
+.enablebox tr td {
+ padding: .5px 1em 1px .5em;
+ margin: 0px;
+}
+.enablebox {
+ font-size: 85%;
+}
+.enablebox tr.enabled td {
+ background: #eee;
+}
+.enablebox tr.disabled td {
+ background: #ccc;
+}
\ No newline at end of file
diff --git a/www/resources/icons/accept.png b/www/resources/icons/accept.png
new file mode 100755
index 0000000000000000000000000000000000000000..89c8129a490b329f3165f32fa0781701aab417ea
Binary files /dev/null and b/www/resources/icons/accept.png differ
diff --git a/www/resources/icons/delete.png b/www/resources/icons/delete.png
new file mode 100755
index 0000000000000000000000000000000000000000..08f249365afd29594b51210c6e21ba253897505d
Binary files /dev/null and b/www/resources/icons/delete.png differ
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 56092530508914f61dc6c372e695f7824543c692..0055f956d1d9e5767fa3ddf7346f814df3c1f42c 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -58,13 +58,13 @@ try {
WantAuthnRequestsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <KeyDescriptor use="signing">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data>
- <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
@@ -103,19 +103,15 @@ try {
$defaultidp = $config->getValue('default-saml20-idp');
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 IdP Metadata';
-
- $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
-
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
-
- $et->show();
+ $t->data['header'] = 'SAML 2.0 IdP Metadata';
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+ $t->data['metadata'] = htmlentities($metaxml);
+ $t->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['defaultidp'] = $defaultidp;
+ $t->show();
} catch(Exception $exception) {
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index 30f27dea557049490b7be29ab3a39bc3b00b91a7..7ebe40ba150e6d276a48f6140e1e19af242fc2f6 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -73,27 +73,34 @@ try {
</SPSSODescriptor>
</EntityDescriptor>';
+
+ if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') {
+ header('Content-Type: application/xml');
+
+ echo $metaxml;
+ exit(0);
+ }
- $defaultidp = $config->getValue('default-saml20-idp');
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $defaultidp = $config->getValue('default-saml20-idp');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 SP Metadata';
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['header'] = 'SAML 2.0 SP Metadata';
+ $t->data['metadata'] = htmlentities($metaxml);
+ $t->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
- $et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
- $et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
+ $t->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
+ $t->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
}
- $et->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
- $et->data['version'] = $config->getValue('version', 'na');
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
+ $t->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
+ $t->data['version'] = $config->getValue('version', 'na');
+ $t->data['defaultidp'] = $defaultidp;
- $et->show();
+ $t->show();
} catch(Exception $exception) {
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index 56092530508914f61dc6c372e695f7824543c692..84e0672e679736e16bb78dba2feead518872da46 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -14,7 +14,7 @@ $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(true);
-if (!$config->getValue('enable.saml20-idp', false))
+if (!$config->getValue('enable.shib13-idp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
@@ -29,8 +29,8 @@ if (!isset($session) || !$session->isValid('login-admin') ) {
try {
- $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted');
- $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+ $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('shib13-idp-hosted');
+ $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
$publiccert = $config->getBaseDir() . '/cert/' . $idpmeta['certificate'];
@@ -45,51 +45,36 @@ try {
'" . htmlspecialchars($idpentityid) . "' => array(
'name' => 'Type in a name for this entity',
'description' => 'and a proper description that would help users know when to select this IdP.',
- 'SingleSignOnService' => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . "',
- 'SingleLogoutService' => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . "',
+ 'SingleSignOnService' => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . "',
'certFingerprint' => '" . strtolower(sha1(base64_decode($data))) ."'
),
";
$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
- entityID="' . htmlspecialchars($idpentityid) . '">
- <IDPSSODescriptor
- WantAuthnRequestsSigned="false"
- protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-
- <KeyDescriptor use="signing">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data>
- <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
-
-
-
- <!-- Logout endpoints -->
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
- ResponseLocation="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
- index="0"
- isDefault="true"
- />
-
-
- <!-- Supported Name Identifier Formats -->
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
-
- <!-- AuthenticationRequest Consumer endpoint -->
- <SingleSignOnService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . '"
- index="0"
- isDefault="true"
- />
-
- </IDPSSODescriptor>
+<EntityDescriptor entityID="' . htmlspecialchars($idpentityid) . '">
+
+ <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+
+ <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+ Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . '"/>
+
+ </IDPSSODescriptor>
+
+ <ContactPerson contactType="technical">
+ <SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName>
+ <EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress>
+ </ContactPerson>
+
</EntityDescriptor>';
@@ -101,21 +86,19 @@ try {
}
- $defaultidp = $config->getValue('default-saml20-idp');
-
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $defaultidp = $config->getValue('default-shib13-idp');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 IdP Metadata';
+ $t->data['header'] = 'Shib 1.3 IdP Metadata';
- $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
-
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+ $t->data['metadata'] = htmlspecialchars($metaxml);
+ $t->data['metadataflat'] = htmlspecialchars($metaflat);
+
+ $t->data['defaultidp'] = $defaultidp;
- $et->show();
+ $t->show();
} catch(Exception $exception) {
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index 30f27dea557049490b7be29ab3a39bc3b00b91a7..e7a71c472969222c288c9aad02b1c4a701c7910a 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -13,87 +13,69 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(TRUE);
-if (!$config->getValue('enable.saml20-sp', false))
+if (!$config->getValue('enable.shib13-sp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
-/**
- * Preconfigured to help out some federations. This makes it easier for users to report metadata
- * to the administrators of the IdP.
- */
-$send_metadata_to_idp = array(
- 'sam.feide.no' => array(
- 'name' => 'Feide',
- 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
- ),
- 'max.feide.no' => array(
- 'name' => 'Feide',
- 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
- )
-);
-
try {
- $spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent();
- $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-
- /*
- if (!$spmeta['assertionConsumerServiceURL']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: assertionConsumerServiceURL');
- if (!$spmeta['SingleLogOutUrl']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: SingleLogOutUrl');
- */
+ $spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent('shib13-sp-hosted');
+ $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted');
+
$metaflat = "
'" . htmlspecialchars($spentityid) . "' => array(
- 'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "',
- 'SingleLogoutService' => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . "'
+ 'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "'
)
";
$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '">
+ <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
- <SPSSODescriptor
- AuthnRequestsSigned="false"
- WantAssertionsSigned="false"
- protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . '"/>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted')) . '" index="1" isDefault="true" />
- <AssertionConsumerService
- index="0"
- isDefault="true"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . '" />
-
</SPSSODescriptor>
-
+
+ <ContactPerson contactType="technical">
+ <SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName>
+ <EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress>
+ </ContactPerson>
+
</EntityDescriptor>';
+
+ if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') {
+ header('Content-Type: application/xml');
+
+ echo $metaxml;
+ exit(0);
+ }
- $defaultidp = $config->getValue('default-saml20-idp');
+ $defaultidp = $config->getValue('default-shib13-idp');
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 SP Metadata';
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['header'] = 'Shib 1.3 SP Metadata';
+ $t->data['metadata'] = htmlspecialchars($metaxml);
+ $t->data['metadataflat'] = htmlspecialchars($metaflat);
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+ /*
if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
$et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
$et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
}
+ */
- $et->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
- $et->data['version'] = $config->getValue('version', 'na');
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
+ $t->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
+ $t->data['version'] = $config->getValue('version', 'na');
+ $t->data['defaultidp'] = $defaultidp;
- $et->show();
+ $t->show();
} catch(Exception $exception) {