From dd36beb6333d6bc6ab35c29d094a92e8c982680c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Fri, 15 Feb 2008 10:45:31 +0000
Subject: [PATCH] Automatically generation of shibboleth sp and idp metadata,
improvement to the metadata generation. And improvement to the frontpage
(adding enablematrix and links to documentation)
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@311 44740490-163a-0410-bde0-09ae8108e29a
---
templates/default/en/frontpage.php | 72 ++++++++++++++++++-----
templates/default/en/metadata.php | 10 ++--
www/index.php | 87 +++++++++++++++++++++------
www/resources/default.css | 19 +++++-
www/resources/icons/accept.png | Bin 0 -> 781 bytes
www/resources/icons/delete.png | Bin 0 -> 715 bytes
www/saml2/idp/metadata.php | 32 +++++-----
www/saml2/sp/metadata.php | 31 ++++++----
www/shib13/idp/metadata.php | 91 ++++++++++++-----------------
www/shib13/sp/metadata.php | 86 +++++++++++----------------
10 files changed, 254 insertions(+), 174 deletions(-)
create mode 100755 www/resources/icons/accept.png
create mode 100755 www/resources/icons/delete.png
diff --git a/templates/default/en/frontpage.php b/templates/default/en/frontpage.php
index bc2ff455f..909e4cfe1 100644
--- a/templates/default/en/frontpage.php
+++ b/templates/default/en/frontpage.php
@@ -5,9 +5,34 @@
<div id="content">
- <h2>Welcome to simpleSAMlphp</h2>
+<div class="enablebox">
+<table>
+
+<?php
+
+$icon_enabled = '<img src="/' . $data['baseurlpath'] . 'resources/icons/accept.png" alt="enabled" />';
+$icon_disabled = '<img src="/' . $data['baseurlpath'] . 'resources/icons/delete.png" alt="disabled" />';
+?>
+
+<tr class="<?php echo $this->data['enablematrix']['saml20-sp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 SP</td>
+ <td><?php echo $this->data['enablematrix']['saml20-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+<tr class="<?php echo $this->data['enablematrix']['saml20-idp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 IdP</td>
+ <td><?php echo $this->data['enablematrix']['saml20-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+<tr class="<?php echo $this->data['enablematrix']['shib13-sp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 SP</td>
+ <td><?php echo $this->data['enablematrix']['shib13-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+<tr class="<?php echo $this->data['enablematrix']['shib13-idp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 IdP</td>
+ <td><?php echo $this->data['enablematrix']['shib13-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+</table>
+</div>
+
+
+ <p><strong>Congratulations</strong>, you have successfully installed simpleSAMLphp. This is the start page of your installation, where you will find links to test examples, diagnostics, metadata and even links to relevant documentation.</p>
- <p>You have installed simpleSAMLphp on this web host. Here are some relevant links for your installation:
+ <h2>Useful links for your installation</h2>
<ul>
<?php
@@ -17,23 +42,42 @@
?>
</ul>
</p>
- <?php
- foreach($this->data['warnings'] AS $warning) {
-
-
- echo '<div class="caution">' . $warning . '</div>';
-
+ <h2>Metadata</h2>
+ <ul>
+ <?php
+ foreach ($this->data['links_meta'] AS $link) {
+ echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>';
+ }
+ ?>
+ </ul>
+ </p>
+
+ <h2>Documentation</h2>
+ <ul>
+ <?php
- }
+ foreach ($this->data['links_doc'] AS $link) {
+ echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>';
+ }
+ ?>
+ </ul>
+ </p>
- ?>
-
+ <?php
+ if (array_key_exists('warnings', $this->data) && is_array($this->data['warnings']) && !empty($this->data['warnings'])) {
+ echo '<h2>Warnings</h2>';
+
+ foreach($this->data['warnings'] AS $warning) {
+ echo '<div class="caution">' . $warning . '</div>';
+ }
+ }
+ ?>
+
- <h2>About simpleSAMLphp</h2>
- <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
- You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
+ <h2>About simpleSAMLphp</h2>
+ <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it? You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
\ No newline at end of file
diff --git a/templates/default/en/metadata.php b/templates/default/en/metadata.php
index 704e1799d..57d48db4c 100644
--- a/templates/default/en/metadata.php
+++ b/templates/default/en/metadata.php
@@ -31,15 +31,15 @@
<h2>Send your metadata to <?php echo $this->data['federationname']; ?></h2>
- <p>simpleSAMLphp has detected that you have configured Feide as your default IdP.</p>
+ <p>simpleSAMLphp has detected that you have configured <?php echo $this->data['federationname']; ?> as your default IdP.</p>
- <p>Before you can connect to Feide, Feide needs to add your service in its trust configuration. When you
- contact Feide to add you as a new service, you will be asked to send your metadata. Here you can easily send
- the metadata to Feide by clicking the button below.</p>
+ <p>Before you can connect to <?php echo $this->data['federationname']; ?>, <?php echo $this->data['federationname']; ?> needs to add your service in its trust configuration. When you
+ contact <?php echo $this->data['federationname']; ?> to add you as a new service, you will be asked to send your metadata. Here you can easily send
+ the metadata to <?php echo $this->data['federationname']; ?> by clicking the button below.</p>
<form action="<?php echo $this->data['sendmetadatato']; ?>" method="post">
- <p>Feide needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
+ <p><?php echo $this->data['federationname']; ?> needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
<input type="text" size="25" name="email" value="" />
</p>
diff --git a/www/index.php b/www/index.php
index 9f756764e..17697b1b9 100644
--- a/www/index.php
+++ b/www/index.php
@@ -21,43 +21,26 @@ if ($config->getValue('admin.protectindexpage', false)) {
}
}
-
$warnings = array();
if (SimpleSAML_Utilities::getSelfProtocol() != 'https') {
- $warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS.';
+ $warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS. [ <a href="http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration">read more about simpleSAMLphp maintenance</a> ]';
}
-
-
$links = array();
-$links[] = array(
- 'href' => 'admin/metadata.php',
- 'text' => 'Meta data overview for your installation. Diagnose your meta data files.');
-
-if ($config->getValue('enable.saml20-sp') === true)
- $links[] = array(
- 'href' => 'saml2/sp/metadata.php',
- 'text' => 'SAML 2.0 Service Provider Metadata (automatically generated)');
if ($config->getValue('enable.saml20-sp') === true)
$links[] = array(
'href' => 'example-simple/saml2-example.php',
'text' => 'SAML 2.0 SP example - test logging in through your IdP');
-if ($config->getValue('enable.saml20-idp') === true)
- $links[] = array(
- 'href' => 'saml2/idp/metadata.php',
- 'text' => 'SAML 2.0 Identity Provider Metadata (automatically generated)');
-
if ($config->getValue('enable.shib13-sp') === true)
$links[] = array(
'href' => 'example-simple/shib13-example.php',
'text' => 'Shibboleth 1.3 SP example - test logging in through your Shib IdP');
-
if ($config->getValue('enable.openid-provider') === true)
$links[] = array(
'href' => 'openid/provider/server.php',
@@ -67,11 +50,79 @@ $links[] = array(
'href' => 'example-simple/hostnames.php',
'text' => 'Diagnostics on hostname, port and protocol');
+
+
+$linksmeta = array();
+
+$linksmeta[] = array(
+ 'href' => 'admin/metadata.php',
+ 'text' => 'Meta data overview for your installation. Diagnose your meta data files.');
+
+if ($config->getValue('enable.saml20-sp') === true)
+ $linksmeta[] = array(
+ 'href' => 'saml2/sp/metadata.php',
+ 'text' => 'Hosted SAML 2.0 Service Provider Metadata (automatically generated)');
+
+if ($config->getValue('enable.saml20-idp') === true)
+ $linksmeta[] = array(
+ 'href' => 'saml2/idp/metadata.php',
+ 'text' => 'Hosted SAML 2.0 Identity Provider Metadata (automatically generated)');
+
+
+
+$linksdoc = array();
+
+$linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/installing-simplesamlphp',
+ 'text' => 'Installing simpleSAMLphp');
+
+if ($config->getValue('enable.saml20-sp', false ) || $config->getValue('enable.shib13-sp', false))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/using-simplesamlphp-service-provider',
+ 'text' => 'Using simpleSAMLphp as a Service Provider');
+
+if ($config->getValue('enable.saml20-idp', false ) || $config->getValue('enable.shib13-idp', false))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/using-simplesamlphp-identity-provider',
+ 'text' => 'Using simpleSAMLphp as an Identity Provider');
+
+if ($config->getValue('enable.shib13-idp', false))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/configure-shibboleth-13-sp-work-simplesamlphp-idp',
+ 'text' => 'Configure Shibboleth 1.3 SP to work with simpleSAMLphp IdP');
+
+if ($config->getValue('enable.saml20-idp', false ))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/simplesamlphp-idp-google-apps-education',
+ 'text' => 'simpleSAMLphp as an IdP for Google Apps for Education');
+
+$linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/simplesamlphp-advanced-features',
+ 'text' => 'simpleSAMLphp Advanced Features
+');
+
+
+
+$linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration',
+ 'text' => 'simpleSAMLphp Maintenance and Configuration');
+
+$enablematrix = array(
+ 'saml20-sp' => $config->getValue('enable.saml20-sp', false),
+ 'saml20-idp' => $config->getValue('enable.saml20-idp', false),
+ 'shib13-sp' => $config->getValue('enable.shib13-sp', false),
+ 'shib13-idp' => $config->getValue('enable.shib13-idp', false),
+);
+
+
$t = new SimpleSAML_XHTML_Template($config, 'frontpage.php');
$t->data['header'] = 'simpleSAMLphp installation page';
$t->data['icon'] = 'compass_l.png';
$t->data['warnings'] = $warnings;
$t->data['links'] = $links;
+$t->data['links_meta'] = $linksmeta;
+$t->data['links_doc'] = $linksdoc;
+$t->data['enablematrix'] = $enablematrix;
$t->show();
diff --git a/www/resources/default.css b/www/resources/default.css
index 5d1eb0535..5b712f557 100644
--- a/www/resources/default.css
+++ b/www/resources/default.css
@@ -217,4 +217,21 @@ div.caution {
th.rowtitle {
text-align: left;
}
-
+.enablebox table {
+ border: 1px solid #eee;
+ float: right;
+ margin-left: 1em;
+}
+.enablebox tr td {
+ padding: .5px 1em 1px .5em;
+ margin: 0px;
+}
+.enablebox {
+ font-size: 85%;
+}
+.enablebox tr.enabled td {
+ background: #eee;
+}
+.enablebox tr.disabled td {
+ background: #ccc;
+}
\ No newline at end of file
diff --git a/www/resources/icons/accept.png b/www/resources/icons/accept.png
new file mode 100755
index 0000000000000000000000000000000000000000..89c8129a490b329f3165f32fa0781701aab417ea
GIT binary patch
literal 781
zcmV+o1M>WdP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV00004XF*Lt006JZ
zHwB960000PbVXQnQ*UN;cVTj606}DLVr3vnZDD6+Qe|Oed2z{QJOBU!pGibPR5;6}
zlj}=UVI0T(J9f@?Yy$~oL?MENP<s_55<8j=#k?#_)7`z&He=XKi!yRv#z-kGv(##H
zPHpPc=GK%laoJHq%)RMCwPAFzZ|CgAOcEn{;0q5A&*$@du5ke3{wIG76!;E_a;FdK
zvpp$H#^e2A>4-QibtN)VXQDpczE`xXAkUjh%RI>;okxb7K@0kpyQ1k_Y(|Oe7$m(^
zNYX>mI||sUbmn+c<m#Le&eeX{US5M~t}+^~?^x|a<4hF}*!YoT8=u}L$nm5IGu=t+
z9L!Cu36!D2Ujog{8R*!Qv#Iu-h5hwCT%4+a*g~$0uam-<K;}*|sK&CQl{uILRo+uj
zOcz2iRRHx=A>3<&FnE=4u#()KBS^SH8e)Qs5i!#lY=$-1gbH6VluzU=m=EP78&5vQ
z-?+fFP-G2l&l_QzYealK$;1Rl?FkzXR&Jv<pn=v~#I9rjiy!8pnkdBB+E5h!vH2Zs
z&o03*QH;J|Cj>@fBPNjCr#AYRyJ7UJQ0v#?)7Ott=>3<sG1xL&549^BdiQDc2Rk6B
z`CZUMF*oL$(7tdPx=A_AzG_6ieU8GLKR01{dI4q5ENECkOP~(zUNfjFVrvVjw*&_H
zKpN~TcTqhdhuVD-b<^codbfbK*#?vj9*4ql0y<|7?610!ZaoaDlGr-LWGi2|kG&eR
zM}vpV9aN6yK|7oS)sPHI2Nw>`#-pV!7>9}>Q1jL)H6h&gkP@3nI=+F3nA~M>u#(n*
z8T!#8oEw&-mED4!h4s!N@Jo3S7N&Q6%6l3}nlcd~X@>;uelvPsSkXIgg~e+^T1zSf
z3SNj(5%jK~i8@b;C<CFVY6wQ4<%I<*UYM=Ou+dYcgy^ro@n7=`XV9$WdAihN00000
LNkvXXu0mjf{u*Ke
literal 0
HcmV?d00001
diff --git a/www/resources/icons/delete.png b/www/resources/icons/delete.png
new file mode 100755
index 0000000000000000000000000000000000000000..08f249365afd29594b51210c6e21ba253897505d
GIT binary patch
literal 715
zcmV;+0yO=JP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV00004XF*Lt006JZ
zHwB960000PbVXQnQ*UN;cVTj606}DLVr3vnZDD6+Qe|Oed2z{QJOBU!T}ebiR5;6}
zllx0kVHn5#Tecsf1c`2hgi%nK^D=kV+T5njvrLa$EMjSnone|mjm2E}L#U;8)yiKo
zO>C4}Mrzlg<+1Y8PEBfUp0jJpx4B>@E+cy3`^(Gw`Mf+2&yxZm<$to~Vpgvg&QKNR
z_f#1(r6svZt%iF?s+n<8X?B&!h3g9Dbb8_=MX}!;HiQSAh`bp^WMl~Z-44teO7W_Y
zV4thSL{h;rJY7!l3%5J4H1!tIzB`Dv+YxO(haWeausGZYkI8^hWj6mzo=L0{%;<E2
z80_Y*w_}NMA$su)e0B@`wrYegSP*HT5w@N{_}&f79VIb*XrKGBY>yxzh{5!Htr?51
zvG|W62MzC8BZ76hRpCyO2zOn<%e)K>NHge!-~)Ap33OdWw6hsLYbCxGNt0%wk_2z7
zfyYvXheSG)5HRK1VB~%mq7Dmurw#bi@hEcOr3&G1ZiF*$M=&9nB#VNf&Q^r$4G5kp
zTURh&s)E0%5&hyVD}sp<72~zmAY`Y(9aqO6CXF%=zFHGzO-A&I(pE}v70YQxCPJ{Y
z4L+?5-crdLn3ZRPEs!A4ehEY3ZRpL~w9>@aMN+{F4dI@v&>(QDHQum!mG~E^$OS8l
z!7?%Uwib*ROP67Hw`ika)gX-(<Pal@1N`)16#~~<@x7jghg9OTS^;mJ8T{oIOsMnG
zla<QHU?S-#Kb7w%o*dlEj!JgnOSKW+hV$`!syc>8Ia`-u_IEhxG7U<13kSsMW+$<e
xd62)I>lbb2dUMm5p6pa}cjgA+U$^mJ^AjD?&bdi)8~y+Q002ovPDHLkV1g8IMc@Dc
literal 0
HcmV?d00001
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 560925305..0055f956d 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -58,13 +58,13 @@ try {
WantAuthnRequestsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <KeyDescriptor use="signing">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data>
- <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
@@ -103,19 +103,15 @@ try {
$defaultidp = $config->getValue('default-saml20-idp');
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 IdP Metadata';
-
- $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
-
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
-
- $et->show();
+ $t->data['header'] = 'SAML 2.0 IdP Metadata';
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+ $t->data['metadata'] = htmlentities($metaxml);
+ $t->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['defaultidp'] = $defaultidp;
+ $t->show();
} catch(Exception $exception) {
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index 30f27dea5..7ebe40ba1 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -73,27 +73,34 @@ try {
</SPSSODescriptor>
</EntityDescriptor>';
+
+ if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') {
+ header('Content-Type: application/xml');
+
+ echo $metaxml;
+ exit(0);
+ }
- $defaultidp = $config->getValue('default-saml20-idp');
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $defaultidp = $config->getValue('default-saml20-idp');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 SP Metadata';
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['header'] = 'SAML 2.0 SP Metadata';
+ $t->data['metadata'] = htmlentities($metaxml);
+ $t->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
- $et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
- $et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
+ $t->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
+ $t->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
}
- $et->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
- $et->data['version'] = $config->getValue('version', 'na');
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
+ $t->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
+ $t->data['version'] = $config->getValue('version', 'na');
+ $t->data['defaultidp'] = $defaultidp;
- $et->show();
+ $t->show();
} catch(Exception $exception) {
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index 560925305..84e0672e6 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -14,7 +14,7 @@ $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(true);
-if (!$config->getValue('enable.saml20-idp', false))
+if (!$config->getValue('enable.shib13-idp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
@@ -29,8 +29,8 @@ if (!isset($session) || !$session->isValid('login-admin') ) {
try {
- $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted');
- $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+ $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('shib13-idp-hosted');
+ $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
$publiccert = $config->getBaseDir() . '/cert/' . $idpmeta['certificate'];
@@ -45,51 +45,36 @@ try {
'" . htmlspecialchars($idpentityid) . "' => array(
'name' => 'Type in a name for this entity',
'description' => 'and a proper description that would help users know when to select this IdP.',
- 'SingleSignOnService' => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . "',
- 'SingleLogoutService' => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . "',
+ 'SingleSignOnService' => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . "',
'certFingerprint' => '" . strtolower(sha1(base64_decode($data))) ."'
),
";
$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
- entityID="' . htmlspecialchars($idpentityid) . '">
- <IDPSSODescriptor
- WantAuthnRequestsSigned="false"
- protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-
- <KeyDescriptor use="signing">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data>
- <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
-
-
-
- <!-- Logout endpoints -->
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
- ResponseLocation="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
- index="0"
- isDefault="true"
- />
-
-
- <!-- Supported Name Identifier Formats -->
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
-
- <!-- AuthenticationRequest Consumer endpoint -->
- <SingleSignOnService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . '"
- index="0"
- isDefault="true"
- />
-
- </IDPSSODescriptor>
+<EntityDescriptor entityID="' . htmlspecialchars($idpentityid) . '">
+
+ <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+
+ <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+ Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . '"/>
+
+ </IDPSSODescriptor>
+
+ <ContactPerson contactType="technical">
+ <SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName>
+ <EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress>
+ </ContactPerson>
+
</EntityDescriptor>';
@@ -101,21 +86,19 @@ try {
}
- $defaultidp = $config->getValue('default-saml20-idp');
-
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $defaultidp = $config->getValue('default-shib13-idp');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 IdP Metadata';
+ $t->data['header'] = 'Shib 1.3 IdP Metadata';
- $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
-
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+ $t->data['metadata'] = htmlspecialchars($metaxml);
+ $t->data['metadataflat'] = htmlspecialchars($metaflat);
+
+ $t->data['defaultidp'] = $defaultidp;
- $et->show();
+ $t->show();
} catch(Exception $exception) {
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index 30f27dea5..e7a71c472 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -13,87 +13,69 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(TRUE);
-if (!$config->getValue('enable.saml20-sp', false))
+if (!$config->getValue('enable.shib13-sp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
-/**
- * Preconfigured to help out some federations. This makes it easier for users to report metadata
- * to the administrators of the IdP.
- */
-$send_metadata_to_idp = array(
- 'sam.feide.no' => array(
- 'name' => 'Feide',
- 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
- ),
- 'max.feide.no' => array(
- 'name' => 'Feide',
- 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
- )
-);
-
try {
- $spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent();
- $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-
- /*
- if (!$spmeta['assertionConsumerServiceURL']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: assertionConsumerServiceURL');
- if (!$spmeta['SingleLogOutUrl']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: SingleLogOutUrl');
- */
+ $spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent('shib13-sp-hosted');
+ $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted');
+
$metaflat = "
'" . htmlspecialchars($spentityid) . "' => array(
- 'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "',
- 'SingleLogoutService' => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . "'
+ 'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "'
)
";
$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '">
+ <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
- <SPSSODescriptor
- AuthnRequestsSigned="false"
- WantAssertionsSigned="false"
- protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . '"/>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted')) . '" index="1" isDefault="true" />
- <AssertionConsumerService
- index="0"
- isDefault="true"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . '" />
-
</SPSSODescriptor>
-
+
+ <ContactPerson contactType="technical">
+ <SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName>
+ <EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress>
+ </ContactPerson>
+
</EntityDescriptor>';
+
+ if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') {
+ header('Content-Type: application/xml');
+
+ echo $metaxml;
+ exit(0);
+ }
- $defaultidp = $config->getValue('default-saml20-idp');
+ $defaultidp = $config->getValue('default-shib13-idp');
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 SP Metadata';
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['header'] = 'Shib 1.3 SP Metadata';
+ $t->data['metadata'] = htmlspecialchars($metaxml);
+ $t->data['metadataflat'] = htmlspecialchars($metaflat);
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+ /*
if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
$et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
$et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
}
+ */
- $et->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
- $et->data['version'] = $config->getValue('version', 'na');
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
+ $t->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
+ $t->data['version'] = $config->getValue('version', 'na');
+ $t->data['defaultidp'] = $defaultidp;
- $et->show();
+ $t->show();
} catch(Exception $exception) {
--
GitLab