From dd36beb6333d6bc6ab35c29d094a92e8c982680c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Fri, 15 Feb 2008 10:45:31 +0000
Subject: [PATCH] Automatically generation of shibboleth sp and idp metadata,
improvement to the metadata generation. And improvement to the frontpage
(adding enablematrix and links to documentation)
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@311 44740490-163a-0410-bde0-09ae8108e29a
---
templates/default/en/frontpage.php | 72 ++++++++++++++++++-----
templates/default/en/metadata.php | 10 ++--
www/index.php | 87 +++++++++++++++++++++------
www/resources/default.css | 19 +++++-
www/resources/icons/accept.png | Bin 0 -> 781 bytes
www/resources/icons/delete.png | Bin 0 -> 715 bytes
www/saml2/idp/metadata.php | 32 +++++-----
www/saml2/sp/metadata.php | 31 ++++++----
www/shib13/idp/metadata.php | 91 ++++++++++++-----------------
www/shib13/sp/metadata.php | 86 +++++++++++----------------
10 files changed, 254 insertions(+), 174 deletions(-)
create mode 100755 www/resources/icons/accept.png
create mode 100755 www/resources/icons/delete.png
diff --git a/templates/default/en/frontpage.php b/templates/default/en/frontpage.php
index bc2ff455f..909e4cfe1 100644
--- a/templates/default/en/frontpage.php
+++ b/templates/default/en/frontpage.php
@@ -5,9 +5,34 @@
<div id="content">
- <h2>Welcome to simpleSAMlphp</h2>
+<div class="enablebox">
+<table>
+
+<?php
+
+$icon_enabled = '<img src="/' . $data['baseurlpath'] . 'resources/icons/accept.png" alt="enabled" />';
+$icon_disabled = '<img src="/' . $data['baseurlpath'] . 'resources/icons/delete.png" alt="disabled" />';
+?>
+
+<tr class="<?php echo $this->data['enablematrix']['saml20-sp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 SP</td>
+ <td><?php echo $this->data['enablematrix']['saml20-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+<tr class="<?php echo $this->data['enablematrix']['saml20-idp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 IdP</td>
+ <td><?php echo $this->data['enablematrix']['saml20-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+<tr class="<?php echo $this->data['enablematrix']['shib13-sp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 SP</td>
+ <td><?php echo $this->data['enablematrix']['shib13-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+<tr class="<?php echo $this->data['enablematrix']['shib13-idp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 IdP</td>
+ <td><?php echo $this->data['enablematrix']['shib13-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+
+</table>
+</div>
+
+
+ <p><strong>Congratulations</strong>, you have successfully installed simpleSAMLphp. This is the start page of your installation, where you will find links to test examples, diagnostics, metadata and even links to relevant documentation.</p>
- <p>You have installed simpleSAMLphp on this web host. Here are some relevant links for your installation:
+ <h2>Useful links for your installation</h2>
<ul>
<?php
@@ -17,23 +42,42 @@
?>
</ul>
</p>
- <?php
- foreach($this->data['warnings'] AS $warning) {
-
-
- echo '<div class="caution">' . $warning . '</div>';
-
+ <h2>Metadata</h2>
+ <ul>
+ <?php
+ foreach ($this->data['links_meta'] AS $link) {
+ echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>';
+ }
+ ?>
+ </ul>
+ </p>
+
+ <h2>Documentation</h2>
+ <ul>
+ <?php
- }
+ foreach ($this->data['links_doc'] AS $link) {
+ echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>';
+ }
+ ?>
+ </ul>
+ </p>
- ?>
-
+ <?php
+ if (array_key_exists('warnings', $this->data) && is_array($this->data['warnings']) && !empty($this->data['warnings'])) {
+ echo '<h2>Warnings</h2>';
+
+ foreach($this->data['warnings'] AS $warning) {
+ echo '<div class="caution">' . $warning . '</div>';
+ }
+ }
+ ?>
+
- <h2>About simpleSAMLphp</h2>
- <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
- You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
+ <h2>About simpleSAMLphp</h2>
+ <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it? You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
\ No newline at end of file
diff --git a/templates/default/en/metadata.php b/templates/default/en/metadata.php
index 704e1799d..57d48db4c 100644
--- a/templates/default/en/metadata.php
+++ b/templates/default/en/metadata.php
@@ -31,15 +31,15 @@
<h2>Send your metadata to <?php echo $this->data['federationname']; ?></h2>
- <p>simpleSAMLphp has detected that you have configured Feide as your default IdP.</p>
+ <p>simpleSAMLphp has detected that you have configured <?php echo $this->data['federationname']; ?> as your default IdP.</p>
- <p>Before you can connect to Feide, Feide needs to add your service in its trust configuration. When you
- contact Feide to add you as a new service, you will be asked to send your metadata. Here you can easily send
- the metadata to Feide by clicking the button below.</p>
+ <p>Before you can connect to <?php echo $this->data['federationname']; ?>, <?php echo $this->data['federationname']; ?> needs to add your service in its trust configuration. When you
+ contact <?php echo $this->data['federationname']; ?> to add you as a new service, you will be asked to send your metadata. Here you can easily send
+ the metadata to <?php echo $this->data['federationname']; ?> by clicking the button below.</p>
<form action="<?php echo $this->data['sendmetadatato']; ?>" method="post">
- <p>Feide needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
+ <p><?php echo $this->data['federationname']; ?> needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
<input type="text" size="25" name="email" value="" />
</p>
diff --git a/www/index.php b/www/index.php
index 9f756764e..17697b1b9 100644
--- a/www/index.php
+++ b/www/index.php
@@ -21,43 +21,26 @@ if ($config->getValue('admin.protectindexpage', false)) {
}
}
-
$warnings = array();
if (SimpleSAML_Utilities::getSelfProtocol() != 'https') {
- $warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS.';
+ $warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS. [ <a href="http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration">read more about simpleSAMLphp maintenance</a> ]';
}
-
-
$links = array();
-$links[] = array(
- 'href' => 'admin/metadata.php',
- 'text' => 'Meta data overview for your installation. Diagnose your meta data files.');
-
-if ($config->getValue('enable.saml20-sp') === true)
- $links[] = array(
- 'href' => 'saml2/sp/metadata.php',
- 'text' => 'SAML 2.0 Service Provider Metadata (automatically generated)');
if ($config->getValue('enable.saml20-sp') === true)
$links[] = array(
'href' => 'example-simple/saml2-example.php',
'text' => 'SAML 2.0 SP example - test logging in through your IdP');
-if ($config->getValue('enable.saml20-idp') === true)
- $links[] = array(
- 'href' => 'saml2/idp/metadata.php',
- 'text' => 'SAML 2.0 Identity Provider Metadata (automatically generated)');
-
if ($config->getValue('enable.shib13-sp') === true)
$links[] = array(
'href' => 'example-simple/shib13-example.php',
'text' => 'Shibboleth 1.3 SP example - test logging in through your Shib IdP');
-
if ($config->getValue('enable.openid-provider') === true)
$links[] = array(
'href' => 'openid/provider/server.php',
@@ -67,11 +50,79 @@ $links[] = array(
'href' => 'example-simple/hostnames.php',
'text' => 'Diagnostics on hostname, port and protocol');
+
+
+$linksmeta = array();
+
+$linksmeta[] = array(
+ 'href' => 'admin/metadata.php',
+ 'text' => 'Meta data overview for your installation. Diagnose your meta data files.');
+
+if ($config->getValue('enable.saml20-sp') === true)
+ $linksmeta[] = array(
+ 'href' => 'saml2/sp/metadata.php',
+ 'text' => 'Hosted SAML 2.0 Service Provider Metadata (automatically generated)');
+
+if ($config->getValue('enable.saml20-idp') === true)
+ $linksmeta[] = array(
+ 'href' => 'saml2/idp/metadata.php',
+ 'text' => 'Hosted SAML 2.0 Identity Provider Metadata (automatically generated)');
+
+
+
+$linksdoc = array();
+
+$linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/installing-simplesamlphp',
+ 'text' => 'Installing simpleSAMLphp');
+
+if ($config->getValue('enable.saml20-sp', false ) || $config->getValue('enable.shib13-sp', false))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/using-simplesamlphp-service-provider',
+ 'text' => 'Using simpleSAMLphp as a Service Provider');
+
+if ($config->getValue('enable.saml20-idp', false ) || $config->getValue('enable.shib13-idp', false))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/using-simplesamlphp-identity-provider',
+ 'text' => 'Using simpleSAMLphp as an Identity Provider');
+
+if ($config->getValue('enable.shib13-idp', false))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/configure-shibboleth-13-sp-work-simplesamlphp-idp',
+ 'text' => 'Configure Shibboleth 1.3 SP to work with simpleSAMLphp IdP');
+
+if ($config->getValue('enable.saml20-idp', false ))
+ $linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/simplesamlphp-idp-google-apps-education',
+ 'text' => 'simpleSAMLphp as an IdP for Google Apps for Education');
+
+$linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/simplesamlphp-advanced-features',
+ 'text' => 'simpleSAMLphp Advanced Features
+');
+
+
+
+$linksdoc[] = array(
+ 'href' => 'http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration',
+ 'text' => 'simpleSAMLphp Maintenance and Configuration');
+
+$enablematrix = array(
+ 'saml20-sp' => $config->getValue('enable.saml20-sp', false),
+ 'saml20-idp' => $config->getValue('enable.saml20-idp', false),
+ 'shib13-sp' => $config->getValue('enable.shib13-sp', false),
+ 'shib13-idp' => $config->getValue('enable.shib13-idp', false),
+);
+
+
$t = new SimpleSAML_XHTML_Template($config, 'frontpage.php');
$t->data['header'] = 'simpleSAMLphp installation page';
$t->data['icon'] = 'compass_l.png';
$t->data['warnings'] = $warnings;
$t->data['links'] = $links;
+$t->data['links_meta'] = $linksmeta;
+$t->data['links_doc'] = $linksdoc;
+$t->data['enablematrix'] = $enablematrix;
$t->show();
diff --git a/www/resources/default.css b/www/resources/default.css
index 5d1eb0535..5b712f557 100644
--- a/www/resources/default.css
+++ b/www/resources/default.css
@@ -217,4 +217,21 @@ div.caution {
th.rowtitle {
text-align: left;
}
-
+.enablebox table {
+ border: 1px solid #eee;
+ float: right;
+ margin-left: 1em;
+}
+.enablebox tr td {
+ padding: .5px 1em 1px .5em;
+ margin: 0px;
+}
+.enablebox {
+ font-size: 85%;
+}
+.enablebox tr.enabled td {
+ background: #eee;
+}
+.enablebox tr.disabled td {
+ background: #ccc;
+}
\ No newline at end of file
diff --git a/www/resources/icons/accept.png b/www/resources/icons/accept.png
new file mode 100755
index 0000000000000000000000000000000000000000..89c8129a490b329f3165f32fa0781701aab417ea
GIT binary patch
literal 781
zcmeAS@N?(olHy`uVBq!ia0y~yU=RRd4mJh`2Kmqb6B!s7SkfJR9T^zbpD<_bdda}R
zAX(xXQ4*Y=R#Ki=l*-_klAn~S;F+74o*I;zm{M7IGS!BGfoZ;{i(`nz>7|ojdj}`V
z9RF)wcCIXknKQ*jv8g4XT2w{IdKT}|Jv!c(@9w>1mVCpf+o&k+n1`nB<||pnez~u%
zJi9i<sPJZ>)0w?5owg>HY|MZD=BSU5a@7NFe*W{%KUc3SWO(#Xy`D$p2VZB=a{gDF
zZ8d$4J^q{cvcp2BRMjXbeUaVWec@YHE1aM0b=u~n;#~K(*^b=5rtMzzGA75Z^R<M^
z-Vl#V&KIq@ZmcSKRuS~%)f~ZdSL<%X#WiQHGm={OKH{zOV;@nz8$TwdNYB5gcH-j_
z4&%F?uVv2ouHl@r@K8L{*)x(aZcN#{^4r|jzh7-*=B#SC;k2%M{p3S49G>|ZtvI%6
z(NxPB%%S&!1AN4t3_}^dhA7_2ZZ@cxTCic#oq5V0JDjAFntB8cFH7dMncisOiZ`6%
z|3qg7|5Fudf4gJ%cO2LnkiwgLUOI7hwo8re$s;W8Z#kv;!}1oJEoi(JePmq<L%001
zg|jq{+_)7W@^9l$+1&Gb2Mq#y_9dvZxFsp8O}Mk%?AP?&iC<O+yuSYE^7a0}7k{U3
zH@smK&A(M!y6Su87j|of6+dGyI2)Qjn|)zlf#fbv%QO43T=v!W9hz-#o>*DMn0ihp
zBf`;p0pHs=;}u#-+1x9)v#|Yikb0wC9%!rBeydif^zze)s_hNiZn90`lWRXz$Yhny
z_h$XBiFvj>t0vvBI+CItzoUPz)MoeQ_A{~}ea{@N=P+NLz~jX(&UfzE;-z{L?Oloi
zpRZ|}D&F}vL1?yz)xO4#8Fx|(HcYzKAo=T}(j4h&i>Kagn%nyIoYDvHN<pz@<u#|O
zr95UC2`Xl`v%IY{u8NPiXr14BG}|f4TZ@G&t|LhB%ewiUR{mWY%nO%iakwpb+RCaG
qH)HLI4Htu#w!B!s|6}}T?(_?5o>uO<lFY!sz~JfX=d#Wzp$P!~8e#$f
literal 0
HcmV?d00001
diff --git a/www/resources/icons/delete.png b/www/resources/icons/delete.png
new file mode 100755
index 0000000000000000000000000000000000000000..08f249365afd29594b51210c6e21ba253897505d
GIT binary patch
literal 715
zcmeAS@N?(olHy`uVBq!ia0y~yU=RRd4mJh`2Kmqb6B!s7SkfJR9T^zbpD<_bdda}R
zAX(xXQ4*Y=R#Ki=l*-_klAn~S;F+74o*I;zm{M7IGS!BGfhpG0#WBR<^wP<{y@L}a
zj{l9`CclWKGq0s3Fkr@Kqw;IF?kqdE*{45RCn>XUZsIJ*-lH);oL4L@yLu|#$Tw$7
zlv~#Ig-<try5#4Zl{;^9_NnbV6V&vSs~-M7efsy$JvRL3Co?HLt>5%4DQvy?xd72;
z-$Nvgm#XgcT-#RdzG`M+P-fZG6Roego|RNRQg+>VU&gG3eQw7dN!OGVjz4$#&PaKE
zTs0wK{_3MHK?jX&V*NgHZ@1oH@>T5OKI@Kcw*_<U+U3n>Z?L$--hZ+oFxBk8&pgjH
zLT6r-G)cU9wr+cJXQ5)%N1mE8?myeITJ$3XG8YJLo9FQ39`6}hRl}N$`M)>j^eZTK
z9Q;zVR<e8D#vlEP?7Z(Im77X;g+BC~#8Do5@bn%Y9uMOeEf1JWTR2N%UAJtOw98iA
zC+0ahZQ&%A{MC)egIe2NtR@Q>JiV3hq)vPhA9u}i-XE7gY7{+K%Jncmuf;gu-9T}M
zN_W%3b73v7c{%23MTZ;2uWH)AQt<C1UG1h$A<@TMuPLM~KPVf1Twbl$h<{&{aGI~%
zm(ELJUIn73Gu_mjHf-j#Tg!7V=%mz)sp-wS6BI7gaXLTBeR1~ImP<#jy9OQP=6yJC
z^#z53)u#70R8IXNzTyO{cK1Oe!yntkdc?h_Czfx|Se$TGp;z>YfN~e}pD&4`OxL46
z?w!}x9`a~&6l4Be$v;oUd{%tEIC<)+;|WSHHSDLpSDz<y=X9S}*+cKGg7?}!f2>($
z)#h#)Jw5STxy4H(UaxX)_9HLT)HhD9oUniHYw_G?RmGQQ%zG13T>gyhVf^-w@t=id
YFP+=zStR|Bfq{X+)78&qol`;+02FXV-~a#s
literal 0
HcmV?d00001
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 560925305..0055f956d 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -58,13 +58,13 @@ try {
WantAuthnRequestsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <KeyDescriptor use="signing">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data>
- <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
@@ -103,19 +103,15 @@ try {
$defaultidp = $config->getValue('default-saml20-idp');
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 IdP Metadata';
-
- $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
-
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
-
- $et->show();
+ $t->data['header'] = 'SAML 2.0 IdP Metadata';
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+ $t->data['metadata'] = htmlentities($metaxml);
+ $t->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['defaultidp'] = $defaultidp;
+ $t->show();
} catch(Exception $exception) {
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index 30f27dea5..7ebe40ba1 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -73,27 +73,34 @@ try {
</SPSSODescriptor>
</EntityDescriptor>';
+
+ if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') {
+ header('Content-Type: application/xml');
+
+ echo $metaxml;
+ exit(0);
+ }
- $defaultidp = $config->getValue('default-saml20-idp');
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $defaultidp = $config->getValue('default-saml20-idp');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 SP Metadata';
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['header'] = 'SAML 2.0 SP Metadata';
+ $t->data['metadata'] = htmlentities($metaxml);
+ $t->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
- $et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
- $et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
+ $t->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
+ $t->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
}
- $et->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
- $et->data['version'] = $config->getValue('version', 'na');
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
+ $t->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
+ $t->data['version'] = $config->getValue('version', 'na');
+ $t->data['defaultidp'] = $defaultidp;
- $et->show();
+ $t->show();
} catch(Exception $exception) {
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index 560925305..84e0672e6 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -14,7 +14,7 @@ $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(true);
-if (!$config->getValue('enable.saml20-idp', false))
+if (!$config->getValue('enable.shib13-idp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
@@ -29,8 +29,8 @@ if (!isset($session) || !$session->isValid('login-admin') ) {
try {
- $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted');
- $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+ $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('shib13-idp-hosted');
+ $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
$publiccert = $config->getBaseDir() . '/cert/' . $idpmeta['certificate'];
@@ -45,51 +45,36 @@ try {
'" . htmlspecialchars($idpentityid) . "' => array(
'name' => 'Type in a name for this entity',
'description' => 'and a proper description that would help users know when to select this IdP.',
- 'SingleSignOnService' => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . "',
- 'SingleLogoutService' => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . "',
+ 'SingleSignOnService' => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . "',
'certFingerprint' => '" . strtolower(sha1(base64_decode($data))) ."'
),
";
$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
- entityID="' . htmlspecialchars($idpentityid) . '">
- <IDPSSODescriptor
- WantAuthnRequestsSigned="false"
- protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-
- <KeyDescriptor use="signing">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data>
- <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
-
-
-
- <!-- Logout endpoints -->
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
- ResponseLocation="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
- index="0"
- isDefault="true"
- />
-
-
- <!-- Supported Name Identifier Formats -->
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
-
- <!-- AuthenticationRequest Consumer endpoint -->
- <SingleSignOnService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . '"
- index="0"
- isDefault="true"
- />
-
- </IDPSSODescriptor>
+<EntityDescriptor entityID="' . htmlspecialchars($idpentityid) . '">
+
+ <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+
+ <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+ Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . '"/>
+
+ </IDPSSODescriptor>
+
+ <ContactPerson contactType="technical">
+ <SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName>
+ <EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress>
+ </ContactPerson>
+
</EntityDescriptor>';
@@ -101,21 +86,19 @@ try {
}
- $defaultidp = $config->getValue('default-saml20-idp');
-
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $defaultidp = $config->getValue('default-shib13-idp');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 IdP Metadata';
+ $t->data['header'] = 'Shib 1.3 IdP Metadata';
- $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
-
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+ $t->data['metadata'] = htmlspecialchars($metaxml);
+ $t->data['metadataflat'] = htmlspecialchars($metaflat);
+
+ $t->data['defaultidp'] = $defaultidp;
- $et->show();
+ $t->show();
} catch(Exception $exception) {
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index 30f27dea5..e7a71c472 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -13,87 +13,69 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(TRUE);
-if (!$config->getValue('enable.saml20-sp', false))
+if (!$config->getValue('enable.shib13-sp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
-/**
- * Preconfigured to help out some federations. This makes it easier for users to report metadata
- * to the administrators of the IdP.
- */
-$send_metadata_to_idp = array(
- 'sam.feide.no' => array(
- 'name' => 'Feide',
- 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
- ),
- 'max.feide.no' => array(
- 'name' => 'Feide',
- 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp'
- )
-);
-
try {
- $spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent();
- $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-
- /*
- if (!$spmeta['assertionConsumerServiceURL']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: assertionConsumerServiceURL');
- if (!$spmeta['SingleLogOutUrl']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: SingleLogOutUrl');
- */
+ $spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent('shib13-sp-hosted');
+ $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted');
+
$metaflat = "
'" . htmlspecialchars($spentityid) . "' => array(
- 'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "',
- 'SingleLogoutService' => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . "'
+ 'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "'
)
";
$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '">
+ <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
- <SPSSODescriptor
- AuthnRequestsSigned="false"
- WantAssertionsSigned="false"
- protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . '"/>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted')) . '" index="1" isDefault="true" />
- <AssertionConsumerService
- index="0"
- isDefault="true"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . '" />
-
</SPSSODescriptor>
-
+
+ <ContactPerson contactType="technical">
+ <SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName>
+ <EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress>
+ </ContactPerson>
+
</EntityDescriptor>';
+
+ if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') {
+ header('Content-Type: application/xml');
+
+ echo $metaxml;
+ exit(0);
+ }
- $defaultidp = $config->getValue('default-saml20-idp');
+ $defaultidp = $config->getValue('default-shib13-idp');
- $et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+ $t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
- $et->data['header'] = 'SAML 2.0 SP Metadata';
- $et->data['metadata'] = htmlentities($metaxml);
- $et->data['metadataflat'] = htmlentities($metaflat);
+ $t->data['header'] = 'Shib 1.3 SP Metadata';
+ $t->data['metadata'] = htmlspecialchars($metaxml);
+ $t->data['metadataflat'] = htmlspecialchars($metaflat);
+ $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+ /*
if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
$et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
$et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
}
+ */
- $et->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
- $et->data['version'] = $config->getValue('version', 'na');
- $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
- $et->data['defaultidp'] = $defaultidp;
+ $t->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
+ $t->data['version'] = $config->getValue('version', 'na');
+ $t->data['defaultidp'] = $defaultidp;
- $et->show();
+ $t->show();
} catch(Exception $exception) {
--
GitLab