From dd36beb6333d6bc6ab35c29d094a92e8c982680c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no> Date: Fri, 15 Feb 2008 10:45:31 +0000 Subject: [PATCH] Automatically generation of shibboleth sp and idp metadata, improvement to the metadata generation. And improvement to the frontpage (adding enablematrix and links to documentation) git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@311 44740490-163a-0410-bde0-09ae8108e29a --- templates/default/en/frontpage.php | 72 ++++++++++++++++++----- templates/default/en/metadata.php | 10 ++-- www/index.php | 87 +++++++++++++++++++++------ www/resources/default.css | 19 +++++- www/resources/icons/accept.png | Bin 0 -> 781 bytes www/resources/icons/delete.png | Bin 0 -> 715 bytes www/saml2/idp/metadata.php | 32 +++++----- www/saml2/sp/metadata.php | 31 ++++++---- www/shib13/idp/metadata.php | 91 ++++++++++++----------------- www/shib13/sp/metadata.php | 86 +++++++++++---------------- 10 files changed, 254 insertions(+), 174 deletions(-) create mode 100755 www/resources/icons/accept.png create mode 100755 www/resources/icons/delete.png diff --git a/templates/default/en/frontpage.php b/templates/default/en/frontpage.php index bc2ff455f..909e4cfe1 100644 --- a/templates/default/en/frontpage.php +++ b/templates/default/en/frontpage.php @@ -5,9 +5,34 @@ <div id="content"> - <h2>Welcome to simpleSAMlphp</h2> +<div class="enablebox"> +<table> + +<?php + +$icon_enabled = '<img src="/' . $data['baseurlpath'] . 'resources/icons/accept.png" alt="enabled" />'; +$icon_disabled = '<img src="/' . $data['baseurlpath'] . 'resources/icons/delete.png" alt="disabled" />'; +?> + +<tr class="<?php echo $this->data['enablematrix']['saml20-sp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 SP</td> + <td><?php echo $this->data['enablematrix']['saml20-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr> + +<tr class="<?php echo $this->data['enablematrix']['saml20-idp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 IdP</td> + <td><?php echo $this->data['enablematrix']['saml20-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr> + +<tr class="<?php echo $this->data['enablematrix']['shib13-sp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 SP</td> + <td><?php echo $this->data['enablematrix']['shib13-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr> + +<tr class="<?php echo $this->data['enablematrix']['shib13-idp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 IdP</td> + <td><?php echo $this->data['enablematrix']['shib13-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr> + +</table> +</div> + + + <p><strong>Congratulations</strong>, you have successfully installed simpleSAMLphp. This is the start page of your installation, where you will find links to test examples, diagnostics, metadata and even links to relevant documentation.</p> - <p>You have installed simpleSAMLphp on this web host. Here are some relevant links for your installation: + <h2>Useful links for your installation</h2> <ul> <?php @@ -17,23 +42,42 @@ ?> </ul> </p> - <?php - foreach($this->data['warnings'] AS $warning) { - - - echo '<div class="caution">' . $warning . '</div>'; - + <h2>Metadata</h2> + <ul> + <?php + foreach ($this->data['links_meta'] AS $link) { + echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>'; + } + ?> + </ul> + </p> + + <h2>Documentation</h2> + <ul> + <?php - } + foreach ($this->data['links_doc'] AS $link) { + echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>'; + } + ?> + </ul> + </p> - ?> - + <?php + if (array_key_exists('warnings', $this->data) && is_array($this->data['warnings']) && !empty($this->data['warnings'])) { + echo '<h2>Warnings</h2>'; + + foreach($this->data['warnings'] AS $warning) { + echo '<div class="caution">' . $warning . '</div>'; + } + } + ?> + - <h2>About simpleSAMLphp</h2> - <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it? - You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p> + <h2>About simpleSAMLphp</h2> + <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it? You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p> <?php $this->includeAtTemplateBase('includes/footer.php'); ?> \ No newline at end of file diff --git a/templates/default/en/metadata.php b/templates/default/en/metadata.php index 704e1799d..57d48db4c 100644 --- a/templates/default/en/metadata.php +++ b/templates/default/en/metadata.php @@ -31,15 +31,15 @@ <h2>Send your metadata to <?php echo $this->data['federationname']; ?></h2> - <p>simpleSAMLphp has detected that you have configured Feide as your default IdP.</p> + <p>simpleSAMLphp has detected that you have configured <?php echo $this->data['federationname']; ?> as your default IdP.</p> - <p>Before you can connect to Feide, Feide needs to add your service in its trust configuration. When you - contact Feide to add you as a new service, you will be asked to send your metadata. Here you can easily send - the metadata to Feide by clicking the button below.</p> + <p>Before you can connect to <?php echo $this->data['federationname']; ?>, <?php echo $this->data['federationname']; ?> needs to add your service in its trust configuration. When you + contact <?php echo $this->data['federationname']; ?> to add you as a new service, you will be asked to send your metadata. Here you can easily send + the metadata to <?php echo $this->data['federationname']; ?> by clicking the button below.</p> <form action="<?php echo $this->data['sendmetadatato']; ?>" method="post"> - <p>Feide needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>: + <p><?php echo $this->data['federationname']; ?> needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>: <input type="text" size="25" name="email" value="" /> </p> diff --git a/www/index.php b/www/index.php index 9f756764e..17697b1b9 100644 --- a/www/index.php +++ b/www/index.php @@ -21,43 +21,26 @@ if ($config->getValue('admin.protectindexpage', false)) { } } - $warnings = array(); if (SimpleSAML_Utilities::getSelfProtocol() != 'https') { - $warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS.'; + $warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS. [ <a href="http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration">read more about simpleSAMLphp maintenance</a> ]'; } - - $links = array(); -$links[] = array( - 'href' => 'admin/metadata.php', - 'text' => 'Meta data overview for your installation. Diagnose your meta data files.'); - -if ($config->getValue('enable.saml20-sp') === true) - $links[] = array( - 'href' => 'saml2/sp/metadata.php', - 'text' => 'SAML 2.0 Service Provider Metadata (automatically generated)'); if ($config->getValue('enable.saml20-sp') === true) $links[] = array( 'href' => 'example-simple/saml2-example.php', 'text' => 'SAML 2.0 SP example - test logging in through your IdP'); -if ($config->getValue('enable.saml20-idp') === true) - $links[] = array( - 'href' => 'saml2/idp/metadata.php', - 'text' => 'SAML 2.0 Identity Provider Metadata (automatically generated)'); - if ($config->getValue('enable.shib13-sp') === true) $links[] = array( 'href' => 'example-simple/shib13-example.php', 'text' => 'Shibboleth 1.3 SP example - test logging in through your Shib IdP'); - if ($config->getValue('enable.openid-provider') === true) $links[] = array( 'href' => 'openid/provider/server.php', @@ -67,11 +50,79 @@ $links[] = array( 'href' => 'example-simple/hostnames.php', 'text' => 'Diagnostics on hostname, port and protocol'); + + +$linksmeta = array(); + +$linksmeta[] = array( + 'href' => 'admin/metadata.php', + 'text' => 'Meta data overview for your installation. Diagnose your meta data files.'); + +if ($config->getValue('enable.saml20-sp') === true) + $linksmeta[] = array( + 'href' => 'saml2/sp/metadata.php', + 'text' => 'Hosted SAML 2.0 Service Provider Metadata (automatically generated)'); + +if ($config->getValue('enable.saml20-idp') === true) + $linksmeta[] = array( + 'href' => 'saml2/idp/metadata.php', + 'text' => 'Hosted SAML 2.0 Identity Provider Metadata (automatically generated)'); + + + +$linksdoc = array(); + +$linksdoc[] = array( + 'href' => 'http://rnd.feide.no/content/installing-simplesamlphp', + 'text' => 'Installing simpleSAMLphp'); + +if ($config->getValue('enable.saml20-sp', false ) || $config->getValue('enable.shib13-sp', false)) + $linksdoc[] = array( + 'href' => 'http://rnd.feide.no/content/using-simplesamlphp-service-provider', + 'text' => 'Using simpleSAMLphp as a Service Provider'); + +if ($config->getValue('enable.saml20-idp', false ) || $config->getValue('enable.shib13-idp', false)) + $linksdoc[] = array( + 'href' => 'http://rnd.feide.no/content/using-simplesamlphp-identity-provider', + 'text' => 'Using simpleSAMLphp as an Identity Provider'); + +if ($config->getValue('enable.shib13-idp', false)) + $linksdoc[] = array( + 'href' => 'http://rnd.feide.no/content/configure-shibboleth-13-sp-work-simplesamlphp-idp', + 'text' => 'Configure Shibboleth 1.3 SP to work with simpleSAMLphp IdP'); + +if ($config->getValue('enable.saml20-idp', false )) + $linksdoc[] = array( + 'href' => 'http://rnd.feide.no/content/simplesamlphp-idp-google-apps-education', + 'text' => 'simpleSAMLphp as an IdP for Google Apps for Education'); + +$linksdoc[] = array( + 'href' => 'http://rnd.feide.no/content/simplesamlphp-advanced-features', + 'text' => 'simpleSAMLphp Advanced Features +'); + + + +$linksdoc[] = array( + 'href' => 'http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration', + 'text' => 'simpleSAMLphp Maintenance and Configuration'); + +$enablematrix = array( + 'saml20-sp' => $config->getValue('enable.saml20-sp', false), + 'saml20-idp' => $config->getValue('enable.saml20-idp', false), + 'shib13-sp' => $config->getValue('enable.shib13-sp', false), + 'shib13-idp' => $config->getValue('enable.shib13-idp', false), +); + + $t = new SimpleSAML_XHTML_Template($config, 'frontpage.php'); $t->data['header'] = 'simpleSAMLphp installation page'; $t->data['icon'] = 'compass_l.png'; $t->data['warnings'] = $warnings; $t->data['links'] = $links; +$t->data['links_meta'] = $linksmeta; +$t->data['links_doc'] = $linksdoc; +$t->data['enablematrix'] = $enablematrix; $t->show(); diff --git a/www/resources/default.css b/www/resources/default.css index 5d1eb0535..5b712f557 100644 --- a/www/resources/default.css +++ b/www/resources/default.css @@ -217,4 +217,21 @@ div.caution { th.rowtitle { text-align: left; } - +.enablebox table { + border: 1px solid #eee; + float: right; + margin-left: 1em; +} +.enablebox tr td { + padding: .5px 1em 1px .5em; + margin: 0px; +} +.enablebox { + font-size: 85%; +} +.enablebox tr.enabled td { + background: #eee; +} +.enablebox tr.disabled td { + background: #ccc; +} \ No newline at end of file diff --git a/www/resources/icons/accept.png b/www/resources/icons/accept.png new file mode 100755 index 0000000000000000000000000000000000000000..89c8129a490b329f3165f32fa0781701aab417ea GIT binary patch literal 781 zcmeAS@N?(olHy`uVBq!ia0y~yU=RRd4mJh`2Kmqb6B!s7SkfJR9T^zbpD<_bdda}R zAX(xXQ4*Y=R#Ki=l*-_klAn~S;F+74o*I;zm{M7IGS!BGfoZ;{i(`nz>7|ojdj}`V z9RF)wcCIXknKQ*jv8g4XT2w{IdKT}|Jv!c(@9w>1mVCpf+o&k+n1`nB<||pnez~u% zJi9i<sPJZ>)0w?5owg>HY|MZD=BSU5a@7NFe*W{%KUc3SWO(#Xy`D$p2VZB=a{gDF zZ8d$4J^q{cvcp2BRMjXbeUaVWec@YHE1aM0b=u~n;#~K(*^b=5rtMzzGA75Z^R<M^ z-Vl#V&KIq@ZmcSKRuS~%)f~ZdSL<%X#WiQHGm={OKH{zOV;@nz8$TwdNYB5gcH-j_ z4&%F?uVv2ouHl@r@K8L{*)x(aZcN#{^4r|jzh7-*=B#SC;k2%M{p3S49G>|ZtvI%6 z(NxPB%%S&!1AN4t3_}^dhA7_2ZZ@cxTCic#oq5V0JDjAFntB8cFH7dMncisOiZ`6% z|3qg7|5Fudf4gJ%cO2LnkiwgLUOI7hwo8re$s;W8Z#kv;!}1oJEoi(JePmq<L%001 zg|jq{+_)7W@^9l$+1&Gb2Mq#y_9dvZxFsp8O}Mk%?AP?&iC<O+yuSYE^7a0}7k{U3 zH@smK&A(M!y6Su87j|of6+dGyI2)Qjn|)zlf#fbv%QO43T=v!W9hz-#o>*DMn0ihp zBf`;p0pHs=;}u#-+1x9)v#|Yikb0wC9%!rBeydif^zze)s_hNiZn90`lWRXz$Yhny z_h$XBiFvj>t0vvBI+CItzoUPz)MoeQ_A{~}ea{@N=P+NLz~jX(&UfzE;-z{L?Oloi zpRZ|}D&F}vL1?yz)xO4#8Fx|(HcYzKAo=T}(j4h&i>Kagn%nyIoYDvHN<pz@<u#|O zr95UC2`Xl`v%IY{u8NPiXr14BG}|f4TZ@G&t|LhB%ewiUR{mWY%nO%iakwpb+RCaG qH)HLI4Htu#w!B!s|6}}T?(_?5o>uO<lFY!sz~JfX=d#Wzp$P!~8e#$f literal 0 HcmV?d00001 diff --git a/www/resources/icons/delete.png b/www/resources/icons/delete.png new file mode 100755 index 0000000000000000000000000000000000000000..08f249365afd29594b51210c6e21ba253897505d GIT binary patch literal 715 zcmeAS@N?(olHy`uVBq!ia0y~yU=RRd4mJh`2Kmqb6B!s7SkfJR9T^zbpD<_bdda}R zAX(xXQ4*Y=R#Ki=l*-_klAn~S;F+74o*I;zm{M7IGS!BGfhpG0#WBR<^wP<{y@L}a zj{l9`CclWKGq0s3Fkr@Kqw;IF?kqdE*{45RCn>XUZsIJ*-lH);oL4L@yLu|#$Tw$7 zlv~#Ig-<try5#4Zl{;^9_NnbV6V&vSs~-M7efsy$JvRL3Co?HLt>5%4DQvy?xd72; z-$Nvgm#XgcT-#RdzG`M+P-fZG6Roego|RNRQg+>VU&gG3eQw7dN!OGVjz4$#&PaKE zTs0wK{_3MHK?jX&V*NgHZ@1oH@>T5OKI@Kcw*_<U+U3n>Z?L$--hZ+oFxBk8&pgjH zLT6r-G)cU9wr+cJXQ5)%N1mE8?myeITJ$3XG8YJLo9FQ39`6}hRl}N$`M)>j^eZTK z9Q;zVR<e8D#vlEP?7Z(Im77X;g+BC~#8Do5@bn%Y9uMOeEf1JWTR2N%UAJtOw98iA zC+0ahZQ&%A{MC)egIe2NtR@Q>JiV3hq)vPhA9u}i-XE7gY7{+K%Jncmuf;gu-9T}M zN_W%3b73v7c{%23MTZ;2uWH)AQt<C1UG1h$A<@TMuPLM~KPVf1Twbl$h<{&{aGI~% zm(ELJUIn73Gu_mjHf-j#Tg!7V=%mz)sp-wS6BI7gaXLTBeR1~ImP<#jy9OQP=6yJC z^#z53)u#70R8IXNzTyO{cK1Oe!yntkdc?h_Czfx|Se$TGp;z>YfN~e}pD&4`OxL46 z?w!}x9`a~&6l4Be$v;oUd{%tEIC<)+;|WSHHSDLpSDz<y=X9S}*+cKGg7?}!f2>($ z)#h#)Jw5STxy4H(UaxX)_9HLT)HhD9oUniHYw_G?RmGQQ%zG13T>gyhVf^-w@t=id YFP+=zStR|Bfq{X+)78&qol`;+02FXV-~a#s literal 0 HcmV?d00001 diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php index 560925305..0055f956d 100644 --- a/www/saml2/idp/metadata.php +++ b/www/saml2/idp/metadata.php @@ -58,13 +58,13 @@ try { WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <KeyDescriptor use="signing"> - <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> - <ds:X509Data> - <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </KeyDescriptor> + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> @@ -103,19 +103,15 @@ try { $defaultidp = $config->getValue('default-saml20-idp'); - $et = new SimpleSAML_XHTML_Template($config, 'metadata.php'); + $t = new SimpleSAML_XHTML_Template($config, 'metadata.php'); - $et->data['header'] = 'SAML 2.0 IdP Metadata'; - - $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml'); - $et->data['metadata'] = htmlentities($metaxml); - $et->data['metadataflat'] = htmlentities($metaflat); - - $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no')); - $et->data['defaultidp'] = $defaultidp; - - $et->show(); + $t->data['header'] = 'SAML 2.0 IdP Metadata'; + $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml'); + $t->data['metadata'] = htmlentities($metaxml); + $t->data['metadataflat'] = htmlentities($metaflat); + $t->data['defaultidp'] = $defaultidp; + $t->show(); } catch(Exception $exception) { diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php index 30f27dea5..7ebe40ba1 100644 --- a/www/saml2/sp/metadata.php +++ b/www/saml2/sp/metadata.php @@ -73,27 +73,34 @@ try { </SPSSODescriptor> </EntityDescriptor>'; + + if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') { + header('Content-Type: application/xml'); + + echo $metaxml; + exit(0); + } - $defaultidp = $config->getValue('default-saml20-idp'); - $et = new SimpleSAML_XHTML_Template($config, 'metadata.php'); + $defaultidp = $config->getValue('default-saml20-idp'); + $t = new SimpleSAML_XHTML_Template($config, 'metadata.php'); - $et->data['header'] = 'SAML 2.0 SP Metadata'; - $et->data['metadata'] = htmlentities($metaxml); - $et->data['metadataflat'] = htmlentities($metaflat); + $t->data['header'] = 'SAML 2.0 SP Metadata'; + $t->data['metadata'] = htmlentities($metaxml); + $t->data['metadataflat'] = htmlentities($metaflat); + $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml'); if (array_key_exists($defaultidp, $send_metadata_to_idp)) { - $et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address']; - $et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name']; + $t->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address']; + $t->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name']; } - $et->data['techemail'] = $config->getValue('technicalcontact_email', 'na'); - $et->data['version'] = $config->getValue('version', 'na'); - $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no')); - $et->data['defaultidp'] = $defaultidp; + $t->data['techemail'] = $config->getValue('technicalcontact_email', 'na'); + $t->data['version'] = $config->getValue('version', 'na'); + $t->data['defaultidp'] = $defaultidp; - $et->show(); + $t->show(); } catch(Exception $exception) { diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php index 560925305..84e0672e6 100644 --- a/www/shib13/idp/metadata.php +++ b/www/shib13/idp/metadata.php @@ -14,7 +14,7 @@ $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(true); -if (!$config->getValue('enable.saml20-idp', false)) +if (!$config->getValue('enable.shib13-idp', false)) SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS'); @@ -29,8 +29,8 @@ if (!isset($session) || !$session->isValid('login-admin') ) { try { - $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted'); - $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); + $idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('shib13-idp-hosted'); + $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted'); $publiccert = $config->getBaseDir() . '/cert/' . $idpmeta['certificate']; @@ -45,51 +45,36 @@ try { '" . htmlspecialchars($idpentityid) . "' => array( 'name' => 'Type in a name for this entity', 'description' => 'and a proper description that would help users know when to select this IdP.', - 'SingleSignOnService' => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . "', - 'SingleLogoutService' => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . "', + 'SingleSignOnService' => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . "', 'certFingerprint' => '" . strtolower(sha1(base64_decode($data))) ."' ), "; $metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?> - <EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" - entityID="' . htmlspecialchars($idpentityid) . '"> - <IDPSSODescriptor - WantAuthnRequestsSigned="false" - protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - - <KeyDescriptor use="signing"> - <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> - <ds:X509Data> - <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </KeyDescriptor> - - - - <!-- Logout endpoints --> - <SingleLogoutService - Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '" - ResponseLocation="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '" - index="0" - isDefault="true" - /> - - - <!-- Supported Name Identifier Formats --> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> - - <!-- AuthenticationRequest Consumer endpoint --> - <SingleSignOnService - Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . '" - index="0" - isDefault="true" - /> - - </IDPSSODescriptor> +<EntityDescriptor entityID="' . htmlspecialchars($idpentityid) . '"> + + <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0"> + + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> + + <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" + Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . '"/> + + </IDPSSODescriptor> + + <ContactPerson contactType="technical"> + <SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName> + <EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress> + </ContactPerson> + </EntityDescriptor>'; @@ -101,21 +86,19 @@ try { } - $defaultidp = $config->getValue('default-saml20-idp'); - - $et = new SimpleSAML_XHTML_Template($config, 'metadata.php'); + $defaultidp = $config->getValue('default-shib13-idp'); + $t = new SimpleSAML_XHTML_Template($config, 'metadata.php'); - $et->data['header'] = 'SAML 2.0 IdP Metadata'; + $t->data['header'] = 'Shib 1.3 IdP Metadata'; - $et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml'); - $et->data['metadata'] = htmlentities($metaxml); - $et->data['metadataflat'] = htmlentities($metaflat); - - $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no')); - $et->data['defaultidp'] = $defaultidp; + $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml'); + $t->data['metadata'] = htmlspecialchars($metaxml); + $t->data['metadataflat'] = htmlspecialchars($metaflat); + + $t->data['defaultidp'] = $defaultidp; - $et->show(); + $t->show(); } catch(Exception $exception) { diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php index 30f27dea5..e7a71c472 100644 --- a/www/shib13/sp/metadata.php +++ b/www/shib13/sp/metadata.php @@ -13,87 +13,69 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(TRUE); -if (!$config->getValue('enable.saml20-sp', false)) +if (!$config->getValue('enable.shib13-sp', false)) SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS'); -/** - * Preconfigured to help out some federations. This makes it easier for users to report metadata - * to the administrators of the IdP. - */ -$send_metadata_to_idp = array( - 'sam.feide.no' => array( - 'name' => 'Feide', - 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp' - ), - 'max.feide.no' => array( - 'name' => 'Feide', - 'address' => 'http://rnd.feide.no/content/sending-information-simplesamlphp' - ) -); - try { - $spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent(); - $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID(); - - /* - if (!$spmeta['assertionConsumerServiceURL']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: assertionConsumerServiceURL'); - if (!$spmeta['SingleLogOutUrl']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: SingleLogOutUrl'); - */ + $spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent('shib13-sp-hosted'); + $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted'); + $metaflat = " '" . htmlspecialchars($spentityid) . "' => array( - 'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "', - 'SingleLogoutService' => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . "' + 'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "' ) "; $metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?> -<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> +<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '"> + <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol"> - <SPSSODescriptor - AuthnRequestsSigned="false" - WantAssertionsSigned="false" - protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - - <SingleLogoutService - Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . '"/> + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> - <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted')) . '" index="1" isDefault="true" /> - <AssertionConsumerService - index="0" - isDefault="true" - Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . '" /> - </SPSSODescriptor> - + + <ContactPerson contactType="technical"> + <SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName> + <EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress> + </ContactPerson> + </EntityDescriptor>'; + + if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') { + header('Content-Type: application/xml'); + + echo $metaxml; + exit(0); + } - $defaultidp = $config->getValue('default-saml20-idp'); + $defaultidp = $config->getValue('default-shib13-idp'); - $et = new SimpleSAML_XHTML_Template($config, 'metadata.php'); + $t = new SimpleSAML_XHTML_Template($config, 'metadata.php'); - $et->data['header'] = 'SAML 2.0 SP Metadata'; - $et->data['metadata'] = htmlentities($metaxml); - $et->data['metadataflat'] = htmlentities($metaflat); + $t->data['header'] = 'Shib 1.3 SP Metadata'; + $t->data['metadata'] = htmlspecialchars($metaxml); + $t->data['metadataflat'] = htmlspecialchars($metaflat); + $t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml'); + /* if (array_key_exists($defaultidp, $send_metadata_to_idp)) { $et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address']; $et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name']; } + */ - $et->data['techemail'] = $config->getValue('technicalcontact_email', 'na'); - $et->data['version'] = $config->getValue('version', 'na'); - $et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no')); - $et->data['defaultidp'] = $defaultidp; + $t->data['techemail'] = $config->getValue('technicalcontact_email', 'na'); + $t->data['version'] = $config->getValue('version', 'na'); + $t->data['defaultidp'] = $defaultidp; - $et->show(); + $t->show(); } catch(Exception $exception) { -- GitLab