From dd36beb6333d6bc6ab35c29d094a92e8c982680c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Fri, 15 Feb 2008 10:45:31 +0000
Subject: [PATCH] Automatically generation of shibboleth sp and idp metadata,
 improvement to the metadata generation. And improvement to the frontpage
 (adding enablematrix and links to documentation)

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@311 44740490-163a-0410-bde0-09ae8108e29a
---
 templates/default/en/frontpage.php |  72 ++++++++++++++++++-----
 templates/default/en/metadata.php  |  10 ++--
 www/index.php                      |  87 +++++++++++++++++++++------
 www/resources/default.css          |  19 +++++-
 www/resources/icons/accept.png     | Bin 0 -> 781 bytes
 www/resources/icons/delete.png     | Bin 0 -> 715 bytes
 www/saml2/idp/metadata.php         |  32 +++++-----
 www/saml2/sp/metadata.php          |  31 ++++++----
 www/shib13/idp/metadata.php        |  91 ++++++++++++-----------------
 www/shib13/sp/metadata.php         |  86 +++++++++++----------------
 10 files changed, 254 insertions(+), 174 deletions(-)
 create mode 100755 www/resources/icons/accept.png
 create mode 100755 www/resources/icons/delete.png

diff --git a/templates/default/en/frontpage.php b/templates/default/en/frontpage.php
index bc2ff455f..909e4cfe1 100644
--- a/templates/default/en/frontpage.php
+++ b/templates/default/en/frontpage.php
@@ -5,9 +5,34 @@
 
 	<div id="content">
 
-		<h2>Welcome to simpleSAMlphp</h2>
+<div class="enablebox">
+<table>
+
+<?php
+
+$icon_enabled  = '<img src="/' . $data['baseurlpath'] . 'resources/icons/accept.png" alt="enabled" />';
+$icon_disabled = '<img src="/' . $data['baseurlpath'] . 'resources/icons/delete.png" alt="disabled" />';
+?>
+
+<tr class="<?php echo $this->data['enablematrix']['saml20-sp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 SP</td>
+	<td><?php echo $this->data['enablematrix']['saml20-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+	
+<tr class="<?php echo $this->data['enablematrix']['saml20-idp'] ? 'enabled' : 'disabled'; ?>"><td>SAML 2.0 IdP</td>
+	<td><?php echo $this->data['enablematrix']['saml20-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+	
+<tr class="<?php echo $this->data['enablematrix']['shib13-sp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 SP</td>
+	<td><?php echo $this->data['enablematrix']['shib13-sp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+	
+<tr class="<?php echo $this->data['enablematrix']['shib13-idp'] ? 'enabled' : 'disabled'; ?>"><td>Shib 1.3 IdP</td>
+	<td><?php echo $this->data['enablematrix']['shib13-idp'] ? $icon_enabled : $icon_disabled; ?></td></tr>
+	
+</table>
+</div>
+
+
+		<p><strong>Congratulations</strong>, you have successfully installed simpleSAMLphp. This is the start page of your installation, where you will find links to test examples, diagnostics, metadata and even links to relevant documentation.</p>
 		
-		<p>You have installed simpleSAMLphp on this web host. Here are some relevant links for your installation:
+		<h2>Useful links for your installation</h2>
 			<ul>
 			<?php
 			
@@ -17,23 +42,42 @@
 			?>
 			</ul>
 		</p>
-		<?php
 		
-			foreach($this->data['warnings'] AS $warning) {
-			
-			
-				echo '<div class="caution">' . $warning . '</div>';
-				
+		<h2>Metadata</h2>
+			<ul>
+			<?php
 			
+				foreach ($this->data['links_meta'] AS $link) {
+					echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>';
+				}
+			?>
+			</ul>
+		</p>
+		
+		<h2>Documentation</h2>
+			<ul>
+			<?php
 			
-			}
+				foreach ($this->data['links_doc'] AS $link) {
+					echo '<li><a href="' . htmlspecialchars($link['href']) . '">' . htmlspecialchars($link['text']) . '</a></li>';
+				}
+			?>
+			</ul>
+		</p>
 		
-		?>
-
+		<?php
+			if (array_key_exists('warnings', $this->data) && is_array($this->data['warnings']) && !empty($this->data['warnings'])) {
 
+				echo '<h2>Warnings</h2>';
+		
+				foreach($this->data['warnings'] AS $warning) {
+					echo '<div class="caution">' . $warning . '</div>';
+				}
+			}
+		?>
+		
 
-		<h2>About simpleSAMLphp</h2>
-		<p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
-		You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
+	<h2>About simpleSAMLphp</h2>
+		<p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it? You can find more information about <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp at the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
 		
 <?php $this->includeAtTemplateBase('includes/footer.php'); ?>
\ No newline at end of file
diff --git a/templates/default/en/metadata.php b/templates/default/en/metadata.php
index 704e1799d..57d48db4c 100644
--- a/templates/default/en/metadata.php
+++ b/templates/default/en/metadata.php
@@ -31,15 +31,15 @@
 			
 				<h2>Send your metadata to <?php echo $this->data['federationname']; ?></h2>
 				
-				<p>simpleSAMLphp has detected that you have configured Feide as your default IdP.</p>
+				<p>simpleSAMLphp has detected that you have configured <?php echo $this->data['federationname']; ?> as your default IdP.</p>
 				
-				<p>Before you can connect to Feide, Feide needs to add your service in its trust configuration. When you
-					contact Feide to add you as a new service, you will be asked to send your metadata. Here you can easily send
-					the metadata to Feide by clicking the button below.</p>
+				<p>Before you can connect to <?php echo $this->data['federationname']; ?>, <?php echo $this->data['federationname']; ?> needs to add your service in its trust configuration. When you
+					contact <?php echo $this->data['federationname']; ?> to add you as a new service, you will be asked to send your metadata. Here you can easily send
+					the metadata to <?php echo $this->data['federationname']; ?> by clicking the button below.</p>
 					
 				<form action="<?php echo $this->data['sendmetadatato']; ?>" method="post">
 
-					<p>Feide needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
+					<p><?php echo $this->data['federationname']; ?> needs to know how to get in contact with you, so you need to type in <strong>your email address</strong>:
 						<input type="text" size="25" name="email" value="" />
 					</p>
 					
diff --git a/www/index.php b/www/index.php
index 9f756764e..17697b1b9 100644
--- a/www/index.php
+++ b/www/index.php
@@ -21,43 +21,26 @@ if ($config->getValue('admin.protectindexpage', false)) {
 	}
 }
 
-
 $warnings = array();
 
 if (SimpleSAML_Utilities::getSelfProtocol() != 'https') {
-	$warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS.';
+	$warnings[] = '<strong>You are not using HTTPS</strong> - encrypted communication with the user. Using simpleSAMLphp will works perfectly fine on HTTP for test purposes, but if you will be using simpleSAMLphp in a production environment, you should be running it on HTTPS. [ <a href="http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration">read more about simpleSAMLphp maintenance</a> ]';
 }
 
-
-
 	
 $links = array();
 
-$links[] = array(
-	'href' => 'admin/metadata.php', 
-	'text' => 'Meta data overview for your installation. Diagnose your meta data files.');
-
-if ($config->getValue('enable.saml20-sp') === true)
-	$links[] = array(
-		'href' => 'saml2/sp/metadata.php', 
-		'text' => 'SAML 2.0 Service Provider Metadata (automatically generated)');
 
 if ($config->getValue('enable.saml20-sp') === true)
 	$links[] = array(
 		'href' => 'example-simple/saml2-example.php', 
 		'text' => 'SAML 2.0 SP example - test logging in through your IdP');
 
-if ($config->getValue('enable.saml20-idp') === true)
-	$links[] = array(
-		'href' => 'saml2/idp/metadata.php', 
-		'text' => 'SAML 2.0 Identity Provider Metadata (automatically generated)');
-
 if ($config->getValue('enable.shib13-sp') === true)
 	$links[] = array(
 		'href' => 'example-simple/shib13-example.php', 
 		'text' => 'Shibboleth 1.3 SP example - test logging in through your Shib IdP');
 
-
 if ($config->getValue('enable.openid-provider') === true)
 	$links[] = array(
 		'href' => 'openid/provider/server.php', 
@@ -67,11 +50,79 @@ $links[] = array(
 	'href' => 'example-simple/hostnames.php', 
 	'text' => 'Diagnostics on hostname, port and protocol');
 
+
+
+$linksmeta = array();
+
+$linksmeta[] = array(
+	'href' => 'admin/metadata.php', 
+	'text' => 'Meta data overview for your installation. Diagnose your meta data files.');
+
+if ($config->getValue('enable.saml20-sp') === true)
+	$linksmeta[] = array(
+		'href' => 'saml2/sp/metadata.php', 
+		'text' => 'Hosted SAML 2.0 Service Provider Metadata (automatically generated)');
+
+if ($config->getValue('enable.saml20-idp') === true)
+	$linksmeta[] = array(
+		'href' => 'saml2/idp/metadata.php', 
+		'text' => 'Hosted SAML 2.0 Identity Provider Metadata (automatically generated)');
+	
+
+
+$linksdoc = array();
+
+$linksdoc[] = array(
+	'href' => 'http://rnd.feide.no/content/installing-simplesamlphp', 
+	'text' => 'Installing simpleSAMLphp');
+
+if ($config->getValue('enable.saml20-sp', false ) || $config->getValue('enable.shib13-sp', false))
+	$linksdoc[] = array(
+		'href' => 'http://rnd.feide.no/content/using-simplesamlphp-service-provider', 
+		'text' => 'Using simpleSAMLphp as a Service Provider');
+
+if ($config->getValue('enable.saml20-idp', false ) || $config->getValue('enable.shib13-idp', false))
+	$linksdoc[] = array(
+		'href' => 'http://rnd.feide.no/content/using-simplesamlphp-identity-provider', 
+		'text' => 'Using simpleSAMLphp as an Identity Provider');
+
+if ($config->getValue('enable.shib13-idp', false))
+	$linksdoc[] = array(
+		'href' => 'http://rnd.feide.no/content/configure-shibboleth-13-sp-work-simplesamlphp-idp', 
+		'text' => 'Configure Shibboleth 1.3 SP to work with simpleSAMLphp IdP');
+
+if ($config->getValue('enable.saml20-idp', false ))
+	$linksdoc[] = array(
+		'href' => 'http://rnd.feide.no/content/simplesamlphp-idp-google-apps-education', 
+		'text' => 'simpleSAMLphp as an IdP for Google Apps for Education');
+
+$linksdoc[] = array(
+	'href' => 'http://rnd.feide.no/content/simplesamlphp-advanced-features', 
+	'text' => 'simpleSAMLphp Advanced Features
+');
+
+
+
+$linksdoc[] = array(
+	'href' => 'http://rnd.feide.no/content/simplesamlphp-maintenance-and-configuration', 
+	'text' => 'simpleSAMLphp Maintenance and Configuration');
+
+$enablematrix = array(
+	'saml20-sp' => $config->getValue('enable.saml20-sp', false),
+	'saml20-idp' => $config->getValue('enable.saml20-idp', false),
+	'shib13-sp' => $config->getValue('enable.shib13-sp', false),
+	'shib13-idp' => $config->getValue('enable.shib13-idp', false),
+);
+
+
 $t = new SimpleSAML_XHTML_Template($config, 'frontpage.php');
 $t->data['header'] = 'simpleSAMLphp installation page';
 $t->data['icon'] = 'compass_l.png';
 $t->data['warnings'] = $warnings;
 $t->data['links'] = $links;
+$t->data['links_meta'] = $linksmeta;
+$t->data['links_doc'] = $linksdoc;
+$t->data['enablematrix'] = $enablematrix;
 
 $t->show();
 
diff --git a/www/resources/default.css b/www/resources/default.css
index 5d1eb0535..5b712f557 100644
--- a/www/resources/default.css
+++ b/www/resources/default.css
@@ -217,4 +217,21 @@ div.caution {
 th.rowtitle {
         text-align: left;
 }
-
+.enablebox table {
+	border: 1px solid #eee;
+	float: right;
+	margin-left: 1em;
+}
+.enablebox tr td {
+	padding: .5px 1em 1px .5em;
+	margin: 0px;
+}
+.enablebox {
+	font-size: 85%;
+}
+.enablebox tr.enabled td {
+	background: #eee;
+}
+.enablebox tr.disabled td {
+	background: #ccc;
+}
\ No newline at end of file
diff --git a/www/resources/icons/accept.png b/www/resources/icons/accept.png
new file mode 100755
index 0000000000000000000000000000000000000000..89c8129a490b329f3165f32fa0781701aab417ea
GIT binary patch
literal 781
zcmeAS@N?(olHy`uVBq!ia0y~yU=RRd4mJh`2Kmqb6B!s7SkfJR9T^zbpD<_bdda}R
zAX(xXQ4*Y=R#Ki=l*-_klAn~S;F+74o*I;zm{M7IGS!BGfoZ;{i(`nz>7|ojdj}`V
z9RF)wcCIXknKQ*jv8g4XT2w{IdKT}|Jv!c(@9w>1mVCpf+o&k+n1`nB<||pnez~u%
zJi9i<sPJZ>)0w?5owg>HY|MZD=BSU5a@7NFe*W{%KUc3SWO(#Xy`D$p2VZB=a{gDF
zZ8d$4J^q{cvcp2BRMjXbeUaVWec@YHE1aM0b=u~n;#~K(*^b=5rtMzzGA75Z^R<M^
z-Vl#V&KIq@ZmcSKRuS~%)f~ZdSL<%X#WiQHGm={OKH{zOV;@nz8$TwdNYB5gcH-j_
z4&%F?uVv2ouHl@r@K8L{*)x(aZcN#{^4r|jzh7-*=B#SC;k2%M{p3S49G>|ZtvI%6
z(NxPB%%S&!1AN4t3_}^dhA7_2ZZ@cxTCic#oq5V0JDjAFntB8cFH7dMncisOiZ`6%
z|3qg7|5Fudf4gJ%cO2LnkiwgLUOI7hwo8re$s;W8Z#kv;!}1oJEoi(JePmq<L%001
zg|jq{+_)7W@^9l$+1&Gb2Mq#y_9dvZxFsp8O}Mk%?AP?&iC<O+yuSYE^7a0}7k{U3
zH@smK&A(M!y6Su87j|of6+dGyI2)Qjn|)zlf#fbv%QO43T=v!W9hz-#o>*DMn0ihp
zBf`;p0pHs=;}u#-+1x9)v#|Yikb0wC9%!rBeydif^zze)s_hNiZn90`lWRXz$Yhny
z_h$XBiFvj>t0vvBI+CItzoUPz)MoeQ_A{~}ea{@N=P+NLz~jX(&UfzE;-z{L?Oloi
zpRZ|}D&F}vL1?yz)xO4#8Fx|(HcYzKAo=T}(j4h&i>Kagn%nyIoYDvHN<pz@<u#|O
zr95UC2`Xl`v%IY{u8NPiXr14BG}|f4TZ@G&t|LhB%ewiUR{mWY%nO%iakwpb+RCaG
qH)HLI4Htu#w!B!s|6}}T?(_?5o>uO<lFY!sz~JfX=d#Wzp$P!~8e#$f

literal 0
HcmV?d00001

diff --git a/www/resources/icons/delete.png b/www/resources/icons/delete.png
new file mode 100755
index 0000000000000000000000000000000000000000..08f249365afd29594b51210c6e21ba253897505d
GIT binary patch
literal 715
zcmeAS@N?(olHy`uVBq!ia0y~yU=RRd4mJh`2Kmqb6B!s7SkfJR9T^zbpD<_bdda}R
zAX(xXQ4*Y=R#Ki=l*-_klAn~S;F+74o*I;zm{M7IGS!BGfhpG0#WBR<^wP<{y@L}a
zj{l9`CclWKGq0s3Fkr@Kqw;IF?kqdE*{45RCn>XUZsIJ*-lH);oL4L@yLu|#$Tw$7
zlv~#Ig-<try5#4Zl{;^9_NnbV6V&vSs~-M7efsy$JvRL3Co?HLt>5%4DQvy?xd72;
z-$Nvgm#XgcT-#RdzG`M+P-fZG6Roego|RNRQg+>VU&gG3eQw7dN!OGVjz4$#&PaKE
zTs0wK{_3MHK?jX&V*NgHZ@1oH@>T5OKI@Kcw*_<U+U3n>Z?L$--hZ+oFxBk8&pgjH
zLT6r-G)cU9wr+cJXQ5)%N1mE8?myeITJ$3XG8YJLo9FQ39`6}hRl}N$`M)>j^eZTK
z9Q;zVR<e8D#vlEP?7Z(Im77X;g+BC~#8Do5@bn%Y9uMOeEf1JWTR2N%UAJtOw98iA
zC+0ahZQ&%A{MC)egIe2NtR@Q>JiV3hq)vPhA9u}i-XE7gY7{+K%Jncmuf;gu-9T}M
zN_W%3b73v7c{%23MTZ;2uWH)AQt<C1UG1h$A<@TMuPLM~KPVf1Twbl$h<{&{aGI~%
zm(ELJUIn73Gu_mjHf-j#Tg!7V=%mz)sp-wS6BI7gaXLTBeR1~ImP<#jy9OQP=6yJC
z^#z53)u#70R8IXNzTyO{cK1Oe!yntkdc?h_Czfx|Se$TGp;z>YfN~e}pD&4`OxL46
z?w!}x9`a~&6l4Be$v;oUd{%tEIC<)+;|WSHHSDLpSDz<y=X9S}*+cKGg7?}!f2>($
z)#h#)Jw5STxy4H(UaxX)_9HLT)HhD9oUniHYw_G?RmGQQ%zG13T>gyhVf^-w@t=id
YFP+=zStR|Bfq{X+)78&qol`;+02FXV-~a#s

literal 0
HcmV?d00001

diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 560925305..0055f956d 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -58,13 +58,13 @@ try {
         WantAuthnRequestsSigned="false"
         protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
         
-                <KeyDescriptor use="signing">
-                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-                          <ds:X509Data>
-                                <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
-                        </ds:X509Data>
-                  </ds:KeyInfo>
-                </KeyDescriptor>  
+		<KeyDescriptor use="signing">
+			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+				<ds:X509Data>
+					<ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
+				</ds:X509Data>
+			</ds:KeyInfo>
+		</KeyDescriptor>  
         
 
         
@@ -103,19 +103,15 @@ try {
 
 	$defaultidp = $config->getValue('default-saml20-idp');
 	
-	$et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+	$t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
 	
 
-	$et->data['header'] = 'SAML 2.0 IdP Metadata';
-	
-	$et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
-	$et->data['metadata'] = htmlentities($metaxml);
-	$et->data['metadataflat'] = htmlentities($metaflat);
-	
-	$et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
-	$et->data['defaultidp'] = $defaultidp;
-	
-	$et->show();
+	$t->data['header'] = 'SAML 2.0 IdP Metadata';
+	$t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+	$t->data['metadata'] = htmlentities($metaxml);
+	$t->data['metadataflat'] = htmlentities($metaflat);
+	$t->data['defaultidp'] = $defaultidp;
+	$t->show();
 	
 } catch(Exception $exception) {
 	
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index 30f27dea5..7ebe40ba1 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -73,27 +73,34 @@ try {
 	</SPSSODescriptor>
 
 </EntityDescriptor>';
+
+	if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') {
+		header('Content-Type: application/xml');
+		
+		echo $metaxml;
+		exit(0);
+	}
 	
-	$defaultidp = $config->getValue('default-saml20-idp');
 	
-	$et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+	$defaultidp = $config->getValue('default-saml20-idp');
 	
+	$t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
 
-	$et->data['header'] = 'SAML 2.0 SP Metadata';
-	$et->data['metadata'] = htmlentities($metaxml);
-	$et->data['metadataflat'] = htmlentities($metaflat);
+	$t->data['header'] = 'SAML 2.0 SP Metadata';
+	$t->data['metadata'] = htmlentities($metaxml);
+	$t->data['metadataflat'] = htmlentities($metaflat);
+	$t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
 	
 	if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
-		$et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
-		$et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
+		$t->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
+		$t->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
 	}
 
-	$et->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
-	$et->data['version'] = $config->getValue('version', 'na');
-	$et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
-	$et->data['defaultidp'] = $defaultidp;
+	$t->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
+	$t->data['version'] = $config->getValue('version', 'na');
+	$t->data['defaultidp'] = $defaultidp;
 	
-	$et->show();
+	$t->show();
 	
 } catch(Exception $exception) {
 	
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index 560925305..84e0672e6 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -14,7 +14,7 @@ $config = SimpleSAML_Configuration::getInstance();
 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance(true);
 
-if (!$config->getValue('enable.saml20-idp', false))
+if (!$config->getValue('enable.shib13-idp', false))
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
 
@@ -29,8 +29,8 @@ if (!isset($session) || !$session->isValid('login-admin') ) {
 
 try {
 
-	$idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted');
-	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+	$idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('shib13-idp-hosted');
+	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
 	
 	$publiccert = $config->getBaseDir() . '/cert/' . $idpmeta['certificate'];
 
@@ -45,51 +45,36 @@ try {
 	'" . htmlspecialchars($idpentityid) . "' =>  array(
 		'name'                 => 'Type in a name for this entity',
 		'description'          => 'and a proper description that would help users know when to select this IdP.',
-		'SingleSignOnService'  => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . "',
-		'SingleLogoutService'  => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . "',
+		'SingleSignOnService'  => '" . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . "',
 		'certFingerprint'      => '" . strtolower(sha1(base64_decode($data))) ."'
 	),
 ";
 	
 	$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-	<EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
- entityID="' . htmlspecialchars($idpentityid) . '">
-    <IDPSSODescriptor
-        WantAuthnRequestsSigned="false"
-        protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-        
-                <KeyDescriptor use="signing">
-                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-                          <ds:X509Data>
-                                <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
-                        </ds:X509Data>
-                  </ds:KeyInfo>
-                </KeyDescriptor>  
-        
-
-        
-        <!-- Logout endpoints -->
-        <SingleLogoutService
-            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-            Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
-            ResponseLocation="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '"
-            index="0" 
-            isDefault="true"
-            />
-
-        
-        <!-- Supported Name Identifier Formats -->
-        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
-        
-        <!-- AuthenticationRequest Consumer endpoint -->
-        <SingleSignOnService
-            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-            Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . '"
-            index="0" 
-            isDefault="true"
-            />
-        
-    </IDPSSODescriptor>
+<EntityDescriptor entityID="' . htmlspecialchars($idpentityid) . '">
+
+	<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+
+		<KeyDescriptor use="signing">
+			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+				<ds:X509Data>
+					<ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate>
+				</ds:X509Data>
+			</ds:KeyInfo>
+		</KeyDescriptor>
+
+		<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+		
+		<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+			Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted')) . '"/>
+
+	</IDPSSODescriptor>
+
+	<ContactPerson contactType="technical">
+		<SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName>
+		<EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress>
+	</ContactPerson>
+	
 </EntityDescriptor>';
 	
 	
@@ -101,21 +86,19 @@ try {
 	}
 
 
-	$defaultidp = $config->getValue('default-saml20-idp');
-	
-	$et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+	$defaultidp = $config->getValue('default-shib13-idp');
 	
+	$t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
 
-	$et->data['header'] = 'SAML 2.0 IdP Metadata';
+	$t->data['header'] = 'Shib 1.3 IdP Metadata';
 	
-	$et->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
-	$et->data['metadata'] = htmlentities($metaxml);
-	$et->data['metadataflat'] = htmlentities($metaflat);
-	
-	$et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
-	$et->data['defaultidp'] = $defaultidp;
+	$t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
+	$t->data['metadata'] = htmlspecialchars($metaxml);
+	$t->data['metadataflat'] = htmlspecialchars($metaflat);
+
+	$t->data['defaultidp'] = $defaultidp;
 	
-	$et->show();
+	$t->show();
 	
 } catch(Exception $exception) {
 	
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index 30f27dea5..e7a71c472 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -13,87 +13,69 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance(TRUE);
 
 
-if (!$config->getValue('enable.saml20-sp', false))
+if (!$config->getValue('enable.shib13-sp', false))
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
 
-/**
- * Preconfigured to help out some federations. This makes it easier for users to report metadata
- * to the administrators of the IdP.
- */
-$send_metadata_to_idp = array(
-	'sam.feide.no'	=> array(
-		'name' 		=> 'Feide',
-		'address'	=> 'http://rnd.feide.no/content/sending-information-simplesamlphp'
-	),
-	'max.feide.no'	=> array(
-		'name' 		=> 'Feide',
-		'address'	=> 'http://rnd.feide.no/content/sending-information-simplesamlphp'
-	)
-);
-
 
 try {
 
-	$spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent();
-	$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-	
-	/*
-	if (!$spmeta['assertionConsumerServiceURL']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: assertionConsumerServiceURL');
-	if (!$spmeta['SingleLogOutUrl']) throw new Exception('The following parameter is not set in your SAML 2.0 SP Hosted metadata: SingleLogOutUrl');
-	*/
+	$spmeta = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrent('shib13-sp-hosted');
+	$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted');
 	
+
 	$metaflat = "
 	'" . htmlspecialchars($spentityid) . "' => array(
- 		'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "',
- 		'SingleLogoutService'      => '" . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . "'
+ 		'AssertionConsumerService' => '" . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . "'
 	)
 ";
 	
 	$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '">
+	<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
 
-	<SPSSODescriptor 
-		AuthnRequestsSigned="false" 
-		WantAssertionsSigned="false" 
-		protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-
-		<SingleLogoutService 
-			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
-			Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . '"/>
+		<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
 		
-		<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+		<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted')) . '" index="1" isDefault="true" />
 		
-		<AssertionConsumerService 
-			index="0" 
-			isDefault="true" 
-			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
-			Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . '" />
-
 	</SPSSODescriptor>
-
+	
+	<ContactPerson contactType="technical">
+		<SurName>' . $config->getValue('technicalcontact_name', 'Not entered') . '</SurName>
+		<EmailAddress>' . $config->getValue('technicalcontact_email', 'Not entered') . '</EmailAddress>
+	</ContactPerson>
+		
 </EntityDescriptor>';
+
+	if (array_key_exists('output', $_GET) && $_GET['output'] == 'xml') {
+		header('Content-Type: application/xml');
+		
+		echo $metaxml;
+		exit(0);
+	}
 	
-	$defaultidp = $config->getValue('default-saml20-idp');
+	$defaultidp = $config->getValue('default-shib13-idp');
 	
-	$et = new SimpleSAML_XHTML_Template($config, 'metadata.php');
+	$t = new SimpleSAML_XHTML_Template($config, 'metadata.php');
 	
 
-	$et->data['header'] = 'SAML 2.0 SP Metadata';
-	$et->data['metadata'] = htmlentities($metaxml);
-	$et->data['metadataflat'] = htmlentities($metaflat);
+	$t->data['header'] = 'Shib 1.3 SP Metadata';
+	$t->data['metadata'] = htmlspecialchars($metaxml);
+	$t->data['metadataflat'] = htmlspecialchars($metaflat);
+	$t->data['metaurl'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), 'output=xml');
 	
+	/*
 	if (array_key_exists($defaultidp, $send_metadata_to_idp)) {
 		$et->data['sendmetadatato'] = $send_metadata_to_idp[$defaultidp]['address'];
 		$et->data['federationname'] = $send_metadata_to_idp[$defaultidp]['name'];
 	}
+	*/
 
-	$et->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
-	$et->data['version'] = $config->getValue('version', 'na');
-	$et->data['feide'] = in_array($defaultidp, array('sam.feide.no', 'max.feide.no'));
-	$et->data['defaultidp'] = $defaultidp;
+	$t->data['techemail'] = $config->getValue('technicalcontact_email', 'na');
+	$t->data['version'] = $config->getValue('version', 'na');
+	$t->data['defaultidp'] = $defaultidp;
 	
-	$et->show();
+	$t->show();
 	
 } catch(Exception $exception) {
 	
-- 
GitLab