Skip to content
Snippets Groups Projects
Commit dd499f6d authored by Olav Morken's avatar Olav Morken
Browse files

openidProvider: OpenID 2.0 support.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2168 44740490-163a-0410-bde0-09ae8108e29a
parent 885a76ed
Branches
Tags
No related merge requests found
...@@ -80,7 +80,7 @@ class sspmod_openidProvider_Server { ...@@ -80,7 +80,7 @@ class sspmod_openidProvider_Server {
SimpleSAML_Utilities::maskErrors(E_WARNING | E_STRICT); SimpleSAML_Utilities::maskErrors(E_WARNING | E_STRICT);
try { try {
$store = new Auth_OpenID_FileStore($config->getString('filestore')); $store = new Auth_OpenID_FileStore($config->getString('filestore'));
$this->server = new Auth_OpenID_Server($store); $this->server = new Auth_OpenID_Server($store, $this->getServerURL());
} catch (Exception $e) { } catch (Exception $e) {
SimpleSAML_Utilities::popErrorMask(); SimpleSAML_Utilities::popErrorMask();
throw $e; throw $e;
...@@ -378,7 +378,9 @@ class sspmod_openidProvider_Server { ...@@ -378,7 +378,9 @@ class sspmod_openidProvider_Server {
} }
$identity = $this->getIdentity(); $identity = $this->getIdentity();
if ($identity !== $request->identity) { assert('$identity !== FALSE'); /* Should always be logged in here. */
if (!$request->idSelect() && $identity !== $request->identity) {
/* The identity in the request doesn't match the one of the logged in user. */ /* The identity in the request doesn't match the one of the logged in user. */
throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.'); throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.');
} }
...@@ -403,7 +405,7 @@ class sspmod_openidProvider_Server { ...@@ -403,7 +405,7 @@ class sspmod_openidProvider_Server {
} }
/* The user is authenticated, and trusts this site. */ /* The user is authenticated, and trusts this site. */
$this->sendResponse($request->answer(TRUE)); $this->sendResponse($request->answer(TRUE, NULL, $identity));
} }
......
...@@ -15,8 +15,10 @@ if ($userId !== FALSE) { ...@@ -15,8 +15,10 @@ if ($userId !== FALSE) {
$title = $this->t('{openidProvider:openidProvider:title_no_user}'); $title = $this->t('{openidProvider:openidProvider:title_no_user}');
} }
$serverLink = '<link rel="openid.server" href="' . htmlspecialchars($serverURL) . '" />'; $serverLink = '<link rel="openid.server" href="' . htmlspecialchars($serverURL) . '" />' . "\n";
$delegateLink = '<link rel="openid.delegate" href="' . htmlspecialchars($userIdURL) . '" />'; $serverLink .= '<link rel="openid2.provider" href="' . htmlspecialchars($serverURL) . '" />';
$delegateLink = '<link rel="openid.delegate" href="' . htmlspecialchars($userIdURL) . '" />' . "\n";
$delegateLink .= '<link rel="openid2.local_id" href="' . htmlspecialchars($userIdURL) . '" />';
$this->data['header'] = $title; $this->data['header'] = $title;
$this->data['head'] = $serverLink; $this->data['head'] = $serverLink;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment