Skip to content
Snippets Groups Projects
Commit dfc32e4f authored by Hans Zandbelt's avatar Hans Zandbelt
Browse files

cleanup: improve consistency, naming, spelling fixes, comments etc. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@254 44740490-163a-0410-bde0-09ae8108e29a
parent e74590bb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 35 additions and 30 deletions
www/aselect/handler.php
+ 35
30
View file @ dfc32e4f
...@@ -21,21 +21,21 @@ ...@@ -21,21 +21,21 @@
* *
* Connect "local" A-Select Server: * Connect "local" A-Select Server:
* configure simpleSAMLphp as a "remote" aselect server as follows (example): * configure simpleSAMLphp as a "remote" aselect server as follows (example):
* <organization id="simplSAMLphp" * <organization id="simpleSAMLphp"
* server="localhost" * server="default.aselect.org"
* friendly_name="simpleSAMLphp (TEST)" * friendly_name="simpleSAMLphp (TEST)"
* resourcegroup="remote_simplsamlphp_resources" /> * resourcegroup="remote_simplesamlphp_resources" />
* *
* <resourcegroup id="remote_simplsamlphp_resources" * <resourcegroup id="remote_simplesamlphp_resources"
* interval="30"> * interval="30">
* <resource id="simpleSAMLphp1"> * <resource id="simpleSAMLphp1">
* <url>https: *localhost/simplesaml/aselect/handler.php</url> * <url>https://localhost/simplesaml/aselect/handler.php</url>
* </resource> * </resource>
* </resourcegroup> * </resourcegroup>
* *
* Bridge to "remote" A-Select Server: * Bridge to "remote" A-Select Server:
* configure simpleSAMLphp as a "local" aselect server as follows (example): * configure simpleSAMLphp as a "local" aselect server as follows (example):
* <organization id="simplSAMLphp" server="localhost"> * <organization id="simpleSAMLphp" server="default.aselect.org">
* <level>1</level> * <level>1</level>
* <forced_authenticate>false</forced_authenticate> * <forced_authenticate>false</forced_authenticate>
* <attribute_policy>policyA</attribute_policy> * <attribute_policy>policyA</attribute_policy>
...@@ -46,21 +46,20 @@ ...@@ -46,21 +46,20 @@
* *
* TODO: * TODO:
* - separate metadata configuration into metadata/aselect-*-*.php * - separate metadata configuration into metadata/aselect-*-*.php
* - remote IDP discovery handling (similar to saml2: with optional default)
* - add robustness/error-handling/error-reporting * - add robustness/error-handling/error-reporting
* - generic bridging
*
* - factor out common, app/local server and remote server code * - factor out common, app/local server and remote server code
*
* - dynamic bridging after IDP discovery across all protocols (core feature)
*/ */
require_once('../../www/_include.php'); require_once('../../www/_include.php');
require_once('xmlseclibs.php'); require_once('xmlseclibs.php');
require_once('SimpleSAML/Logger.php'); require_once('SimpleSAML/Logger.php');
require_once('SimpleSAML/Configuration.php'); require_once('SimpleSAML/Configuration.php');
require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
$logger = new SimpleSAML_Logger(); $logger = new SimpleSAML_Logger();
$config = SimpleSAML_Configuration::getInstance(); $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$as_metadata = array( $as_metadata = array(
'idp' => array( 'idp' => array(
...@@ -73,14 +72,21 @@ $as_metadata = array( ...@@ -73,14 +72,21 @@ $as_metadata = array(
'authsp' => 'simpleSAMLphp', 'authsp' => 'simpleSAMLphp',
'app_level' => '10', 'app_level' => '10',
'tgt_exp_time' => '1194590521000', 'tgt_exp_time' => '1194590521000',
'logout_url' => '/' . $config->getValue('baseurlpath') . 'logout.html', # 'auth' => '/' . $config->getValue('baseurlpath') . '/auth/login.php',
# 'logout' => '/' . $config->getValue('baseurlpath') . 'logout.html',
'auth' => '/' . $config->getValue('baseurlpath') . '/saml2/sp/initSSO.php',
'logout' => '/' . $config->getValue('baseurlpath') . '/saml2/sp/initSLO.php',
'loggedout_url' => '/' . $config->getValue('baseurlpath') . 'logout.html',
), ),
'remote' => array( 'remote' => array(
// so far the IDP bridging is statically configured to the first one in
// this list; IDP discovery should be implemented
'testorg' => array( 'testorg' => array(
'server_id' => 'default.aselect.org', 'server_id' => 'default.aselect.org',
'server_url' => 'https://localhost/aselectserver/server', 'server_url' => 'https://localhost/aselectserver/server',
'sign_requests' => true, 'sign_requests' => true,
// TODO: this one is actually requestor related // fixed required authentication level per remote IDP, because this
// requestor concept cannot be mapped from the other protocols
'app_level' => '10', 'app_level' => '10',
), ),
), ),
...@@ -107,12 +113,10 @@ $as_metadata = array( ...@@ -107,12 +113,10 @@ $as_metadata = array(
'cert' => $config->getBaseDir() . '/cert/app.crt', 'cert' => $config->getBaseDir() . '/cert/app.crt',
), ),
), ),
'saml20' => array(
'sp_url_sso' => '/' . $config->getValue('baseurlpath') . '/saml2/sp/initSSO.php',
'sp_url_slo' => '/' . $config->getValue('baseurlpath') . '/saml2/sp/initSLO.php',
),
); );
// some work to put a browser request into the corresponding session that was
// started by the original "authenticate" request of the agent or local server
if ($_GET['local_rid']) session_id($_GET['local_rid']); else if ($_GET['rid']) session_id($_GET['rid']); if ($_GET['local_rid']) session_id($_GET['local_rid']); else if ($_GET['rid']) session_id($_GET['rid']);
session_start(); session_start();
...@@ -195,14 +199,14 @@ function as_request_authenticate() { ...@@ -195,14 +199,14 @@ function as_request_authenticate() {
function as_request_login() { function as_request_login() {
global $as_metadata; global $as_metadata;
$return_url = $_SERVER['PHP_SELF'] . '?request=return'; $return_url = $_SERVER['PHP_SELF'] . '?request=login_return';
header('Location: ' . header('Location: ' .
$as_metadata['saml20']['sp_url_sso'] . $as_metadata['idp']['hosted']['auth'] .
'?RelayState=' . $return_url); '?RelayState=' . $return_url);
} }
// handle browser return redirect from a bridged IDP // handle browser return redirect from a bridged IDP
function as_request_return() { function as_request_login_return() {
global $as_metadata; global $as_metadata;
$rid = session_id(); $rid = session_id();
...@@ -297,8 +301,8 @@ function as_request_logout() { ...@@ -297,8 +301,8 @@ function as_request_logout() {
global $as_metadata; global $as_metadata;
header('Location: ' . header('Location: ' .
$as_metadata['saml20']['sp_url_slo'] . $as_metadata['idp']['hosted']['logout'] .
'?RelayState=' . $as_metadata['idp']['hosted']['logout_url']); '?RelayState=' . urlencode($as_metadata['idp']['hosted']['loggedout_url']));
} }
// helper function for sending a non-browser request to a remote server // helper function for sending a non-browser request to a remote server
...@@ -314,9 +318,9 @@ function as_call($url) { ...@@ -314,9 +318,9 @@ function as_call($url) {
as_error_exception('Request on remote server failed: ' . $error); as_error_exception('Request on remote server failed: ' . $error);
} }
$parms = array(); $parms = array();
foreach (explode('&', $result) as $p) { foreach (explode('&', $result) as $parm) {
$a = explode('=', $p); $tuple = explode('=', $parm);
$parms[$a[0]] = urldecode($a[1]); $parms[urldecode($tuple[0])] = urldecode($tuple[1]);
} }
if ($parms['result_code'] != '0000') { if ($parms['result_code'] != '0000') {
as_error_exception('Request on remote server returned error: ' . $result); as_error_exception('Request on remote server returned error: ' . $result);
...@@ -418,14 +422,15 @@ function as_request_bridge_return() { ...@@ -418,14 +422,15 @@ function as_request_bridge_return() {
$session->setAuthenticated(true, 'aselect'); $session->setAuthenticated(true, 'aselect');
if (array_key_exists('attributes', $parms)) { if (array_key_exists('attributes', $parms)) {
$parm = base64_decode($parms['attributes']); $decoded = base64_decode($parms['attributes']);
$attributes = array(); $attributes = array();
foreach (explode('&', $parm) as $p) { foreach (explode('&', $decoded) as $parm) {
$a = explode('=', $p); $tuple = explode('=', $parm);
if (array_key_exists($a[0], $attributes)) { $name = urldecode($tuple[0]);
$attributes[$a[0]] = array(); if (array_key_exists($name, $attributes)) {
$attributes[$name] = array();
} }
$attributes[$a[0]][] = urldecode($a[1]); $attributes[$name][] = urldecode($tuple[1]);
} }
$session->setAttributes($attributes); $session->setAttributes($attributes);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment