From e407ec9f2b1d9b8363f508766511d16f959c7b8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 30 Jan 2008 09:36:30 +0000
Subject: [PATCH] The session class now takes the nameid as an array with value
and format, instead of two separate methods. this resulted in changes in
several files.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@218 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Session.php | 9 ---
lib/SimpleSAML/XML/SAML20/AuthnResponse.php | 71 +++++++++++----------
lib/SimpleSAML/XML/SAML20/LogoutRequest.php | 6 +-
lib/SimpleSAML/XML/Shib13/AuthnResponse.php | 11 ++--
www/auth/login-admin.php | 5 +-
www/auth/login-auto.php | 4 ++
www/auth/login-ldapmulti.php | 5 +-
www/auth/login-radius.php | 4 ++
www/auth/login.php | 5 +-
www/saml2/idp/SingleLogoutService.php | 2 +-
www/saml2/sp/initSLO.php | 4 +-
11 files changed, 65 insertions(+), 61 deletions(-)
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index baf314b79..de749e2b7 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -50,7 +50,6 @@ class SimpleSAML_Session {
private $sessionindex = null;
private $nameid = null;
- private $nameidformat = null;
private $sp_at_idpsessions = array();
@@ -295,13 +294,6 @@ class SimpleSAML_Session {
public function getNameID() {
return $this->nameid;
}
- public function setNameIDformat($nameidformat) {
- $this->dirty = true;
- $this->nameidformat = $nameidformat;
- }
- public function getNameIDformat() {
- return $this->nameidformat;
- }
public function setAuthenticated($auth, $authority = null) {
if ($auth === false) $this->dirty = false;
@@ -381,7 +373,6 @@ class SimpleSAML_Session {
$this->sessionindex = null;
$this->nameid = null;
- $this->nameidformat = null;
$this->sp_at_idpsessions = array();
}
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index 8f0866566..3a60eb418 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -138,28 +138,19 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
public function createSession() {
-
SimpleSAML_Session::init(true, 'saml2');
$session = SimpleSAML_Session::getInstance();
$session->setAttributes($this->getAttributes());
-
-
- $nameid = $this->getNameID();
-
- $session->setNameID($nameid['NameID']);
- $session->setNameIDFormat($nameid['Format']);
+
+ $session->setNameID($this->getNameID());
$session->setSessionIndex($this->getSessionIndex());
$session->setIdP($this->getIssuer());
- /*
- $nameID["NameID"] = $node->nodeValue;
- $nameID["NameQualifier"] = $node->getAttribute('NameQualifier');
- $nameID["SPNameQualifier"] = $node->getAttribute('SPNameQualifier');
- */
return $session;
}
- //TODO
+
+ // TODO: Not tested, but neigther is it used.
function getSessionIndex() {
$token = $this->getDOM();
if ($token instanceof DOMDocument) {
@@ -307,13 +298,12 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$nodelist = $xPath->query($query);
if ($node = $nodelist->item(0)) {
- $nameID["NameID"] = $node->nodeValue;
+ $nameID["value"] = $node->nodeValue;
//$nameID["NameQualifier"] = $node->getAttribute('NameQualifier');
//$nameID["SPNameQualifier"] = $node->getAttribute('SPNameQualifier');
$nameID["Format"] = $node->getAttribute('Format');
}
}
- //echo '<pre>'; print_r($nameID); echo '</pre>';
return $nameID;
}
@@ -347,14 +337,32 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
}
- // Not updated for response. from request.
+ /**
+ * This function generates an AuthenticationResponse
+ *
+ * @param $idpentityid entityid of IdP
+ * @param $spentityid entityid of SP
+ * @param $inresponseto the ID of the request, that these message is an response to.
+ * @param $nameid the NameID of the user (an array)
+ * @param $attributes A two level array of multivalued attributes, where the first level
+ * index is the attribute name.
+ *
+ * @return AuthenticationResponse as string
+ */
public function generate($idpentityid, $spentityid, $inresponseto, $nameid, $attributes) {
-
- //echo 'idp:' . $idpentityid . ' sp:' . $spentityid .' inresponseto:' . $inresponseto . ' namid:' . $nameid;
-
+
+ /**
+ * Retrieving metadata for the two specific entity IDs.
+ */
$idpmd = $this->metadata->getMetaData($idpentityid, 'saml20-idp-hosted');
$spmd = $this->metadata->getMetaData($spentityid, 'saml20-sp-remote');
+ $issuer = $idpentityid;
+ $destination = $spmd['AssertionConsumerService'];
+
+ /**
+ * Generating IDs and timestamps.
+ */
$id = self::generateID();
$issueInstant = self::generateIssueInstant();
$assertionExpire = self::generateIssueInstant(60 * 5); # 5 minutes
@@ -362,32 +370,34 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$assertionid = self::generateID();
$sessionindex = self::generateID();
-
- $issuer = $idpentityid;
-
- $assertionConsumerServiceURL = $spmd['AssertionConsumerService'];
-
- $destination = $spmd['AssertionConsumerService'];
+ /**
+ * Handling attributes.
+ */
$base64 = isset($spmd['base64attributes']) ? $spmd['base64attributes'] : false;
-
$encodedattributes = '';
foreach ($attributes AS $name => $values) {
$encodedattributes .= self::enc_attribute($name, $values, $base64);
}
$attributestatement = '<saml:AttributeStatement>' . $encodedattributes . '</saml:AttributeStatement>';
-
if (!$spmd['simplesaml.attributes'])
$attributestatement = '';
- $namid = null;
+
+ /**
+ * Handling NameID
+ */
+ $nameid = null;
if ($spmd['NameIDFormat'] == self::EMAIL) {
$nameid = $this->generateNameID($spmd['NameIDFormat'], $attributes[$spmd['simplesaml.nameidattribute']][0]);
} else {
$nameid = $this->generateNameID($spmd['NameIDFormat'], self::generateID());
}
+ /**
+ * Generating the response.
+ */
$authnResponse = '<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
@@ -427,11 +437,6 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
</samlp:Response>
';
-
-//echo $authnResponse;
-
-
- // echo $authnResponse; exit(0);
return $authnResponse;
}
diff --git a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php
index e1c908849..50b3dcd37 100644
--- a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php
+++ b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php
@@ -110,7 +110,7 @@ class SimpleSAML_XML_SAML20_LogoutRequest {
- public function generate($issuer, $receiver, $nameid, $nameidformat, $sessionindex, $mode) {
+ public function generate($issuer, $receiver, $nameid, $sessionindex, $mode) {
if (!in_array($mode, array('SP', 'IdP'))) {
throw new Exception('mode parameter of generate() must be either SP or IdP');
@@ -151,8 +151,8 @@ class SimpleSAML_XML_SAML20_LogoutRequest {
"xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" " .
// "NameQualifier=\"" . $nameId["NameQualifier"] . "\" " .
// "SPNameQualifier=\"" . $nameId["SPNameQualifier"] . "\" " .
- "Format=\"" . htmlspecialchars($nameidformat) . "\">" .
- htmlspecialchars($nameid) .
+ "Format=\"" . htmlspecialchars($nameid['Format']) . "\">" .
+ htmlspecialchars($nameid['value']) .
"</saml:NameID>" .
"<samlp:SessionIndex " .
"xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">" .
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 138ce35e2..00e4f75b0 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -15,7 +15,6 @@ require_once('xmlseclibs.php');
* @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
* @package simpleSAMLphp
* @version $Id$
- * @abstract
*/
class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
@@ -100,8 +99,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$nameid = $this->getNameID();
- $session->setNameID($nameid['NameID']);
- $session->setNameIDFormat($nameid['Format']);
+ $session->setNameID($nameid);
$session->setSessionIndex($this->getSessionIndex());
/*
$nameID["NameID"] = $node->nodeValue;
@@ -254,8 +252,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
}
public function getNameID() {
-
-
+
$token = $this->getDOM();
$nameID = array();
if ($token instanceof DOMDocument) {
@@ -266,9 +263,9 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$query = '/mysamlp:Response/mysaml:Assertion/mysaml:AuthenticationStatement/mysaml:Subject/mysaml:NameIdentifier';
$nodelist = $xPath->query($query);
if ($node = $nodelist->item(0)) {
- $nameID["NameID"] = $node->nodeValue;
+ $nameID["value"] = $node->nodeValue;
$nameID["Format"] = $node->getAttribute('Format');
- $nameID["NameQualifier"] = $node->getAttribute('NameQualifier');
+ //$nameID["NameQualifier"] = $node->getAttribute('NameQualifier');
}
}
return $nameID;
diff --git a/www/auth/login-admin.php b/www/auth/login-admin.php
index d2df389a4..c66576c7f 100644
--- a/www/auth/login-admin.php
+++ b/www/auth/login-admin.php
@@ -57,8 +57,9 @@ if (isset($_POST['password'])) {
$session->setAuthenticated(true, 'login-admin');
$session->setAttributes($attributes);
- $session->setNameID(SimpleSAML_Utilities::generateID());
- $session->setNameIDFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
$logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'admin', 'OK', $username, $username . ' successfully authenticated');
diff --git a/www/auth/login-auto.php b/www/auth/login-auto.php
index 49090cdcb..fb4984965 100644
--- a/www/auth/login-auto.php
+++ b/www/auth/login-auto.php
@@ -87,7 +87,11 @@ if($session == NULL) {
* configuration.
*/
$session->setAuthenticated(true, 'login-auto');
+
$session->setAttributes($attributes);
+$session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/* Return the user to the page set in the RelayState parameter. */
$returnto = $_REQUEST['RelayState'];
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index a85f9ac98..6e63a6820 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -84,8 +84,9 @@ if (isset($_POST['username'])) {
$session->setAuthenticated(true, 'login-ldapmulti');
$session->setAttributes($attributes);
- $session->setNameID(SimpleSAML_Utilities::generateID());
- $session->setNameIDFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
$returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirect($returnto);
diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php
index f8488d512..1f50f32d4 100644
--- a/www/auth/login-radius.php
+++ b/www/auth/login-radius.php
@@ -79,7 +79,11 @@ if (isset($_POST['username'])) {
$logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'radius', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
$session->setAuthenticated(true, 'login-radius');
+
$session->setAttributes($attributes);
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
$returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirect($returnto);
diff --git a/www/auth/login.php b/www/auth/login.php
index 2fc4839c2..f79792673 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -140,8 +140,9 @@ if (isset($_POST['username'])) {
$session->setAttributes($attributes);
- $session->setNameID(SimpleSAML_Utilities::generateID());
- $session->setNameIDFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
$logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'OK', $username, $username . ' successfully authenticated');
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index 632cd4915..9c58dd5d9 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -170,7 +170,7 @@ if ($spentityid) {
$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
// ($issuer, $receiver, $nameid, $nameidformat, $sessionindex, $mode) {
- $req = $lr->generate($idpentityid, $spentityid, $session->getNameID(), $session->getNameIDFormat(), $session->getSessionIndex(), 'IdP');
+ $req = $lr->generate($idpentityid, $spentityid, $session->getNameID(), $session->getSessionIndex(), 'IdP');
$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
index 15cba55cb..6a331cfc0 100644
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -32,8 +32,8 @@ if (isset($session) ) {
try {
$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
- // ($issuer, $receiver, $nameid, $nameidformat, $sessionindex, $mode) {
- $req = $lr->generate($spentityid, $idpentityid, $session->getNameID(), $session->getNameIDFormat(), $session->getSessionIndex(), 'SP');
+ // ($issuer, $receiver, $nameid, $sessionindex, $mode) {
+ $req = $lr->generate($spentityid, $idpentityid, $session->getNameID(), $session->getSessionIndex(), 'SP');
$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
--
GitLab