Skip to content
Snippets Groups Projects
Commit e8520be9 authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Added the possibility for the logger to get the trackID it self... Temporary...

Added the possibility for the logger to get the trackID it self... Temporary thing, we shuold rewrite and improve the logging class a bit.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@165 44740490-163a-0410-bde0-09ae8108e29a
parent edd56cef
No related branches found
No related tags found
No related merge requests found
......@@ -9,7 +9,7 @@
*/
require_once('SimpleSAML/Configuration.php');
require_once('SimpleSAML/Session.php');
/**
* A logger class.
......@@ -33,9 +33,14 @@ class SimpleSAML_Logger {
/*
* Log a message to syslog.
*/
public function log($priority, $trackid, $module, $submodule, $eventtype, $content, $message) {
public function log($priority, $trackid = null, $module, $submodule, $eventtype, $content, $message) {
if ($priority < $this->loglevel) return;
if ($trackid == null) {
$session = SimpleSAML_Session::getInstance(true);
$trackid = $session->getTrackID();
}
$contentstring = '';
if (is_array($content)) {
$contentstring = implode('|', $content);
......
......@@ -13,6 +13,7 @@ require_once('SimpleSAML/Configuration.php');
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/XML/Parser.php');
require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
require_once('SimpleSAML/Logger.php');
/**
* Configuration of SimpleSAMLphp
......@@ -21,6 +22,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
private static $cachedfiles;
private $logger;
/* This constructor is included in case it is needed in the the
* future. Including it now allows us to write parent::__construct() in
......@@ -28,6 +30,8 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
*/
protected function __construct() {
if (!isset($this->cachedfiles)) $this->cachedfiles = array();
$this->logger = new SimpleSAML_Logger();
}
......@@ -54,36 +58,61 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
$config = SimpleSAML_Configuration::getInstance();
assert($config instanceof SimpleSAML_Configuration);
$metadatalocations = $config->getValue('metadata.locations');
$metadatasetfile = $config->getBaseDir() . '' .
$config->getValue('metadatadir') . 'xml/' . $settofile[$set] . '.xml';
if (!is_array($metadatalocations)) throw new Exception('Could not find config parameter: metadata.locations in config.php');
if (!array_key_exists($set, $metadatalocations)) throw new Exception('Could not find metadata location for this set: ' . $set);
$metadatalocation = $metadatalocations[$set];
if (array_key_exists($metadatasetfile, $this->cachedfiles)) {
$metadataxml = self::$cachedfiles[$metadatasetfile];
$xml = true;
if (preg_match('@^http(s)?://@i', $metadatalocation)) {
// The metadata location is an URL
$metadatasetfile = $metadatalocation;
} else {
$metadatasetfile = $config->getBaseDir() . '' .
$config->getValue('metadatadir') . $metadatalocation;
if (!file_exists($metadatasetfile)) throw new Exception('Could not find SAML 2.0 Metadata file :'. $metadatasetfile);
// for now testing with the shib aai metadata...
//$metadataxml = file_get_contents("http://www.switch.ch/aai/federation/SWITCHaai/metadata.switchaai_signed.xml");
$metadataxml = file_get_contents($metadatasetfile);
self::$cachedfiles[$metadatasetfile] = $metadataxml;
if (preg_match('@\.php$@', $metadatalocation)) {
$xml = false;
}
}
$metadata = null;
switch ($set) {
case 'saml20-idp-remote' : $metadata = $this->getmetadata_saml20idpremote($metadataxml); break;
case 'saml20-idp-hosted' : $metadata = $this->getmetadata_saml20idphosted($metadataxml); break;
case 'saml20-sp-remote' : $metadata = $this->getmetadata_saml20spremote($metadataxml); break;
case 'saml20-sp-hosted' : $metadata = $this->getmetadata_saml20sphosted($metadataxml); break;
case 'shib13-idp-remote' : $metadata = $this->getmetadata_shib13idpremote($metadataxml); break;
case 'shib13-idp-hosted' : throw new Exception('Meta data parsing for Shib 1.3 IdP Hosted not yet implemented.');
case 'shib13-sp-remote' : throw new Exception('Meta data parsing for Shib 1.3 SP Remote not yet implemented.');
case 'shib13-sp-hosted' : throw new Exception('Meta data parsing for Shib 1.3 SP Hosted not yet implemented.');
if ($xml) {
if (array_key_exists($metadatasetfile, $this->cachedfiles)) {
$metadataxml = self::$cachedfiles[$metadatasetfile];
} else {
$metadataxml = file_get_contents($metadatasetfile);
self::$cachedfiles[$metadatasetfile] = $metadataxml;
}
/*
echo '<pre>content:'; print_r($metadataxml); echo '</pre>';
echo '<p>file[' . $metadatasetfile. ']';
*/
$metadata = null;
switch ($set) {
case 'saml20-idp-remote' : $metadata = $this->getmetadata_saml20idpremote($metadataxml); break;
case 'saml20-idp-hosted' : $metadata = $this->getmetadata_saml20idphosted($metadataxml); break;
case 'saml20-sp-remote' : $metadata = $this->getmetadata_saml20spremote($metadataxml); break;
case 'saml20-sp-hosted' : $metadata = $this->getmetadata_saml20sphosted($metadataxml); break;
case 'shib13-idp-remote' : $metadata = $this->getmetadata_shib13idpremote($metadataxml); break;
case 'shib13-idp-hosted' : throw new Exception('Not implemented SAML 2.0 XML metadata for Shib 1.3 IdP Hosted, use files instead.'); break;
case 'shib13-sp-remote' : $metadata = $this->getmetadata_shib13spremote($metadataxml); break;
case 'shib13-sp-hosted' : throw new Exception('Not implemented SAML 2.0 XML metadata for Shib 1.3 SP Hosted, use files instead.'); break;
}
} else {
$metadata = $this->loadFile($metadatasetfile);
}
if (!is_array($metadata)) {
$this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'INFO', 'Loading',
'Loading metadata set [' . $set . '] from [' . $metadatasetfile . ']' );
if (!is_array($metadata))
throw new Exception('Could not load metadata set [' . $set . '] from file: ' . $metadatasetfile);
}
/*
echo '<pre>';
print_r($metadata);
......@@ -98,6 +127,21 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
$this->hostmap[$set][$entry['host']] = $key;
}
}
}
private function loadFile($metadatasetfile) {
$metadata = null;
if (!file_exists($metadatasetfile)) {
throw new Exception('Could not open file: ' . $metadatasetfile);
}
include($metadatasetfile);
if (!is_array($metadata)) {
throw new Exception('(SAML2Metastoragehandler:loadFile)Could not load metadata set [' . $set . '] from file: ' . $metadatasetfile);
}
return $metadata;
}
......@@ -141,7 +185,8 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
} catch (Exception $e) {
echo 'Error reading one metadata entry: ' . $e;
$this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing',
'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
......@@ -178,7 +223,8 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
$metadata[$entityid]['ForceAuthn'] = (isset($seek_forceauth) ? ($seek_forceauth === 'true') : false);
} catch (Exception $e) {
echo 'Error reading one metadata entry: ' . $e;
$this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing',
'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
......@@ -223,8 +269,8 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
$metadata[$entityid]['requireconsent'] = (isset($seek_requireconsent) ? ($seek_requireconsent === 'true') : false);
} catch (Exception $e) {
// TODO: do syslog, not echo.
echo 'Error reading one metadata entry: ' . $e;
$this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing',
'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
......@@ -289,7 +335,8 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
} catch (Exception $e) {
echo 'Error reading one metadata entry: ' . $e;
$this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing',
'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
......@@ -319,15 +366,119 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
$metadata_entry = SimpleSAML_XML_Parser::fromSimpleXMLElement($idpentity);
$metadata[$entityid]['SingleSignOnService'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:SingleSignOnService[@Binding='urn:mace:shibboleth:1.0:profiles:AuthnRequest']/@Location", true);
$metadata[$entityid]['certFingerprint'] = SimpleSAML_Utilities::cert_fingerprint($metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:KeyDescriptor[@use='signing']/ds:KeyInfo/ds:X509Data/ds:X509Certificate", true));
$seek_base64 = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:base64attributes']/saml2:AttributeValue");
$metadata[$entityid]['base64attributes'] = (isset($seek_base64) ? ($seek_base64 === 'true') : false);
$metadata[$entityid]['name'] = $metadata_entry->getValueAlternatives(
array("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:name']/saml2:AttributeValue",
"/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:Organization/saml2meta:OrganizationDisplayName"
));
$metadata[$entityid]['description'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:description']/saml2:AttributeValue");
} catch (Exception $e) {
echo 'Error reading one metadata entry: ' . $e;
$this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing',
'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
return $metadata;
}
/*
<EntityDescriptor entityID="https://tim-test.ethz.ch/shibboleth">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>tim-test.ethz.ch</ds:KeyName>
</ds:KeyInfo>
</KeyDescriptor>
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
Location="https://tim-test.ethz.ch/Shibboleth.shire" index="1" isDefault="true"/>
</SPSSODescriptor>
</EntityDescriptor>
*/
private function getmetadata_shib13spremote($metadataxml) {
// Create a parser for the metadata document.
$metadata_parser = new SimpleSAML_XML_Parser($metadataxml);
// Get all entries in the metadata.
$idpentities = $metadata_parser->simplexml->xpath('/saml2meta:EntitiesDescriptor/saml2meta:EntityDescriptor[./saml2meta:SPSSODescriptor]');
if (!$idpentities) throw new Exception('Could not find any entity descriptors in the meta data file: ' . $metadatasetfile);
// Array to hold the resulting metadata, to return at the end of this function.
$metadata = array();
// Traverse all entries.
foreach ($idpentities as $idpentity) {
try {
$entityid = (string) $idpentity['entityID'];
if (!$entityid) throw new Exception('Could not find entityID in element');
/*
array('entityid', 'spNameQualifier', 'AssertionConsumerService', 'SingleLogoutService', 'NameIDFormat'),
array('base64attributes', 'attributemap', 'simplesaml.attributes', 'attributes')
*/
$metadata[$entityid] = array('entityid' => $entityid);
$metadata_entry = SimpleSAML_XML_Parser::fromSimpleXMLElement($idpentity);
$metadata[$entityid]['spNameQualifier'] = $metadata_entry->getValueDefault("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:spnamequalifier']/saml2:AttributeValue", $metadata[$entityid]['entityid']);
$metadata[$entityid]['audience'] = $metadata_entry->getValueDefault("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:audience']/saml2:AttributeValue", $metadata[$entityid]['entityid']);
$metadata[$entityid]['NameIDFormat'] = $metadata_entry->getValueDefault("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:NameIDFormat",
'urn:mace:shibboleth:1.0:nameIdentifier');
$seek_base64 = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:base64attributes']/saml2:AttributeValue");
$metadata[$entityid]['base64attributes'] = (isset($seek_base64) ? ($seek_base64 === 'true') : false);
$metadata[$entityid]['name'] = $metadata_entry->getValueAlternatives(
array("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:name']/saml2:AttributeValue",
"/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:Organization/saml2meta:OrganizationDisplayName"
));
$metadata[$entityid]['description'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:description']/saml2:AttributeValue");
$metadata[$entityid]['simplesaml.attributes'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:simplesaml.attributes']/saml2:AttributeValue");
$seek_attributes = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:attributes']/saml2:AttributeValue");
if (isset($seek_attributes)) $metadata[$entityid]['attributes'] = explode(',', $seek_attributes);
$metadata[$entityid]['attributemap'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:attributemap']/saml2:AttributeValue");
$metadata[$entityid]['AssertionConsumerService'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:SPSSODescriptor/saml2meta:AssertionConsumerService/@Location", true);
} catch (Exception $e) {
$this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing',
'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
return $metadata;
}
public function getMetaData($entityid = null, $set = 'saml20-sp-hosted') {
if (!isset($entityid)) {
return $this->getMetaDataCurrent($set);
......
......@@ -17,6 +17,7 @@
class SimpleSAML_XML_Parser {
var $simplexml = null;
function __construct($xml) {
#parent::construct($xml);
......@@ -44,6 +45,14 @@ class SimpleSAML_XML_Parser {
}
public function getValueDefault($xpath, $defvalue) {
try {
return $this->getValue($xpath, true);
} catch (Exception $e) {
return $defvalue;
}
}
public function getValue($xpath, $required = false) {
$result = $this->simplexml->xpath($xpath);
......
......@@ -84,6 +84,15 @@
if (array_key_exists('metadata.saml20-idp-remote', $data))
showEntry('SAML 2.0 Identity Provider (Remote)', $data['metadata.saml20-idp-remote']);
if (array_key_exists('metadata.shib13-sp-hosted', $data))
showEntry('Shib 1.3 Service Provider (Hosted)', $data['metadata.shib13-sp-hosted']);
if (array_key_exists('metadata.shib13-sp-remote', $data))
showEntry('Shib 1.3 Service Provider (Remote)', $data['metadata.shib13-sp-remote']);
if (array_key_exists('metadata.shib13-idp-hosted', $data))
showEntry('Shib 1.3 Identity Provider (Hosted)', $data['metadata.shib13-idp-hosted']);
if (array_key_exists('metadata.shib13-idp-remote', $data))
showEntry('Shib 1.3 Identity Provider (Remote)', $data['metadata.shib13-idp-remote']);
?>
......
......@@ -65,6 +65,59 @@ try {
}
if ($config->getValue('enable.shib13-sp') === true) {
$results = array();
$metalist = $metadata->getList('shib13-sp-hosted');
foreach ($metalist AS $entityid => $mentry) {
$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
array('entityid', 'host', 'NameIDFormat', 'ForceAuthn'),
array()
);
}
$et->data['metadata.shib13-sp-hosted'] = $results;
$results = array();
$metalist = $metadata->getList('shib13-idp-remote');
foreach ($metalist AS $entityid => $mentry) {
$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
array('entityid', 'SingleSignOnService', 'SingleLogoutService', 'certFingerprint'),
array('name', 'description', 'base64attributes')
);
}
$et->data['metadata.shib13-idp-remote'] = $results;
}
if ($config->getValue('enable.shib13-idp') === true) {
$results = array();
$metalist = $metadata->getList('shib13-idp-hosted');
foreach ($metalist AS $entityid => $mentry) {
$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
array('entityid', 'host', 'privatekey', 'certificate', 'auth'),
array('requireconsent')
);
}
$et->data['metadata.shib13-idp-hosted'] = $results;
$results = array();
$metalist = $metadata->getList('shib13-sp-remote');
foreach ($metalist AS $entityid => $mentry) {
$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
array('entityid', 'spNameQualifier', 'AssertionConsumerService', 'audience', 'NameIDFormat'),
array('base64attributes', 'attributemap', 'simplesaml.attributes', 'attributes', 'name', 'description')
);
}
$et->data['metadata.shib13-sp-remote'] = $results;
}
$et->data['header'] = 'Metadata overview';
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment