Skip to content
Snippets Groups Projects
Commit efd37879 authored by Hans Zandbelt's avatar Hans Zandbelt
Browse files

add support in core IDP for association groups which are used to share... 

add support in core IDP for association groups which are used to share associations between SAML 2 and ADFS IDPs, to enable cross-protocol single-logout (thanks Olav)

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2181 44740490-163a-0410-bde0-09ae8108e29a
parent c4ae073b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 27 additions and 3 deletions
lib/SimpleSAML/IdP.php
+ 27
3
View file @ efd37879
...@@ -26,6 +26,17 @@ class SimpleSAML_IdP { ...@@ -26,6 +26,17 @@ class SimpleSAML_IdP {
private $id; private $id;
/**
* The "association group" for this IdP.
*
* We use this to support cross-protocol logout until
* we implement a cross-protocol IdP.
*
* @var string
*/
private $associationGroup;
/** /**
* The configuration for this IdP. * The configuration for this IdP.
* *
...@@ -62,10 +73,23 @@ class SimpleSAML_IdP { ...@@ -62,10 +73,23 @@ class SimpleSAML_IdP {
throw new SimpleSAML_Error_Exception('enable.adfs-idp disabled in config.php.'); throw new SimpleSAML_Error_Exception('enable.adfs-idp disabled in config.php.');
} }
$this->config = $metadata->getMetaDataConfig(substr($id, 5), 'adfs-idp-hosted'); $this->config = $metadata->getMetaDataConfig(substr($id, 5), 'adfs-idp-hosted');
try {
/* This makes the ADFS IdP use the same SP associations as the SAML 2.0 IdP. */
$saml2EntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$this->associationGroup = 'saml2:' . $saml2EntityId;
} catch (Exception $e) {
/* Probably no SAML 2 IdP configured for this host. Ignore the error. */
}
} else { } else {
assert(FALSE); assert(FALSE);
} }
if ($this->associationGroup === NULL) {
$this->associationGroup = $this->id;
}
} }
...@@ -157,7 +181,7 @@ class SimpleSAML_IdP { ...@@ -157,7 +181,7 @@ class SimpleSAML_IdP {
assert('isset($association["Handler"])'); assert('isset($association["Handler"])');
$session = SimpleSAML_Session::getInstance(); $session = SimpleSAML_Session::getInstance();
$session->addAssociation($this->id, $association); $session->addAssociation($this->associationGroup, $association);
} }
...@@ -169,7 +193,7 @@ class SimpleSAML_IdP { ...@@ -169,7 +193,7 @@ class SimpleSAML_IdP {
public function getAssociations() { public function getAssociations() {
$session = SimpleSAML_Session::getInstance(); $session = SimpleSAML_Session::getInstance();
return $session->getAssociations($this->id); return $session->getAssociations($this->associationGroup);
} }
...@@ -182,7 +206,7 @@ class SimpleSAML_IdP { ...@@ -182,7 +206,7 @@ class SimpleSAML_IdP {
assert('is_string($assocId)'); assert('is_string($assocId)');
$session = SimpleSAML_Session::getInstance(); $session = SimpleSAML_Session::getInstance();
$session->terminateAssociation($this->id, $assocId); $session->terminateAssociation($this->associationGroup, $assocId);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment