diff --git a/modules/admin/lib/Controller/Federation.php b/modules/admin/lib/Controller/Federation.php
index 622c612a68124bf25a020a99371019c934f147bc..949b6aeb907a09415bb896a64d47d2652a088dee 100644
--- a/modules/admin/lib/Controller/Federation.php
+++ b/modules/admin/lib/Controller/Federation.php
@@ -203,7 +203,7 @@ class Federation
/**
- * Get a list of the hosted IdP entities, including SAML 2, SAML 1.1 and ADFS.
+ * Get a list of the hosted IdP entities, including SAML 2 and ADFS.
*
* @return array
* @throws \Exception
diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md
index 2d6271d77d0f4a7e5452280ff79e8850f776cf39..9fd231bbe9eabdc6eb8388375d687455f84767e8 100644
--- a/modules/saml/docs/sp.md
+++ b/modules/saml/docs/sp.md
@@ -466,7 +466,6 @@ Here we will list some examples for this authentication source.
'saml:SP',
'acs.Bindings' => [
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
- 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
],
],
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index 3b4e847eb5759108e229c74e8cdcd1a36fb52630..603209c53301c7b4ed03a3a40c3e211ffcee43fc 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -36,239 +36,11 @@ if (!($source instanceof Module\saml\Auth\Source\SP)) {
$entityId = $source->getEntityId();
$spconfig = $source->getMetadata();
+$metaArray20 = $source->getHostedMetadata();
$store = Store::getInstance();
-$metaArray20 = [];
-
-$slosvcdefault = [
- Constants::BINDING_HTTP_REDIRECT,
- Constants::BINDING_SOAP,
-];
-
-$slob = $spconfig->getArray('SingleLogoutServiceBinding', $slosvcdefault);
-$slol = Module::getModuleURL('saml/sp/saml2-logout.php/' . $sourceId);
-
-foreach ($slob as $binding) {
- if ($binding == Constants::BINDING_SOAP && !($store instanceof Store\SQL)) {
- // we cannot properly support SOAP logout
- continue;
- }
- $metaArray20['SingleLogoutService'][] = [
- 'Binding' => $binding,
- 'Location' => $spconfig->getString('SingleLogoutServiceLocation', $slol),
- ];
-}
-
-$assertionsconsumerservicesdefault = [
- 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
- 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
- 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
- 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
-];
-
-if ($spconfig->getString('ProtocolBinding', '') == 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser') {
- $assertionsconsumerservicesdefault[] = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
-}
-
-$assertionsconsumerservices = $spconfig->getArray('acs.Bindings', $assertionsconsumerservicesdefault);
-
-$index = 0;
-$eps = [];
-$supported_protocols = [];
-foreach ($assertionsconsumerservices as $services) {
- $acsArray = ['index' => $index];
- switch ($services) {
- case 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':
- $acsArray['Binding'] = Constants::BINDING_HTTP_POST;
- $acsArray['Location'] = Module::getModuleURL('saml/sp/saml2-acs.php/' . $sourceId);
- if (!in_array(Constants::NS_SAMLP, $supported_protocols, true)) {
- $supported_protocols[] = Constants::NS_SAMLP;
- }
- break;
- case 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post':
- $acsArray['Binding'] = 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post';
- $acsArray['Location'] = Module::getModuleURL('saml/sp/saml1-acs.php/' . $sourceId);
- if (!in_array('urn:oasis:names:tc:SAML:1.1:protocol', $supported_protocols, true)) {
- $supported_protocols[] = 'urn:oasis:names:tc:SAML:1.1:protocol';
- }
- break;
- case 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact':
- $acsArray['Binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact';
- $acsArray['Location'] = Module::getModuleURL('saml/sp/saml2-acs.php/' . $sourceId);
- if (!in_array(Constants::NS_SAMLP, $supported_protocols, true)) {
- $supported_protocols[] = Constants::NS_SAMLP;
- }
- break;
- case 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01':
- $acsArray['Binding'] = 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01';
- $acsArray['Location'] = Module::getModuleURL(
- 'saml/sp/saml1-acs.php/' . $sourceId . '/artifact'
- );
- if (!in_array('urn:oasis:names:tc:SAML:1.1:protocol', $supported_protocols, true)) {
- $supported_protocols[] = 'urn:oasis:names:tc:SAML:1.1:protocol';
- }
- break;
- case 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser':
- $acsArray['Binding'] = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
- $acsArray['Location'] = Module::getModuleURL('saml/sp/saml2-acs.php/' . $sourceId);
- $acsArray['hoksso:ProtocolBinding'] = Constants::BINDING_HTTP_REDIRECT;
- if (!in_array(Constants::NS_SAMLP, $supported_protocols, true)) {
- $supported_protocols[] = Constants::NS_SAMLP;
- }
- break;
- }
- $eps[] = $acsArray;
- $index++;
-}
-
-$metaArray20['AssertionConsumerService'] = $spconfig->getArray('AssertionConsumerService', $eps);
-
-$keys = [];
-$cryptoUtils = new Utils\Crypto();
-$certInfo = $cryptoUtils->loadPublicKey($spconfig, false, 'new_');
-if ($certInfo !== null && array_key_exists('certData', $certInfo)) {
- $hasNewCert = true;
-
- $certData = $certInfo['certData'];
-
- $keys[] = [
- 'type' => 'X509Certificate',
- 'signing' => true,
- 'encryption' => true,
- 'X509Certificate' => $certInfo['certData'],
- ];
-} else {
- $hasNewCert = false;
-}
-
-$certInfo = $cryptoUtils->loadPublicKey($spconfig);
-if ($certInfo !== null && array_key_exists('certData', $certInfo)) {
- $certData = $certInfo['certData'];
-
- $keys[] = [
- 'type' => 'X509Certificate',
- 'signing' => true,
- 'encryption' => ($hasNewCert ? false : true),
- 'X509Certificate' => $certInfo['certData'],
- ];
-} else {
- $certData = null;
-}
-
-$format = $spconfig->getValue('NameIDPolicy', null);
-if ($format !== null) {
- if (is_array($format)) {
- $metaArray20['NameIDFormat'] = Configuration::loadFromArray($format)->getString(
- 'Format',
- Constants::NAMEID_TRANSIENT
- );
- } elseif (is_string($format)) {
- $metaArray20['NameIDFormat'] = $format;
- }
-}
-
-$name = $spconfig->getLocalizedString('name', null);
-$attributes = $spconfig->getArray('attributes', []);
-
-if ($name !== null && !empty($attributes)) {
- $metaArray20['name'] = $name;
- $metaArray20['attributes'] = $attributes;
- $metaArray20['attributes.required'] = $spconfig->getArray('attributes.required', []);
-
- if (empty($metaArray20['attributes.required'])) {
- unset($metaArray20['attributes.required']);
- }
-
- $description = $spconfig->getArray('description', null);
- if ($description !== null) {
- $metaArray20['description'] = $description;
- }
-
- $nameFormat = $spconfig->getString('attributes.NameFormat', null);
- if ($nameFormat !== null) {
- $metaArray20['attributes.NameFormat'] = $nameFormat;
- }
-
- if ($spconfig->hasValue('attributes.index')) {
- $metaArray20['attributes.index'] = $spconfig->getInteger('attributes.index', 0);
- }
-
- if ($spconfig->hasValue('attributes.isDefault')) {
- $metaArray20['attributes.isDefault'] = $spconfig->getBoolean('attributes.isDefault', false);
- }
-}
-
-// add organization info
-$orgName = $spconfig->getLocalizedString('OrganizationName', null);
-if ($orgName !== null) {
- $metaArray20['OrganizationName'] = $orgName;
-
- $metaArray20['OrganizationDisplayName'] = $spconfig->getLocalizedString('OrganizationDisplayName', null);
- if ($metaArray20['OrganizationDisplayName'] === null) {
- $metaArray20['OrganizationDisplayName'] = $orgName;
- }
-
- $metaArray20['OrganizationURL'] = $spconfig->getLocalizedString('OrganizationURL', null);
- if ($metaArray20['OrganizationURL'] === null) {
- throw new Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
- }
-}
-
-if ($spconfig->hasValue('contacts')) {
- $contacts = $spconfig->getArray('contacts');
- foreach ($contacts as $contact) {
- $metaArray20['contacts'][] = Utils\Config\Metadata::getContact($contact);
- }
-}
-
-// add technical contact
-$email = $config->getString('technicalcontact_email', 'na@example.org');
-if ($email && $email !== 'na@example.org') {
- $techcontact = [
- 'emailAddress' => $email,
- 'name' => $config->getString('technicalcontact_name', null),
- 'contactType' => 'technical'
- ];
- $metaArray20['contacts'][] = Utils\Config\Metadata::getContact($techcontact);
-}
-
-// add certificate
-if (count($keys) === 1) {
- $metaArray20['certData'] = $keys[0]['X509Certificate'];
-} elseif (count($keys) > 1) {
- $metaArray20['keys'] = $keys;
-}
-
-// add EntityAttributes extension
-if ($spconfig->hasValue('EntityAttributes')) {
- $metaArray20['EntityAttributes'] = $spconfig->getArray('EntityAttributes');
-}
-
-// add UIInfo extension
-if ($spconfig->hasValue('UIInfo')) {
- $metaArray20['UIInfo'] = $spconfig->getArray('UIInfo');
-}
-
-// add RegistrationInfo extension
-if ($spconfig->hasValue('RegistrationInfo')) {
- $metaArray20['RegistrationInfo'] = $spconfig->getArray('RegistrationInfo');
-}
-
-// add signature options
-if ($spconfig->hasValue('WantAssertionsSigned')) {
- $metaArray20['saml20.sign.assertion'] = $spconfig->getBoolean('WantAssertionsSigned');
-}
-if ($spconfig->hasValue('redirect.sign')) {
- $metaArray20['redirect.validate'] = $spconfig->getBoolean('redirect.sign');
-} elseif ($spconfig->hasValue('sign.authnrequest')) {
- $metaArray20['validate.authnrequest'] = $spconfig->getBoolean('sign.authnrequest');
-}
-
-$metaArray20['metadata-set'] = 'saml20-sp-remote';
-$metaArray20['entityid'] = $entityId;
-
$metaBuilder = new Metadata\SAMLBuilder($entityId);
-$metaBuilder->addMetadataSP20($metaArray20, $supported_protocols);
+$metaBuilder->addMetadataSP20($metaArray20, $source->getSupportedProtocols());
$metaBuilder->addOrganizationInfo($metaArray20);
$xml = $metaBuilder->getEntityDescriptorText();