Commits · de2eca388d217585f41f540bc70e98aa9a882979 · Perun / Perun ProxyIdP / v1 / simplesamlphp

Aug 28, 2019
- Fix type confusion · de2eca38
  Tim van Dijen authored 5 years ago
  
  de2eca38
Jul 23, 2019
- Fix Psalm-issues batch #2 (#1159) · 8a0a8e33
  Tim van Dijen authored 5 years ago
```
Fix Psalm-issues in the modules-directory
```
  Unverified
  
  8a0a8e33
Jan 18, 2019
- Allow us to be prepared for Issuer objects being returned instead of strings. · 1de2e1d3
  Jaime Pérez Crespo authored 6 years ago
  
  Unverified
  
  1de2e1d3
Jan 17, 2019
- Use getter methods for SubjectConfirmation and SubjectConfirmationData objects. · 94ffeee4
  Jaime Pérez Crespo authored 6 years ago
  
  Unverified
  
  94ffeee4
Nov 21, 2018

If issuer does not match ExpectedIssuer, log warning instead of throwing exception. · e543fe5f

Thijs Kinkhorst authored 6 years ago

It does not seem like something that is normal so a warning seems in
place. However, forbidding it does not add much value since we accept
unsollicited responses (from any idp) anyway.

Closes: #975

e543fe5f

Oct 17, 2018
- Converted array declarations (#959) · 3b4178d6
  Arno van der Vegt authored 6 years ago
  
  3b4178d6
Aug 26, 2018
- modules: PSR-2 · f5b94bdd
  Tim van Dijen authored 6 years ago
  
  f5b94bdd
Aug 22, 2018
- modules: PSR-2 /whitespace/indentation · ddcf6cfb
  Tim van Dijen authored 6 years ago
  
  ddcf6cfb
Aug 13, 2018
- modules: PSR-2 /whitespace/indentation · 53029e03
  Tim van Dijen authored 6 years ago
  
  53029e03
Jun 01, 2018
- Replace sppmod_* with namespaced version · 9b7361e1
  Tim van Dijen authored 6 years ago
  
  9b7361e1
May 31, 2018
- Replace SimpleSAML_Auth_* with namespaced version · ba8a620c
  Tim van Dijen authored 6 years ago
  
  ba8a620c
- Replace SimpleSAML_Error_* with namespaced version · a3513e46
  Tim van Dijen authored 6 years ago
  
  a3513e46
- Replace SimpleSAML_Session with namespaced version · 33de7bd3
  Tim van Dijen authored 6 years ago
  
  33de7bd3
Dec 08, 2017
- Replace remaining uses of SimpleSAML_Logger with namespace version · 389d2a00
  Thijs Kinkhorst authored 7 years ago
  
  389d2a00
Oct 25, 2017
- Make sure calls to in_array() use strict comparisons. · 4c18f450
  Jaime Pérez Crespo authored 7 years ago
  
  Unverified
  
  4c18f450
Oct 19, 2017
- removing uses of assert() with string value · f1c7754f
  fentie authored 7 years ago
  
  f1c7754f
Oct 10, 2017
- Making the AuthnInstant available in the state array as saml:AuthnInstant and... · 96ef0143
  John Gasper authored 7 years ago
```
Making the AuthnInstant available in the state array as saml:AuthnInstant and adding that to PersistentAuthData
```
  96ef0143
Aug 23, 2017
- Making the AuthnInstant available in the state array · ccfcffe1
  John Gasper authored 7 years ago
  
  ccfcffe1
Jun 30, 2017

Fix a bug in the assertion consumer service. · 0eea5c8b

Jaime Pérez Crespo authored 7 years ago

If we get a response with an InResponseTo attribute that doesn't match a valid state array, and the response is not a duplicate, we should continue with the response as an unsolicited one.

Unverified

0eea5c8b

Dec 05, 2016
- Modified SimpleSAML_Store to PSR-4 · e1d57b83
  Sergio Gomez authored 8 years ago
  
  e1d57b83
Jul 26, 2016

Bump the version of the SAML2 library. · b02c5432

Jaime Pérez authored 8 years ago

Now we are finally using the 2.x branch of the SAML2 library, which was also migrated to use namespaces. Even though the library provides an autoloader that allows loading the classes with the old names using class aliasing, we need to do the migration in one commit (at least for most part of it). This is due to the way SimpleSAMLphp checks data types, using inheritance to check objects agains abstract or more general classes. Even though class aliasing works, there's no way to replicate those relationships, and type checks that use the old class names will fail because the aliases are virtually new classes that don't inherit from others.

b02c5432

Mar 16, 2016

Be graceful if a SAML assertion does not contain a NameID. Do not set it in... · c0721a62

Jaime Perez Crespo authored 9 years ago

Be graceful if a SAML assertion does not contain a NameID. Do not set it in the state array, and set logout as "saml1" to avoid SLO, since SLO requires NameIDs.

c0721a62

Mar 09, 2016
- Update the modules too. · b5648358
  Jaime Perez Crespo authored 9 years ago
  
  b5648358
Nov 06, 2015
- Clean one-liner comments. · af24da40
  Jaime Perez Crespo authored 9 years ago
  
  af24da40
Aug 31, 2015

Duplicate the $state['SimpleSAML_Auth_Default.*'] entries to... · fb42459c

Jaime Perez Crespo authored 9 years ago

Duplicate the $state['SimpleSAML_Auth_Default.*'] entries to $state['SimpleSAML_Auth_Source.*'] where needed, while we are transitioning to 2.0. Leave those that will be removed in SimpleSAML_Auth_Default. Move the rest of the code to the new entries in the state array.

fb42459c

Jul 22, 2015
- Reformat the code of the SAML2 ACS interface. · 83087121
  Jaime Perez Crespo authored 9 years ago
  
  83087121
Jul 21, 2015

Bugfix · e5aa6821

Jaime Perez Crespo authored 9 years ago

No data about previous authentication is stored if authentication was not started at the SP (IdP-first flow). That makes the replay protection measures fail, leading to an ugly exception show to the user. Fix that.

Additionally, give precedence to the RelayState configured in the local metadata, as the one received together with the SAML response may not even be an URL.

This resolves #230.

e5aa6821

Apr 22, 2015
- Move SimpleSAML_Utilities:: checkURLAllowed() to SimpleSAML\Utils\HTTP::... · 2823c27a
  Jaime Perez Crespo authored 9 years ago
```
Move SimpleSAML_Utilities:: checkURLAllowed() to SimpleSAML\Utils\HTTP:: checkURLAllowed() and deprecate the former.
```
  2823c27a
- Move SimpleSAML_Utilities:: redirectTrustedURL() to SimpleSAML\Utils\HTTP::... · 7ee4677b
  Jaime Perez Crespo authored 9 years ago
```
Move SimpleSAML_Utilities:: redirectTrustedURL() to SimpleSAML\Utils\HTTP:: redirectTrustedURL() and deprecate the former.
```
  7ee4677b
Mar 19, 2015

Fail more gracefully when the different endpoints are accessed directly.... · b20fa795

Jaime Perez Crespo authored 10 years ago

Fail more gracefully when the different endpoints are accessed directly. Instead of displaying an "Unable to find the current binding" error message that creates confusion, tell the user it's his fault.

b20fa795

Feb 27, 2015

Solve a security issue with some modules (not validating URLs we are... · 2970e12a

Jaime Perez Crespo authored 10 years ago

Solve a security issue with some modules (not validating URLs we are redirecting to) by moving the check to the SimpleSAML_Auth_State::loadState() method.

2970e12a

Jan 15, 2015
- modules/saml: proper error message in SAML1.1/2.0 ACS when auth source ID is missing. · 3cec8eea
  Jaime Perez authored 11 years ago
  
  3cec8eea
Jul 08, 2014

Rename SimpleSAML_Session::getInstance() to... · b9e02004

Jaime Perez authored 10 years ago

Rename SimpleSAML_Session::getInstance() to SimpleSAML_Session::getSessionFromRequest(), and leave the former as deprecated.

b9e02004

Jan 28, 2014

Fix for bug introduced in r3332. · 26ecd934

Jaime Pérez Crespo authored 11 years ago

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3336 44740490-163a-0410-bde0-09ae8108e29a

26ecd934

Jan 24, 2014

Followup on previous commits. Use redirectUntrustedURL() as a shortcut, and... · 57acd837

Jaime Pérez Crespo authored 11 years ago

Followup on previous commits. Use redirectUntrustedURL() as a shortcut, and let everything else make use of redirectTrustedURL(). Move the responsibility to check the input out of the library, to the places where URLs are grabbed from input parameters.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3332 44740490-163a-0410-bde0-09ae8108e29a

57acd837

Jan 17, 2014
- Start using the redirectTrustedURL() and redirectUntrustedURL() wrappers. · 015ab4a0
  Jaime Pérez Crespo authored 11 years ago
```
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3326 44740490-163a-0410-bde0-09ae8108e29a
```
  015ab4a0
Aug 22, 2013

Fix to make issuer entity ID validation work when the remote IdP is a proxy... · 27b6b15d

Jaime Pérez Crespo authored 11 years ago

Fix to make issuer entity ID validation work when the remote IdP is a proxy and we are using IDPList option.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3264 44740490-163a-0410-bde0-09ae8108e29a

27b6b15d

May 22, 2013

saml: Fix saml:sp:IdP for SAML 1.1 · c929577c

Olav Morken authored 11 years ago

The saml:sp:IdP authentication data was only saved for SAML 2.0
authentication. This patch moves this variable into common code, so
that it is shared between SAML 2.0 and SAML 1.1.

Thanks to Tim Jobling for reporting this bug!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3240 44740490-163a-0410-bde0-09ae8108e29a

c929577c

Oct 15, 2012

The issuer of an AuthnResponse is now validated to check if we get the... · 74d4029d

Jaime Pérez Crespo authored 12 years ago

The issuer of an AuthnResponse is now validated to check if we get the response from the same entity ID we sent the request to.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3189 44740490-163a-0410-bde0-09ae8108e29a

74d4029d

May 24, 2012

saml:SP: Honor SessionNotOnOrAfter from IdP. · 4e88423e

Olav Morken authored 12 years ago

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3104 44740490-163a-0410-bde0-09ae8108e29a

4e88423e