<?php
require_once('../../_include.php');
/* Load simpleSAMLphp, configuration and metadata */
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
if (!$config->getBoolean('enable.saml20-idp', false))
throw new SimpleSAML_Error_Error('NOACCESS');
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
SimpleSAML_Utilities::requireAdmin();
}
try {
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
$availableCerts = array();
$keys = array();
$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, FALSE, 'new_');
if ($certInfo !== NULL) {
$availableCerts['new_idp.crt'] = $certInfo;
$keys[] = array(
'type' => 'X509Certificate',
'signing' => TRUE,
'encryption' => TRUE,
'X509Certificate' => $certInfo['certData'],
);
$hasNewCert = TRUE;
} else {
$hasNewCert = FALSE;
}
$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
$availableCerts['idp.crt'] = $certInfo;
$keys[] = array(
'type' => 'X509Certificate',
'signing' => TRUE,
'encryption' => ($hasNewCert ? FALSE : TRUE),
'X509Certificate' => $certInfo['certData'],
);
if ($idpmeta->hasValue('https.certificate')) {
$httpsCert = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE, 'https.');
assert('isset($httpsCert["certData"])');
$availableCerts['https.crt'] = $httpsCert;
$keys[] = array(
'type' => 'X509Certificate',
'signing' => TRUE,
'encryption' => FALSE,
'X509Certificate' => $httpsCert['certData'],
);
}
$metaArray = array(
'metadata-set' => 'saml20-idp-remote',
'entityid' => $idpentityid,
);
$ssob = $metadata->getGenerated('SingleSignOnServiceBinding', 'saml20-idp-hosted');
$slob = $metadata->getGenerated('SingleLogoutServiceBinding', 'saml20-idp-hosted');
$ssol = $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted');
$slol = $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted');
if (is_array($ssob)) {
foreach ($ssob as $binding) {
$metaArray['SingleSignOnService'][] = array(
'Binding' => $binding,
'Location' => $ssol,
);
}
} else {
$metaArray['SingleSignOnService'][] = array(
'Binding' => $ssob,
'Location' => $ssol,
);
}
if (is_array($slob)) {
foreach ($slob as $binding) {
$metaArray['SingleLogoutService'][] = array(
'Binding' => $binding,
'Location' => $slol,
);
}
} else {
$metaArray['SingleLogoutService'][] = array(
'Binding' => $slob,
'Location' => $slol,
);
}
if (count($keys) === 1) {
$metaArray['certData'] = $keys[0]['X509Certificate'];
} else {
$metaArray['keys'] = $keys;
}
if ($idpmeta->getBoolean('saml20.sendartifact', FALSE)) {
/* Artifact sending enabled. */
$metaArray['ArtifactResolutionService'][] = array(
'index' => 0,
'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/ArtifactResolutionService.php',
'Binding' => SAML2_Const::BINDING_SOAP,
);
}
if ($idpmeta->getBoolean('saml20.hok.assertion', FALSE)) {
/* Prepend HoK SSO Service endpoint. */
array_unshift($metaArray['SingleSignOnService'], array(
'hoksso:ProtocolBinding' => SAML2_Const::BINDING_HTTP_REDIRECT,
'Binding' => SAML2_Const::BINDING_HOK_SSO,
'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/SSOService.php'));
}
$metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
if ($idpmeta->hasValue('OrganizationName')) {
$metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName');
$metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']);
if (!$idpmeta->hasValue('OrganizationURL')) {
throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL');
}
if ($idpmeta->hasValue('scope')) {
$metaArray['scope'] = $idpmeta->getArray('scope');
}
if ($idpmeta->hasValue('EntityAttributes')) {
$metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes');
}
if ($idpmeta->hasValue('UIInfo')) {
$metaArray['UIInfo'] = $idpmeta->getArray('UIInfo');
}
if ($idpmeta->hasValue('DiscoHints')) {
$metaArray['DiscoHints'] = $idpmeta->getArray('DiscoHints');
}
if ($idpmeta->hasValue('RegistrationInfo')) {
$metaArray['RegistrationInfo'] = $idpmeta->getArray('RegistrationInfo');
}
if ($idpmeta->hasValue('validate.authnrequest')) {
$metaArray['sign.authnrequest'] = $idpmeta->getBoolean('validate.authnrequest');
}
if ($idpmeta->hasValue('redirect.validate')) {
$metaArray['redirect.sign'] = $idpmeta->getBoolean('redirect.validate');
}
$metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';';
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
$metaBuilder->addMetadataIdP20($metaArray);
$metaBuilder->addOrganizationInfo($metaArray);
$technicalContactEmail = $config->getString('technicalcontact_email', NULL);
if ($technicalContactEmail && $technicalContactEmail !== 'na@example.org') {
$metaBuilder->addContact('technical', array(
'emailAddress' => $technicalContactEmail,
'name' => $config->getString('technicalcontact_name', NULL),
));
}
$metaxml = $metaBuilder->getEntityDescriptorText();
/* Sign the metadata if enabled. */
$metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'SAML 2 IdP');
if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') {
$defaultidp = $config->getString('default-saml20-idp', NULL);
$t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin');
$t->data['available_certs'] = $availableCerts;
$t->data['header'] = 'saml20-idp';
$t->data['metaurl'] = SimpleSAML_Utilities::selfURLNoQuery();
$t->data['metadata'] = htmlspecialchars($metaxml);
$t->data['metadataflat'] = htmlspecialchars($metaflat);
$t->data['defaultidp'] = $defaultidp;
$t->show();
} else {
header('Content-Type: application/xml');
echo $metaxml;
exit(0);
}
} catch(Exception $exception) {
throw new SimpleSAML_Error_Error('METADATA', $exception);
}
|
Download
