summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjaimepc@gmail.com <jaimepc@gmail.com@44740490-163a-0410-bde0-09ae8108e29a>2014-02-17 14:08:07 (GMT)
committerjaimepc@gmail.com <jaimepc@gmail.com@44740490-163a-0410-bde0-09ae8108e29a>2014-02-17 14:08:07 (GMT)
commit1e276520694f6bd10568d1ea06b7f45b2dcae20b (patch)
tree0d56bf882293a7562eb2e9d43a4f53bc10d4cec7
parent62de96506d8214bfb507366556e98b139deedcfd (diff)
downloadsimplesamlphp-1e276520694f6bd10568d1ea06b7f45b2dcae20b.zip
simplesamlphp-1e276520694f6bd10568d1ea06b7f45b2dcae20b.tar.gz
simplesamlphp-1e276520694f6bd10568d1ea06b7f45b2dcae20b.tar.bz2
Fixes to ADFS metadata to allow interoperability.
git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3364 44740490-163a-0410-bde0-09ae8108e29a
-rw-r--r--lib/SimpleSAML/Metadata/Signer.php7
-rw-r--r--modules/adfs/lib/XMLSecurityDSig.php32
-rw-r--r--modules/adfs/www/idp/metadata.php22
3 files changed, 49 insertions, 12 deletions
diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php
index d696469..a042215 100644
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -173,7 +173,12 @@ class SimpleSAML_Metadata_Signer {
$rootNode = $xml->firstChild;
/* Sign the metadata with our private key. */
- $objXMLSecDSig = new XMLSecurityDSig();
+ if ($type == 'ADFS IdP') {
+ $objXMLSecDSig = new sspmod_adfs_XMLSecurityDSig($metadataString);
+ } else {
+ $objXMLSecDSig = new XMLSecurityDSig();
+ }
+
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($rootNode), XMLSecurityDSig::SHA1,
diff --git a/modules/adfs/lib/XMLSecurityDSig.php b/modules/adfs/lib/XMLSecurityDSig.php
new file mode 100644
index 0000000..d5ab2fd
--- /dev/null
+++ b/modules/adfs/lib/XMLSecurityDSig.php
@@ -0,0 +1,32 @@
+<?php
+
+/**
+ * This class should be considered a temporary workaround to
+ * solve the lack of custom formatting in XMLSecurityDSig
+ * (xmlseclibs). It should be possible to either configure
+ * the original class to avoid formatting, or to use a custom
+ * template for the signature.
+ *
+ * @todo Move this functionality to xmlseclibs.
+ *
+ * @author Daniel Tsosie
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
+
+ function __construct($metaxml) {
+ $sigdoc = new DOMDocument();
+ $template = '';
+
+ if (strpos("\n", $metaxml) === FALSE) {
+ foreach (explode("\n", self::template) as $line)
+ $template .= trim($line);
+ } else {
+ $template = self::template;
+ }
+
+ $sigdoc->loadXML($template);
+ $this->sigNode = $sigdoc->documentElement;
+ }
+}
diff --git a/modules/adfs/www/idp/metadata.php b/modules/adfs/www/idp/metadata.php
index fd563ba..f1a191a 100644
--- a/modules/adfs/www/idp/metadata.php
+++ b/modules/adfs/www/idp/metadata.php
@@ -117,14 +117,16 @@ try {
'name' => $config->getString('technicalcontact_name', NULL),
));
}
- $metaxml = explode("\n", $metaBuilder->getEntityDescriptorText());
- unset($metaxml[0]);
- $metaxml = implode("\n", $metaxml);
+ $output_xhtml = array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml';
+ $metaxml = $metaBuilder->getEntityDescriptorText($output_xhtml);
+ if (!$output_xhtml) {
+ $metaxml = str_replace("\n", '', $metaxml);
+ }
/* Sign the metadata if enabled. */
$metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'ADFS IdP');
- if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') {
+ if ($output_xhtml) {
$defaultidp = $config->getString('default-adfs-idp', NULL);
$t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin');
@@ -138,19 +140,17 @@ try {
$t->show();
} else {
-
header('Content-Type: application/xml');
+ // make sure to export only the md:EntityDescriptor
+ $metaxml = substr($metaxml, strpos($metaxml, '<md:EntityDescriptor'));
+ // 22 = strlen('</md:EntityDescriptor>')
+ $metaxml = substr($metaxml, 0, strrpos($metaxml, '</md:EntityDescriptor>') + 22);
echo $metaxml;
- exit(0);
+ exit(0);
}
-
-
} catch(Exception $exception) {
-
throw new SimpleSAML_Error_Error('METADATA', $exception);
-
}
-