entrouvert
/
spip-saml
Archived
16
0
Fork 0
Code Issues Pull Requests Releases Activity

simplesamlphp: update to 1.13.2

master
Jérôme Schneider 2015-03-27 18:15:46 +01:00
parent 502161d955
commit c47b99cede
878 changed files with 55705 additions and 15278 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
inc/simplesamlphp/README.md Normal file
View File

@ -0,0 +1,7 @@
SimpleSAMLphp
=============
This is the official repository of the SimpleSAMLphp software.
* [SimpleSAMLphp homepage](https://simplesamlphp.org)
* [SimpleSAMLphp Downloads](https://simplesamlphp.org/download)

14
inc/simplesamlphp/attributemap/name2claim.php Normal file
View File

@ -0,0 +1,14 @@
<?php // Maps AD LDAP to Claims from http://msdn.microsoft.com/en-us/library/hh159803.aspx
$attributemap = array(
'c' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country',
'givenName' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
'mail' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
'memberOf' => 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role',
'postalcode' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode',
'uid' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
'sn' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
'st' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince',
'streetaddress' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress',
'telephonenumber' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone',
);
?>

15
inc/simplesamlphp/bin/build-release.sh
View File

@ -15,8 +15,6 @@ fi
cd /tmp
REPOPATH="http://simplesamlphp.googlecode.com/svn/tags/$TAG/"
if [ -a "$TAG" ]; then
echo "$0: Destination already exists: $TAG" >&2
exit 1
@ -24,7 +22,20 @@ fi
umask 0022
REPOPATH="http://simplesamlphp.googlecode.com/svn/tags/$TAG/"
svn export "$REPOPATH"
# Use composer only on newer versions that have a composer.json
if [ -f "$TAG/composer.json" ]; then
if [ ! -x composer.phar ]; then
curl -sS https://getcomposer.org/installer | php
fi
# Install dependencies (without vcs history or dev tools)
php composer.phar install --no-dev --prefer-dist -o -d "$TAG"
fi
mkdir -p "$TAG/config" "$TAG/metadata"
cp -rv "$TAG/config-templates/"* "$TAG/config/"
cp -rv "$TAG/metadata-templates/"* "$TAG/metadata/"

2
inc/simplesamlphp/bin/pack.php
View File

@ -12,7 +12,7 @@ if (count($argv) < 1) {
}
// Needed in order to make session_start to be called before output is printed.
$session = SimpleSAML_Session::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
$config = SimpleSAML_Configuration::getConfig('config.php');

1
inc/simplesamlphp/bin/pwgen.php
View File

@ -1,7 +1,6 @@
#!/usr/bin/env php
<?php
/*
* $Id$
* Interactive script to generate password hashes.
*
*/

12
inc/simplesamlphp/bin/translation.php
View File

@ -46,8 +46,14 @@ switch($action) {
case 'pull':
$content = SimpleSAML_Utilities::fetch($base . 'export.php?aid=' . $application . '&type=translation&file=' . $basefile);
file_put_contents($fileWithoutExt . '.translation.json' , $content);
try {
$content = SimpleSAML_Utilities::fetch($base . 'export.php?aid=' . $application . '&type=translation&file=' . $basefile);
file_put_contents($fileWithoutExt . '.translation.json' , $content);
}
catch (SimpleSAML_Error_Exception $e) {
echo 'Translation unavailable for ' . $basefile;
SimpleSAML_Logger::warning("Translation unavailable for $basefile in $base: " . $e->getMessage());
}
break;
case 'push':
@ -189,4 +195,4 @@ function json_format($data, $indentation = '') {
return $ret;
}
?>
?>

34
inc/simplesamlphp/composer.json Normal file
View File

@ -0,0 +1,34 @@
{
"name": "simplesamlphp/simplesamlphp",
"description": "A PHP implementation of SAML 2.0 service provider and identity provider functionality. And is also compatible with Shibboleth 1.3 and 2.0.",
"type": "project",
"keywords": [ "saml2", "shibboleth","aselect","openid","oauth","ws-federation","sp","idp" ],
"homepage": "http://simplesamlphp.org",
"license": "LGPL-2.1",
"authors": [
{
"name": "Andreas Åkre Solberg",
"email": "andreas.solberg@uninett.no"
},
{
"name": "Olav Morken",
"email": "olav.morken@uninett.no"
}
],
"autoload": {
"psr-0": {
"SimpleSAML_": "lib/"
},
"files": ["lib/_autoload_modules.php"]
},
"require": {
"php": "~5.3",
"simplesamlphp/saml2": "~0.3",
"simplesamlphp/xmlseclibs": "~1.3.2",
"openid/php-openid": "dev-master#ee669c6a9d4d95b58ecd9b6945627276807694fb as 2.2.2"
},
"support": {
"issues": "https://github.com/simplesamlphp/simplesamlphp/issues",
"source": "https://github.com/simplesamlphp/simplesamlphp"
}
}

214
inc/simplesamlphp/composer.lock generated Normal file
View File

@ -0,0 +1,214 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "e609dc6172b06d1dd51be10f92c4d18b",
"packages": [
{
"name": "openid/php-openid",
"version": "dev-master",
"source": {
"type": "git",
"url": "https://github.com/openid/php-openid.git",
"reference": "ee669c6a9d4d95b58ecd9b6945627276807694fb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/openid/php-openid/zipball/fff9217fb1acda132702730b66b10981ea9d4cac",
"reference": "ee669c6a9d4d95b58ecd9b6945627276807694fb",
"shasum": ""
},
"require": {
"ext-curl": "*",
"ext-dom": "*",
"ext-gmp": "*",
"php": ">=4.3"
},
"type": "library",
"autoload": {
"classmap": [
"Auth"
]
},
"notification-url": "https://packagist.org/downloads/",
"include-path": [
"."
],
"license": [
"Apache-2.0"
],
"authors": [
{
"name": "JanRain Inc.",
"homepage": "http://www.openidenabled.com"
}
],
"description": "OpenID library for PHP5",
"homepage": "http://github.com/openid/php-openid",
"keywords": [
"Authentication",
"OpenId",
"auth",
"yadis"
],
"time": "2013-10-03 21:21:20"
},
{
"name": "psr/log",
"version": "1.0.0",
"source": {
"type": "git",
"url": "https://github.com/php-fig/log.git",
"reference": "fe0936ee26643249e916849d48e3a51d5f5e278b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-fig/log/zipball/fe0936ee26643249e916849d48e3a51d5f5e278b",
"reference": "fe0936ee26643249e916849d48e3a51d5f5e278b",
"shasum": ""
},
"type": "library",
"autoload": {
"psr-0": {
"Psr\\Log\\": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "PHP-FIG",
"homepage": "http://www.php-fig.org/"
}
],
"description": "Common interface for logging libraries",
"keywords": [
"log",
"psr",
"psr-3"
],
"time": "2012-12-21 11:40:51"
},
{
"name": "simplesamlphp/saml2",
"version": "v0.5.0",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/saml2.git",
"reference": "497152245ec73c3f96c84306dcddf850017b84a8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/497152245ec73c3f96c84306dcddf850017b84a8",
"reference": "497152245ec73c3f96c84306dcddf850017b84a8",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-mcrypt": "*",
"ext-openssl": "*",
"php": ">=5.3.3",
"psr/log": "1.0.0",
"simplesamlphp/xmlseclibs": "~1.3.1"
},
"require-dev": {
"phpmd/phpmd": "~1.5",
"phpunit/phpunit": "~3.7",
"sebastian/phpcpd": "~1.4",
"sensiolabs/security-checker": "~1.1",
"squizlabs/php_codesniffer": "~1.4"
},
"type": "library",
"autoload": {
"psr-0": {
"SAML2_": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"LGPL-2.1"
],
"authors": [
{
"name": "Andreas Åkre Solberg",
"email": "andreas.solberg@uninett.no"
}
],
"description": "SAML2 PHP library from SimpleSAMLphp",
"time": "2014-10-07 13:40:34"
},
{
"name": "simplesamlphp/xmlseclibs",
"version": "v1.3.2",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/xmlseclibs.git",
"reference": "734e80899ade295b979de08553161cad63c2dd98"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/simplesamlphp/xmlseclibs/zipball/734e80899ade295b979de08553161cad63c2dd98",
"reference": "734e80899ade295b979de08553161cad63c2dd98",
"shasum": ""
},
"replace": {
"cdatazone/xmlseclibs": "self.version",
"fr3d/xmlseclibs": "self.version",
"robrichards/xmlseclibs": "self.version"
},
"suggest": {
"ext/mcrypt": "",
"ext/openssl": ""
},
"type": "library",
"autoload": {
"files": [
"xmlseclibs.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Rob Richards"
}
],
"description": "A PHP library for XML Security",
"homepage": "http://code.google.com/p/xmlseclibs/",
"keywords": [
"certificate",
"security",
"signature",
"signing",
"x.509",
"xml",
"xmlsec"
],
"time": "2013-06-19 00:00:00"
}
],
"packages-dev": [],
"aliases": [
{
"alias": "2.2.2",
"alias_normalized": "2.2.2.0",
"version": "9999999-dev",
"package": "openid/php-openid"
}
],
"minimum-stability": "stable",
"stability-flags": {
"openid/php-openid": 20
},
"prefer-stable": false,
"platform": {
"php": "~5.3"
},
"platform-dev": []
}

625
inc/simplesamlphp/config-templates/authsources.php
View File

@ -2,346 +2,387 @@
$config = array(
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
),
'core:AdminPassword',
),
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => NULL,
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => null,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => NULL,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => null,
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => NULL,
),
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => null,
/*
* WARNING: SHA-1 is disallowed starting January the 1st, 2014.
*
* Uncomment the following option to start using SHA-256 for your signatures.
* Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
* 2011, and will be disallowed by NIST as of 2014. Please refer to the following
* document for more information:
*
* http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
*
* If you are uncertain about identity providers supporting SHA-256 or other
* algorithms of the SHA-2 family, you can configure it individually in the
* IdP-remote metadata set for those that support it. Once you are certain that
* all your configured IdPs support SHA-2, you can safely remove the configuration
* options in the IdP-remote metadata set and uncomment the following option.
*
* Please refer to the hosted SP configuration reference for more information.
*/
//'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
/*
* The attributes parameter must contain an array of desired attributes by the SP.
* The attributes can be expressed as an array of names or as an associative array
* in the form of 'friendlyName' => 'name'.
* The metadata will then be created as follows:
* <md:RequestedAttribute FriendlyName="friendlyName" Name="name" />
*/
/*'attributes' => array(
'attrname' => 'urn:oid:x.x.x.x',
),*/
/*'attributes.required' => array (
'urn:oid:x.x.x.x',
),*/
),
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT "username", "name", "email" FROM "users" WHERE "username" = :username AND "password" = :password',
),
*/
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT uid, givenName, email, eduPersonPrincipalName FROM users WHERE uid = :username AND password = SHA2(CONCAT((SELECT salt FROM users WHERE uid = :username), :password),256);',
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-userpass' => array(
'exampleauth:UserPass',
/*
'example-userpass' => array(
'exampleauth:UserPass',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
// Forces the user to enter their credentials to ensure the correct users account is authorized.
// Details: https://dev.twitter.com/docs/api/1/get/oauth/authenticate
'force_login' => FALSE,
),
*/
/*
// Windows Live ID Authentication API.
// Register your application to get an API key here:
// https://manage.dev.live.com
'windowslive' => array(
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Example of a LDAP authentication source.
'example-ldap' => array(
'ldap:LDAP',
/*
// Windows Live ID Authentication API.
// Register your application to get an API key here:
// https://manage.dev.live.com
'windowslive' => array(
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
/*
// Example of a LDAP authentication source.
'example-ldap' => array(
'ldap:LDAP',
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => FALSE,
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => FALSE,
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => TRUE,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => FALSE,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => NULL,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// Set whether to follow referrals. AD Controllers may require FALSE to function.
'referrals' => TRUE,
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => FALSE,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => NULL,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => array('uid', 'mail'),
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => FALSE,
// The username & password the simpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => NULL,
'search.password' => NULL,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => FALSE,
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => array('uid', 'mail'),
// The DN & password the simpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => NULL,
'priv.password' => NULL,
// The username & password the simpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => NULL,
'search.password' => NULL,
),
*/
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => FALSE,
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => array(
'ldap:LDAPMulti',
// The DN & password the simpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => NULL,
'priv.password' => NULL,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
),
*/
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => array(
'ldap:LDAPMulti',
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => FALSE,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => array(
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => FALSE,
'students' => array(
'description' => 'Students',
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => array(
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
),
*/
'students' => array(
'description' => 'Students',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
),
*/
);

4
inc/simplesamlphp/config-templates/cas-ldap.php
View File

@ -13,7 +13,7 @@ $casldapconfig = array (
),
'ldap' => array(
'servers' => 'idpentityid.example.org',
'enable_tls' => false,
'enable_tls' => true,
'searchbase' => 'dc=example,dc=org',
'searchattributes' => 'uid',
'attributes' => array('cn', 'mail'),
@ -26,7 +26,7 @@ $casldapconfig = array (
),
'ldap' => array(
'servers' => 'ldap://idpentityid2.example.org',
'enable_tls' => false,
'enable_tls' => true,
'searchbase' => 'ou=users,dc=example,dc=org',
'searchattributes' => array('uid', 'mail'), # array for being able to login with either uid or mail.
'attributes' => null,

2
inc/simplesamlphp/config-templates/config-login-auto.php
View File

@ -1,8 +1,6 @@
<?php
/*
* The configuration of the login-auto authentication module.
*
* $Id: config.php 451 2008-03-27 15:33:34Z olavmrk $
*/
$config = array (

1325
inc/simplesamlphp/config-templates/config.php
View File

File diff suppressed because it is too large Load Diff

4
inc/simplesamlphp/config-templates/ldap.php
View File

@ -1,8 +1,6 @@
<?php
/*
* Configuration for the LDAP authentication module.
*
* $Id: $
*/
$config = array (
@ -16,7 +14,7 @@ $config = array (
'auth.ldap.dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'auth.ldap.hostname' => 'ldap.uninett.no',
'auth.ldap.attributes' => null,
'auth.ldap.enable_tls' => false,
'auth.ldap.enable_tls' => true,
/*
* Searching the DN of the user.

3
inc/simplesamlphp/config-templates/ldapmulti.php
View File

@ -3,7 +3,6 @@
/*
* Configuration for the multi-DN LDAP authentication module.
*
* $Id: ldapmulti.php 826 2008-08-20 14:14:08Z hans.zandbelt $
*/
$ldapmulti = array (
@ -14,7 +13,7 @@ $ldapmulti = array (
'dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'hostname' => 'ldap.uninett.no',
'attributes' => NULL,
'enable_tls' => FALSE,
'enable_tls' => TRUE,
'search.enable' => FALSE,
'search.base' => NULL,
'search.attributes' => NULL,

1
inc/simplesamlphp/config-templates/translation.php
View File

@ -2,7 +2,6 @@
/*
* Configuration
*
* $Id: translation.php 2100 2010-01-12 11:33:22Z andreassolberg $
*/
$config = array (

630
inc/simplesamlphp/config/authsources.php
View File

@ -2,358 +2,396 @@
$config = array(
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
),
'core:AdminPassword',
),
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => NULL,
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => null,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => null,
// Production
'idp' => 'https://mon.meyzieu.fr/idp/saml2/metadata',
// Recette
//'idp' => 'https://mon-meyzieu.recette.entrouvert.com/idp/saml2/metadata',
//'idp' => 'https://mon-meyzieu.recette.entrouvert.com/idp/saml2/metadata',
// Dev
//'idp' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata',
//'idp' => 'https://mon-meyzieu.dev.entrouvert.org/idp/saml2/metadata',
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => NULL,
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => null,
// Force persistent NameID
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
),
/*
* WARNING: SHA-1 is disallowed starting January the 1st, 2014.
*
* Uncomment the following option to start using SHA-256 for your signatures.
* Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
* 2011, and will be disallowed by NIST as of 2014. Please refer to the following
* document for more information:
*
* http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
*
* If you are uncertain about identity providers supporting SHA-256 or other
* algorithms of the SHA-2 family, you can configure it individually in the
* IdP-remote metadata set for those that support it. Once you are certain that
* all your configured IdPs support SHA-2, you can safely remove the configuration
* options in the IdP-remote metadata set and uncomment the following option.
*
* Please refer to the hosted SP configuration reference for more information.
*/
'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
/*
* The attributes parameter must contain an array of desired attributes by the SP.
* The attributes can be expressed as an array of names or as an associative array
* in the form of 'friendlyName' => 'name'.
* The metadata will then be created as follows:
* <md:RequestedAttribute FriendlyName="friendlyName" Name="name" />
*/
/*'attributes' => array(
'attrname' => 'urn:oid:x.x.x.x',
),*/
/*'attributes.required' => array (
'urn:oid:x.x.x.x',
),*/
),
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT "username", "name", "email" FROM "users" WHERE "username" = :username AND "password" = :password',
),
*/
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT uid, givenName, email, eduPersonPrincipalName FROM users WHERE uid = :username AND password = SHA2(CONCAT((SELECT salt FROM users WHERE uid = :username), :password),256);',
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-userpass' => array(
'exampleauth:UserPass',
/*
'example-userpass' => array(
'exampleauth:UserPass',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
// Forces the user to enter their credentials to ensure the correct users account is authorized.
// Details: https://dev.twitter.com/docs/api/1/get/oauth/authenticate
'force_login' => FALSE,