change metadata generation for the new endpoints
This commit is contained in:
parent
1546f35197
commit
cdb8bd5597
|
@ -2,7 +2,20 @@
|
|||
require_once('lassospkit_config.inc.php');
|
||||
|
||||
class LassoSPKitMetadataSAML2 {
|
||||
static function generateMetadata($baseUrl, $orgname, $publickey) {
|
||||
static function generateMetadata($baseUrl, $orgname, $options = array()) {
|
||||
if ( ! (is_string($baseUrl) && is_string($orgname))) {
|
||||
throw new Exception("Bad parameters to generate metadatas");
|
||||
}
|
||||
$default_options = array(
|
||||
'publickey' => null,
|
||||
'ssoActivated' => true,
|
||||
'sloActivated' => true,
|
||||
'nidActivated' => true,
|
||||
'contacts' => array(),
|
||||
'nidFormats' => array(LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT));
|
||||
$final_options = array_merge($default_options, $options);
|
||||
extract($final_options);
|
||||
|
||||
$prefix = '/saml2';
|
||||
if (LassoSPKitConfig::get('showExtension')) {
|
||||
$prefix .= '.php';
|
||||
|
@ -14,29 +27,75 @@ class LassoSPKitMetadataSAML2 {
|
|||
entityID="' . $baseUrl . $prefix . '/metadata">
|
||||
<SPSSODescriptor
|
||||
AuthnRequestsSigned="true"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:KeyValue>' . $publickey . '</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
|
||||
<AssertionConsumerService isDefault="true" index="0"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
|
||||
Location="' . $baseUrl . $prefix . '/ssoAssertionConsumer" />
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="' . $baseUrl . $prefix . '/sloSoap"/>
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="' . $baseUrl . $prefix . '/sloRedirect" ResponseLocation="' . $baseUrl . $prefix . '/sloResponse"/>
|
||||
|
||||
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="' . $baseUrl . $prefix . '/nidManagementSoap"/>
|
||||
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="'. $baseUrl .$prefix . '/nidManagementRedirect" ResponseLocation="'. $baseUrl .$prefix . '/nidManagementResponse"/>
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">';
|
||||
if ($publickey) {
|
||||
$meta .= '
|
||||
<KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:KeyValue>' . $publickey . '</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
';
|
||||
}
|
||||
foreach ($nidFormats as $nidFormat) {
|
||||
$meta .= '
|
||||
<NameIdFormat>' . $nidFormat . '</NameIdFormat>
|
||||
';
|
||||
}
|
||||
foreach ($contacts as $contact) {
|
||||
$meta .= '
|
||||
<ContactPerson><EmailAddress>' . $contact . '</EmailAddress></ContactPerson>
|
||||
';
|
||||
}
|
||||
$url = $baseUrl . $prefix;
|
||||
if ($ssoActivated) {
|
||||
$meta .= self::assertionConsumerService("$url/assertionConsumer");
|
||||
}
|
||||
if ($sloActivated) {
|
||||
$meta .= self::singleLogout("$url/sloSoap", LASSO_SAML2_METADATA_BINDING_SOAP);
|
||||
$meta .= self::singleLogout("$url/sloBrws", LASSO_SAML2_METADATA_BINDING_REDIRECT, "$url/sloReturn");
|
||||
$meta .= self::singleLogout("$url/sloBrws", LASSO_SAML2_METADATA_BINDING_POST, "$url/sloReturn");
|
||||
$meta .= self::singleLogout("$url/sloBrws", LASSO_SAML2_METADATA_BINDING_ARTIFACT, "$url/sloReturn");
|
||||
}
|
||||
if ($nidActivated) {
|
||||
$meta .= self::nameIdManagement("$url/nameIdManagementSoap", LASSO_SAML2_METADATA_BINDING_SOAP);
|
||||
$meta .= self::nameIdManagement("$url/nameIdManagementBrws", LASSO_SAML2_METADATA_BINDING_REDIRECT, "$url/nameIdManagementReturn");
|
||||
$meta .= self::nameIdManagement("$url/nameIdManagementBrws", LASSO_SAML2_METADATA_BINDING_POST, "$url/nameIdManagementReturn");
|
||||
$meta .= self::nameIdManagement("$url/nameIdManagementBrws", LASSO_SAML2_METADATA_BINDING_ARTIFACT, "$url/nameIdManagementReturn");
|
||||
}
|
||||
|
||||
$meta .= '
|
||||
</SPSSODescriptor>
|
||||
<Organization>
|
||||
<OrganizationName xml:lang="en">' . $orgname . '</OrganizationName>
|
||||
<OrganizationName>' . $orgname . '</OrganizationName>
|
||||
</Organization>
|
||||
</EntityDescriptor>';
|
||||
return $meta;
|
||||
}
|
||||
function service($name, $place, $binding, $return = null) {
|
||||
$ret = "";
|
||||
$ret .= '<' . $name . ' Binding="';
|
||||
$ret .= $binding;
|
||||
$ret .= '" Location="' . $place . '" ';
|
||||
if ($return) {
|
||||
$ret .= 'ResponseLocation="' . $return . '"';
|
||||
}
|
||||
$ret .= '/>';
|
||||
return $ret;
|
||||
}
|
||||
function singleLogout($place, $binding, $return = null) {
|
||||
return self::service('SingleLogoutService', $place, $binding, $return);
|
||||
}
|
||||
function nameIdManagement($place, $binding, $return = null) {
|
||||
return self::service('ManageNameIDService', $place, $binding, $return);
|
||||
}
|
||||
function assertionConsumerService($place,
|
||||
$binding = LASSO_SAML2_METADATA_BINDING_ARTIFACT,
|
||||
$return = null) {
|
||||
return '<AssertionConsumerService isDefault="true" index="0"
|
||||
Binding="'. $binding .'"
|
||||
Location="' . $place . '" />';
|
||||
}
|
||||
}
|
||||
|
||||
class LassoSPKitMetadataLiberty {
|
||||
|
|
Reference in New Issue