* config: add a new config key 'showExtension' default is 1 and means that
every URL to endpoints should contain the '.php' extension. If MultiView is configured you can set it to 0. * metadata: honor the showExtension configuration flag.
This commit is contained in:
parent
28eab18f22
commit
e93b9286e8
|
@ -24,7 +24,8 @@ class LassoSPKitConfig {
|
|||
'session' => "AutoPersistentSession",
|
||||
'storage' => "File",
|
||||
'cookiename' => 0,
|
||||
'default_return_url' => null
|
||||
'default_return_url' => null,
|
||||
'showExtension' => 1 /* Shall we show the extension of scripts in public apis */
|
||||
);
|
||||
private static $instance = null;
|
||||
private static $file;
|
||||
|
|
|
@ -1,12 +1,17 @@
|
|||
<?php
|
||||
require_once('lassospkit_config.inc.php');
|
||||
|
||||
class LassoSPKitMetadataSAML2 {
|
||||
static function generateMetadata($baseUrl, $orgname, $publickey) {
|
||||
$prefix = '/saml2';
|
||||
if (LassoSPKitConfig::get('showExtension')) {
|
||||
$prefix .= '.php';
|
||||
}
|
||||
$meta = '<?xml version="1.0"?>
|
||||
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||
entityID="' . $baseUrl . '/saml2/metadata">
|
||||
entityID="' . $baseUrl . $prefix . '/metadata">
|
||||
<SPSSODescriptor
|
||||
AuthnRequestsSigned="true"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
|
@ -18,12 +23,12 @@ class LassoSPKitMetadataSAML2 {
|
|||
|
||||
<AssertionConsumerService isDefault="true" index="0"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
|
||||
Location="' . $baseUrl . '/saml2/ssoAssertionConsumer" />
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="' . $baseUrl . '/saml2/sloSoap"/>
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="' . $baseUrl . '/saml2/sloRedirect" ResponseLocation="' . $baseUrl . '/saml2/sloResponse"/>
|
||||
Location="' . $baseUrl . $prefix . '/ssoAssertionConsumer" />
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="' . $baseUrl . $prefix . '/sloSoap"/>
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="' . $baseUrl . $prefix . '/sloRedirect" ResponseLocation="' . $baseUrl . $prefix . '/sloResponse"/>
|
||||
|
||||
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="' . $baseUrl . '/saml2/nidManagementSoap"/>
|
||||
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="'. $baseUrl .'/saml2/nidManagementRedirect" ResponseLocation="'. $baseUrl .'/saml2/nidManagementResponse"/>
|
||||
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="' . $baseUrl . $prefix . '/nidManagementSoap"/>
|
||||
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="'. $baseUrl .$prefix . '/nidManagementRedirect" ResponseLocation="'. $baseUrl .$prefix . '/nidManagementResponse"/>
|
||||
|
||||
</SPSSODescriptor>
|
||||
<Organization>
|
||||
|
@ -36,11 +41,15 @@ class LassoSPKitMetadataSAML2 {
|
|||
|
||||
class LassoSPKitMetadataLiberty {
|
||||
static function generateMetadata($baseUrl, $orgname, $publickey) {
|
||||
$prefix = '/liberty';
|
||||
if (LassoSPKitConfig::get('showExtension')) {
|
||||
$prefix .= '.php';
|
||||
}
|
||||
$meta = "";
|
||||
$meta .=
|
||||
'<?xml version="1.0"?>
|
||||
<EntityDescriptor
|
||||
providerID="' . $baseUrl . '/liberty/metadata" xmlns="urn:liberty:metadata:2003-08" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
providerID="' . $baseUrl . $prefix . '/metadata" xmlns="urn:liberty:metadata:2003-08" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<SPDescriptor>';
|
||||
// Public key
|
||||
$meta .=
|
||||
|
@ -51,12 +60,12 @@ providerID="' . $baseUrl . '/liberty/metadata" xmlns="urn:liberty:metadata:2003-
|
|||
</KeyDescriptor>';
|
||||
// Endpoints
|
||||
$meta .=
|
||||
'<SOAPEndpoint>' . $baseUrl .'/liberty/soap</SOAPEndpoint>
|
||||
<SingleLogoutServiceURL>' . $baseUrl . '/liberty/sloRedirect</SingleLogoutServiceURL>
|
||||
<SingleLogoutServiceReturnURL>'. $baseUrl .'/liberty/sloResponse</SingleLogoutServiceReturnURL>
|
||||
<FederationTerminationServiceURL>'. $baseUrl.'/liberty/defederateNotification</FederationTerminationServiceURL>
|
||||
<FederationTerminationServiceReturnURL>'. $baseUrl.'/liberty/defederateReturn</FederationTerminationServiceReturnURL>
|
||||
<AssertionConsumerServiceURL>' . $baseUrl . '/liberty/ssoAssertionConsumer</AssertionConsumerServiceURL>
|
||||
'<SOAPEndpoint>' . $baseUrl .$prefix . '/soap</SOAPEndpoint>
|
||||
<SingleLogoutServiceURL>' . $baseUrl . $prefix . '/sloRedirect</SingleLogoutServiceURL>
|
||||
<SingleLogoutServiceReturnURL>'. $baseUrl .$prefix . '/sloResponse</SingleLogoutServiceReturnURL>
|
||||
<FederationTerminationServiceURL>'. $baseUrl.$prefix . '/defederateNotification</FederationTerminationServiceURL>
|
||||
<FederationTerminationServiceReturnURL>'. $baseUrl.$prefix . '/defederateReturn</FederationTerminationServiceReturnURL>
|
||||
<AssertionConsumerServiceURL>' . $baseUrl . $prefix . '/ssoAssertionConsumer</AssertionConsumerServiceURL>
|
||||
';
|
||||
// TODO select supported profiles by config
|
||||
$meta .= "<SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</SingleLogoutProtocolProfile>\n";
|
||||
|
|
|
@ -24,6 +24,9 @@ function _lassospkit_make_redirect_url($endpoint, $return_url, $params) {
|
|||
$redirect = LassoSPKitConfig::get('baseUrl');
|
||||
// saml2 or liberty
|
||||
$redirect = $redirect . '/' . LassoSPKitConfig::get('conformance');
|
||||
if (LassoSPKitConfig::get('showExtension')) {
|
||||
$redirect = $redirect . '.php';
|
||||
}
|
||||
// Specific endpoint
|
||||
$redirect = $redirect . '/' . $endpoint;
|
||||
// Return url param
|
||||
|
|
Reference in New Issue