Fixes to ADFS metadata to allow interoperability.
git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3364 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
parent
62de96506d
commit
1e27652069
|
@ -173,7 +173,12 @@ class SimpleSAML_Metadata_Signer {
|
|||
$rootNode = $xml->firstChild;
|
||||
|
||||
/* Sign the metadata with our private key. */
|
||||
$objXMLSecDSig = new XMLSecurityDSig();
|
||||
if ($type == 'ADFS IdP') {
|
||||
$objXMLSecDSig = new sspmod_adfs_XMLSecurityDSig($metadataString);
|
||||
} else {
|
||||
$objXMLSecDSig = new XMLSecurityDSig();
|
||||
}
|
||||
|
||||
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
|
||||
|
||||
$objXMLSecDSig->addReferenceList(array($rootNode), XMLSecurityDSig::SHA1,
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This class should be considered a temporary workaround to
|
||||
* solve the lack of custom formatting in XMLSecurityDSig
|
||||
* (xmlseclibs). It should be possible to either configure
|
||||
* the original class to avoid formatting, or to use a custom
|
||||
* template for the signature.
|
||||
*
|
||||
* @todo Move this functionality to xmlseclibs.
|
||||
*
|
||||
* @author Daniel Tsosie
|
||||
* @package simpleSAMLphp
|
||||
* @version $Id$
|
||||
*/
|
||||
class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
|
||||
|
||||
function __construct($metaxml) {
|
||||
$sigdoc = new DOMDocument();
|
||||
$template = '';
|
||||
|
||||
if (strpos("\n", $metaxml) === FALSE) {
|
||||
foreach (explode("\n", self::template) as $line)
|
||||
$template .= trim($line);
|
||||
} else {
|
||||
$template = self::template;
|
||||
}
|
||||
|
||||
$sigdoc->loadXML($template);
|
||||
$this->sigNode = $sigdoc->documentElement;
|
||||
}
|
||||
}
|
|
@ -117,14 +117,16 @@ try {
|
|||
'name' => $config->getString('technicalcontact_name', NULL),
|
||||
));
|
||||
}
|
||||
$metaxml = explode("\n", $metaBuilder->getEntityDescriptorText());
|
||||
unset($metaxml[0]);
|
||||
$metaxml = implode("\n", $metaxml);
|
||||
$output_xhtml = array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml';
|
||||
$metaxml = $metaBuilder->getEntityDescriptorText($output_xhtml);
|
||||
if (!$output_xhtml) {
|
||||
$metaxml = str_replace("\n", '', $metaxml);
|
||||
}
|
||||
|
||||
/* Sign the metadata if enabled. */
|
||||
$metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'ADFS IdP');
|
||||
|
||||
if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') {
|
||||
if ($output_xhtml) {
|
||||
$defaultidp = $config->getString('default-adfs-idp', NULL);
|
||||
|
||||
$t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin');
|
||||
|
@ -138,19 +140,17 @@ try {
|
|||
$t->show();
|
||||
|
||||
} else {
|
||||
|
||||
header('Content-Type: application/xml');
|
||||
|
||||
// make sure to export only the md:EntityDescriptor
|
||||
$metaxml = substr($metaxml, strpos($metaxml, '<md:EntityDescriptor'));
|
||||
// 22 = strlen('</md:EntityDescriptor>')
|
||||
$metaxml = substr($metaxml, 0, strrpos($metaxml, '</md:EntityDescriptor>') + 22);
|
||||
echo $metaxml;
|
||||
exit(0);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
|
||||
|
||||
} catch(Exception $exception) {
|
||||
|
||||
throw new SimpleSAML_Error_Error('METADATA', $exception);
|
||||
|
||||
}
|
||||
|
||||
|
|
Reference in New Issue