Fixes to ADFS metadata to allow interoperability.

git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3364 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
jaimepc@gmail.com 2014-02-17 14:08:07 +00:00
parent 62de96506d
commit 1e27652069
3 changed files with 49 additions and 12 deletions

View File

@ -173,7 +173,12 @@ class SimpleSAML_Metadata_Signer {
$rootNode = $xml->firstChild;
/* Sign the metadata with our private key. */
$objXMLSecDSig = new XMLSecurityDSig();
if ($type == 'ADFS IdP') {
$objXMLSecDSig = new sspmod_adfs_XMLSecurityDSig($metadataString);
} else {
$objXMLSecDSig = new XMLSecurityDSig();
}
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($rootNode), XMLSecurityDSig::SHA1,

View File

@ -0,0 +1,32 @@
<?php
/**
* This class should be considered a temporary workaround to
* solve the lack of custom formatting in XMLSecurityDSig
* (xmlseclibs). It should be possible to either configure
* the original class to avoid formatting, or to use a custom
* template for the signature.
*
* @todo Move this functionality to xmlseclibs.
*
* @author Daniel Tsosie
* @package simpleSAMLphp
* @version $Id$
*/
class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
function __construct($metaxml) {
$sigdoc = new DOMDocument();
$template = '';
if (strpos("\n", $metaxml) === FALSE) {
foreach (explode("\n", self::template) as $line)
$template .= trim($line);
} else {
$template = self::template;
}
$sigdoc->loadXML($template);
$this->sigNode = $sigdoc->documentElement;
}
}

View File

@ -117,14 +117,16 @@ try {
'name' => $config->getString('technicalcontact_name', NULL),
));
}
$metaxml = explode("\n", $metaBuilder->getEntityDescriptorText());
unset($metaxml[0]);
$metaxml = implode("\n", $metaxml);
$output_xhtml = array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml';
$metaxml = $metaBuilder->getEntityDescriptorText($output_xhtml);
if (!$output_xhtml) {
$metaxml = str_replace("\n", '', $metaxml);
}
/* Sign the metadata if enabled. */
$metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $idpmeta->toArray(), 'ADFS IdP');
if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') {
if ($output_xhtml) {
$defaultidp = $config->getString('default-adfs-idp', NULL);
$t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin');
@ -138,19 +140,17 @@ try {
$t->show();
} else {
header('Content-Type: application/xml');
// make sure to export only the md:EntityDescriptor
$metaxml = substr($metaxml, strpos($metaxml, '<md:EntityDescriptor'));
// 22 = strlen('</md:EntityDescriptor>')
$metaxml = substr($metaxml, 0, strrpos($metaxml, '</md:EntityDescriptor>') + 22);
echo $metaxml;
exit(0);
exit(0);
}
} catch(Exception $exception) {
throw new SimpleSAML_Error_Error('METADATA', $exception);
}