Revision: 3364
Author: jaim...@gmail.com
Date: Mon Feb 17 14:08:07 2014 UTC
Log: Fixes to ADFS metadata to allow interoperability.
http://code.google.com/p/simplesamlphp/source/detail?r=3364
Added:
/trunk/modules/adfs/lib/XMLSecurityDSig.php
Modified:
/trunk/lib/SimpleSAML/Metadata/Signer.php
/trunk/modules/adfs/www/idp/metadata.php
=======================================
--- /dev/null
+++ /trunk/modules/adfs/lib/XMLSecurityDSig.php Mon Feb 17 14:08:07 2014 UTC
@@ -0,0 +1,32 @@
+<?php
+
+/**
+ * This class should be considered a temporary workaround to
+ * solve the lack of custom formatting in XMLSecurityDSig
+ * (xmlseclibs). It should be possible to either configure
+ * the original class to avoid formatting, or to use a custom
+ * template for the signature.
+ *
+ * @todo Move this functionality to xmlseclibs.
+ *
+ * @author Daniel Tsosie
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
+
+ function __construct($metaxml) {
+ $sigdoc = new DOMDocument();
+ $template = '';
+
+ if (strpos("\n", $metaxml) === FALSE) {
+ foreach (explode("\n", self::template) as $line)
+ $template .= trim($line);
+ } else {
+ $template = self::template;
+ }
+
+ $sigdoc->loadXML($template);
+ $this->sigNode = $sigdoc->documentElement;
+ }
+}
=======================================
--- /trunk/lib/SimpleSAML/Metadata/Signer.php Fri Mar 26 10:14:37 2010 UTC
+++ /trunk/lib/SimpleSAML/Metadata/Signer.php Mon Feb 17 14:08:07 2014 UTC
@@ -173,7 +173,12 @@
$rootNode = $xml->firstChild;
/* Sign the metadata with our private key. */
- $objXMLSecDSig = new XMLSecurityDSig();
+ if ($type == 'ADFS IdP') {
+ $objXMLSecDSig = new
sspmod_adfs_XMLSecurityDSig($metadataString);
+ } else {
+ $objXMLSecDSig = new XMLSecurityDSig();
+ }
+
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($rootNode),
XMLSecurityDSig::SHA1,
=======================================
--- /trunk/modules/adfs/www/idp/metadata.php Sun Feb 9 17:11:44 2014 UTC
+++ /trunk/modules/adfs/www/idp/metadata.php Mon Feb 17 14:08:07 2014 UTC
@@ -117,14 +117,16 @@
'name' => $config->getString('technicalcontact_name',
NULL),
));
}
- $metaxml = explode("\n", $metaBuilder->getEntityDescriptorText());
- unset($metaxml[0]);
- $metaxml = implode("\n", $metaxml);
+ $output_xhtml = array_key_exists('output', $_GET) && $_GET['output']
== 'xhtml';
+ $metaxml = $metaBuilder->getEntityDescriptorText($output_xhtml);
+ if (!$output_xhtml) {
+ $metaxml = str_replace("\n", '', $metaxml);
+ }
/* Sign the metadata if enabled. */
$metaxml = SimpleSAML_Metadata_Signer::sign($metaxml,
$idpmeta->toArray(), 'ADFS IdP');
- if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') {
+ if ($output_xhtml) {
$defaultidp = $config->getString('default-adfs-idp', NULL);
$t = new SimpleSAML_XHTML_Template($config, 'metadata.php',
'admin');
@@ -138,19 +140,17 @@
$t->show();
} else {
-
header('Content-Type: application/xml');
+ // make sure to export only the md:EntityDescriptor
+ $metaxml = substr($metaxml, strpos($metaxml,
'<md:EntityDescriptor'));
+ // 22 = strlen('</md:EntityDescriptor>')
+ $metaxml = substr($metaxml, 0,
strrpos($metaxml, '</md:EntityDescriptor>') + 22);
echo $metaxml;
+
exit(0);
-
}
-
-
} catch(Exception $exception) {
-
throw new SimpleSAML_Error_Error('METADATA', $exception);
-
}
-
--
You received this message because you are subscribed to the Google Groups
"simpleSAMLphp commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to simplesamlphp-commits+unsubscr...@googlegroups.com.
To post to this group, send email to simplesamlphp-commits@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp-commits.
For more options, visit https://groups.google.com/groups/opt_out.
