mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-04 18:13:41 +02:00
make sure to redirect to correct idp
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
parent
afeee8beaa
commit
39b3d52746
|
@ -57,7 +57,7 @@ $type = '';
|
||||||
switch($config->getAppValue('user_saml', 'type')) {
|
switch($config->getAppValue('user_saml', 'type')) {
|
||||||
case 'saml':
|
case 'saml':
|
||||||
try {
|
try {
|
||||||
$oneLoginSettings = new \OneLogin_Saml2_Settings($samlSettings->getOneLoginSettingsArray());
|
$oneLoginSettings = new \OneLogin_Saml2_Settings($samlSettings->getOneLoginSettingsArray(1));
|
||||||
} catch (OneLogin_Saml2_Error $e) {
|
} catch (OneLogin_Saml2_Error $e) {
|
||||||
$returnScript = true;
|
$returnScript = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -149,14 +149,15 @@ class SAMLController extends Controller {
|
||||||
* @UseSession
|
* @UseSession
|
||||||
* @OnlyUnauthenticatedUsers
|
* @OnlyUnauthenticatedUsers
|
||||||
*
|
*
|
||||||
|
* @param int $idp id of the idp
|
||||||
* @return Http\RedirectResponse
|
* @return Http\RedirectResponse
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
*/
|
*/
|
||||||
public function login() {
|
public function login($idp) {
|
||||||
$type = $this->config->getAppValue($this->appName, 'type');
|
$type = $this->config->getAppValue($this->appName, 'type');
|
||||||
switch($type) {
|
switch($type) {
|
||||||
case 'saml':
|
case 'saml':
|
||||||
$auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray());
|
$auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray($idp));
|
||||||
$ssoUrl = $auth->login(null, [], false, false, true);
|
$ssoUrl = $auth->login(null, [], false, false, true);
|
||||||
$this->session->set('user_saml.AuthNRequestID', $auth->getLastRequestID());
|
$this->session->set('user_saml.AuthNRequestID', $auth->getLastRequestID());
|
||||||
$this->session->set('user_saml.OriginalUrl', $this->request->getParam('originalUrl', ''));
|
$this->session->set('user_saml.OriginalUrl', $this->request->getParam('originalUrl', ''));
|
||||||
|
|
|
@ -76,26 +76,37 @@ class SAMLSettings {
|
||||||
return $setting === '1';
|
return $setting === '1';
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getOneLoginSettingsArray() {
|
/**
|
||||||
|
* get config for given IDP
|
||||||
|
*
|
||||||
|
* @param int $idp
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function getOneLoginSettingsArray($idp) {
|
||||||
|
|
||||||
|
$prefix = '';
|
||||||
|
if ($idp > 1) {
|
||||||
|
$prefix = $idp . '-';
|
||||||
|
}
|
||||||
|
|
||||||
$settings = [
|
$settings = [
|
||||||
'strict' => true,
|
'strict' => true,
|
||||||
'debug' => $this->config->getSystemValue('debug', false),
|
'debug' => $this->config->getSystemValue('debug', false),
|
||||||
'baseurl' => $this->request->getServerProtocol() . '://' . $this->request->getServerHost(),
|
'baseurl' => $this->request->getServerProtocol() . '://' . $this->request->getServerHost(),
|
||||||
'security' => [
|
'security' => [
|
||||||
'nameIdEncrypted' => ($this->config->getAppValue('user_saml', 'security-nameIdEncrypted', '0') === '1') ? true : false,
|
'nameIdEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-nameIdEncrypted', '0') === '1') ? true : false,
|
||||||
'authnRequestsSigned' => ($this->config->getAppValue('user_saml', 'security-authnRequestsSigned', '0') === '1') ? true : false,
|
'authnRequestsSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-authnRequestsSigned', '0') === '1') ? true : false,
|
||||||
'logoutRequestSigned' => ($this->config->getAppValue('user_saml', 'security-logoutRequestSigned', '0') === '1') ? true : false,
|
'logoutRequestSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-logoutRequestSigned', '0') === '1') ? true : false,
|
||||||
'logoutResponseSigned' => ($this->config->getAppValue('user_saml', 'security-logoutResponseSigned', '0') === '1') ? true : false,
|
'logoutResponseSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-logoutResponseSigned', '0') === '1') ? true : false,
|
||||||
'signMetadata' => ($this->config->getAppValue('user_saml', 'security-signMetadata', '0') === '1') ? true : false,
|
'signMetadata' => ($this->config->getAppValue('user_saml', $prefix . 'security-signMetadata', '0') === '1') ? true : false,
|
||||||
'wantMessagesSigned' => ($this->config->getAppValue('user_saml', 'security-wantMessagesSigned', '0') === '1') ? true : false,
|
'wantMessagesSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantMessagesSigned', '0') === '1') ? true : false,
|
||||||
'wantAssertionsSigned' => ($this->config->getAppValue('user_saml', 'security-wantAssertionsSigned', '0') === '1') ? true : false,
|
'wantAssertionsSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantAssertionsSigned', '0') === '1') ? true : false,
|
||||||
'wantAssertionsEncrypted' => ($this->config->getAppValue('user_saml', 'security-wantAssertionsEncrypted', '0') === '1') ? true : false,
|
'wantAssertionsEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantAssertionsEncrypted', '0') === '1') ? true : false,
|
||||||
'wantNameId' => ($this->config->getAppValue('user_saml', 'security-wantNameId', '0') === '1') ? true : false,
|
'wantNameId' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantNameId', '0') === '1') ? true : false,
|
||||||
'wantNameIdEncrypted' => ($this->config->getAppValue('user_saml', 'security-wantNameIdEncrypted', '0') === '1') ? true : false,
|
'wantNameIdEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantNameIdEncrypted', '0') === '1') ? true : false,
|
||||||
'wantXMLValidation' => ($this->config->getAppValue('user_saml', 'security-wantXMLValidation', '0') === '1') ? true : false,
|
'wantXMLValidation' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantXMLValidation', '0') === '1') ? true : false,
|
||||||
'requestedAuthnContext' => false,
|
'requestedAuthnContext' => false,
|
||||||
'lowercaseUrlencoding' => ($this->config->getAppValue('user_saml', 'security-lowercaseUrlencoding', '0') === '1') ? true : false,
|
'lowercaseUrlencoding' => ($this->config->getAppValue('user_saml', $prefix . 'security-lowercaseUrlencoding', '0') === '1') ? true : false,
|
||||||
],
|
],
|
||||||
'sp' => [
|
'sp' => [
|
||||||
'entityId' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),
|
'entityId' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),
|
||||||
|
@ -104,15 +115,15 @@ class SAMLSettings {
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
'idp' => [
|
'idp' => [
|
||||||
'entityId' => $this->config->getAppValue('user_saml', 'idp-entityId', ''),
|
'entityId' => $this->config->getAppValue('user_saml', $prefix . 'idp-entityId', ''),
|
||||||
'singleSignOnService' => [
|
'singleSignOnService' => [
|
||||||
'url' => $this->config->getAppValue('user_saml', 'idp-singleSignOnService.url', ''),
|
'url' => $this->config->getAppValue('user_saml', $prefix . 'idp-singleSignOnService.url', ''),
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
];
|
];
|
||||||
|
|
||||||
$spx509cert = $this->config->getAppValue('user_saml', 'sp-x509cert', '');
|
$spx509cert = $this->config->getAppValue('user_saml', $prefix . 'sp-x509cert', '');
|
||||||
$spxprivateKey = $this->config->getAppValue('user_saml', 'sp-privateKey', '');
|
$spxprivateKey = $this->config->getAppValue('user_saml', $prefix . 'sp-privateKey', '');
|
||||||
if($spx509cert !== '') {
|
if($spx509cert !== '') {
|
||||||
$settings['sp']['x509cert'] = $spx509cert;
|
$settings['sp']['x509cert'] = $spx509cert;
|
||||||
}
|
}
|
||||||
|
@ -120,15 +131,15 @@ class SAMLSettings {
|
||||||
$settings['sp']['privateKey'] = $spxprivateKey;
|
$settings['sp']['privateKey'] = $spxprivateKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
$idpx509cert = $this->config->getAppValue('user_saml', 'idp-x509cert', '');
|
$idpx509cert = $this->config->getAppValue('user_saml', $prefix . 'idp-x509cert', '');
|
||||||
if($idpx509cert !== '') {
|
if($idpx509cert !== '') {
|
||||||
$settings['idp']['x509cert'] = $idpx509cert;
|
$settings['idp']['x509cert'] = $idpx509cert;
|
||||||
}
|
}
|
||||||
|
|
||||||
$slo = $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', '');
|
$slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', '');
|
||||||
if($slo !== '') {
|
if($slo !== '') {
|
||||||
$settings['idp']['singleLogoutService'] = [
|
$settings['idp']['singleLogoutService'] = [
|
||||||
'url' => $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', ''),
|
'url' => $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', ''),
|
||||||
];
|
];
|
||||||
$settings['sp']['singleLogoutService'] = [
|
$settings['sp']['singleLogoutService'] = [
|
||||||
'url' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.singleLogoutService'),
|
'url' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.singleLogoutService'),
|
||||||
|
|
Loading…
Reference in a new issue