Initial import

3rdparty/composer.json

@@ -0,0 +1,5 @@
+{
+    "require": {
+        "onelogin/php-saml": "^2.9"
+    }
+}

3rdparty/composer.lock

@@ -0,0 +1,73 @@
+{
+    "_readme": [
+        "This file locks the dependencies of your project to a known state",
+        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
+        "This file is @generated automatically"
+    ],
+    "hash": "993f6c41684d235f66993e52d9b7dce0",
+    "content-hash": "bf3d6d016eca22c120719d73eb98378d",
+    "packages": [
+        {
+            "name": "onelogin/php-saml",
+            "version": "2.9.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/onelogin/php-saml.git",
+                "reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/onelogin/php-saml/zipball/64aff7d58e68d98eaa9220e1041da2bc9214ab51",
+                "reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51",
+                "shasum": ""
+            },
+            "require": {
+                "ext-dom": "*",
+                "ext-mcrypt": "*",
+                "ext-openssl": "*",
+                "php": ">=5.3.2"
+            },
+            "require-dev": {
+                "pdepend/pdepend": "1.1.0",
+                "phploc/phploc": "*",
+                "phpunit/phpunit": "4.8",
+                "satooshi/php-coveralls": "1.0.1",
+                "sebastian/phpcpd": "*",
+                "squizlabs/php_codesniffer": "*"
+            },
+            "suggest": {
+                "ext-gettext": "Install gettext and php5-gettext libs to handle translations",
+                "ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption",
+                "lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
+            },
+            "type": "library",
+            "autoload": {
+                "classmap": [
+                    "extlib/xmlseclibs",
+                    "lib/Saml",
+                    "lib/Saml2"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "OneLogin PHP SAML Toolkit",
+            "homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
+            "keywords": [
+                "SAML2",
+                "onelogin",
+                "saml"
+            ],
+            "time": "2016-06-27 09:24:27"
+        }
+    ],
+    "packages-dev": [],
+    "aliases": [],
+    "minimum-stability": "stable",
+    "stability-flags": [],
+    "prefer-stable": false,
+    "prefer-lowest": false,
+    "platform": [],
+    "platform-dev": []
+}

3rdparty/vendor/autoload.php

@@ -0,0 +1,7 @@
+<?php
+
+// autoload.php @generated by Composer
+
+require_once __DIR__ . '/composer' . '/autoload_real.php';
+
+return ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getLoader();

3rdparty/vendor/composer/ClassLoader.php

@@ -0,0 +1,413 @@
+<?php
+
+/*
+ * This file is part of Composer.
+ *
+ * (c) Nils Adermann <naderman@naderman.de>
+ *     Jordi Boggiano <j.boggiano@seld.be>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Composer\Autoload;
+
+/**
+ * ClassLoader implements a PSR-0, PSR-4 and classmap class loader.
+ *
+ *     $loader = new \Composer\Autoload\ClassLoader();
+ *
+ *     // register classes with namespaces
+ *     $loader->add('Symfony\Component', __DIR__.'/component');
+ *     $loader->add('Symfony',           __DIR__.'/framework');
+ *
+ *     // activate the autoloader
+ *     $loader->register();
+ *
+ *     // to enable searching the include path (eg. for PEAR packages)
+ *     $loader->setUseIncludePath(true);
+ *
+ * In this example, if you try to use a class in the Symfony\Component
+ * namespace or one of its children (Symfony\Component\Console for instance),
+ * the autoloader will first look for the class under the component/
+ * directory, and it will then fallback to the framework/ directory if not
+ * found before giving up.
+ *
+ * This class is loosely based on the Symfony UniversalClassLoader.
+ *
+ * @author Fabien Potencier <fabien@symfony.com>
+ * @author Jordi Boggiano <j.boggiano@seld.be>
+ * @see    http://www.php-fig.org/psr/psr-0/
+ * @see    http://www.php-fig.org/psr/psr-4/
+ */
+class ClassLoader
+{
+    // PSR-4
+    private $prefixLengthsPsr4 = array();
+    private $prefixDirsPsr4 = array();
+    private $fallbackDirsPsr4 = array();
+
+    // PSR-0
+    private $prefixesPsr0 = array();
+    private $fallbackDirsPsr0 = array();
+
+    private $useIncludePath = false;
+    private $classMap = array();
+
+    private $classMapAuthoritative = false;
+
+    public function getPrefixes()
+    {
+        if (!empty($this->prefixesPsr0)) {
+            return call_user_func_array('array_merge', $this->prefixesPsr0);
+        }
+
+        return array();
+    }
+
+    public function getPrefixesPsr4()
+    {
+        return $this->prefixDirsPsr4;
+    }
+
+    public function getFallbackDirs()
+    {
+        return $this->fallbackDirsPsr0;
+    }
+
+    public function getFallbackDirsPsr4()
+    {
+        return $this->fallbackDirsPsr4;
+    }
+
+    public function getClassMap()
+    {
+        return $this->classMap;
+    }
+
+    /**
+     * @param array $classMap Class to filename map
+     */
+    public function addClassMap(array $classMap)
+    {
+        if ($this->classMap) {
+            $this->classMap = array_merge($this->classMap, $classMap);
+        } else {
+            $this->classMap = $classMap;
+        }
+    }
+
+    /**
+     * Registers a set of PSR-0 directories for a given prefix, either
+     * appending or prepending to the ones previously set for this prefix.
+     *
+     * @param string       $prefix  The prefix
+     * @param array|string $paths   The PSR-0 root directories
+     * @param bool         $prepend Whether to prepend the directories
+     */
+    public function add($prefix, $paths, $prepend = false)
+    {
+        if (!$prefix) {
+            if ($prepend) {
+                $this->fallbackDirsPsr0 = array_merge(
+                    (array) $paths,
+                    $this->fallbackDirsPsr0
+                );
+            } else {
+                $this->fallbackDirsPsr0 = array_merge(
+                    $this->fallbackDirsPsr0,
+                    (array) $paths
+                );
+            }
+
+            return;
+        }
+
+        $first = $prefix[0];
+        if (!isset($this->prefixesPsr0[$first][$prefix])) {
+            $this->prefixesPsr0[$first][$prefix] = (array) $paths;
+
+            return;
+        }
+        if ($prepend) {
+            $this->prefixesPsr0[$first][$prefix] = array_merge(
+                (array) $paths,
+                $this->prefixesPsr0[$first][$prefix]
+            );
+        } else {
+            $this->prefixesPsr0[$first][$prefix] = array_merge(
+                $this->prefixesPsr0[$first][$prefix],
+                (array) $paths
+            );
+        }
+    }
+
+    /**
+     * Registers a set of PSR-4 directories for a given namespace, either
+     * appending or prepending to the ones previously set for this namespace.
+     *
+     * @param string       $prefix  The prefix/namespace, with trailing '\\'
+     * @param array|string $paths   The PSR-4 base directories
+     * @param bool         $prepend Whether to prepend the directories
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function addPsr4($prefix, $paths, $prepend = false)
+    {
+        if (!$prefix) {
+            // Register directories for the root namespace.
+            if ($prepend) {
+                $this->fallbackDirsPsr4 = array_merge(
+                    (array) $paths,
+                    $this->fallbackDirsPsr4
+                );
+            } else {
+                $this->fallbackDirsPsr4 = array_merge(
+                    $this->fallbackDirsPsr4,
+                    (array) $paths
+                );
+            }
+        } elseif (!isset($this->prefixDirsPsr4[$prefix])) {
+            // Register directories for a new namespace.
+            $length = strlen($prefix);
+            if ('\\' !== $prefix[$length - 1]) {
+                throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
+            }
+            $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
+            $this->prefixDirsPsr4[$prefix] = (array) $paths;
+        } elseif ($prepend) {
+            // Prepend directories for an already registered namespace.
+            $this->prefixDirsPsr4[$prefix] = array_merge(
+                (array) $paths,
+                $this->prefixDirsPsr4[$prefix]
+            );
+        } else {
+            // Append directories for an already registered namespace.
+            $this->prefixDirsPsr4[$prefix] = array_merge(
+                $this->prefixDirsPsr4[$prefix],
+                (array) $paths
+            );
+        }
+    }
+
+    /**
+     * Registers a set of PSR-0 directories for a given prefix,
+     * replacing any others previously set for this prefix.
+     *
+     * @param string       $prefix The prefix
+     * @param array|string $paths  The PSR-0 base directories
+     */
+    public function set($prefix, $paths)
+    {
+        if (!$prefix) {
+            $this->fallbackDirsPsr0 = (array) $paths;
+        } else {
+            $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths;
+        }
+    }
+
+    /**
+     * Registers a set of PSR-4 directories for a given namespace,
+     * replacing any others previously set for this namespace.
+     *
+     * @param string       $prefix The prefix/namespace, with trailing '\\'
+     * @param array|string $paths  The PSR-4 base directories
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function setPsr4($prefix, $paths)
+    {
+        if (!$prefix) {
+            $this->fallbackDirsPsr4 = (array) $paths;
+        } else {
+            $length = strlen($prefix);
+            if ('\\' !== $prefix[$length - 1]) {
+                throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
+            }
+            $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
+            $this->prefixDirsPsr4[$prefix] = (array) $paths;
+        }
+    }
+
+    /**
+     * Turns on searching the include path for class files.
+     *
+     * @param bool $useIncludePath
+     */
+    public function setUseIncludePath($useIncludePath)
+    {
+        $this->useIncludePath = $useIncludePath;
+    }
+
+    /**
+     * Can be used to check if the autoloader uses the include path to check
+     * for classes.
+     *
+     * @return bool
+     */
+    public function getUseIncludePath()
+    {
+        return $this->useIncludePath;
+    }
+
+    /**
+     * Turns off searching the prefix and fallback directories for classes
+     * that have not been registered with the class map.
+     *
+     * @param bool $classMapAuthoritative
+     */
+    public function setClassMapAuthoritative($classMapAuthoritative)
+    {
+        $this->classMapAuthoritative = $classMapAuthoritative;
+    }
+
+    /**
+     * Should class lookup fail if not found in the current class map?
+     *
+     * @return bool
+     */
+    public function isClassMapAuthoritative()
+    {
+        return $this->classMapAuthoritative;
+    }
+
+    /**
+     * Registers this instance as an autoloader.
+     *
+     * @param bool $prepend Whether to prepend the autoloader or not
+     */
+    public function register($prepend = false)
+    {
+        spl_autoload_register(array($this, 'loadClass'), true, $prepend);
+    }
+
+    /**
+     * Unregisters this instance as an autoloader.
+     */
+    public function unregister()
+    {
+        spl_autoload_unregister(array($this, 'loadClass'));
+    }
+
+    /**
+     * Loads the given class or interface.
+     *
+     * @param  string    $class The name of the class
+     * @return bool|null True if loaded, null otherwise
+     */
+    public function loadClass($class)
+    {
+        if ($file = $this->findFile($class)) {
+            includeFile($file);
+
+            return true;
+        }
+    }
+
+    /**
+     * Finds the path to the file where the class is defined.
+     *
+     * @param string $class The name of the class
+     *
+     * @return string|false The path if found, false otherwise
+     */
+    public function findFile($class)
+    {
+        // work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731
+        if ('\\' == $class[0]) {
+            $class = substr($class, 1);
+        }
+
+        // class map lookup
+        if (isset($this->classMap[$class])) {
+            return $this->classMap[$class];
+        }
+        if ($this->classMapAuthoritative) {
+            return false;
+        }
+
+        $file = $this->findFileWithExtension($class, '.php');
+
+        // Search for Hack files if we are running on HHVM
+        if ($file === null && defined('HHVM_VERSION')) {
+            $file = $this->findFileWithExtension($class, '.hh');
+        }
+
+        if ($file === null) {
+            // Remember that this class does not exist.
+            return $this->classMap[$class] = false;
+        }
+
+        return $file;
+    }
+
+    private function findFileWithExtension($class, $ext)
+    {
+        // PSR-4 lookup
+        $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext;
+
+        $first = $class[0];
+        if (isset($this->prefixLengthsPsr4[$first])) {
+            foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) {
+                if (0 === strpos($class, $prefix)) {
+                    foreach ($this->prefixDirsPsr4[$prefix] as $dir) {
+                        if (file_exists($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) {
+                            return $file;
+                        }
+                    }
+                }
+            }
+        }
+
+        // PSR-4 fallback dirs
+        foreach ($this->fallbackDirsPsr4 as $dir) {
+            if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) {
+                return $file;
+            }
+        }
+
+        // PSR-0 lookup
+        if (false !== $pos = strrpos($class, '\\')) {
+            // namespaced class name
+            $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1)
+                . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR);
+        } else {
+            // PEAR-like class name
+            $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext;
+        }
+
+        if (isset($this->prefixesPsr0[$first])) {
+            foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
+                if (0 === strpos($class, $prefix)) {
+                    foreach ($dirs as $dir) {
+                        if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
+                            return $file;
+                        }
+                    }
+                }
+            }
+        }
+
+        // PSR-0 fallback dirs
+        foreach ($this->fallbackDirsPsr0 as $dir) {
+            if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
+                return $file;
+            }
+        }
+
+        // PSR-0 include paths.
+        if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) {
+            return $file;
+        }
+    }
+}
+
+/**
+ * Scope isolated include.
+ *
+ * Prevents access to $this/self from included files.
+ */
+function includeFile($file)
+{
+    include $file;
+}

3rdparty/vendor/composer/LICENSE

@@ -0,0 +1,21 @@
+
+Copyright (c) 2016 Nils Adermann, Jordi Boggiano
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+

3rdparty/vendor/composer/autoload_classmap.php

@@ -0,0 +1,27 @@
+<?php
+
+// autoload_classmap.php @generated by Composer
+
+$vendorDir = dirname(dirname(__FILE__));
+$baseDir = dirname($vendorDir);
+
+return array(
+    'OneLogin_Saml2_Auth' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Auth.php',
+    'OneLogin_Saml2_AuthnRequest' => $vendorDir . '/onelogin/php-saml/lib/Saml2/AuthnRequest.php',
+    'OneLogin_Saml2_Constants' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Constants.php',
+    'OneLogin_Saml2_Error' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Error.php',
+    'OneLogin_Saml2_LogoutRequest' => $vendorDir . '/onelogin/php-saml/lib/Saml2/LogoutRequest.php',
+    'OneLogin_Saml2_LogoutResponse' => $vendorDir . '/onelogin/php-saml/lib/Saml2/LogoutResponse.php',
+    'OneLogin_Saml2_Metadata' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Metadata.php',
+    'OneLogin_Saml2_Response' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Response.php',
+    'OneLogin_Saml2_Settings' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Settings.php',
+    'OneLogin_Saml2_Utils' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Utils.php',
+    'OneLogin_Saml_AuthRequest' => $vendorDir . '/onelogin/php-saml/lib/Saml/AuthRequest.php',
+    'OneLogin_Saml_Metadata' => $vendorDir . '/onelogin/php-saml/lib/Saml/Metadata.php',
+    'OneLogin_Saml_Response' => $vendorDir . '/onelogin/php-saml/lib/Saml/Response.php',
+    'OneLogin_Saml_Settings' => $vendorDir . '/onelogin/php-saml/lib/Saml/Settings.php',
+    'OneLogin_Saml_XmlSec' => $vendorDir . '/onelogin/php-saml/lib/Saml/XmlSec.php',
+    'XMLSecEnc' => $vendorDir . '/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php',
+    'XMLSecurityDSig' => $vendorDir . '/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php',
+    'XMLSecurityKey' => $vendorDir . '/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php',
+);

3rdparty/vendor/composer/autoload_namespaces.php

@@ -0,0 +1,9 @@
+<?php
+
+// autoload_namespaces.php @generated by Composer
+
+$vendorDir = dirname(dirname(__FILE__));
+$baseDir = dirname($vendorDir);
+
+return array(
+);

3rdparty/vendor/composer/autoload_psr4.php

@@ -0,0 +1,9 @@
+<?php
+
+// autoload_psr4.php @generated by Composer
+
+$vendorDir = dirname(dirname(__FILE__));
+$baseDir = dirname($vendorDir);
+
+return array(
+);

3rdparty/vendor/composer/autoload_real.php

@@ -0,0 +1,45 @@
+<?php
+
+// autoload_real.php @generated by Composer
+
+class ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc
+{
+    private static $loader;
+
+    public static function loadClassLoader($class)
+    {
+        if ('Composer\Autoload\ClassLoader' === $class) {
+            require __DIR__ . '/ClassLoader.php';
+        }
+    }
+
+    public static function getLoader()
+    {
+        if (null !== self::$loader) {
+            return self::$loader;
+        }
+
+        spl_autoload_register(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader'), true, true);
+        self::$loader = $loader = new \Composer\Autoload\ClassLoader();
+        spl_autoload_unregister(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader'));
+
+        $map = require __DIR__ . '/autoload_namespaces.php';
+        foreach ($map as $namespace => $path) {
+            $loader->set($namespace, $path);
+        }
+
+        $map = require __DIR__ . '/autoload_psr4.php';
+        foreach ($map as $namespace => $path) {
+            $loader->setPsr4($namespace, $path);
+        }
+
+        $classMap = require __DIR__ . '/autoload_classmap.php';
+        if ($classMap) {
+            $loader->addClassMap($classMap);
+        }
+
+        $loader->register(true);
+
+        return $loader;
+    }
+}

3rdparty/vendor/composer/installed.json

@@ -0,0 +1,58 @@
+[
+    {
+        "name": "onelogin/php-saml",
+        "version": "2.9.0",
+        "version_normalized": "2.9.0.0",
+        "source": {
+            "type": "git",
+            "url": "https://github.com/onelogin/php-saml.git",
+            "reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51"
+        },
+        "dist": {
+            "type": "zip",
+            "url": "https://api.github.com/repos/onelogin/php-saml/zipball/64aff7d58e68d98eaa9220e1041da2bc9214ab51",
+            "reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51",
+            "shasum": ""
+        },
+        "require": {
+            "ext-dom": "*",
+            "ext-mcrypt": "*",
+            "ext-openssl": "*",
+            "php": ">=5.3.2"
+        },
+        "require-dev": {
+            "pdepend/pdepend": "1.1.0",
+            "phploc/phploc": "*",
+            "phpunit/phpunit": "4.8",
+            "satooshi/php-coveralls": "1.0.1",
+            "sebastian/phpcpd": "*",
+            "squizlabs/php_codesniffer": "*"
+        },
+        "suggest": {
+            "ext-gettext": "Install gettext and php5-gettext libs to handle translations",
+            "ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption",
+            "lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
+        },
+        "time": "2016-06-27 09:24:27",
+        "type": "library",
+        "installation-source": "dist",
+        "autoload": {
+            "classmap": [
+                "extlib/xmlseclibs",
+                "lib/Saml",
+                "lib/Saml2"
+            ]
+        },
+        "notification-url": "https://packagist.org/downloads/",
+        "license": [
+            "MIT"
+        ],
+        "description": "OneLogin PHP SAML Toolkit",
+        "homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
+        "keywords": [
+            "SAML2",
+            "onelogin",
+            "saml"
+        ]
+    }
+]

3rdparty/vendor/onelogin/php-saml/.coveralls.yml

@@ -0,0 +1,7 @@
+service_name: travis-ci
+
+src_dir: lib
+
+coverage_clover: tests/build/logs/clover.xml
+
+json_path: tests/build/logs/coveralls-upload.json

3rdparty/vendor/onelogin/php-saml/.gitignore

@@ -0,0 +1,14 @@
+*.swp
+*~
+.DS_Store
+/settings.php
+/demo1/settings.php
+/demo-old/settings.php
+/certs/sp.key
+/certs/sp.crt
+/certs/metadata.key
+/certs/metadata.crt
+/tests/build
+/vendor
+/composer.lock
+/.idea

3rdparty/vendor/onelogin/php-saml/.travis.yml

@@ -0,0 +1,33 @@
+language: php
+
+php:
+  - 5.6
+  - 5.5
+  - 5.4
+  - 5.3
+  - 7.0
+
+env:
+ - TRAVIS=true
+
+before_install:
+ - curl -s https://getcomposer.org/installer | php
+ - php composer.phar install --prefer-source --no-interaction
+
+before_script:
+  - phpenv config-rm xdebug.ini
+
+script:
+  - phpunit --bootstrap tests/bootstrap.php --configuration tests/phpunit.xml
+  - php vendor/bin/phpcpd --exclude tests --exclude vendor .
+  - php vendor/bin/phploc . --exclude vendor
+  - php vendor/bin/phploc lib/.
+  - mkdir -p tests/build/dependences
+  - php vendor/bin/pdepend --summary-xml=tests/build/logs/dependence-summary.xml --jdepend-chart=tests/build/dependences/jdepend.svg --overview-pyramid=tests/build/dependences/pyramid.svg  lib/.
+  - php vendor/bin/phpcs --standard=tests/ZendModStandard lib/Saml2 demo1 demo2 demo-old endpoints tests/src
+
+after_script:
+  - export TRAVIS=https://travis-ci.org/onelogin/php-saml
+  - echo $TRAVIS
+  - echo $TRAVIS_JOB_ID
+  - php vendor/bin/coveralls --config .coveralls.yml -v

3rdparty/vendor/onelogin/php-saml/CHANGELOG

@@ -0,0 +1,121 @@
+CHANGELOG
+=========
+
+v.2.9.0
+-------
+* Change the decrypt assertion process.
+* Add 2 extra validations to prevent Signature wrapping attacks.
+* Remove reference to wrong NameIDFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified should be urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+* [128](https://github.com/onelogin/php-saml/pull/128) Test php7 and upgrade phpunit
+* Update Readme with more descriptive requestedAuthnContext description and Security Guidelines
+
+v.2.8.0
+-------
+* Make NameIDPolicy of AuthNRequest optional
+* Make nameID requirement on SAMLResponse optional
+* Fix empty URI support
+* Symmetric encryption key support
+* Add more Auth Context options to the constant class
+* Fix DSA_SHA1 constant on xmlseclibs
+* Set none requestedAuthnContext as default behaviour
+* Update xmlseclibs lib
+* Improve formatPrivateKey method
+* Fix bug when signing metadata, the SignatureMethod was not provided
+* Fix getter for lastRequestID parameter in OneLogin_Saml2_Auth class
+* Add $wantEncrypted parameter on addX509KeyDescriptors method that will allow to set KeyDescriptor[use='encryption'] if wantNameIdEncrypted or wantAssertionsEncrypted enabled
+* Add $stay parameter on redirectTo method. (login/logout supports $stay but I forgot add this on previous 2.7.0 version)
+* Improve code style
+
+v.2.7.0
+-------
+* Trim acs, slo and issuer urls.
+* Fix PHP 7 error (used continue outside a loop/switch).
+* Fix bug on organization element of the SP metadata builder.
+* Fix typos on documentation. Fix ALOWED Misspell.
+* Be able to extract RequestID. Add RequestID validation on demo1. 
+* Add $stay parameter to login, logout and processSLO method.
+
+v.2.6.1
+-------
+* Fix bug on cacheDuration of the Metadata XML generated.
+* Make SPNameQualifier optional on the generateNameId method. Avoid the use of SPNameQualifier when generating the NameID on the LogoutRequest builder.
+* Allows the authn comparsion attribute to be set via config.
+* Retrieve Session Timeout after processResponse with getSessionExpiration().
+* Improve readme readability.
+* Allow single log out to work for applications not leveraging php session_start. Added a callback parameter in order to close the session at processSLO.
+
+v.2.6.0
+-------
+* Set NAMEID_UNSPECIFIED as default NameIDFormat to prevent conflicts with IdPs that don't support NAMEID_PERSISTENT.
+* Now the SP is able to select the algorithm to be used on signatures (DSA_SHA1, RSA_SHA1, RSA_SHA256, RSA_SHA384, RSA_SHA512).
+* Change visibility of _decryptAssertion to protected.
+* Update xmlseclibs library.
+* Handle valid but uncommon dsig block with no URI in the reference.
+* login, logout and processSLO now return ->redirectTo instead of just call it.
+* Split the setting check methods. Now 1 method for IdP settings and other for SP settings.
+* Let the setting object to avoid the IdP setting check. required if we want to publish SP SAML Metadata when the IdP data is still not provided.
+
+v.2.5.0
+-------
+* Do accesible the ID of the object Logout Request (id attribute).
+* Add note about the fact that PHP 5.3 is unssuported.
+* Add fingerprint algorithm support.
+* Add dependences to composer.
+
+v.2.4.0
+-------
+* Fix wrong element order in generated metadata.
+* Added SLO with nameID and SessionIndex in demo1.
+* Improve isHTTPS method in order to support HTTP_X_FORWARDED_PORT.
+* Set optional the XMLvalidation (enable/disable it with wantXMLValidation security setting).
+
+v.2.3.0
+-------
+* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion.
+* Improve test and documentation.
+* Improve ADFS compatibility.
+* Remove unnecessary XSDs files.
+* Make available the reason for the saml message invalidation.
+* Adding ability to set idp cert once the Setting object initialized.
+* Fix status info issue.
+* Reject SAML Response if not signed and strict = false.
+* Support NameId and SessionIndex in LogoutRequest.
+* Add ForceAuh and IsPassive support.
+
+v.2.2.0
+-------
+* Fix bug with Encrypted nameID on LogoutRequest.
+* Fixed usability bug. SP will inform about AuthFail status after process a Response.
+* Added SessionIndex support on LogoutRequest, and know is accesible from the Auth class.
+* LogoutRequest and LogoutResponse classes now accept non deflated xml.
+* Improved the XML metadata/ Decrypted Assertion output. (prettyprint).
+* Fix bug in formatPrivateKey method, the key could be not RSA.
+* Explicit warning message for signed element problem.
+* Decrypt method improved.
+* Support more algorithm at the SigAlg in the Signed LogoutRequests and LogoutResponses
+* AuthNRequest now stores ID (it can be retrieved later).
+* Fixed a typo on the 'NameIdPolicy' attribute that appeared at the README and settings_example file.
+
+
+v.2.1.0
+-------
+
+* The isValid method of the Logout Request is now non-static. (affects processSLO method of Auth.php).
+* Logout Request constructor now accepts encoded logout requests.
+* Now after validate a message, if fails a method getError of the object will return the cause.
+* Fix typos.
+* Added extra parameters option to login and logout methods.
+* Improve Test (new test, use the new getError method for testing).
+* Bugfix namespace problem when getting Attributes.
+
+
+v.2.0.0
+-------
+
+* New PHP SAML Toolkit (SLO, Sign, Encryptation).
+
+
+v.1.0.0
+-------
+
+* Old PHP SAML Toolkit.

3rdparty/vendor/onelogin/php-saml/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2010-2014 OneLogin, LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

3rdparty/vendor/onelogin/php-saml/_toolkit_loader.php

@@ -0,0 +1,25 @@
+<?php
+
+// Create an __autoload function 
+// (can conflicts other autoloaders)
+// http://php.net/manual/en/language.oop5.autoload.php
+
+$libDir = dirname(__FILE__) . '/lib/Saml2/';
+$extlibDir = dirname(__FILE__) . '/extlib/';
+
+// Load composer
+if (file_exists('vendor/autoload.php')) {
+    require 'vendor/autoload.php';
+}
+
+// Load now external libs
+require_once $extlibDir . 'xmlseclibs/xmlseclibs.php';
+
+$folderInfo = scandir($libDir);
+
+foreach ($folderInfo as $element) {
+    if (is_file($libDir.$element) && (substr($element, -4) === '.php')) {
+        include_once $libDir.$element;
+    }
+}
+    

3rdparty/vendor/onelogin/php-saml/advanced_settings_example.php

@@ -0,0 +1,106 @@
+<?php
+
+$advancedSettings = array (
+
+    // Security settings
+    'security' => array (
+
+        /** signatures and encryptions offered */
+
+        // Indicates that the nameID of the <samlp:logoutRequest> sent by this SP
+        // will be encrypted.
+        'nameIdEncrypted' => false,
+
+        // Indicates whether the <samlp:AuthnRequest> messages sent by this SP
+        // will be signed.              [The Metadata of the SP will offer this info]
+        'authnRequestsSigned' => false,
+
+        // Indicates whether the <samlp:logoutRequest> messages sent by this SP
+        // will be signed.
+        'logoutRequestSigned' => false,
+
+        // Indicates whether the <samlp:logoutResponse> messages sent by this SP
+        // will be signed.
+        'logoutResponseSigned' => false,
+
+        /* Sign the Metadata
+         False || True (use sp certs) || array (
+                                                    keyFileName => 'metadata.key',
+                                                    certFileName => 'metadata.crt'
+                                                )
+        */
+        'signMetadata' => false,
+
+
+        /** signatures and encryptions required **/
+
+        // Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and
+        // <samlp:LogoutResponse> elements received by this SP to be signed.
+        'wantMessagesSigned' => false,
+
+        // Indicates a requirement for the <saml:Assertion> elements received by
+        // this SP to be signed.        [The Metadata of the SP will offer this info]
+        'wantAssertionsSigned' => false,
+
+        // Indicates a requirement for the NameID element on the SAMLResponse received
+        // by this SP to be present.
+        'wantNameId' => true,
+
+        // Indicates a requirement for the NameID received by
+        // this SP to be encrypted.
+        'wantNameIdEncrypted' => false,
+
+        // Authentication context.
+        // Set to false and no AuthContext will be sent in the AuthNRequest,
+        // Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+        // Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
+        'requestedAuthnContext' => false,
+
+        // Allows the authn comparison parameter to be set, defaults to 'exact' if
+        // the setting is not present.
+        'requestedAuthnContextComparison' => 'exact',
+
+        // Indicates if the SP will validate all received xmls.
+        // (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
+        'wantXMLValidation' => true,
+
+        // Algorithm that the toolkit will use on signing process. Options:
+        //    'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
+        //    'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
+        //    'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
+        //    'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
+        //    'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
+        'signatureAlgorithm' => 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
+    ),
+
+    // Contact information template, it is recommended to suply a technical and support contacts
+    'contactPerson' => array (
+        'technical' => array (
+            'givenName' => '',
+            'emailAddress' => ''
+        ),
+        'support' => array (
+            'givenName' => '',
+            'emailAddress' => ''
+        ),
+    ),
+
+    // Organization information template, the info in en_US lang is recomended, add more if required
+    'organization' => array (
+        'en-US' => array(
+            'name' => '',
+            'displayname' => '',
+            'url' => ''
+        ),
+    ),
+);
+
+
+/* Interoperable SAML 2.0 Web Browser SSO Profile [saml2int]   http://saml2int.org/profile/current
+
+   'authnRequestsSigned' => false,    // SP SHOULD NOT sign the <samlp:AuthnRequest>,
+                                      // MUST NOT assume that the IdP validates the sign
+   'wantAssertionsSigned' => true,
+   'wantAssertionsEncrypted' => true, // MUST be enabled if SSL/HTTPs is disabled
+   'wantNameIdEncrypted' => false,
+*/

3rdparty/vendor/onelogin/php-saml/compatibility.php

@@ -0,0 +1,12 @@
+<?php
+ 
+/**
+ *  Compability with the old PHP Toolkit
+ */
+
+define('ONELOGIN_SAML_DIR', 'lib/Saml/');
+require_once ONELOGIN_SAML_DIR . 'AuthRequest.php';
+require_once ONELOGIN_SAML_DIR . 'Response.php';
+require_once ONELOGIN_SAML_DIR . 'Settings.php';
+require_once ONELOGIN_SAML_DIR . 'XmlSec.php';
+require_once ONELOGIN_SAML_DIR . 'Metadata.php';

3rdparty/vendor/onelogin/php-saml/composer.json

@@ -0,0 +1,39 @@
+{
+    "name": "onelogin/php-saml",
+    "description": "OneLogin PHP SAML Toolkit",
+    "license": "MIT",
+    "version": "2.9.0",
+    "homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
+    "keywords": ["saml", "saml2", "onelogin"],
+    "autoload": {
+        "classmap": [
+            "extlib/xmlseclibs",
+            "lib/Saml",
+            "lib/Saml2"
+        ]
+    },
+    "support": {
+        "email": "sixto.garcia@onelogin.com",
+        "issues": "https://github.com/onelogin/php-saml/issues",
+        "source": "https://github.com/onelogin/php-saml/"
+    },
+    "require": {
+        "php": ">=5.3.2",
+        "ext-openssl": "*",
+        "ext-dom": "*",
+        "ext-mcrypt": "*"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "4.8",
+        "satooshi/php-coveralls": "1.0.1",
+        "sebastian/phpcpd": "*",
+        "phploc/phploc": "*",
+        "pdepend/pdepend" : "1.1.0",
+        "squizlabs/php_codesniffer": "*"
+    },
+    "suggest": {
+        "lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)",
+        "ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption",
+        "ext-gettext": "Install gettext and php5-gettext libs to handle translations"
+    }
+}

3rdparty/vendor/onelogin/php-saml/endpoints/acs.php

@@ -0,0 +1,51 @@
+<?php
+ 
+/**
+ *  SP Assertion Consumer Service Endpoint
+ */
+
+session_start();
+
+require_once dirname(dirname(__FILE__)).'/_toolkit_loader.php';
+
+$auth = new OneLogin_Saml2_Auth();
+
+$auth->processResponse();
+
+$errors = $auth->getErrors();
+
+if (!empty($errors)) {
+    print_r('<p>'.implode(', ', $errors).'</p>');
+    exit();
+}
+
+if (!$auth->isAuthenticated()) {
+    echo "<p>Not authenticated</p>";
+    exit();
+}
+
+$_SESSION['samlUserdata'] = $auth->getAttributes();
+$_SESSION['IdPSessionIndex'] = $auth->getSessionIndex();
+if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
+    $auth->redirectTo($_POST['RelayState']);
+}
+
+$attributes = $_SESSION['samlUserdata'];
+
+if (!empty($attributes)) {
+    echo '<h1>'._('User attributes:').'</h1>';
+    echo '<table><thead><th>'._('Name').'</th><th>'._('Values').'</th></thead><tbody>';
+    foreach ($attributes as $attributeName => $attributeValues) {
+        echo '<tr><td>'.htmlentities($attributeName).'</td><td><ul>';
+        foreach ($attributeValues as $attributeValue) {
+            echo '<li>'.htmlentities($attributeValue).'</li>';
+        }
+        echo '</ul></td></tr>';
+    }
+    echo '</tbody></table>';
+    if (!empty($_SESSION['IdPSessionIndex'])) {
+        echo '<p>The SessionIndex of the IdP is: '.$_SESSION['IdPSessionIndex'].'</p>';
+    }
+} else {
+    echo _('Attributes not found');
+}

3rdparty/vendor/onelogin/php-saml/endpoints/metadata.php

@@ -0,0 +1,25 @@
+<?php
+ 
+/**
+ *  SP Metadata Endpoint
+ */
+
+require_once dirname(dirname(__FILE__)).'/_toolkit_loader.php';
+
+try {
+    $auth = new OneLogin_Saml2_Auth();
+    $settings = $auth->getSettings();
+    $metadata = $settings->getSPMetadata();
+    $errors = $settings->validateMetadata($metadata);
+    if (empty($errors)) {
+        header('Content-Type: text/xml');
+        echo $metadata;
+    } else {
+        throw new OneLogin_Saml2_Error(
+            'Invalid SP metadata: '.implode(', ', $errors),
+            OneLogin_Saml2_Error::METADATA_SP_INVALID
+        );
+    }
+} catch (Exception $e) {
+    echo $e->getMessage();
+}

3rdparty/vendor/onelogin/php-saml/endpoints/sls.php

@@ -0,0 +1,21 @@
+<?php
+ 
+/**
+ *  SP Single Logout Service Endpoint
+ */
+
+session_start();
+
+require_once dirname(dirname(__FILE__)).'/_toolkit_loader.php';
+
+$auth = new OneLogin_Saml2_Auth();
+
+$auth->processSLO();
+
+$errors = $auth->getErrors();
+
+if (empty($errors)) {
+    print_r('Sucessfully logged out');
+} else {
+    print_r(implode(', ', $errors));
+}

3rdparty/vendor/onelogin/php-saml/extlib/xmlseclibs/CHANGELOG.txt

@@ -0,0 +1,130 @@
+xmlseclibs.php
+??, ??? ????, 2.0.0
+Features:
+- Support for locating specific signature when multiple exist in 
+  document. (griga3k)
+
+23, Jun 2015, 1.4.0
+Features:
+- Support for PSR-0 standard.
+- Support for X509SubjectName. (Milos Tomic)
+- Add HMAC-SHA1 support.
+
+Improvements:
+- Add how to install to README. (Bernardo Vieira da Silva)
+- Code cleanup. (Jaime Pérez)
+- Normalilze tests. (Hidde Wieringa)
+- Add basic usage to README. (Hidde Wieringa)
+
+21, May 2015, 1.3.2
+Bug Fixes:
+- Fix Undefined variable notice. (dpieper85)
+- Fix typo when setting MimeType attribute. (Eugene OZ)
+- Fix validateReference() with enveloping signatures
+
+Features:
+- canonicalizeData performance optimization. (Jaime Pérez)
+- Add composer support (Maks3w)
+
+19, Jun 2013, 1.3.1
+Features:
+- return encrypted node from XMLSecEnc::encryptNode() when replace is set to 
+  false. (Olav)
+- Add support for RSA SHA384 and RSA_SHA512 and SHA384 digest. (Jaime PŽrez)
+- Add options parameter to the add cert methods.
+- Add optional issuerSerial creation with cert
+
+Bug Fixes:
+- Fix persisted Id when namespaced. (Koen Thomeer)
+
+Improvements:
+- Add LICENSE file
+- Convert CHANGELOG.txt to UTF-8
+
+26, Sep 2011, 1.3.0
+Features:
+- Add param to append sig to node when signing. Fixes a problem when using 
+  inclusive canonicalization to append a signature within a namespaced subtree.
+  ex. $objDSig->sign($objKey, $appendToNode); 
+- Add ability to encrypt by reference
+- Add support for refences within an encrypted key
+- Add thumbprint generation capability (XMLSecurityKey->getX509Thumbprint() and 
+  XMLSecurityKey::getRawThumbprint($cert))
+- Return signature element node from XMLSecurityDSig::insertSignature() and 
+  XMLSecurityDSig::appendSignature() methods
+- Support for <ds:RetrievalMethod> with simple URI Id reference.
+- Add XMLSecurityKey::getSymmetricKeySize() method (Olav)
+- Add XMLSecEnc::getCipherValue() method (Olav)
+- Improve XMLSecurityKey:generateSessionKey() logic (Olav)
+
+Bug Fixes:
+- Change split() to explode() as split is now depreciated
+- ds:References using empty or simple URI Id reference should never include 
+  comments in canonicalized data.
+- Make sure that the elements in EncryptedData are emitted in the correct 
+  sequence.
+
+11 Jan 2010, 1.2.2
+Features:
+- Add support XPath support when creating signature. Provides support for 
+  working with EBXML documents.
+- Add reference option to force creation of URI attribute. For use
+  when adding a DOM Document where by default no URI attribute is added.
+- Add support for RSA-SHA256
+
+Bug Fixes:
+- fix bug #5: createDOMDocumentFragment() in decryptNode when data is node 
+  content (patch by Francois Wang)
+
+
+08 Jul 2008, 1.2.1
+Features:
+- Attempt to use mhash when hash extension is not present. (Alfredo Cubitos).
+- Add fallback to built-in sha1 if both hash and mhash are not available and 
+  throw error for other for other missing hashes. (patch by Olav Morken).
+- Add getX509Certificate method to retrieve the x509 cert used for Key. 
+  (patch by Olav Morken).
+- Add getValidatedNodes method to retrieve the elements signed by the 
+  signature. (patch by Olav Morken).
+- Add insertSignature method for precision signature insertion. Merge 
+  functionality from appendSignature in the process. (Olav Morken, Rob).
+- Finally add some tests
+
+Bug Fixes:
+- Fix canonicalization for Document node when using PHP < 5.2.
+- Add padding for RSA_SHA1. (patch by Olav Morken).
+
+
+27 Nov 2007, 1.2.0
+Features:
+- New addReference/List option (overwrite). Boolean flag indicating if URI
+  value should be overwritten if already existing within document.
+  Default is TRUE to maintain BC.
+
+18 Nov 2007, 1.1.2
+Bug Fixes:
+- Remove closing PHP tag to fix extra whitespace characters from being output
+
+11 Nov 2007, 1.1.1
+Features:
+- Add getRefNodeID() and getRefIDs() methods missed in previous release.
+  Provide functionality to find URIs of existing reference nodes.
+  Required by simpleSAMLphp project
+
+Bug Fixes:
+- Remove erroneous whitespace causing issues under certain circumastances.
+
+18 Oct 2007, 1.1.0
+Features:
+- Enable creation of enveloping signature. This allows the creation of
+  managed information cards.
+- Add addObject method for enveloping signatures.
+- Add staticGet509XCerts method. Chained certificates within a PEM file can
+  now be added within the X509Data node.
+- Add xpath support within transformations
+- Add InclusiveNamespaces prefix list support within exclusive transformations.
+
+Bug Fixes:
+- Initialize random number generator for mcrypt_create_iv. (Joan Cornadó).
+- Fix an interoperability issue with .NET when encrypting data in CBC mode.
+  (Joan Cornadó).

3rdparty/vendor/onelogin/php-saml/extlib/xmlseclibs/LICENSE

@@ -0,0 +1,31 @@
+Copyright (c) 2007-2013, Robert Richards <rrichards@cdatazone.org>.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+  * Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+  * Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the
+    distribution.
+
+  * Neither the name of Robert Richards nor the names of his
+    contributors may be used to endorse or promote products derived
+    from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.

3rdparty/vendor/onelogin/php-saml/lib/Saml/AuthRequest.php

@@ -0,0 +1,65 @@
+<?php
+
+class OneLogin_Saml_AuthRequest
+{
+
+    /**
+     * @var OneLogin_Saml2_Auth object
+     */
+    protected $auth;
+
+    /**
+     * Constructs the OneLogin_Saml2_Auth, initializing
+     * the SP SAML instance.
+     *
+     * @param array|object $settings SAML Toolkit Settings
+     */
+    public function __construct($settings)
+    {
+        $this->auth = new OneLogin_Saml2_Auth($settings);
+    }
+
+    /**
+     * Obtains the SSO URL containing the AuthRequest
+     * message deflated.
+     *
+     * @param string|null $returnTo
+     *
+     * @return string
+     *
+     * @throws OneLogin_Saml2_Error
+     */
+    public function getRedirectUrl($returnTo = null)
+    {
+        $settings = $this->auth->getSettings();
+        $authnRequest = new OneLogin_Saml2_AuthnRequest($settings);
+        $parameters = array('SAMLRequest' => $authnRequest->getRequest());
+        if (!empty($returnTo)) {
+            $parameters['RelayState'] = $returnTo;
+        } else {
+            $parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery();
+        }
+        $url = OneLogin_Saml2_Utils::redirect($this->auth->getSSOurl(), $parameters, true);
+        return $url;
+    }
+
+    /**
+     * @return string
+     */
+    protected function _generateUniqueID()
+    {
+        return OneLogin_Saml2_Utils::generateUniqueID();
+    }
+
+    /**
+     * @return string
+     */
+    protected function _getTimestamp()
+    {
+        $defaultTimezone = date_default_timezone_get();
+        date_default_timezone_set('UTC');
+        $timestamp = strftime("%Y-%m-%dT%H:%M:%SZ");
+        date_default_timezone_set($defaultTimezone);
+        return $timestamp;
+    }
+}

3rdparty/vendor/onelogin/php-saml/lib/Saml/Metadata.php

@@ -0,0 +1,39 @@
+<?php
+
+class OneLogin_Saml_Metadata
+{
+    const VALIDITY_SECONDS = 604800; // 1 week
+
+    protected $_settings;
+
+    /**
+     * @param array|object|null $settings Setting data
+     */
+    public function __construct($settings = null)
+    {
+        $auth = new OneLogin_Saml2_Auth($settings);
+        $this->_settings = $auth->getSettings();
+    }
+
+    /**
+     * @return string
+     *
+     * @throws OneLogin_Saml2_Error
+     */
+    public function getXml()
+    {
+        return $this->_settings->getSPMetadata();
+    }
+
+    /**
+     * @return string
+     */
+    protected function _getMetadataValidTimestamp()
+    {
+        $timeZone = date_default_timezone_get();
+        date_default_timezone_set('UTC');
+        $time = strftime("%Y-%m-%dT%H:%M:%SZ", time() + self::VALIDITY_SECONDS);
+        date_default_timezone_set($timeZone);
+        return $time;
+    }
+}

3rdparty/vendor/onelogin/php-saml/lib/Saml/Response.php

@@ -0,0 +1,39 @@
+<?php
+
+class OneLogin_Saml_Response extends OneLogin_Saml2_Response
+{
+    /**
+     * Constructor that process the SAML Response,
+     * Internally initializes an SP SAML instance
+     * and an OneLogin_Saml2_Response.
+     *
+     * @param array|object $oldSettings Settings
+     * @param string       $assertion  SAML Response
+     */
+    public function __construct($oldSettings, $assertion)
+    {
+        $auth = new OneLogin_Saml2_Auth($oldSettings);
+        $settings = $auth->getSettings();
+        parent::__construct($settings, $assertion);
+    }
+
+    /**
+     * Retrieves an Array with the logged user data.
+     *
+     * @return array
+     */
+    public function get_saml_attributes()
+    {
+        return $this->getAttributes();
+    }
+
+    /**
+     * Retrieves the nameId
+     *
+     * @return string
+     */
+    public function get_nameid()
+    {
+        return $this->getNameId();
+    }
+}

3rdparty/vendor/onelogin/php-saml/lib/Saml/Settings.php

@@ -0,0 +1,80 @@
+<?php
+
+/**
+ * Holds SAML settings for the SamlResponse and SamlAuthRequest classes.
+ *
+ * These settings need to be filled in by the user prior to being used.
+ */
+class OneLogin_Saml_Settings
+{
+    const NAMEID_EMAIL_ADDRESS                 = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress';
+    const NAMEID_X509_SUBJECT_NAME             = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName';
+    const NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName';
+    const NAMEID_KERBEROS   = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos';
+    const NAMEID_ENTITY     = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity';
+    const NAMEID_TRANSIENT  = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
+    const NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent';
+
+    /**
+     * The URL to submit SAML authentication requests to.
+     * @var string
+     */
+    public $idpSingleSignOnUrl = '';
+
+    /**
+     * The URL to submit SAML Logout Request to.
+     * @var string
+     */
+    public $idpSingleLogOutUrl = '';
+
+    /**
+     * The x509 certificate used to authenticate the request.
+     * @var string
+     */
+    public $idpPublicCertificate = '';
+
+    /**
+     * The URL where to the SAML Response/SAML Assertion will be posted.
+     * @var string
+     */
+    public $spReturnUrl = '';
+
+    /**
+     * The name of the application.
+     * @var string
+     */
+    public $spIssuer = 'php-saml';
+
+    /**
+     * Specifies what format to return the authentication token, i.e, the email address.
+     * @var string
+     */
+    public $requestedNameIdFormat = self::NAMEID_EMAIL_ADDRESS;
+
+    /**
+     * @return array<string,array> Values (compatibility with the new version)
+     */
+    public function getValues()
+    {
+        $values = array();
+
+        $values['sp'] = array();
+        $values['sp']['entityId'] = $this->spIssuer;
+        $values['sp']['assertionConsumerService'] = array(
+            'url' => $this->spReturnUrl,
+