Initial import

stable9
Lukas Reschke 6 years ago
parent 4d2517473a
commit ada6b6ebc8
No known key found for this signature in database
GPG Key ID: 9AB0ADB949B6898C
  1. 5
      3rdparty/composer.json
  2. 73
      3rdparty/composer.lock
  3. 7
      3rdparty/vendor/autoload.php
  4. 413
      3rdparty/vendor/composer/ClassLoader.php
  5. 21
      3rdparty/vendor/composer/LICENSE
  6. 27
      3rdparty/vendor/composer/autoload_classmap.php
  7. 9
      3rdparty/vendor/composer/autoload_namespaces.php
  8. 9
      3rdparty/vendor/composer/autoload_psr4.php
  9. 45
      3rdparty/vendor/composer/autoload_real.php
  10. 58
      3rdparty/vendor/composer/installed.json
  11. 7
      3rdparty/vendor/onelogin/php-saml/.coveralls.yml
  12. 14
      3rdparty/vendor/onelogin/php-saml/.gitignore
  13. 33
      3rdparty/vendor/onelogin/php-saml/.travis.yml
  14. 121
      3rdparty/vendor/onelogin/php-saml/CHANGELOG
  15. 19
      3rdparty/vendor/onelogin/php-saml/LICENSE
  16. 1411
      3rdparty/vendor/onelogin/php-saml/README.md
  17. 25
      3rdparty/vendor/onelogin/php-saml/_toolkit_loader.php
  18. 106
      3rdparty/vendor/onelogin/php-saml/advanced_settings_example.php
  19. 12
      3rdparty/vendor/onelogin/php-saml/compatibility.php
  20. 39
      3rdparty/vendor/onelogin/php-saml/composer.json
  21. 51
      3rdparty/vendor/onelogin/php-saml/endpoints/acs.php
  22. 25
      3rdparty/vendor/onelogin/php-saml/endpoints/metadata.php
  23. 21
      3rdparty/vendor/onelogin/php-saml/endpoints/sls.php
  24. 130
      3rdparty/vendor/onelogin/php-saml/extlib/xmlseclibs/CHANGELOG.txt
  25. 31
      3rdparty/vendor/onelogin/php-saml/extlib/xmlseclibs/LICENSE
  26. 1721
      3rdparty/vendor/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php
  27. 65
      3rdparty/vendor/onelogin/php-saml/lib/Saml/AuthRequest.php
  28. 39
      3rdparty/vendor/onelogin/php-saml/lib/Saml/Metadata.php
  29. 39
      3rdparty/vendor/onelogin/php-saml/lib/Saml/Response.php
  30. 80
      3rdparty/vendor/onelogin/php-saml/lib/Saml/Settings.php
  31. 110
      3rdparty/vendor/onelogin/php-saml/lib/Saml/XmlSec.php
  32. 514
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php
  33. 158
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/AuthnRequest.php
  34. 69
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/Constants.php
  35. 41
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/Error.php
  36. 384
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutRequest.php
  37. 264
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutResponse.php
  38. 184
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/Metadata.php
  39. 754
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/Response.php
  40. 873
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/Settings.php
  41. 1077
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/Utils.php
  42. 283
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/saml-schema-assertion-2.0.xsd
  43. 23
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/saml-schema-authn-context-2.0.xsd
  44. 821
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/saml-schema-authn-context-types-2.0.xsd
  45. 336
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/saml-schema-metadata-2.0.xsd
  46. 302
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/saml-schema-protocol-2.0.xsd
  47. 35
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/sstc-metadata-attr.xsd
  48. 25
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/sstc-saml-attribute-ext.xsd
  49. 41
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/sstc-saml-metadata-algsupport-v1.0.xsd
  50. 89
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/sstc-saml-metadata-ui-v1.0.xsd
  51. 136
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/xenc-schema.xsd
  52. 287
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/xml.xsd
  53. 309
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/schemas/xmldsig-core-schema.xsd
  54. 6
      3rdparty/vendor/onelogin/php-saml/lib/Saml2/version.json
  55. BIN
      3rdparty/vendor/onelogin/php-saml/locale/en_US/LC_MESSAGES/phptoolkit.mo
  56. 26
      3rdparty/vendor/onelogin/php-saml/locale/en_US/LC_MESSAGES/phptoolkit.po
  57. BIN
      3rdparty/vendor/onelogin/php-saml/locale/es_ES/LC_MESSAGES/phptoolkit.mo
  58. 27
      3rdparty/vendor/onelogin/php-saml/locale/es_ES/LC_MESSAGES/phptoolkit.po
  59. 37
      3rdparty/vendor/onelogin/php-saml/phpdoc.xml
  60. 84
      3rdparty/vendor/onelogin/php-saml/settings_example.php
  61. 25
      admin.php
  62. 42
      appinfo/app.php
  63. 12
      appinfo/info.xml
  64. 46
      appinfo/routes.php
  65. 11
      css/settings.css
  66. 49
      js/settings.js
  67. 59
      lib/appinfo/application.php
  68. 125
      lib/controller/samlcontroller.php
  69. 76
      lib/controller/settingscontroller.php
  70. 100
      lib/samlsettings.php
  71. 181
      lib/userbackend.php
  72. 54
      templates/settings.php

@ -0,0 +1,5 @@
{
"require": {
"onelogin/php-saml": "^2.9"
}
}

73
3rdparty/composer.lock generated vendored

@ -0,0 +1,73 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "993f6c41684d235f66993e52d9b7dce0",
"content-hash": "bf3d6d016eca22c120719d73eb98378d",
"packages": [
{
"name": "onelogin/php-saml",
"version": "2.9.0",
"source": {
"type": "git",
"url": "https://github.com/onelogin/php-saml.git",
"reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/64aff7d58e68d98eaa9220e1041da2bc9214ab51",
"reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-mcrypt": "*",
"ext-openssl": "*",
"php": ">=5.3.2"
},
"require-dev": {
"pdepend/pdepend": "1.1.0",
"phploc/phploc": "*",
"phpunit/phpunit": "4.8",
"satooshi/php-coveralls": "1.0.1",
"sebastian/phpcpd": "*",
"squizlabs/php_codesniffer": "*"
},
"suggest": {
"ext-gettext": "Install gettext and php5-gettext libs to handle translations",
"ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption",
"lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
},
"type": "library",
"autoload": {
"classmap": [
"extlib/xmlseclibs",
"lib/Saml",
"lib/Saml2"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "OneLogin PHP SAML Toolkit",
"homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
"keywords": [
"SAML2",
"onelogin",
"saml"
],
"time": "2016-06-27 09:24:27"
}
],
"packages-dev": [],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": [],
"prefer-stable": false,
"prefer-lowest": false,
"platform": [],
"platform-dev": []
}

@ -0,0 +1,7 @@
<?php
// autoload.php @generated by Composer
require_once __DIR__ . '/composer' . '/autoload_real.php';
return ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getLoader();

@ -0,0 +1,413 @@
<?php
/*
* This file is part of Composer.
*
* (c) Nils Adermann <naderman@naderman.de>
* Jordi Boggiano <j.boggiano@seld.be>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Composer\Autoload;
/**
* ClassLoader implements a PSR-0, PSR-4 and classmap class loader.
*
* $loader = new \Composer\Autoload\ClassLoader();
*
* // register classes with namespaces
* $loader->add('Symfony\Component', __DIR__.'/component');
* $loader->add('Symfony', __DIR__.'/framework');
*
* // activate the autoloader
* $loader->register();
*
* // to enable searching the include path (eg. for PEAR packages)
* $loader->setUseIncludePath(true);
*
* In this example, if you try to use a class in the Symfony\Component
* namespace or one of its children (Symfony\Component\Console for instance),
* the autoloader will first look for the class under the component/
* directory, and it will then fallback to the framework/ directory if not
* found before giving up.
*
* This class is loosely based on the Symfony UniversalClassLoader.
*
* @author Fabien Potencier <fabien@symfony.com>
* @author Jordi Boggiano <j.boggiano@seld.be>
* @see http://www.php-fig.org/psr/psr-0/
* @see http://www.php-fig.org/psr/psr-4/
*/
class ClassLoader
{
// PSR-4
private $prefixLengthsPsr4 = array();
private $prefixDirsPsr4 = array();
private $fallbackDirsPsr4 = array();
// PSR-0
private $prefixesPsr0 = array();
private $fallbackDirsPsr0 = array();
private $useIncludePath = false;
private $classMap = array();
private $classMapAuthoritative = false;
public function getPrefixes()
{
if (!empty($this->prefixesPsr0)) {
return call_user_func_array('array_merge', $this->prefixesPsr0);
}
return array();
}
public function getPrefixesPsr4()
{
return $this->prefixDirsPsr4;
}
public function getFallbackDirs()
{
return $this->fallbackDirsPsr0;
}
public function getFallbackDirsPsr4()
{
return $this->fallbackDirsPsr4;
}
public function getClassMap()
{
return $this->classMap;
}
/**
* @param array $classMap Class to filename map
*/
public function addClassMap(array $classMap)
{
if ($this->classMap) {
$this->classMap = array_merge($this->classMap, $classMap);
} else {
$this->classMap = $classMap;
}
}
/**
* Registers a set of PSR-0 directories for a given prefix, either
* appending or prepending to the ones previously set for this prefix.
*
* @param string $prefix The prefix
* @param array|string $paths The PSR-0 root directories
* @param bool $prepend Whether to prepend the directories
*/
public function add($prefix, $paths, $prepend = false)
{
if (!$prefix) {
if ($prepend) {
$this->fallbackDirsPsr0 = array_merge(
(array) $paths,
$this->fallbackDirsPsr0
);
} else {
$this->fallbackDirsPsr0 = array_merge(
$this->fallbackDirsPsr0,
(array) $paths
);
}
return;
}
$first = $prefix[0];
if (!isset($this->prefixesPsr0[$first][$prefix])) {
$this->prefixesPsr0[$first][$prefix] = (array) $paths;
return;
}
if ($prepend) {
$this->prefixesPsr0[$first][$prefix] = array_merge(
(array) $paths,
$this->prefixesPsr0[$first][$prefix]
);
} else {
$this->prefixesPsr0[$first][$prefix] = array_merge(
$this->prefixesPsr0[$first][$prefix],
(array) $paths
);
}
}
/**
* Registers a set of PSR-4 directories for a given namespace, either
* appending or prepending to the ones previously set for this namespace.
*
* @param string $prefix The prefix/namespace, with trailing '\\'
* @param array|string $paths The PSR-4 base directories
* @param bool $prepend Whether to prepend the directories
*
* @throws \InvalidArgumentException
*/
public function addPsr4($prefix, $paths, $prepend = false)
{
if (!$prefix) {
// Register directories for the root namespace.
if ($prepend) {
$this->fallbackDirsPsr4 = array_merge(
(array) $paths,
$this->fallbackDirsPsr4
);
} else {
$this->fallbackDirsPsr4 = array_merge(
$this->fallbackDirsPsr4,
(array) $paths
);
}
} elseif (!isset($this->prefixDirsPsr4[$prefix])) {
// Register directories for a new namespace.
$length = strlen($prefix);
if ('\\' !== $prefix[$length - 1]) {
throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
}
$this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
$this->prefixDirsPsr4[$prefix] = (array) $paths;
} elseif ($prepend) {
// Prepend directories for an already registered namespace.
$this->prefixDirsPsr4[$prefix] = array_merge(
(array) $paths,
$this->prefixDirsPsr4[$prefix]
);
} else {
// Append directories for an already registered namespace.
$this->prefixDirsPsr4[$prefix] = array_merge(
$this->prefixDirsPsr4[$prefix],
(array) $paths
);
}
}
/**
* Registers a set of PSR-0 directories for a given prefix,
* replacing any others previously set for this prefix.
*
* @param string $prefix The prefix
* @param array|string $paths The PSR-0 base directories
*/
public function set($prefix, $paths)
{
if (!$prefix) {
$this->fallbackDirsPsr0 = (array) $paths;
} else {
$this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths;
}
}
/**
* Registers a set of PSR-4 directories for a given namespace,
* replacing any others previously set for this namespace.
*
* @param string $prefix The prefix/namespace, with trailing '\\'
* @param array|string $paths The PSR-4 base directories
*
* @throws \InvalidArgumentException
*/
public function setPsr4($prefix, $paths)
{
if (!$prefix) {
$this->fallbackDirsPsr4 = (array) $paths;
} else {
$length = strlen($prefix);
if ('\\' !== $prefix[$length - 1]) {
throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
}
$this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
$this->prefixDirsPsr4[$prefix] = (array) $paths;
}
}
/**
* Turns on searching the include path for class files.
*
* @param bool $useIncludePath
*/
public function setUseIncludePath($useIncludePath)
{
$this->useIncludePath = $useIncludePath;
}
/**
* Can be used to check if the autoloader uses the include path to check
* for classes.
*
* @return bool
*/
public function getUseIncludePath()
{
return $this->useIncludePath;
}
/**
* Turns off searching the prefix and fallback directories for classes
* that have not been registered with the class map.
*
* @param bool $classMapAuthoritative
*/
public function setClassMapAuthoritative($classMapAuthoritative)
{
$this->classMapAuthoritative = $classMapAuthoritative;
}
/**
* Should class lookup fail if not found in the current class map?
*
* @return bool
*/
public function isClassMapAuthoritative()
{
return $this->classMapAuthoritative;
}
/**
* Registers this instance as an autoloader.
*
* @param bool $prepend Whether to prepend the autoloader or not
*/
public function register($prepend = false)
{
spl_autoload_register(array($this, 'loadClass'), true, $prepend);
}
/**
* Unregisters this instance as an autoloader.
*/
public function unregister()
{
spl_autoload_unregister(array($this, 'loadClass'));
}
/**
* Loads the given class or interface.
*
* @param string $class The name of the class
* @return bool|null True if loaded, null otherwise
*/
public function loadClass($class)
{
if ($file = $this->findFile($class)) {
includeFile($file);
return true;
}
}
/**
* Finds the path to the file where the class is defined.
*
* @param string $class The name of the class
*
* @return string|false The path if found, false otherwise
*/
public function findFile($class)
{
// work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731
if ('\\' == $class[0]) {
$class = substr($class, 1);
}
// class map lookup
if (isset($this->classMap[$class])) {
return $this->classMap[$class];
}
if ($this->classMapAuthoritative) {
return false;
}
$file = $this->findFileWithExtension($class, '.php');
// Search for Hack files if we are running on HHVM
if ($file === null && defined('HHVM_VERSION')) {
$file = $this->findFileWithExtension($class, '.hh');
}
if ($file === null) {
// Remember that this class does not exist.
return $this->classMap[$class] = false;
}
return $file;
}
private function findFileWithExtension($class, $ext)
{
// PSR-4 lookup
$logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext;
$first = $class[0];
if (isset($this->prefixLengthsPsr4[$first])) {
foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) {
if (0 === strpos($class, $prefix)) {
foreach ($this->prefixDirsPsr4[$prefix] as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) {
return $file;
}
}
}
}
}
// PSR-4 fallback dirs
foreach ($this->fallbackDirsPsr4 as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) {
return $file;
}
}
// PSR-0 lookup
if (false !== $pos = strrpos($class, '\\')) {
// namespaced class name
$logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1)
. strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR);
} else {
// PEAR-like class name
$logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext;
}
if (isset($this->prefixesPsr0[$first])) {
foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
if (0 === strpos($class, $prefix)) {
foreach ($dirs as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
return $file;
}
}
}
}
}
// PSR-0 fallback dirs
foreach ($this->fallbackDirsPsr0 as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
return $file;
}
}
// PSR-0 include paths.
if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) {
return $file;
}
}
}
/**
* Scope isolated include.
*
* Prevents access to $this/self from included files.
*/
function includeFile($file)
{
include $file;
}

@ -0,0 +1,21 @@
Copyright (c) 2016 Nils Adermann, Jordi Boggiano
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

@ -0,0 +1,27 @@
<?php
// autoload_classmap.php @generated by Composer
$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
'OneLogin_Saml2_Auth' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Auth.php',
'OneLogin_Saml2_AuthnRequest' => $vendorDir . '/onelogin/php-saml/lib/Saml2/AuthnRequest.php',
'OneLogin_Saml2_Constants' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Constants.php',
'OneLogin_Saml2_Error' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Error.php',
'OneLogin_Saml2_LogoutRequest' => $vendorDir . '/onelogin/php-saml/lib/Saml2/LogoutRequest.php',
'OneLogin_Saml2_LogoutResponse' => $vendorDir . '/onelogin/php-saml/lib/Saml2/LogoutResponse.php',
'OneLogin_Saml2_Metadata' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Metadata.php',
'OneLogin_Saml2_Response' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Response.php',
'OneLogin_Saml2_Settings' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Settings.php',
'OneLogin_Saml2_Utils' => $vendorDir . '/onelogin/php-saml/lib/Saml2/Utils.php',
'OneLogin_Saml_AuthRequest' => $vendorDir . '/onelogin/php-saml/lib/Saml/AuthRequest.php',
'OneLogin_Saml_Metadata' => $vendorDir . '/onelogin/php-saml/lib/Saml/Metadata.php',
'OneLogin_Saml_Response' => $vendorDir . '/onelogin/php-saml/lib/Saml/Response.php',
'OneLogin_Saml_Settings' => $vendorDir . '/onelogin/php-saml/lib/Saml/Settings.php',
'OneLogin_Saml_XmlSec' => $vendorDir . '/onelogin/php-saml/lib/Saml/XmlSec.php',
'XMLSecEnc' => $vendorDir . '/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php',
'XMLSecurityDSig' => $vendorDir . '/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php',
'XMLSecurityKey' => $vendorDir . '/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php',
);

@ -0,0 +1,9 @@
<?php
// autoload_namespaces.php @generated by Composer
$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
);

@ -0,0 +1,9 @@
<?php
// autoload_psr4.php @generated by Composer
$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
);

@ -0,0 +1,45 @@
<?php
// autoload_real.php @generated by Composer
class ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc
{
private static $loader;
public static function loadClassLoader($class)
{
if ('Composer\Autoload\ClassLoader' === $class) {
require __DIR__ . '/ClassLoader.php';
}
}
public static function getLoader()
{
if (null !== self::$loader) {
return self::$loader;
}
spl_autoload_register(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader'), true, true);
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
spl_autoload_unregister(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader'));
$map = require __DIR__ . '/autoload_namespaces.php';
foreach ($map as $namespace => $path) {
$loader->set($namespace, $path);
}
$map = require __DIR__ . '/autoload_psr4.php';
foreach ($map as $namespace => $path) {
$loader->setPsr4($namespace, $path);
}
$classMap = require __DIR__ . '/autoload_classmap.php';
if ($classMap) {
$loader->addClassMap($classMap);
}
$loader->register(true);
return $loader;
}
}

@ -0,0 +1,58 @@
[
{
"name": "onelogin/php-saml",
"version": "2.9.0",
"version_normalized": "2.9.0.0",
"source": {
"type": "git",
"url": "https://github.com/onelogin/php-saml.git",
"reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/64aff7d58e68d98eaa9220e1041da2bc9214ab51",
"reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-mcrypt": "*",
"ext-openssl": "*",
"php": ">=5.3.2"
},
"require-dev": {
"pdepend/pdepend": "1.1.0",
"phploc/phploc": "*",
"phpunit/phpunit": "4.8",
"satooshi/php-coveralls": "1.0.1",
"sebastian/phpcpd": "*",
"squizlabs/php_codesniffer": "*"
},
"suggest": {
"ext-gettext": "Install gettext and php5-gettext libs to handle translations",
"ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption",
"lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
},
"time": "2016-06-27 09:24:27",
"type": "library",
"installation-source": "dist",
"autoload": {
"classmap": [
"extlib/xmlseclibs",
"lib/Saml",
"lib/Saml2"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "OneLogin PHP SAML Toolkit",
"homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
"keywords": [
"SAML2",
"onelogin",
"saml"
]
}
]

@ -0,0 +1,7 @@
service_name: travis-ci
src_dir: lib
coverage_clover: tests/build/logs/clover.xml
json_path: tests/build/logs/coveralls-upload.json

@ -0,0 +1,14 @@
*.swp
*~
.DS_Store
/settings.php
/demo1/settings.php
/demo-old/settings.php
/certs/sp.key
/certs/sp.crt
/certs/metadata.key
/certs/metadata.crt
/tests/build
/vendor
/composer.lock
/.idea

@ -0,0 +1,33 @@
language: php
php:
- 5.6
- 5.5
- 5.4
- 5.3
- 7.0
env:
- TRAVIS=true
before_install:
- curl -s https://getcomposer.org/installer | php
- php composer.phar install --prefer-source --no-interaction
before_script:
- phpenv config-rm xdebug.ini
script:
- phpunit --bootstrap tests/bootstrap.php --configuration tests/phpunit.xml
- php vendor/bin/phpcpd --exclude tests --exclude vendor .
- php vendor/bin/phploc . --exclude vendor
- php vendor/bin/phploc lib/.
- mkdir -p tests/build/dependences
- php vendor/bin/pdepend --summary-xml=tests/build/logs/dependence-summary.xml --jdepend-chart=tests/build/dependences/jdepend.svg --overview-pyramid=tests/build/dependences/pyramid.svg lib/.
- php vendor/bin/phpcs --standard=tests/ZendModStandard lib/Saml2 demo1 demo2 demo-old endpoints tests/src
after_script:
- export TRAVIS=https://travis-ci.org/onelogin/php-saml
- echo $TRAVIS
- echo $TRAVIS_JOB_ID
- php vendor/bin/coveralls --config .coveralls.yml -v

@ -0,0 +1,121 @@
CHANGELOG
=========
v.2.9.0
-------
* Change the decrypt assertion process.
* Add 2 extra validations to prevent Signature wrapping attacks.
* Remove reference to wrong NameIDFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified should be urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
* [128](https://github.com/onelogin/php-saml/pull/128) Test php7 and upgrade phpunit
* Update Readme with more descriptive requestedAuthnContext description and Security Guidelines
v.2.8.0
-------
* Make NameIDPolicy of AuthNRequest optional
* Make nameID requirement on SAMLResponse optional
* Fix empty URI support
* Symmetric encryption key support
* Add more Auth Context options to the constant class
* Fix DSA_SHA1 constant on xmlseclibs
* Set none requestedAuthnContext as default behaviour
* Update xmlseclibs lib
* Improve formatPrivateKey method
* Fix bug when signing metadata, the SignatureMethod was not provided
* Fix getter for lastRequestID parameter in OneLogin_Saml2_Auth class
* Add $wantEncrypted parameter on addX509KeyDescriptors method that will allow to set KeyDescriptor[use='encryption'] if wantNameIdEncrypted or wantAssertionsEncrypted enabled
* Add $stay parameter on redirectTo method. (login/logout supports $stay but I forgot add this on previous 2.7.0 version)
* Improve code style
v.2.7.0
-------
* Trim acs, slo and issuer urls.
* Fix PHP 7 error (used continue outside a loop/switch).
* Fix bug on organization element of the SP metadata builder.
* Fix typos on documentation. Fix ALOWED Misspell.
* Be able to extract RequestID. Add RequestID validation on demo1.
* Add $stay parameter to login, logout and processSLO method.
v.2.6.1
-------
* Fix bug on cacheDuration of the Metadata XML generated.
* Make SPNameQualifier optional on the generateNameId method. Avoid the use of SPNameQualifier when generating the NameID on the LogoutRequest builder.
* Allows the authn comparsion attribute to be set via config.
* Retrieve Session Timeout after processResponse with getSessionExpiration().
* Improve readme readability.
* Allow single log out to work for applications not leveraging php session_start. Added a callback parameter in order to close the session at processSLO.
v.2.6.0
-------
* Set NAMEID_UNSPECIFIED as default NameIDFormat to prevent conflicts with IdPs that don't support NAMEID_PERSISTENT.
* Now the SP is able to select the algorithm to be used on signatures (DSA_SHA1, RSA_SHA1, RSA_SHA256, RSA_SHA384, RSA_SHA512).
* Change visibility of _decryptAssertion to protected.
* Update xmlseclibs library.
* Handle valid but uncommon dsig block with no URI in the reference.
* login, logout and processSLO now return ->redirectTo instead of just call it.
* Split the setting check methods. Now 1 method for IdP settings and other for SP settings.
* Let the setting object to avoid the IdP setting check. required if we want to publish SP SAML Metadata when the IdP data is still not provided.
v.2.5.0
-------
* Do accesible the ID of the object Logout Request (id attribute).
* Add note about the fact that PHP 5.3 is unssuported.
* Add fingerprint algorithm support.
* Add dependences to composer.
v.2.4.0
-------
* Fix wrong element order in generated metadata.
* Added SLO with nameID and SessionIndex in demo1.
* Improve isHTTPS method in order to support HTTP_X_FORWARDED_PORT.
* Set optional the XMLvalidation (enable/disable it with wantXMLValidation security setting).
v.2.3.0
-------
* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion.
* Improve test and documentation.
* Improve ADFS compatibility.
* Remove unnecessary XSDs files.
* Make available the reason for the saml message invalidation.
* Adding ability to set idp cert once the Setting object initialized.
* Fix status info issue.
* Reject SAML Response if not signed and strict = false.
* Support NameId and SessionIndex in LogoutRequest.
* Add ForceAuh and IsPassive support.
v.2.2.0
-------
* Fix bug with Encrypted nameID on LogoutRequest.
* Fixed usability bug. SP will inform about AuthFail status after process a Response.
* Added SessionIndex support on LogoutRequest, and know is accesible from the Auth class.
* LogoutRequest and LogoutResponse classes now accept non deflated xml.
* Improved the XML metadata/ Decrypted Assertion output. (prettyprint).
* Fix bug in formatPrivateKey method, the key could be not RSA.
* Explicit warning message for signed element problem.
* Decrypt method improved.
* Support more algorithm at the SigAlg in the Signed LogoutRequests and LogoutResponses
* AuthNRequest now stores ID (it can be retrieved later).
* Fixed a typo on the 'NameIdPolicy' attribute that appeared at the README and settings_example file.
v.2.1.0
-------
* The isValid method of the Logout Request is now non-static. (affects processSLO method of Auth.php).
* Logout Request constructor now accepts encoded logout requests.
* Now after validate a message, if fails a method getError of the object will return the cause.
* Fix typos.
* Added extra parameters option to login and logout methods.
* Improve Test (new test, use the new getError method for testing).
* Bugfix namespace problem when getting Attributes.
v.2.0.0
-------
* New PHP SAML Toolkit (SLO, Sign, Encryptation).
v.1.0.0
-------
* Old PHP SAML Toolkit.

@ -0,0 +1,19 @@
Copyright (c) 2010-2014 OneLogin, LLC
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

File diff suppressed because it is too large Load Diff

@ -0,0 +1,25 @@
<?php
// Create an __autoload function
// (can conflicts other autoloaders)
// http://php.net/manual/en/language.oop5.autoload.php
$libDir = dirname(__FILE__) . '/lib/Saml2/';
$extlibDir = dirname(__FILE__) . '/extlib/';
// Load composer
if (file_exists('vendor/autoload.php')) {
require 'vendor/autoload.php';
}
// Load now external libs
require_once $extlibDir . 'xmlseclibs/xmlseclibs.php';
$folderInfo = scandir($libDir);
foreach ($folderInfo as $element) {
if (is_file($libDir.$element) && (substr($element, -4) === '.php')) {
include_once $libDir.$element;
}
}

@ -0,0 +1,106 @@
<?php
$advancedSettings = array (
// Security settings
'security' => array (
/** signatures and encryptions offered */
// Indicates that the nameID of the <samlp:logoutRequest> sent by this SP
// will be encrypted.
'nameIdEncrypted' => false,
// Indicates whether the <samlp:AuthnRequest> messages sent by this SP
// will be signed. [The Metadata of the SP will offer this info]
'authnRequestsSigned' => false,
// Indicates whether the <samlp:logoutRequest> messages sent by this SP
// will be signed.
'logoutRequestSigned' => false,
// Indicates whether the <samlp:logoutResponse> messages sent by this SP
// will be signed.
'logoutResponseSigned' => false,
/* Sign the Metadata
False || True (use sp certs) || array (
keyFileName => 'metadata.key',
certFileName => 'metadata.crt'
)
*/
'signMetadata' => false,
/** signatures and encryptions required **/
// Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and
// <samlp:LogoutResponse> elements received by this SP to be signed.
'wantMessagesSigned' => false,
// Indicates a requirement for the <saml:Assertion> elements received by
// this SP to be signed. [The Metadata of the SP will offer this info]
'wantAssertionsSigned' => false,
// Indicates a requirement for the NameID element on the SAMLResponse received
// by this SP to be present.
'wantNameId' => true,
// Indicates a requirement for the NameID received by
// this SP to be encrypted.
'wantNameIdEncrypted' => false,
// Authentication context.
// Set to false and no AuthContext will be sent in the AuthNRequest,
// Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
// Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
'requestedAuthnContext' => false,
// Allows the authn comparison parameter to be set, defaults to 'exact' if
// the setting is not present.
'requestedAuthnContextComparison' => 'exact',
// Indicates if the SP will validate all received xmls.
// (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
'wantXMLValidation' => true,
// Algorithm that the toolkit will use on signing process. Options:
// 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
// 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
// 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
// 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
// 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
'signatureAlgorithm' => 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
),
// Contact information template, it is recommended to suply a technical and support contacts
'contactPerson' => array (
'technical' => array (
'givenName' => '',
'emailAddress' => ''
),
'support' => array (
'givenName' => '',
'emailAddress' => ''
),
),
// Organization information template, the info in en_US lang is recomended, add more if required
'organization' => array (
'en-US' => array(
'name' => '',
'displayname' => '',
'url' => ''
),
),
);
/* Interoperable SAML 2.0 Web Browser SSO Profile [saml2int] http://saml2int.org/profile/current
'authnRequestsSigned' => false, // SP SHOULD NOT sign the <samlp:AuthnRequest>,
// MUST NOT assume that the IdP validates the sign
'wantAssertionsSigned' => true,
'wantAssertionsEncrypted' => true, // MUST be enabled if SSL/HTTPs is disabled
'wantNameIdEncrypted' => false,
*/

@ -0,0 +1,12 @@
<?php
/**
* Compability with the old PHP Toolkit
*/
define('ONELOGIN_SAML_DIR', 'lib/Saml/');
require_once ONELOGIN_SAML_DIR . 'AuthRequest.php';
require_once ONELOGIN_SAML_DIR . 'Response.php';
require_once ONELOGIN_SAML_DIR . 'Settings.php';
require_once ONELOGIN_SAML_DIR . 'XmlSec.php';
require_once ONELOGIN_SAML_DIR . 'Metadata.php';

@ -0,0 +1,39 @@
{
"name": "onelogin/php-saml",
"description": "OneLogin PHP SAML Toolkit",
"license": "MIT",
"version": "2.9.0",
"homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
"keywords": ["saml", "saml2", "onelogin"],
"autoload": {
"classmap": [
"extlib/xmlseclibs",
"lib/Saml",
"lib/Saml2"
]
},
"support": {
"email": "sixto.garcia@onelogin.com",
"issues": "https://github.com/onelogin/php-saml/issues",
"source": "https://github.com/onelogin/php-saml/"
},
"require": {
"php": ">=5.3.2",
"ext-openssl": "*",
"ext-dom": "*",
"ext-mcrypt": "*"
},
"require-dev": {
"phpunit/phpunit": "4.8",
"satooshi/php-coveralls": "1.0.1",
"sebastian/phpcpd": "*",
"phploc/phploc": "*",
"pdepend/pdepend" : "1.1.0",
"squizlabs/php_codesniffer": "*"
},
"suggest": {
"lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)",
"ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption",
"ext-gettext": "Install gettext and php5-gettext libs to handle translations"
}
}

@ -0,0 +1,51 @@
<?php
/**
* SP Assertion Consumer Service Endpoint
*/
session_start();
require_once dirname(dirname(__FILE__)).'/_toolkit_loader.php';
$auth = new OneLogin_Saml2_Auth();
$auth->processResponse();
$errors = $auth->getErrors();
if (!empty($errors)) {
print_r('<p>'.implode(', ', $errors).'</p>');
exit();
}
if (!$auth->isAuthenticated()) {
echo "<p>Not authenticated</p>";
exit();
}
$_SESSION['samlUserdata'] = $auth->getAttributes();
$_SESSION['IdPSessionIndex'] = $auth->getSessionIndex();
if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
$auth->redirectTo($_POST['RelayState']);
}
$attributes = $_SESSION['samlUserdata'];
if (!empty($attributes)) {
echo '<h1>'._('User attributes:').'</h1>';
echo '<table><thead><th>'._('Name').'</th><th>'._('Values').'</th></thead><tbody>';
foreach ($attributes as $attributeName => $attributeValues) {
echo '<tr><td>'.htmlentities($attributeName).'</td><td><ul>';
foreach ($attributeValues as $attributeValue) {
echo '<li>'.htmlentities($attributeValue).'</li>';
}
echo '</ul></td></tr>';
}
echo '</tbody></table>';
if (!empty($_SESSION['IdPSessionIndex'])) {
echo '<p>The SessionIndex of the IdP is: '.$_SESSION['IdPSessionIndex'].'</p>';
}
} else {
echo _('Attributes not found');
}

@ -0,0 +1,25 @@
<?php
/**
* SP Metadata Endpoint
*/
require_once dirname(dirname(__FILE__)).'/_toolkit_loader.php';
try {
$auth = new OneLogin_Saml2_Auth();
$settings = $auth->getSettings();
$metadata = $settings->getSPMetadata();
$errors = $settings->validateMetadata($metadata);
if (empty($errors)) {
header('Content-Type: text/xml');
echo $metadata;
} else {
throw new OneLogin_Saml2_Error(
'Invalid SP metadata: '.implode(', ', $errors),
OneLogin_Saml2_Error::METADATA_SP_INVALID
);
}
} catch (Exception $e) {
echo $e->getMessage();
}

@ -0,0 +1,21 @@
<?php
/**
* SP Single Logout Service Endpoint
*/
session_start();
require_once dirname(dirname(__FILE__)).'/_toolkit_loader.php';
$auth = new OneLogin_Saml2_Auth();
$auth->processSLO();
$errors = $auth->getErrors();
if (empty($errors)) {
print_r('Sucessfully logged out');
} else {
print_r(implode(', ', $errors));
}

@ -0,0 +1,130 @@
xmlseclibs.php
??, ??? ????, 2.0.0
Features:
- Support for locating specific signature when multiple exist in
document. (griga3k)
23, Jun 2015, 1.4.0
Features:
- Support for PSR-0 standard.
- Support for X509SubjectName. (Milos Tomic)
- Add HMAC-SHA1 support.
Improvements:
- Add how to install to README. (Bernardo Vieira da Silva)
- Code cleanup. (Jaime Pérez)
- Normalilze tests. (Hidde Wieringa)
- Add basic usage to README. (Hidde Wieringa)
21, May 2015, 1.3.2
Bug Fixes:
- Fix Undefined variable notice. (dpieper85)
- Fix typo when setting MimeType attribute. (Eugene OZ)
- Fix validateReference() with enveloping signatures
Features:
- canonicalizeData performance optimization. (Jaime Pérez)
- Add composer support (Maks3w)
19, Jun 2013, 1.3.1
Features:
- return encrypted node from XMLSecEnc::encryptNode() when replace is set to
false. (Olav)
- Add support for RSA SHA384 and RSA_SHA512 and SHA384 digest. (Jaime PŽrez)
- Add options parameter to the add cert methods.
- Add optional issuerSerial creation with cert
Bug Fixes:
- Fix persisted Id when namespaced. (Koen Thomeer)
Improvements:
- Add LICENSE file
- Convert CHANGELOG.txt to UTF-8
26, Sep 2011, 1.3.0
Features:
- Add param to append sig to node when signing. Fixes a problem when using
inclusive canonicalization to append a signature within a namespaced subtree.
ex. $objDSig->sign($objKey, $appendToNode);
- Add ability to encrypt by reference
- Add support for refences within an encrypted key
- Add thumbprint generation capability (XMLSecurityKey->getX509Thumbprint() and
XMLSecurityKey::getRawThumbprint($cert))
- Return signature element node from XMLSecurityDSig::insertSignature() and
XMLSecurityDSig::appendSignature() methods
- Support for <ds:RetrievalMethod> with simple URI Id reference.
- Add XMLSecurityKey::getSymmetricKeySize() method (Olav)
- Add XMLSecEnc::getCipherValue() method (Olav)
- Improve XMLSecurityKey:generateSessionKey() logic (Olav)
Bug Fixes:
- Change split() to explode() as split is now depreciated
- ds:References using empty or simple URI Id reference should never include
comments in canonicalized data.
- Make sure that the elements in EncryptedData are emitted in the correct
sequence.
11 Jan 2010, 1.2.2
Features:
- Add support XPath support when creating signature. Provides support for
working with EBXML documents.
- Add reference option to force creation of URI attribute. For use
when adding a DOM Document where by default no URI attribute is added.
- Add support for RSA-SHA256
Bug Fixes:
- fix bug #5: createDOMDocumentFragment() in decryptNode when data is node
content (patch by Francois Wang)
08 Jul 2008, 1.2.1
Features:
- Attempt to use mhash when hash extension is not present. (Alfredo Cubitos).
- Add fallback to built-in sha1 if both hash and mhash are not available and
throw error for other for other missing hashes. (patch by Olav Morken).
- Add getX509Certificate method to retrieve the x509 cert used for Key.
(patch by Olav Morken).
- Add getValidatedNodes method to retrieve the elements signed by the
signature. (patch by Olav Morken).
- Add insertSignature method for precision signature insertion. Merge
functionality from appendSignature in the process. (Olav Morken, Rob).
- Finally add some tests
Bug Fixes:
- Fix canonicalization for Document node when using PHP < 5.2.
- Add padding for RSA_SHA1. (patch by Olav Morken).
27 Nov 2007, 1.2.0
Features:
- New addReference/List option (overwrite). Boolean flag indicating if URI
value should be overwritten if already existing within document.
Default is TRUE to maintain BC.
18 Nov 2007, 1.1.2
Bug Fixes:
- Remove closing PHP tag to fix extra whitespace characters from being output
11 Nov 2007, 1.1.1
Features:
- Add getRefNodeID() and getRefIDs() methods missed in previous release.
Provide functionality to find URIs of existing reference nodes.
Required by simpleSAMLphp project
Bug Fixes:
- Remove erroneous whitespace causing issues under certain circumastances.
18 Oct 2007, 1.1.0
Features:
- Enable creation of enveloping signature. This allows the creation of
managed information cards.
- Add addObject method for enveloping signatures.
- Add staticGet509XCerts method. Chained certificates within a PEM file can
now be added within the X509Data node.
- Add xpath support within transformations
- Add InclusiveNamespaces prefix list support within exclusive transformations.
Bug Fixes:
- Initialize random number generator for mcrypt_create_iv. (Joan Cornadó).
- Fix an interoperability issue with .NET when encrypting data in CBC mode.
(Joan Cornadó).

@ -0,0 +1,31 @@
Copyright (c) 2007-2013, Robert Richards <rrichards@cdatazone.org>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
* Neither the name of Robert Richards nor the names of his
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

File diff suppressed because it is too large Load Diff

@ -0,0 +1,65 @@
<?php
class OneLogin_Saml_AuthRequest
{
/**
* @var OneLogin_Saml2_Auth object
*/
protected $auth;
/**
* Constructs the OneLogin_Saml2_Auth, initializing
* the SP SAML instance.
*
* @param array|object $settings SAML Toolkit Settings
*/
public function __construct($settings)
{
$this->auth = new OneLogin_Saml2_Auth($settings);
}
/**
* Obtains the SSO URL containing the AuthRequest
* message deflated.
*
* @param string|null $returnTo
*
* @return string
*
* @throws OneLogin_Saml2_Error
*/
public function getRedirectUrl($returnTo = null)
{
$settings = $this->auth->getSettings();
$authnRequest = new OneLogin_Saml2_AuthnRequest($settings);
$parameters = array('SAMLRequest' => $authnRequest->getRequest());
if (!empty($returnTo)) {
$parameters['RelayState'] = $returnTo;
} else {
$parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery();
}
$url = OneLogin_Saml2_Utils::redirect($this->auth->getSSOurl(), $parameters, true);
return $url;
}
/**
* @return string
*/
protected function _generateUniqueID()
{
return OneLogin_Saml2_Utils::generateUniqueID();
}
/**
* @return string
*/
protected function _getTimestamp()
{
$defaultTimezone = date_default_timezone_get();
date_default_timezone_set('UTC');
$timestamp = strftime("%Y-%m-%dT%H:%M:%SZ");
date_default_timezone_set($defaultTimezone);
return $timestamp;
}
}

@ -0,0 +1,39 @@
<?php
class OneLogin_Saml_Metadata
{
const VALIDITY_SECONDS = 604800; // 1 week
protected $_settings;
/**
* @param array|object|null $settings Setting data
*/
public function __construct($settings = null)
{
$auth = new OneLogin_Saml2_Auth($settings);
$this->_settings = $auth->getSettings();
}
/**
* @return string
*
* @throws OneLogin_Saml2_Error
*/
public function getXml()
{
return $this->_settings->getSPMetadata();
}
/**
* @return string
*/
protected function _getMetadataValidTimestamp()
{
$timeZone = date_default_timezone_get();
date_default_timezone_set('UTC');
$time = strftime("%Y-%m-%dT%H:%M:%SZ", time() + self::VALIDITY_SECONDS);
date_default_timezone_set($timeZone);
return $time;
}
}

@ -0,0 +1,39 @@
<?php
class OneLogin_Saml_Response extends OneLogin_Saml2_Response
{
/**
* Constructor that process the SAML Response,
* Internally initializes an SP SAML instance
* and an OneLogin_Saml2_Response.
*
* @param array|object $oldSettings Settings
* @param string $assertion SAML Response
*/
public function __construct($oldSettings, $assertion)
{
$auth = new OneLogin_Saml2_Auth($oldSettings);
$settings = $auth->getSettings();
parent::__construct($settings, $assertion);
}
/**
* Retrieves an Array with the logged user data.
*
* @return array
*/
public function get_saml_attributes()
{
return $this->getAttributes();
}
/**
* Retrieves the nameId
*
* @return string
*/
public function get_nameid()
{
return $this->getNameId();
}
}

@ -0,0 +1,80 @@
<?php
/**
* Holds SAML settings for the SamlResponse and SamlAuthRequest classes.
*
* These settings need to be filled in by the user prior to being used.
*/
class OneLogin_Saml_Settings
{
const NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress';
const NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName';
const NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName';
const NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos';
const NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity';
const NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
const NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent';
/**
* The URL to submit SAML authentication requests to.
* @var string
*/
public $idpSingleSignOnUrl = '';
/**
* The URL to submit SAML Logout Request to.
* @var string
*/
public $idpSingleLogOutUrl = '';
/**
* The x509 certificate used to authenticate the request.
* @var string
*/
public $idpPublicCertificate = '';
/**
* The URL where to the SAML Response/SAML Assertion will be posted.
* @var string
*/
public $spReturnUrl = '';
/**
* The name of the application.
* @var string
*/
public $spIssuer = 'php-saml';
/**
* Specifies what format to return the authentication token, i.e, the email address.
* @var string
*/
public $requestedNameIdFormat = self::NAMEID_EMAIL_ADDRESS;
/**
* @return array<string,array> Values (compatibility with the new version)
*/
public function getValues()
{
$values = array();
$values['sp'] = array();
$values['sp']['entityId'] = $this->spIssuer;
$values['sp']['assertionConsumerService'] = array(
'url' => $this->spReturnUrl,