mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-04 01:53:42 +02:00
Bump php-saml to 3.1.1
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
751a83ca78
commit
d5f816634b
14
3rdparty/vendor/composer/installed.json
vendored
14
3rdparty/vendor/composer/installed.json
vendored
|
@ -46,22 +46,22 @@
|
|||
},
|
||||
{
|
||||
"name": "onelogin/php-saml",
|
||||
"version": "v3.0.0",
|
||||
"version_normalized": "3.0.0.0",
|
||||
"version": "3.1.1",
|
||||
"version_normalized": "3.1.1.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/onelogin/php-saml.git",
|
||||
"reference": "920c2240e48c9a74aad4129720f48fbf3d5fee47"
|
||||
"reference": "c9026b26395a65184550055d9a01bdf9dbd30861"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/920c2240e48c9a74aad4129720f48fbf3d5fee47",
|
||||
"reference": "920c2240e48c9a74aad4129720f48fbf3d5fee47",
|
||||
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/c9026b26395a65184550055d9a01bdf9dbd30861",
|
||||
"reference": "c9026b26395a65184550055d9a01bdf9dbd30861",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.4",
|
||||
"robrichards/xmlseclibs": "^3.0"
|
||||
"robrichards/xmlseclibs": ">=3.0.3"
|
||||
},
|
||||
"require-dev": {
|
||||
"pdepend/pdepend": "^2.5.0",
|
||||
|
@ -76,7 +76,7 @@
|
|||
"ext-gettext": "Install gettext and php5-gettext libs to handle translations",
|
||||
"ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
|
||||
},
|
||||
"time": "2018-10-02T16:02:37+00:00",
|
||||
"time": "2019-03-11T09:41:32+00:00",
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
|
|
5
3rdparty/vendor/onelogin/php-saml/CHANGELOG
vendored
5
3rdparty/vendor/onelogin/php-saml/CHANGELOG
vendored
|
@ -1,7 +1,10 @@
|
|||
CHANGELOG
|
||||
=========
|
||||
v.3.1.0
|
||||
* Security improvement suggested by Nils Engelbertz to prevent DDOS by expansion of internally defined entities (XEE)
|
||||
* Fix setting_example.php servicename parameter
|
||||
|
||||
v.3.0.0 (pending)
|
||||
v.3.0.0
|
||||
* Remove mcrypt dependency. Compatible with PHP 7.2
|
||||
* xmlseclibs now is not part of the toolkit and need to be installed from original source
|
||||
|
||||
|
|
4
3rdparty/vendor/onelogin/php-saml/README.md
vendored
4
3rdparty/vendor/onelogin/php-saml/README.md
vendored
|
@ -10,6 +10,8 @@ and supported by OneLogin Inc.
|
|||
Warning
|
||||
-------
|
||||
|
||||
Update php-saml to 3.1.0, this version includes a security patch related to XEE attacks.
|
||||
|
||||
This version is compatible with PHP 7.X and does not include xmlseclibs (you will need to install it via composer, dependency described in composer.json)
|
||||
|
||||
Security Guidelines
|
||||
|
@ -247,7 +249,7 @@ $settings = array(
|
|||
// or unencrypted messages if it expects them to be signed or encrypted.
|
||||
// Also it will reject the messages if the SAML standard is not strictly
|
||||
// followed: Destination, NameId, Conditions ... are validated too.
|
||||
'strict' => false,
|
||||
'strict' => true,
|
||||
|
||||
// Enable debug mode (to print errors).
|
||||
'debug' => false,
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
},
|
||||
"require": {
|
||||
"php": ">=5.4",
|
||||
"robrichards/xmlseclibs": "^3.0"
|
||||
"robrichards/xmlseclibs": ">=3.0.3"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1",
|
||||
|
|
|
@ -5,7 +5,7 @@ $settings = array(
|
|||
// or unencrypted messages if it expects them signed or encrypted
|
||||
// Also will reject the messages if not strictly follow the SAML
|
||||
// standard: Destination, NameId, Conditions ... are validated too.
|
||||
'strict' => false,
|
||||
'strict' => true,
|
||||
|
||||
// Enable debug mode (to print errors)
|
||||
'debug' => false,
|
||||
|
@ -34,7 +34,7 @@ $settings = array(
|
|||
// attributeConsumingService. nameFormat, attributeValue and
|
||||
// friendlyName can be omitted. Otherwise remove this section.
|
||||
"attributeConsumingService"=> array(
|
||||
"ServiceName" => "SP test",
|
||||
"serviceName" => "SP test",
|
||||
"serviceDescription" => "Test Service",
|
||||
"requestedAttributes" => array(
|
||||
array(
|
||||
|
|
|
@ -527,7 +527,7 @@ class Auth
|
|||
*/
|
||||
public function login($returnTo = null, array $parameters = array(), $forceAuthn = false, $isPassive = false, $stay = false, $setNameIdPolicy = true)
|
||||
{
|
||||
$authnRequest = new AuthnRequest($this->_settings, $forceAuthn, $isPassive, $setNameIdPolicy);
|
||||
$authnRequest = $this->buildAuthnRequest($this->_settings, $forceAuthn, $isPassive, $setNameIdPolicy);
|
||||
|
||||
$this->_lastRequest = $authnRequest->getXML();
|
||||
$this->_lastRequestID = $authnRequest->getId();
|
||||
|
@ -642,6 +642,21 @@ class Auth
|
|||
return $this->_lastRequestID;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates an AuthnRequest
|
||||
*
|
||||
* @param Settings $settings Setting data
|
||||
* @param bool $forceAuthn When true the AuthNRequest will set the ForceAuthn='true'
|
||||
* @param bool $isPassive When true the AuthNRequest will set the Ispassive='true'
|
||||
* @param bool $setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy element
|
||||
*
|
||||
* @return AuthnRequest The AuthnRequest object
|
||||
*/
|
||||
public function buildAuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy)
|
||||
{
|
||||
return new AuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy);
|
||||
}
|
||||
|
||||
/**
|
||||
* Generates the Signature for a SAML Request
|
||||
*
|
||||
|
|
|
@ -184,7 +184,7 @@ LOGOUTREQUEST;
|
|||
*
|
||||
* @return string ID
|
||||
*
|
||||
* @throws OneLogin_Saml2_Error
|
||||
* @throws Error
|
||||
*/
|
||||
public static function getID($request)
|
||||
{
|
||||
|
|
|
@ -144,7 +144,7 @@ class Response
|
|||
);
|
||||
}
|
||||
|
||||
$status = $this->checkStatus();
|
||||
$this->checkStatus();
|
||||
|
||||
$singleAssertion = $this->validateNumAssertions();
|
||||
if (!$singleAssertion) {
|
||||
|
|
|
@ -82,14 +82,20 @@ class Utils
|
|||
assert($dom instanceof DOMDocument);
|
||||
assert(is_string($xml));
|
||||
|
||||
if (strpos($xml, '<!ENTITY') !== false) {
|
||||
throw new Exception('Detected use of ENTITY in XML, disabled to prevent XXE/XEE attacks');
|
||||
}
|
||||
|
||||
$oldEntityLoader = libxml_disable_entity_loader(true);
|
||||
|
||||
$res = $dom->loadXML($xml);
|
||||
|
||||
libxml_disable_entity_loader($oldEntityLoader);
|
||||
|
||||
foreach ($dom->childNodes as $child) {
|
||||
if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
|
||||
throw new Exception(
|
||||
'Detected use of DOCTYPE/ENTITY in XML, disabled to prevent XXE/XEE attacks'
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if (!$res) {
|
||||
return false;
|
||||
} else {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
"php-saml": {
|
||||
"version": "3.0.0",
|
||||
"released": "02/11/2018"
|
||||
"version": "3.1.1",
|
||||
"released": "20/02/2019"
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue