mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-04 10:03:42 +02:00
Updates onelogin/php-saml to v2.10.2
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
parent
c05d85efd9
commit
f0b99ce500
11
3rdparty/composer.lock
generated
vendored
11
3rdparty/composer.lock
generated
vendored
|
@ -4,21 +4,20 @@
|
|||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"hash": "993f6c41684d235f66993e52d9b7dce0",
|
||||
"content-hash": "bf3d6d016eca22c120719d73eb98378d",
|
||||
"packages": [
|
||||
{
|
||||
"name": "onelogin/php-saml",
|
||||
"version": "2.10.1",
|
||||
"version": "2.10.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/onelogin/php-saml.git",
|
||||
"reference": "1017afe7fe6da1def37cc92af37434fbba893d03"
|
||||
"reference": "f9543a05494633671ec587ae1611238dae6edfd4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/1017afe7fe6da1def37cc92af37434fbba893d03",
|
||||
"reference": "1017afe7fe6da1def37cc92af37434fbba893d03",
|
||||
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/f9543a05494633671ec587ae1611238dae6edfd4",
|
||||
"reference": "f9543a05494633671ec587ae1611238dae6edfd4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
|
@ -59,7 +58,7 @@
|
|||
"onelogin",
|
||||
"saml"
|
||||
],
|
||||
"time": "2016-10-26 11:31:56"
|
||||
"time": "2016-11-15T15:34:53+00:00"
|
||||
}
|
||||
],
|
||||
"packages-dev": [],
|
||||
|
|
2
3rdparty/vendor/autoload.php
vendored
2
3rdparty/vendor/autoload.php
vendored
|
@ -2,6 +2,6 @@
|
|||
|
||||
// autoload.php @generated by Composer
|
||||
|
||||
require_once __DIR__ . '/composer' . '/autoload_real.php';
|
||||
require_once __DIR__ . '/composer/autoload_real.php';
|
||||
|
||||
return ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getLoader();
|
||||
|
|
48
3rdparty/vendor/composer/ClassLoader.php
vendored
48
3rdparty/vendor/composer/ClassLoader.php
vendored
|
@ -53,8 +53,9 @@ class ClassLoader
|
|||
|
||||
private $useIncludePath = false;
|
||||
private $classMap = array();
|
||||
|
||||
private $classMapAuthoritative = false;
|
||||
private $missingClasses = array();
|
||||
private $apcuPrefix;
|
||||
|
||||
public function getPrefixes()
|
||||
{
|
||||
|
@ -271,6 +272,26 @@ class ClassLoader
|
|||
return $this->classMapAuthoritative;
|
||||
}
|
||||
|
||||
/**
|
||||
* APCu prefix to use to cache found/not-found classes, if the extension is enabled.
|
||||
*
|
||||
* @param string|null $apcuPrefix
|
||||
*/
|
||||
public function setApcuPrefix($apcuPrefix)
|
||||
{
|
||||
$this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* The APCu prefix in use, or null if APCu caching is not enabled.
|
||||
*
|
||||
* @return string|null
|
||||
*/
|
||||
public function getApcuPrefix()
|
||||
{
|
||||
return $this->apcuPrefix;
|
||||
}
|
||||
|
||||
/**
|
||||
* Registers this instance as an autoloader.
|
||||
*
|
||||
|
@ -313,29 +334,34 @@ class ClassLoader
|
|||
*/
|
||||
public function findFile($class)
|
||||
{
|
||||
// work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731
|
||||
if ('\\' == $class[0]) {
|
||||
$class = substr($class, 1);
|
||||
}
|
||||
|
||||
// class map lookup
|
||||
if (isset($this->classMap[$class])) {
|
||||
return $this->classMap[$class];
|
||||
}
|
||||
if ($this->classMapAuthoritative) {
|
||||
if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) {
|
||||
return false;
|
||||
}
|
||||
if (null !== $this->apcuPrefix) {
|
||||
$file = apcu_fetch($this->apcuPrefix.$class, $hit);
|
||||
if ($hit) {
|
||||
return $file;
|
||||
}
|
||||
}
|
||||
|
||||
$file = $this->findFileWithExtension($class, '.php');
|
||||
|
||||
// Search for Hack files if we are running on HHVM
|
||||
if ($file === null && defined('HHVM_VERSION')) {
|
||||
if (false === $file && defined('HHVM_VERSION')) {
|
||||
$file = $this->findFileWithExtension($class, '.hh');
|
||||
}
|
||||
|
||||
if ($file === null) {
|
||||
if (null !== $this->apcuPrefix) {
|
||||
apcu_add($this->apcuPrefix.$class, $file);
|
||||
}
|
||||
|
||||
if (false === $file) {
|
||||
// Remember that this class does not exist.
|
||||
return $this->classMap[$class] = false;
|
||||
$this->missingClasses[$class] = true;
|
||||
}
|
||||
|
||||
return $file;
|
||||
|
@ -399,6 +425,8 @@ class ClassLoader
|
|||
if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) {
|
||||
return $file;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
2
3rdparty/vendor/composer/autoload_real.php
vendored
2
3rdparty/vendor/composer/autoload_real.php
vendored
|
@ -23,7 +23,7 @@ class ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc
|
|||
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
|
||||
spl_autoload_unregister(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader'));
|
||||
|
||||
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION');
|
||||
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
|
||||
if ($useStaticLoader) {
|
||||
require_once __DIR__ . '/autoload_static.php';
|
||||
|
||||
|
|
12
3rdparty/vendor/composer/installed.json
vendored
12
3rdparty/vendor/composer/installed.json
vendored
|
@ -1,17 +1,17 @@
|
|||
[
|
||||
{
|
||||
"name": "onelogin/php-saml",
|
||||
"version": "2.10.1",
|
||||
"version_normalized": "2.10.1.0",
|
||||
"version": "2.10.2",
|
||||
"version_normalized": "2.10.2.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/onelogin/php-saml.git",
|
||||
"reference": "1017afe7fe6da1def37cc92af37434fbba893d03"
|
||||
"reference": "f9543a05494633671ec587ae1611238dae6edfd4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/1017afe7fe6da1def37cc92af37434fbba893d03",
|
||||
"reference": "1017afe7fe6da1def37cc92af37434fbba893d03",
|
||||
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/f9543a05494633671ec587ae1611238dae6edfd4",
|
||||
"reference": "f9543a05494633671ec587ae1611238dae6edfd4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
|
@ -33,7 +33,7 @@
|
|||
"ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption",
|
||||
"lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
|
||||
},
|
||||
"time": "2016-10-26 11:31:56",
|
||||
"time": "2016-11-15T15:34:53+00:00",
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
|
|
5
3rdparty/vendor/onelogin/php-saml/CHANGELOG
vendored
5
3rdparty/vendor/onelogin/php-saml/CHANGELOG
vendored
|
@ -1,5 +1,10 @@
|
|||
CHANGELOG
|
||||
=========
|
||||
v.2.10.2
|
||||
* [#175](https://github.com/onelogin/php-saml/pull/175) Allow overriding of host, port, protocol and url path for URL building
|
||||
* [#173](https://github.com/onelogin/php-saml/pull/173) Provide better support to NameIdFormat
|
||||
* Fix another issue on Assertion Signature validation when the assertion contains no namespace, container has saml2 namespace and it was encrypted
|
||||
|
||||
v.2.10.1
|
||||
* Fix error message on SignMetadata process
|
||||
* Fix issue on Assertion Signature validation when the assertion contains no namespace and it was encrypted
|
||||
|
|
31
3rdparty/vendor/onelogin/php-saml/README.md
vendored
31
3rdparty/vendor/onelogin/php-saml/README.md
vendored
|
@ -279,6 +279,12 @@ $settings = array (
|
|||
// Enable debug mode (to print errors).
|
||||
'debug' => false,
|
||||
|
||||
// Set a BaseURL to be used instead of try to guess
|
||||
// the BaseURL of the view that process the SAML Message.
|
||||
// Ex http://sp.example.com/
|
||||
// http://example.com/sp/
|
||||
'baseurl' => null,
|
||||
|
||||
// Service Provider Data that we are deploying.
|
||||
'sp' => array (
|
||||
// Identifier of the SP entity (must be a URI)
|
||||
|
@ -1035,6 +1041,26 @@ if (isset($_SESSION['samlUserdata'])) { // If there is user data we print it.
|
|||
}
|
||||
```
|
||||
|
||||
#### URL-guessing methods ####
|
||||
|
||||
php-saml toolkit uses a bunch of methods in OneLogin_Saml2_Utils that try to guess the URL where the SAML messages are processed.
|
||||
|
||||
* `getSelfHost` Returns the current host.
|
||||
* `getSelfPort` Return the port number used for the request
|
||||
* `isHTTPS` Checks if the protocol is https or http.
|
||||
* `getSelfURLhost` Returns the protocol + the current host + the port (if different than common ports).
|
||||
* `getSelfURL` Returns the URL of the current host + current view + query.
|
||||
* `getSelfURLNoQuery` Returns the URL of the current host + current view.
|
||||
* `getSelfRoutedURLNoQuery` Returns the routed URL of the current host + current view.
|
||||
|
||||
getSelfURLNoQuery and getSelfRoutedURLNoQuery are used to calculate the currentURL in order to valdate SAML elements like Destination or Recipient.
|
||||
|
||||
When the PHP application is behind a proxy or a load balancer we can execute setProxyVars(true) and getSelfPort and isHTTPS will take care of the $_SERVER["HTTP_X_FORWARDED_PORT"] and $_SERVER['HTTP_X_FORWARDED_PROTO'] vars (otherwise they are ignored).
|
||||
|
||||
Also a developer can use setSelfProtocol, setSelfHost, setSelfPort and getBaseURLPath to define a specific value to be returned by isHTTPS, getSelfHost, getSelfPort and getBaseURLPath. And define a setBasePath to be used on the getSelfURL and getSelfRoutedURLNoQuery to replace the data extracted from $_SERVER["REQUEST_URI"].
|
||||
|
||||
At the settings the developer will be able to set a 'baseurl' parameter that automatically will use setBaseURL to set values for setSelfProtocol, setSelfHost, setSelfPort and setBaseURLPath.
|
||||
|
||||
### Main classes and methods ###
|
||||
|
||||
Described below are the main classes and methods that can be invoked.
|
||||
|
@ -1131,6 +1157,7 @@ SAML 2 Authentication Response class
|
|||
* `getNameIdData` - Gets the NameID Data provided by the SAML response from the
|
||||
IdP.
|
||||
* `getNameId` - Gets the NameID provided by the SAML response from the IdP.
|
||||
* `getNameIdFormat` - Gets the NameID Format provided by the SAML response from the IdP.
|
||||
* `getSessionNotOnOrAfter` - Gets the SessionNotOnOrAfter from the
|
||||
AuthnStatement
|
||||
* `getSessionIndex` - Gets the SessionIndex from the AuthnStatement.
|
||||
|
@ -1196,7 +1223,9 @@ Configuration of the OneLogin PHP Toolkit
|
|||
* `formatSPKey` - Formats the SP private key.
|
||||
* `getErrors` - Returns an array with the errors, the array is empty when
|
||||
the settings is ok.
|
||||
* `getLastErrorReason`* Returns the reason of the last error
|
||||
* `getLastErrorReason` - Returns the reason of the last error
|
||||
* `getBaseURL` - Returns the baseurl set on the settings if any.
|
||||
* `setBaseURL` - Set a baseurl value
|
||||
* `setStrict` - Activates or deactivates the strict mode.
|
||||
* `isStrict` - Returns if the 'strict' mode is active.
|
||||
* `isDebugActive` - Returns if the debug is active.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"name": "onelogin/php-saml",
|
||||
"description": "OneLogin PHP SAML Toolkit",
|
||||
"license": "MIT",
|
||||
"version": "2.10.1",
|
||||
"version": "2.10.2",
|
||||
"homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
|
||||
"keywords": ["saml", "saml2", "onelogin"],
|
||||
"autoload": {
|
||||
|
|
|
@ -28,6 +28,13 @@ class OneLogin_Saml2_Auth
|
|||
*/
|
||||
private $_nameid;
|
||||
|
||||
/**
|
||||
* NameID Format
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
private $_nameidFormat;
|
||||
|
||||
/**
|
||||
* If user is authenticated.
|
||||
*
|
||||
|
@ -126,6 +133,7 @@ class OneLogin_Saml2_Auth
|
|||
if ($response->isValid($requestId)) {
|
||||
$this->_attributes = $response->getAttributes();
|
||||
$this->_nameid = $response->getNameId();
|
||||
$this->_nameidFormat = $response->getNameIdFormat();
|
||||
$this->_authenticated = true;
|
||||
$this->_sessionIndex = $response->getSessionIndex();
|
||||
$this->_sessionExpiration = $response->getSessionNotOnOrAfter();
|
||||
|
@ -265,6 +273,16 @@ class OneLogin_Saml2_Auth
|
|||
return $this->_nameid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the nameID Format
|
||||
*
|
||||
* @return string The nameID Format of the assertion
|
||||
*/
|
||||
public function getNameIdFormat()
|
||||
{
|
||||
return $this->_nameidFormat;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the SessionIndex
|
||||
*
|
||||
|
@ -369,12 +387,13 @@ class OneLogin_Saml2_Auth
|
|||
* @param string|null $nameId The NameID that will be set in the LogoutRequest.
|
||||
* @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
|
||||
* @param bool $stay True if we want to stay (returns the url string) False to redirect
|
||||
* @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
|
||||
*
|
||||
* @return If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
|
||||
*
|
||||
* @throws OneLogin_Saml2_Error
|
||||
*/
|
||||
public function logout($returnTo = null, $parameters = array(), $nameId = null, $sessionIndex = null, $stay=false)
|
||||
public function logout($returnTo = null, $parameters = array(), $nameId = null, $sessionIndex = null, $stay=false, $nameIdFormat = null)
|
||||
{
|
||||
assert('is_array($parameters)');
|
||||
|
||||
|
@ -390,7 +409,7 @@ class OneLogin_Saml2_Auth
|
|||
$nameId = $this->_nameid;
|
||||
}
|
||||
|
||||
$logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, null, $nameId, $sessionIndex);
|
||||
$logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat);
|
||||
|
||||
$this->_lastRequestID = $logoutRequest->id;
|
||||
|
||||
|
|
|
@ -34,16 +34,21 @@ class OneLogin_Saml2_LogoutRequest
|
|||
/**
|
||||
* Constructs the Logout Request object.
|
||||
*
|
||||
* @param OneLogin_Saml2_Settings $settings Settings
|
||||
* @param string|null $request A UUEncoded Logout Request.
|
||||
* @param string|null $nameId The NameID that will be set in the LogoutRequest.
|
||||
* @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
|
||||
* @param OneLogin_Saml2_Settings $settings Settings
|
||||
* @param string|null $request A UUEncoded Logout Request.
|
||||
* @param string|null $nameId The NameID that will be set in the LogoutRequest.
|
||||
* @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
|
||||
* @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
|
||||
*/
|
||||
public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null)
|
||||
public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null)
|
||||
{
|
||||
|
||||
$this->_settings = $settings;
|
||||
|
||||
$baseURL = $this->_settings->getBaseURL();
|
||||
if (!empty($baseURL)) {
|
||||
OneLogin_Saml2_Utils::setBaseURL($baseURL);
|
||||
}
|
||||
|
||||
if (!isset($request) || empty($request)) {
|
||||
|
||||
$spData = $this->_settings->getSPData();
|
||||
|
@ -62,7 +67,9 @@ class OneLogin_Saml2_LogoutRequest
|
|||
}
|
||||
|
||||
if (!empty($nameId)) {
|
||||
$nameIdFormat = $spData['NameIDFormat'];
|
||||
if (empty($nameIdFormat)) {
|
||||
$nameIdFormat = $spData['NameIDFormat'];
|
||||
}
|
||||
$spNameQualifier = null;
|
||||
} else {
|
||||
$nameId = $idpData['entityId'];
|
||||
|
|
|
@ -41,6 +41,12 @@ class OneLogin_Saml2_LogoutResponse
|
|||
public function __construct(OneLogin_Saml2_Settings $settings, $response = null)
|
||||
{
|
||||
$this->_settings = $settings;
|
||||
|
||||
$baseURL = $this->_settings->getBaseURL();
|
||||
if (!empty($baseURL)) {
|
||||
OneLogin_Saml2_Utils::setBaseURL($baseURL);
|
||||
}
|
||||
|
||||
if ($response) {
|
||||
$decoded = base64_decode($response);
|
||||
$inflated = @gzinflate($decoded);
|
||||
|
|
|
@ -56,6 +56,11 @@ class OneLogin_Saml2_Response
|
|||
{
|
||||
$this->_settings = $settings;
|
||||
|
||||
$baseURL = $this->_settings->getBaseURL();
|
||||
if (!empty($baseURL)) {
|
||||
OneLogin_Saml2_Utils::setBaseURL($baseURL);
|
||||
}
|
||||
|
||||
$this->response = base64_decode($response);
|
||||
|
||||
$this->document = new DOMDocument();
|
||||
|
@ -479,6 +484,21 @@ class OneLogin_Saml2_Response
|
|||
return $nameIdvalue;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the NameID Format provided by the SAML response from the IdP.
|
||||
*
|
||||
* @return string Name ID Format
|
||||
*/
|
||||
public function getNameIdFormat()
|
||||
{
|
||||
$nameIdFormat = null;
|
||||
$nameIdData = $this->getNameIdData();
|
||||
if (!empty($nameIdData) && isset($nameIdData['Format'])) {
|
||||
$nameIdFormat = $nameIdData['Format'];
|
||||
}
|
||||
return $nameIdFormat;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the SessionNotOnOrAfter from the AuthnStatement.
|
||||
* Could be used to set the local session expiration
|
||||
|
@ -844,9 +864,21 @@ class OneLogin_Saml2_Response
|
|||
|
||||
# Fix possible issue with saml namespace
|
||||
if (!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') &&
|
||||
!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2') &&
|
||||
!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns') &&
|
||||
!$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml')) {
|
||||
$decrypted->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns', OneLogin_Saml2_Constants::NS_SAML);
|
||||
!$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') &&
|
||||
!$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2')
|
||||
) {
|
||||
|
||||
if (strpos($encryptedAssertion->tagName, 'saml2:') !== false) {
|
||||
$ns = 'xmlns:saml2';
|
||||
} else if (strpos($encryptedAssertion->tagName, 'saml:') != false) {
|
||||
$ns = 'xmlns:saml';
|
||||
} else {
|
||||
$ns = 'xmlns';
|
||||
}
|
||||
|
||||
$decrypted->setAttributeNS('http://www.w3.org/2000/xmlns/', $ns, OneLogin_Saml2_Constants::NS_SAML);
|
||||
}
|
||||
|
||||
$container->replaceChild($decrypted, $encryptedAssertion);
|
||||
|
|
|
@ -14,6 +14,11 @@ class OneLogin_Saml2_Settings
|
|||
*/
|
||||
private $_paths = array();
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $_baseurl;
|
||||
|
||||
/**
|
||||
* Strict. If active, PHP Toolkit will reject unsigned or unencrypted messages
|
||||
* if it expects them signed or encrypted. If not, the messages will be accepted
|
||||
|
@ -240,6 +245,10 @@ class OneLogin_Saml2_Settings
|
|||
$this->_debug = $settings['debug'];
|
||||
}
|
||||
|
||||
if (isset($settings['baseurl'])) {
|
||||
$this->_baseurl = $settings['baseurl'];
|
||||
}
|
||||
|
||||
if (isset($settings['compress'])) {
|
||||
$this->_compress = $settings['compress'];
|
||||
}
|
||||
|
@ -940,6 +949,24 @@ class OneLogin_Saml2_Settings
|
|||
return $this->_debug;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set a baseurl value.
|
||||
*/
|
||||
public function setBaseURL($baseurl)
|
||||
{
|
||||
$this->_baseurl = $baseurl;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the baseurl set on the settings if any.
|
||||
*
|
||||
* @return null|string The baseurl
|
||||
*/
|
||||
public function getBaseURL()
|
||||
{
|
||||
return $this->_baseurl;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the IdP certificate.
|
||||
*
|
||||
|
|
|
@ -16,6 +16,28 @@ class OneLogin_Saml2_Utils
|
|||
*/
|
||||
private static $_proxyVars = false;
|
||||
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private static $_host;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private static $_protocol;
|
||||
|
||||
/**
|
||||
* @var int
|
||||
*/
|
||||
private static $_port;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private static $_baseurlpath;
|
||||
|
||||
|
||||
/**
|
||||
* Translates any string. Accepts args
|
||||
*
|
||||
|
@ -233,7 +255,7 @@ class OneLogin_Saml2_Utils
|
|||
}
|
||||
|
||||
/* Verify that the URL is to a http or https site. */
|
||||
if (!preg_match('@^https?://@i', $url)) {
|
||||
if (!preg_match('@^https?:\/\/@i', $url)) {
|
||||
throw new OneLogin_Saml2_Error(
|
||||
'Redirect to invalid URL: ' . $url,
|
||||
OneLogin_Saml2_Error::REDIRECT_INVALID_URL
|
||||
|
@ -280,6 +302,41 @@ class OneLogin_Saml2_Utils
|
|||
exit();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $baseurl string The base url to be used when constructing URLs
|
||||
*/
|
||||
public static function setBaseURL($baseurl)
|
||||
{
|
||||
if (!empty($baseurl)) {
|
||||
$baseurlpath = '/';
|
||||
if (preg_match('#^https?:\/\/([^\/]*)\/?(.*)#i', $baseurl, $matches)) {
|
||||
if (strpos($baseurl, 'https://') === false) {
|
||||
self::setSelfProtocol('http');
|
||||
$port = '80';
|
||||
} else {
|
||||
self::setSelfProtocol('https');
|
||||
$port = '443';
|
||||
}
|
||||
|
||||
$currentHost = $matches[1];
|
||||
if (false !== strpos($currentHost, ':')) {
|
||||
list($currentHost, $possiblePort) = explode(':', $matches[1], 2);
|
||||
if (is_numeric($possiblePort)) {
|
||||
$port = $possiblePort;
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($matches[2]) && !empty($matches[2])) {
|
||||
$baseurlpath = $matches[2];
|
||||
}
|
||||
|
||||
self::setSelfHost($currentHost);
|
||||
self::setSelfPort($port);
|
||||
self::setBaseURLPath($baseurlpath);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $proxyVars bool Whether to use `X-Forwarded-*` headers to determine port/domain/protocol
|
||||
*/
|
||||
|
@ -323,12 +380,44 @@ class OneLogin_Saml2_Utils
|
|||
return $protocol."://" . $currenthost . $port;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $host string The host to use when constructing URLs
|
||||
*/
|
||||
public static function setSelfHost($host)
|
||||
{
|
||||
self::$_host = $host;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $baseurlpath string The baseurl path to use when constructing URLs
|
||||
*/
|
||||
public static function setBaseURLPath($baseurlpath)
|
||||
{
|
||||
if (empty($baseurlpath) || $baseurlpath == '/') {
|
||||
$baseurlpath = '/';
|
||||
} else {
|
||||
self::$_baseurlpath = '/' . trim($baseurlpath, '/') . '/';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* return string The baseurlpath to be used when constructing URLs
|
||||
*/
|
||||
public static function getBaseURLPath()
|
||||
{
|
||||
return self::$_baseurlpath;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string The raw host name
|
||||
*/
|
||||
protected static function getRawHost()
|
||||
{
|
||||
if (array_key_exists('HTTP_HOST', $_SERVER)) {
|
||||
if (self::$_host) {
|
||||
$currentHost = self::$_host;
|
||||
} elseif (self::getProxyVars() && array_key_exists('HTTP_X_FORWARDED_HOST', $_SERVER)) {
|
||||
$currentHost = $_SERVER['HTTP_X_FORWARDED_HOST'];
|
||||
} elseif (array_key_exists('HTTP_HOST', $_SERVER)) {
|
||||
$currentHost = $_SERVER['HTTP_HOST'];
|
||||
} elseif (array_key_exists('SERVER_NAME', $_SERVER)) {
|
||||
$currentHost = $_SERVER['SERVER_NAME'];
|
||||
|
@ -342,6 +431,40 @@ class OneLogin_Saml2_Utils
|
|||
return $currentHost;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $port int The port number to use when constructing URLs
|
||||
*/
|
||||
public static function setSelfPort($port)
|
||||
{
|
||||
self::$_port = $port;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $protocol string The protocol to identify as using, usually http or https
|
||||
*/
|
||||
public static function setSelfProtocol($protocol)
|
||||
{
|
||||
self::$_protocol = $protocol;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string http|https
|
||||
*/
|
||||
public static function getSelfProtocol()
|
||||
{
|
||||
$protocol = 'http';
|
||||
if (self::$_protocol) {
|
||||
$protocol = self::$_protocol;
|
||||
} elseif (self::getSelfPort() == 443) {
|
||||
$protocol = 'https';
|
||||
} elseif (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
|
||||
$protocol = $_SERVER['HTTP_X_FORWARDED_PROTO'];
|
||||
} elseif (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
|
||||
$protocol = 'https';
|
||||
}
|
||||
return $protocol;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the current host.
|
||||
*
|
||||
|
@ -365,7 +488,9 @@ class OneLogin_Saml2_Utils
|
|||
public static function getSelfPort()
|
||||
{
|
||||
$portnumber = null;
|
||||
if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) {
|
||||
if (self::$_port) {
|
||||
$portnumber = self::$_port;
|
||||
} else if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) {
|
||||
$portnumber = $_SERVER["HTTP_X_FORWARDED_PORT"];
|
||||
} else if (isset($_SERVER["SERVER_PORT"])) {
|
||||
$portnumber = $_SERVER["SERVER_PORT"];
|
||||
|
@ -390,10 +515,7 @@ class OneLogin_Saml2_Utils
|
|||
*/
|
||||
public static function isHTTPS()
|
||||
{
|
||||
$isHttps = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
|
||||
|| (self::getSelfPort() == 443)
|
||||
|| (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
|
||||
return $isHttps;
|
||||
return self::getSelfProtocol() == 'https';
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -403,12 +525,19 @@ class OneLogin_Saml2_Utils
|
|||
*/
|
||||
public static function getSelfURLNoQuery()
|
||||
{
|
||||
$selfURLNoQuery = self::getSelfURLhost();
|
||||
|
||||
$infoWithBaseURLPath = self::buildWithBaseURLPath($_SERVER['SCRIPT_NAME']);
|
||||
if (!empty($infoWithBaseURLPath)) {
|
||||
$selfURLNoQuery .= $infoWithBaseURLPath;
|
||||
} else {
|
||||
$selfURLNoQuery .= $_SERVER['SCRIPT_NAME'];
|
||||
}
|
||||
|
||||
$selfURLhost = self::getSelfURLhost();
|
||||
$selfURLNoQuery = $selfURLhost . $_SERVER['SCRIPT_NAME'];
|
||||
if (isset($_SERVER['PATH_INFO'])) {
|
||||
$selfURLNoQuery .= $_SERVER['PATH_INFO'];
|
||||
}
|
||||
|
||||
return $selfURLNoQuery;
|
||||
}
|
||||
|
||||
|
@ -419,9 +548,9 @@ class OneLogin_Saml2_Utils
|
|||
*/
|
||||
public static function getSelfRoutedURLNoQuery()
|
||||
{
|
||||
|
||||
$selfURLhost = self::getSelfURLhost();
|
||||
$route = '';
|
||||
|
||||
if (!empty($_SERVER['REQUEST_URI'])) {
|
||||
$route = $_SERVER['REQUEST_URI'];
|
||||
if (!empty($_SERVER['QUERY_STRING'])) {
|
||||
|
@ -432,6 +561,11 @@ class OneLogin_Saml2_Utils
|
|||
}
|
||||
}
|
||||
|
||||
$infoWithBaseURLPath = self::buildWithBaseURLPath($route);
|
||||
if (!empty($infoWithBaseURLPath)) {
|
||||
$route = $infoWithBaseURLPath;
|
||||
}
|
||||
|
||||
$selfRoutedURLNoQuery = $selfURLhost . $route;
|
||||
return $selfRoutedURLNoQuery;
|
||||
}
|
||||
|
@ -449,14 +583,42 @@ class OneLogin_Saml2_Utils
|
|||
if (!empty($_SERVER['REQUEST_URI'])) {
|
||||
$requestURI = $_SERVER['REQUEST_URI'];
|
||||
if ($requestURI[0] !== '/') {
|
||||
if (preg_match('#^https?://[^/]*(/.*)#i', $requestURI, $matches)) {
|
||||
if (preg_match('#^https?:\/\/[^\/]*(\/.*)#i', $requestURI, $matches)) {
|
||||
$requestURI = $matches[1];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$infoWithBaseURLPath = self::buildWithBaseURLPath($requestURI);
|
||||
if (!empty($infoWithBaseURLPath)) {
|
||||
$requestURI = $infoWithBaseURLPath;
|
||||
}
|
||||
|
||||
return $selfURLhost . $requestURI;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the part of the URL with the BaseURLPath.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected static function buildWithBaseURLPath($info)
|
||||
{
|
||||
$result = '';
|
||||
$baseURLPath = self::getBaseURLPath();
|
||||
if (!empty($baseURLPath)) {
|
||||
$result = $baseURLPath;
|
||||
if (!empty($info)) {
|
||||
$path = explode('/', $info);
|
||||
$extractedInfo = array_pop($path);
|
||||
if (!empty($extractedInfo)) {
|
||||
$result .= $extractedInfo;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Extract a query param - as it was sent - from $_SERVER[QUERY_STRING]
|
||||
*
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"php-saml": {
|
||||
"version": "2.10.1",
|
||||
"released": "26/10/2016"
|
||||
"version": "2.10.2",
|
||||
"released": "15/11/2016"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -10,6 +10,12 @@ $settings = array (
|
|||
// Enable debug mode (to print errors)
|
||||
'debug' => false,
|
||||
|
||||
// Set a BaseURL to be used instead of try to guess
|
||||
// the BaseURL of the view that process the SAML Message.
|
||||
// Ex. http://sp.example.com/
|
||||
// http://example.com/sp/
|
||||
'baseurl' => null,
|
||||
|
||||
// Service Provider Data that we are deploying
|
||||
'sp' => array (
|
||||
// Identifier of the SP entity (must be a URI)
|
||||
|
|
Loading…
Reference in a new issue