-
Notifications
You must be signed in to change notification settings - Fork 135
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5,170 changed files
with
501,466 additions
and
1,550 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| vendor/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "default": true, | ||
| "MD013": false | ||
| } |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| # ADFS Module | ||
|
|
||
|  | ||
| [](https://scrutinizer-ci.com/g/simplesamlphp/simplesamlphp-module-adfs/?branch=master) | ||
| [](https://codecov.io/gh/simplesamlphp/simplesamlphp-module-adfs) | ||
| [](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-adfs) | ||
|
|
||
| ## Install | ||
|
|
||
| Install with composer | ||
|
|
||
| ```bash | ||
| vendor/bin/composer require simplesamlphp/simplesamlphp-module-adfs | ||
| ``` | ||
|
|
||
| ## Configuration | ||
|
|
||
| Next thing you need to do is to enable the module: in | ||
| `config.php`, search for the `module.enable` key and set `adfs` to true: | ||
|
|
||
| ```php | ||
| 'module.enable' => [ | ||
| 'adfs' => true, | ||
| … | ||
| ], | ||
| ``` | ||
|
|
||
| View samples in `metadata-templates` for defining your idp and any relying | ||
| parties/sps. | ||
|
|
||
| ### Tips for admins new to WS-Fed | ||
|
|
||
| * A `realm` is similar to an entityId from SAML. `adfs-sp-remote.php` metadata | ||
| array is based on `realm`. An IP STS is similar to an IdP. | ||
|
|
||
| * Some WS-Fed Relying Party applications want the assertion lifetime to be | ||
| longer than the application's session lifetime. If not, the application will | ||
| send the user to the IdP to login again, hoping for a longer lived assertion. | ||
| SSP's default assertion lifetime is 5 minutes while SharePoint, by default, | ||
| wants 10 minutes. Use the `assertion.lifetime` in `adfs-sp-remote.php` to set | ||
| the time greater than that set in SharePoint (which can be configured by | ||
| adjusting `LogonTokenCacheExpirationWindow`) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| { | ||
| "name": "simplesamlphp/simplesamlphp-module-adfs", | ||
| "description": "A module that implements the WS-federation IDP", | ||
| "type": "simplesamlphp-module", | ||
| "keywords": ["simplesamlphp", "adfs"], | ||
| "license": "LGPL-2.1-or-later", | ||
| "authors": [ | ||
| { | ||
| "name": "Tim van Dijen", | ||
| "email": "tvdijen@gmail.com" | ||
| } | ||
| ], | ||
| "config": { | ||
| "preferred-install": { | ||
| "simplesamlphp/simplesamlphp": "source", | ||
| "*": "dist" | ||
| }, | ||
| "allow-plugins": { | ||
| "composer/package-versions-deprecated": true, | ||
| "simplesamlphp/composer-module-installer": true, | ||
| "dealerdirect/phpcodesniffer-composer-installer": true, | ||
| "phpstan/extension-installer": true | ||
| } | ||
| }, | ||
| "autoload": { | ||
| "psr-4": { | ||
| "SimpleSAML\\Module\\adfs\\": "src/" | ||
| } | ||
| }, | ||
| "autoload-dev": { | ||
| "psr-4": { | ||
| "SimpleSAML\\Test\\Utils\\": "vendor/simplesamlphp/simplesamlphp/tests/Utils" | ||
| } | ||
| }, | ||
| "require": { | ||
| "php": "^8.1", | ||
| "ext-dom": "*", | ||
|
|
||
| "robrichards/xmlseclibs": "^3.1", | ||
| "simplesamlphp/composer-module-installer": "^1.3.2", | ||
| "simplesamlphp/assert": "^1.0", | ||
| "simplesamlphp/saml2-legacy": "^4.6", | ||
| "simplesamlphp/simplesamlphp": "^2.3", | ||
| "simplesamlphp/xml-security": "^1.6", | ||
| "symfony/http-foundation": "^6.4" | ||
| }, | ||
| "require-dev": { | ||
| "simplesamlphp/simplesamlphp-test-framework": "^1.5.4" | ||
| }, | ||
| "support": { | ||
| "issues": "https://github.com/simplesamlphp/simplesamlphp-module-adfs/issues", | ||
| "source": "https://github.com/simplesamlphp/simplesamlphp-module-adfs" | ||
| }, | ||
| "extra": { | ||
| "branch-alias": { | ||
| "dev-master": "2.1.x-dev" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| # ADFS Module | ||
|
|
||
| Enables AD FS IdP | ||
| Compatible with VS 2012 Identity and Access | ||
|
|
||
| Basic Setup Companion based on [SimpleSAMLphp IDP configuration][docs] | ||
|
|
||
| 1. Enabling the Identity Provider functionality | ||
|
|
||
| In config/config.php, the option will be: | ||
| 'enable.adfs-idp' => true | ||
|
|
||
| 2. Authentication module | ||
|
|
||
| Follow as is. | ||
|
|
||
| 3. Configuring the authentication module | ||
|
|
||
| Next thing you need to do is to enable the module: in `config.php`, | ||
| search for the `module.enable` key and set `adfs` to true: | ||
|
|
||
| ```php | ||
| 'module.enable' => [ | ||
| 'adfs' => true, | ||
| … | ||
| ], | ||
| ``` | ||
|
|
||
| 4. Configuring the IdP | ||
|
|
||
| ADFS IdP is configured by metadata stored in /metadata/adfs-idp-hosted.php | ||
| and metadata/adfs-sp-remote.php | ||
|
|
||
| If they are not present, copy them from /metadata-templates to the metadata | ||
| directory. | ||
|
|
||
| 5. Using the uri NameFormat on attributes | ||
|
|
||
| WS-FED likes a few parameters to be very specifically named. This is | ||
| especially true if .net clients will be treating this as a Microsoft ADFS | ||
| IdP. | ||
|
|
||
| The recommended settings for /metadata/adfs-idp-hosted.php is: | ||
|
|
||
| ```php | ||
| 'authproc' => [ | ||
| // Convert LDAP names to WS-Fed Claims. | ||
| 100 => ['class' => 'core:AttributeMap', 'name2claim'], | ||
| ], | ||
| ``` | ||
|
|
||
| 6. Adding SPs to the IdP | ||
|
|
||
| The minimal configuration for /metadata/adfs-sp-remote.php is: | ||
|
|
||
| ```php | ||
| $metadata['urn:federation:localhost'] = [ | ||
| 'prp' => 'https://localhost/adfs/ls/', | ||
| ]; | ||
| ``` | ||
|
|
||
| 7. Creating a SSL self signed certificate | ||
|
|
||
| Follow as is. | ||
|
|
||
| 8. Adding this IdP to other SPs | ||
|
|
||
| Metadata should be available from /module.php/adfs/idp/metadata.php | ||
|
|
||
| 9. This module tries its best to emulate a Microsoft ADFS endpoint, and as | ||
| such, it is simplest to test using a .net client. | ||
|
|
||
| To build the test client, follow the tutorial from [Microsoft][ms_docs]. | ||
|
|
||
| This will build a .net app that uses a dev machine running STS (their name for | ||
| an IdP). | ||
|
|
||
| To point to your SimpleSamlPHP ADFS IdP, in VS 2012: | ||
|
|
||
| a. Right-click the project in Solution Explorer and select the Identity and | ||
| Access option. | ||
|
|
||
| b. In the Identity and Access Window, Select Use a business identity | ||
| provider. | ||
|
|
||
| c. Under “Enter the path to the STS metadata document” enter the url you have | ||
|
|
||
| from step 8. Something like | ||
| `https://.../module.php/adfs/idp/metadata.php` | ||
|
|
||
| d. Click Ok | ||
|
|
||
| For more information in regards to [.NET][dotnet] | ||
|
|
||
| [dotnet]: http://msdn.microsoft.com/en-us/library/hh377151.aspx | ||
| [docs]: http://simplesamlphp.org/docs/stable/simplesamlphp-idp | ||
| [ms_docs]: http://code.msdn.microsoft.com/Claims-Aware-Web-d94a89ca |
15 changes: 15 additions & 0 deletions
15
.extlib/simplesamlphp/modules/adfs/metadata/adfs-idp-hosted.php.dist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| <?php | ||
|
|
||
| $metadata['__DYNAMIC:1__'] = [ | ||
| 'host' => '__DEFAULT__', | ||
| 'privatekey' => 'server.pem', | ||
| 'certificate' => 'server.crt', | ||
| // Some WS-Fed relying parties applications set the session lifetime to the assertion lifetime | ||
| // 'assertion.lifetime' => 3600, | ||
|
|
||
| 'auth' => 'example-userpass', | ||
| 'authproc' => [ | ||
| // Convert LDAP names to WS-Fed Claims. | ||
| 100 => ['class' => 'core:AttributeMap', 'name2claim'], | ||
| ], | ||
| ]; |
14 changes: 14 additions & 0 deletions
14
.extlib/simplesamlphp/modules/adfs/metadata/adfs-sp-remote.php.dist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| <?php | ||
|
|
||
| $metadata['urn:federation:localhost'] = [ | ||
| 'prp' => 'https://localhost/adfs/ls/', | ||
| 'simplesaml.nameidattribute' => 'uid', | ||
| // Some WS-Fed relying parties applications set the session lifetime to the assertion lifetime | ||
| // 'assertion.lifetime' => 3600, | ||
| 'authproc' => [ | ||
| 50 => [ | ||
| 'class' => 'core:AttributeLimit', | ||
| 'cn', 'mail', 'uid', 'eduPersonAffiliation', | ||
| ], | ||
| ], | ||
| ]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| <?xml version="1.0"?> | ||
| <psalm | ||
| name="SimpleSAMLphp testsuite" | ||
| useDocblockTypes="true" | ||
| errorLevel="4" | ||
| reportMixedIssues="false" | ||
| hideExternalErrors="true" | ||
| allowStringToStandInForClass="true" | ||
| > | ||
| <projectFiles> | ||
| <directory name="tests" /> | ||
|
|
||
| <!-- Ignore certain directories --> | ||
| <ignoreFiles> | ||
| <directory name="vendor" /> | ||
| </ignoreFiles> | ||
| </projectFiles> | ||
|
|
||
| <issueHandlers> | ||
| <!-- Ignore UnresolvableInclude on CLI-scripts --> | ||
| <UnresolvableInclude> | ||
| <errorLevel type="suppress"> | ||
| <file name="tests/bootstrap.php" /> | ||
| </errorLevel> | ||
| </UnresolvableInclude> | ||
| </issueHandlers> | ||
| </psalm> |
3 changes: 3 additions & 0 deletions
3
.extlib/simplesamlphp/modules/adfs/public/assets/js/postResponse.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| document.addEventListener('DOMContentLoaded', function () { | ||
| document.forms[0].submit(); | ||
| }); |
29 changes: 29 additions & 0 deletions
29
.extlib/simplesamlphp/modules/adfs/routing/routes/routes.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| --- | ||
|
|
||
| adfs-metadata: | ||
| path: /metadata | ||
| defaults: { | ||
| _controller: 'SimpleSAML\Module\adfs\Controller\Adfs::metadata' | ||
| } | ||
| methods: [GET] | ||
|
|
||
| adfs-prp: | ||
| path: /prp | ||
| defaults: { | ||
| _controller: 'SimpleSAML\Module\adfs\Controller\Adfs::prp' | ||
| } | ||
| methods: [GET] | ||
|
|
||
| adfs-metadata-legacy: | ||
| path: /idp/metadata.php | ||
| defaults: { | ||
| _controller: 'SimpleSAML\Module\adfs\Controller\Adfs::metadata' | ||
| } | ||
| methods: [GET] | ||
|
|
||
| adfs-prp-legacy: | ||
| path: /idp/prp.php | ||
| defaults: { | ||
| _controller: 'SimpleSAML\Module\adfs\Controller\Adfs::prp' | ||
| } | ||
| methods: [GET] |
Oops, something went wrong.