diff --git a/.gitignore b/.gitignore
index 1dbeb38..cb2c4db 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,10 +1,9 @@
-sp.key
-sp.crt
-vendor
-tmp
-www/settings.php
-www2/settings.php
-config.yaml
.directory
+.vscode
+.DS_Store
AuthnRequest.patched
LogoutRequest.patched
+vendor
+example/sp.key
+example/sp.crt
+example/idp_metadata/*.xml
diff --git a/AuthnRequest.diff b/AuthnRequest.diff
index e11c2e7..2aea923 100644
--- a/AuthnRequest.diff
+++ b/AuthnRequest.diff
@@ -1,9 +1,13 @@
-56,57c56
+72,73c72
< Format="{$nameIDPolicyFormat}"
< AllowCreate="true" />
---
> Format="{$nameIDPolicyFormat}" />
-130c129
+143,145c142,144
+< ProtocolBinding="{$spData['assertionConsumerService']['binding']}"
+< AssertionConsumerServiceURL="{$acsUrl}">
<
_Compliance with [SPID regulations](http://www.agid.gov.it/sites/default/files/circolari/spid-regole_tecniche_v1.pdf) (for Service Providers)_|status (! = TODO)|comments|
|:---|:---|:---|
@@ -73,84 +91,143 @@ Alternative SDK: [spid-php](https://github.com/italia/spid-php) based on [Simple
|generation of AttributeQuery XML||Attribute Authority is unsupported|
|SOAP binding (client)||Attribute Authority is unsupported|
-## Prerequisites
+## Repository layout
-Tested on Debian 10.x buster with PHP 7.2.
+* [bin/](bin/) auxiliary scripts
+* [example/](example/) contains a demo application
+* [src/](src/) contains the implementation
+* [test/](test/) will contain the unit tests
-Perform these steps to install the prerequisites:
-```
+## Getting Started
+
+Tested on Debian 9.5 (stretch, current stable) and 10 (buster, current unstable) with PHP 7-0-7.2.
+
+### Prerequisites
+
+```sh
sudo apt install composer make openssl php-curl php-zip php-xml
```
-if you have PHP <= 7.1 (i.e. Debian 9.4 stretch or earlier), then you also need:
-```
-apt install php-mcrypt
-```
-Then install PHP dependencies; if you have PHP 7.2 (i.e. Debian 10.x buster):
+### Configuring and Installing
+
+Before using this package, you must:
+
+1. Install prerequisites with composer
+
+2. Download and verify the Identity Provider (IdP) metadata files; it is advised to place them in a separate directory, for example [example/idp_metadata/](example/idp_metadata/). A convenience tool is provided for this purpose: [bin/download_idp_metadata.php](bin/download_idp_metadata.php).
+
+3. Generate key and certificate for the Service Provider (SP) and patch the php-saml package to comply with the SPID standard. To do that, you can use the provided [Makefile](Makefile).
+
+All steps can be performed with:
+```sh
+composer install --no-dev
+pushd example && ../bin/download_idp_metadata.php && popd
+make
```
-composer install
+
+**NOTE**: during testing, it is highly adviced to use the test Identity Provider [spid-testenv2](https://github.com/italia/spid-testenv2).
+
+### Usage
+
+All classes provided by this package reside in the `Italia\Spid2` namespace.
+
+Load them using the composer-generated autoloader:
+```php
+require_once(__DIR__ . "/../vendor/autoload.php");
```
-if you have PHP <= 7.1 (i.e. Debian 9.4 stretch or earlier), then use the v2.x branch of php-saml:
+
+The main class is `Italia\Spid2\Sp` (service provider), sample instantiation:
+
+```php
+$base = "http://localhost:8000";
+$settings = [
+ 'spEntityId' => $base,
+ 'spAcsUrl' => $base . "/acs.php",
+ 'spSloUrl' => $base . "/logout.php",
+ 'spKeyFile' => "./sp.key",
+ 'spCrtFile' => "./sp.crt",
+ 'idpMetadataFolderPath' => $home . "/idp_metadata",
+ 'idpList' => array(
+ 'testenv2'
+ )
+ ];
+$sp = new Italia\Spid2\Sp($settings);
```
-rm composer.*
-composer require onelogin/php-saml
-composer require twig/twig
-composer require symfony/yaml
+
+The service provider is now ready for use, as in:
+```php
+$idp_name = 'idp_1';
+$return_to = 'https://example.com/return_to_url';
+$spid_level = 1;
+$sp->login($idp_name, $return_to, $spid_level);
+$attributes = $sp->getAttributes();
+var_dump($attributes);
+$sp->logout();
```
-## Demo
+### Example
-The demo is based on php-saml demo1.
+A basic demo application is provided in the [example/](example/) directory.
-To set it up and run it:
+To use:
-1. copy `config.yaml.example` to `config.yaml` and customize it as required (you should at least set `idp_metadata_url` to match your IDP metadata endpoint)
+1. in `example/settings.php`:
-2. auto-configure:
- ```
- make
- ```
+ - adapt the base url (`$base`) to your needs (use am IP address or a hostname that is visible to the IdP)
+ - make sure the IdP metadata corresponding to the IdPs listed in the `idpList` key are present in `example/idp_metadata`
+
+2. in `example/login.php` change the IdP that will be used to login
3. Start PHP's builtin webserver in the root of the repo:
- ```
- php -S localhost:8000 -t www
- ```
- if you have php-saml v2.x (i.e. Debian 9.4 stretch), then run it from the www2 dir:
- ```
- php -S localhost:8000 -t www2
+ ```sh
+ php -S 0.0.0.0:8000 -t example
```
-4. visit http://localhost:8000/metadata.php to get the SP (Service Provider) metadata, then copy these over to the IDP
+4. visit http://localhost:8000/metadata.php to get the SP (Service Provider) metadata, then copy these over to the IdP
5. visit: http://localhost:8000 and click `login`.
+This screencast shows what you should see if all goes well:
+
+![img](images/screencast.gif)
+
## Troubleshooting
-- install a browser plugin to trace SAML messages:
+It is advised to install a browser plugin to trace SAML messages:
- - Firefox:
+- Firefox:
- - [SAML-tracer by Olav Morken, Jaime Perez](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/)
- - [SAML Message Decoder by Magnus Suther](https://addons.mozilla.org/en-US/firefox/addon/saml-message-decoder-extension/)
+ - [SAML-tracer by Olav Morken, Jaime Perez](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/)
+ - [SAML Message Decoder by Magnus Suther](https://addons.mozilla.org/en-US/firefox/addon/saml-message-decoder-extension/)
- - Chrome/Chromium:
+- Chrome/Chromium:
- - [SAML Message Decoder by Magnus Suther](https://chrome.google.com/webstore/detail/saml-message-decoder/mpabchoaimgbdbbjjieoaeiibojelbhm)
- - [SAML Chrome Panel by MLai](https://chrome.google.com/webstore/detail/saml-chrome-panel/paijfdbeoenhembfhkhllainmocckace)
- - [SAML DevTools extension by stefan.rasmusson.as](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio)
+ - [SAML Message Decoder by Magnus Suther](https://chrome.google.com/webstore/detail/saml-message-decoder/mpabchoaimgbdbbjjieoaeiibojelbhm)
+ - [SAML Chrome Panel by MLai](https://chrome.google.com/webstore/detail/saml-chrome-panel/paijfdbeoenhembfhkhllainmocckace)
+ - [SAML DevTools extension by stefan.rasmusson.as](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio)
-- use the [SAML Developer Tools](https://www.samltool.com/online_tools.php) provided by onelogin to understand what is going on
+In addition, you can use the [SAML Developer Tools](https://www.samltool.com/online_tools.php) provided by onelogin to understand what is going on
-## Contributing
+## Testing
+
+### Unit tests
+
+TODO
+
+Unit tests will be performed with PHPunit.
-Your code **should** comply with the [PSR-2: Coding Style Guide](https://www.php-fig.org/psr/psr-2/).
-Check your changes with:
+### Linting
+
+This project complies with the [PSR-2: Coding Style Guide](https://www.php-fig.org/psr/psr-2/).
+
+Lint the code with:
```
-./vendor/bin/phpcs --standard=PSR2 bin/configure.php
-...
+./vendor/bin/phpcs --standard=PSR2 xxx.php
```
-You **must** use the [git-flow workflow](https://danielkummer.github.io/git-flow-cheatsheet/).
+## Contributing
+
+For your contributions please use the [git-flow workflow](https://danielkummer.github.io/git-flow-cheatsheet/).
## Legalese
diff --git a/bin/configure.php b/bin/configure.php
deleted file mode 100755
index c64a027..0000000
--- a/bin/configure.php
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/usr/bin/php
- './tmp',
-));
-$template = $twig->load('settings.tpl');
-
-// read configuration
-$yaml = \Symfony\Component\Yaml\Yaml::parseFile('config.yaml');
-foreach ($yaml as $k => $v) {
- $$k = $v;
-}
-
-# read SP key and cert from the files generated by openssl
-$sp_key_raw = file_get_contents($sp_key_file);
-$sp_cert_raw = file_get_contents($sp_cert_file);
-
-# get rid of '-----' lines
-function clean_openssl($k)
-{
- $ck = '';
- foreach (preg_split("/((\r?\n)|(\r\n?))/", $k) as $l) {
- if (strpos($l, '-----') === false) {
- $ck .= $l;
- }
- }
- return $ck;
-}
-
-$sp_key = clean_openssl($sp_key_raw);
-$sp_cert = clean_openssl($sp_cert_raw);
-
-# retrieve the IDP metadata and extract information
-$ch = curl_init();
-curl_setopt($ch, CURLOPT_URL, $idp_metadata_url);
-curl_setopt($ch, CURLOPT_FAILONERROR, 1);
-curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
-curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-curl_setopt($ch, CURLOPT_TIMEOUT, 15);
-curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
-curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
-$data = curl_exec($ch);
-curl_close($ch);
-$xml = new SimpleXMLElement($data);
-$idp_entityid = $xml->xpath('//ns0:EntityDescriptor/@entityID')[0];
-$idp_sso = $xml->xpath('//ns0:SingleSignOnService/@Location')[0];
-$idp_slo = $xml->xpath('//ns0:SingleLogoutService/@Location')[0];
-$idp_cert = $xml->xpath('//ns1:X509Certificate')[0];
-
-echo $template->render(array(
- 'sp_base' => $sp_base,
- 'sp_cert' => $sp_cert,
- 'sp_key' => $sp_key,
- 'idp_entityid' => $idp_entityid,
- 'idp_sso' => $idp_sso,
- 'idp_slo' => $idp_slo,
- 'idp_cert' => $idp_cert,
-));
diff --git a/bin/download_idp_metadata.php b/bin/download_idp_metadata.php
new file mode 100755
index 0000000..5c51844
--- /dev/null
+++ b/bin/download_idp_metadata.php
@@ -0,0 +1,39 @@
+#!/usr/bin/php
+
+// License: BSD 3-Clause
+
+$idp_list_url = 'https://registry.spid.gov.it/assets/data/idp.json';
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, $idp_list_url);
+curl_setopt($ch, CURLOPT_FAILONERROR, 1);
+curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($ch, CURLOPT_TIMEOUT, 15);
+echo "Contacting $idp_list_url" . PHP_EOL;
+$json = curl_exec($ch);
+curl_close($ch);
+$idps = json_decode($json);
+
+foreach ($idps->data as $idp) {
+ $metadata_url = $idp->metadata_url;
+ $ipa_entity_code = $idp->ipa_entity_code;
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $metadata_url);
+ curl_setopt($ch, CURLOPT_FAILONERROR, 1);
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($ch, CURLOPT_TIMEOUT, 15);
+ echo "Contacting $metadata_url" . PHP_EOL;
+ $xml = curl_exec($ch);
+ curl_close($ch);
+ $file = "idp_metadata/$ipa_entity_code.xml";
+ file_put_contents($file, $xml);
+}
diff --git a/composer.json b/composer.json
index b598c44..50f2290 100644
--- a/composer.json
+++ b/composer.json
@@ -1,9 +1,14 @@
{
"name": "italia/spid-php2",
"require": {
- "onelogin/php-saml": "3.0.0.x-dev",
- "twig/twig": "^2.4",
- "symfony/yaml": "^4.1",
- "squizlabs/php_codesniffer": "*"
+ "onelogin/php-saml": "3.0.0.x-dev"
+ },
+ "require-dev": {
+ "squizlabs/php_codesniffer": "^3.3"
+ },
+ "autoload": {
+ "psr-4": {
+ "Italia\\Spid2\\": "src/"
+ }
}
-}
+}
\ No newline at end of file
diff --git a/composer.lock b/composer.lock
index 4a6f9a3..8d61fef 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "d0f2b5c5b2a0656dd94e55792b743bdf",
+ "content-hash": "0e934f11b83adea144b2a84c424aaf82",
"packages": [
{
"name": "onelogin/php-saml",
@@ -12,12 +12,12 @@
"source": {
"type": "git",
"url": "https://github.com/onelogin/php-saml.git",
- "reference": "c98647228e5260004fe6bc31158f322ea94c152c"
+ "reference": "e0c5827d7ccff72b6cf19f55420cad0e4eea5faf"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/onelogin/php-saml/zipball/c98647228e5260004fe6bc31158f322ea94c152c",
- "reference": "c98647228e5260004fe6bc31158f322ea94c152c",
+ "url": "https://api.github.com/repos/onelogin/php-saml/zipball/e0c5827d7ccff72b6cf19f55420cad0e4eea5faf",
+ "reference": "e0c5827d7ccff72b6cf19f55420cad0e4eea5faf",
"shasum": ""
},
"require": {
@@ -54,7 +54,7 @@
"onelogin",
"saml"
],
- "time": "2018-06-19T00:33:13+00:00"
+ "time": "2018-08-02T15:43:25+00:00"
},
{
"name": "robrichards/xmlseclibs",
@@ -95,19 +95,21 @@
"xmldsig"
],
"time": "2017-08-31T09:27:07+00:00"
- },
+ }
+ ],
+ "packages-dev": [
{
"name": "squizlabs/php_codesniffer",
- "version": "3.3.0",
+ "version": "3.3.1",
"source": {
"type": "git",
"url": "https://github.com/squizlabs/PHP_CodeSniffer.git",
- "reference": "d86873af43b4aa9d1f39a3601cc0cfcf02b25266"
+ "reference": "628a481780561150481a9ec74709092b9759b3ec"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/d86873af43b4aa9d1f39a3601cc0cfcf02b25266",
- "reference": "d86873af43b4aa9d1f39a3601cc0cfcf02b25266",
+ "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/628a481780561150481a9ec74709092b9759b3ec",
+ "reference": "628a481780561150481a9ec74709092b9759b3ec",
"shasum": ""
},
"require": {
@@ -145,249 +147,9 @@
"phpcs",
"standards"
],
- "time": "2018-06-06T23:58:19+00:00"
- },
- {
- "name": "symfony/polyfill-ctype",
- "version": "v1.8.0",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/polyfill-ctype.git",
- "reference": "7cc359f1b7b80fc25ed7796be7d96adc9b354bae"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/7cc359f1b7b80fc25ed7796be7d96adc9b354bae",
- "reference": "7cc359f1b7b80fc25ed7796be7d96adc9b354bae",
- "shasum": ""
- },
- "require": {
- "php": ">=5.3.3"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.8-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Polyfill\\Ctype\\": ""
- },
- "files": [
- "bootstrap.php"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- },
- {
- "name": "Gert de Pagter",
- "email": "BackEndTea@gmail.com"
- }
- ],
- "description": "Symfony polyfill for ctype functions",
- "homepage": "https://symfony.com",
- "keywords": [
- "compatibility",
- "ctype",
- "polyfill",
- "portable"
- ],
- "time": "2018-04-30T19:57:29+00:00"
- },
- {
- "name": "symfony/polyfill-mbstring",
- "version": "v1.8.0",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/polyfill-mbstring.git",
- "reference": "3296adf6a6454a050679cde90f95350ad604b171"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/3296adf6a6454a050679cde90f95350ad604b171",
- "reference": "3296adf6a6454a050679cde90f95350ad604b171",
- "shasum": ""
- },
- "require": {
- "php": ">=5.3.3"
- },
- "suggest": {
- "ext-mbstring": "For best performance"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.8-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Polyfill\\Mbstring\\": ""
- },
- "files": [
- "bootstrap.php"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Nicolas Grekas",
- "email": "p@tchwork.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony polyfill for the Mbstring extension",
- "homepage": "https://symfony.com",
- "keywords": [
- "compatibility",
- "mbstring",
- "polyfill",
- "portable",
- "shim"
- ],
- "time": "2018-04-26T10:06:28+00:00"
- },
- {
- "name": "symfony/yaml",
- "version": "v4.1.1",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/yaml.git",
- "reference": "80e4bfa9685fc4a09acc4a857ec16974a9cd944e"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/yaml/zipball/80e4bfa9685fc4a09acc4a857ec16974a9cd944e",
- "reference": "80e4bfa9685fc4a09acc4a857ec16974a9cd944e",
- "shasum": ""
- },
- "require": {
- "php": "^7.1.3",
- "symfony/polyfill-ctype": "~1.8"
- },
- "conflict": {
- "symfony/console": "<3.4"
- },
- "require-dev": {
- "symfony/console": "~3.4|~4.0"
- },
- "suggest": {
- "symfony/console": "For validating YAML files using the lint command"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "4.1-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Component\\Yaml\\": ""
- },
- "exclude-from-classmap": [
- "/Tests/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Fabien Potencier",
- "email": "fabien@symfony.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony Yaml Component",
- "homepage": "https://symfony.com",
- "time": "2018-05-30T07:26:09+00:00"
- },
- {
- "name": "twig/twig",
- "version": "v2.4.8",
- "source": {
- "type": "git",
- "url": "https://github.com/twigphp/Twig.git",
- "reference": "7b604c89da162034bdf4bb66310f358d313dd16d"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/twigphp/Twig/zipball/7b604c89da162034bdf4bb66310f358d313dd16d",
- "reference": "7b604c89da162034bdf4bb66310f358d313dd16d",
- "shasum": ""
- },
- "require": {
- "php": "^7.0",
- "symfony/polyfill-mbstring": "~1.0"
- },
- "require-dev": {
- "psr/container": "^1.0",
- "symfony/debug": "^2.7",
- "symfony/phpunit-bridge": "^3.3"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "2.4-dev"
- }
- },
- "autoload": {
- "psr-0": {
- "Twig_": "lib/"
- },
- "psr-4": {
- "Twig\\": "src/"
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Fabien Potencier",
- "email": "fabien@symfony.com",
- "homepage": "http://fabien.potencier.org",
- "role": "Lead Developer"
- },
- {
- "name": "Armin Ronacher",
- "email": "armin.ronacher@active-4.com",
- "role": "Project Founder"
- },
- {
- "name": "Twig Team",
- "homepage": "http://twig.sensiolabs.org/contributors",
- "role": "Contributors"
- }
- ],
- "description": "Twig, the flexible, fast, and secure template language for PHP",
- "homepage": "http://twig.sensiolabs.org",
- "keywords": [
- "templating"
- ],
- "time": "2018-04-02T09:24:19+00:00"
+ "time": "2018-07-26T23:47:18+00:00"
}
],
- "packages-dev": [],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": {
diff --git a/config.yaml.example b/config.yaml.example
deleted file mode 100644
index 2b9ce93..0000000
--- a/config.yaml.example
+++ /dev/null
@@ -1,12 +0,0 @@
----
-# SERVICE PROVIDER CONFIGURATION
-
-# SP base URL
-sp_base: "http://sp2.simevo.com"
-
-# SP key and certificate location
-sp_key_file: "sp.key"
-sp_cert_file: "sp.crt"
-
-# URL for IDP metadata
-idp_metadata_url: "https://idp.simevo.com/metadata"
diff --git a/example/acs.php b/example/acs.php
new file mode 100644
index 0000000..e10fc2d
--- /dev/null
+++ b/example/acs.php
@@ -0,0 +1,19 @@
+isAuthenticated()) {
+ $attributes = $sp->getAttributes();
+ echo "logged in !" . PHP_EOL;
+ foreach ($attributes as $key => $attribute) {
+ echo $key .": " . $attribute . "
";
+ }
+
+ echo '
Name | Values | '; - foreach ($attributes as $attributeName => $attributeValues) { - echo '
---|---|
' . htmlentities($attributeName) . ' |
|
You don't have any attribute
"; - } - - echo ''; -} else { - echo 'Login and access later to this page
'; -} diff --git a/www/index.php b/www/index.php deleted file mode 100644 index 4b1d796..0000000 --- a/www/index.php +++ /dev/null @@ -1,123 +0,0 @@ -login(); - - # If AuthNRequest ID need to be saved in order to later validate it, do instead - # $ssoBuiltUrl = $auth->login(null, array(), false, false, true); - # $_SESSION['AuthNRequestID'] = $auth->getLastRequestID(); - # header('Pragma: no-cache'); - # header('Cache-Control: no-cache, must-revalidate'); - # header('Location: ' . $ssoBuiltUrl); - # exit(); -} elseif (isset($_GET['sso2'])) { - $returnTo = $spBaseUrl . '/attrs.php'; - $auth->login($returnTo); -} elseif (isset($_GET['slo'])) { - $returnTo = null; - $parameters = array(); - $nameId = null; - $sessionIndex = null; - $nameIdFormat = null; - - if (isset($_SESSION['samlNameId'])) { - $nameId = $_SESSION['samlNameId']; - } - if (isset($_SESSION['samlSessionIndex'])) { - $sessionIndex = $_SESSION['samlSessionIndex']; - } - if (isset($_SESSION['samlNameIdFormat'])) { - $nameIdFormat = $_SESSION['samlNameIdFormat']; - } - - $auth->logout($returnTo, $parameters, $nameId, $sessionIndex, false, $nameIdFormat, 'aaa'); - - # If LogoutRequest ID need to be saved in order to later validate it, do instead - # $sloBuiltUrl = $auth->logout(null, $parameters, $nameId, $sessionIndex, true); - # $_SESSION['LogoutRequestID'] = $auth->getLastRequestID(); - # header('Pragma: no-cache'); - # header('Cache-Control: no-cache, must-revalidate'); - # header('Location: ' . $sloBuiltUrl); - # exit(); -} elseif (isset($_GET['acs'])) { - if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) { - $requestID = $_SESSION['AuthNRequestID']; - } else { - $requestID = null; - } - - $auth->processResponse($requestID); - - $errors = $auth->getErrors(); - - if (!empty($errors)) { - echo '' . implode(', ', $errors) . '
'; - } - - if (!$auth->isAuthenticated()) { - echo 'Not authenticated
'; - exit(); - } - - $_SESSION['samlUserdata'] = $auth->getAttributes(); - $_SESSION['samlNameId'] = $auth->getNameId(); - $_SESSION['samlNameIdFormat'] = $auth->getNameIdFormat(); - $_SESSION['samlSessionIndex'] = $auth->getSessionIndex(); - unset($_SESSION['AuthNRequestID']); - if (isset($_POST['RelayState']) && Utils::getSelfURL() != $_POST['RelayState']) { - $auth->redirectTo($_POST['RelayState']); - } -} elseif (isset($_GET['sls'])) { - if (isset($_SESSION) && isset($_SESSION['LogoutRequestID'])) { - $requestID = $_SESSION['LogoutRequestID']; - } else { - $requestID = null; - } - - $auth->processSLO(false, $requestID); - $errors = $auth->getErrors(); - if (empty($errors)) { - echo 'Sucessfully logged out
'; - } else { - echo '' . implode(', ', $errors) . '
'; - } -} - -if (isset($_SESSION['samlUserdata'])) { - if (!empty($_SESSION['samlUserdata'])) { - $attributes = $_SESSION['samlUserdata']; - echo 'You have the following attributes:Name | Values | '; - foreach ($attributes as $attributeName => $attributeValues) { - echo '
---|---|
' . htmlentities($attributeName) . ' |
|
You don't have any attribute
"; - } - - echo ''; -} else { - echo ''; - echo 'Login and access to attrs.php page
'; - echo ''; -} diff --git a/www/metadata.php b/www/metadata.php deleted file mode 100644 index 0500dee..0000000 --- a/www/metadata.php +++ /dev/null @@ -1,32 +0,0 @@ -getSettings(); - // Now we only validate SP settings - $settings = new Settings($settingsInfo, true); - $metadata = $settings->getSPMetadata(); - $errors = $settings->validateMetadata($metadata); - if (empty($errors)) { - header('Content-Type: text/xml'); - echo $metadata; - } else { - throw new Error( - 'Invalid SP metadata: '.implode(', ', $errors), - Error::METADATA_SP_INVALID - ); - } -} catch (Exception $e) { - echo $e->getMessage(); -} diff --git a/www2/attrs.php b/www2/attrs.php deleted file mode 100644 index 9905e61..0000000 --- a/www2/attrs.php +++ /dev/null @@ -1,25 +0,0 @@ -'; - echo 'Name | Values | '; - foreach ($attributes as $attributeName => $attributeValues) { - echo '
---|---|
' . htmlentities($attributeName) . ' |
|
You don't have any attribute
"; - } - - echo ''; -} else { - echo 'Login and access later to this page
'; -} diff --git a/www2/index.php b/www2/index.php deleted file mode 100644 index b87ad3a..0000000 --- a/www2/index.php +++ /dev/null @@ -1,119 +0,0 @@ -login(); - - # If AuthNRequest ID need to be saved in order to later validate it, do instead - # $ssoBuiltUrl = $auth->login(null, array(), false, false, true); - # $_SESSION['AuthNRequestID'] = $auth->getLastRequestID(); - # header('Pragma: no-cache'); - # header('Cache-Control: no-cache, must-revalidate'); - # header('Location: ' . $ssoBuiltUrl); - # exit(); -} elseif (isset($_GET['sso2'])) { - $returnTo = $spBaseUrl . '/attrs.php'; - $auth->login($returnTo); -} elseif (isset($_GET['slo'])) { - $returnTo = null; - $parameters = array(); - $nameId = null; - $sessionIndex = null; - $nameIdFormat = null; - - if (isset($_SESSION['samlNameId'])) { - $nameId = $_SESSION['samlNameId']; - } - if (isset($_SESSION['samlSessionIndex'])) { - $sessionIndex = $_SESSION['samlSessionIndex']; - } - if (isset($_SESSION['samlNameIdFormat'])) { - $nameIdFormat = $_SESSION['samlNameIdFormat']; - } - - $auth->logout($returnTo, $parameters, $nameId, $sessionIndex, false, $nameIdFormat); - - # If LogoutRequest ID need to be saved in order to later validate it, do instead - # $sloBuiltUrl = $auth->logout(null, $parameters, $nameId, $sessionIndex, true); - # $_SESSION['LogoutRequestID'] = $auth->getLastRequestID(); - # header('Pragma: no-cache'); - # header('Cache-Control: no-cache, must-revalidate'); - # header('Location: ' . $sloBuiltUrl); - # exit(); -} elseif (isset($_GET['acs'])) { - if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) { - $requestID = $_SESSION['AuthNRequestID']; - } else { - $requestID = null; - } - - $auth->processResponse($requestID); - - $errors = $auth->getErrors(); - - if (!empty($errors)) { - echo '' . implode(', ', $errors) . '
'; - } - - if (!$auth->isAuthenticated()) { - echo 'Not authenticated
'; - exit(); - } - - $_SESSION['samlUserdata'] = $auth->getAttributes(); - $_SESSION['samlNameId'] = $auth->getNameId(); - $_SESSION['samlNameIdFormat'] = $auth->getNameIdFormat(); - $_SESSION['samlSessionIndex'] = $auth->getSessionIndex(); - unset($_SESSION['AuthNRequestID']); - if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) { - $auth->redirectTo($_POST['RelayState']); - } -} elseif (isset($_GET['sls'])) { - if (isset($_SESSION) && isset($_SESSION['LogoutRequestID'])) { - $requestID = $_SESSION['LogoutRequestID']; - } else { - $requestID = null; - } - - $auth->processSLO(false, $requestID); - $errors = $auth->getErrors(); - if (empty($errors)) { - echo 'Sucessfully logged out
'; - } else { - echo '' . implode(', ', $errors) . '
'; - } -} - -if (isset($_SESSION['samlUserdata'])) { - if (!empty($_SESSION['samlUserdata'])) { - $attributes = $_SESSION['samlUserdata']; - echo 'You have the following attributes:Name | Values | '; - foreach ($attributes as $attributeName => $attributeValues) { - echo '
---|---|
' . htmlentities($attributeName) . ' |
|
You don't have any attribute
"; - } - - echo ''; -} else { - echo ''; - echo 'Login and access to attrs.php page
'; - echo ''; -} diff --git a/www2/metadata.php b/www2/metadata.php deleted file mode 100644 index 7f00b44..0000000 --- a/www2/metadata.php +++ /dev/null @@ -1,29 +0,0 @@ -getSettings(); - // Now we only validate SP settings - $settings = new OneLogin_Saml2_Settings($settingsInfo, true); - $metadata = $settings->getSPMetadata(); - $errors = $settings->validateMetadata($metadata); - if (empty($errors)) { - header('Content-Type: text/xml'); - echo $metadata; - } else { - throw new OneLogin_Saml2_Error( - 'Invalid SP metadata: '.implode(', ', $errors), - OneLogin_Saml2_Error::METADATA_SP_INVALID - ); - } -} catch (Exception $e) { - echo $e->getMessage(); -} diff --git a/xenc-schema.xsd b/xenc-schema.xsd deleted file mode 100644 index dd85887..0000000 --- a/xenc-schema.xsd +++ /dev/null @@ -1,145 +0,0 @@ - - - - - - ]> - -- This schema document describes the XML namespace, in a form - suitable for import by other schema documents. -
-- See - http://www.w3.org/XML/1998/namespace.html and - - http://www.w3.org/TR/REC-xml for information - about this namespace. -
-- Note that local names in this namespace are intended to be - defined only by the World Wide Web Consortium or its subgroups. - The names currently defined in this namespace are listed below. - They should not be used with conflicting semantics by any Working - Group, specification, or document instance. -
-- See further below in this document for more information about how to refer to this schema document from your own - XSD schema documents and about the - namespace-versioning policy governing this schema document. -
-- denotes an attribute whose value - is a language code for the natural language of the content of - any element; its value is inherited. This name is reserved - by virtue of its definition in the XML specification.
- -- Attempting to install the relevant ISO 2- and 3-letter - codes as the enumerated possible values is probably never - going to be a realistic possibility. -
-- See BCP 47 at - http://www.rfc-editor.org/rfc/bcp/bcp47.txt - and the IANA language subtag registry at - - http://www.iana.org/assignments/language-subtag-registry - for further information. -
-- The union allows for the 'un-declaration' of xml:lang with - the empty string. -
-- denotes an attribute whose - value is a keyword indicating what whitespace processing - discipline is intended for the content of the element; its - value is inherited. This name is reserved by virtue of its - definition in the XML specification.
- -- denotes an attribute whose value - provides a URI to be used as the base for interpreting any - relative URIs in the scope of the element on which it - appears; its value is inherited. This name is reserved - by virtue of its definition in the XML Base specification.
- -- See http://www.w3.org/TR/xmlbase/ - for information about this attribute. -
-- denotes an attribute whose value - should be interpreted as if declared to be of type ID. - This name is reserved by virtue of its definition in the - xml:id specification.
- -- See http://www.w3.org/TR/xml-id/ - for information about this attribute. -
-- denotes Jon Bosak, the chair of - the original XML Working Group. This name is reserved by - the following decision of the W3C XML Plenary and - XML Coordination groups: -
---- In appreciation for his vision, leadership and - dedication the W3C XML Plenary on this 10th day of - February, 2000, reserves for Jon Bosak in perpetuity - the XML name "xml:Father". -
-
- This schema defines attributes and an attribute group suitable
- for use by schemas wishing to allow xml:base
,
- xml:lang
, xml:space
or
- xml:id
attributes on elements they define.
-
- To enable this, such a schema must import this schema for - the XML namespace, e.g. as follows: -
-- <schema . . .> - . . . - <import namespace="http://www.w3.org/XML/1998/namespace" - schemaLocation="http://www.w3.org/2001/xml.xsd"/> --
- or -
-- <import namespace="http://www.w3.org/XML/1998/namespace" - schemaLocation="http://www.w3.org/2009/01/xml.xsd"/> --
- Subsequently, qualified reference to any of the attributes or the - group defined below will have the desired effect, e.g. -
-- <type . . .> - . . . - <attributeGroup ref="xml:specialAttrs"/> --
- will define a type which will schema-validate an instance element - with any of those attributes. -
-- In keeping with the XML Schema WG's standard versioning - policy, this schema document will persist at - - http://www.w3.org/2009/01/xml.xsd. -
-- At the date of issue it can also be found at - - http://www.w3.org/2001/xml.xsd. -
-- The schema document at that URI may however change in the future, - in order to remain compatible with the latest version of XML - Schema itself, or with the XML namespace itself. In other words, - if the XML Schema or XML namespaces change, the version of this - document at - http://www.w3.org/2001/xml.xsd - - will change accordingly; the version at - - http://www.w3.org/2009/01/xml.xsd - - will not change. -
-- Previous dated (and unchanging) versions of this schema - document are at: -
- -