diff options
| author | Andreas Åkre Solberg <andreas.solberg@uninett.no> | 2009-01-27 13:57:52 +0000 |
|---|---|---|
| committer | Andreas Åkre Solberg <andreas.solberg@uninett.no> | 2009-01-27 13:57:52 +0000 |
| commit | 1694905be213d49d161ff42a571fa35dbc69b716 (patch) | |
| tree | a6417636615bff1671b0b8640a4bcf90f890c3d1 | |
| parent | 6128084e69e7177644d665f4c205bff90248c075 (diff) | |
| download | simplesamlphp-1694905be213d49d161ff42a571fa35dbc69b716.zip simplesamlphp-1694905be213d49d161ff42a571fa35dbc69b716.tar.gz simplesamlphp-1694905be213d49d161ff42a571fa35dbc69b716.tar.bz2 | |
Scope parsing in metadata for SAML 2.0 IdPs
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1206 44740490-163a-0410-bde0-09ae8108e29a
| -rw-r--r-- | lib/SimpleSAML/Metadata/SAMLParser.php | 16 | ||||
| -rw-r--r-- | modules/metarefresh/lib/MetaLoader.php | 5 |
2 files changed, 17 insertions, 4 deletions
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php index bb70d93..24a15d1 100644 --- a/lib/SimpleSAML/Metadata/SAMLParser.php +++ b/lib/SimpleSAML/Metadata/SAMLParser.php @@ -681,7 +681,10 @@ class SimpleSAML_Metadata_SAMLParser { if (array_key_exists('expire', $idp)) { $ret['expire'] = $idp['expire']; } - + + if (array_key_exists('scopes', $idp)) + $ret['scopes'] = $idp['scopes']; + /* Enable redirect.sign if WantAuthnRequestsSigned is enabled. */ if ($idp['wantAuthnRequestsSigned']) { @@ -769,6 +772,7 @@ class SimpleSAML_Metadata_SAMLParser { } $sd['protocols'] = self::getSupportedProtocols($element); + /* Find all SingleLogoutService elements. */ $sd['singleLogoutServices'] = array(); @@ -836,6 +840,13 @@ class SimpleSAML_Metadata_SAMLParser { assert('is_null($expireTime) || is_int($expireTime)'); $idp = self::parseSSODescriptor($element, $expireTime); + + $extensions = SimpleSAML_Utilities::getDOMChildren($element, 'Extensions', '@md'); + if (!empty($extensions)) + $this->processExtensions($extensions[0]); + + if (!empty($this->scopes)) $idp['scopes'] = $this->scopes; + /* Find all SingleSignOnService elements. */ $idp['singleSignOnServices'] = array(); @@ -861,7 +872,8 @@ class SimpleSAML_Metadata_SAMLParser { */ private function processExtensions($element) { assert('$element instanceof DOMElement'); - + + for($i = 0; $i < $element->childNodes->length; $i++) { $child = $element->childNodes->item($i); diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php index 272d109..6a189ff 100644 --- a/modules/metarefresh/lib/MetaLoader.php +++ b/modules/metarefresh/lib/MetaLoader.php @@ -33,15 +33,16 @@ class sspmod_metarefresh_MetaLoader { public function loadSource($source) { $entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile($source['src']); - + $ca = NULL; foreach($entities as $entity) { - if($source['validateFingerprint'] !== NULL) { + if(array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== NULL) { if(!$entity->validateFingerprint($source['validateFingerprint'])) { SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n"); continue; } } + // TODO: $ca is always null if($ca !== NULL) { if(!$entity->validateCA($ca)) { SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify certificate.' . "\n"); |