本文整理汇总了PHP中SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler方法的典型用法代码示例。如果您正苦于以下问题:PHP SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler方法的具体用法?PHP SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler怎么用?PHP SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SimpleSAML_Metadata_MetaDataStorageHandler
的用法示例。
在下文中一共展示了SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: actionSso
public function actionSso()
{
$metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
\sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
assert('FALSE');
}
示例2: actionSso
public function actionSso()
{
//logout previous sso session
\utilities\Registry::clearRegistry();
$isRequestPost = $this->_request->isPost();
if ($isRequestPost) {
// check if every required parameter is set or not
$username = $this->_request->getParam('username', null);
$password = $this->_request->getParam('password', null);
$referrer = $this->_request->getParam('spentityid', null);
if (!$username) {
$this->_response->renderJson(array('message' => 'Username is not set'));
}
if (!$password) {
$this->_response->renderJson(array('message' => 'Password is not set'));
}
if (!$referrer) {
$this->_response->renderJson(array('message' => 'Referrer not set'));
}
$objDbUserauth = new \models\Users();
// check if user is authenticated or not
$userAuthenticationStatus = $objDbUserauth->authenticate($username, $password);
// user locked due to 5 invalid attempts
if (\models\Users::ERROR_USER_LOCKED === $userAuthenticationStatus) {
$this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => $userAuthenticationStatus));
}
//user password is expired
if (\models\Users::ERROR_USER_PWD_EXPIRED === $userAuthenticationStatus) {
$this->_response->renderJson(array('message' => 'Your password is expired', 'authstatus' => $userAuthenticationStatus));
}
//user authentication is successfull
if ($userAuthenticationStatus === true) {
$metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
\sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
assert('FALSE');
} else {
//handle invalid attempts
$objInvalidAttempts = new \models\UserLoginAttempts();
$loginAttemptsLeft = $objInvalidAttempts->handleInvalidLoginAttempts($username);
$invalidAttempt = false;
// if attempt is invalid username is wrong
$message = "Invalid credentials";
if ($loginAttemptsLeft !== false) {
// if last attempt was hit then show that account is locked
if ($loginAttemptsLeft === 0) {
$this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => \models\Users::ERROR_USER_LOCKED));
}
$invalidAttempt = true;
$message = "Incorrect Password.You have {$loginAttemptsLeft} attempts left";
}
$this->_response->renderJson(array('message' => $message, 'invalidAttempt' => $invalidAttempt));
exit;
}
}
$this->_response->renderJson(array('message' => 'Only post request are accepted'));
}
示例3: createRedirect
public function createRedirect($destination, $shire)
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpmetadata = $metadata->getMetaDataConfig($destination, 'shib13-idp-remote');
$desturl = $idpmetadata->getDefaultEndpoint('SingleSignOnService', array('urn:mace:shibboleth:1.0:profiles:AuthnRequest'));
$desturl = $desturl['Location'];
$target = $this->getRelayState();
$url = $desturl . '?' . 'providerId=' . urlencode($this->getIssuer()) . '&shire=' . urlencode($shire) . (isset($target) ? '&target=' . urlencode($target) : '');
return $url;
}
示例4: receive
/**
* Receive a SAML 2 message sent using the HTTP-Artifact binding.
*
* Throws an exception if it is unable receive the message.
*
* @return SAML2_Message The received message.
* @throws Exception
*/
public function receive()
{
if (array_key_exists('SAMLart', $_REQUEST)) {
$artifact = base64_decode($_REQUEST['SAMLart']);
$endpointIndex = bin2hex(substr($artifact, 2, 2));
$sourceId = bin2hex(substr($artifact, 4, 20));
} else {
throw new Exception('Missing SAMLArt parameter.');
}
$metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $metadataHandler->getMetaDataConfigForSha1($sourceId, 'saml20-idp-remote');
if ($idpMetadata === NULL) {
throw new Exception('No metadata found for remote provider with SHA1 ID: ' . var_export($sourceId, TRUE));
}
$endpoint = NULL;
foreach ($idpMetadata->getEndpoints('ArtifactResolutionService') as $ep) {
if ($ep['index'] === hexdec($endpointIndex)) {
$endpoint = $ep;
break;
}
}
if ($endpoint === NULL) {
throw new Exception('No ArtifactResolutionService with the correct index.');
}
SAML2_Utils::getContainer()->getLogger()->debug("ArtifactResolutionService endpoint being used is := " . $endpoint['Location']);
//Construct the ArtifactResolve Request
$ar = new SAML2_ArtifactResolve();
/* Set the request attributes */
$ar->setIssuer($this->spMetadata->getString('entityid'));
$ar->setArtifact($_REQUEST['SAMLart']);
$ar->setDestination($endpoint['Location']);
require_once realpath(__DIR__ . '/../../../simplesamlphp/modules/saml/lib/Message.php');
/* Sign the request */
sspmod_saml_Message::addSign($this->spMetadata, $idpMetadata, $ar);
// Shoaib - moved from the SOAPClient.
$soap = new SAML2_SOAPClient();
// Send message through SoapClient
/** @var SAML2_ArtifactResponse $artifactResponse */
$artifactResponse = $soap->send($ar, $this->spMetadata);
if (!$artifactResponse->isSuccess()) {
return false;
}
$xml = $artifactResponse->getAny();
if ($xml === NULL) {
/* Empty ArtifactResponse - possibly because of Artifact replay? */
return NULL;
}
$samlResponse = SAML2_Message::fromXML($xml);
$samlResponse->addValidator(array(get_class($this), 'validateSignature'), $artifactResponse);
if (isset($_REQUEST['RelayState'])) {
$samlResponse->setRelayState($_REQUEST['RelayState']);
}
return $samlResponse;
}
示例5: getPresentation
public function getPresentation()
{
$mh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$metadata = $mh->getList($this->config);
$translation = array('_' => 'All services');
foreach ($this->fields as $field) {
if (array_key_exists($field, $metadata)) {
if (array_key_exists('name', $metadata[$field])) {
$translation[$field] = $this->template->t($metadata[$field]['name'], array(), FALSE);
}
}
}
return $translation;
}
示例6: createRedirect
public function createRedirect($destination, $shire = NULL)
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpmetadata = $metadata->getMetaData($destination, 'shib13-idp-remote');
if ($shire === NULL) {
$shire = $metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted');
}
if (!isset($idpmetadata['SingleSignOnService'])) {
throw new Exception('Could not find the SingleSignOnService parameter in the Shib 1.3 IdP Remote metadata. This parameter has changed name from an earlier version of simpleSAMLphp, when it was called SingleSignOnUrl. Please check your shib13-sp-remote.php configuration the IdP with entity id ' . $destination . ' and make sure the SingleSignOnService parameter is set.');
}
$desturl = $idpmetadata['SingleSignOnService'];
$target = $this->getRelayState();
$url = $desturl . '?' . 'providerId=' . urlencode($this->getIssuer()) . '&shire=' . urlencode($shire) . (isset($target) ? '&target=' . urlencode($target) : '');
return $url;
}
示例7: receiveAuthnRequest
/**
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int) $_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
\SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL());
}
}
if (!isset($_REQUEST['providerId'])) {
throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');
}
$spEntityId = (string) $_REQUEST['providerId'];
if (!isset($_REQUEST['shire'])) {
throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');
}
$shire = (string) $_REQUEST['shire'];
if (isset($_REQUEST['target'])) {
$target = $_REQUEST['target'];
} else {
$target = NULL;
}
SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.');
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
$found = FALSE;
foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {
continue;
}
if ($ep['Location'] !== $shire) {
continue;
}
$found = TRUE;
break;
}
if (!$found) {
throw new Exception('Invalid AssertionConsumerService for SP ' . var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));
}
SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'protocol' => 'saml1'));
$sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(\SimpleSAML\Utils\HTTP::getSelfURL(), array('cookieTime' => time()));
$state = array('Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'), 'SPMetadata' => $spMetadata->toArray(), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'saml:shire' => $shire, 'saml:target' => $target, 'saml:AuthnRequestReceivedAt' => microtime(TRUE));
$idp->handleAuthenticationRequest($state);
}
示例8: __construct
/**
* Initializes this discovery service.
*
* The constructor does the parsing of the request. If this is an invalid request, it will
* throw an exception.
*
* @param array $metadataSets Array with metadata sets we find remote entities in.
* @param string $instance The name of this instance of the discovery service.
*/
public function __construct(array $metadataSets, $instance)
{
assert('is_string($instance)');
/* Initialize standard classes. */
$this->config = SimpleSAML_Configuration::getInstance();
$this->metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$this->session = SimpleSAML_Session::getSessionFromRequest();
$this->instance = $instance;
$this->metadataSets = $metadataSets;
$this->log('Accessing discovery service.');
/* Standard discovery service parameters. */
if (!array_key_exists('entityID', $_GET)) {
throw new Exception('Missing parameter: entityID');
} else {
$this->spEntityId = $_GET['entityID'];
}
if (!array_key_exists('returnIDParam', $_GET)) {
$this->returnIdParam = 'entityID';
} else {
$this->returnIdParam = $_GET['returnIDParam'];
}
$this->log('returnIdParam initially set to [' . $this->returnIdParam . ']');
if (!array_key_exists('return', $_GET)) {
throw new Exception('Missing parameter: return');
} else {
$this->returnURL = SimpleSAML_Utilities::checkURLAllowed($_GET['return']);
}
$this->isPassive = FALSE;
if (array_key_exists('isPassive', $_GET)) {
if ($_GET['isPassive'] === 'true') {
$this->isPassive = TRUE;
}
}
$this->log('isPassive initially set to [' . ($this->isPassive ? 'TRUE' : 'FALSE') . ']');
if (array_key_exists('IdPentityID', $_GET)) {
$this->setIdPentityID = $_GET['IdPentityID'];
} else {
$this->setIdPentityID = NULL;
}
if (array_key_exists('IDPList', $_REQUEST)) {
$this->scopedIDPList = $_REQUEST['IDPList'];
}
}
示例9: process
/**
* Process a authentication response
*
* This function saves the state, and redirects the user to the page where
* the user can log in with their second factor.
*
* @param array &$state The state of the response.
*
* @return void
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Destination", $state)');
assert('array_key_exists("entityid", $state["Destination"])');
assert('array_key_exists("metadata-set", $state["Destination"])');
assert('array_key_exists("Source", $state)');
assert('array_key_exists("entityid", $state["Source"])');
assert('array_key_exists("metadata-set", $state["Source"])');
$spEntityId = $state['Destination']['entityid'];
$idpEntityId = $state['Source']['entityid'];
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/**
* If the Duo Security module is active on a bridge $state['saml:sp:IdP']
* will contain an entry id for the remote IdP. If not, then
* it is active on a local IdP and nothing needs to be
* done.
*/
if (isset($state['saml:sp:IdP'])) {
$idpEntityId = $state['saml:sp:IdP'];
$idpmeta = $metadata->getMetaData($idpEntityId, 'saml20-idp-remote');
$state['Source'] = $idpmeta;
}
if (isset($state['duo_complete'])) {
return;
}
// Set Keys for Duo SDK
$state['duosecurity:akey'] = $this->_akey;
$state['duosecurity:ikey'] = $this->_ikey;
$state['duosecurity:skey'] = $this->_skey;
$state['duosecurity:host'] = $this->_host;
$state['duosecurity:authSources'] = $this->_authSources;
$state['duosecurity:usernameAttribute'] = $this->_usernameAttribute;
// User interaction nessesary. Throw exception on isPassive request
if (isset($state['isPassive']) && $state['isPassive'] == true) {
throw new SimpleSAML_Error_NoPassive('Unable to login with passive request.');
}
// Save state and redirect
$id = SimpleSAML_Auth_State::saveState($state, 'duosecurity:request');
$url = SimpleSAML_Module::getModuleURL('duosecurity/getduo.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
}
示例10: configure
public function configure()
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$entitylist = $metadata->getList('saml20-sp-remote');
foreach ($entitylist as $key => $value) {
$spidlist[$key] = $key;
}
$i18n = sfContext::getInstance()->getI18N();
$this->widgetSchema['description'] = new sfWidgetFormTextarea();
$this->widgetSchema['entityId'] = new sfWidgetFormChoice(array('choices' => $spidlist));
$this->widgetSchema->setLabel('description', $i18n->__('Service description'));
$this->widgetSchema->setLabel('url', $i18n->__('Service homepage'));
$this->widgetSchema->setLabel('entityId', $i18n->__('SAML SP entity id'));
$this->widgetSchema->setLabel('name', $i18n->__('Service name'));
//$this->widgetSchema->setLabel('type', $i18n->__('Registration type'));
unset($this['type']);
unset($this['organization_list']);
unset($this['principal_id']);
unset($this['created_at']);
unset($this['updated_at']);
unset($this['token']);
}
示例11: executeProcessValidateForm
public function executeProcessValidateForm(sfWebRequest $request)
{
$i18n = sfContext::getInstance()->getI18N();
$formarray = $request->getParameter('token');
$s_id = $formarray['s_id'];
$s = Doctrine::getTable('Service')->find($s_id);
$s_entityId = $s->getEntityId();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$entity = $metadata->getMetaData($s_entityId, 'saml20-sp-remote');
$form = new SendTokenToSPOwnerForm(array('s_id' => $s_id, 'entity' => $entity));
$form->bind($request->getParameter($form->getName()));
if (!$form->isValid()) {
$this->getUser()->setFlash('notice', $i18n->__('Could not send the invitation, please check the e-mail address and try again!'));
$this->redirect("show/index?id=" . $s_id);
}
$emails = $form->getValue('email');
$s_id = $form->getValue('s_id');
$m = $form->getValue('message');
$s = Doctrine::getTable('Service')->find($s_id);
$this->checkIsMy($s);
/* Set the token to Service */
$token = uniqid();
$s->setToken($token);
$s->save();
/* Send validating emails */
$params = array("s" => $s, "p" => $this->getUser()->getPrincipal(), "m" => $m);
$email_params = array("to" => $emails, "subject" => $i18n->__('Validating code to %service% service.', array("%service%" => $s)), "bodyhtml" => $this->getPartial('service/validatingHtml', $params));
$this->sendEmail($email_params);
/* Set the notice to user */
$this->getUser()->setFlash('notice', $i18n->__('The validation code is sent, please check your e-mails!'));
$this->redirect("show/index?id=" . $s_id);
}
示例12: getIdPMetadata
/**
* Retrieve the metadata of an IdP.
*
* @param string $entityId The entity id of the IdP.
* @return SimpleSAML_Configuration The metadata of the IdP.
*/
public function getIdPMetadata($entityId)
{
assert('is_string($entityId)');
if ($this->idp !== NULL && $this->idp !== $entityId) {
throw new SimpleSAML_Error_Exception('Cannot retrieve metadata for IdP ' . var_export($entityId, TRUE) . ' because it isn\'t a valid IdP for this SP.');
}
$metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/* First, look in saml20-idp-remote. */
try {
return $metadataHandler->getMetaDataConfig($entityId, 'saml20-idp-remote');
} catch (Exception $e) {
/* Metadata wasn't found. */
}
/* Not found in saml20-idp-remote, look in shib13-idp-remote. */
try {
return $metadataHandler->getMetaDataConfig($entityId, 'shib13-idp-remote');
} catch (Exception $e) {
/* Metadata wasn't found. */
}
/* Not found. */
throw new SimpleSAML_Error_Exception('Could not find the metadata of an IdP with entity ID ' . var_export($entityId, TRUE));
}
示例13: generateUserIdentifier
/**
* This function is used to generate a non-revesible unique identifier for a user.
* The identifier should be persistent (unchanging) for a given SP-IdP federation.
* The identifier can be shared between several different SPs connected to the same IdP, or it
* can be unique for each SP.
*
* @param $idpEntityId The entity id of the IdP.
* @param $spEntityId The entity id of the SP.
* @param $attributes The attributes of the user.
* @return A non-reversible unique identifier for the user.
*/
public static function generateUserIdentifier($idpEntityId, $spEntityId, $attributes)
{
$metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $metadataHandler->getMetaData($idpEntityId, 'saml20-idp-hosted');
$spMetadata = $metadataHandler->getMetaData($spEntityId, 'saml20-sp-remote');
if (array_key_exists('userid.attribute', $spMetadata)) {
$attributeName = $spMetadata['userid.attribute'];
} elseif (array_key_exists('userid.attribute', $idpMetadata)) {
$attributeName = $idpMetadata['userid.attribute'];
} else {
$attributeName = 'eduPersonPrincipalName';
}
if (!array_key_exists($attributeName, $attributes)) {
throw new Exception('Missing attribute "' . $attributeName . '" for user. Cannot' . ' generate user id.');
}
$attributeValue = $attributes[$attributeName];
if (count($attributeValue) !== 1) {
throw new Exception('Attribute "' . $attributeName . '" for user did not contain exactly' . ' one value. Cannot generate user id.');
}
$attributeValue = $attributeValue[0];
if (empty($attributeValue)) {
throw new Exception('Attribute "' . $attributeName . '" for user was empty. Cannot' . ' generate user id.');
}
$secretSalt = SimpleSAML_Configuration::getInstance()->getValue('secretsalt');
if (empty($secretSalt)) {
throw new Exception('The "secretsalt" configuration option must be set before user' . ' ids can be generated.');
}
if ($secretSalt === 'defaultsecretsalt') {
throw new Exception('The "secretsalt" configuration option must be set to a secret' . ' value.');
}
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
$uidData .= strlen($spEntityId) . ':' . $spEntityId;
$uidData .= strlen($attributeValue) . ':' . $attributeValue;
$uidData .= $secretSalt;
$userid = hash('sha1', $uidData);
return $userid;
}
示例14: array
<?php
require_once '../../www/_include.php';
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
$ldapconfigfile = $config->getBaseDir() . 'config/ldapmulti.php';
require_once $ldapconfigfile;
SimpleSAML_Logger::info('AUTH - ldap-multi: Accessing auth endpoint login-ldapmulti');
if (empty($session)) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOSESSION');
}
$error = null;
$attributes = array();
/* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
if (isset($_POST['username'])) {
try {
$ldapconfig = $ldapmulti[$_POST['org']];
if ($ldapconfig['search.enable'] === TRUE) {
if (!$ldap->bind($ldapconfig['search.username'], $ldapconfig['search.password'])) {
throw new Exception('Error authenticating using search username & password.');
}
$dn = $ldap->searchfordn($ldapconfig['search.base'], $ldapconfig['search.attributes'], $_POST['username']);
} else {
$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern']);
}
示例15: getSPName
/**
* Get SP name.
*
* @param string $assocId The association identifier.
* @return array|NULL The name of the SP, as an associative array of language=>text, or NULL if this isn't an SP.
*/
public function getSPName($assocId)
{
assert('is_string($assocId)');
$prefix = substr($assocId, 0, 4);
$spEntityId = substr($assocId, strlen($prefix) + 1);
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
if ($prefix === 'saml') {
try {
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
} catch (Exception $e) {
try {
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
} catch (Exception $e) {
return NULL;
}
}
} else {
if ($prefix === 'adfs') {
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'adfs-sp-remote');
} else {
return NULL;
}
}
if ($spMetadata->hasValue('name')) {
return $spMetadata->getLocalizedString('name');
} elseif ($spMetadata->hasValue('OrganizationDisplayName')) {
return $spMetadata->getLocalizedString('OrganizationDisplayName');
} else {
return array('en' => $spEntityId);
}
}