diff --git a/lib/Auth/Process/PersistentNameID.php b/lib/Auth/Process/PersistentNameID.php index 9952a88..26ae77e 100644 --- a/lib/Auth/Process/PersistentNameID.php +++ b/lib/Auth/Process/PersistentNameID.php @@ -1,103 +1,97 @@ format = SAML2_Const::NAMEID_PERSISTENT; - - if (!isset($config['attribute'])) { - throw new SimpleSAML_Error_Exception('PersistentNameID: Missing required option \'attribute\'.'); - } - $this->attribute = $config['attribute']; - } - - - /** - * Get the NameID value. - * - * @return string|NULL The NameID value. - */ - protected function getValue(array &$state) { - - if (!isset($state['Destination']['entityid'])) { - SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.'); - return NULL; - } - $spEntityId = $state['Destination']['entityid']; - - if (!isset($state['Source']['entityid'])) { - SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.'); - return NULL; - } - $idpEntityId = $state['Source']['entityid']; - - if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) { - SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.'); - return NULL; - } - if (count($state['Attributes'][$this->attribute]) > 1) { - SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.'); - return NULL; - } - $uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */ - $uid = $uid[0]; - - $secretSalt = SimpleSAML_Utilities::getSecretSalt(); - - $uidData = $spEntityId . '!' . $uid . '!' . $secretSalt; - #$uidData .= strlen($idpEntityId) . ':' . $idpEntityId; - #$uidData .= strlen($spEntityId) . ':' . $spEntityId; - #$uidData .= strlen($uid) . ':' . $uid; - #$uidData .= $secretSalt; - - $uid = base64_encode( hash ('sha1', $uidData, true ) ); - - //$uid = hash('sha1', $uidData); - - /* Convert the targeted ID to a SAML 2.0 name identifier element. */ - $nameId = array( - 'Format' => SAML2_Const::NAMEID_PERSISTENT, - 'Value' => $uid, - ); - - if (isset($state['Source']['entityid'])) { - $nameId['NameQualifier'] = $state['Source']['entityid']; - } - if (isset($state['Destination']['entityid'])) { - $nameId['SPNameQualifier'] = $state['Destination']['entityid']; - } - - $doc = new DOMDocument(); - $root = $doc->createElement('root'); - $doc->appendChild($root); - - SAML2_Utils::addNameId($root, $nameId); - $uid = $doc->saveXML($root->firstChild); - - $state['Attributes']['eduPersonTargetedID'] = array($uid); - } - +class sspmod_shib2idpnameid_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGenerator +{ + /** + * Which attribute contains the unique identifier of the user. + * + * @var string + */ + private $attribute; + + /** + * Initialize this filter, parse configuration. + * + * @param array $config Configuration information about this filter. + * @param mixed $reserved For future use. + */ + public function __construct($config, $reserved) + { + parent::__construct($config, $reserved); + assert('is_array($config)'); + + $this->format = SAML2_Const::NAMEID_PERSISTENT; + + if (!isset($config['attribute'])) { + throw new SimpleSAML_Error_Exception('PersistentNameID: Missing required option \'attribute\'.'); + } + $this->attribute = $config['attribute']; + } + + /** + * Get the NameID value. + * + * @return string|NULL The NameID value. + */ + protected function getValue(array &$state) + { + if (!isset($state['Destination']['entityid'])) { + SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.'); + + return; + } + $spEntityId = $state['Destination']['entityid']; + + if (!isset($state['Source']['entityid'])) { + SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.'); + + return; + } + $idpEntityId = $state['Source']['entityid']; + + if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) { + SimpleSAML_Logger::warning('Missing attribute '.var_export($this->attribute, true).' on user - not generating persistent NameID.'); + + return; + } + if (count($state['Attributes'][$this->attribute]) > 1) { + SimpleSAML_Logger::warning('More than one value in attribute '.var_export($this->attribute, true).' on user - not generating persistent NameID.'); + + return; + } + $uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */ + $uid = $uid[0]; + + $secretSalt = SimpleSAML_Utilities::getSecretSalt(); + + $uidData = $spEntityId.'!'.$uid.'!'.$secretSalt; + $uid = base64_encode(hash('sha1', $uidData, true)); + + // Convert the targeted ID to a SAML 2.0 name identifier element. + $nameId = array( + 'Format' => SAML2_Const::NAMEID_PERSISTENT, + 'Value' => $uid, + ); + + if (isset($state['Source']['entityid'])) { + $nameId['NameQualifier'] = $state['Source']['entityid']; + } + if (isset($state['Destination']['entityid'])) { + $nameId['SPNameQualifier'] = $state['Destination']['entityid']; + } + + $doc = new DOMDocument(); + $root = $doc->createElement('root'); + $doc->appendChild($root); + + SAML2_Utils::addNameId($root, $nameId); + $uid = $doc->saveXML($root->firstChild); + + $state['Attributes']['eduPersonTargetedID'] = array($uid); + } } diff --git a/lib/Auth/Process/PersistentNameID2TargetedID.php b/lib/Auth/Process/PersistentNameID2TargetedID.php index ac5929e..0fdb1c0 100644 --- a/lib/Auth/Process/PersistentNameID2TargetedID.php +++ b/lib/Auth/Process/PersistentNameID2TargetedID.php @@ -3,77 +3,75 @@ /** * Authproc filter to create the eduPersonTargetedID attribute from the persistent NameID. * - * @package simpleSAMLphp * @version $Id$ */ -class sspmod_saml_Auth_Process_PersistentNameID2TargetedID extends SimpleSAML_Auth_ProcessingFilter { +class sspmod_saml_Auth_Process_PersistentNameID2TargetedID extends SimpleSAML_Auth_ProcessingFilter +{ + /** + * The attribute we should save the NameID in. + * + * @var string + */ + private $attribute; - /** - * The attribute we should save the NameID in. - * - * @var string - */ - private $attribute; + /** + * Whether we should insert it as an saml:NameID element. + * + * @var bool + */ + private $nameId; + /** + * Initialize this filter, parse configuration. + * + * @param array $config Configuration information about this filter. + * @param mixed $reserved For future use. + */ + public function __construct($config, $reserved) + { + parent::__construct($config, $reserved); + assert('is_array($config)'); - /** - * Whether we should insert it as an saml:NameID element. - * - * @var boolean - */ - private $nameId; + if (isset($config['attribute'])) { + $this->attribute = (string) $config['attribute']; + } else { + $this->attribute = 'eduPersonTargetedID'; + } + if (isset($config['nameId'])) { + $this->nameId = (bool) $config['nameId']; + } else { + $this->nameId = true; + } + } - /** - * Initialize this filter, parse configuration. - * - * @param array $config Configuration information about this filter. - * @param mixed $reserved For future use. - */ - public function __construct($config, $reserved) { - parent::__construct($config, $reserved); - assert('is_array($config)'); + /** + * Store a NameID to attribute. + * + * @param array &$state The request state. + */ + public function process(&$state) + { + assert('is_array($state)'); - if (isset($config['attribute'])) { - $this->attribute = (string)$config['attribute']; - } else { - $this->attribute = 'eduPersonTargetedID'; - } + if (!isset($state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT])) { + SimpleSAML_Logger::warning('Unable to generate eduPersonTargetedID because no persistent NameID was available.'); - if (isset($config['nameId'])) { - $this->nameId = (bool)$config['nameId']; - } else { - $this->nameId = TRUE; - } - } + return; + } + $nameID = $state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT]; - /** - * Store a NameID to attribute. - * - * @param array &$state The request state. - */ - public function process(&$state) { - assert('is_array($state)'); - - if (!isset($state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT])) { - SimpleSAML_Logger::warning('Unable to generate eduPersonTargetedID because no persistent NameID was available.'); - return; - } - - $nameID = $state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT]; - - if ($this->nameId) { - $doc = new DOMDocument(); - $root = $doc->createElement('root'); - $doc->appendChild($root); - SAML2_Utils::addNameId($root, $nameID); - $value = $doc->saveXML($root->firstChild); - } else { - $value = $nameID['Value']; - } - - $state['Attributes'][$this->attribute] = array($value); - } + if ($this->nameId) { + $doc = new DOMDocument(); + $root = $doc->createElement('root'); + $doc->appendChild($root); + SAML2_Utils::addNameId($root, $nameID); + $value = $doc->saveXML($root->firstChild); + } else { + $value = $nameID['Value']; + } + $state['Attributes'][$this->attribute] = array($value); + } }