X Tutup
Skip to content

Migrate metadata generation to new SAML2-library #1901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
tvdijen wants to merge 10 commits into
base: master
Choose a base branch
from
Draft

Migrate metadata generation to new SAML2-library #1901

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
e2fe5c4
Migrate metadata parsing and generation to new saml2-lib
tvdijen Nov 18, 2023
02cc67a
Remove unused metadata validator
tvdijen Nov 20, 2023
3254eb3
Cleanup
tvdijen Apr 2, 2024
c94edfc
Raise coverage
tvdijen Apr 28, 2024
7e66925
start to allow adfs metadata in the admin ui again (#2067)
monkeyiq Apr 29, 2024
ba35797
change adfs SSO from baseurl to prp endpoint (#2080)
monkeyiq May 7, 2024
71ad25d
MetaDataStorageHandler::getGenerated uses a hook to allow ADFS metada…
monkeyiq May 8, 2024
fa3d985
Bump libraries
tvdijen Oct 11, 2025
765dd79
Convert MetadataBuilder to xsd-types
tvdijen Oct 11, 2025
83eaa4f
Apply some fixes to SAMLParser (#2529)
cicnavi Oct 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,11 @@
"robrichards/xmlseclibs": "~3.1.3",
"simplesamlphp/assert": "^1.1",
"simplesamlphp/composer-module-installer": "~1.4.0",
"simplesamlphp/saml2": "^5.1.0-rc1",
"simplesamlphp/saml2": "~5.1.0-rc1",
"simplesamlphp/saml2-legacy": "~4.19.0",
"simplesamlphp/simplesamlphp-assets-base": "~2.5.2",
"simplesamlphp/xml-common": "^2.0.3",
"simplesamlphp/xml-security": "^2.0.3",
"simplesamlphp/xml-common": "~2.0.3",
"simplesamlphp/xml-security": "~2.0.3",
"symfony/cache": "~7.3.0",
"symfony/config": "~7.3.0",
"symfony/console": "~7.3.0",
Expand Down
10 changes: 5 additions & 5 deletions composer.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

61 changes: 23 additions & 38 deletions modules/admin/src/Controller/Federation.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
use SimpleSAML\Module;
use SimpleSAML\Module\adfs\IdP\ADFS as ADFS_IdP;
use SimpleSAML\Module\saml\IdP\SAML2 as SAML2_IdP;
use SimpleSAML\Module\saml\MetadataBuilder;
use SimpleSAML\SAML2\Constants as C;
use SimpleSAML\SAML2\Exception\ArrayValidationException;
use SimpleSAML\SAML2\XML\md\ContactPerson;
Expand Down Expand Up @@ -251,15 +252,15 @@ private function getHostedIdP(): array
sprintf('The entityID cannot be longer than %d characters.', C::SAML2INT_ENTITYID_MAX_LENGTH),
);

$builder = new SAMLBuilder($entity['entityid']);
$builder->addMetadataIdP20($entity['metadata_array']);
$builder->addOrganizationInfo($entity['metadata_array']);

$entity['metadata'] = Signer::sign(
$builder->getEntityDescriptorText(),
$entity['metadata_array'],
'SAML 2 IdP',
$builder = new MetadataBuilder(
$this->config,
Configuration::loadFromArray($entity['metadata_array']),
);
$document = $builder->buildDocument()->toXML();
$document->ownerDocument->formatOutput = true;
$document->ownerDocument->encoding = 'UTF-8';

$entity['metadata'] = $document->ownerDocument?->saveXML();
$entities[$index] = $entity;
}
} catch (Exception $e) {
Expand Down Expand Up @@ -297,26 +298,15 @@ private function getHostedIdP(): array
sprintf('The entityID cannot be longer than %d characters.', C::SAML2INT_ENTITYID_MAX_LENGTH),
);

$builder = new SAMLBuilder($entity['entityid']);
$builder->addSecurityTokenServiceType($entity['metadata_array']);
$builder->addOrganizationInfo($entity['metadata_array']);
if (isset($entity['metadata_array']['contacts'])) {
foreach ($entity['metadata_array']['contacts'] as $c) {
try {
$contact = ContactPerson::fromArray($c);
} catch (ArrayValidationException $e) {
Logger::warning('Federation: invalid content found in contact: ' . $e->getMessage());
continue;
}
$builder->addContact($contact);
}
}

$entity['metadata'] = Signer::sign(
$builder->getEntityDescriptorText(),
$entity['metadata_array'],
'ADFS IdP',
$builder = new MetadataBuilder(
$this->config,
Configuration::loadFromArray($entity['metadata_array']),
);
$document = $builder->buildDocument()->toXML();
$document->ownerDocument->formatOutput = true;
$document->ownerDocument->encoding = 'UTF-8';

$entity['metadata'] = $document->ownerDocument->saveXML();
$entities[$index] = $entity;
}
} catch (Exception $e) {
Expand Down Expand Up @@ -381,23 +371,18 @@ private function getHostedSP(): array
),
);

$builder = new SAMLBuilder($source->getEntityId());
$builder->addMetadataSP20($metadata, $source->getSupportedProtocols());
$builder->addOrganizationInfo($metadata);
$xml = $builder->getEntityDescriptorText(true);

// sanitize the resulting array
unset($metadata['metadata-set']);
unset($metadata['entityid']);
$builder = new MetadataBuilder(Configuration::getInstance(), Configuration::loadFromArray($metadata));
$entityDescriptor = $builder->buildDocument();
$document = $entityDescriptor->toXML();
$document->ownerDocument->formatOutput = true;
$document->ownerDocument->encoding = 'UTF-8';
$xml = $document->ownerDocument->saveXML();

// sanitize the attributes array to remove friendly names
if (isset($metadata['attributes']) && is_array($metadata['attributes'])) {
$metadata['attributes'] = array_values($metadata['attributes']);
}

// sign the metadata if enabled
$xml = Signer::sign($xml, $source->getMetadata()->toArray(), 'SAML 2 SP');

$entities[] = [
'authid' => $source->getAuthId(),
'entityid' => $source->getEntityId(),
Expand Down
14 changes: 6 additions & 8 deletions modules/saml/src/Controller/Metadata.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
use SimpleSAML\Metadata\MetaDataStorageHandler;
use SimpleSAML\Module;
use SimpleSAML\Module\saml\IdP\SAML2 as SAML2_IdP;
use SimpleSAML\Module\saml\MetadataBuilder;
use SimpleSAML\Utils;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
Expand Down Expand Up @@ -102,14 +103,11 @@ public function metadata(Request $request): Response
}
$metaArray = SAML2_IdP::getHostedMetadata($idpentityid, $this->mdHandler);

$metaBuilder = new SSPMetadata\SAMLBuilder($idpentityid);
$metaBuilder->addMetadataIdP20($metaArray);
$metaBuilder->addOrganizationInfo($metaArray);

$metaxml = $metaBuilder->getEntityDescriptorText();

// sign the metadata if enabled
$metaxml = SSPMetadata\Signer::sign($metaxml, $metaArray, 'SAML 2 IdP');
$builder = new MetadataBuilder($this->config, Configuration::loadFromArray($metaArray));
$document = $builder->buildDocument()->toXML();
$document->ownerDocument->formatOutput = true;
$document->ownerDocument->encoding = 'UTF-8';
$metaxml = $document->ownerDocument->saveXML();

$response = new Response();
$response->setEtag(hash('sha256', $metaxml));
Expand Down
11 changes: 7 additions & 4 deletions modules/saml/src/Controller/ServiceProvider.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
use SimpleSAML\Module\saml\Auth\Source\SP;
use SimpleSAML\SAML2\Assertion;
use SimpleSAML\SAML2\Binding;
use SimpleSAML\Module\saml\MetadataBuilder;
use SimpleSAML\SAML2\Constants as C;
use SimpleSAML\SAML2\Exception\Protocol\UnsupportedBindingException;
use SimpleSAML\SAML2\HTTPArtifact;
Expand Down Expand Up @@ -741,11 +742,13 @@ public function metadata(Request $request, string $sourceId): Response
$spconfig = $source->getMetadata();
$metaArray20 = $source->getHostedMetadata();

$metaBuilder = new Metadata\SAMLBuilder($entityId);
$metaBuilder->addMetadataSP20($metaArray20, $source->getSupportedProtocols());
$metaBuilder->addOrganizationInfo($metaArray20);
$builder = new MetadataBuilder($this->config, Configuration::loadFromArray($metaArray20));
$entityDescriptor = $builder->buildDocument();
$document = $entityDescriptor->toXML();
$document->ownerDocument->formatOutput = true;
$document->ownerDocument->encoding = 'UTF-8';

$xml = $metaBuilder->getEntityDescriptorText();
$xml = $document->ownerDocument->saveXML();

// sign the metadata if enabled
$metaxml = Metadata\Signer::sign($xml, $spconfig->toArray(), 'SAML 2 SP');
Expand Down
Loading
Loading
X Tutup