-
Notifications
You must be signed in to change notification settings - Fork 133
/
authsources.php
110 lines (96 loc) · 3.81 KB
/
authsources.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* SSP auth sources which inherits from Moodle config
*
* @package auth_saml2
* @copyright Brendan Heywood <brendan@catalyst-au.net>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
use auth_saml2\ssl_signing_algorithm;
defined('MOODLE_INTERNAL') || die();
global $saml2auth, $CFG, $SITE, $SESSION;
$config = [];
$baseurl = optional_param('baseurl', $CFG->wwwroot, PARAM_URL);
if (!empty($SESSION->saml2idp) && array_key_exists($SESSION->saml2idp, $saml2auth->metadataentities)) {
$idpentityid = $saml2auth->metadataentities[$SESSION->saml2idp]->entityid;
} else {
// Case for specifying no $SESSION IdP, select the first configured IdP as the default.
$idpentityid = reset($saml2auth->metadataentities)->entityid;
}
$defaultspentityid = "$baseurl/auth/saml2/sp/metadata.php";
// Process requested attributes.
$attributes = [];
$attributesrequired = [];
foreach (explode(PHP_EOL, $saml2auth->config->requestedattributes) as $attr) {
$attr = trim($attr);
if (empty($attr)) {
continue;
}
if (substr($attr, -2, 2) === ' *') {
$attr = substr($attr, 0, -2);
$attributesrequired[] = $attr;
}
$attributes[] = $attr;
}
// Moodle language code does not always map to the iso code, which is preferable for xml:lang attributes.
$lang = get_string('iso6391', 'core_langconfig');
$config[$saml2auth->spname] = [
'saml:SP',
'entityID' => !empty($saml2auth->config->spentityid) ? $saml2auth->config->spentityid : $defaultspentityid,
'discoURL' => !empty($CFG->auth_saml2_disco_url) ? $CFG->auth_saml2_disco_url : null,
'idp' => empty($CFG->auth_saml2_disco_url) ? $idpentityid : null,
'NameIDPolicy' => ['Format' => $saml2auth->config->nameidpolicy, 'AllowCreate' => true],
'OrganizationName' => array(
$lang => $SITE->shortname,
),
'OrganizationDisplayName' => array(
$lang => $SITE->fullname,
),
'OrganizationURL' => array(
$lang => $baseurl,
),
'privatekey' => $saml2auth->spname . '.pem',
'privatekey_pass' => get_config('auth_saml2', 'privatekeypass'),
'certificate' => $saml2auth->spname . '.crt',
'sign.logout' => true,
'redirect.sign' => true,
'signature.algorithm' => $saml2auth->config->signaturealgorithm,
'WantAssertionsSigned' => $saml2auth->config->wantassertionssigned == 1,
'name' => [
$lang => $SITE->fullname,
],
'attributes' => $attributes,
'attributes.required' => $attributesrequired,
];
if (!empty($saml2auth->config->assertionsconsumerservices)) {
$config[$saml2auth->spname]['acs.Bindings'] = explode(',', $saml2auth->config->assertionsconsumerservices);
}
if (!empty($saml2auth->config->authncontext)) {
$config[$saml2auth->spname]['AuthnContextClassRef'] = $saml2auth->config->authncontext;
}
/*
* If we're configured to expose the nameid as an attribute, set this authproc filter up
* the nameid value appears under the attribute "nameid"
*/
if ($saml2auth->config->nameidasattrib) {
$config[$saml2auth->spname]['authproc'] = array(
20 => array(
'class' => 'saml:NameIDAttribute',
'format' => '%V',
),
);
}