Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/user_saml.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--appinfo/app.php2
-rw-r--r--lib/Controller/SAMLController.php5
-rw-r--r--lib/SAMLSettings.php51
3 files changed, 35 insertions, 23 deletions
diff --git a/appinfo/app.php b/appinfo/app.php
index 1ec876a1..ecaca6b0 100644
--- a/appinfo/app.php
+++ b/appinfo/app.php
@@ -57,7 +57,7 @@ $type = '';
switch($config->getAppValue('user_saml', 'type')) {
case 'saml':
try {
- $oneLoginSettings = new \OneLogin_Saml2_Settings($samlSettings->getOneLoginSettingsArray());
+ $oneLoginSettings = new \OneLogin_Saml2_Settings($samlSettings->getOneLoginSettingsArray(1));
} catch (OneLogin_Saml2_Error $e) {
$returnScript = true;
}
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
index 6fc588da..ade38b53 100644
--- a/lib/Controller/SAMLController.php
+++ b/lib/Controller/SAMLController.php
@@ -149,14 +149,15 @@ class SAMLController extends Controller {
* @UseSession
* @OnlyUnauthenticatedUsers
*
+ * @param int $idp id of the idp
* @return Http\RedirectResponse
* @throws \Exception
*/
- public function login() {
+ public function login($idp) {
$type = $this->config->getAppValue($this->appName, 'type');
switch($type) {
case 'saml':
- $auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray());
+ $auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray($idp));
$ssoUrl = $auth->login(null, [], false, false, true);
$this->session->set('user_saml.AuthNRequestID', $auth->getLastRequestID());
$this->session->set('user_saml.OriginalUrl', $this->request->getParam('originalUrl', ''));
diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
index 84d21a65..0f97b634 100644
--- a/lib/SAMLSettings.php
+++ b/lib/SAMLSettings.php
@@ -76,26 +76,37 @@ class SAMLSettings {
return $setting === '1';
}
- public function getOneLoginSettingsArray() {
+ /**
+ * get config for given IDP
+ *
+ * @param int $idp
+ * @return array
+ */
+ public function getOneLoginSettingsArray($idp) {
+
+ $prefix = '';
+ if ($idp > 1) {
+ $prefix = $idp . '-';
+ }
$settings = [
'strict' => true,
'debug' => $this->config->getSystemValue('debug', false),
'baseurl' => $this->request->getServerProtocol() . '://' . $this->request->getServerHost(),
'security' => [
- 'nameIdEncrypted' => ($this->config->getAppValue('user_saml', 'security-nameIdEncrypted', '0') === '1') ? true : false,
- 'authnRequestsSigned' => ($this->config->getAppValue('user_saml', 'security-authnRequestsSigned', '0') === '1') ? true : false,
- 'logoutRequestSigned' => ($this->config->getAppValue('user_saml', 'security-logoutRequestSigned', '0') === '1') ? true : false,
- 'logoutResponseSigned' => ($this->config->getAppValue('user_saml', 'security-logoutResponseSigned', '0') === '1') ? true : false,
- 'signMetadata' => ($this->config->getAppValue('user_saml', 'security-signMetadata', '0') === '1') ? true : false,
- 'wantMessagesSigned' => ($this->config->getAppValue('user_saml', 'security-wantMessagesSigned', '0') === '1') ? true : false,
- 'wantAssertionsSigned' => ($this->config->getAppValue('user_saml', 'security-wantAssertionsSigned', '0') === '1') ? true : false,
- 'wantAssertionsEncrypted' => ($this->config->getAppValue('user_saml', 'security-wantAssertionsEncrypted', '0') === '1') ? true : false,
- 'wantNameId' => ($this->config->getAppValue('user_saml', 'security-wantNameId', '0') === '1') ? true : false,
- 'wantNameIdEncrypted' => ($this->config->getAppValue('user_saml', 'security-wantNameIdEncrypted', '0') === '1') ? true : false,
- 'wantXMLValidation' => ($this->config->getAppValue('user_saml', 'security-wantXMLValidation', '0') === '1') ? true : false,
+ 'nameIdEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-nameIdEncrypted', '0') === '1') ? true : false,
+ 'authnRequestsSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-authnRequestsSigned', '0') === '1') ? true : false,
+ 'logoutRequestSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-logoutRequestSigned', '0') === '1') ? true : false,
+ 'logoutResponseSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-logoutResponseSigned', '0') === '1') ? true : false,
+ 'signMetadata' => ($this->config->getAppValue('user_saml', $prefix . 'security-signMetadata', '0') === '1') ? true : false,
+ 'wantMessagesSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantMessagesSigned', '0') === '1') ? true : false,
+ 'wantAssertionsSigned' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantAssertionsSigned', '0') === '1') ? true : false,
+ 'wantAssertionsEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantAssertionsEncrypted', '0') === '1') ? true : false,
+ 'wantNameId' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantNameId', '0') === '1') ? true : false,
+ 'wantNameIdEncrypted' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantNameIdEncrypted', '0') === '1') ? true : false,
+ 'wantXMLValidation' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantXMLValidation', '0') === '1') ? true : false,
'requestedAuthnContext' => false,
- 'lowercaseUrlencoding' => ($this->config->getAppValue('user_saml', 'security-lowercaseUrlencoding', '0') === '1') ? true : false,
+ 'lowercaseUrlencoding' => ($this->config->getAppValue('user_saml', $prefix . 'security-lowercaseUrlencoding', '0') === '1') ? true : false,
],
'sp' => [
'entityId' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),
@@ -104,15 +115,15 @@ class SAMLSettings {
],
],
'idp' => [
- 'entityId' => $this->config->getAppValue('user_saml', 'idp-entityId', ''),
+ 'entityId' => $this->config->getAppValue('user_saml', $prefix . 'idp-entityId', ''),
'singleSignOnService' => [
- 'url' => $this->config->getAppValue('user_saml', 'idp-singleSignOnService.url', ''),
+ 'url' => $this->config->getAppValue('user_saml', $prefix . 'idp-singleSignOnService.url', ''),
],
],
];
- $spx509cert = $this->config->getAppValue('user_saml', 'sp-x509cert', '');
- $spxprivateKey = $this->config->getAppValue('user_saml', 'sp-privateKey', '');
+ $spx509cert = $this->config->getAppValue('user_saml', $prefix . 'sp-x509cert', '');
+ $spxprivateKey = $this->config->getAppValue('user_saml', $prefix . 'sp-privateKey', '');
if($spx509cert !== '') {
$settings['sp']['x509cert'] = $spx509cert;
}
@@ -120,15 +131,15 @@ class SAMLSettings {
$settings['sp']['privateKey'] = $spxprivateKey;
}
- $idpx509cert = $this->config->getAppValue('user_saml', 'idp-x509cert', '');
+ $idpx509cert = $this->config->getAppValue('user_saml', $prefix . 'idp-x509cert', '');
if($idpx509cert !== '') {
$settings['idp']['x509cert'] = $idpx509cert;
}
- $slo = $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', '');
+ $slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', '');
if($slo !== '') {
$settings['idp']['singleLogoutService'] = [
- 'url' => $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', ''),
+ 'url' => $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', ''),
];
$settings['sp']['singleLogoutService'] = [
'url' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.singleLogoutService'),
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 05:24:37 +0300