"", "technicalcontact_email" => "", "auth.adminpassword" => "", ); $certreqdetails = array( "countryName", "stateOrProvinceName", "localityName", "organizationName", "organizationalUnitName", "commonName", "emailAddress" ); // set up array to store current and new config $spconfig = array(); // Get current values from config if (isset($simplesamlconfig["config"])) { foreach ($simplesamlconfig["config"] as $configopt => $configvalue) { $saml_settings[$configopt] = $configopt; } } $saml_live_sp_name = get_saml_sp_name(); // Get SP certificate config $curcertpath = ""; $curkeypath = ""; $curidp = ""; if (isset($simplesamlconfig['authsources'][$saml_live_sp_name])) { $curcertpath = isset($simplesamlconfig['authsources'][$saml_live_sp_name]["certificate"]) ? $simplesamlconfig['authsources'][$saml_live_sp_name]["certificate"] : ""; $curkeypath = isset($simplesamlconfig['authsources'][$saml_live_sp_name]["privatekey"]) ? $simplesamlconfig['authsources'][$saml_live_sp_name]["privatekey"] : ""; $curidp = $simplesamlconfig['authsources'][$saml_live_sp_name]["idp"]; } $certpath = getval("cert_path", $curcertpath); $keypath = getval("key_path", $curkeypath); $samlidp = getval("samlidp", $curidp); $error_text = ""; // Set up array to render all values foreach ($saml_settings as $saml_setting => $configvalue) { $curvalue = isset($simplesamlconfig["config"][$saml_setting]) ? $simplesamlconfig["config"][$saml_setting] : ""; $samlvalue = getval(str_replace(".", "_", $saml_setting), $curvalue); // PHP converts '.' to '_' in POST debug("saml_generate_config " . $saml_setting . "=" . print_r($samlvalue, true)); if ($saml_setting == "auth.adminpassword" && trim($samlvalue) == "") { $samlvalue = generateSecureKey(12); } $simplesamlconfig["config"][$saml_setting] = $samlvalue; if ( (isset($simplesaml_config_defaults[$saml_setting]) && $samlvalue == $simplesaml_config_defaults[$saml_setting]) || $saml_setting == "metadatadir" || is_array($samlvalue) ) { // Don't need to add defaults or metadatadir to config continue; } $configval = $samlvalue; if ($saml_setting == "auth.adminpassword") { // Hash value for use in config require_once simplesaml_get_lib_path() . '/lib/_autoload.php'; $hasher = new Symfony\Component\PasswordHasher\Hasher\NativePasswordHasher( 4, // time cost 65536, // memory cost null, // cost PASSWORD_ARGON2ID, ); $configval = $hasher->hash(trim($samlvalue)); } $spconfig[$saml_setting] = "\$simplesamlconfig[\"config\"][\"" . $saml_setting . "\"] = '" . escape($configval) . "';"; } if (getval('sp_submit', '') !== '' && enforcePostRequest(false)) { // set up config and format it for admin user to copy into ResourceSpace config file if ($certpath == "" || $keypath == "") { foreach ($certreqdetails as $certreqdetail) { $certval = getval($certreqdetail, ""); if (trim($certval) == "" || ($certreqdetail == "countryName" && strlen($certval) !== 2)) { $error_text .= $lang['simplesaml_sp_cert_invalid'] . " - '" . $certreqdetail . "'
"; } $dn[$certreqdetail] = $certval; } if ($error_text == "") { $certinfo = simplesaml_generate_keypair($dn); if (is_array($certinfo)) { $certpath = $certinfo["certificate"]; $keypath = $certinfo["privatekey"]; } else { $error_text = $lang['simplesaml_sp_cert_gen_error']; } } } $spconfigtext = implode("\n", $spconfig); // Set up metadata // Code below copied directly from SimpleSAMLphp metadata-converter.php $metadataoutput = ""; $metadata_xml = trim(getval("metadata_xml", "")); if ($metadata_xml != "") { require_once simplesaml_get_lib_path() . '/lib/_autoload.php'; (new \SimpleSAML\Utils\XML())->checkSAMLMessage($metadata_xml, 'saml-meta'); $entities = \SimpleSAML\Metadata\SAMLParser::parseDescriptorsString($metadata_xml); foreach ($entities as &$entity) { $entity = [ 'saml20-sp-remote' => $entity->getMetadata20SP(), 'saml20-idp-remote' => $entity->getMetadata20IdP(), ]; } // transpose from $entities[entityid][type] to $output[type][entityid] $output = (new \SimpleSAML\Utils\Arrays())->transpose($entities); // merge all metadata of each type to a single string which should be added to the corresponding file foreach ($output as $type => &$entities) { $text = ''; foreach ($entities as $entityId => $entityMetadata) { if ($entityMetadata === null) { continue; } // remove the entityDescriptor element because it is unused, and only makes the output harder to read unset($entityMetadata['entityDescriptor']); $text .= '$metadata[' . var_export($entityId, true) . '] = ' . var_export($entityMetadata, true) . ";\n"; } } $metadataoutput = str_replace("\$metadata", "\$simplesamlconfig[\"metadata\"]", $text); $samlidp = $entityId; } // Set up authsources config $spauthsourcestext = "\$simplesamlconfig['authsources'] = [ 'admin' => ['core:AdminPassword'], '{$saml_live_sp_name}' => [ 'saml:SP', 'privatekey' => '" . escape($keypath) . "', 'certificate' => '" . escape($certpath) . "', 'entityID' => null, 'idp' => '" . escape($samlidp) . "', 'discoURL' => null, ] ];"; $spconfigtext = $spauthsourcestext . "\n\n" . $spconfigtext . "\n\n" . $metadataoutput; $showoutput = true; } $links_trail = array( array( 'title' => $lang["systemsetup"], 'href' => "{$baseurl_short}pages/admin/admin_home.php" ), array( 'title' => $lang["pluginmanager"], 'href' => "{$baseurl_short}pages/team/team_plugins.php" ), array( 'title' => $lang['simplesaml_configuration'], 'href' => "{$baseurl_short}plugins/simplesaml/pages/setup.php" ), array( 'title' => $lang["simplesaml_sp_config"], 'help' => 'plugins/simplesaml' ), ); include '../../../include/header.php'; ?>

$samlvalue) { if ($saml_setting == "metadatadir" || is_array($samlvalue)) { continue; } render_text_question(isset($lang["simplesaml_sp_" . $saml_setting]) ? $lang["simplesaml_sp_" . $saml_setting] : $saml_setting, $saml_setting, '', false, 'class="stdwidth"', $samlvalue); } render_text_question($lang['simplesaml_sp_cert_path'], "cert_path", '', false, 'class="stdwidth certinput"', $certpath); render_text_question($lang['simplesaml_sp_key_path'], "key_path", '', false, 'class="stdwidth certinput"', $keypath); render_text_question($lang['simplesaml_sp_idp'], "samlidp", '', false, 'class="stdwidth"', $samlidp); ?>

" onclick="jQuery('#sp_submit').val('true');return CentralSpacePost(this.form,true);">