New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow overriding of host, port, protocol nsdr url path for URL building #175

Merged
merged 6 commits into from Nov 15, 2016
Copy path View file
@@ -279,6 +279,12 @@ $settings = array (
// Enable debug mode (to print errors).
'debug' => false,
// Set a BaseURL to be used instead of try to guess
// the BaseURL of the view that process the SAML Message.
// Ex http://sp.example.com/
// http://example.com/sp/
'baseurl' => null,
// Service Provider Data that we are deploying.
'sp' => array (
// Identifier of the SP entity (must be a URI)
@@ -1035,6 +1041,26 @@ if (isset($_SESSION['samlUserdata'])) { // If there is user data we print it.
}
```
#### URL-guessing methods ####
php-saml toolkit uses a bunch of methods in OneLogin_Saml2_Utils that try to guess the URL where the SAML messages are processed.
* `getSelfHost` Returns the current host.
* `getSelfPort` Return the port number used for the request
* `isHTTPS` Checks if the protocol is https or http.
* `getSelfURLhost` Returns the protocol + the current host + the port (if different than common ports).
* `getSelfURL` Returns the URL of the current host + current view + query.
* `getSelfURLNoQuery` Returns the URL of the current host + current view.
* `getSelfRoutedURLNoQuery` Returns the routed URL of the current host + current view.
getSelfURLNoQuery and getSelfRoutedURLNoQuery are used to calculate the currentURL in order to valdate SAML elements like Destination or Recipient.
When the PHP application is behind a proxy or a load balancer we can execute setProxyVars(true) and getSelfPort and isHTTPS will take care of the $_SERVER["HTTP_X_FORWARDED_PORT"] and $_SERVER['HTTP_X_FORWARDED_PROTO'] vars (otherwise they are ignored).
Also a developer can use setSelfProtocol, setSelfHost, setSelfPort and getBaseURLPath to define a specific value to be returned by isHTTPS, getSelfHost, getSelfPort and getBaseURLPath. And define a setBasePath to be used on the getSelfURL and getSelfRoutedURLNoQuery to replace the data extracted from $_SERVER["REQUEST_URI"].
At the settings the developer will be able to set a 'baseurl' parameter that automatically will use setBaseURL to set values for setSelfProtocol, setSelfHost, setSelfPort and setBaseURLPath.
### Main classes and methods ###
Described below are the main classes and methods that can be invoked.
@@ -1196,7 +1222,9 @@ Configuration of the OneLogin PHP Toolkit
* `formatSPKey` - Formats the SP private key.
* `getErrors` - Returns an array with the errors, the array is empty when
the settings is ok.
* `getLastErrorReason`* Returns the reason of the last error
* `getLastErrorReason` - Returns the reason of the last error
* `getBaseURL` - Returns the baseurl set on the settings if any.
* `setBaseURL` - Set a baseurl value
* `setStrict` - Activates or deactivates the strict mode.
* `isStrict` - Returns if the 'strict' mode is active.
* `isDebugActive` - Returns if the debug is active.
Copy path View file
@@ -41,9 +41,13 @@ class OneLogin_Saml2_LogoutRequest
*/
public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null)
{
$this->_settings = $settings;
if (!empty($this->_settings->getBaseURL())) {
$baseURL = $this->_settings->getBaseURL();
OneLogin_Saml2_Utils::setBaseURL($baseURL);
}
if (!isset($request) || empty($request)) {
$spData = $this->_settings->getSPData();
Copy path View file
@@ -41,6 +41,12 @@ class OneLogin_Saml2_LogoutResponse
public function __construct(OneLogin_Saml2_Settings $settings, $response = null)
{
$this->_settings = $settings;
if (!empty($this->_settings->getBaseURL())) {
$baseURL = $this->_settings->getBaseURL();
OneLogin_Saml2_Utils::setBaseURL($baseURL);
}
if ($response) {
$decoded = base64_decode($response);
$inflated = @gzinflate($decoded);
Copy path View file
@@ -56,6 +56,11 @@ public function __construct(OneLogin_Saml2_Settings $settings, $response)
{
$this->_settings = $settings;
if (!empty($this->_settings->getBaseURL())) {
$baseURL = $this->_settings->getBaseURL();
OneLogin_Saml2_Utils::setBaseURL($baseURL);
}
$this->response = base64_decode($response);
$this->document = new DOMDocument();
Copy path View file
@@ -14,6 +14,11 @@ class OneLogin_Saml2_Settings
*/
private $_paths = array();
/**
* @var string
*/
private $_baseurl;
/**
* Strict. If active, PHP Toolkit will reject unsigned or unencrypted messages
* if it expects them signed or encrypted. If not, the messages will be accepted
@@ -240,6 +245,10 @@ private function _loadSettingsFromArray($settings)
$this->_debug = $settings['debug'];
}
if (isset($settings['baseurl'])) {
$this->_baseurl = $settings['baseurl'];
}
if (isset($settings['compress'])) {
$this->_compress = $settings['compress'];
}
@@ -940,6 +949,24 @@ public function isDebugActive()
return $this->_debug;
}
/**
* Set a baseurl value.
*/
public function setBaseURL($baseurl)
{
$this->_baseurl = $baseurl;
}
/**
* Returns the baseurl set on the settings if any.
*
* @return null|string The baseurl
*/
public function getBaseURL()
{
return $this->_baseurl;
}
/**
* Sets the IdP certificate.
*
Oops, something went wrong.
ProTip! Use n and p to navigate between commits in a pull request.