Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
GIP RENATER
switch-wayf
Commits
1ee208fd
Commit
1ee208fd
authored
Oct 18, 2011
by
haemmer
Browse files
Fixed URL composing bug mentioned in #975
parent
0e9b839f
Changes
3
Hide whitespace changes
Inline
Side-by-side
README
View file @
1ee208fd
...
...
@@ -416,7 +416,9 @@ Version History:
- Focus on submit button works better with different browsers
- Invalid values for width and height are now defaulted to auto for
Embedded WAYF
- Fixed a Discovery Service bug that resulted in a wrong return URL to
the Service Provider. Reported by Tom Scavo
1.14.3 Release date: 4. March 2011
- Fixed a race condition. Thanks go to Robert Basch from MIT for
reporting the issue and providing a patch.
...
...
WAYF
View file @
1ee208fd
...
...
@@ -71,7 +71,7 @@ foreach ($IDProviders as $key => $values){
// This is for back-wards compatibility with very old versions of the WAYF
if
(
isset
(
$_GET
[
'getArguments'
])
&&
isset
(
$_GET
[
'origin'
])
&&
isset
(
$_GET
[
'redirect'
])){
header
(
'Location: '
.
$_SERVER
[
'PHP_SELF'
]
.
'/redirect/'
.
$_GET
[
'origin'
]
.
'?'
.
$_GET
[
'getArguments'
]);
redirectTo
(
$_SERVER
[
'PHP_SELF'
]
.
'/redirect/'
.
$_GET
[
'origin'
]
.
'?'
.
$_GET
[
'getArguments'
]);
exit
;
}
...
...
@@ -125,9 +125,9 @@ if (isRequestType('deleteSettings')){
}
if
(
isset
(
$_GET
[
'return'
])){
header
(
'Location: '
.
$_GET
[
'return'
]);
redirectTo
(
$_GET
[
'return'
]);
}
else
{
header
(
'Location: '
.
$_SERVER
[
'SCRIPT_NAME'
]);
redirectTo
(
$_SERVER
[
'SCRIPT_NAME'
]);
}
exit
;
}
...
...
@@ -136,7 +136,7 @@ if (isRequestType('deleteSettings')){
// Delete permanent cookie
if
(
isset
(
$_POST
[
'clear_user_idp'
])){
setcookie
(
$redirectCookieName
,
''
,
time
()
-
3600
,
'/'
,
$commonDomain
,
false
);
header
(
'Location:
?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
'
?'
.
$_SERVER
[
'QUERY_STRING'
]);
exit
;
}
...
...
@@ -212,16 +212,16 @@ if (
if
(
isset
(
$IDProviders
[
$cookieIdP
][
'Type'
])
&&
$IDProviders
[
$cookieIdP
][
'Type'
]
==
'wayf'
){
// Send user to cascaded WAYF with same request
header
(
'Location: '
.
$IDProviders
[
$cookieIdP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
$IDProviders
[
$cookieIdP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
}
elseif
(
isValidDSRequest
()){
header
(
'Location: '
.
$_GET
[
'return'
]
.
'&'
.
getReturnIDParam
()
.
'='
.
urlencode
(
$cookieIdP
)
)
;
redirectToSP
(
$_GET
[
'return'
],
$cookieIdP
);
// Create log entry
logAccessEntry
(
'DS'
,
'Cookie'
,
$_GET
[
'return'
],
$cookieIdP
);
}
else
{
header
(
'Location: '
.
$IDProviders
[
$cookieIdP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
$IDProviders
[
$cookieIdP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
// Create log entry
logAccessEntry
(
'WAYF'
,
'Cookie'
,
$_GET
[
'shire'
],
$cookieIdP
);
...
...
@@ -244,15 +244,15 @@ if ($useKerberos && isset($_SERVER['REMOTE_USER'])) {
if
(
isset
(
$IDProviders
[
$kerberosIDP
][
'Type'
])
&&
$IDProviders
[
$kerberosIDP
][
'Type'
]
==
'wayf'
){
// Send user to cascaded WAYF with same request
header
(
'Location: '
.
$IDProviders
[
$kerberosIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
$IDProviders
[
$kerberosIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
}
elseif
(
isValidDSRequest
()){
header
(
'Location: '
.
$_GET
[
'return'
]
.
'&'
.
getReturnIDParam
()
.
'='
.
urlencode
(
$kerberosIDP
)
)
;
redirectToSP
(
$_GET
[
'return'
],
$kerberosIDP
);
// Create log entry
logAccessEntry
(
'DS'
,
'Kerberos'
,
$_GET
[
'return'
],
$kerberosIDP
);
}
else
{
header
(
'Location: '
.
$IDProviders
[
$kerberosIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
$IDProviders
[
$kerberosIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
// Create log entry
logAccessEntry
(
'WAYF'
,
'Kerberos'
,
$_GET
[
'shire'
],
$kerberosIDP
);
...
...
@@ -272,7 +272,7 @@ if ($useKerberos && !isset($kerberosRealm)) {
// redirect to the soft link (that points back to this script)
// which is protected by mod_auth_kerb.
$url
=
$kerberosRedirectURL
.
"?"
.
$_SERVER
[
'QUERY_STRING'
];
header
(
"Location:
$url
"
);
redirectTo
(
$url
);
exit
();
}
}
...
...
@@ -292,7 +292,7 @@ if (
&&
isset
(
$_GET
[
'origin'
])
&&
checkIDP
(
$_GET
[
'origin'
])
){
header
(
'Location: '
.
$IDProviders
[
$_GET
[
'origin'
]][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
$IDProviders
[
$_GET
[
'origin'
]][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
// Create log entry
logAccessEntry
(
'WAYF'
,
'Old-Request'
,
$_GET
[
'shire'
],
$_GET
[
'origin'
]);
...
...
@@ -306,7 +306,7 @@ if ($hintedPathIDP != '-'){
if
(
isset
(
$IDProviders
[
$hintedPathIDP
][
'Type'
])
&&
$IDProviders
[
$hintedPathIDP
][
'Type'
]
==
'wayf'
){
// Send user to cascaded WAYF with same request
header
(
'Location: '
.
$IDProviders
[
$hintedPathIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
$IDProviders
[
$hintedPathIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
exit
;
}
elseif
(
checkPathInfo
(
'redirect'
)
){
...
...
@@ -315,13 +315,13 @@ if ($hintedPathIDP != '-'){
// Determine if DS or WAYF request
if
(
isValidDSRequest
()){
header
(
'Location: '
.
$_GET
[
'return'
]
.
'&'
.
getReturnIDParam
()
.
'='
.
urlencode
(
$hintedPathIDP
)
)
;
redirectToSP
(
$_GET
[
'return'
],
$hintedPathIDP
);
// Create log entry
logAccessEntry
(
'DS'
,
'Path'
,
$_GET
[
'return'
],
$hintedPathIDP
);
}
else
{
header
(
'Location: '
.
$IDProviders
[
$hintedPathIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
$IDProviders
[
$hintedPathIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
// Create log entry
logAccessEntry
(
'WAYF'
,
'Path'
,
$_GET
[
'shire'
],
$hintedPathIDP
);
...
...
@@ -345,10 +345,10 @@ if (
if
(
isset
(
$IDProviders
[
$selectedIDP
][
'Type'
])
&&
$IDProviders
[
$selectedIDP
][
'Type'
]
==
'wayf'
){
// Send user to cascaded WAYF with same request
header
(
'Location: '
.
$IDProviders
[
$selectedIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
$IDProviders
[
$selectedIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
}
else
if
(
isValidDSRequest
()){
header
(
'Location: '
.
$_GET
[
'return'
]
.
'&'
.
getReturnIDParam
()
.
'='
.
urlencode
(
$selectedIDP
)
)
;
redirectToSP
(
$_GET
[
'return'
],
$selectedIDP
);
// Create log entry
if
(
isset
(
$_POST
[
'request_type'
])
&&
$_POST
[
'request_type'
]
==
'embedded'
){
...
...
@@ -358,7 +358,7 @@ if (
}
}
else
{
header
(
'Location: '
.
$IDProviders
[
$selectedIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
redirectTo
(
$IDProviders
[
$selectedIDP
][
'SSO'
]
.
'?'
.
$_SERVER
[
'QUERY_STRING'
]);
// Create log entry
if
(
isset
(
$_POST
[
'request_type'
])
&&
$_POST
[
'request_type'
]
==
'embedded'
){
...
...
@@ -450,14 +450,14 @@ if (
// Only return user with returnIDParam to SP if IdP could be guessed
if
(
$selectedIDP
==
'-'
||
$selectedIDP
==
''
){
header
(
'Location: '
.
$_GET
[
'return'
]);
redirectTo
(
$_GET
[
'return'
]);
// Create log entry
logAccessEntry
(
'DS'
,
'Passive'
,
$_GET
[
'return'
],
'-'
);
}
else
{
header
(
'Location: '
.
$_GET
[
'return'
]
.
'&'
.
getReturnIDParam
()
.
'='
.
urlencode
(
$selectedIDP
)
)
;
redirectToSP
(
$_GET
[
'return'
],
$selectedIDP
);
// Create log entry
logAccessEntry
(
'DS'
,
'Passive'
,
$_GET
[
'return'
],
$selectedIDP
);
...
...
functions.php
View file @
1ee208fd
...
...
@@ -531,6 +531,21 @@ function isValidDSRequest(){
}
}
/******************************************************************************/
// Sets the Location header to redirect the user's web browser
function
redirectTo
(
$url
){
header
(
'Location: '
.
$url
);
}
/******************************************************************************/
// Sets the Location that is used for redirect the web browser back to the SP
function
redirectToSP
(
$url
,
$IdP
){
if
(
preg_match
(
'/\?/'
,
$url
)
>
0
){
redirectTo
(
$url
.
'&'
.
getReturnIDParam
()
.
'='
.
urlencode
(
$IdP
));
}
else
{
redirectTo
(
$url
.
'?'
.
getReturnIDParam
()
.
'='
.
urlencode
(
$IdP
));
}
}
/******************************************************************************/
// Returns true if valid Directory Service request
function
logAccessEntry
(
$protocol
,
$type
,
$sp
,
$idp
){
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment