Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
GIP RENATER
switch-wayf
Commits
ad118607
Commit
ad118607
authored
Nov 18, 2010
by
haemmer
Browse files
It is now checked whether the Service Provider exists in metadata
parent
f3c67c01
Changes
3
Show whitespace changes
Inline
Side-by-side
WAYF
View file @
ad118607
...
...
@@ -90,6 +90,15 @@ if(isValidDSRequest()){
exit
;
}
if
(
isset
(
$enableDSReturnParamCheck
)
&&
$enableDSReturnParamCheck
){
// Check SP
if
(
!
isset
(
$SProviders
[
$_GET
[
'entityID'
]])){
// Show error
$message
=
sprintf
(
getLocalString
(
'unknown_sp'
),
htmlentities
(
$_GET
[
'entityID'
]));
printError
(
$message
);
exit
;
}
// Check return URL in DS request if checks are enabled
$returnURLOK
=
verifyReturnURL
(
$_GET
[
'entityID'
],
$returnURL
);
if
(
!
$returnURLOK
){
...
...
@@ -98,6 +107,9 @@ if(isValidDSRequest()){
printError
(
$message
);
exit
;
}
}
}
/*------------------------------------------------*/
...
...
functions.php
View file @
ad118607
...
...
@@ -395,23 +395,11 @@ function getIPAdressHint() {
}
return
'-'
;
}
/******************************************************************************/
// Returns true if URL could be verified or if no check is necessary, false otherwise
function
verifyReturnURL
(
$entityID
,
$returnURL
)
{
global
$SProviders
,
$enableDSReturnParamCheck
,
$useACURLsForReturnParamCheck
;
// Skip check if is is deactivated
if
(
!
isset
(
$enableDSReturnParamCheck
)
||
!
$enableDSReturnParamCheck
){
return
true
;
}
// SP is unknown, therefore return false
if
(
!
isset
(
$SProviders
[
$entityID
])){
return
false
;
}
global
$SProviders
,
$useACURLsForReturnParamCheck
;
// If SP has a <idpdisc:DiscoveryResponse>, check return param
if
(
isset
(
$SProviders
[
$entityID
][
'DSURL'
])){
...
...
@@ -419,7 +407,14 @@ function verifyReturnURL($entityID, $returnURL) {
}
// If fall back check is enabled, check return param
if
(
$useACURLsForReturnParamCheck
){
if
(
isset
(
$useACURLsForReturnParamCheck
)
&&
$useACURLsForReturnParamCheck
){
// Return true if no assertion consumer URL is defined to check against
// Should never happend
if
(
!
isset
(
$SProviders
[
$entityID
][
'ACURL'
])){
return
false
;
}
$returnURLHostName
=
getHostNameFromURI
(
$returnURL
);
foreach
(
$SProviders
[
$entityID
][
'ACURL'
]
as
$ACURL
){
if
(
getHostNameFromURI
(
$ACURL
)
==
$returnURLHostName
){
...
...
languages.php
View file @
ad118607
...
...
@@ -45,6 +45,7 @@ $langStrings['en'] = array (
'most_used'
=>
'Most often used Home Organisations'
,
'invalid_return_url'
=>
'The return URL <tt>\'%s\'</tt> is not a valid URL.'
,
'unverified_return_url'
=>
'The return URL <tt>\'%s\'</tt> could not be verified for Service Provider <tt>\'%s\'</tt>.'
,
'unknown_sp'
=>
'The Service Provider <tt>\'%s\'</tt> could not be found in metadata and is therefore unknown.'
,
);
...
...
@@ -88,6 +89,7 @@ $langStrings['de'] = array (
'most_used'
=>
'Meist genutzte Home Organisationen'
,
'invalid_return_url'
=>
'Die return URL <tt>\'%s\'</tt> ist keine gütige URL.'
,
'unverified_return_url'
=>
'Die return URL <tt>\'%s\'</tt> ist nicht gütige für den Service Provider <tt>\'%s\'</tt>.'
,
'unknown_sp'
=>
'Der Service Provider <tt>\'%s\'</tt> konnte nicht in den Metadaten gefunden werden und ist deshalb unbekannt.'
,
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment