Commit a91dc421 authored by haemmer's avatar haemmer

Fixed protocol implementation bug mentioned in #975

parent 1ee208fd
......@@ -416,8 +416,13 @@ Version History:
- Focus on submit button works better with different browsers
- Invalid values for width and height are now defaulted to auto for
Embedded WAYF
- Fixed a Discovery Service bug that resulted in a wrong return URL to
the Service Provider. Reported by Tom Scavo
- Fixed a URL composing bug that resulted in a wrong return URL to
the Service Provider if the return parameter did not contain any GET
arguments. Reported by Tom Scavo
- Made implementation behave according to the Discovery Service protocol
specification when it comes to the return parameter. This parameter
is optional in case the DS knows the SP Discovery URL.
Reported by Tom Scavo.
1.14.3 Release date: 4. March 2011
- Fixed a race condition. Thanks go to Robert Basch from MIT for
......
......@@ -492,7 +492,7 @@ if (
$message .= '<p>'. getLocalString('valid_request_description');
printError($message);
exit;
} elseif(
} elseif(
(!isset($_GET['entityID']) && isset($_GET['return']))
|| (isset($_GET['entityID']) && !isset($_GET['return']))
){
......
......@@ -522,13 +522,33 @@ function isValidShib1Request(){
}
/******************************************************************************/
// Returns true if valid Directory Service request
// Returns true if request is a valid Directory Service request
function isValidDSRequest(){
if (isset($_GET['entityID']) && isset($_GET['return'])){
global $SProviders;
// If entityID is not present, request is invalid
if (!isset($_GET['entityID'])){
return false;
}
// If entityID and return parameters are present, request is valid
if (isset($_GET['return'])){
return true;
} else {
}
// If no return parameter and no Discovery Service endpoint is available
// for SP, request is invalid
if (!isset($SProviders[$_GET['entityID']]['DSURL'])){
return false;
}
if (count($SProviders[$_GET['entityID']]['DSURL']) < 1){
return false;
}
// EntityID is available and there is at least one DiscoveryService
// endpoint defined. Therefore, the request is valid
return true;
}
/******************************************************************************/
......
......@@ -35,7 +35,7 @@ $langStrings['en'] = array (
'no_arguments' => 'No arguments received!',
'arguments_missing' => 'The web server received an invalid query because there are some arguments missing<br>The following arguments were received:',
'valid_request_description' => 'A valid request needs at least the arguments <tt>shire</tt> and <tt>target</tt> with valid values. Optionally the arguments <tt>providerID</tt>, <tt>origin</tt> and <tt>redirect</tt> can be supplied to automtically redirect the web browser to a Home Organisation and to do that automatically for the current web browser session',
'valid_saml2_request_description' => 'A valid SAML2 request needs at least the arguments <tt>entityID</tt> and <tt>return</tt> with valid values. Optionally the arguments <tt>isPassive</tt>, <tt>policy</tt> and <tt>returnIDParam</tt> can be supplied to automtically redirect the web browser to a Home Organisation and to do that automatically for the current web browser session',
'valid_saml2_request_description' => 'A valid SAML2 request needs at least the arguments <tt>entityID</tt> and <tt>return</tt> with valid values. Instead of the <tt>return</tt> argument, metadata for the Service Provider can include a <tt>DiscoveryResponse</tt> endpoint. Optionally the arguments <tt>isPassive</tt>, <tt>policy</tt> and <tt>returnIDParam</tt> can be supplied to automtically redirect the web browser to a Home Organisation and to do that automatically for the current web browser session',
'invalid_query' => 'Error: Invalid Query',
'select_button' => 'Select',
'login' => 'Login',
......@@ -78,7 +78,7 @@ $langStrings['de'] = array (
'no_arguments' => 'Keine Argumente erhalten!',
'arguments_missing' => 'Der Webserver hat eine fehlerhafte Anfrage erhalten da einige Argumente in der Anfrage fehlen.<br>Folgende Argumente wurden empfangen:',
'valid_request_description' => 'Eine g&uuml;ltige Anfrage muss mindestens die Argumente <tt>shire</tt> und <tt>target</tt> enthalten. Zus&auml;tzlich k&ouml;nnen die Argumente <tt>providerID</tt>, <tt>origin</tt> und <tt>redirect</tt> benutzt werden um den Webbrowser automatisch an die Home Organisation weiter zu leiten und um sich die ausgew&auml;hlte Home Organisation f&uuml;r l&auml;ngere Zeit zu merken.',
'valid_saml2_request_description' => 'Eine g&uuml;ltige Anfrage muss mindestens die Argumente <tt>entityID</tt> und <tt>return</tt> enthalten. Zus&auml;tzlich k&ouml;nnen die Argumente <tt>isPassive</tt>, <tt>policy</tt> und <tt>returnIDParam</tt> benutzt werden um den Webbrowser automatisch an die Home Organisation weiter zu leiten und um sich die ausgew&auml;hlte Home Organisation f&uuml;r l&auml;ngere Zeit zu merken.',
'valid_saml2_request_description' => 'Eine g&uuml;ltige Anfrage muss mindestens die Argumente <tt>entityID</tt> und <tt>return</tt> enthalten. Anstatt dem Argument <tt>return</tt> k&ouml;nnen die Metadaten f&uuml;r den Service Provider einen <tt>DiscoveryResponse</tt> Endpunkt enthalten. Zus&auml;tzlich k&ouml;nnen die Argumente <tt>isPassive</tt>, <tt>policy</tt> und <tt>returnIDParam</tt> benutzt werden um den Webbrowser automatisch an die Home Organisation weiter zu leiten und um sich die ausgew&auml;hlte Home Organisation f&uuml;r l&auml;ngere Zeit zu merken.',
'invalid_query' => 'Error: Fehlerhafte Anfrage',
'select_button' => 'Ausw&auml;hlen',
'login' => 'Anmelden',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment