You are here

function saml_sp__configure_idp_form in SAML Service Provider 7.2

Same name and namespace in other branches
  1. 7.8 saml_sp.admin.inc \saml_sp__configure_idp_form()
  2. 7 saml_sp.admin.inc \saml_sp__configure_idp_form()
  3. 7.3 saml_sp.admin.inc \saml_sp__configure_idp_form()

Configure or add a SAML IDP.

1 string reference to 'saml_sp__configure_idp_form'
saml_sp_menu in ./saml_sp.module
Implements hook_menu().

File

./saml_sp.admin.inc, line 26
Admin pages for the SAML Service Provider module.

Code

function saml_sp__configure_idp_form($form, &$form_state, $saml_idp = NULL) {
  $library = _saml_sp__prepare();
  $show_metadata = TRUE;
  if (is_null($saml_idp)) {
    $show_metadata = FALSE;

    // Populate a default IDP object, with empty fields.
    $saml_idp = _saml_sp__default_idp();
  }
  $form['#destination'] = 'admin/config/people/saml_sp/IDP';
  $form['export_type'] = array(
    '#type' => 'value',
    '#value' => isset($saml_idp->export_type) ? $saml_idp->export_type : NULL,
  );

  // If this is an update to an existing IDP, track the original machine name,
  // in case it is changed.
  if (!empty($saml_idp->machine_name)) {
    $form['orig_machine_name'] = array(
      '#type' => 'value',
      '#value' => $saml_idp->machine_name,
    );
  }
  $form['name'] = array(
    '#type' => 'textfield',
    '#title' => t('Name'),
    '#default_value' => $saml_idp->name,
    '#description' => t('The human-readable name of this IDP. This text will be displayed to administrators who can configure SAML.'),
    '#required' => TRUE,
    '#size' => 30,
    '#maxlength' => 30,
  );
  $form['machine_name'] = array(
    '#type' => 'machine_name',
    '#default_value' => $saml_idp->machine_name,
    '#maxlength' => 32,
    '#machine_name' => array(
      'exists' => 'saml_sp_idp_load',
    ),
    '#description' => t('A unique machine-readable name for this IDP. It must only contain lowercase letters, numbers, and underscores.'),
  );
  $form['entity_id'] = array(
    '#type' => 'textfield',
    '#title' => t('Entity ID'),
    '#description' => t('The entityID identifier which the Identity Provider will use to identiy itself by, this may sometimes be a URL.'),
    '#default_value' => $saml_idp->entity_id,
    '#maxlength' => 255,
  );
  $form['app_name'] = array(
    '#type' => 'textfield',
    '#title' => t('App name'),
    '#description' => t('The app name is provided to the Identiy Provider, to identify the origin of the request.'),
    '#default_value' => $saml_idp->app_name,
    '#maxlength' => 255,
  );

  // Adding mail and extra fields to select list
  $fields = array(
    'mail' => t('Email'),
  );
  $extra_fields = field_info_instances($entity_type = 'user', $bundle_name = NULL);
  $extra_fields = array_keys($extra_fields['user']);
  foreach ($extra_fields as $value) {
    $fields[$value] = $value;
  }
  $form['nameid_field'] = array(
    '#type' => 'select',
    '#title' => t('NameID field'),
    '#description' => t('Mail is usually used between IdP and SP, but if you want to let users change the email address in IdP, you need to use a custom field to store the ID.'),
    '#options' => $fields,
    '#default_value' => $saml_idp->nameid_field,
  );

  // The SAML Login URL and x.509 certificate must match the details provided
  // by the IDP.
  $form['idp'] = array(
    '#type' => 'fieldset',
    '#title' => t('IDP configuration'),
    '#description' => t('Enter the details provided by the IDP.'),
    '#collapsible' => TRUE,
    '#collapsed' => FALSE,
  );
  $form['idp']['idp_login_url'] = array(
    '#type' => 'textfield',
    '#title' => t('IDP Login URL'),
    '#description' => t('Login URL of the Identity Provider server.'),
    '#default_value' => $saml_idp->login_url,
    '#required' => TRUE,
    '#max_length' => 255,
  );
  $form['idp']['idp_logout_url'] = array(
    '#type' => 'textfield',
    '#title' => t('IDP Logout URL'),
    '#description' => t('Logout URL of the Identity Provider server.'),
    '#default_value' => $saml_idp->logout_url,
    '#required' => TRUE,
    '#max_length' => 255,
  );
  $form['idp']['idp_x509_certs'] = array(
    '#type' => 'fieldset',
    '#title' => t('x.509 Certificates'),
    '#tree' => TRUE,
    '#description' => t('Enter the application certificate(s) provided by the IdP. When an IdP is switching to a new certificate they will occasionally provide the certificate before hand to those with a Relying Party Trust (RTP). The Certificates listed will be tried in the order they are entered.'),
  );
  $certs = $saml_idp->x509_certs ?: (isset($saml_idp->x509_cert) ? explode("\n", $saml_idp->x509_cert) : array());
  $count = 0;
  if (!empty($certs)) {
    foreach ($certs as $encoded_cert) {
      $encoded_cert = trim($encoded_cert);
      $form['idp']['idp_x509_certs'][$count] = array(
        '#type' => 'fieldset',
        '#title' => t('x.509 Certificate @count', array(
          '@count' => $count,
        )),
      );
      if (function_exists('openssl_x509_parse')) {
        $cert = openssl_x509_parse(OneLogin_Saml2_Utils::formatCert($encoded_cert));

        // flatten the issuer array
        if (!empty($cert['issuer'])) {
          foreach ($cert['issuer'] as $key => &$value) {
            if (is_array($value)) {
              $value = implode("/", $value);
            }
          }
        }
        if ($cert) {
          $title = t('Name: %cert-name<br/>Issued by: %issuer<br/>Valid: %valid-from - %valid-to', array(
            '%cert-name' => isset($cert['name']) ? $cert['name'] : '',
            '%issuer' => isset($cert['issuer']) && is_array($cert['issuer']) ? implode('/', $cert['issuer']) : '',
            '%valid-from' => isset($cert['validFrom_time_t']) ? date('c', $cert['validFrom_time_t']) : '',
            '%valid-to' => isset($cert['validTo_time_t']) ? date('c', $cert['validTo_time_t']) : '',
          ));
        }
      }
      if (!isset($title) || empty($title)) {
        $title = t('Certificate');
      }
      $form['idp']['idp_x509_certs'][$count]['cert'] = array(
        '#type' => 'textarea',
        '#title' => $title,
        '#description' => t('Enter an application certificate provided by the IdP.'),
        '#default_value' => $encoded_cert,
        '#max_length' => 1024,
      );
      $form['idp']['idp_x509_certs'][$count]['details'] = array(
        '#type' => 'fieldset',
        '#collapsible' => TRUE,
        '#collapsed' => TRUE,
        '#title' => t('Details', array(
          '@count' => $count,
        )),
      );
      $form['idp']['idp_x509_certs'][$count]['details']['markup'] = array(
        '#markup' => '<pre>' . print_r($cert, TRUE) . '</pre>',
      );
      $count++;
    }
  }
  $form['idp']['idp_x509_certs'][$count]['cert'] = array(
    '#type' => 'textarea',
    '#title' => t('x.509 Certificate @count', array(
      '@count' => $count,
    )),
    '#description' => t('Enter an application certificate provided by the IdP'),
    '#default_value' => '',
    '#max_length' => 1024,
  );

  // get the list of supported contexts
  $contexts = saml_sp_get_authn_contexts();
  $authn_context_class_ref_options = array();

  // check to see if this is the old style setting () before multiple contexts
  // were supported
  if (strpos($saml_idp->authn_context_class_ref, '|') === FALSE && strpos($saml_idp->authn_context_class_ref, ':')) {
    $selected_contexts = array(
      $contexts[$saml_idp->authn_context_class_ref]['id'],
    );
  }
  else {
    $selected_contexts = explode('|', $saml_idp->authn_context_class_ref);
  }
  $authn_context_default = array();

  // create options array as well as default array
  foreach ($contexts as $key => $value) {
    $authn_context_class_ref_options[$value['id']] = $value['label'];
    $authn_context_default[$value['id']] = array_search($value['id'], $selected_contexts) !== FALSE ? $value['id'] : 0;
  }
  $form['idp']['authn_context_class_ref'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Authentication Method (Context)'),
    '#description' => t('What authentication method(s) would you like to use with this IdP?'),
    '#default_value' => $authn_context_default,
    '#options' => $authn_context_class_ref_options,
    '#required' => TRUE,
  );
  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => t('Save settings'),
  );
  return $form;
}