function saml_sp__configure_idp_form in SAML Service Provider 7.3
Same name and namespace in other branches
- 7.8 saml_sp.admin.inc \saml_sp__configure_idp_form()
- 7 saml_sp.admin.inc \saml_sp__configure_idp_form()
- 7.2 saml_sp.admin.inc \saml_sp__configure_idp_form()
Configure or add a SAML IDP.
1 string reference to 'saml_sp__configure_idp_form'
- saml_sp_menu in ./
saml_sp.module - Implements hook_menu().
File
- ./
saml_sp.admin.inc, line 26 - Admin pages for the SAML Service Provider module.
Code
function saml_sp__configure_idp_form($form, &$form_state, $saml_idp = NULL) {
$library = _saml_sp__prepare();
$show_metadata = TRUE;
if (is_null($saml_idp)) {
$show_metadata = FALSE;
// Populate a default IDP object, with empty fields.
$saml_idp = _saml_sp__default_idp();
}
$form['#destination'] = 'admin/config/people/saml_sp/IDP';
$form['export_type'] = array(
'#type' => 'value',
'#value' => isset($saml_idp->export_type) ? $saml_idp->export_type : NULL,
);
// If this is an update to an existing IDP, track the original machine name,
// in case it is changed.
if (!empty($saml_idp->machine_name)) {
$form['orig_machine_name'] = array(
'#type' => 'value',
'#value' => $saml_idp->machine_name,
);
}
$form['name'] = array(
'#type' => 'textfield',
'#title' => t('Name'),
'#default_value' => $saml_idp->name,
'#description' => t('The human-readable name of this IDP. This text will be displayed to administrators who can configure SAML.'),
'#required' => TRUE,
'#size' => 30,
'#maxlength' => 30,
);
$form['machine_name'] = array(
'#type' => 'machine_name',
'#default_value' => $saml_idp->machine_name,
'#maxlength' => 32,
'#machine_name' => array(
'exists' => 'saml_sp_idp_load',
),
'#description' => t('A unique machine-readable name for this IDP. It must only contain lowercase letters, numbers, and underscores.'),
);
$form['entity_id'] = array(
'#type' => 'textfield',
'#title' => t('Entity ID'),
'#description' => t('The entityID identifier which the Identity Provider will use to identiy itself by, this may sometimes be a URL.'),
'#default_value' => $saml_idp->entity_id,
'#maxlength' => 255,
);
$form['app_name'] = array(
'#type' => 'textfield',
'#title' => t('App name'),
'#description' => t('The app name is provided to the Identiy Provider, to identify the origin of the request.'),
'#default_value' => $saml_idp->app_name,
'#maxlength' => 255,
);
// Adding mail and extra fields to select list
$fields = array(
'mail' => t('Email'),
);
$extra_fields = field_info_instances($entity_type = 'user', $bundle_name = NULL);
$extra_fields = array_keys($extra_fields['user']);
foreach ($extra_fields as $value) {
$fields[$value] = $value;
}
$form['nameid_field'] = array(
'#type' => 'select',
'#title' => t('NameID field'),
'#description' => t('Mail is usually used between IdP and SP, but if you want to let users change the email address in IdP, you need to use a custom field to store the ID.'),
'#options' => $fields,
'#default_value' => $saml_idp->nameid_field,
);
// The SAML Login URL and x.509 certificate must match the details provided
// by the IDP.
$form['idp'] = array(
'#type' => 'fieldset',
'#title' => t('IDP configuration'),
'#description' => t('Enter the details provided by the IDP.'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
);
$form['idp']['idp_login_url'] = array(
'#type' => 'textfield',
'#title' => t('IDP Login URL'),
'#description' => t('Login URL of the Identity Provider server.'),
'#default_value' => $saml_idp->login_url,
'#required' => TRUE,
'#maxlength' => 255,
);
$form['idp']['idp_logout_url'] = array(
'#type' => 'textfield',
'#title' => t('IDP Logout URL'),
'#description' => t('Logout URL of the Identity Provider server.'),
'#default_value' => $saml_idp->logout_url,
'#required' => TRUE,
'#maxlength' => 255,
);
$form['idp']['idp_x509_certs'] = array(
'#type' => 'fieldset',
'#title' => t('x.509 Certificates'),
'#tree' => TRUE,
'#description' => t('Enter the application certificate(s) provided by the IdP. When an IdP is switching to a new certificate they will occasionally provide the certificate before hand to those with a Relying Party Trust (RTP). The Certificates listed will be tried in the order they are entered.'),
);
$certs = $saml_idp->x509_certs ?: (isset($saml_idp->x509_cert) ? explode("\n", $saml_idp->x509_cert) : array());
$count = 0;
if (!empty($certs)) {
foreach ($certs as $encoded_cert) {
$encoded_cert = trim($encoded_cert);
$form['idp']['idp_x509_certs'][$count] = array(
'#type' => 'fieldset',
'#title' => t('x.509 Certificate @count', array(
'@count' => $count,
)),
);
if (function_exists('openssl_x509_parse')) {
$cert = openssl_x509_parse(OneLogin\Saml2\Utils::formatCert($encoded_cert));
// flatten the issuer array
if (!empty($cert['issuer'])) {
foreach ($cert['issuer'] as $key => &$value) {
if (is_array($value)) {
$value = implode("/", $value);
}
}
}
if ($cert) {
$title = t('Name: %cert-name<br/>Issued by: %issuer<br/>Valid: %valid-from - %valid-to', array(
'%cert-name' => isset($cert['name']) ? $cert['name'] : '',
'%issuer' => isset($cert['issuer']) && is_array($cert['issuer']) ? implode('/', $cert['issuer']) : '',
'%valid-from' => isset($cert['validFrom_time_t']) ? date('c', $cert['validFrom_time_t']) : '',
'%valid-to' => isset($cert['validTo_time_t']) ? date('c', $cert['validTo_time_t']) : '',
));
}
}
if (!isset($title) || empty($title)) {
$title = t('Certificate');
}
$form['idp']['idp_x509_certs'][$count]['cert'] = array(
'#type' => 'textarea',
'#title' => $title,
'#description' => t('Enter an application certificate provided by the IdP.'),
'#default_value' => $encoded_cert,
);
$form['idp']['idp_x509_certs'][$count]['details'] = array(
'#type' => 'fieldset',
'#collapsible' => TRUE,
'#collapsed' => TRUE,
'#title' => t('Details', array(
'@count' => $count,
)),
);
$form['idp']['idp_x509_certs'][$count]['details']['markup'] = array(
'#markup' => '<pre>' . print_r($cert, TRUE) . '</pre>',
);
$count++;
}
}
$form['idp']['idp_x509_certs'][$count]['cert'] = array(
'#type' => 'textarea',
'#title' => t('x.509 Certificate @count', array(
'@count' => $count,
)),
'#description' => t('Enter an application certificate provided by the IdP'),
'#default_value' => '',
);
// get the list of supported contexts
$contexts = saml_sp_get_authn_contexts();
$authn_context_class_ref_options = array();
// check to see if this is the old style setting () before multiple contexts
// were supported
if (strpos($saml_idp->authn_context_class_ref, '|') === FALSE && strpos($saml_idp->authn_context_class_ref, ':')) {
$selected_contexts = array(
$contexts[$saml_idp->authn_context_class_ref]['id'],
);
}
else {
$selected_contexts = explode('|', $saml_idp->authn_context_class_ref);
}
$authn_context_default = array();
// create options array as well as default array
foreach ($contexts as $key => $value) {
$authn_context_class_ref_options[$value['id']] = $value['label'];
$authn_context_default[$value['id']] = array_search($value['id'], $selected_contexts) !== FALSE ? $value['id'] : 0;
}
$form['idp']['authn_context_class_ref'] = array(
'#type' => 'checkboxes',
'#title' => t('Authentication Method (Context)'),
'#description' => t('What authentication method(s) would you like to use with this IdP?'),
'#default_value' => $authn_context_default,
'#options' => $authn_context_class_ref_options,
'#required' => TRUE,
);
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Save settings'),
);
return $form;
}