function saml_sp__get_settings in SAML Service Provider 4.x
Same name and namespace in other branches
- 8.3 saml_sp.module \saml_sp__get_settings()
- 8.2 saml_sp.module \saml_sp__get_settings()
- 7.8 saml_sp.module \saml_sp__get_settings()
- 7 saml_sp.module \saml_sp__get_settings()
- 7.2 saml_sp.module \saml_sp__get_settings()
- 7.3 saml_sp.module \saml_sp__get_settings()
- 3.x saml_sp.module \saml_sp__get_settings()
Get the SAML settings for an IdP.
Parameters
\Drupal\saml_sp\Entity\Idp|null $idp: An IdP object, such as that provided by saml_sp_idp_load($machine_name).
Return value
\OneLogin\Saml2\Settings IdP Settings data.
4 calls to saml_sp__get_settings()
- SamlSPController::consume in src/
Controller/ SamlSPController.php - Receive data back from the IdP.
- saml_sp_start in ./
saml_sp.module - Start a SAML authentication request.
- saml_sp__get_metadata in ./
saml_sp.module - Load the settings and get the metadata.
- saml_sp__logout in ./
saml_sp.pages.inc - Page callback to initiate the SAML SLO process.
File
- ./
saml_sp.module, line 96 - SAML Service Provider.
Code
function saml_sp__get_settings($idp = NULL) {
if (empty($idp)) {
$idp = new Idp([]);
}
$settings = [];
// The consumer endpoint will always be /saml/consume.
$endpoint_url = Url::fromRoute('saml_sp.consume', [], [
'absolute' => TRUE,
]);
$settings['idp']['entityId'] = $idp
->id() ?: 'none_given';
// URL to login of the IdP server.
$settings['idp']['singleSignOnService']['url'] = $idp
->getLoginUrl() ?: 'https://www.example.com/login';
// URL to logout of the IdP server.
$settings['idp']['singleLogoutService'] = [
'url' => $idp
->getLogoutUrl(),
'binding' => Constants::BINDING_HTTP_REDIRECT,
];
// The IdP's public X.509 certificate.
if (is_array($idp
->getX509Cert())) {
// We only need one key, so use the first one.
$settings['idp']['x509cert'] = $idp
->getX509Cert()[0] ?: 'blank';
}
else {
$settings['idp']['x509cert'] = $idp
->getX509Cert() ?: 'blank';
}
// The authentication method we want to use with the IdP:
$settings['idp']['AuthnContextClassRef'] = $idp
->getAuthnContextClassRef() ?: 'blank';
// Name to identify IdP:
$settings['idp']['entityId'] = $idp
->getEntityId() ?: 'blank';
$config = \Drupal::config('saml_sp.settings');
$settings['strict'] = (bool) $config
->get('strict');
// Name to identify this application, if none is given use the absolute URL
// instead:
$settings['sp']['entityId'] = Html::escape($config
->get('entity_id')) ?: Url::fromRoute('user.page', [], [
'absolute' => TRUE,
])
->toString();
$settings['sp']['assertionConsumerService'] = [
'url' => $endpoint_url
->toString(),
'binding' => Constants::BINDING_HTTP_POST,
];
// Drupal URL to logout the user from the IdP.
$settings['sp']['singleLogoutService'] = array(
'url' => $endpoint_url
->toString(),
'binding' => Constants::BINDING_HTTP_POST,
);
// Tells the IdP to return the email address of the current user:
$settings['sp']['NameIDFormat'] = Constants::NAMEID_EMAIL_ADDRESS;
// Add the contact information for the SP:
$settings['contactPerson'] = [];
if (!empty($config
->get('contact.technical.name')) && !empty($config
->get('contact.technical.email'))) {
$settings['contactPerson']['technical'] = [
'givenName' => Html::escape($config
->get('contact.technical.name')),
'emailAddress' => $config
->get('contact.technical.email'),
];
}
if (!empty($config
->get('contact.support.name')) && !empty($config
->get('contact.support.email'))) {
$settings['contactPerson']['support'] = [
'givenName' => Html::escape($config
->get('contact.support.name')),
'emailAddress' => $config
->get('contact.support.email'),
];
}
// Add the organization information.
$org_name = Html::escape($config
->get('organization.name'));
$org_disp = Html::escape($config
->get('organization.display_name'));
$org_url = $config
->get('organization.url');
if (!empty($org_name) && !empty($org_disp) && !empty($org_url)) {
$settings['organization'] = [
'en-US' => [
'name' => $org_name,
'displayname' => $org_disp,
'url' => $org_url,
],
];
}
$refs = saml_sp_authn_context_class_refs(TRUE);
$authnContexts = [];
if (is_array($idp
->getAuthnContextClassRef()) && !empty($idp
->getAuthnContextClassRef())) {
foreach ($idp
->getAuthnContextClassRef() as $value) {
if (!empty($value)) {
$authnContexts[] = $refs[$value];
}
}
}
// Add the security settings.
$settings['security'] = [
// Signatures and encryptions offered:
'nameIdEncrypted' => (bool) $config
->get('security.nameIdEncrypted'),
'authnRequestsSigned' => (bool) $config
->get('security.authnRequestsSigned'),
'logoutRequestSigned' => (bool) $config
->get('security.logoutRequestSigned'),
'logoutResponseSigned' => (bool) $config
->get('security.logoutResponseSigned'),
// Sign the Metadata:
'signMetadata' => (bool) $config
->get('security.signMetaData'),
// Signatures and encryptions required:
'wantMessagesSigned' => (bool) $config
->get('security.wantMessagesSigned'),
'wantAssertionsSigned' => (bool) $config
->get('security.wantAssertionsSigned'),
'wantNameIdEncrypted' => (bool) $config
->get('security.wantNameIdEncrypted'),
'signatureAlgorithm' => $config
->get('security.signatureAlgorithm'),
'lowercaseUrlencoding' => (bool) $config
->get('security.lowercaseUrlencoding'),
'requestedAuthnContext' => empty($authnContexts) ? FALSE : $authnContexts,
];
$cert_location = $config
->get('cert_location');
if ($cert_location && file_exists($cert_location)) {
$settings['sp']['x509cert'] = file_get_contents($cert_location);
}
$new_cert_location = $config
->get('new_cert_location');
if ($new_cert_location && file_exists($new_cert_location)) {
$settings['sp']['x509certNew'] = file_get_contents($new_cert_location);
}
// Invoke hook_saml_sp_settings_alter().
\Drupal::moduleHandler()
->alter('saml_sp_settings', $settings);
// We are adding in the private key after the alter function because we don't
// want to risk the private key getting into the hands of a rogue module.
$key_location = $config
->get('key_location');
if ($key_location && file_exists($key_location)) {
$settings['sp']['privateKey'] = file_get_contents($key_location);
}
return $settings;
}