function saml_sp__get_settings in SAML Service Provider 7.3
Same name and namespace in other branches
- 8.3 saml_sp.module \saml_sp__get_settings()
- 8.2 saml_sp.module \saml_sp__get_settings()
- 7.8 saml_sp.module \saml_sp__get_settings()
- 7 saml_sp.module \saml_sp__get_settings()
- 7.2 saml_sp.module \saml_sp__get_settings()
- 4.x saml_sp.module \saml_sp__get_settings()
- 3.x saml_sp.module \saml_sp__get_settings()
Get the SAML settings for an IdP.
Parameters
Object $idp: An IDP object, such as that provided by saml_sp_idp_load($machine_name).
Return value
OneLogin\Saml2\Settings IdP Settings data.
5 calls to saml_sp__get_settings()
- saml_sp_start in ./
saml_sp.module - Start a SAML authentication request.
- saml_sp_user_logout in modules/
saml_sp_drupal_login/ saml_sp_drupal_login.module - Implements hook_user_logout
- saml_sp__endpoint in ./
saml_sp.pages.inc - Page callback to complete the SAML authentication process. This is the consumer endpoint for all SAML authentication requests.
- saml_sp__get_metadata in ./
saml_sp.module - load the settings and get the metadata
- saml_sp__logout in ./
saml_sp.pages.inc - Page callback to initiate the SAML SLO process.
File
- ./
saml_sp.module, line 434 - SAML Service Provider
Code
function saml_sp__get_settings($idp) {
// Require all the relevant libraries.
$library = _saml_sp__prepare();
if (!$library['loaded']) {
drupal_set_message(t('PHP-SAML library could not be loaded.'));
return array();
}
//$settings = new OneLogin\Saml2\Settings();
$settings = array();
// The consumer endpoint will always be /saml/consume.
$endpoint_url = url("saml/consume", array(
'absolute' => TRUE,
));
$settings['idp']['entityId'] = $idp->machine_name;
// URL to login of the IdP server.
$settings['idp']['singleSignOnService']['url'] = $idp->login_url;
// URL to logout of the IdP server.
$settings['idp']['singleLogoutService'] = array(
'url' => $idp->logout_url,
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
);
$signing_certs = $idp->x509_certs;
if (empty($signing_certs)) {
$single_cert = !empty($idp->x509_cert) ? $idp->x509_cert : "";
$signing_certs = explode("\n", $single_cert);
}
$settings['idp']['x509certMulti'] = array(
'signing' => $signing_certs,
'encryption' => $idp->x509_certs,
);
// Name to identify IdP
$settings['idp']['entityId'] = $idp->entity_id;
$settings['strict'] = (bool) variable_get('saml_sp__strict', FALSE);
// Name to identify this application, if none is given use the absolute URL
// instead
$settings['sp']['entityId'] = $idp->app_name ? $idp->app_name : url('user', array(
'absolute' => TRUE,
));
// Drupal URL to consume the response from the IdP.
$settings['sp']['assertionConsumerService'] = array(
'url' => $endpoint_url,
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
);
// Drupal URL to logout the user from the IdP.
$settings['sp']['singleLogoutService'] = array(
'url' => $endpoint_url,
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
);
// Tells the IdP to return the email address of the current user
$settings['sp']['NameIDFormat'] = OneLogin\Saml2\Constants::NAMEID_EMAIL_ADDRESS;
// add the contact information for the SP
$contact = variable_get('saml_sp__contact', array());
$settings['contactPerson'] = array();
if (!empty($contact['technical']['name']) || !empty($contact['technical']['email'])) {
$settings['contactPerson']['technical'] = array(
'givenName' => $contact['technical']['name'],
'emailAddress' => $contact['technical']['email'],
);
}
if (!empty($contact['support']['name']) || !empty($contact['support']['email'])) {
$settings['contactPerson']['support'] = array(
'givenName' => $contact['support']['name'],
'emailAddress' => $contact['support']['email'],
);
}
// add the organization information
$organization = variable_get('saml_sp__organization', array());
if (!empty($organization['name']) || !empty($organization['display_name']) || !empty($organization['url'])) {
$settings['organization'] = array(
'en-US' => array(
'name' => $organization['name'],
'displayname' => $organization['display_name'],
'url' => $organization['url'],
),
);
}
// add the security settings
$security = variable_get('saml_sp__security', array());
$settings['security'] = array(
// signatures and encryptions offered
'nameIdEncrypted' => (bool) $security['nameIdEncrypted'],
'authnRequestsSigned' => (bool) $security['authnRequestsSigned'],
'logoutRequestSigned' => (bool) $security['logoutRequestSigned'],
'logoutResponseSigned' => (bool) $security['logoutResponseSigned'],
// Sign the Metadata
'signMetadata' => (bool) $security['signMetaData'],
// signatures and encryptions required
'wantMessagesSigned' => (bool) $security['wantMessagesSigned'],
'wantAssertionsSigned' => (bool) $security['wantAssertionsSigned'],
'wantNameIdEncrypted' => (bool) $security['wantNameIdEncrypted'],
);
// The authentication method we want to use with the IdP
if ($idp->authn_context_class_ref) {
$settings['security']['requestedAuthnContext'] = saml_sp_authn_context_settings($idp->authn_context_class_ref);
}
$cert_location = variable_get('saml_sp__cert_location', '');
if ($cert_location && file_exists($cert_location)) {
$settings['sp']['x509cert'] = file_get_contents($cert_location);
}
$new_cert_location = variable_get('saml_sp__new_cert_location', '');
if ($new_cert_location && file_exists($new_cert_location)) {
$settings['sp']['x509certNew'] = file_get_contents($new_cert_location);
}
// Invoke hook_saml_sp_settings_alter().
drupal_alter('saml_sp_settings', $settings, $idp);
// we are adding in the private key after the alter function because we don't
// want to risk the private key getting out and in the hands of a rogue module
$key_location = variable_get('saml_sp__key_location', '');
if ($key_location && file_exists($key_location)) {
$settings['sp']['privateKey'] = file_get_contents($key_location);
}
if (variable_get('saml_sp__debug', FALSE)) {
watchdog('saml_sp', '$settings => <pre>@settings</pre>', array(
'@settings' => print_r($settings, TRUE),
), WATCHDOG_DEBUG);
}
return $settings;
}