You are here

Home » API reference » SAML Service Provider 7.8 » saml_sp.module

function saml_sp__get_settings in SAML Service Provider 7.8

Same name and namespace in other branches
  1. 8.3 saml_sp.module \saml_sp__get_settings()
  2. 8.2 saml_sp.module \saml_sp__get_settings()
  3. 7 saml_sp.module \saml_sp__get_settings()
  4. 7.2 saml_sp.module \saml_sp__get_settings()
  5. 7.3 saml_sp.module \saml_sp__get_settings()
  6. 4.x saml_sp.module \saml_sp__get_settings()
  7. 3.x saml_sp.module \saml_sp__get_settings()

Get the SAML settings for an IdP.

Parameters

Object $idp: An IDP object, such as that provided by saml_sp_idp_load($machine_name).

Return value

OneLogin_Saml_Settings IdP Settings data.

4 calls to saml_sp__get_settings()
saml_sp_start in ./saml_sp.module
Start a SAML authentication request.
saml_sp_user_logout in modules/saml_sp_drupal_login/saml_sp_drupal_login.module
Implements hook_user_logout
saml_sp__endpoint in ./saml_sp.pages.inc
Page callback to complete the SAML authentication process. This is the consumer endpoint for all SAML authentication requests.
saml_sp__logout in ./saml_sp.pages.inc
Page callback to initiate the SAML SLO process.

File

./saml_sp.module, line 372
SAML Service Provider

Code

function saml_sp__get_settings($idp) {

  // Require all the relevant libraries.
  _saml_sp__prepare();

  //$settings = new OneLogin_Saml_Settings();
  $settings = array();

  // The consumer endpoint will always be /saml/consume.
  $endpoint_url = url("saml/consume", array(
    'absolute' => TRUE,
  ));
  $settings['idp']['entityId'] = $idp->machine_name;

  // URL to login of the IdP server.
  $settings['idp']['singleSignOnService']['url'] = $idp->login_url;

  // URL to logout of the IdP server.
  $settings['idp']['singleLogoutService'] = array(
    'url' => $idp->logout_url,
    'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
  );

  // The IdP's public x.509 certificate.
  $settings['idp']['x509cert'] = $idp->x509_cert;

  // The authentication method we want to use with the IdP
  $settings['idp']['AuthnContextClassRef'] = $idp->authn_context_class_ref;

  // Name to identify IdP
  $settings['idp']['entityId'] = $idp->entity_id;
  $settings['strict'] = (bool) variable_get('saml_sp__strict', FALSE);

  // Name to identify this application, if none is given use the absolute URL
  // instead
  $settings['sp']['entityId'] = $idp->app_name ? $idp->app_name : url('user', array(
    'absolute' => TRUE,
  ));

  // Drupal URL to consume the response from the IdP.
  $settings['sp']['assertionConsumerService'] = array(
    'url' => $endpoint_url,
    'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
  );

  // Tells the IdP to return the email address of the current user
  $settings['sp']['NameIDFormat'] = OneLogin_Saml2_Constants::NAMEID_EMAIL_ADDRESS;

  // add the contact information for the SP
  $contact = variable_get('saml_sp__contact', array());
  $settings['contactPerson'] = array(
    'technical' => array(
      'givenName' => $contact['technical']['name'],
      'emailAddress' => $contact['technical']['email'],
    ),
    'support' => array(
      'givenName' => $contact['support']['name'],
      'emailAddress' => $contact['support']['email'],
    ),
  );

  // add the organization information
  $organization = variable_get('saml_sp__organization', array());
  $settings['organization'] = array(
    'en-US' => array(
      'name' => $organization['name'],
      'displayname' => $organization['display_name'],
      'url' => $organization['url'],
    ),
  );

  // add the security settings
  $security = variable_get('saml_sp__security', array());
  $settings['security'] = array(
    // signatures and encryptions offered
    'nameIdEncrypted' => (bool) $security['nameIdEncrypted'],
    'authnRequestsSigned' => (bool) $security['authnRequestsSigned'],
    'logoutRequestSigned' => (bool) $security['logoutRequestSigned'],
    'logoutResponseSigned' => (bool) $security['logoutResponseSigned'],
    // Sign the Metadata
    'signMetadata' => (bool) $security['signMetaData'],
    // signatures and encryptions required
    'wantMessagesSigned' => (bool) $security['wantMessagesSigned'],
    'wantAssertionsSigned' => (bool) $security['wantAssertionsSigned'],
    'wantNameIdEncrypted' => (bool) $security['wantNameIdEncrypted'],
  );
  $cert_location = variable_get('saml_sp__cert_location', '');
  if ($cert_location && file_exists($cert_location)) {
    $settings['sp']['x509cert'] = file_get_contents($cert_location);
  }

  // Invoke hook_saml_sp_settings_alter().
  drupal_alter('saml_sp_settings', $settings);

  // we are adding in the private key after the alter function because we don't
  // want to risk the private key getting out and in the hands of a rogue module
  $key_location = variable_get('saml_sp__key_location', '');
  if ($key_location && file_exists($key_location)) {
    $settings['sp']['privateKey'] = file_get_contents($key_location);
  }
  return $settings;
}