You are here

Home » API reference » SAML Authentication 8.2 » SamlService.php » SamlService

protected static function SamlService::reformatConfig in SAML Authentication 8.2

Same name and namespace in other branches
  1. 8.3 src/SamlService.php \Drupal\samlauth\SamlService::reformatConfig()
  2. 4.x src/SamlService.php \Drupal\samlauth\SamlService::reformatConfig()

Returns a configuration array as used by the external library.

Parameters

\Drupal\Core\Config\ImmutableConfig $config: The module configuration.

Return value

array The library configuration array.

1 call to SamlService::reformatConfig()
SamlService::getSamlAuth in src/SamlService.php
Returns an initialized Auth class from the SAML Toolkit.

File

src/SamlService.php, line 396

Class

SamlService
Governs communication between the SAML toolkit and the IDP / login behavior.

Namespace

Drupal\samlauth

Code

protected static function reformatConfig(ImmutableConfig $config) {

  // Check if we want to load the certificates from a folder. Either folder or
  // cert+key settings should be defined. If both are defined, "folder" is the
  // preferred method and we ignore cert/path values; we don't do more
  // complicated validation like checking whether the cert/key files exist.
  $sp_cert = '';
  $sp_key = '';
  $cert_folder = $config
    ->get('sp_cert_folder');
  if ($cert_folder) {

    // Set the folder so the Simple SAML toolkit knows where to look.
    define('ONELOGIN_CUSTOMPATH', "{$cert_folder}/");
  }
  else {
    $sp_cert = $config
      ->get('sp_x509_certificate');
    $sp_key = $config
      ->get('sp_private_key');
  }
  $library_config = [
    'sp' => [
      'entityId' => $config
        ->get('sp_entity_id'),
      'assertionConsumerService' => [
        // See SamlController::redirectResponseFromUrl() for details.
        'url' => Url::fromRoute('samlauth.saml_controller_acs', [], [
          'absolute' => TRUE,
        ])
          ->toString(TRUE)
          ->getGeneratedUrl(),
      ],
      'singleLogoutService' => [
        'url' => Url::fromRoute('samlauth.saml_controller_sls', [], [
          'absolute' => TRUE,
        ])
          ->toString(TRUE)
          ->getGeneratedUrl(),
      ],
      'NameIDFormat' => $config
        ->get('sp_name_id_format'),
      'x509cert' => $sp_cert,
      'privateKey' => $sp_key,
    ],
    'idp' => [
      'entityId' => $config
        ->get('idp_entity_id'),
      'singleSignOnService' => [
        'url' => $config
          ->get('idp_single_sign_on_service'),
      ],
      'singleLogoutService' => [
        'url' => $config
          ->get('idp_single_log_out_service'),
      ],
      'x509cert' => $config
        ->get('idp_x509_certificate'),
    ],
    'security' => [
      'authnRequestsSigned' => (bool) $config
        ->get('security_authn_requests_sign'),
      'wantMessagesSigned' => (bool) $config
        ->get('security_messages_sign'),
      'requestedAuthnContext' => (bool) $config
        ->get('security_request_authn_context'),
      'lowercaseUrlencoding' => (bool) $config
        ->get('security_lowercase_url_encoding'),
      'signatureAlgorithm' => $config
        ->get('security_signature_algorithm'),
    ],
    'strict' => (bool) $config
      ->get('strict'),
  ];

  // Check for the presence of a multi cert situation.
  $multi = $config
    ->get('idp_cert_type');
  switch ($multi) {
    case "signing":
      $library_config['idp']['x509certMulti'] = array(
        'signing' => array(
          $config
            ->get('idp_x509_certificate'),
          $config
            ->get('idp_x509_certificate_multi'),
        ),
      );
      break;
    case "encryption":
      $library_config['idp']['x509certMulti'] = array(
        'signing' => array(
          $config
            ->get('idp_x509_certificate'),
        ),
        'encryption' => array(
          $config
            ->get('idp_x509_certificate_multi'),
        ),
      );
      break;
  }
  return $library_config;
}