Bug fixes for #2378 and #2377 and documentation improvements

This commit is contained in:
Ludovic Marcotte
2014-11-26 15:09:30 -05:00
parent 5a5464dc61
commit be608dc76c
7 changed files with 170 additions and 15 deletions
+27
View File
@@ -0,0 +1,27 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
entityID="%{base_url}/saml2-metadata"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor
AuthnRequestsSigned="true"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>%{certificate}</ds:X509Certificate></ds:X509Data></ds:KeyInfo></KeyDescriptor><KeyDescriptor use="encryption"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data>%{certificate}<ds:X509Certificate></ds:X509Certificate></ds:X509Data></ds:KeyInfo></KeyDescriptor>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="%{base_url}/saml2-sls" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="%{base_url}/saml2-sls" />
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService
index="0"
isDefault="true"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="%{base_url}/saml2-signon-post" />
<AssertionConsumerService
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="%{base_url}/saml2/artifactResponse" />
</SPSSODescriptor>
</EntityDescriptor>
+3 -1
View File
@@ -39,7 +39,9 @@
NSString *assertion;
}
+ (NSString *) metadataInContext: (WOContext *) context;
+ (NSString *) metadataInContext: (WOContext *) context
certificate: (NSString *) certificate;
+ (NSString *) authenticationURLInContext: (WOContext *) context;
+ (SOGoSAML2Session *) SAML2SessionInContext: (WOContext *) context;
+38 -5
View File
@@ -46,6 +46,28 @@
#import "SOGoSAML2Session.h"
@interface NSString (SOGoCertificateExtension)
- (NSString *) cleanedUpCertificate;
@end
@implementation NSString (SOGoCertificateExtension)
- (NSString *) cleanedUpCertificate
{
NSMutableArray *a;
a = [NSMutableArray arrayWithArray: [self componentsSeparatedByString: @"\n"]];
[a removeObjectAtIndex: 0];
[a removeLastObject];
[a removeLastObject];
return [a componentsJoinedByString: @""];
}
@end
@interface WOContext (SOGoSAML2Extension)
- (NSString *) SAML2ServerURLString;
@@ -117,7 +139,9 @@ LassoServerInContext (WOContext *context)
format: @"certificate file '%@' could not be read",
filename];
metadata = [SOGoSAML2Session metadataInContext: context];
metadata = [SOGoSAML2Session metadataInContext: context
certificate: certContent];
/* FIXME: enable key password in config ? */
server = lasso_server_new_from_buffers ([metadata UTF8String],
[keyContent UTF8String],
@@ -179,8 +203,10 @@ LassoServerInContext (WOContext *context)
}
+ (NSString *) metadataInContext: (WOContext *) context
certificate: (NSString *) certificate
{
NSString *metadata, *serverURLString, *filename;
NSString *serverURLString, *filename;
NSMutableString *metadata;
NSBundle *bundle;
bundle = [NSBundle bundleForClass: self];
@@ -188,9 +214,16 @@ LassoServerInContext (WOContext *context)
if (filename)
{
serverURLString = [context SAML2ServerURLString];
metadata = [[NSString stringWithContentsOfFile: filename]
stringByReplacingString: @"%{base_url}"
withString: serverURLString];
metadata = [NSMutableString stringWithContentsOfFile: filename];
[metadata replaceOccurrencesOfString: @"%{base_url}"
withString: serverURLString
options: 0
range: NSMakeRange(0, [metadata length])];
[metadata replaceOccurrencesOfString: @"%{certificate}"
withString: [certificate cleanedUpCertificate]
options: 0
range: NSMakeRange(0, [metadata length])];
}
else
metadata = nil;