/*
* Name: SAML SSO and SLO
* Description: replace login and registration with a SAML identity provider.
- * Version: 0.0
+ * Version: 1.0
* Author: Ryan <https://friendica.verya.pe/profile/ryan>
*/
use Friendica\Content\Text\BBCode;
function saml_init($a)
{
- if ($a->argc < 2) {
+ if (DI::args()->getArgc() < 2) {
return;
}
return;
}
- switch ($a->argv[1]) {
+ switch (DI::args()->get(1)) {
case 'metadata.xml':
saml_metadata();
break;
function saml_settings()
{
return [
+
// If 'strict' is True, then the PHP Toolkit will reject unsigned
// or unencrypted messages if it expects them to be signed or encrypted.
// Also it will reject the messages if the SAML standard is not strictly
// Service Provider Data that we are deploying.
'sp' => [
+
// Identifier of the SP entity (must be a URI)
'entityId' => DI::config()->get('saml', 'client_id'),
+
// Specifies info about where and how the <AuthnResponse> message MUST be
// returned to the requester, in this case our SP.
'assertionConsumerService' => [
+
// URL Location where the <Response> from the IdP will be returned
'url' => DI::baseUrl() . '/saml/sso',
+
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports this endpoint for the
// HTTP-POST binding only.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
],
+
// If you need to specify requested attributes, set a
// attributeConsumingService. nameFormat, attributeValue and
// friendlyName can be omitted
]
]
],
+
// Specifies info about where and how the <Logout Response> message MUST be
// returned to the requester, in this case our SP.
'singleLogoutService' => [
+
// URL Location where the <Response> from the IdP will be returned
'url' => DI::baseUrl() . '/saml/slo',
+
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
+
// Specifies the constraints on the name identifier to be used to
// represent the requested subject.
// Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported.
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
+
// Usually x509cert and privateKey of the SP are provided by files placed at
// the certs folder. But we can also provide them with the following parameters
'x509cert' => DI::config()->get('saml', 'sp_cert'),
// Identity Provider Data that we want connected with our SP.
'idp' => [
+
// Identifier of the IdP entity (must be a URI)
'entityId' => DI::config()->get('saml', 'idp_id'),
+
// SSO endpoint info of the IdP. (Authentication Request protocol)
'singleSignOnService' => [
+
// URL Target of the IdP where the Authentication Request Message
// will be sent.
'url' => DI::config()->get('saml', 'sso_url'),
+
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
+
// SLO endpoint info of the IdP.
'singleLogoutService' => [
+
// URL Location of the IdP where SLO Request will be sent.
'url' => DI::config()->get('saml', 'slo_request_url'),
+
// URL location of the IdP where SLO Response will be sent (ResponseLocation)
// if not set, url for the SLO Request will be used
'responseUrl' => DI::config()->get('saml', 'slo_response_url'),
+
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
+
// Public x509 certificate of the IdP
'x509cert' => DI::config()->get('saml', 'idp_cert'),
],