Commit 06e3ff28 authored by Martin van Es's avatar Martin van Es
Browse files

Dynamic DB IdP configuration

parent 117b6b97
<?php
/**
* SAML 2.0 IdP configuration for SimpleSAMLphp.
*
* See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-hosted
*/
function nest($name, $value) {
$element = array_pop($name);
if ($element) return nest($name, array($element => $value));
else return $value;
}
$config = SimpleSAML\Configuration::getInstance();
$db_dsn = $config->getString('database.dsn', null);
$db_user = $config->getString('database.username', null);
$db_passwd = $config->getString('database.password', null);
$db = new PDO($db_dsn, $db_user, $db_passwd);
$vserver = $_SERVER['SERVER_NAME'];
$vparts = explode('.', $vserver);
$vhost = $vparts[0];
$metadata['__DYNAMIC:1__'] = [
/*
* The hostname of the server (VHOST) that will use this SAML entity.
*
* Can be '__DEFAULT__', to use this entry by default.
*/
'host' => '__DEFAULT__',
'OrganizationName' => $vhost . ' IdP',
'OrganizationDisplayName' => $vhost . ' IdP',
'OrganizationURL' => 'https:// ' . $vserver . '/',
'contacts' => [
'a' => [
'contactType' => 'technical',
'emailAddress' => 'support@'. $vserver,
'givenName' => 'John',
'surName' => $vhost,
'telephoneNumber' => '+31(0)12345678',
'company' => $vhost . ' Inc.',
],
],
'UIInfo' => array(
'DisplayName' => array(
'en' => $vhost . ' IdP'
),
'Description' => array(
'en' => $vhost . ' IdP description'
),
),
'RegistrationInfo' => [
'authority' => 'urn:mace:' . $vhost,
'instant' => '2008-01-17T11:28:03Z',
'policies' => [
'en' => 'http://' . $vhost . '/policy',
],
],
// X.509 key and certificate. Relative to the cert directory.
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
/*
* Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'example-userpass',
/* Uncomment the following to use the uri NameFormat on attributes. */
/*
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'authproc' => [
// Convert LDAP names to oids.
100 => ['class' => 'core:AttributeMap', 'name2oid'],
],
*/
];
$query = "select o.name, o.type, c.value from idps i
left join config c on c.idp_id = i.idp_id
left join options o on c.option_id = o.option_id
where i.host = :host";
$stmt = $db->prepare($query);
$stmt->execute(array(':host' => $vhost));
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
$config = array();
foreach ($result as $row) {
$name = explode(':', $row['name']);
$value = $row['value'];
$config = array_merge_recursive($config, nest($name, $value));
}
$metadata['__DYNAMIC:1__'] = array_replace_recursive($metadata['__DYNAMIC:1__'], $config);
<?php
/**
* SAML 2.0 remote SP metadata for SimpleSAMLphp.
*
* See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
*/
$config = SimpleSAML\Configuration::getInstance();
$db_dsn = $config->getString('database.dsn', null);
$db_user = $config->getString('database.username', null);
$db_passwd = $config->getString('database.password', null);
$db = new PDO($db_dsn, $db_user, $db_passwd);
$vserver = $_SERVER['SERVER_NAME'];
$vparts = explode('.', $vserver);
$vhost = $vparts[0];
$query = "select sp_metadata from idps i where i.host = :host";
$stmt = $db->prepare($query);
$stmt->execute(array(':host' => $vhost));
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($result as $row) {
$xmldata = $row['sp_metadata'];
SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
$entities = SimpleSAML\Metadata\SAMLParser::parseDescriptorsString($xmldata);
foreach ($entities as &$entity) {
$entity = array('saml20-sp-remote' => $entity->getMetadata20SP());
}
}
if ($entities) {
$output = SimpleSAML\Utils\Arrays::transpose($entities);
$metadata = $output['saml20-sp-remote'];
} else {
$metadata = array();
}
-- MySQL dump 10.17 Distrib 10.3.25-MariaDB, for debian-linux-gnu (x86_64)
--
-- Host: localhost Database: testidp
-- ------------------------------------------------------
-- Server version 10.3.25-MariaDB-0ubuntu0.20.04.1
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Table structure for table `config`
--
DROP TABLE IF EXISTS `config`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `config` (
`idp_id` int(10) unsigned NOT NULL,
`option_id` int(10) unsigned NOT NULL,
`value` varchar(100) DEFAULT NULL,
KEY `config_FK` (`idp_id`),
KEY `config_FK_1` (`option_id`),
CONSTRAINT `config_FK` FOREIGN KEY (`idp_id`) REFERENCES `idps` (`idp_id`),
CONSTRAINT `config_FK_1` FOREIGN KEY (`option_id`) REFERENCES `options` (`option_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `config`
--
LOCK TABLES `config` WRITE;
/*!40000 ALTER TABLE `config` DISABLE KEYS */;
INSERT INTO `config` VALUES (1,1,'Foobar DB DisplayName'),(1,2,'Foobar DB'),(1,3,'http://foobar.org/url'),(1,5,'technical'),(1,6,'technical@geant.org'),(1,7,'FooDB'),(1,8,'Doe'),(1,9,'+316012345678'),(1,10,'Foobar DB inc.'),(1,11,'Foobar DB mdui'),(1,12,'Foober DB description mdui'),(1,13,'Foobar DB authority'),(1,14,'2008-01-17T11:28:03Z'),(1,15,'http://foobar.org/policy/en');
/*!40000 ALTER TABLE `config` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `idps`
--
DROP TABLE IF EXISTS `idps`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `idps` (
`idp_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`host` varchar(100) NOT NULL,
`comment` varchar(100) DEFAULT NULL,
`sp_metadata` text DEFAULT NULL,
PRIMARY KEY (`idp_id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `idps`
--
LOCK TABLES `idps` WRITE;
/*!40000 ALTER TABLE `idps` DISABLE KEYS */;
INSERT INTO `idps` VALUES (1,'foobar','Test Foobar IdP','<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/metadata.php/default-sp\">\n <md:SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol\">\n <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml2-logout.php/default-sp\"/>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml2-acs.php/default-sp\" index=\"0\"/>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:1.0:profiles:browser-post\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml1-acs.php/default-sp\" index=\"1\"/>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml2-acs.php/default-sp\" index=\"2\"/>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:1.0:profiles:artifact-01\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml1-acs.php/default-sp/artifact\" index=\"3\"/>\n </md:SPSSODescriptor>\n</md:EntityDescriptor>');
/*!40000 ALTER TABLE `idps` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `options`
--
DROP TABLE IF EXISTS `options`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `options` (
`option_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(100) NOT NULL,
`type` varchar(100) NOT NULL,
`comment` varchar(100) DEFAULT NULL,
PRIMARY KEY (`option_id`)
) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `options`
--
LOCK TABLES `options` WRITE;
/*!40000 ALTER TABLE `options` DISABLE KEYS */;
INSERT INTO `options` VALUES (1,'OrganizationDisplayName','string','Organization Display name'),(2,'OrganizationName','string','Organization Name'),(3,'OrganizationURL','string','Organization URL'),(5,'contacts:a:contactType','string','e.g. technical or support'),(6,'contacts:a:emailAddress','string','email'),(7,'contacts:a:givenName','string','Given name of the contact'),(8,'contacts:a:surName','string','Surname'),(9,'contacts:a:telephoneNumber','string','Phone number'),(10,'contacts:a:company','string','Company name'),(11,'UIInfo:DisplayName:en','string','Display name (UIInfo)'),(12,'UIInfo:Description:en','string','Description (UIInfo)'),(13,'RegistrationInfo:authority','string','Registration authority'),(14,'RegistrationInfo:instant','date','Registraion instant (date format)'),(15,'RegistrationInfo:policies:en','string','Policy URL (en)');
/*!40000 ALTER TABLE `options` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2021-04-08 12:02:51
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment