Merge branch 'feature/ssp2-deps-update' into feature/ssp2-use-ssp1-fo…

…r-sp [skip ci]
silinternational · Jun 18, 2024 · 03f7a60 · 03f7a60
2 parents 92f508d + b817428
commit 03f7a60
Show file tree

Hide file tree

Showing 18 changed files with 104 additions and 141 deletions.
diff --git a/Vagrantfile b/Vagrantfile
diff --git a/composer.json b/composer.json
@@ -17,9 +17,9 @@
     "simplesamlphp/simplesamlphp": "^2.0",
     "simplesamlphp/composer-module-installer": "^1.0",
     "rlanvin/php-ip": "^1.0",
-    "silinternational/ssp-utilities": "dev-develop",
+    "silinternational/ssp-utilities": "v2.0.0",
     "silinternational/php-env": "^3.1.0",
-    "silinternational/psr3-adapters": "dev-develop",
+    "silinternational/psr3-adapters": "v4.0.0",
     "silinternational/yii2-json-log-targets": "^2.0",
     "silinternational/idp-id-broker-php-client": "^4.3",
     "sinergi/browser-detector": "^6.1",

diff --git a/composer.lock b/composer.lock
diff --git a/development/UserPass.php b/development/UserPass.php
@@ -53,8 +53,10 @@ public function __construct($info, $config)
             $username = $userpass[0];
             $password = $userpass[1];
 
+//            $attrUtils = new \SimpleSAML\Utils\Attributes();
+//
 //            try {
-//                $attributes = \SimpleSAML\Utils\Attributes::normalizeAttributesArray($attributes);
+//                $attributes = $attrUtils->normalizeAttributesArray($attributes);
 //            } catch (\Exception $e) {
 //                throw new \Exception('Invalid attributes for user '.$username.
 //                    ' in authentication source '.$this->authId.': '.$e->getMessage());

diff --git a/development/sp-local/config/authsources-pwmanager.php b/development/sp-local/config/authsources-pwmanager.php
@@ -15,14 +15,20 @@
         'entityID' => 'http://pwmanager.local:8084',
         'idp' => 'http://ssp-idp1.local:8085',
         'discoURL' => null,
-        'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+        'NameIDPolicy' => [
+            'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+            'AllowCreate' => true,
+        ],
     ],
 
     'mfa-idp-no-port' => [
         'saml:SP',
         'entityID' => 'http://pwmanager.local',
         'idp' => 'http://ssp-idp1.local',
         'discoURL' => null,
-        'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+        'NameIDPolicy' => [
+            'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+            'AllowCreate' => true,
+        ],
     ],
 ];
diff --git a/development/sp-local/config/authsources.php b/development/sp-local/config/authsources.php
@@ -29,8 +29,11 @@
         'discoURL' => null,
 
         // Tell the Hub which format to use for the NameID
-        'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
-
+        'NameIDPolicy' => [
+            'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+            'AllowCreate' => true,
+        ],
+
         // Specify what private key to use (such as for decrypting assertions).
         'privatekey' => 'saml.pem',
     ],
@@ -51,7 +54,10 @@
         'discoURL' => null,
 
         // Tell the Hub which format to use for the NameID
-        'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+        'NameIDPolicy' => [
+            'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+            'AllowCreate' => true,
+        ],
 
         // Specify what private key to use (such as for decrypting assertions).
         'privatekey' => 'saml.pem',

diff --git a/docs/editing_authprocs.md b/docs/editing_authprocs.md
@@ -16,7 +16,12 @@ The IdP's metadata needs to include an `'IDPNamespace'` entry with a string valu
 
 In order for this to work, the SP needs to include a line in its authsources.php file in the Hub's entry ...
 
-` 'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",`
+```
+    'NameIDPolicy' => [
+        'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+        'AllowCreate' => true,
+    ],
+```
 
 In addition, the IDP's sp-remote metadata stanza for the Hub needs to include ...
 

diff --git a/modules/expirychecker/public/about2expire.php b/modules/expirychecker/public/about2expire.php
@@ -48,7 +48,8 @@
         }
     }
 
-    HTTP::redirectTrustedURL($passwordChangeUrl, array());
+    $httpUtils = new HTTP();
+    $httpUtils->redirectTrustedURL($passwordChangeUrl, array());
 }
 
 $globalConfig = Configuration::getInstance();

diff --git a/modules/expirychecker/public/expired.php b/modules/expirychecker/public/expired.php
@@ -41,7 +41,8 @@
         }
     }
 
-    HTTP::redirectTrustedURL($passwordChangeUrl, array());
+    $httpUtils = new HTTP();
+    $httpUtils->redirectTrustedURL($passwordChangeUrl, array());
 }
 
 $globalConfig = Configuration::getInstance();

diff --git a/modules/expirychecker/src/Auth/Process/ExpiryDate.php b/modules/expirychecker/src/Auth/Process/ExpiryDate.php
@@ -294,7 +294,8 @@ public function redirect2PasswordChange(
             'passwordChangeUrl' => $passwordChangeUrl,
         ]));
 
-        HTTP::redirectTrustedURL($passwordChangeUrl, array());
+        $httpUtils = new HTTP();
+        $httpUtils->redirectTrustedURL($passwordChangeUrl, array());
     }
 
     /**
@@ -367,7 +368,8 @@ public function redirectToExpiredPage(array &$state, string $accountName, int $e
         $id = State::saveState($state, 'expirychecker:expired');
         $url = Module::getModuleURL('expirychecker/expired.php');
 
-        HTTP::redirectTrustedURL($url, array('StateId' => $id));
+        $httpUtils = new HTTP();
+        $httpUtils->redirectTrustedURL($url, array('StateId' => $id));
     }
 
     /**
@@ -403,6 +405,7 @@ protected function redirectToWarningPage(array &$state, string $accountName, int
         $id = State::saveState($state, 'expirychecker:about2expire');
         $url = Module::getModuleURL('expirychecker/about2expire.php');
 
-        HTTP::redirectTrustedURL($url, array('StateId' => $id));
+        $httpUtils = new HTTP();
+        $httpUtils->redirectTrustedURL($url, array('StateId' => $id));
     }
 }
diff --git a/modules/mfa/public/prompt-for-mfa.php b/modules/mfa/public/prompt-for-mfa.php
@@ -60,7 +60,8 @@
         'mfaId' => $mfaOption['id'],
         'StateId' => $stateId,
     ]);
-    HTTP::redirectTrustedURL($moduleUrl);
+    $httpUtils = new HTTP();
+    $httpUtils->redirectTrustedURL($moduleUrl);
     return;
 }
 $mfaOption = Mfa::getMfaOptionById($mfaOptions, $mfaId);

diff --git a/modules/mfa/public/send-manager-mfa.php b/modules/mfa/public/send-manager-mfa.php
@@ -29,7 +29,8 @@
     $moduleUrl = SimpleSAML\Module::getModuleURL('mfa/prompt-for-mfa.php', [
         'StateId' => $stateId,
     ]);
-    HTTP::redirectTrustedURL($moduleUrl);
+    $httpUtils = new HTTP();
+    $httpUtils->redirectTrustedURL($moduleUrl);
 }
 
 $globalConfig = Configuration::getInstance();