Merge pull request #253 from silinternational/feature/ssp2-sp-patch

Customized multi-IdP behavior
silinternational · Jul 15, 2024 · 3ee5ce9 · 3ee5ce9
2 parents fdf518a + 205e1f2
commit 3ee5ce9
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 11 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -59,6 +59,9 @@ COPY dockerbuild/ssp-overrides/saml20-sp-remote.php $SSP_PATH/metadata/saml20-sp
 COPY dockerbuild/config/* $SSP_PATH/config/
 COPY dockerbuild/ssp-overrides/id.php $SSP_PATH/public/id.php
 COPY dockerbuild/ssp-overrides/announcement.php $SSP_PATH/announcement/announcement.php
+COPY dockerbuild/ssp-overrides/sp-php.patch sp-php.patch
+RUN patch /data/vendor/simplesamlphp/simplesamlphp/modules/saml/src/Auth/Source/SP.php sp-php.patch
+
 COPY tests /data/tests
 
 RUN chmod a+x /data/run.sh /data/run-tests.sh

diff --git a/behat.yml b/behat.yml
@@ -18,14 +18,14 @@ default:
     profilereview_features:
       paths:    [ '%paths.base%//features//profilereview.feature' ]
       contexts: [ 'ProfileReviewContext' ]
-#    sildisco_features:
-#      contexts: ['SilDiscoContext']
-#      paths:
-#        - '%paths.base%//features//Sp1Idp1Sp2Idp2Sp3.feature'
-#        - '%paths.base%//features//Sp1Idp2Sp2Sp3Idp1.feature'
-#        - '%paths.base%//features//Sp2Idp2Sp1Idp1Sp3.feature'
-#        - '%paths.base%//features//Sp2Idp2Sp1Idp2Sp3.feature'
-#        - '%paths.base%//features//Sp3Idp1Sp1Idp1Sp2Idp2.feature'
+    sildisco_features:
+      contexts: ['SilDiscoContext']
+      paths:
+        - '%paths.base%//features//Sp1Idp1Sp2Idp2Sp3.feature'
+        - '%paths.base%//features//Sp1Idp2Sp2Sp3Idp1.feature'
+        - '%paths.base%//features//Sp2Idp2Sp1Idp1Sp3.feature'
+        - '%paths.base%//features//Sp2Idp2Sp1Idp2Sp3.feature'
+        - '%paths.base%//features//Sp3Idp1Sp1Idp1Sp2Idp2.feature'
 #        - '%paths.base%//features//WwwMetadataCept.feature'
     status_features:
       paths:    [ '%paths.base%//features//status.feature' ]

diff --git a/development/idp-local/metadata/saml20-sp-remote.php b/development/idp-local/metadata/saml20-sp-remote.php
@@ -12,6 +12,6 @@
     'entityid' => 'ssp-hub.local',
     'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
     'AssertionConsumerService' => 'http://ssp-hub.local/module.php/saml/sp/saml2-acs.php/hub-discovery',
-    'SingleLogoutService' => 'http://ssp-hub.local/module.php/sildisco/sp/saml2-logout.php/hub-discovery',
+    'SingleLogoutService' => 'http://ssp-hub.local/module.php/saml/sp/saml2-logout.php/hub-discovery',
     'certData' => 'MIIDzzCCAregAwIBAgIJANuvVcQPANecMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTEyWhcNMjYxMDE3MTIzMTEyWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAimEkw4Teyf/gZelL7OuQYg/JbDIKHPXJhLPBm/HK6pM5ZZKydVXTdMgMqkl4xK+xZ2CnkozsUiMLhAuWBsX9Dcz1M4SkPRwk4puFhXzsp7fKIVP43zUhF7p2TmbernrrIQHjg6PuegKmCGyiKUpukcYvf2RXNwHwJx+Uq0zLP4PgBSrQ2t1eKZ1jQ+noBb1NqOuy969WRYmN4EmjXDuJB9d+b3GwtbZToWgiFxFjd/NN9BFJXZEaLzRj5LAq5bu2vPPDZDarHFMRUzVJ91eafoaz6zpR1iUGj9zR+y2sUPxD/fJMZ+4AHWA2LOrTBBIuuWbp96yvcJ4WjmlfhcFQIDAQABo1AwTjAdBgNVHQ4EFgQUkJFAMJdr2lXsuezS6pDXHnmJspMwHwYDVR0jBBgwFoAUkJFAMJdr2lXsuezS6pDXHnmJspMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOEPbchaUr45L5i+ueookevsABYnltwJZ4rYJbF9VURPcEhB6JxTMZqb4s113ftHvVYfoAfLYZ9swETaHL+esx41yAebf0kWpQ3f63S5F2FcrTj+HP0XsvW/EDrvaTKM9jnKPNmbXrpq06eaUZfkVL0TAUsxYTKkttTSTiESEzp5wzYyhp7l3kpHhEvGOlh5suYjnZ2HN0uxscCR6PS47H6TMMEZuG032DWDC016/JniWvERtpf4Yw26V+I9xevp2E2MPcZne31Pe3sCh4Wpe4cV/SCFqZHlpnH96ncz4F+KvmmhbEx5VPhQSJNFIWEvI86k+lTNQOqj6YVvGvq95LQ==',
 ];
diff --git a/development/idp2-local/metadata/saml20-sp-remote.php b/development/idp2-local/metadata/saml20-sp-remote.php
@@ -12,6 +12,6 @@
     'entityid' => 'ssp-hub.local',
     'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
     'AssertionConsumerService' => 'http://ssp-hub.local/module.php/saml/sp/saml2-acs.php/hub-discovery',
-    'SingleLogoutService' => 'http://ssp-hub.local/module.php/sildisco/sp/saml2-logout.php/hub-discovery',
+    'SingleLogoutService' => 'http://ssp-hub.local/module.php/saml/sp/saml2-logout.php/hub-discovery',
     'certData' => 'MIIDzzCCAregAwIBAgIJANuvVcQPANecMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTEyWhcNMjYxMDE3MTIzMTEyWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAimEkw4Teyf/gZelL7OuQYg/JbDIKHPXJhLPBm/HK6pM5ZZKydVXTdMgMqkl4xK+xZ2CnkozsUiMLhAuWBsX9Dcz1M4SkPRwk4puFhXzsp7fKIVP43zUhF7p2TmbernrrIQHjg6PuegKmCGyiKUpukcYvf2RXNwHwJx+Uq0zLP4PgBSrQ2t1eKZ1jQ+noBb1NqOuy969WRYmN4EmjXDuJB9d+b3GwtbZToWgiFxFjd/NN9BFJXZEaLzRj5LAq5bu2vPPDZDarHFMRUzVJ91eafoaz6zpR1iUGj9zR+y2sUPxD/fJMZ+4AHWA2LOrTBBIuuWbp96yvcJ4WjmlfhcFQIDAQABo1AwTjAdBgNVHQ4EFgQUkJFAMJdr2lXsuezS6pDXHnmJspMwHwYDVR0jBBgwFoAUkJFAMJdr2lXsuezS6pDXHnmJspMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOEPbchaUr45L5i+ueookevsABYnltwJZ4rYJbF9VURPcEhB6JxTMZqb4s113ftHvVYfoAfLYZ9swETaHL+esx41yAebf0kWpQ3f63S5F2FcrTj+HP0XsvW/EDrvaTKM9jnKPNmbXrpq06eaUZfkVL0TAUsxYTKkttTSTiESEzp5wzYyhp7l3kpHhEvGOlh5suYjnZ2HN0uxscCR6PS47H6TMMEZuG032DWDC016/JniWvERtpf4Yw26V+I9xevp2E2MPcZne31Pe3sCh4Wpe4cV/SCFqZHlpnH96ncz4F+KvmmhbEx5VPhQSJNFIWEvI86k+lTNQOqj6YVvGvq95LQ==',
 ];
diff --git a/development/idp3-local/metadata/saml20-sp-remote.php b/development/idp3-local/metadata/saml20-sp-remote.php
@@ -12,6 +12,6 @@
     'entityid' => 'ssp-hub.local',
     'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
     'AssertionConsumerService' => 'http://ssp-hub.local/module.php/saml/sp/saml2-acs.php/hub-discovery',
-    'SingleLogoutService' => 'http://ssp-hub.local/module.php/sildisco/sp/saml2-logout.php/hub-discovery',
+    'SingleLogoutService' => 'http://ssp-hub.local/module.php/saml/sp/saml2-logout.php/hub-discovery',
     'certData' => 'MIIDzzCCAregAwIBAgIJANuvVcQPANecMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTEyWhcNMjYxMDE3MTIzMTEyWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAimEkw4Teyf/gZelL7OuQYg/JbDIKHPXJhLPBm/HK6pM5ZZKydVXTdMgMqkl4xK+xZ2CnkozsUiMLhAuWBsX9Dcz1M4SkPRwk4puFhXzsp7fKIVP43zUhF7p2TmbernrrIQHjg6PuegKmCGyiKUpukcYvf2RXNwHwJx+Uq0zLP4PgBSrQ2t1eKZ1jQ+noBb1NqOuy969WRYmN4EmjXDuJB9d+b3GwtbZToWgiFxFjd/NN9BFJXZEaLzRj5LAq5bu2vPPDZDarHFMRUzVJ91eafoaz6zpR1iUGj9zR+y2sUPxD/fJMZ+4AHWA2LOrTBBIuuWbp96yvcJ4WjmlfhcFQIDAQABo1AwTjAdBgNVHQ4EFgQUkJFAMJdr2lXsuezS6pDXHnmJspMwHwYDVR0jBBgwFoAUkJFAMJdr2lXsuezS6pDXHnmJspMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOEPbchaUr45L5i+ueookevsABYnltwJZ4rYJbF9VURPcEhB6JxTMZqb4s113ftHvVYfoAfLYZ9swETaHL+esx41yAebf0kWpQ3f63S5F2FcrTj+HP0XsvW/EDrvaTKM9jnKPNmbXrpq06eaUZfkVL0TAUsxYTKkttTSTiESEzp5wzYyhp7l3kpHhEvGOlh5suYjnZ2HN0uxscCR6PS47H6TMMEZuG032DWDC016/JniWvERtpf4Yw26V+I9xevp2E2MPcZne31Pe3sCh4Wpe4cV/SCFqZHlpnH96ncz4F+KvmmhbEx5VPhQSJNFIWEvI86k+lTNQOqj6YVvGvq95LQ==',
 ];
diff --git a/dockerbuild/ssp-overrides/sp-php.patch b/dockerbuild/ssp-overrides/sp-php.patch
@@ -0,0 +1,39 @@
+*** ../../vendor/simplesamlphp/simplesamlphp/modules/saml/src/Auth/Source/SP.php	2024-04-30 10:38:57.000000000 -0600
+--- SP.php	2024-07-11 17:07:40.000000000 -0600
+***************
+*** 809,814 ****
+--- 809,822 ----
+              $state[$k] = $v;
+          }
+
++         /*
++          * If this SP is allowed to use more than one IdP, then send to discovery page
++          */
++         if (sizeof($state['saml:IDPList']) > 1) {
++             $state['LoginCompletedHandler'] = [SP::class, 'reauthPostLogin'];
++             $this->authenticate($state);
++         }
++ 
+          // check if we have an IDPList specified in the request
+          if (
+              isset($state['saml:IDPList'])
+***************
+*** 858,866 ****
+                  $state['core:SP']
+              ));
+
+!             $state['saml:sp:IdPMetadata'] = $this->getIdPMetadata($state['saml:sp:IdP']);
+!             $state['saml:sp:AuthId'] = $this->authId;
+!             self::askForIdPChange($state);
+          }
+
+          /*
+--- 866,873 ----
+                  $state['core:SP']
+              ));
+
+!             $state['LoginCompletedHandler'] = [SP::class, 'reauthPostLogin'];
+!             $this->authenticate($state);
+          }
+
+          /*