Scope parsing in metadata for SAML 2.0 IdPs

andreassolberg · andreassolberg · commit 1694905be213 · 2009-01-27T13:57:52.000Z
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1206 44740490-163a-0410-bde0-09ae8108e29a
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -681,7 +681,10 @@ public function getMetadata20IdP() {
 		if (array_key_exists('expire', $idp)) {
 			$ret['expire'] = $idp['expire'];
 		}
-
+		
+		if (array_key_exists('scopes', $idp))
+			$ret['scopes'] = $idp['scopes'];
+		
 
 		/* Enable redirect.sign if WantAuthnRequestsSigned is enabled. */
 		if ($idp['wantAuthnRequestsSigned']) {
@@ -769,6 +772,7 @@ private static function parseSSODescriptor($element, $expireTime) {
 		}
 
 		$sd['protocols'] = self::getSupportedProtocols($element);
+		
 
 		/* Find all SingleLogoutService elements. */
 		$sd['singleLogoutServices'] = array();
@@ -836,6 +840,13 @@ private function processIDPSSODescriptor($element, $expireTime) {
 		assert('is_null($expireTime) || is_int($expireTime)');
 
 		$idp = self::parseSSODescriptor($element, $expireTime);
+		
+		$extensions = SimpleSAML_Utilities::getDOMChildren($element, 'Extensions', '@md');
+		if (!empty($extensions)) 
+			$this->processExtensions($extensions[0]);
+
+		if (!empty($this->scopes)) $idp['scopes'] = $this->scopes;
+		
 
 		/* Find all SingleSignOnService elements. */
 		$idp['singleSignOnServices'] = array();
@@ -861,7 +872,8 @@ private function processIDPSSODescriptor($element, $expireTime) {
 	 */
 	private function processExtensions($element) {
 		assert('$element instanceof DOMElement');
-
+		
+		
 		for($i = 0; $i < $element->childNodes->length; $i++) {
 			$child = $element->childNodes->item($i);
 
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
@@ -33,15 +33,16 @@ public function __construct($maxcache = NULL, $maxduration = NULL) {
 	public function loadSource($source) {
 
 		$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile($source['src']);
-	
+		$ca = NULL;
 		foreach($entities as $entity) {
-			if($source['validateFingerprint'] !== NULL) {
+			if(array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== NULL) {
 				if(!$entity->validateFingerprint($source['validateFingerprint'])) {
 					SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n");
 					continue;
 				}
 			}
 	
+			// TODO: $ca is always null
 			if($ca !== NULL) {
 				if(!$entity->validateCA($ca)) {
 					SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify certificate.' . "\n");
