From 1ab6af2653d89f137bacde6d7b24f16230eaa1fe Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Fri, 1 Jul 2022 23:24:19 +0200 Subject: [PATCH 0001/1127] Bump php version --- .github/workflows/php.yml | 12 +- composer.json | 2 +- composer.lock | 416 +++++++++++++++++++------------------- 3 files changed, 212 insertions(+), 218 deletions(-) diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index 8eeee10beb..ba59d41e96 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -14,7 +14,7 @@ jobs: fail-fast: false matrix: operating-system: [ubuntu-latest, windows-latest] - php-versions: ['7.4', '8.0', '8.1'] + php-versions: ['8.0', '8.1'] steps: - name: Setup PHP, with composer and extensions @@ -60,7 +60,7 @@ jobs: run: bash vendor/bin/check-syntax-php.sh - name: Decide whether to run code coverage or not - if: ${{ matrix.php-versions != '7.4' || matrix.operating-system != 'ubuntu-latest' }} + if: ${{ matrix.php-versions != '8.0' || matrix.operating-system != 'ubuntu-latest' }} run: | echo "NO_COVERAGE=--no-coverage" >> $GITHUB_ENV @@ -70,7 +70,7 @@ jobs: ./vendor/bin/phpunit $NO_COVERAGE - name: Save coverage data - if: ${{ matrix.php-versions == '7.4' && matrix.operating-system == 'ubuntu-latest' }} + if: ${{ matrix.php-versions == '8.0' && matrix.operating-system == 'ubuntu-latest' }} uses: actions/upload-artifact@v3 with: name: build-data @@ -83,7 +83,7 @@ jobs: - name: Setup PHP, with composer and extensions uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php with: - php-version: '7.4' + php-version: '8.0' extensions: mbstring, xml tools: composer:v2 coverage: none @@ -124,7 +124,7 @@ jobs: - name: Setup PHP, with composer and extensions uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php with: - php-version: '7.4' + php-version: '8.0' extensions: mbstring, xml tools: composer:v2 coverage: none @@ -163,7 +163,7 @@ jobs: - name: Setup PHP, with composer and extensions uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php with: - php-version: '7.4' + php-version: '8.0' tools: composer:v2 extensions: mbstring, xml diff --git a/composer.json b/composer.json index c2d4482b54..e4787ae082 100644 --- a/composer.json +++ b/composer.json @@ -44,7 +44,7 @@ "files": ["tests/_autoload_modules.php"] }, "require": { - "php": ">=7.4 || ^8.0", + "php": "^8.0", "ext-date": "*", "ext-dom": "*", "ext-hash": "*", diff --git a/composer.lock b/composer.lock index 9868e21548..4500ca2503 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "781df46fee6b65e44c773fdfae506d2c", + "content-hash": "7632681a8927b503c0d4163dfc237883", "packages": [ { "name": "composer/ca-bundle", @@ -84,16 +84,16 @@ }, { "name": "composer/composer", - "version": "2.3.7", + "version": "2.3.8", "source": { "type": "git", "url": "https://github.com/composer/composer.git", - "reference": "10cd375cf85dede2ff417ceab517ef9a0dc55407" + "reference": "f69e63262dadd02b3b6edade339c7badda2939c2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/composer/zipball/10cd375cf85dede2ff417ceab517ef9a0dc55407", - "reference": "10cd375cf85dede2ff417ceab517ef9a0dc55407", + "url": "https://api.github.com/repos/composer/composer/zipball/f69e63262dadd02b3b6edade339c7badda2939c2", + "reference": "f69e63262dadd02b3b6edade339c7badda2939c2", "shasum": "" }, "require": { @@ -174,7 +174,7 @@ "support": { "irc": "ircs://irc.libera.chat:6697/composer", "issues": "https://github.com/composer/composer/issues", - "source": "https://github.com/composer/composer/tree/2.3.7" + "source": "https://github.com/composer/composer/tree/2.3.8" }, "funding": [ { @@ -190,7 +190,7 @@ "type": "tidelift" } ], - "time": "2022-06-06T14:43:28+00:00" + "time": "2022-07-01T10:10:47+00:00" }, { "name": "composer/metadata-minifier", @@ -853,16 +853,16 @@ }, { "name": "phpmailer/phpmailer", - "version": "v6.6.0", + "version": "v6.6.3", "source": { "type": "git", "url": "https://github.com/PHPMailer/PHPMailer.git", - "reference": "e43bac82edc26ca04b36143a48bde1c051cfd5b1" + "reference": "9400f305a898f194caff5521f64e5dfa926626f3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/e43bac82edc26ca04b36143a48bde1c051cfd5b1", - "reference": "e43bac82edc26ca04b36143a48bde1c051cfd5b1", + "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/9400f305a898f194caff5521f64e5dfa926626f3", + "reference": "9400f305a898f194caff5521f64e5dfa926626f3", "shasum": "" }, "require": { @@ -874,8 +874,8 @@ "require-dev": { "dealerdirect/phpcodesniffer-composer-installer": "^0.7.0", "doctrine/annotations": "^1.2", - "php-parallel-lint/php-console-highlighter": "^0.5.0", - "php-parallel-lint/php-parallel-lint": "^1.3.1", + "php-parallel-lint/php-console-highlighter": "^1.0.0", + "php-parallel-lint/php-parallel-lint": "^1.3.2", "phpcompatibility/php-compatibility": "^9.3.5", "roave/security-advisories": "dev-latest", "squizlabs/php_codesniffer": "^3.6.2", @@ -919,7 +919,7 @@ "description": "PHPMailer is a full-featured email creation and transfer class for PHP", "support": { "issues": "https://github.com/PHPMailer/PHPMailer/issues", - "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.6.0" + "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.6.3" }, "funding": [ { @@ -927,24 +927,24 @@ "type": "github" } ], - "time": "2022-02-28T15:31:21+00:00" + "time": "2022-06-20T09:21:02+00:00" }, { "name": "psr/cache", - "version": "1.0.1", + "version": "2.0.0", "source": { "type": "git", "url": "https://github.com/php-fig/cache.git", - "reference": "d11b50ad223250cf17b86e38383413f5a6764bf8" + "reference": "213f9dbc5b9bfbc4f8db86d2838dc968752ce13b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-fig/cache/zipball/d11b50ad223250cf17b86e38383413f5a6764bf8", - "reference": "d11b50ad223250cf17b86e38383413f5a6764bf8", + "url": "https://api.github.com/repos/php-fig/cache/zipball/213f9dbc5b9bfbc4f8db86d2838dc968752ce13b", + "reference": "213f9dbc5b9bfbc4f8db86d2838dc968752ce13b", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": ">=8.0.0" }, "type": "library", "extra": { @@ -964,7 +964,7 @@ "authors": [ { "name": "PHP-FIG", - "homepage": "http://www.php-fig.org/" + "homepage": "https://www.php-fig.org/" } ], "description": "Common interface for caching libraries", @@ -974,9 +974,9 @@ "psr-6" ], "support": { - "source": "https://github.com/php-fig/cache/tree/master" + "source": "https://github.com/php-fig/cache/tree/2.0.0" }, - "time": "2016-08-06T20:24:11+00:00" + "time": "2021-02-03T23:23:37+00:00" }, { "name": "psr/container", @@ -1078,30 +1078,30 @@ }, { "name": "psr/log", - "version": "1.1.4", + "version": "2.0.0", "source": { "type": "git", "url": "https://github.com/php-fig/log.git", - "reference": "d49695b909c3b7628b6289db5479a1c204601f11" + "reference": "ef29f6d262798707a9edd554e2b82517ef3a9376" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-fig/log/zipball/d49695b909c3b7628b6289db5479a1c204601f11", - "reference": "d49695b909c3b7628b6289db5479a1c204601f11", + "url": "https://api.github.com/repos/php-fig/log/zipball/ef29f6d262798707a9edd554e2b82517ef3a9376", + "reference": "ef29f6d262798707a9edd554e2b82517ef3a9376", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": ">=8.0.0" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.1.x-dev" + "dev-master": "2.0.x-dev" } }, "autoload": { "psr-4": { - "Psr\\Log\\": "Psr/Log/" + "Psr\\Log\\": "src" } }, "notification-url": "https://packagist.org/downloads/", @@ -1122,9 +1122,9 @@ "psr-3" ], "support": { - "source": "https://github.com/php-fig/log/tree/1.1.4" + "source": "https://github.com/php-fig/log/tree/2.0.0" }, - "time": "2021-05-03T11:20:27+00:00" + "time": "2021-07-14T16:41:46+00:00" }, { "name": "react/promise", @@ -1358,22 +1358,22 @@ }, { "name": "simplesamlphp/assert", - "version": "v0.3.0", + "version": "v0.3.1", "source": { "type": "git", "url": "https://github.com/simplesamlphp/assert.git", - "reference": "d9856ac52592ade2303b7101f7434544b4a03c86" + "reference": "280b9ec92d27b9486ebb99cc4be12a6c35ce3163" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/simplesamlphp/assert/zipball/d9856ac52592ade2303b7101f7434544b4a03c86", - "reference": "d9856ac52592ade2303b7101f7434544b4a03c86", + "url": "https://api.github.com/repos/simplesamlphp/assert/zipball/280b9ec92d27b9486ebb99cc4be12a6c35ce3163", + "reference": "280b9ec92d27b9486ebb99cc4be12a6c35ce3163", "shasum": "" }, "require": { "ext-spl": "*", "php": "^7.4 || ^8.0", - "webmozart/assert": "^1.10" + "webmozart/assert": "^1.11" }, "require-dev": { "simplesamlphp/simplesamlphp-test-framework": "^1.2.1" @@ -1406,9 +1406,9 @@ "description": "A wrapper around webmozart/assert to make it useful beyond checking method arguments", "support": { "issues": "https://github.com/simplesamlphp/assert/issues", - "source": "https://github.com/simplesamlphp/assert/tree/v0.3.0" + "source": "https://github.com/simplesamlphp/assert/tree/v0.3.1" }, - "time": "2022-06-12T19:19:19+00:00" + "time": "2022-06-13T21:59:37+00:00" }, { "name": "simplesamlphp/saml2", @@ -1470,16 +1470,16 @@ }, { "name": "symfony/cache", - "version": "v5.4.9", + "version": "v5.4.10", "source": { "type": "git", "url": "https://github.com/symfony/cache.git", - "reference": "a50b7249bea81ddd6d3b799ce40c5521c2f72f0b" + "reference": "c4e387b739022fd4b20abd8edb2143c44c5daa14" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/cache/zipball/a50b7249bea81ddd6d3b799ce40c5521c2f72f0b", - "reference": "a50b7249bea81ddd6d3b799ce40c5521c2f72f0b", + "url": "https://api.github.com/repos/symfony/cache/zipball/c4e387b739022fd4b20abd8edb2143c44c5daa14", + "reference": "c4e387b739022fd4b20abd8edb2143c44c5daa14", "shasum": "" }, "require": { @@ -1547,7 +1547,7 @@ "psr6" ], "support": { - "source": "https://github.com/symfony/cache/tree/v5.4.9" + "source": "https://github.com/symfony/cache/tree/v5.4.10" }, "funding": [ { @@ -1563,11 +1563,11 @@ "type": "tidelift" } ], - "time": "2022-05-21T10:24:18+00:00" + "time": "2022-06-19T12:03:50+00:00" }, { "name": "symfony/cache-contracts", - "version": "v2.5.1", + "version": "v2.5.2", "source": { "type": "git", "url": "https://github.com/symfony/cache-contracts.git", @@ -1626,7 +1626,7 @@ "standards" ], "support": { - "source": "https://github.com/symfony/cache-contracts/tree/v2.5.1" + "source": "https://github.com/symfony/cache-contracts/tree/v2.5.2" }, "funding": [ { @@ -1725,16 +1725,16 @@ }, { "name": "symfony/console", - "version": "v5.4.9", + "version": "v5.4.10", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "829d5d1bf60b2efeb0887b7436873becc71a45eb" + "reference": "4d671ab4ddac94ee439ea73649c69d9d200b5000" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/829d5d1bf60b2efeb0887b7436873becc71a45eb", - "reference": "829d5d1bf60b2efeb0887b7436873becc71a45eb", + "url": "https://api.github.com/repos/symfony/console/zipball/4d671ab4ddac94ee439ea73649c69d9d200b5000", + "reference": "4d671ab4ddac94ee439ea73649c69d9d200b5000", "shasum": "" }, "require": { @@ -1804,7 +1804,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v5.4.9" + "source": "https://github.com/symfony/console/tree/v5.4.10" }, "funding": [ { @@ -1820,20 +1820,20 @@ "type": "tidelift" } ], - "time": "2022-05-18T06:17:34+00:00" + "time": "2022-06-26T13:00:04+00:00" }, { "name": "symfony/dependency-injection", - "version": "v5.4.9", + "version": "v5.4.10", "source": { "type": "git", "url": "https://github.com/symfony/dependency-injection.git", - "reference": "beecae161577305926ec078c4ed973f2b98880b3" + "reference": "88d1c0d38c2e60f757fa11d89cfc885f0b7f5171" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/beecae161577305926ec078c4ed973f2b98880b3", - "reference": "beecae161577305926ec078c4ed973f2b98880b3", + "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/88d1c0d38c2e60f757fa11d89cfc885f0b7f5171", + "reference": "88d1c0d38c2e60f757fa11d89cfc885f0b7f5171", "shasum": "" }, "require": { @@ -1893,7 +1893,7 @@ "description": "Allows you to standardize and centralize the way objects are constructed in your application", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/dependency-injection/tree/v5.4.9" + "source": "https://github.com/symfony/dependency-injection/tree/v5.4.10" }, "funding": [ { @@ -1909,29 +1909,29 @@ "type": "tidelift" } ], - "time": "2022-05-27T06:40:03+00:00" + "time": "2022-06-26T13:00:04+00:00" }, { "name": "symfony/deprecation-contracts", - "version": "v2.5.1", + "version": "v3.0.2", "source": { "type": "git", "url": "https://github.com/symfony/deprecation-contracts.git", - "reference": "e8b495ea28c1d97b5e0c121748d6f9b53d075c66" + "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/e8b495ea28c1d97b5e0c121748d6f9b53d075c66", - "reference": "e8b495ea28c1d97b5e0c121748d6f9b53d075c66", + "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c", + "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=8.0.2" }, "type": "library", "extra": { "branch-alias": { - "dev-main": "2.5-dev" + "dev-main": "3.0-dev" }, "thanks": { "name": "symfony/contracts", @@ -1960,7 +1960,7 @@ "description": "A generic function and convention to trigger deprecation notices", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/deprecation-contracts/tree/v2.5.1" + "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.2" }, "funding": [ { @@ -1976,31 +1976,31 @@ "type": "tidelift" } ], - "time": "2022-01-02T09:53:40+00:00" + "time": "2022-01-02T09:55:41+00:00" }, { "name": "symfony/error-handler", - "version": "v5.4.9", + "version": "v6.0.9", "source": { "type": "git", "url": "https://github.com/symfony/error-handler.git", - "reference": "c116cda1f51c678782768dce89a45f13c949455d" + "reference": "732ca203b3222cde3378d5ddf5e2883211acc53e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/error-handler/zipball/c116cda1f51c678782768dce89a45f13c949455d", - "reference": "c116cda1f51c678782768dce89a45f13c949455d", + "url": "https://api.github.com/repos/symfony/error-handler/zipball/732ca203b3222cde3378d5ddf5e2883211acc53e", + "reference": "732ca203b3222cde3378d5ddf5e2883211acc53e", "shasum": "" }, "require": { - "php": ">=7.2.5", + "php": ">=8.0.2", "psr/log": "^1|^2|^3", - "symfony/var-dumper": "^4.4|^5.0|^6.0" + "symfony/var-dumper": "^5.4|^6.0" }, "require-dev": { "symfony/deprecation-contracts": "^2.1|^3", - "symfony/http-kernel": "^4.4|^5.0|^6.0", - "symfony/serializer": "^4.4|^5.0|^6.0" + "symfony/http-kernel": "^5.4|^6.0", + "symfony/serializer": "^5.4|^6.0" }, "bin": [ "Resources/bin/patch-type-declarations" @@ -2031,7 +2031,7 @@ "description": "Provides tools to manage errors and ease debugging PHP code", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/error-handler/tree/v5.4.9" + "source": "https://github.com/symfony/error-handler/tree/v6.0.9" }, "funding": [ { @@ -2047,44 +2047,42 @@ "type": "tidelift" } ], - "time": "2022-05-21T13:57:48+00:00" + "time": "2022-05-23T10:32:42+00:00" }, { "name": "symfony/event-dispatcher", - "version": "v5.4.9", + "version": "v6.0.9", "source": { "type": "git", "url": "https://github.com/symfony/event-dispatcher.git", - "reference": "8e6ce1cc0279e3ff3c8ff0f43813bc88d21ca1bc" + "reference": "5c85b58422865d42c6eb46f7693339056db098a8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/8e6ce1cc0279e3ff3c8ff0f43813bc88d21ca1bc", - "reference": "8e6ce1cc0279e3ff3c8ff0f43813bc88d21ca1bc", + "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/5c85b58422865d42c6eb46f7693339056db098a8", + "reference": "5c85b58422865d42c6eb46f7693339056db098a8", "shasum": "" }, "require": { - "php": ">=7.2.5", - "symfony/deprecation-contracts": "^2.1|^3", - "symfony/event-dispatcher-contracts": "^2|^3", - "symfony/polyfill-php80": "^1.16" + "php": ">=8.0.2", + "symfony/event-dispatcher-contracts": "^2|^3" }, "conflict": { - "symfony/dependency-injection": "<4.4" + "symfony/dependency-injection": "<5.4" }, "provide": { "psr/event-dispatcher-implementation": "1.0", - "symfony/event-dispatcher-implementation": "2.0" + "symfony/event-dispatcher-implementation": "2.0|3.0" }, "require-dev": { "psr/log": "^1|^2|^3", - "symfony/config": "^4.4|^5.0|^6.0", - "symfony/dependency-injection": "^4.4|^5.0|^6.0", - "symfony/error-handler": "^4.4|^5.0|^6.0", - "symfony/expression-language": "^4.4|^5.0|^6.0", - "symfony/http-foundation": "^4.4|^5.0|^6.0", + "symfony/config": "^5.4|^6.0", + "symfony/dependency-injection": "^5.4|^6.0", + "symfony/error-handler": "^5.4|^6.0", + "symfony/expression-language": "^5.4|^6.0", + "symfony/http-foundation": "^5.4|^6.0", "symfony/service-contracts": "^1.1|^2|^3", - "symfony/stopwatch": "^4.4|^5.0|^6.0" + "symfony/stopwatch": "^5.4|^6.0" }, "suggest": { "symfony/dependency-injection": "", @@ -2116,7 +2114,7 @@ "description": "Provides tools that allow your application components to communicate with each other by dispatching events and listening to them", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/event-dispatcher/tree/v5.4.9" + "source": "https://github.com/symfony/event-dispatcher/tree/v6.0.9" }, "funding": [ { @@ -2132,24 +2130,24 @@ "type": "tidelift" } ], - "time": "2022-05-05T16:45:39+00:00" + "time": "2022-05-05T16:45:52+00:00" }, { "name": "symfony/event-dispatcher-contracts", - "version": "v2.5.1", + "version": "v3.0.2", "source": { "type": "git", "url": "https://github.com/symfony/event-dispatcher-contracts.git", - "reference": "f98b54df6ad059855739db6fcbc2d36995283fe1" + "reference": "7bc61cc2db649b4637d331240c5346dcc7708051" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/event-dispatcher-contracts/zipball/f98b54df6ad059855739db6fcbc2d36995283fe1", - "reference": "f98b54df6ad059855739db6fcbc2d36995283fe1", + "url": "https://api.github.com/repos/symfony/event-dispatcher-contracts/zipball/7bc61cc2db649b4637d331240c5346dcc7708051", + "reference": "7bc61cc2db649b4637d331240c5346dcc7708051", "shasum": "" }, "require": { - "php": ">=7.2.5", + "php": ">=8.0.2", "psr/event-dispatcher": "^1" }, "suggest": { @@ -2158,7 +2156,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "2.5-dev" + "dev-main": "3.0-dev" }, "thanks": { "name": "symfony/contracts", @@ -2195,7 +2193,7 @@ "standards" ], "support": { - "source": "https://github.com/symfony/event-dispatcher-contracts/tree/v2.5.1" + "source": "https://github.com/symfony/event-dispatcher-contracts/tree/v3.0.2" }, "funding": [ { @@ -2211,7 +2209,7 @@ "type": "tidelift" } ], - "time": "2022-01-02T09:53:40+00:00" + "time": "2022-01-02T09:55:41+00:00" }, { "name": "symfony/filesystem", @@ -2342,16 +2340,16 @@ }, { "name": "symfony/framework-bundle", - "version": "v5.4.9", + "version": "v5.4.10", "source": { "type": "git", "url": "https://github.com/symfony/framework-bundle.git", - "reference": "1cb89cd3e36d5060545d0f223f00a774fa6430ef" + "reference": "7cbc790e067a23a47b9f0dc59e2ff0ecddbd3e14" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/framework-bundle/zipball/1cb89cd3e36d5060545d0f223f00a774fa6430ef", - "reference": "1cb89cd3e36d5060545d0f223f00a774fa6430ef", + "url": "https://api.github.com/repos/symfony/framework-bundle/zipball/7cbc790e067a23a47b9f0dc59e2ff0ecddbd3e14", + "reference": "7cbc790e067a23a47b9f0dc59e2ff0ecddbd3e14", "shasum": "" }, "require": { @@ -2473,7 +2471,7 @@ "description": "Provides a tight integration between Symfony components and the Symfony full-stack framework", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/framework-bundle/tree/v5.4.9" + "source": "https://github.com/symfony/framework-bundle/tree/v5.4.10" }, "funding": [ { @@ -2489,20 +2487,20 @@ "type": "tidelift" } ], - "time": "2022-05-27T06:29:07+00:00" + "time": "2022-06-19T13:15:57+00:00" }, { "name": "symfony/http-foundation", - "version": "v5.4.9", + "version": "v5.4.10", "source": { "type": "git", "url": "https://github.com/symfony/http-foundation.git", - "reference": "6b0d0e4aca38d57605dcd11e2416994b38774522" + "reference": "e7793b7906f72a8cc51054fbca9dcff7a8af1c1e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-foundation/zipball/6b0d0e4aca38d57605dcd11e2416994b38774522", - "reference": "6b0d0e4aca38d57605dcd11e2416994b38774522", + "url": "https://api.github.com/repos/symfony/http-foundation/zipball/e7793b7906f72a8cc51054fbca9dcff7a8af1c1e", + "reference": "e7793b7906f72a8cc51054fbca9dcff7a8af1c1e", "shasum": "" }, "require": { @@ -2546,7 +2544,7 @@ "description": "Defines an object-oriented layer for the HTTP specification", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/http-foundation/tree/v5.4.9" + "source": "https://github.com/symfony/http-foundation/tree/v5.4.10" }, "funding": [ { @@ -2562,20 +2560,20 @@ "type": "tidelift" } ], - "time": "2022-05-17T15:07:29+00:00" + "time": "2022-06-19T13:13:40+00:00" }, { "name": "symfony/http-kernel", - "version": "v5.4.9", + "version": "v5.4.10", "source": { "type": "git", "url": "https://github.com/symfony/http-kernel.git", - "reference": "34b121ad3dc761f35fe1346d2f15618f8cbf77f8" + "reference": "255ae3b0a488d78fbb34da23d3e0c059874b5948" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-kernel/zipball/34b121ad3dc761f35fe1346d2f15618f8cbf77f8", - "reference": "34b121ad3dc761f35fe1346d2f15618f8cbf77f8", + "url": "https://api.github.com/repos/symfony/http-kernel/zipball/255ae3b0a488d78fbb34da23d3e0c059874b5948", + "reference": "255ae3b0a488d78fbb34da23d3e0c059874b5948", "shasum": "" }, "require": { @@ -2658,7 +2656,7 @@ "description": "Provides a structured process for converting a Request into a Response", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/http-kernel/tree/v5.4.9" + "source": "https://github.com/symfony/http-kernel/tree/v5.4.10" }, "funding": [ { @@ -2674,20 +2672,20 @@ "type": "tidelift" } ], - "time": "2022-05-27T07:09:08+00:00" + "time": "2022-06-26T16:57:59+00:00" }, { "name": "symfony/intl", - "version": "v5.4.8", + "version": "v5.4.10", "source": { "type": "git", "url": "https://github.com/symfony/intl.git", - "reference": "b9e17d7ab867ce99f89950ebced0fa91076ba12b" + "reference": "e62efe352693f0cfd5ea3878fc06760582eecc4c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/intl/zipball/b9e17d7ab867ce99f89950ebced0fa91076ba12b", - "reference": "b9e17d7ab867ce99f89950ebced0fa91076ba12b", + "url": "https://api.github.com/repos/symfony/intl/zipball/e62efe352693f0cfd5ea3878fc06760582eecc4c", + "reference": "e62efe352693f0cfd5ea3878fc06760582eecc4c", "shasum": "" }, "require": { @@ -2746,7 +2744,7 @@ "localization" ], "support": { - "source": "https://github.com/symfony/intl/tree/v5.4.8" + "source": "https://github.com/symfony/intl/tree/v5.4.10" }, "funding": [ { @@ -2762,7 +2760,7 @@ "type": "tidelift" } ], - "time": "2022-04-07T09:39:59+00:00" + "time": "2022-06-26T13:00:04+00:00" }, { "name": "symfony/polyfill-ctype", @@ -3337,21 +3335,20 @@ }, { "name": "symfony/process", - "version": "v5.4.8", + "version": "v6.0.8", "source": { "type": "git", "url": "https://github.com/symfony/process.git", - "reference": "597f3fff8e3e91836bb0bd38f5718b56ddbde2f3" + "reference": "d074154ea8b1443a96391f6e39f9e547b2dd01b9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/process/zipball/597f3fff8e3e91836bb0bd38f5718b56ddbde2f3", - "reference": "597f3fff8e3e91836bb0bd38f5718b56ddbde2f3", + "url": "https://api.github.com/repos/symfony/process/zipball/d074154ea8b1443a96391f6e39f9e547b2dd01b9", + "reference": "d074154ea8b1443a96391f6e39f9e547b2dd01b9", "shasum": "" }, "require": { - "php": ">=7.2.5", - "symfony/polyfill-php80": "^1.16" + "php": ">=8.0.2" }, "type": "library", "autoload": { @@ -3379,7 +3376,7 @@ "description": "Executes commands in sub-processes", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/process/tree/v5.4.8" + "source": "https://github.com/symfony/process/tree/v6.0.8" }, "funding": [ { @@ -3395,7 +3392,7 @@ "type": "tidelift" } ], - "time": "2022-04-08T05:07:18+00:00" + "time": "2022-04-12T16:11:42+00:00" }, { "name": "symfony/routing", @@ -3489,16 +3486,16 @@ }, { "name": "symfony/service-contracts", - "version": "v2.5.1", + "version": "v2.5.2", "source": { "type": "git", "url": "https://github.com/symfony/service-contracts.git", - "reference": "24d9dc654b83e91aa59f9d167b131bc3b5bea24c" + "reference": "4b426aac47d6427cc1a1d0f7e2ac724627f5966c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/service-contracts/zipball/24d9dc654b83e91aa59f9d167b131bc3b5bea24c", - "reference": "24d9dc654b83e91aa59f9d167b131bc3b5bea24c", + "url": "https://api.github.com/repos/symfony/service-contracts/zipball/4b426aac47d6427cc1a1d0f7e2ac724627f5966c", + "reference": "4b426aac47d6427cc1a1d0f7e2ac724627f5966c", "shasum": "" }, "require": { @@ -3552,7 +3549,7 @@ "standards" ], "support": { - "source": "https://github.com/symfony/service-contracts/tree/v2.5.1" + "source": "https://github.com/symfony/service-contracts/tree/v2.5.2" }, "funding": [ { @@ -3568,38 +3565,37 @@ "type": "tidelift" } ], - "time": "2022-03-13T20:07:29+00:00" + "time": "2022-05-30T19:17:29+00:00" }, { "name": "symfony/string", - "version": "v5.4.9", + "version": "v6.0.10", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "985e6a9703ef5ce32ba617c9c7d97873bb7b2a99" + "reference": "1b3adf02a0fc814bd9118d7fd68a097a599ebc27" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/985e6a9703ef5ce32ba617c9c7d97873bb7b2a99", - "reference": "985e6a9703ef5ce32ba617c9c7d97873bb7b2a99", + "url": "https://api.github.com/repos/symfony/string/zipball/1b3adf02a0fc814bd9118d7fd68a097a599ebc27", + "reference": "1b3adf02a0fc814bd9118d7fd68a097a599ebc27", "shasum": "" }, "require": { - "php": ">=7.2.5", + "php": ">=8.0.2", "symfony/polyfill-ctype": "~1.8", "symfony/polyfill-intl-grapheme": "~1.0", "symfony/polyfill-intl-normalizer": "~1.0", - "symfony/polyfill-mbstring": "~1.0", - "symfony/polyfill-php80": "~1.15" + "symfony/polyfill-mbstring": "~1.0" }, "conflict": { - "symfony/translation-contracts": ">=3.0" + "symfony/translation-contracts": "<2.0" }, "require-dev": { - "symfony/error-handler": "^4.4|^5.0|^6.0", - "symfony/http-client": "^4.4|^5.0|^6.0", - "symfony/translation-contracts": "^1.1|^2", - "symfony/var-exporter": "^4.4|^5.0|^6.0" + "symfony/error-handler": "^5.4|^6.0", + "symfony/http-client": "^5.4|^6.0", + "symfony/translation-contracts": "^2.0|^3.0", + "symfony/var-exporter": "^5.4|^6.0" }, "type": "library", "autoload": { @@ -3638,7 +3634,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v5.4.9" + "source": "https://github.com/symfony/string/tree/v6.0.10" }, "funding": [ { @@ -3654,20 +3650,20 @@ "type": "tidelift" } ], - "time": "2022-04-19T10:40:37+00:00" + "time": "2022-06-26T16:34:50+00:00" }, { "name": "symfony/translation-contracts", - "version": "v2.5.1", + "version": "v2.5.2", "source": { "type": "git", "url": "https://github.com/symfony/translation-contracts.git", - "reference": "1211df0afa701e45a04253110e959d4af4ef0f07" + "reference": "136b19dd05cdf0709db6537d058bcab6dd6e2dbe" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/1211df0afa701e45a04253110e959d4af4ef0f07", - "reference": "1211df0afa701e45a04253110e959d4af4ef0f07", + "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/136b19dd05cdf0709db6537d058bcab6dd6e2dbe", + "reference": "136b19dd05cdf0709db6537d058bcab6dd6e2dbe", "shasum": "" }, "require": { @@ -3716,7 +3712,7 @@ "standards" ], "support": { - "source": "https://github.com/symfony/translation-contracts/tree/v2.5.1" + "source": "https://github.com/symfony/translation-contracts/tree/v2.5.2" }, "funding": [ { @@ -3732,7 +3728,7 @@ "type": "tidelift" } ], - "time": "2022-01-02T09:53:40+00:00" + "time": "2022-06-27T16:58:25+00:00" }, { "name": "symfony/twig-bridge", @@ -3857,32 +3853,31 @@ }, { "name": "symfony/var-dumper", - "version": "v5.4.9", + "version": "v6.0.9", "source": { "type": "git", "url": "https://github.com/symfony/var-dumper.git", - "reference": "af52239a330fafd192c773795520dc2dd62b5657" + "reference": "ac81072464221e73ee994d12f0b8a2af4a9ed798" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/var-dumper/zipball/af52239a330fafd192c773795520dc2dd62b5657", - "reference": "af52239a330fafd192c773795520dc2dd62b5657", + "url": "https://api.github.com/repos/symfony/var-dumper/zipball/ac81072464221e73ee994d12f0b8a2af4a9ed798", + "reference": "ac81072464221e73ee994d12f0b8a2af4a9ed798", "shasum": "" }, "require": { - "php": ">=7.2.5", - "symfony/polyfill-mbstring": "~1.0", - "symfony/polyfill-php80": "^1.16" + "php": ">=8.0.2", + "symfony/polyfill-mbstring": "~1.0" }, "conflict": { "phpunit/phpunit": "<5.4.3", - "symfony/console": "<4.4" + "symfony/console": "<5.4" }, "require-dev": { "ext-iconv": "*", - "symfony/console": "^4.4|^5.0|^6.0", - "symfony/process": "^4.4|^5.0|^6.0", - "symfony/uid": "^5.1|^6.0", + "symfony/console": "^5.4|^6.0", + "symfony/process": "^5.4|^6.0", + "symfony/uid": "^5.4|^6.0", "twig/twig": "^2.13|^3.0.4" }, "suggest": { @@ -3926,7 +3921,7 @@ "dump" ], "support": { - "source": "https://github.com/symfony/var-dumper/tree/v5.4.9" + "source": "https://github.com/symfony/var-dumper/tree/v6.0.9" }, "funding": [ { @@ -3942,20 +3937,20 @@ "type": "tidelift" } ], - "time": "2022-05-21T10:24:18+00:00" + "time": "2022-05-21T13:33:31+00:00" }, { "name": "symfony/var-exporter", - "version": "v5.4.9", + "version": "v5.4.10", "source": { "type": "git", "url": "https://github.com/symfony/var-exporter.git", - "reference": "63249ebfca4e75a357679fa7ba2089cfb898aa67" + "reference": "8fc03ee75eeece3d9be1ef47d26d79bea1afb340" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/var-exporter/zipball/63249ebfca4e75a357679fa7ba2089cfb898aa67", - "reference": "63249ebfca4e75a357679fa7ba2089cfb898aa67", + "url": "https://api.github.com/repos/symfony/var-exporter/zipball/8fc03ee75eeece3d9be1ef47d26d79bea1afb340", + "reference": "8fc03ee75eeece3d9be1ef47d26d79bea1afb340", "shasum": "" }, "require": { @@ -3999,7 +3994,7 @@ "serialize" ], "support": { - "source": "https://github.com/symfony/var-exporter/tree/v5.4.9" + "source": "https://github.com/symfony/var-exporter/tree/v5.4.10" }, "funding": [ { @@ -4015,20 +4010,20 @@ "type": "tidelift" } ], - "time": "2022-05-21T10:24:18+00:00" + "time": "2022-05-27T12:56:18+00:00" }, { "name": "symfony/yaml", - "version": "v5.4.3", + "version": "v5.4.10", "source": { "type": "git", "url": "https://github.com/symfony/yaml.git", - "reference": "e80f87d2c9495966768310fc531b487ce64237a2" + "reference": "04e42926429d9e8b39c174387ab990bf7817f7a2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/yaml/zipball/e80f87d2c9495966768310fc531b487ce64237a2", - "reference": "e80f87d2c9495966768310fc531b487ce64237a2", + "url": "https://api.github.com/repos/symfony/yaml/zipball/04e42926429d9e8b39c174387ab990bf7817f7a2", + "reference": "04e42926429d9e8b39c174387ab990bf7817f7a2", "shasum": "" }, "require": { @@ -4074,7 +4069,7 @@ "description": "Loads and dumps YAML files", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/yaml/tree/v5.4.3" + "source": "https://github.com/symfony/yaml/tree/v5.4.10" }, "funding": [ { @@ -4090,7 +4085,7 @@ "type": "tidelift" } ], - "time": "2022-01-26T16:32:32+00:00" + "time": "2022-06-20T11:50:59+00:00" }, { "name": "twig/intl-extra", @@ -5672,16 +5667,16 @@ }, { "name": "phpunit/phpunit", - "version": "9.5.20", + "version": "9.5.21", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "12bc8879fb65aef2138b26fc633cb1e3620cffba" + "reference": "0e32b76be457de00e83213528f6bb37e2a38fcb1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/12bc8879fb65aef2138b26fc633cb1e3620cffba", - "reference": "12bc8879fb65aef2138b26fc633cb1e3620cffba", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/0e32b76be457de00e83213528f6bb37e2a38fcb1", + "reference": "0e32b76be457de00e83213528f6bb37e2a38fcb1", "shasum": "" }, "require": { @@ -5715,7 +5710,6 @@ "sebastian/version": "^3.0.2" }, "require-dev": { - "ext-pdo": "*", "phpspec/prophecy-phpunit": "^2.0.1" }, "suggest": { @@ -5759,7 +5753,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/phpunit/issues", - "source": "https://github.com/sebastianbergmann/phpunit/tree/9.5.20" + "source": "https://github.com/sebastianbergmann/phpunit/tree/9.5.21" }, "funding": [ { @@ -5771,7 +5765,7 @@ "type": "github" } ], - "time": "2022-04-01T12:37:26+00:00" + "time": "2022-06-19T12:14:25+00:00" }, { "name": "sebastian/cli-parser", @@ -7006,16 +7000,16 @@ }, { "name": "squizlabs/php_codesniffer", - "version": "3.6.2", + "version": "3.7.1", "source": { "type": "git", "url": "https://github.com/squizlabs/PHP_CodeSniffer.git", - "reference": "5e4e71592f69da17871dba6e80dd51bce74a351a" + "reference": "1359e176e9307e906dc3d890bcc9603ff6d90619" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/5e4e71592f69da17871dba6e80dd51bce74a351a", - "reference": "5e4e71592f69da17871dba6e80dd51bce74a351a", + "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/1359e176e9307e906dc3d890bcc9603ff6d90619", + "reference": "1359e176e9307e906dc3d890bcc9603ff6d90619", "shasum": "" }, "require": { @@ -7058,20 +7052,20 @@ "source": "https://github.com/squizlabs/PHP_CodeSniffer", "wiki": "https://github.com/squizlabs/PHP_CodeSniffer/wiki" }, - "time": "2021-12-12T21:44:58+00:00" + "time": "2022-06-18T07:21:10+00:00" }, { "name": "symfony/phpunit-bridge", - "version": "v6.1.0", + "version": "v6.1.2", "source": { "type": "git", "url": "https://github.com/symfony/phpunit-bridge.git", - "reference": "092ccc3b364925cd8ed6046bc31dcf3a022bd5a4" + "reference": "899fdec151add3dc339cf394a15100a1acc177ad" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/phpunit-bridge/zipball/092ccc3b364925cd8ed6046bc31dcf3a022bd5a4", - "reference": "092ccc3b364925cd8ed6046bc31dcf3a022bd5a4", + "url": "https://api.github.com/repos/symfony/phpunit-bridge/zipball/899fdec151add3dc339cf394a15100a1acc177ad", + "reference": "899fdec151add3dc339cf394a15100a1acc177ad", "shasum": "" }, "require": { @@ -7125,7 +7119,7 @@ "description": "Provides utilities for PHPUnit, especially user deprecation notices management", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/phpunit-bridge/tree/v6.1.0" + "source": "https://github.com/symfony/phpunit-bridge/tree/v6.1.2" }, "funding": [ { @@ -7141,7 +7135,7 @@ "type": "tidelift" } ], - "time": "2022-04-12T16:22:53+00:00" + "time": "2022-06-20T12:01:07+00:00" }, { "name": "theseer/tokenizer", @@ -7195,16 +7189,16 @@ }, { "name": "vimeo/psalm", - "version": "4.23.0", + "version": "4.24.0", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "f1fe6ff483bf325c803df9f510d09a03fd796f88" + "reference": "06dd975cb55d36af80f242561738f16c5f58264f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/f1fe6ff483bf325c803df9f510d09a03fd796f88", - "reference": "f1fe6ff483bf325c803df9f510d09a03fd796f88", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/06dd975cb55d36af80f242561738f16c5f58264f", + "reference": "06dd975cb55d36af80f242561738f16c5f58264f", "shasum": "" }, "require": { @@ -7296,9 +7290,9 @@ ], "support": { "issues": "https://github.com/vimeo/psalm/issues", - "source": "https://github.com/vimeo/psalm/tree/4.23.0" + "source": "https://github.com/vimeo/psalm/tree/4.24.0" }, - "time": "2022-04-28T17:35:49+00:00" + "time": "2022-06-26T11:47:54+00:00" }, { "name": "webmozart/path-util", @@ -7360,7 +7354,7 @@ "prefer-stable": false, "prefer-lowest": false, "platform": { - "php": ">=7.4 || ^8.0", + "php": "^8.0", "ext-date": "*", "ext-dom": "*", "ext-hash": "*", From 834f75aef5f2ed0acef9c51e0c2915cab5b1a3e4 Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Mon, 4 Jul 2022 16:55:06 +0200 Subject: [PATCH 0002/1127] Formatting --- docs/simplesamlphp-authsource.md | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/docs/simplesamlphp-authsource.md b/docs/simplesamlphp-authsource.md index 0734aaa371..79c298bbc4 100644 --- a/docs/simplesamlphp-authsource.md +++ b/docs/simplesamlphp-authsource.md @@ -50,47 +50,40 @@ If the username or password is incorrect, it should throw an error saying so: Generic rules & requirements ---------------------------- -- - Must be derived from the `\SimpleSAML\Auth\Source`-class. +- Must be derived from the `\SimpleSAML\Auth\Source`-class. **Rationale**: - Deriving all authentication sources from a single base class allows us extend all authentication sources by extending the base class. -- - If a constructor is implemented, it must first call the parent constructor, passing along all parameters, before accessing any of the parameters. - In general, only the $config parameter should be accessed when implementing the authentication source. +- If a constructor is implemented, it must first call the parent constructor, passing along all parameters, before accessing any of the parameters. + In general, only the $config parameter should be accessed when implementing the authentication source. **Rationale**: - PHP doesn't automatically call any parent constructor, so it needs to be done manually. - The `$info`-array is used to provide information to the `\SimpleSAML\Auth\Source` base class, and therefore needs to be included. - Including the `$config`-array makes it possible to add generic configuration options that are valid for all authentication sources. -- - The `authenticate(&$state)`-function must be implemented. - If this function completes, it is assumed that the user is authenticated, and that the `$state`-array has been updated with the user's attributes. +- The `authenticate(&$state)`-function must be implemented. + If this function completes, it is assumed that the user is authenticated, and that the `$state`-array has been updated with the user's attributes. **Rationale**: - Allowing the `authenticate()`-function to return after updating the `$state`-array enables us to do authentication without redirecting the user. This can be used if the authentication doesn't require user input, for example if the authentication can be done based on the IP-address of the user. -- - If the `authenticate`-function does not return, it must at a later time call `\SimpleSAML\Auth\Source::completeAuth` with the new state array. +- If the `authenticate`-function does not return, it must at a later time call `\SimpleSAML\Auth\Source::completeAuth` with the new state array. The state array must be an update of the array passed to the `authenticate`-function. **Rationale**: - Preserving the same state array allows us to save information in that array before the authentication starts, and restoring it when authentication completes. -- - No pages may be shown to the user from the `authenticate()`-function. +- No pages may be shown to the user from the `authenticate()`-function. Instead, the state should be saved, and the user should be redirected to a new page. - **Rationale**: - The `authenticate()`-function is called in the context of a different PHP page. If the user reloads that page, unpredictable results may occur. -- - No state information about any authentication should be stored in the authentication source object. +- No state information about any authentication should be stored in the authentication source object. It must instead be stored in the state array. Any changes to variables in the authentication source object may be lost. @@ -98,8 +91,7 @@ Generic rules & requirements - This saves us from having to save the entire authentication object between requests. Instead, we can recreate it from the configuration. -- - The authentication source object must be serializable. +- The authentication source object must be serializable. It may be serialized between being constructed and the call to the `authenticate()`-function. This means that, for example, no database connections should be created in the constructor and later used in the `authenticate()`-function. From a53eddeeb932008db0453a30766590b770aa55de Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Mon, 4 Jul 2022 16:56:10 +0200 Subject: [PATCH 0003/1127] Reorder some toptics in the index page --- docs/index.md | 39 +++++++++++++++------------------------ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/docs/index.md b/docs/index.md index 7ccd397d76..20dea1a6dc 100644 --- a/docs/index.md +++ b/docs/index.md @@ -21,27 +21,18 @@ SimpleSAMLphp Documentation * [Configuring HTTP-Artifact](./simplesamlphp-artifact-idp) * [Identity Provider Advanced Topics](simplesamlphp-idp-more) * [Holder-of-Key profile](simplesamlphp-hok-idp) - * [Automated Metadata Management](./metarefresh:simplesamlphp-automated_metadata) - * [Maintenance and configuration](simplesamlphp-maintenance) - covers session handling, php configuration etc. - * [Authentication Processing Filters](simplesamlphp-authproc) - attribute filtering, attribute mapping, consent, group generation etc. - * [Advanced features](simplesamlphp-advancedfeatures) - covers bridging protocols, attribute filtering, etc. - * [State Information Lost](simplesamlphp-nostate) - more about this common error message - * [SimpleSAMLphp Dictionaries and Translation](simplesamlphp-translation) - * [Theming SimpleSAMLphp](simplesamlphp-theming) - * [SimpleSAMLphp Modules](simplesamlphp-modules) - how to create own customized modules - * [Key rollover](./saml:keyrollover) - * [Creating authentication sources](./simplesamlphp-authsource) - * [Implementing custom username/password authentication](./simplesamlphp-customauth) - * [Storing sessions in Riak](./riak:simplesamlphp-riak) - -Documentation on specific SimpleSAMLphp modules: - - * [Consent module](./consent:consent) - * [Installing and configuring the consentAdmin module](./consentAdmin:consentAdmin) - * [Authorization](./authorize:authorize) - * [autotest Module](https://github.com/simplesamlphp/simplesamlphp-module-autotest/blob/v1.0/README.md) - * [Statistics](./statistics:statistics) - -Documentation for SimpleSAMLphp developers: - - * [Error handling in SimpleSAMLphp](simplesamlphp-errorhandling) + * Further topics + * [Maintenance and configuration](simplesamlphp-maintenance) - covers session handling, php configuration etc. + * [Automated Metadata Management](./metarefresh:simplesamlphp-automated_metadata) + * [Key rollover](./saml:keyrollover) + * [Authentication Processing Filters](simplesamlphp-authproc) - attribute filtering, attribute mapping, consent, group generation etc. + * [State Information Lost](simplesamlphp-nostate) - more about this common error message + * [Advanced features](simplesamlphp-advancedfeatures) - covers bridging protocols, attribute filtering, etc. + * SimpleSAMLphp Modules + * Documentation for specific modules: + * [Consent module](./consent:consent) + * [Installing and configuring the consentAdmin module](./consentAdmin:consentAdmin) + * [Authorization](./authorize:authorize) + * [autotest Module](https://github.com/simplesamlphp/simplesamlphp-module-autotest/blob/v1.0/README.md) + * [Storing sessions in Riak](./riak:simplesamlphp-riak) + * [Statistics](./statistics:statistics) From fd4af50b5af03983a82efd05ba1cc1228184d061 Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Mon, 4 Jul 2022 17:13:10 +0200 Subject: [PATCH 0004/1127] Improve modules section of docs index a bit --- docs/index.md | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/docs/index.md b/docs/index.md index 20dea1a6dc..ae75db85e1 100644 --- a/docs/index.md +++ b/docs/index.md @@ -23,16 +23,13 @@ SimpleSAMLphp Documentation * [Holder-of-Key profile](simplesamlphp-hok-idp) * Further topics * [Maintenance and configuration](simplesamlphp-maintenance) - covers session handling, php configuration etc. - * [Automated Metadata Management](./metarefresh:simplesamlphp-automated_metadata) + * [Automated Metadata Management](/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata) * [Key rollover](./saml:keyrollover) * [Authentication Processing Filters](simplesamlphp-authproc) - attribute filtering, attribute mapping, consent, group generation etc. * [State Information Lost](simplesamlphp-nostate) - more about this common error message * [Advanced features](simplesamlphp-advancedfeatures) - covers bridging protocols, attribute filtering, etc. * SimpleSAMLphp Modules - * Documentation for specific modules: - * [Consent module](./consent:consent) - * [Installing and configuring the consentAdmin module](./consentAdmin:consentAdmin) - * [Authorization](./authorize:authorize) - * [autotest Module](https://github.com/simplesamlphp/simplesamlphp-module-autotest/blob/v1.0/README.md) - * [Storing sessions in Riak](./riak:simplesamlphp-riak) - * [Statistics](./statistics:statistics) + * [Documentation for specific modules](/docs/contributed_modules.html) + * [Theming SimpleSAMLphp](simplesamlphp-theming) + * [Creating authentication sources](./simplesamlphp-authsource) + * [Create your own customized modules](simplesamlphp-modules) From 318c057351666fa6559547c70717c1ec8381ac18 Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Mon, 4 Jul 2022 20:15:11 +0200 Subject: [PATCH 0005/1127] update links to external module docs --- docs/simplesamlphp-advancedfeatures.md | 10 +-------- docs/simplesamlphp-googleapps.md | 10 +-------- docs/simplesamlphp-idp-more.md | 2 +- docs/simplesamlphp-idp.md | 28 +++++++++----------------- docs/simplesamlphp-install.md | 2 +- docs/simplesamlphp-sp.md | 2 +- 6 files changed, 14 insertions(+), 40 deletions(-) diff --git a/docs/simplesamlphp-advancedfeatures.md b/docs/simplesamlphp-advancedfeatures.md index 73ef877e10..1373b279ad 100644 --- a/docs/simplesamlphp-advancedfeatures.md +++ b/docs/simplesamlphp-advancedfeatures.md @@ -1,14 +1,6 @@ SimpleSAMLphp Advanced Features =============================== - - - - [TOC] SimpleSAMLphp documentation @@ -60,7 +52,7 @@ Automatic update of SAML 2.0 Metadata XML from HTTPS ---------------------------------------------------- The `metarefresh` module is the preferred method for doing this. -Please see the [metarefresh documentation](./metarefresh:simplesamlphp-automated_metadata). +Please see the [metarefresh documentation](/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata). diff --git a/docs/simplesamlphp-googleapps.md b/docs/simplesamlphp-googleapps.md index 1eedd439af..19b0532eb2 100644 --- a/docs/simplesamlphp-googleapps.md +++ b/docs/simplesamlphp-googleapps.md @@ -1,14 +1,6 @@ Setting up a SimpleSAMLphp SAML 2.0 IdP to use with Google Workspace (G Suite / Google Apps) for Education ============================================ - - - - [TOC] SimpleSAMLphp news and documentation @@ -75,7 +67,7 @@ The next step is to configure the way users authenticate on your IdP. Various mo `exampleauth:Static` : Automatically log in as a user with a set of attributes. -[`ldap:LDAP`](./ldap:ldap) +[`ldap:LDAP`](/docs/contrib_modules/ldap/ldap.html) : Authenticates an user to a LDAP server. For more authentication modules, see [SimpleSAMLphp Identity Provider QuickStart](simplesamlphp-idp). diff --git a/docs/simplesamlphp-idp-more.md b/docs/simplesamlphp-idp-more.md index c2852a25dd..eabaf95d58 100644 --- a/docs/simplesamlphp-idp-more.md +++ b/docs/simplesamlphp-idp-more.md @@ -14,7 +14,7 @@ If you have read about the AJAX iFrame Single Log-Out approach at Andreas' blog Attribute Release Consent ------------------------- -The attribute release consent is documented in a [separate document](./consent:consent). +The attribute release consent is documented in a [separate document](/docs/contrib_modules/consent/consent.html). Support for bookmarking the login page diff --git a/docs/simplesamlphp-idp.md b/docs/simplesamlphp-idp.md index b52ea0d5e3..97cdb5318d 100644 --- a/docs/simplesamlphp-idp.md +++ b/docs/simplesamlphp-idp.md @@ -1,13 +1,6 @@ SimpleSAMLphp Identity Provider QuickStart =========================================== - - - [TOC] This guide will describe how to configure SimpleSAMLphp as an identity provider (IdP). You should previously have installed SimpleSAMLphp as described in [the SimpleSAMLphp installation instructions](simplesamlphp-install) @@ -26,13 +19,13 @@ Authentication module The next step is to configure the way users authenticate on your IdP. Various modules in the `modules/` directory provides methods for authenticating your users. This is an overview of those that are included in the SimpleSAMLphp distribution: -[`authcrypt:Hash`](./authcrypt:authcrypt) +[`authcrypt:Hash`](/docs/contrib_modules/authcrypt/authcrypt.html) : Username & password authentication with hashed passwords. -[`authcrypt:Htpasswd`](./authcrypt:authcrypt) +[`authcrypt:Htpasswd`](/docs/contrib_modules/authcrypt/authcrypt.html) : Username & password authentication against .htpasswd file. -[`authX509:authX509userCert`](./authX509:authX509) +[`authX509:authX509userCert`](/docs/contrib_modules/authX509/authX509.html) : Authenticate against a LDAP database with a SSL client certificate. `exampleauth:UserPass` @@ -41,17 +34,17 @@ The next step is to configure the way users authenticate on your IdP. Various mo `exampleauth:Static` : Automatically log in as a user with a set of attributes. -[`ldap:LDAP`](./ldap:ldap) +[`ldap:LDAP`](/docs/contrib_modules/ldap/ldap.html) : Authenticates an user to a LDAP server. -[`ldap:LDAPMulti`](./ldap:ldap) +[`ldap:LDAPMulti`](/docs/contrib_modules/ldap/ldap.html) : Authenticates an user to one of several LDAP server. The user can choose the LDAP server from a dropdown list. -[`sqlauth:SQL`](./sqlauth:sql) +[`sqlauth:SQL`](/docs/contrib_modules/sqlauth/sql.html) : Authenticate an user against a database. -[`radius:Radius`](./radius:radius) +[`radius:Radius`](/docs/contrib_modules/radius/radius.html) : Authenticates an user to a Radius server. [`multiauth:MultiAuth`](./multiauth:multiauth) @@ -61,12 +54,9 @@ The next step is to configure the way users authenticate on your IdP. Various mo : Authenticate against a SAML IdP. Can be used for bridging. `authYubiKey:YubiKey` -: Authenticate with [an YubiKey](http://www.yubico.com/products/yubikey/). - -[`authfacebook:Facebook`](./authfacebook:authfacebook) -: Authenticate with a Facebook ID. +: Authenticate with [a YubiKey](https://www.yubico.com/products/yubikey/). -[`authtwitter:Twitter`](./authtwitter:oauthtwitter) +[`authtwitter:Twitter`](/docs/contrib_modules/authtwitter/oauthtwitter.html) : Authenticate with your Twitter account using the Twitter OAuth API. [`papi:PAPI`](https://github.com/rediris-es/simplesamlphp-module-papi/blob/master/README.md) diff --git a/docs/simplesamlphp-install.md b/docs/simplesamlphp-install.md index 6790267f45..560ddfade1 100644 --- a/docs/simplesamlphp-install.md +++ b/docs/simplesamlphp-install.md @@ -375,7 +375,7 @@ in a separate document. + [Remote SP reference](simplesamlphp-reference-sp-remote) + [Setting up an IdP for Google Workspace (G Suite / Google Apps)](simplesamlphp-googleapps) + [Advanced Topics](simplesamlphp-idp-more) - - [Automated Metadata Management](./metarefresh:simplesamlphp-automated_metadata) + - [Automated Metadata Management](/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata) - [Maintenance and configuration](simplesamlphp-maintenance) diff --git a/docs/simplesamlphp-sp.md b/docs/simplesamlphp-sp.md index 5df29f4a3b..345fa20788 100644 --- a/docs/simplesamlphp-sp.md +++ b/docs/simplesamlphp-sp.md @@ -158,7 +158,7 @@ in federations will differ, but the common part is that you would need to provide the *SAML 2.0 metadata of your SP*, and register that with the federation administration. You will probably be required too to consume the federation metadata periodically. Read more about -[automated metadata management](./metarefresh:simplesamlphp-automated_metadata) +[automated metadata management](/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata) to learn more about that. From 7194b68966036f06f61d8d7c25b0f4a15106efce Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Tue, 5 Jul 2022 12:52:35 +0200 Subject: [PATCH 0006/1127] Remove obsolete translation instructions (better none than wrong info) --- docs/simplesamlphp-translation.md | 89 ++----------------------------- 1 file changed, 3 insertions(+), 86 deletions(-) diff --git a/docs/simplesamlphp-translation.md b/docs/simplesamlphp-translation.md index e8f48af77e..b63e63e636 100644 --- a/docs/simplesamlphp-translation.md +++ b/docs/simplesamlphp-translation.md @@ -1,87 +1,4 @@ -SimpleSAMLphp Translation Portal -================================================================ +SimpleSAMLphp Translation +========================= - - -[TOC] - -## How translated terms are referred from a template - -Here is an example of how two terms are included in a template from dictionary files: - -

t('{core:frontpage:about_header}'); ?>

-

t('{core:frontpage:about_text}'); ?>

- -In this example, two translated terms are included: `about_header` and `about_text`. Both these terms are found in a dictionary file named `frontpage`, inside the module named `core`. - -**Note:** An important use-case here is that you can create your own module, that includes a new theme that overrides some of the default templates. You may in this template refer to both terms from the existing dictionary files, but you can also add new dictionary files in your new module that may introduce new alternative terms. - -## The definition file - -When the template library is about to lookup the translation of a term, it will lookup - - * the definition file, for the English translation, and - * the translation file, for translation to other languages. - -SimpleSAMLphp will always fallback to the English translation using the definition file, both: - - * when the term is not translated into the *current selected language*, and - * when the translation file is not available at all. - -The name of the definition file is `BASENAME.definition.json`, where the term is referred to like this: `{MODULENAME:BASENAME:TERM}`. The file MUST be placed in the followng location: `modules/MODULENAME/dictionaries/BASENAME.definition.json`. - -The content of the defintion file is a *JSON encoded array* of `term => definition`, where definition is an array with an required `en` index for the english translation, and the value is the English text. - -Here is an example of a definition file with three terms: - - { - "header": { - "en": "Missing cookie" - }, - "description": { - "en": "You appear to have disabled cookies in your browser. Please check the settings in your browser, and try again." - }, - "retry": { - "en": "Retry" - } - } - -Note: you may not include other languages in the definition files, the `en` index is used in order to at a later point in time introduce more meta information for each term, like in example: - - "header": { - "en": "Missing cookie", - "_note": "This text shows up on the error page when the browser do not support cookies." - }, - -To summarize the pattern of the definition file is as follows: - - { - "TERM1": { - "en": "English text 1" - }, - "TERM2": { - "en": "English text 2" - } - } - -## The translation file - -The translation file is similar to the definition file, but including translation to languages others than English. - -The structure of the file is identical to the definition files, except from the language index, which now is not `en`, but the actual langauge that is translated: - - - { - "TERM1": { - "no": "Norsk tekst 1", - "da": "Dansk tekst 1" - }, - "TERM2": { - "no": "Norsk tekst 2", - "da": "Dansk tekst 2" - } - } +TODO: please complete this doc on how to translate SimpleSAMLphp From 131c640e5343c62d01038633504710445be3501a Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Wed, 6 Jul 2022 22:10:18 +0200 Subject: [PATCH 0007/1127] Remove deprecated string use-case for NameIDPolicy --- src/SimpleSAML/Utils/Config/Metadata.php | 7 ++----- tests/src/SimpleSAML/Utils/Config/MetadataTest.php | 7 ------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/src/SimpleSAML/Utils/Config/Metadata.php b/src/SimpleSAML/Utils/Config/Metadata.php index f7a1a389aa..d475262137 100644 --- a/src/SimpleSAML/Utils/Config/Metadata.php +++ b/src/SimpleSAML/Utils/Config/Metadata.php @@ -262,7 +262,7 @@ public static function isHiddenFromDiscovery(array $metadata): bool /** * This method parses the different possible values of the NameIDPolicy metadata configuration. * - * @param mixed $nameIdPolicy + * @param null|array|false $nameIdPolicy * * @return null|array */ @@ -270,10 +270,7 @@ public static function parseNameIdPolicy($nameIdPolicy): ?array { $policy = null; - if (is_string($nameIdPolicy)) { - // handle old configurations where 'NameIDPolicy' was used to specify just the format - $policy = ['Format' => $nameIdPolicy, 'AllowCreate' => true]; - } elseif (is_array($nameIdPolicy)) { + if (is_array($nameIdPolicy)) { // handle current configurations specifying an array in the NameIDPolicy config option $nameIdPolicy_cf = Configuration::loadFromArray($nameIdPolicy); $policy = [ diff --git a/tests/src/SimpleSAML/Utils/Config/MetadataTest.php b/tests/src/SimpleSAML/Utils/Config/MetadataTest.php index 8f38a7f239..69f55762a0 100644 --- a/tests/src/SimpleSAML/Utils/Config/MetadataTest.php +++ b/tests/src/SimpleSAML/Utils/Config/MetadataTest.php @@ -236,13 +236,6 @@ public function testParseNameIdPolicy(): void $nameIdPolicy = false; $this->assertEquals(null, Metadata::parseNameIdPolicy($nameIdPolicy)); - // Test string - $nameIdPolicy = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'; - $this->assertEquals( - ['Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', 'AllowCreate' => true], - Metadata::parseNameIdPolicy($nameIdPolicy) - ); - // Test array $nameIdPolicy = [ 'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent', From dc5ad3076761a84542f51258e4b3b8c16e724601 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Sat, 9 Jul 2022 16:27:47 +0200 Subject: [PATCH 0008/1127] Fix many spelling mistakes --- bin/get-translatable-strings | 2 +- config-templates/authsources.php | 2 +- config-templates/config.php | 2 +- docs/simplesamlphp-authproc.md | 8 ++++---- docs/simplesamlphp-changelog.md | 14 +++++++------- docs/simplesamlphp-database.md | 2 +- docs/simplesamlphp-googleapps.md | 2 +- ...simplesamlphp-metadata-extensions-attributes.md | 2 +- docs/simplesamlphp-metadata-extensions-rpi.md | 2 +- docs/simplesamlphp-modules.md | 2 +- docs/simplesamlphp-reference-idp-hosted.md | 2 +- docs/simplesamlphp-sp.md | 2 +- docs/simplesamlphp-upgrade-notes-1.16.md | 2 +- docs/simplesamlphp-upgrade-notes-1.17.md | 2 +- docs/simplesamlphp-upgrade-notes-1.5.md | 2 +- docs/simplesamlphp-upgrade-notes-1.6.md | 2 +- docs/simplesamlphp-upgrade-notes-1.9.md | 2 +- docs/simplesamlphp-upgrade-notes-2.0.md | 2 +- locales/af/LC_MESSAGES/messages.po | 2 +- locales/ar/LC_MESSAGES/messages.po | 2 +- locales/cs/LC_MESSAGES/messages.po | 2 +- locales/da/LC_MESSAGES/messages.po | 2 +- locales/de/LC_MESSAGES/messages.po | 2 +- locales/el/LC_MESSAGES/messages.po | 2 +- locales/en/LC_MESSAGES/messages.po | 4 ++-- locales/es/LC_MESSAGES/messages.po | 2 +- locales/et/LC_MESSAGES/messages.po | 2 +- locales/eu/LC_MESSAGES/messages.po | 2 +- locales/fi/LC_MESSAGES/messages.po | 2 +- locales/fr/LC_MESSAGES/messages.po | 2 +- locales/he/LC_MESSAGES/messages.po | 2 +- locales/hr/LC_MESSAGES/messages.po | 2 +- locales/hu/LC_MESSAGES/messages.po | 2 +- locales/id/LC_MESSAGES/messages.po | 2 +- locales/it/LC_MESSAGES/messages.po | 2 +- locales/ja/LC_MESSAGES/messages.po | 2 +- locales/lt/LC_MESSAGES/messages.po | 2 +- locales/lv/LC_MESSAGES/messages.po | 2 +- locales/nb/LC_MESSAGES/messages.po | 2 +- locales/nl/LC_MESSAGES/messages.po | 2 +- locales/nn/LC_MESSAGES/messages.po | 2 +- locales/pl/LC_MESSAGES/messages.po | 2 +- locales/pt-br/LC_MESSAGES/messages.po | 2 +- locales/pt/LC_MESSAGES/messages.po | 2 +- locales/ro/LC_MESSAGES/messages.po | 2 +- locales/ru/LC_MESSAGES/messages.po | 2 +- locales/sl/LC_MESSAGES/messages.po | 2 +- locales/sr/LC_MESSAGES/messages.po | 2 +- locales/st/LC_MESSAGES/messages.po | 2 +- locales/sv/LC_MESSAGES/messages.po | 2 +- locales/tr/LC_MESSAGES/messages.po | 2 +- locales/xh/LC_MESSAGES/messages.po | 2 +- locales/zh-tw/LC_MESSAGES/messages.po | 2 +- locales/zh/LC_MESSAGES/messages.po | 2 +- locales/zu/LC_MESSAGES/messages.po | 2 +- modules/admin/locales/af/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/ar/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/cs/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/da/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/de/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/el/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/en/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/es/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/et/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/eu/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/fi/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/fr/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/he/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/hr/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/hu/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/id/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/it/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/ja/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/lb/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/lt/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/lv/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/nb/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/nl/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/nn/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/pl/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/pt-br/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/pt/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/ro/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/ru/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/sl/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/sr/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/st/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/sv/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/tr/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/xh/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/zh-tw/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/zh/LC_MESSAGES/admin.po | 2 +- modules/admin/locales/zu/LC_MESSAGES/admin.po | 2 +- modules/admin/templates/metadata_converter.twig | 2 +- modules/core/docs/authproc_languageadaptor.md | 2 +- modules/core/src/Auth/Process/AttributeAdd.php | 2 +- modules/core/src/Auth/Process/AttributeLimit.php | 2 +- modules/core/src/Auth/Process/Cardinality.php | 2 +- modules/exampleauth/src/Auth/Source/External.php | 2 +- modules/multiauth/src/Auth/Source/MultiAuth.php | 2 +- modules/saml/src/Auth/Process/SubjectID.php | 2 +- .../saml/src/Controller/WebBrowserSingleSignOn.php | 2 +- modules/saml/src/IdP/SAML2.php | 2 +- phpcs.xml | 2 +- src/SimpleSAML/Auth/ProcessingChain.php | 5 +++-- src/SimpleSAML/Error/ErrorCodes.php | 2 +- src/SimpleSAML/Memcache.php | 6 +++--- src/SimpleSAML/Metadata/Sources/MDQ.php | 2 +- src/SimpleSAML/Module.php | 4 ++-- src/SimpleSAML/Utils/HTTP.php | 4 ++-- src/SimpleSAML/Utils/System.php | 2 +- src/SimpleSAML/XML/Errors.php | 2 +- src/SimpleSAML/XML/Signer.php | 2 +- .../core/src/Auth/Process/AttributeLimitTest.php | 2 +- .../core/src/Storage/SQLPermanentStorageTest.php | 2 +- .../saml/src/Auth/Process/FilterScopesTest.php | 2 +- tests/modules/saml/src/Auth/Source/SPTest.php | 8 ++++---- tests/src/SimpleSAML/ConfigurationTest.php | 6 +++--- tests/src/SimpleSAML/LoggerTest.php | 2 +- .../Metadata/MetaDataStorageSourceTest.php | 2 +- 120 files changed, 141 insertions(+), 140 deletions(-) diff --git a/bin/get-translatable-strings b/bin/get-translatable-strings index 5a312c0ac6..bc4a4f2e9f 100755 --- a/bin/get-translatable-strings +++ b/bin/get-translatable-strings @@ -9,7 +9,7 @@ * - A specific module name given on the command line * - The main product and the standard modules, when invoked with '--main'. * - * It will search all Twig templates for occurences of the trans() + * It will search all Twig templates for occurrences of the trans() * function, and all PHP code under src/ for the noop() function. */ declare(strict_types=1); diff --git a/config-templates/authsources.php b/config-templates/authsources.php index 4da2abc31e..f0f77cab88 100644 --- a/config-templates/authsources.php +++ b/config-templates/authsources.php @@ -251,7 +251,7 @@ // If the directory uses privilege separation, // the authenticated user may not be able to retrieve - // all required attribures, a privileged entity is required + // all required attributes, a privileged entity is required // to get them. This is enabled with this option. 'priv.read' => false, diff --git a/config-templates/config.php b/config-templates/config.php index 8b0cf240d2..8682dafd8b 100644 --- a/config-templates/config.php +++ b/config-templates/config.php @@ -934,7 +934,7 @@ /* * IdP Discovery service look configuration. - * Wether to display a list of idp or to display a dropdown box. For many IdP' a dropdown box + * Whether to display a list of idp or to display a dropdown box. For many IdP' a dropdown box * gives the best use experience. * * When using dropdown box a cookie is used to highlight the previously chosen IdP in the dropdown. diff --git a/docs/simplesamlphp-authproc.md b/docs/simplesamlphp-authproc.md index 3d0bad674c..1b8ea9d6d7 100644 --- a/docs/simplesamlphp-authproc.md +++ b/docs/simplesamlphp-authproc.md @@ -14,15 +14,15 @@ Examples of neat things to do using Authentication Processing Filters: * Modify the name of attributes. * Generate new attributes that are composed of others, for example eduPersonTargetedID. * Ask the user for consent, before the user is sent back to a service. -* Implement basic Access Control on the IdP (not neccessarily a good idea), limiting access for some users to some SPs. +* Implement basic Access Control on the IdP (not necessarily a good idea), limiting access for some users to some SPs. -Be aware that Authentication Proccessing Filters do replace some of the previous features in SimpleSAMLphp, named: +Be aware that Authentication Processing Filters do replace some of the previous features in SimpleSAMLphp, named: * `attributemap` * `attributealter` * `attribute filter` -Later in this document, we will describe in detail the alternative Authentication Proccessing Filters that will replicate these functionalities. +Later in this document, we will describe in detail the alternative Authentication Processing Filters that will replicate these functionalities. How to configure Auth Proc Filters ---------------------------------- @@ -128,7 +128,7 @@ The following filters are included in the SimpleSAMLphp distribution: - [`core:Cardinality`](./core:authproc_cardinality): Ensure the number of attribute values is within the specified multiplicity. - [`core:CardinalitySingle`](./core:authproc_cardinalitysingle): Ensure the correct cardinality of single-valued attributes. - [`core:GenerateGroups`](./core:authproc_generategroups): Generate a `group` attribute for the user. -- [`core:LanguageAdaptor`](./core:authproc_languageadaptor): Transfering language setting from IdP to SP. +- [`core:LanguageAdaptor`](./core:authproc_languageadaptor): Transferring language setting from IdP to SP. - [`core:PHP`](./core:authproc_php): Modify attributes with custom PHP code. - [`core:ScopeAttribute`](./core:authproc_scopeattribute): Add scope to attribute. - [`core:ScopeFromAttribute`](./core:authproc_scopefromattribute): Create a new attribute based on the scope on a different attribute. diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md index 0e2b20adb7..adbe2377a9 100644 --- a/docs/simplesamlphp-changelog.md +++ b/docs/simplesamlphp-changelog.md @@ -65,7 +65,7 @@ Released 2020-09-02 * Fixed Artifact Resolution due to incorrect use of Issuer objects (#1343). * Fixed some of the German translations (#1331). Thanks @htto! * Harden against CVE-2020-13625; this package is not affected, but 3rd party modules may (#1333). - * Harden against sevaral JS issues (npm update & npm audit fix) + * Harden against several JS issues (npm update & npm audit fix) * Fixed inconsistent configuration of backtraces logging * Support for Symfony 3.x is now deprecated * Support for Twig 1.x is now deprecated @@ -1851,7 +1851,7 @@ Released 2009-11-05. Revision 1937. ### `ldapstatus`: * Do a connect-test to all ip-addresses for a hostname. - * Check wheter hostname exists before attempting to connect. + * Check whether hostname exists before attempting to connect. * hobbit output. * Check schema version. * Add command line tab to single LDAP status page for easier debugging. @@ -1914,12 +1914,12 @@ Updates to `config.php`. Please check for updates in your local modified configu * AttributeFilter * AttributeMap * Smartname. does it best to guess the full name of the user based on several attributes. - * Language adaptor: allow adopting UI by preferredLanguage SAML 2.0 Attribute both on the IdP and the SP. And if the user selects a lanauge, this can be sent to the SP as an attribute. + * Language adaptor: allow adopting UI by preferredLanguage SAML 2.0 Attribute both on the IdP and the SP. And if the user selects a language, this can be sent to the SP as an attribute. * New module: portal, allows you to created tabbed interface for custom pages within SimpleSAMLphp. In example user consent management and attribute viewer. * New module: ldapstatus. Used by Feide to monitor connections to a large list of LDAP connections. Contact Feide on details on how to use. * ldapstatus also got certificate check capabilities. * New module: MemcacheMonitor: Show statistics for memcache servers. - * New module: DiscoPower. A tabbed discovery service module with alot of functionality. + * New module: DiscoPower. A tabbed discovery service module with a lot of functionality. * New module: SAML 2.0 Debugginer. An improved version of the one found on rnd.feide.no earlier is not included in SimpleSAMLphp allowing you to run it locally. * New module: Simple Consent Amdin module that have one button to remove all consent for one user. * New module: Consent Administration. Contribution from Wayf. @@ -1961,7 +1961,7 @@ Updates to `config.php`. Please check for updates in your local modified configu * All documentation is converted from docbook to markdown format. * Added headers to not allow google to index pages. * Added check on frontpage for magic quotes - * Added statistic loggging to Consent class. + * Added statistic logging to Consent class. * Improvements to Exception handler in LDAP class, and better logging. * LDAP class supports turning on LDAP-debug logging. * Much improvements to SAML 2.0 Metadata generation and parsing. @@ -1982,7 +1982,7 @@ Configuration file `config.php` should not include significant changes, except o ### New features * Documentation update - * Added new language. Now there are two different portugese + * Added new language. Now there are two different portuguese dialects. * Consent "module" modified. Now added support for preselecting the checkbox by a configuration parameter. Consent module supports @@ -2134,7 +2134,7 @@ New localizations in version 1.1: Sami, Svenska (swedish), Suomeksi (finnish), N * Modified IdP discovery service to support Shibboleth 2.0 SP. * Fix setcookie warning for PHP version \< 5.2. * Fix logout not being performed for Auth MemCache sometimes. - * Preserve case of attribute names during LDAP attribute retrival. + * Preserve case of attribute names during LDAP attribute retrieval. * Fix IdP-initiated logout. * Ensure that changed sessions with changed SP associations are written to memcache. diff --git a/docs/simplesamlphp-database.md b/docs/simplesamlphp-database.md index 7563a4baae..d92fab45d9 100644 --- a/docs/simplesamlphp-database.md +++ b/docs/simplesamlphp-database.md @@ -64,7 +64,7 @@ The values specified in the $values array will be bound to the placeholders and $query = $db->write("INSERT INTO $table (id, data) VALUES (:id, :data)", $values); -You can also skip usage of prepared statements. You should **only** use this if you have a statement that has no user input (ex. CREATE TABLE). If the params variable is explicity set to false, it will skip usage of prepared statements. This is only available when writing to the database. +You can also skip usage of prepared statements. You should **only** use this if you have a statement that has no user input (ex. CREATE TABLE). If the params variable is explicitly set to false, it will skip usage of prepared statements. This is only available when writing to the database. $table = $db->applyPrefix("test"); $query = $db->write("CREATE TABLE IF NOT EXISTS $table (id INT(16) NOT NULL, data TEXT NOT NULL)", false); diff --git a/docs/simplesamlphp-googleapps.md b/docs/simplesamlphp-googleapps.md index 19b0532eb2..b267e9db0c 100644 --- a/docs/simplesamlphp-googleapps.md +++ b/docs/simplesamlphp-googleapps.md @@ -75,7 +75,7 @@ For more authentication modules, see [SimpleSAMLphp Identity Provider QuickStart In this guide, we will use the `exampleauth:UserPass` authentication module. This module does not have any dependencies, and is therefore simple to set up. -After you have successfuly tested that everything is working with the simple `exampleauth:UserPass`, you are encouraged to setup SimpleSAMLphp IdP towards your user storage, such as an LDAP directory. (Use the links on the authentication sources above to read more about these setups. `ldap:LDAP` is the most common authentication source.) +After you have successfully tested that everything is working with the simple `exampleauth:UserPass`, you are encouraged to setup SimpleSAMLphp IdP towards your user storage, such as an LDAP directory. (Use the links on the authentication sources above to read more about these setups. `ldap:LDAP` is the most common authentication source.) Configuring the authentication source diff --git a/docs/simplesamlphp-metadata-extensions-attributes.md b/docs/simplesamlphp-metadata-extensions-attributes.md index 0eb03e096e..716580c033 100644 --- a/docs/simplesamlphp-metadata-extensions-attributes.md +++ b/docs/simplesamlphp-metadata-extensions-attributes.md @@ -34,7 +34,7 @@ Defining Attributes The `EntityAttributes` key is used to define the attributes in the metadata. Each item in the `EntityAttributes` array defines a new `` item in the metadata. The value for each key must be an -array. Each item in this array produces a separte `` +array. Each item in this array produces a separate `` element within the `` element. 'EntityAttributes' => [ diff --git a/docs/simplesamlphp-metadata-extensions-rpi.md b/docs/simplesamlphp-metadata-extensions-rpi.md index 896105109c..9b45c5a79d 100644 --- a/docs/simplesamlphp-metadata-extensions-rpi.md +++ b/docs/simplesamlphp-metadata-extensions-rpi.md @@ -16,7 +16,7 @@ V2.0 Metadata Extensions for Registration and Publication Information](http://do defined by OASIS. This extension aims to provide information about the registrars and publishers of the metadata themselves, and it is therefore -available throught different endpoints and modules that provide metadata all along SimpleSAMLphp. More specifically, this +available through different endpoints and modules that provide metadata all along SimpleSAMLphp. More specifically, this extension can be used for: - metadata published for a [hosted service provider](./saml:sp). diff --git a/docs/simplesamlphp-modules.md b/docs/simplesamlphp-modules.md index 3b38eb0fc0..a07e2384d6 100644 --- a/docs/simplesamlphp-modules.md +++ b/docs/simplesamlphp-modules.md @@ -11,7 +11,7 @@ SimpleSAMLphp modules [TOC] This document describes how the module system in SimpleSAMLphp -works. It descibes what types of modules there are, how they are +works. It describes what types of modules there are, how they are configured, and how to write new modules. Overview diff --git a/docs/simplesamlphp-reference-idp-hosted.md b/docs/simplesamlphp-reference-idp-hosted.md index 6a3f11ef75..0300d558e5 100644 --- a/docs/simplesamlphp-reference-idp-hosted.md +++ b/docs/simplesamlphp-reference-idp-hosted.md @@ -241,7 +241,7 @@ The following SAML 2.0 options are available: [MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information. `saml20.ecp` -: Set to `true` to enable the IdP to recieve authnrequests and send responses according the Enhanced Client or Proxy (ECP) Profile. Note: authentication filters that require interaction with the user will not work with ECP. +: Set to `true` to enable the IdP to receive AuthnRequests and send responses according the Enhanced Client or Proxy (ECP) Profile. Note: authentication filters that require interaction with the user will not work with ECP. Defaults to `false`. `saml20.hok.assertion` diff --git a/docs/simplesamlphp-sp.md b/docs/simplesamlphp-sp.md index 345fa20788..1b819465f3 100644 --- a/docs/simplesamlphp-sp.md +++ b/docs/simplesamlphp-sp.md @@ -175,7 +175,7 @@ redirected to the IdP. After entering your credentials, you should be redirected back to the test page. The test page should contain a list of your attributes: -![Screenshot of the status page after a user has succesfully authenticated](resources/simplesamlphp-sp/screenshot-example.png) +![Screenshot of the status page after a user has successfully authenticated](resources/simplesamlphp-sp/screenshot-example.png) For a better looking, more advanced Discovery Service with tabs and live search, you may want to use the `discopower` module. diff --git a/docs/simplesamlphp-upgrade-notes-1.16.md b/docs/simplesamlphp-upgrade-notes-1.16.md index b7f225947a..50c21084e5 100644 --- a/docs/simplesamlphp-upgrade-notes-1.16.md +++ b/docs/simplesamlphp-upgrade-notes-1.16.md @@ -1,7 +1,7 @@ Upgrade notes for SimpleSAMLphp 1.16 ==================================== -The default signature algoritm is now SHA-256 (SHA-1 has been considered +The default signature algorithm is now SHA-256 (SHA-1 has been considered obsolete since 2014). For entities that need it, you can switch back to SHA-1 by setting the `signature.algorithm` option in the remote entity metadata. diff --git a/docs/simplesamlphp-upgrade-notes-1.17.md b/docs/simplesamlphp-upgrade-notes-1.17.md index 376f081c6d..61590c2554 100644 --- a/docs/simplesamlphp-upgrade-notes-1.17.md +++ b/docs/simplesamlphp-upgrade-notes-1.17.md @@ -9,7 +9,7 @@ from the legacy names so calling code should remain working. Custom code exceptions, may need to be changed. The possibility has been reintroduced to omit the NameIdPolicy from SP -AuthnRequests by setting NameIDPolicy to `false`. The prefered way is +AuthnRequests by setting NameIDPolicy to `false`. The preferred way is to configure it as an array `[ 'Format' => format, 'AllowCreate' => true/false ]`, which is now also the format used in the `saml:NameIDPolicy` variable in `$state`. diff --git a/docs/simplesamlphp-upgrade-notes-1.5.md b/docs/simplesamlphp-upgrade-notes-1.5.md index b8a61f65a4..b836d7de96 100644 --- a/docs/simplesamlphp-upgrade-notes-1.5.md +++ b/docs/simplesamlphp-upgrade-notes-1.5.md @@ -17,7 +17,7 @@ Upgrade notes for SimpleSAMLphp 1.5 See the [migration guide](simplesamlphp-sp-migration) for more information about this. * The `request.signing` option has been removed. - That option was replaced with the `redirect.sign` and `redirect.validate` options, and has been depreceated for one year. + That option was replaced with the `redirect.sign` and `redirect.validate` options, and has been deprecated for one year. * The `aggregator` module's configuration file has changed name. It was changed from `aggregator.php` to `module_aggregator.php`. diff --git a/docs/simplesamlphp-upgrade-notes-1.6.md b/docs/simplesamlphp-upgrade-notes-1.6.md index b918cc9b06..f790d67651 100644 --- a/docs/simplesamlphp-upgrade-notes-1.6.md +++ b/docs/simplesamlphp-upgrade-notes-1.6.md @@ -2,7 +2,7 @@ Upgrade notes for SimpleSAMLphp 1.6 =================================== * This release requires PHP version >= 5.2.0, as that was the first version to include `json_decode()`. - It is possible that it may work with version of PHP >= 5.1.2 if the [JSON PECL extesion](http://pecl.php.net/package/json) is enabled, but this is untested. + It is possible that it may work with version of PHP >= 5.1.2 if the [JSON PECL extension](http://pecl.php.net/package/json) is enabled, but this is untested. * The secure-flag is no longer automatically set on the session cookie. This was changed to avoid hard to diagnose session problems. diff --git a/docs/simplesamlphp-upgrade-notes-1.9.md b/docs/simplesamlphp-upgrade-notes-1.9.md index f7af09741c..08a7146812 100644 --- a/docs/simplesamlphp-upgrade-notes-1.9.md +++ b/docs/simplesamlphp-upgrade-notes-1.9.md @@ -8,4 +8,4 @@ Upgrade notes for SimpleSAMLphp 1.9 * The code to set cookies now requires PHP version >= 5.2. (PHP version 5.2.0 or newer has been the only supported version for a while, but it has in some cases been possible to run SimpleSAMLphp with older versions.) * It used to be possible to set an array of endpoints for the SingleSignOnService in `saml20-idp-hosted.php`. That is no longer supported. * The `aselect` module has been replaced with a new module. The new module gives us better error handling and support for request signing, but we lose support for A-Select Cross. - * There has been various fixes in the session exipration handling. As a result of this, sessions may get a shorter lifetime (if the IdP places a limit on the lifetime, this limit will now be honored). + * There has been various fixes in the session expiration handling. As a result of this, sessions may get a shorter lifetime (if the IdP places a limit on the lifetime, this limit will now be honored). diff --git a/docs/simplesamlphp-upgrade-notes-2.0.md b/docs/simplesamlphp-upgrade-notes-2.0.md index a2db80475c..6832a1ad82 100644 --- a/docs/simplesamlphp-upgrade-notes-2.0.md +++ b/docs/simplesamlphp-upgrade-notes-2.0.md @@ -41,7 +41,7 @@ Configuration changes --------------------- Quite some options have been changed or removed. We recommend to start with a fresh template from `config-templates/` and migrate the settings you require to the new -config file manualy. +config file manually. The date formatting when specifying a custom logging string has been changed from PHP's deprecated `strftime()` format to PHP's `date()` format. diff --git a/locales/af/LC_MESSAGES/messages.po b/locales/af/LC_MESSAGES/messages.po index 0886d0a6e6..96c9a50066 100644 --- a/locales/af/LC_MESSAGES/messages.po +++ b/locales/af/LC_MESSAGES/messages.po @@ -224,7 +224,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/ar/LC_MESSAGES/messages.po b/locales/ar/LC_MESSAGES/messages.po index 5a4c9881a5..3ab16f5079 100644 --- a/locales/ar/LC_MESSAGES/messages.po +++ b/locales/ar/LC_MESSAGES/messages.po @@ -279,7 +279,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/cs/LC_MESSAGES/messages.po b/locales/cs/LC_MESSAGES/messages.po index 83d2d74526..d5409c627f 100644 --- a/locales/cs/LC_MESSAGES/messages.po +++ b/locales/cs/LC_MESSAGES/messages.po @@ -279,7 +279,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/da/LC_MESSAGES/messages.po b/locales/da/LC_MESSAGES/messages.po index 447a072af6..a209f6cf90 100644 --- a/locales/da/LC_MESSAGES/messages.po +++ b/locales/da/LC_MESSAGES/messages.po @@ -292,7 +292,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/de/LC_MESSAGES/messages.po b/locales/de/LC_MESSAGES/messages.po index a1730a69ff..55ab150b45 100644 --- a/locales/de/LC_MESSAGES/messages.po +++ b/locales/de/LC_MESSAGES/messages.po @@ -293,7 +293,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/el/LC_MESSAGES/messages.po b/locales/el/LC_MESSAGES/messages.po index b0a5b55fc5..7336b131ce 100644 --- a/locales/el/LC_MESSAGES/messages.po +++ b/locales/el/LC_MESSAGES/messages.po @@ -298,7 +298,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/en/LC_MESSAGES/messages.po b/locales/en/LC_MESSAGES/messages.po index e36a07844c..475df75284 100644 --- a/locales/en/LC_MESSAGES/messages.po +++ b/locales/en/LC_MESSAGES/messages.po @@ -305,7 +305,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " @@ -314,7 +314,7 @@ msgstr "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/es/LC_MESSAGES/messages.po b/locales/es/LC_MESSAGES/messages.po index ff9e155293..bf09ab86cb 100644 --- a/locales/es/LC_MESSAGES/messages.po +++ b/locales/es/LC_MESSAGES/messages.po @@ -314,7 +314,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/et/LC_MESSAGES/messages.po b/locales/et/LC_MESSAGES/messages.po index 5142f4eba1..7602cf1b46 100644 --- a/locales/et/LC_MESSAGES/messages.po +++ b/locales/et/LC_MESSAGES/messages.po @@ -284,7 +284,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/eu/LC_MESSAGES/messages.po b/locales/eu/LC_MESSAGES/messages.po index d56fd35d92..fcbfc20380 100644 --- a/locales/eu/LC_MESSAGES/messages.po +++ b/locales/eu/LC_MESSAGES/messages.po @@ -285,7 +285,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/fi/LC_MESSAGES/messages.po b/locales/fi/LC_MESSAGES/messages.po index a0a4f17253..5c368dd59f 100644 --- a/locales/fi/LC_MESSAGES/messages.po +++ b/locales/fi/LC_MESSAGES/messages.po @@ -210,7 +210,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/fr/LC_MESSAGES/messages.po b/locales/fr/LC_MESSAGES/messages.po index 8fae6b54f1..4b0c0c1222 100644 --- a/locales/fr/LC_MESSAGES/messages.po +++ b/locales/fr/LC_MESSAGES/messages.po @@ -294,7 +294,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/he/LC_MESSAGES/messages.po b/locales/he/LC_MESSAGES/messages.po index 41d57a8358..c7b951afd7 100644 --- a/locales/he/LC_MESSAGES/messages.po +++ b/locales/he/LC_MESSAGES/messages.po @@ -278,7 +278,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/hr/LC_MESSAGES/messages.po b/locales/hr/LC_MESSAGES/messages.po index 217dacd41f..311e4dcb9e 100644 --- a/locales/hr/LC_MESSAGES/messages.po +++ b/locales/hr/LC_MESSAGES/messages.po @@ -291,7 +291,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/hu/LC_MESSAGES/messages.po b/locales/hu/LC_MESSAGES/messages.po index 2d830c184f..ff18570761 100644 --- a/locales/hu/LC_MESSAGES/messages.po +++ b/locales/hu/LC_MESSAGES/messages.po @@ -280,7 +280,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/id/LC_MESSAGES/messages.po b/locales/id/LC_MESSAGES/messages.po index 18d2e9e261..766d29f248 100644 --- a/locales/id/LC_MESSAGES/messages.po +++ b/locales/id/LC_MESSAGES/messages.po @@ -284,7 +284,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/it/LC_MESSAGES/messages.po b/locales/it/LC_MESSAGES/messages.po index 834bbf4ed8..e7dc6296bb 100644 --- a/locales/it/LC_MESSAGES/messages.po +++ b/locales/it/LC_MESSAGES/messages.po @@ -293,7 +293,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/ja/LC_MESSAGES/messages.po b/locales/ja/LC_MESSAGES/messages.po index 78663b3959..6e1a809342 100644 --- a/locales/ja/LC_MESSAGES/messages.po +++ b/locales/ja/LC_MESSAGES/messages.po @@ -264,7 +264,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/lt/LC_MESSAGES/messages.po b/locales/lt/LC_MESSAGES/messages.po index ba3c5eef21..b752e12b81 100644 --- a/locales/lt/LC_MESSAGES/messages.po +++ b/locales/lt/LC_MESSAGES/messages.po @@ -286,7 +286,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/lv/LC_MESSAGES/messages.po b/locales/lv/LC_MESSAGES/messages.po index 9a9fec2cd0..da8f80a1b2 100644 --- a/locales/lv/LC_MESSAGES/messages.po +++ b/locales/lv/LC_MESSAGES/messages.po @@ -285,7 +285,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/nb/LC_MESSAGES/messages.po b/locales/nb/LC_MESSAGES/messages.po index 92ca07c69e..1b6bd0083b 100644 --- a/locales/nb/LC_MESSAGES/messages.po +++ b/locales/nb/LC_MESSAGES/messages.po @@ -297,7 +297,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/nl/LC_MESSAGES/messages.po b/locales/nl/LC_MESSAGES/messages.po index 8c6f2cd5c0..f7b322d7d9 100644 --- a/locales/nl/LC_MESSAGES/messages.po +++ b/locales/nl/LC_MESSAGES/messages.po @@ -307,7 +307,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/nn/LC_MESSAGES/messages.po b/locales/nn/LC_MESSAGES/messages.po index 3b8afa33a7..10b73e382d 100644 --- a/locales/nn/LC_MESSAGES/messages.po +++ b/locales/nn/LC_MESSAGES/messages.po @@ -294,7 +294,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/pl/LC_MESSAGES/messages.po b/locales/pl/LC_MESSAGES/messages.po index 4bce38672f..abaa738823 100644 --- a/locales/pl/LC_MESSAGES/messages.po +++ b/locales/pl/LC_MESSAGES/messages.po @@ -279,7 +279,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/pt-br/LC_MESSAGES/messages.po b/locales/pt-br/LC_MESSAGES/messages.po index 21d0e79878..78ab16f1ce 100644 --- a/locales/pt-br/LC_MESSAGES/messages.po +++ b/locales/pt-br/LC_MESSAGES/messages.po @@ -280,7 +280,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/pt/LC_MESSAGES/messages.po b/locales/pt/LC_MESSAGES/messages.po index 0c2f0ee563..26e914612a 100644 --- a/locales/pt/LC_MESSAGES/messages.po +++ b/locales/pt/LC_MESSAGES/messages.po @@ -262,7 +262,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/ro/LC_MESSAGES/messages.po b/locales/ro/LC_MESSAGES/messages.po index 20292d7c00..f11e3702d8 100644 --- a/locales/ro/LC_MESSAGES/messages.po +++ b/locales/ro/LC_MESSAGES/messages.po @@ -297,7 +297,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/ru/LC_MESSAGES/messages.po b/locales/ru/LC_MESSAGES/messages.po index 9fa30f9281..611ef649ef 100644 --- a/locales/ru/LC_MESSAGES/messages.po +++ b/locales/ru/LC_MESSAGES/messages.po @@ -299,7 +299,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/sl/LC_MESSAGES/messages.po b/locales/sl/LC_MESSAGES/messages.po index 24ae631384..3e2290ae21 100644 --- a/locales/sl/LC_MESSAGES/messages.po +++ b/locales/sl/LC_MESSAGES/messages.po @@ -284,7 +284,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/sr/LC_MESSAGES/messages.po b/locales/sr/LC_MESSAGES/messages.po index a59dcaf16c..0d19168199 100644 --- a/locales/sr/LC_MESSAGES/messages.po +++ b/locales/sr/LC_MESSAGES/messages.po @@ -291,7 +291,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/st/LC_MESSAGES/messages.po b/locales/st/LC_MESSAGES/messages.po index 4d73d9ff60..7668f78763 100644 --- a/locales/st/LC_MESSAGES/messages.po +++ b/locales/st/LC_MESSAGES/messages.po @@ -369,7 +369,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/sv/LC_MESSAGES/messages.po b/locales/sv/LC_MESSAGES/messages.po index 9fb522c8c8..8b14a8ae12 100644 --- a/locales/sv/LC_MESSAGES/messages.po +++ b/locales/sv/LC_MESSAGES/messages.po @@ -290,7 +290,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/tr/LC_MESSAGES/messages.po b/locales/tr/LC_MESSAGES/messages.po index 281b739d40..d64dde933c 100644 --- a/locales/tr/LC_MESSAGES/messages.po +++ b/locales/tr/LC_MESSAGES/messages.po @@ -270,7 +270,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/xh/LC_MESSAGES/messages.po b/locales/xh/LC_MESSAGES/messages.po index 9c02a9d3ba..d061a4ad5d 100644 --- a/locales/xh/LC_MESSAGES/messages.po +++ b/locales/xh/LC_MESSAGES/messages.po @@ -174,7 +174,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/zh-tw/LC_MESSAGES/messages.po b/locales/zh-tw/LC_MESSAGES/messages.po index 0a510b41a9..3a090256ad 100644 --- a/locales/zh-tw/LC_MESSAGES/messages.po +++ b/locales/zh-tw/LC_MESSAGES/messages.po @@ -283,7 +283,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/zh/LC_MESSAGES/messages.po b/locales/zh/LC_MESSAGES/messages.po index 03548632fb..0856bcdc4b 100644 --- a/locales/zh/LC_MESSAGES/messages.po +++ b/locales/zh/LC_MESSAGES/messages.po @@ -266,7 +266,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/locales/zu/LC_MESSAGES/messages.po b/locales/zu/LC_MESSAGES/messages.po index 8ddfff18fe..0c85f5abb2 100644 --- a/locales/zu/LC_MESSAGES/messages.po +++ b/locales/zu/LC_MESSAGES/messages.po @@ -177,7 +177,7 @@ msgid "" "The information about the current logout operation has been lost. You " "should return to the service you were trying to log out from and try to " "log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amout of time - " +"expiring. The logout information is stored for a limited amount of time - " "usually a number of hours. This is longer than any normal logout " "operation should take, so this error may indicate some other error with " "the configuration. If the problem persists, contact your service " diff --git a/modules/admin/locales/af/LC_MESSAGES/admin.po b/modules/admin/locales/af/LC_MESSAGES/admin.po index 9924b6066b..3c3f789b4a 100644 --- a/modules/admin/locales/af/LC_MESSAGES/admin.po +++ b/modules/admin/locales/af/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "" msgid "Converted metadata" msgstr "" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/ar/LC_MESSAGES/admin.po b/modules/admin/locales/ar/LC_MESSAGES/admin.po index 9f7deebd5e..a32e45a9d6 100644 --- a/modules/admin/locales/ar/LC_MESSAGES/admin.po +++ b/modules/admin/locales/ar/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "حلل" msgid "Converted metadata" msgstr "بيانات وصفية محولة" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/cs/LC_MESSAGES/admin.po b/modules/admin/locales/cs/LC_MESSAGES/admin.po index 4af5d923cb..f2f89da8d4 100644 --- a/modules/admin/locales/cs/LC_MESSAGES/admin.po +++ b/modules/admin/locales/cs/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Analýza" msgid "Converted metadata" msgstr "Konvertovaná metadata" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/da/LC_MESSAGES/admin.po b/modules/admin/locales/da/LC_MESSAGES/admin.po index 3d15924ef6..ba53db1dfb 100644 --- a/modules/admin/locales/da/LC_MESSAGES/admin.po +++ b/modules/admin/locales/da/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Parse" msgid "Converted metadata" msgstr "Konverteret metadata" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/de/LC_MESSAGES/admin.po b/modules/admin/locales/de/LC_MESSAGES/admin.po index e8315a141b..fd0a6be4dc 100644 --- a/modules/admin/locales/de/LC_MESSAGES/admin.po +++ b/modules/admin/locales/de/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Parse" msgid "Converted metadata" msgstr "Konvertierte Metadaten" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/el/LC_MESSAGES/admin.po b/modules/admin/locales/el/LC_MESSAGES/admin.po index aceb16deda..c49d9f9be6 100644 --- a/modules/admin/locales/el/LC_MESSAGES/admin.po +++ b/modules/admin/locales/el/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Ανάλυση" msgid "Converted metadata" msgstr "Μετατραπέντα μεταδεδομένα" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/en/LC_MESSAGES/admin.po b/modules/admin/locales/en/LC_MESSAGES/admin.po index 078bb639a2..d46fc7409f 100644 --- a/modules/admin/locales/en/LC_MESSAGES/admin.po +++ b/modules/admin/locales/en/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "" msgid "Converted metadata" msgstr "" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/es/LC_MESSAGES/admin.po b/modules/admin/locales/es/LC_MESSAGES/admin.po index 730ba98a1a..530d24ca8d 100644 --- a/modules/admin/locales/es/LC_MESSAGES/admin.po +++ b/modules/admin/locales/es/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Analizar" msgid "Converted metadata" msgstr "Metadatos convertidos" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/et/LC_MESSAGES/admin.po b/modules/admin/locales/et/LC_MESSAGES/admin.po index e80e5952c3..61d5393220 100644 --- a/modules/admin/locales/et/LC_MESSAGES/admin.po +++ b/modules/admin/locales/et/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Parsi" msgid "Converted metadata" msgstr "Teisendatud metaandmed" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/eu/LC_MESSAGES/admin.po b/modules/admin/locales/eu/LC_MESSAGES/admin.po index a5cfd16373..9a98c0fb0a 100644 --- a/modules/admin/locales/eu/LC_MESSAGES/admin.po +++ b/modules/admin/locales/eu/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Aztertu" msgid "Converted metadata" msgstr "Bihurtutako metadatuak" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/fi/LC_MESSAGES/admin.po b/modules/admin/locales/fi/LC_MESSAGES/admin.po index 7d7ca87d0e..db4251a7b3 100644 --- a/modules/admin/locales/fi/LC_MESSAGES/admin.po +++ b/modules/admin/locales/fi/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "" msgid "Converted metadata" msgstr "" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/fr/LC_MESSAGES/admin.po b/modules/admin/locales/fr/LC_MESSAGES/admin.po index a106c0617f..54c1444798 100644 --- a/modules/admin/locales/fr/LC_MESSAGES/admin.po +++ b/modules/admin/locales/fr/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Analyser" msgid "Converted metadata" msgstr "Métadonnées converties" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/he/LC_MESSAGES/admin.po b/modules/admin/locales/he/LC_MESSAGES/admin.po index d99c5cf25c..999c9dbe53 100644 --- a/modules/admin/locales/he/LC_MESSAGES/admin.po +++ b/modules/admin/locales/he/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "נתח" msgid "Converted metadata" msgstr "מטא-מידע מומר" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/hr/LC_MESSAGES/admin.po b/modules/admin/locales/hr/LC_MESSAGES/admin.po index 0976e848cf..aff277a705 100644 --- a/modules/admin/locales/hr/LC_MESSAGES/admin.po +++ b/modules/admin/locales/hr/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Analiziraj" msgid "Converted metadata" msgstr "Pretvoreni metapodaci" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/hu/LC_MESSAGES/admin.po b/modules/admin/locales/hu/LC_MESSAGES/admin.po index 18142bebf9..403b6fe859 100644 --- a/modules/admin/locales/hu/LC_MESSAGES/admin.po +++ b/modules/admin/locales/hu/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Értelmez" msgid "Converted metadata" msgstr "Konvertált metaadatok" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/id/LC_MESSAGES/admin.po b/modules/admin/locales/id/LC_MESSAGES/admin.po index e6b7247a10..de458c00e3 100644 --- a/modules/admin/locales/id/LC_MESSAGES/admin.po +++ b/modules/admin/locales/id/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Parse" msgid "Converted metadata" msgstr "Metadata yang telah dikonvesi" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/it/LC_MESSAGES/admin.po b/modules/admin/locales/it/LC_MESSAGES/admin.po index 894b0971d5..5534ecb651 100644 --- a/modules/admin/locales/it/LC_MESSAGES/admin.po +++ b/modules/admin/locales/it/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Analisi" msgid "Converted metadata" msgstr "Metadati convertiti" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/ja/LC_MESSAGES/admin.po b/modules/admin/locales/ja/LC_MESSAGES/admin.po index a76b0c9fa6..a598b87b4e 100644 --- a/modules/admin/locales/ja/LC_MESSAGES/admin.po +++ b/modules/admin/locales/ja/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "パース" msgid "Converted metadata" msgstr "変換されたメタデータ" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/lb/LC_MESSAGES/admin.po b/modules/admin/locales/lb/LC_MESSAGES/admin.po index c32355ddeb..f395616453 100644 --- a/modules/admin/locales/lb/LC_MESSAGES/admin.po +++ b/modules/admin/locales/lb/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "" msgid "Converted metadata" msgstr "" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/lt/LC_MESSAGES/admin.po b/modules/admin/locales/lt/LC_MESSAGES/admin.po index 5382d9fc8d..3c9fd64ae7 100644 --- a/modules/admin/locales/lt/LC_MESSAGES/admin.po +++ b/modules/admin/locales/lt/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Nagrinėti" msgid "Converted metadata" msgstr "Sukonvertuoti metaduomenys" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/lv/LC_MESSAGES/admin.po b/modules/admin/locales/lv/LC_MESSAGES/admin.po index 6678c3a233..34b4658364 100644 --- a/modules/admin/locales/lv/LC_MESSAGES/admin.po +++ b/modules/admin/locales/lv/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Parsēt" msgid "Converted metadata" msgstr "Konvertētie metadati" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/nb/LC_MESSAGES/admin.po b/modules/admin/locales/nb/LC_MESSAGES/admin.po index 8063d08708..27084a3eea 100644 --- a/modules/admin/locales/nb/LC_MESSAGES/admin.po +++ b/modules/admin/locales/nb/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Pars" msgid "Converted metadata" msgstr "Konvertert metadata" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/nl/LC_MESSAGES/admin.po b/modules/admin/locales/nl/LC_MESSAGES/admin.po index bf2f0b26f1..69490b2134 100644 --- a/modules/admin/locales/nl/LC_MESSAGES/admin.po +++ b/modules/admin/locales/nl/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Converteer" msgid "Converted metadata" msgstr "Geconverteerde metadata" -msgid "An error occured" +msgid "An error occurred" msgstr "Er trad een fout op" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/nn/LC_MESSAGES/admin.po b/modules/admin/locales/nn/LC_MESSAGES/admin.po index b69477ca89..5ca0db439f 100644 --- a/modules/admin/locales/nn/LC_MESSAGES/admin.po +++ b/modules/admin/locales/nn/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Parser" msgid "Converted metadata" msgstr "Konverterte metadata" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/pl/LC_MESSAGES/admin.po b/modules/admin/locales/pl/LC_MESSAGES/admin.po index 78d905aa9a..58b58996b0 100644 --- a/modules/admin/locales/pl/LC_MESSAGES/admin.po +++ b/modules/admin/locales/pl/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Przetwórz" msgid "Converted metadata" msgstr "Skonwertowane metadane" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/pt-br/LC_MESSAGES/admin.po b/modules/admin/locales/pt-br/LC_MESSAGES/admin.po index 7dfbdd9ff5..c4898b740e 100644 --- a/modules/admin/locales/pt-br/LC_MESSAGES/admin.po +++ b/modules/admin/locales/pt-br/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Parse" msgid "Converted metadata" msgstr "Metadata convetida" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/pt/LC_MESSAGES/admin.po b/modules/admin/locales/pt/LC_MESSAGES/admin.po index 46020bd728..1edbbed9e6 100644 --- a/modules/admin/locales/pt/LC_MESSAGES/admin.po +++ b/modules/admin/locales/pt/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Converter" msgid "Converted metadata" msgstr "Resultado da conversão de Metadados" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/ro/LC_MESSAGES/admin.po b/modules/admin/locales/ro/LC_MESSAGES/admin.po index 4d159b3b59..a15e5077aa 100644 --- a/modules/admin/locales/ro/LC_MESSAGES/admin.po +++ b/modules/admin/locales/ro/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Analizează" msgid "Converted metadata" msgstr "Metadate convertite" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/ru/LC_MESSAGES/admin.po b/modules/admin/locales/ru/LC_MESSAGES/admin.po index f3a8eb6740..2bf901b6c8 100644 --- a/modules/admin/locales/ru/LC_MESSAGES/admin.po +++ b/modules/admin/locales/ru/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Выполнить синтаксический анализ" msgid "Converted metadata" msgstr "Преобразованные метаданные" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/sl/LC_MESSAGES/admin.po b/modules/admin/locales/sl/LC_MESSAGES/admin.po index 36a3c491dc..bd54eada07 100644 --- a/modules/admin/locales/sl/LC_MESSAGES/admin.po +++ b/modules/admin/locales/sl/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Sintaktična analiza (parse)" msgid "Converted metadata" msgstr "Pretvorjeni metapodatki" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/sr/LC_MESSAGES/admin.po b/modules/admin/locales/sr/LC_MESSAGES/admin.po index 42766f6e5a..ed6d1812d2 100644 --- a/modules/admin/locales/sr/LC_MESSAGES/admin.po +++ b/modules/admin/locales/sr/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Analiziraj" msgid "Converted metadata" msgstr "Konvertovani metapodaci" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/st/LC_MESSAGES/admin.po b/modules/admin/locales/st/LC_MESSAGES/admin.po index f700dad9a1..d87946f22e 100644 --- a/modules/admin/locales/st/LC_MESSAGES/admin.po +++ b/modules/admin/locales/st/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "" msgid "Converted metadata" msgstr "" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/sv/LC_MESSAGES/admin.po b/modules/admin/locales/sv/LC_MESSAGES/admin.po index 5dbc2cfe8d..f44b720fdd 100644 --- a/modules/admin/locales/sv/LC_MESSAGES/admin.po +++ b/modules/admin/locales/sv/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Analysera" msgid "Converted metadata" msgstr "Omformat metadata" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/tr/LC_MESSAGES/admin.po b/modules/admin/locales/tr/LC_MESSAGES/admin.po index aab819fde5..528b6bb408 100644 --- a/modules/admin/locales/tr/LC_MESSAGES/admin.po +++ b/modules/admin/locales/tr/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "Çözümle" msgid "Converted metadata" msgstr "Dönüştürülmüş üstveri (metadata)" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/xh/LC_MESSAGES/admin.po b/modules/admin/locales/xh/LC_MESSAGES/admin.po index 2733c972e9..293ff4bad3 100644 --- a/modules/admin/locales/xh/LC_MESSAGES/admin.po +++ b/modules/admin/locales/xh/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "" msgid "Converted metadata" msgstr "" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/zh-tw/LC_MESSAGES/admin.po b/modules/admin/locales/zh-tw/LC_MESSAGES/admin.po index c156464edb..62baaf172b 100644 --- a/modules/admin/locales/zh-tw/LC_MESSAGES/admin.po +++ b/modules/admin/locales/zh-tw/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "解析" msgid "Converted metadata" msgstr "已轉換之 Metadata" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/zh/LC_MESSAGES/admin.po b/modules/admin/locales/zh/LC_MESSAGES/admin.po index cb29dc4d43..36339e22ff 100644 --- a/modules/admin/locales/zh/LC_MESSAGES/admin.po +++ b/modules/admin/locales/zh/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "分析器" msgid "Converted metadata" msgstr "转换过的元信息" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/locales/zu/LC_MESSAGES/admin.po b/modules/admin/locales/zu/LC_MESSAGES/admin.po index 007eb6e899..407d54b756 100644 --- a/modules/admin/locales/zu/LC_MESSAGES/admin.po +++ b/modules/admin/locales/zu/LC_MESSAGES/admin.po @@ -68,7 +68,7 @@ msgstr "" msgid "Converted metadata" msgstr "" -msgid "An error occured" +msgid "An error occurred" msgstr "" msgid "Test Authentication Sources" diff --git a/modules/admin/templates/metadata_converter.twig b/modules/admin/templates/metadata_converter.twig index f8d85ab667..33da7abf1b 100644 --- a/modules/admin/templates/metadata_converter.twig +++ b/modules/admin/templates/metadata_converter.twig @@ -51,7 +51,7 @@ {%- endfor -%} {% elseif error is not null %}
-

{{ 'An error occured'|trans }}

+

{{ 'An error occurred'|trans }}

  {{ error }}
diff --git a/modules/core/docs/authproc_languageadaptor.md b/modules/core/docs/authproc_languageadaptor.md index f9efbd7420..b6806a0d39 100644 --- a/modules/core/docs/authproc_languageadaptor.md +++ b/modules/core/docs/authproc_languageadaptor.md @@ -32,7 +32,7 @@ Default attribute (`preferredLanguage`): ], ], -Custon attribute: +Custom attribute: 'authproc' => [ 50 => [ diff --git a/modules/core/src/Auth/Process/AttributeAdd.php b/modules/core/src/Auth/Process/AttributeAdd.php index 10c571fb5b..54439e9017 100644 --- a/modules/core/src/Auth/Process/AttributeAdd.php +++ b/modules/core/src/Auth/Process/AttributeAdd.php @@ -18,7 +18,7 @@ class AttributeAdd extends Auth\ProcessingFilter { /** - * Flag which indicates wheter this filter should append new values or replace old values. + * Flag which indicates whether this filter should append new values or replace old values. * @var bool */ private bool $replace = false; diff --git a/modules/core/src/Auth/Process/AttributeLimit.php b/modules/core/src/Auth/Process/AttributeLimit.php index e2f3c5041a..b76e05128a 100644 --- a/modules/core/src/Auth/Process/AttributeLimit.php +++ b/modules/core/src/Auth/Process/AttributeLimit.php @@ -155,7 +155,7 @@ private function filterAttributeValues(array $values, array $allowedConfigValues break; } elseif ($regexResult === 1) { $matchedValues[] = $attributeValue; - // Remove matched value incase a subsequent regex also matches it. + // Remove matched value in case a subsequent regex also matches it. unset($values[$index]); } } diff --git a/modules/core/src/Auth/Process/Cardinality.php b/modules/core/src/Auth/Process/Cardinality.php index 74d0eb820a..0ad1c1ec97 100644 --- a/modules/core/src/Auth/Process/Cardinality.php +++ b/modules/core/src/Auth/Process/Cardinality.php @@ -90,7 +90,7 @@ public function __construct(array &$config, $reserved, Utils\HTTP $httpUtils = n && array_key_exists('max', $this->cardinality[$attribute]) && $this->cardinality[$attribute]['min'] > $this->cardinality[$attribute]['max'] ) { - throw new Error\Exception('Minimum cardinality must be less than maximium: ' . + throw new Error\Exception('Minimum cardinality must be less than maximum: ' . var_export($attribute, true)); } diff --git a/modules/exampleauth/src/Auth/Source/External.php b/modules/exampleauth/src/Auth/Source/External.php index 39b7063cee..4bbc9c865d 100644 --- a/modules/exampleauth/src/Auth/Source/External.php +++ b/modules/exampleauth/src/Auth/Source/External.php @@ -230,7 +230,7 @@ public static function resume(Request $request): void /* * OK, now we know that our current state is sane. Time to actually log the user in. * - * First we check that the user is acutally logged in, and didn't simply skip the login page. + * First we check that the user is actually logged in, and didn't simply skip the login page. */ $attributes = $source->getUser(); if ($attributes === null) { diff --git a/modules/multiauth/src/Auth/Source/MultiAuth.php b/modules/multiauth/src/Auth/Source/MultiAuth.php index 9b974105e5..e75fdafe5f 100644 --- a/modules/multiauth/src/Auth/Source/MultiAuth.php +++ b/modules/multiauth/src/Auth/Source/MultiAuth.php @@ -206,7 +206,7 @@ public function authenticate(array &$state): void /** * Delegate authentication. * - * This method is called once the user has choosen one authentication + * This method is called once the user has chosen one authentication * source. It saves the selected authentication source in the session * to be able to logout properly. Then it calls the authenticate method * on such selected authentication source. diff --git a/modules/saml/src/Auth/Process/SubjectID.php b/modules/saml/src/Auth/Process/SubjectID.php index e2d5e659b6..9e0ccd41aa 100644 --- a/modules/saml/src/Auth/Process/SubjectID.php +++ b/modules/saml/src/Auth/Process/SubjectID.php @@ -199,7 +199,7 @@ protected function getScopeAttribute(array $state): ?string /** - * Test the generated identifier to ensure compliancy with the specifications. + * Test the generated identifier to ensure it's compliant with the specifications. * Log a warning when the generated value is considered to be weak * * @param string $value diff --git a/modules/saml/src/Controller/WebBrowserSingleSignOn.php b/modules/saml/src/Controller/WebBrowserSingleSignOn.php index 70c447b40e..520e1d1850 100644 --- a/modules/saml/src/Controller/WebBrowserSingleSignOn.php +++ b/modules/saml/src/Controller/WebBrowserSingleSignOn.php @@ -82,7 +82,7 @@ public function artifactResolutionService(): RunnableResponse } if (!($request instanceof ArtifactResolve)) { - throw new Exception('Message received on ArtifactResolutionService wasn\'t a ArtifactResolve request.'); + throw new Exception("Message received on ArtifactResolutionService wasn't a ArtifactResolve request."); } $issuer = $request->getIssuer(); diff --git a/modules/saml/src/IdP/SAML2.php b/modules/saml/src/IdP/SAML2.php index d5b4a08af1..afefa56568 100644 --- a/modules/saml/src/IdP/SAML2.php +++ b/modules/saml/src/IdP/SAML2.php @@ -387,7 +387,7 @@ public static function receiveAuthnRequest(IdP $idp): void if (!($request instanceof AuthnRequest)) { throw new Error\BadRequest( - 'Message received on authentication request endpoint wasn\'t an authentication request.' + "Message received on authentication request endpoint wasn't an authentication request." ); } diff --git a/phpcs.xml b/phpcs.xml index 18988c0964..9bdd0c40b1 100644 --- a/phpcs.xml +++ b/phpcs.xml @@ -19,7 +19,7 @@ www/assets/css/* www/assets/js/* - + diff --git a/src/SimpleSAML/Auth/ProcessingChain.php b/src/SimpleSAML/Auth/ProcessingChain.php index 1de3dbb43b..262e957442 100644 --- a/src/SimpleSAML/Auth/ProcessingChain.php +++ b/src/SimpleSAML/Auth/ProcessingChain.php @@ -125,8 +125,9 @@ private static function parseFilterList(array $filterSrc): array } if (!is_array($filter)) { - throw new Exception('Invalid authentication processing filter configuration: ' . - 'One of the filters wasn\'t a string or an array.'); + throw new Exception( + "Invalid authentication processing filter configuration: One of the filters wasn't a string or an array." + ); } $parsedFilters[] = self::parseFilter($filter, $priority); diff --git a/src/SimpleSAML/Error/ErrorCodes.php b/src/SimpleSAML/Error/ErrorCodes.php index e6866ec8ba..cb56add5bc 100644 --- a/src/SimpleSAML/Error/ErrorCodes.php +++ b/src/SimpleSAML/Error/ErrorCodes.php @@ -109,7 +109,7 @@ final public static function defaultGetAllErrorCodeDescriptions(): array "The information about the current logout operation has been lost. You " . "should return to the service you were trying to log out from and try to " . "log out again. This error can be caused by the logout information " . - "expiring. The logout information is stored for a limited amout of time - " . + "expiring. The logout information is stored for a limited amount of time - " . "usually a number of hours. This is longer than any normal logout " . "operation should take, so this error may indicate some other error with " . "the configuration. If the problem persists, contact your service " . diff --git a/src/SimpleSAML/Memcache.php b/src/SimpleSAML/Memcache.php index 493db7f30b..70bd0e7976 100644 --- a/src/SimpleSAML/Memcache.php +++ b/src/SimpleSAML/Memcache.php @@ -10,7 +10,7 @@ * This file implements functions to read and write to a group of memcache * servers. * - * The goals of this storage class is to provide failover, redudancy and load + * The goals of this storage class is to provide failover, redundancy and load * balancing. This is accomplished by storing the data object to several * groups of memcache servers. Each data object is replicated to every group * of memcache servers, but it is only stored to one server in each group. @@ -293,7 +293,7 @@ private static function loadMemcacheServerGroup(array $group, $index = null) if (!is_array($server)) { throw new \Exception( 'Invalid value for the server with index ' . $index . - '. Remeber that the \'memcache_store.servers\' configuration option' . + '. Remember that the \'memcache_store.servers\' configuration option' . ' contains an array of arrays of arrays.' ); } @@ -339,7 +339,7 @@ private static function getMemcacheServers(): array if (!is_array($group)) { throw new \Exception( "Invalid value for the server with index " . $index . - ". Remeber that the 'memcache_store.servers' configuration option" . + ". Remember that the 'memcache_store.servers' configuration option" . ' contains an array of arrays of arrays.' ); } diff --git a/src/SimpleSAML/Metadata/Sources/MDQ.php b/src/SimpleSAML/Metadata/Sources/MDQ.php index 92ab225c10..54f91b1f73 100644 --- a/src/SimpleSAML/Metadata/Sources/MDQ.php +++ b/src/SimpleSAML/Metadata/Sources/MDQ.php @@ -196,7 +196,7 @@ private function getFromCache(string $set, string $entityId): ?array } if (!is_array($data)) { - throw new Exception(sprintf('%s: Cached metadata from "%s" wasn\'t an array.', __CLASS__, strval($file))); + throw new Exception(sprintf("%s: Cached metadata from \"%s\" wasn't an array.", __CLASS__, strval($file))); } return $data; diff --git a/src/SimpleSAML/Module.php b/src/SimpleSAML/Module.php index 6268dc41be..56130313d1 100644 --- a/src/SimpleSAML/Module.php +++ b/src/SimpleSAML/Module.php @@ -191,7 +191,7 @@ public static function process(Request $request = null): Response } if (!self::isModuleEnabled($module)) { - throw new Error\NotFound('The module \'' . $module . '\' was either not found, or wasn\'t enabled.'); + throw new Error\NotFound(sprintf("The module '%s' was either not found, or wasn't enabled.", $module)); } /* Make sure that the request isn't suspicious (contains references to current directory or parent directory or @@ -283,7 +283,7 @@ function ($val) { if (!$fileSystem->exists($path)) { // file not found Logger::info('Could not find file \'' . $path . '\'.'); - throw new Error\NotFound('The URL wasn\'t found in the module.'); + throw new Error\NotFound("The URL wasn't found in the module."); } if (mb_strtolower(substr($path, -4), 'UTF-8') === '.php') { diff --git a/src/SimpleSAML/Utils/HTTP.php b/src/SimpleSAML/Utils/HTTP.php index 5d80ed9a6c..36be7383de 100644 --- a/src/SimpleSAML/Utils/HTTP.php +++ b/src/SimpleSAML/Utils/HTTP.php @@ -733,7 +733,7 @@ public function getSelfHostWithNonStandardPort(): string { $url = $this->getBaseURL(); - /** @var int $colon getBaseURL() will allways return a valid URL */ + /** @var int $colon getBaseURL() will always return a valid URL */ $colon = strpos($url, '://'); $start = $colon + 3; $length = strcspn($url, '/', $start); @@ -834,7 +834,7 @@ public function getSelfURLHost(): string { $url = $this->getSelfURL(); - /** @var int $colon getBaseURL() will allways return a valid URL */ + /** @var int $colon getBaseURL() will always return a valid URL */ $colon = strpos($url, '://'); $start = $colon + 3; $length = strcspn($url, '/', $start) + $start; diff --git a/src/SimpleSAML/Utils/System.php b/src/SimpleSAML/Utils/System.php index e2dde4be3c..4ba37413b4 100644 --- a/src/SimpleSAML/Utils/System.php +++ b/src/SimpleSAML/Utils/System.php @@ -110,7 +110,7 @@ public function getTempDir(): string * Resolve a (possibly) relative path from the given base path. * * A path which starts with a stream wrapper pattern (e.g. s3://) will not be touched - * and returned as is - regardles of the value given as base path. + * and returned as is - regardless of the value given as base path. * If it starts with a '/' it is assumed to be absolute, all others are assumed to be * relative. The default base path is the root of the SimpleSAMLphp installation. * diff --git a/src/SimpleSAML/XML/Errors.php b/src/SimpleSAML/XML/Errors.php index ee34f8a92b..cfc9217104 100644 --- a/src/SimpleSAML/XML/Errors.php +++ b/src/SimpleSAML/XML/Errors.php @@ -123,7 +123,7 @@ public static function formatError(LibXMLError $error): string /** * Format a list of errors as a string. * - * This fucntion takes an array of LibXMLError objects and creates a string with all the errors. + * This function takes an array of LibXMLError objects and creates a string with all the errors. * Each error will be separated by a newline, and the string will end with a newline-character. * * @param array $errors An array of errors. diff --git a/src/SimpleSAML/XML/Signer.php b/src/SimpleSAML/XML/Signer.php index 17ac5b150a..44844f14d7 100644 --- a/src/SimpleSAML/XML/Signer.php +++ b/src/SimpleSAML/XML/Signer.php @@ -251,7 +251,7 @@ public function addCertificate(string $location, bool $full_path = false): void * @param \DOMElement $insertInto The DOMElement we should insert the signature element into. * @param \DOMElement|\DOMComment|\DOMText $insertBefore * The element we should insert the signature element before. Defaults to NULL, - * in which case the signature will be appended to the element spesified in $insertInto. + * in which case the signature will be appended to the element specified in $insertInto. * @throws \Exception */ public function sign(DOMElement $node, DOMElement $insertInto, $insertBefore = null): void diff --git a/tests/modules/core/src/Auth/Process/AttributeLimitTest.php b/tests/modules/core/src/Auth/Process/AttributeLimitTest.php index 7774ccf87c..829ba1ce43 100644 --- a/tests/modules/core/src/Auth/Process/AttributeLimitTest.php +++ b/tests/modules/core/src/Auth/Process/AttributeLimitTest.php @@ -287,7 +287,7 @@ public function testMatchAttributeValues(): void */ public function testBadOptionsNotTreatedAsValidValues(): void { - // Ensure really misconfigured ignoreCase and regex options are not interpretted as valid valus + // Ensure really misconfigured ignoreCase and regex options are not interpreted as valid valus $config = [ 'eduPersonAffiliation' => ['ignoreCase' => 'member', 'nomatch'], 'mail' => ['regex' => 'user@example.org', 'nomatch'] diff --git a/tests/modules/core/src/Storage/SQLPermanentStorageTest.php b/tests/modules/core/src/Storage/SQLPermanentStorageTest.php index 13dc5d1aab..75a48cc66e 100644 --- a/tests/modules/core/src/Storage/SQLPermanentStorageTest.php +++ b/tests/modules/core/src/Storage/SQLPermanentStorageTest.php @@ -60,7 +60,7 @@ public function testSetOverwrite(): void // Overwrite existing value self::$sql->set('testtype', 'testkey1', 'testkey2', 'testvaluemodified', 2); - // Test that the value was actually overwriten + // Test that the value was actually overwritten $result = self::$sql->getValue('testtype', 'testkey1', 'testkey2'); $this->assertEquals('testvaluemodified', $result); diff --git a/tests/modules/saml/src/Auth/Process/FilterScopesTest.php b/tests/modules/saml/src/Auth/Process/FilterScopesTest.php index 12deb77aad..89390149b3 100644 --- a/tests/modules/saml/src/Auth/Process/FilterScopesTest.php +++ b/tests/modules/saml/src/Auth/Process/FilterScopesTest.php @@ -85,7 +85,7 @@ public function testValidScopes(): void } /** - * Test implict scope matching on IdP hostname + * Test implicit scope matching on IdP hostname */ public function testImplicitScopes(): void { diff --git a/tests/modules/saml/src/Auth/Source/SPTest.php b/tests/modules/saml/src/Auth/Source/SPTest.php index 66868cdc1c..cbb804c9d2 100644 --- a/tests/modules/saml/src/Auth/Source/SPTest.php +++ b/tests/modules/saml/src/Auth/Source/SPTest.php @@ -1313,7 +1313,7 @@ public function testMetadataHostedNameDescriptionAbsentWhenNoAttributes(): void } /** - * SP config for attributes also requries name in metadata + * SP config for attributes also requires name in metadata */ public function testMetadataHostedAttributesRequiresName(): void { @@ -1390,7 +1390,7 @@ public function testMetadataHolderOfKeyViaProtocolBindingIsInMetadata(): void } /** - * SP config with certificate are reflected in metdata + * SP config with certificate are reflected in metadata */ public function testMetadatCertificateIsInMetadata(): void { @@ -1416,7 +1416,7 @@ public function testMetadatCertificateIsInMetadata(): void } /** - * SP config with certificate in rollocer scenario are reflected in metdata + * SP config with certificate in rollocer scenario are reflected in metadata */ public function testMetadatCertificateInRolloverIsInMetadata(): void { @@ -1526,7 +1526,7 @@ public function testLogoutRequest(): void $lr = $this->createLogoutRequest($state); - /** @var \SAML2\XML\samlp\Extensions $extentions */ + /** @var \SAML2\XML\samlp\Extensions $extensions */ $extensions = $lr->getExtensions(); $this->assertcount(1, $state['saml:logout:Extensions']); diff --git a/tests/src/SimpleSAML/ConfigurationTest.php b/tests/src/SimpleSAML/ConfigurationTest.php index 8509797ca2..719003bab2 100644 --- a/tests/src/SimpleSAML/ConfigurationTest.php +++ b/tests/src/SimpleSAML/ConfigurationTest.php @@ -602,7 +602,7 @@ public function testGetArrayizeString(): void 'opt_wrong' => 4, ]); - // Normale use + // Normal use $this->assertEquals($c->getArrayizeString('opt'), ['a', 'b', 'c']); $this->assertEquals($c->getArrayizeString('opt_str'), ['string']); @@ -627,7 +627,7 @@ public function testGetOptionalArrayizeString(): void 'opt_wrong' => 4, ]); - // Normale use + // Normal use $this->assertEquals($c->getOptionalArrayizeString('opt', ['d']), ['a', 'b', 'c']); $this->assertEquals($c->getOptionalArrayizeString('opt_str', ['test']), ['string']); @@ -813,7 +813,7 @@ public function testGetDefaultEndpoint(): void 'isDefault' => true, 'index' => 2, ], - // the first valid enpoint should be used even if it's marked as NOT default + // the first valid endpoint should be used even if it's marked as NOT default [ 'index' => 2, 'isDefault' => false, diff --git a/tests/src/SimpleSAML/LoggerTest.php b/tests/src/SimpleSAML/LoggerTest.php index 12a12846d9..b0c6557a9f 100644 --- a/tests/src/SimpleSAML/LoggerTest.php +++ b/tests/src/SimpleSAML/LoggerTest.php @@ -29,7 +29,7 @@ protected function setLoggingHandler(string $handler): void 'logging.level' => Logger::DEBUG ]; - // testing statics is slightly painful + // testing static methodss is slightly painful Configuration::loadFromArray($config, '[ARRAY]', 'simplesaml'); Logger::setLoggingHandler(null); } diff --git a/tests/src/SimpleSAML/Metadata/MetaDataStorageSourceTest.php b/tests/src/SimpleSAML/Metadata/MetaDataStorageSourceTest.php index 7408ca5920..655c678588 100644 --- a/tests/src/SimpleSAML/Metadata/MetaDataStorageSourceTest.php +++ b/tests/src/SimpleSAML/Metadata/MetaDataStorageSourceTest.php @@ -92,7 +92,7 @@ public function testLoadEntitiesStaticXMLSource(): void $this->assertCount(2, $entities, 'Only 2 of the entities are found'); $this->assertArrayHasKey($entityId1, $entities); $this->assertArrayHasKey($entityId2, $entities); - // search for non-existant entities + // search for non-existent entities $entities = $source->getMetaDataForEntities(['no-such-entity'], "saml20-idp-remote"); $this->assertCount(0, $entities, 'no matches expected'); } From 954b7d91c4d3f5b11f288104f450e3e47f88da38 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Sun, 10 Jul 2022 09:55:19 +0200 Subject: [PATCH 0009/1127] Fix for bin/get-translation-strings --- locales/af/LC_MESSAGES/messages.po | 1 - locales/ar/LC_MESSAGES/messages.po | 2 -- locales/cs/LC_MESSAGES/messages.po | 2 -- locales/da/LC_MESSAGES/messages.po | 2 -- locales/de/LC_MESSAGES/messages.po | 2 -- locales/el/LC_MESSAGES/messages.po | 2 -- locales/en/LC_MESSAGES/messages.po | 2 -- locales/es/LC_MESSAGES/messages.po | 2 -- locales/et/LC_MESSAGES/messages.po | 2 -- locales/eu/LC_MESSAGES/messages.po | 2 -- locales/fi/LC_MESSAGES/messages.po | 1 - locales/fr/LC_MESSAGES/messages.po | 2 -- locales/he/LC_MESSAGES/messages.po | 2 -- locales/hr/LC_MESSAGES/messages.po | 2 -- locales/hu/LC_MESSAGES/messages.po | 2 -- locales/id/LC_MESSAGES/messages.po | 2 -- locales/it/LC_MESSAGES/messages.po | 2 -- locales/ja/LC_MESSAGES/messages.po | 2 -- locales/lt/LC_MESSAGES/messages.po | 2 -- locales/lv/LC_MESSAGES/messages.po | 2 -- locales/nb/LC_MESSAGES/messages.po | 2 -- locales/nl/LC_MESSAGES/messages.po | 2 -- locales/nn/LC_MESSAGES/messages.po | 2 -- locales/pl/LC_MESSAGES/messages.po | 2 -- locales/pt-br/LC_MESSAGES/messages.po | 2 -- locales/pt/LC_MESSAGES/messages.po | 1 - locales/ro/LC_MESSAGES/messages.po | 2 -- locales/ru/LC_MESSAGES/messages.po | 2 -- locales/sl/LC_MESSAGES/messages.po | 2 -- locales/sr/LC_MESSAGES/messages.po | 2 -- locales/st/LC_MESSAGES/messages.po | 2 -- locales/sv/LC_MESSAGES/messages.po | 2 -- locales/tr/LC_MESSAGES/messages.po | 1 - locales/zh-tw/LC_MESSAGES/messages.po | 2 -- locales/zh/LC_MESSAGES/messages.po | 2 -- 35 files changed, 66 deletions(-) diff --git a/locales/af/LC_MESSAGES/messages.po b/locales/af/LC_MESSAGES/messages.po index 96c9a50066..0f678ade85 100644 --- a/locales/af/LC_MESSAGES/messages.po +++ b/locales/af/LC_MESSAGES/messages.po @@ -80,7 +80,6 @@ msgstr "Ligging" msgid "Unhandled exception" msgstr "Onverwagte foutmelding" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Kan geen metadata vind vir %ENTITYID%" diff --git a/locales/ar/LC_MESSAGES/messages.po b/locales/ar/LC_MESSAGES/messages.po index 3ab16f5079..eb29900f45 100644 --- a/locales/ar/LC_MESSAGES/messages.po +++ b/locales/ar/LC_MESSAGES/messages.po @@ -108,7 +108,6 @@ msgstr "الحقول الإجبارية أدناه مفقودة" msgid "Download the X509 certificates as PEM-encoded files." msgstr "حمل شهادات X509 كملفات بترميز PEM" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "لا يمكن تحديد موقع الميتاداتا ل %ENTITYID%" @@ -336,7 +335,6 @@ msgstr "" " بالمشرف علي تسجيل الدخول لهذه الخدمة و قم بإرسال تقرير الخطأ أعلاه لهم " "أيضاً " -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "ستستمر جلستك ل٪عدد ثواني٪ ثانية تبدأ الان" diff --git a/locales/cs/LC_MESSAGES/messages.po b/locales/cs/LC_MESSAGES/messages.po index d5409c627f..2c3b6e7f1b 100644 --- a/locales/cs/LC_MESSAGES/messages.po +++ b/locales/cs/LC_MESSAGES/messages.po @@ -110,7 +110,6 @@ msgstr "Následující požadovaná pole nenalezena" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Stáhněte certifikát X509 jako PEM-encoded soubor" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Nebyla nalezena metadata pro %ENTITYID%" @@ -337,7 +336,6 @@ msgstr "" "konfiguraci. Kontaktujte administrátora této přihlašovací služby a " "zašlete mu tuto zprávu." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Vaše sezení je platné ještě %remaining% sekund." diff --git a/locales/da/LC_MESSAGES/messages.po b/locales/da/LC_MESSAGES/messages.po index a209f6cf90..e85fe3dade 100644 --- a/locales/da/LC_MESSAGES/messages.po +++ b/locales/da/LC_MESSAGES/messages.po @@ -117,7 +117,6 @@ msgstr "Følgende obligatoriske felter kunne ikke findes " msgid "Download the X509 certificates as PEM-encoded files." msgstr "Download X509 certifikaterne som PEM-indkodet filer." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Kan ikke finde metadata for %ENTITYID%" @@ -350,7 +349,6 @@ msgstr "" "alternativt en ukendt fejl. Kontakt administratoren af denne tjeneste og " "rapportér så mange detaljer som muligt om fejlen" -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Du har %remaining% tilbage af din session" diff --git a/locales/de/LC_MESSAGES/messages.po b/locales/de/LC_MESSAGES/messages.po index 55ab150b45..9ac4befb9f 100644 --- a/locales/de/LC_MESSAGES/messages.po +++ b/locales/de/LC_MESSAGES/messages.po @@ -111,7 +111,6 @@ msgstr "Die folgenden notwendigen Felder wurden nicht gefunden" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Die X509-Zertifikate als PEM-kodierte Dateien herunterladen." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Keine Metadaten für %ENTITYID% gefunden" @@ -358,7 +357,6 @@ msgstr "" "Kontaktieren Sie bitte den Administrator dieses Dienstes und teilen die " "obige Fehlermeldung mit." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Ihre Sitzung ist noch für %remaining% Sekunden gültig." diff --git a/locales/el/LC_MESSAGES/messages.po b/locales/el/LC_MESSAGES/messages.po index 7336b131ce..d941673de6 100644 --- a/locales/el/LC_MESSAGES/messages.po +++ b/locales/el/LC_MESSAGES/messages.po @@ -118,7 +118,6 @@ msgstr "Τα παρακάτω υποχρεωτικά πεδία δε βρέθη msgid "Download the X509 certificates as PEM-encoded files." msgstr "Λήψη πιστοποιητικών X.509 σε κωδικοποίηση PEM." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Δεν ήταν δυνατό να βρεθούν μεταδεδομένα για την οντότητα %ENTITYID%" @@ -362,7 +361,6 @@ msgstr "" "εσφαλμένη ρύθμιση του SimpleSAMLphp. Επικοινωνήστε με τον διαχειριστή " "αυτής της υπηρεσίας συμπεριλαμβάνοντας το παραπάνω μήνυμα σφάλματος." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Απομένουν %remaining% δευτερόλεπτα μέχρι τη λήξη της συνεδρίας σας." diff --git a/locales/en/LC_MESSAGES/messages.po b/locales/en/LC_MESSAGES/messages.po index 475df75284..8c61f8e002 100644 --- a/locales/en/LC_MESSAGES/messages.po +++ b/locales/en/LC_MESSAGES/messages.po @@ -128,7 +128,6 @@ msgstr "The following required fields was not found" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Download the X509 certificates as PEM-encoded files." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Unable to locate metadata for %ENTITYID%" @@ -380,7 +379,6 @@ msgstr "" "misconfiguration of SimpleSAMLphp. Contact the administrator of this " "login service, and send them the error message above." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Your session is valid for %remaining% seconds from now." diff --git a/locales/es/LC_MESSAGES/messages.po b/locales/es/LC_MESSAGES/messages.po index bf09ab86cb..dacf3790be 100644 --- a/locales/es/LC_MESSAGES/messages.po +++ b/locales/es/LC_MESSAGES/messages.po @@ -129,7 +129,6 @@ msgstr "Los siguientes datos obligatorios no se han encontrado" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Descargar los certificados X509 en formato PEM." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "No se puede localizar los metadatos en %ENTITYID%" @@ -374,7 +373,6 @@ msgstr "" "administrador de este servicio de conexión y envíele el mensaje de error " "anterior." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Su sesión será valida durante %remaining% segundos." diff --git a/locales/et/LC_MESSAGES/messages.po b/locales/et/LC_MESSAGES/messages.po index 7602cf1b46..4cd9aa62cf 100644 --- a/locales/et/LC_MESSAGES/messages.po +++ b/locales/et/LC_MESSAGES/messages.po @@ -110,7 +110,6 @@ msgstr "Järgmisi kohuslikke välju ei leitud" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Lae alla X509 sertifikaadid PEM kodeeringus failidena." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Olemi metaandmeid ei leitud: %ENTITYID%" @@ -343,7 +342,6 @@ msgstr "" "valesti seadistamise tõttu. Võta ühendust selle sisselogimisteenuse " "administraatoriga ja saada talle ülalolev veateade." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Sinu sessioon kehtib veel %remaining% sekundit." diff --git a/locales/eu/LC_MESSAGES/messages.po b/locales/eu/LC_MESSAGES/messages.po index fcbfc20380..937c68c75b 100644 --- a/locales/eu/LC_MESSAGES/messages.po +++ b/locales/eu/LC_MESSAGES/messages.po @@ -109,7 +109,6 @@ msgstr "Derrigorrezko datu hauek ez dira aurkitu" msgid "Download the X509 certificates as PEM-encoded files." msgstr "X509 ziurtagiriak PEM formatuan deskargatu." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Ezin da aurkitu metadaturik %ENTITYID%-(a)rentzat" @@ -343,7 +342,6 @@ msgstr "" "okerra izan da. Jar zaitez harremanetan identifikazio zerbitzu honen " "administratzailearekin eta bidal iezaiozu lehenagoko errore mezua. " -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Zure saioa %remaining% segundoz izango da baliagarri." diff --git a/locales/fi/LC_MESSAGES/messages.po b/locales/fi/LC_MESSAGES/messages.po index 5c368dd59f..f6273642f5 100644 --- a/locales/fi/LC_MESSAGES/messages.po +++ b/locales/fi/LC_MESSAGES/messages.po @@ -260,7 +260,6 @@ msgstr "" "asetuksista. Ota yhteyttä identiteettipalvelun ylläpitäjään, ja sisällytä" " yllä oleva virheilmoitus." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Istuntosi on vielä voimassa %remaining% sekuntia" diff --git a/locales/fr/LC_MESSAGES/messages.po b/locales/fr/LC_MESSAGES/messages.po index 4b0c0c1222..5daae9d047 100644 --- a/locales/fr/LC_MESSAGES/messages.po +++ b/locales/fr/LC_MESSAGES/messages.po @@ -113,7 +113,6 @@ msgstr "Les champs suivants n'existent pas et sont requis" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Télécharger les certificats X509 en tant que fichiers encodés PEM." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Impossible de localiser les métadonnées pour %ENTITYID%" @@ -355,7 +354,6 @@ msgstr "" "mauvaise configuration de SimpleSAMLphp. Contactez l'administrateur de " "ce service d'identification et envoyez lui le message d'erreur." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Votre session est encore valide pour %remaining% secondes." diff --git a/locales/he/LC_MESSAGES/messages.po b/locales/he/LC_MESSAGES/messages.po index c7b951afd7..074501f8d5 100644 --- a/locales/he/LC_MESSAGES/messages.po +++ b/locales/he/LC_MESSAGES/messages.po @@ -109,7 +109,6 @@ msgstr "השדות הדרושים הבאים לא נמצאו" msgid "Download the X509 certificates as PEM-encoded files." msgstr "הורד את תעודות X509 כקבצי PEM-מקודד." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "לא ניתן לאתר מטא-מידע עבור %ENTITYID%" @@ -334,7 +333,6 @@ msgstr "" "שגיאה זו היא ככל הנראה בשל התנהגות בלתי צפויה או שגויה של SimpleSAMLphp. " "צור קשר עם מנהל המערכת של שירות ההתחברות הזה, ושלח לו את השגיאה למעלה." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "השיחה שלך ברת-תוקף לעוד %remaining% שניות מעכשיו." diff --git a/locales/hr/LC_MESSAGES/messages.po b/locales/hr/LC_MESSAGES/messages.po index 311e4dcb9e..3ceca799c7 100644 --- a/locales/hr/LC_MESSAGES/messages.po +++ b/locales/hr/LC_MESSAGES/messages.po @@ -114,7 +114,6 @@ msgstr "Nisu pronađena sljedeća obavezna polja" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Preuzmite X509 certifikate u PEM formatu." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Metapodaci za %ENTITYID% nisu pronađeni" @@ -351,7 +350,6 @@ msgstr "" "neispravne konfiguracije programskog alata SimpleSAMLphp. Kontaktirajte " "administratore ovog servisa i pošaljite im gore navedenu poruku o greški." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Vaša sjednica bit će valjana još %remaining% sekundi." diff --git a/locales/hu/LC_MESSAGES/messages.po b/locales/hu/LC_MESSAGES/messages.po index ff18570761..b928bfb1b2 100644 --- a/locales/hu/LC_MESSAGES/messages.po +++ b/locales/hu/LC_MESSAGES/messages.po @@ -110,7 +110,6 @@ msgstr "A következő kötelező mezők hiányoznak" msgid "Download the X509 certificates as PEM-encoded files." msgstr "PEM formátumú X509 tanúsítvány letöltése." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "%ENTITYID% entitáshoz nem található metadataA" @@ -340,7 +339,6 @@ msgstr "" "félrekonfigurálásával kapcsolatos. Kérjük, keresse meg a bejelentkező " "szolgáltatás adminisztrátorát, és küldje el neki a fenti hibaüzenetet!" -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Az ön munkamenete még %remaining% másodpercig érvényes" diff --git a/locales/id/LC_MESSAGES/messages.po b/locales/id/LC_MESSAGES/messages.po index 766d29f248..12c8970bfc 100644 --- a/locales/id/LC_MESSAGES/messages.po +++ b/locales/id/LC_MESSAGES/messages.po @@ -111,7 +111,6 @@ msgstr "Field-field yang diperlukan wajib disisi berikut ini tidak ditemukan" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Download sertifikat X509 sebagai file dikodekan-PEM." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Tidak dapat menemukan metadata untuk %ENTITYID%" @@ -344,7 +343,6 @@ msgstr "" " yang salah di SimpleSAMLphp. Hubungi administrator dari layanan login " "ini, dan kirimkan kepada mereka pesan error diatas." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Session anda valid untuk %remaining% detik dari sekarang." diff --git a/locales/it/LC_MESSAGES/messages.po b/locales/it/LC_MESSAGES/messages.po index e7dc6296bb..a88dcf96f8 100644 --- a/locales/it/LC_MESSAGES/messages.po +++ b/locales/it/LC_MESSAGES/messages.po @@ -111,7 +111,6 @@ msgstr "I seguenti campi, richiesti, non sono stati trovati" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Scarica i certificati X509 come file PEM-encoded" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Impossibile individuare i metatadi per %ENTITYID%" @@ -355,7 +354,6 @@ msgstr "" " di questo servizio di login con una copia del messaggio di errore " "riportato qui sopra." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "La tua sessione è valida per ulteriori %remaining% secondi." diff --git a/locales/ja/LC_MESSAGES/messages.po b/locales/ja/LC_MESSAGES/messages.po index 6e1a809342..776bcc1676 100644 --- a/locales/ja/LC_MESSAGES/messages.po +++ b/locales/ja/LC_MESSAGES/messages.po @@ -101,7 +101,6 @@ msgstr "未処理例外" msgid "The following required fields was not found" msgstr "以下の必須項目は見つかりませんでした" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "%ENTITYID% のメタデータが見つかりません" @@ -318,7 +317,6 @@ msgid "" "login service, and send them the error message above." msgstr "このエラーは恐らく未知の問題、またはSimpleSAMLphpの設定ミスです。ログインサービスの管理者に上記のエラーメッセージを連絡して下さい。" -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "セッションは今から %remaining% 秒間有効です" diff --git a/locales/lt/LC_MESSAGES/messages.po b/locales/lt/LC_MESSAGES/messages.po index b752e12b81..e66b6aeb60 100644 --- a/locales/lt/LC_MESSAGES/messages.po +++ b/locales/lt/LC_MESSAGES/messages.po @@ -111,7 +111,6 @@ msgstr "Šie privalomi laukai nerasti" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Parsisiųsti X509 sertifikatus kaip PEM koduotės failus." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Nepavyko rasti objekto %ENTITYID% metaduomenų" @@ -346,7 +345,6 @@ msgstr "" "sukonfigūravimo. Susisiekite su šios sistemos administratoriumi ir " "nusiųskite žemiau rodomą klaidos pranešimą." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Jūsų sesija galioja %remaining% sekundžių, skaičiuojant nuo šio momento." diff --git a/locales/lv/LC_MESSAGES/messages.po b/locales/lv/LC_MESSAGES/messages.po index da8f80a1b2..8ed98cc563 100644 --- a/locales/lv/LC_MESSAGES/messages.po +++ b/locales/lv/LC_MESSAGES/messages.po @@ -110,7 +110,6 @@ msgstr "Nav atrasti obligātie lauki" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Lejupielādēt X509 sertifikātus kā PEM-kodētus failus." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Nav iespējams atrast metadatus priekš %ENTITYID%" @@ -342,7 +341,6 @@ msgstr "" "Iespējams, kļūda radusies no neparedzētas darbības vai nepareizas " "SimpleSAMLphp konfigurācijas. Nosūtiet administratoram kļūdas ziņojumu." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Sesija ir derīga %remaining% sekundes no šī brīža." diff --git a/locales/nb/LC_MESSAGES/messages.po b/locales/nb/LC_MESSAGES/messages.po index 1b6bd0083b..7b388f75a1 100644 --- a/locales/nb/LC_MESSAGES/messages.po +++ b/locales/nb/LC_MESSAGES/messages.po @@ -120,7 +120,6 @@ msgstr "Følgende obligatoriske felter ble ikke funnet" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Last ned X509-sertifikatene som PEM-filer." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Ikke mulig å finne metadata for %ENTITYID%" @@ -355,7 +354,6 @@ msgstr "" "eller den er en følge av en uforutsett hendelse. Kontakt administratoren " "av denne tjenesten og rapporter så mye som mulig angående feilen." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Din sesjon er gyldig i %remaining% sekunder fra nå." diff --git a/locales/nl/LC_MESSAGES/messages.po b/locales/nl/LC_MESSAGES/messages.po index f7b322d7d9..c331c2e38f 100644 --- a/locales/nl/LC_MESSAGES/messages.po +++ b/locales/nl/LC_MESSAGES/messages.po @@ -125,7 +125,6 @@ msgstr "De volgende verplichte velden konden niet worden gevonden" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Download de X509-certificaten in PEM-formaat." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Kan geen metadata vinden voor %ENTITYID%" @@ -382,7 +381,6 @@ msgstr "" "door verkeerde configuratie van SimpleSAMLphp. Meld dit bij de beheerder " "van deze authenticatiedienst, en geef bovenstaande melding door." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Uw sessie is nog %remaining% seconden geldig vanaf dit moment." diff --git a/locales/nn/LC_MESSAGES/messages.po b/locales/nn/LC_MESSAGES/messages.po index 10b73e382d..39a5c22762 100644 --- a/locales/nn/LC_MESSAGES/messages.po +++ b/locales/nn/LC_MESSAGES/messages.po @@ -121,7 +121,6 @@ msgstr "Fann ikkje følgjande nødvendige felt" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Last ned X509-sertifikat som PEM-koda filer" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Klarer ikkje å finna metadata for %ENTITYID%" @@ -353,7 +352,6 @@ msgstr "" "eller ein ukjent feil. Kontakt administrator av tenesta og rapporter " "detaljar om feilen." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Din sesjon er gyldig i %remaining% sekund frå no." diff --git a/locales/pl/LC_MESSAGES/messages.po b/locales/pl/LC_MESSAGES/messages.po index abaa738823..f47ae103c9 100644 --- a/locales/pl/LC_MESSAGES/messages.po +++ b/locales/pl/LC_MESSAGES/messages.po @@ -110,7 +110,6 @@ msgstr "Nieobsługiwany błąd" msgid "The following required fields was not found" msgstr "Nastepujące wymagane pola nie zostały znalezione" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Nie można zlokalizować metadanych dotyczących %ENTITYID%" @@ -338,7 +337,6 @@ msgstr "" "konfigurację SimpleSAMLphp. Skontaktuj się z administratorem tego serwisu" " i wyślij mu powyższy błąd." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Twoja sesja jest jeszcze ważna przez %remaining% sekund" diff --git a/locales/pt-br/LC_MESSAGES/messages.po b/locales/pt-br/LC_MESSAGES/messages.po index 78ab16f1ce..eab95ccf60 100644 --- a/locales/pt-br/LC_MESSAGES/messages.po +++ b/locales/pt-br/LC_MESSAGES/messages.po @@ -108,7 +108,6 @@ msgstr "Exceção não tratada" msgid "The following required fields was not found" msgstr "Os seguintes campos requeridos não foram encontrados" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Não foi possível localizar os metadados de %ENTITYID%" @@ -340,7 +339,6 @@ msgstr "" "SimpleSAMLphp. Contate o administrador deste serviço de login e envie-lhe" " a mensagem de erro acima." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Sua sessão é válida por %remaining% segundos a partir de agora." diff --git a/locales/pt/LC_MESSAGES/messages.po b/locales/pt/LC_MESSAGES/messages.po index 26e914612a..e4dc3d09eb 100644 --- a/locales/pt/LC_MESSAGES/messages.po +++ b/locales/pt/LC_MESSAGES/messages.po @@ -316,7 +316,6 @@ msgstr "" "uma má configuração do SimpleSAMLphp. Contacte o administrador deste " "serviço de login, e comunique a mensagem de erro." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "A sua sessão é válida por %remaining% segundos." diff --git a/locales/ro/LC_MESSAGES/messages.po b/locales/ro/LC_MESSAGES/messages.po index f11e3702d8..8b2e386a78 100644 --- a/locales/ro/LC_MESSAGES/messages.po +++ b/locales/ro/LC_MESSAGES/messages.po @@ -116,7 +116,6 @@ msgstr "Următoarele câmpuri obligatorii nu au fost găsite" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Descărcați certificatele X509 ca fișiere PEM." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Nu pot fi localizate metadatele pentru %ENTITYID%" @@ -359,7 +358,6 @@ msgstr "" "administratorul acestui serviciu și să-i furnizați mesajul de eroare de " "mai sus." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Sesiunea dumneavoastră mai este validă încă %remaining%." diff --git a/locales/ru/LC_MESSAGES/messages.po b/locales/ru/LC_MESSAGES/messages.po index 611ef649ef..b15e9ad40c 100644 --- a/locales/ru/LC_MESSAGES/messages.po +++ b/locales/ru/LC_MESSAGES/messages.po @@ -121,7 +121,6 @@ msgstr "Следующие обязательные поля не найдены msgid "Download the X509 certificates as PEM-encoded files." msgstr "Скачать сертификаты X509 в формате PEM файлов." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Невозможно найти метаданные для %ENTITYID%" @@ -359,7 +358,6 @@ msgstr "" "неправильной конфигурации SimpleSAMLphp. Свяжитесь с администратором " "этого сервиса и отправьте ему вышеуказанное сообщение об ошибке." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Ваша сессия действительна в течение следующих %remaining% секунд." diff --git a/locales/sl/LC_MESSAGES/messages.po b/locales/sl/LC_MESSAGES/messages.po index 3e2290ae21..3f6a12d584 100644 --- a/locales/sl/LC_MESSAGES/messages.po +++ b/locales/sl/LC_MESSAGES/messages.po @@ -110,7 +110,6 @@ msgstr "Naslednjih zahtevanih polj ni bilo mogoče najti" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Prenesi X509 digitalno potrdilo v PEM datoteki." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Metapodatkov za %ENTITYID% ni bilo moč najti" @@ -338,7 +337,6 @@ msgstr "" "Ta napaka je verjetno posledica nepravilne konfiguracije SimpleSAMLphp-" "ja. Obrnite se na skrbnika in mu posredujte to napako." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Vaša trenutna seja je veljavna še %remaining% sekund." diff --git a/locales/sr/LC_MESSAGES/messages.po b/locales/sr/LC_MESSAGES/messages.po index 0d19168199..96caf72ec5 100644 --- a/locales/sr/LC_MESSAGES/messages.po +++ b/locales/sr/LC_MESSAGES/messages.po @@ -112,7 +112,6 @@ msgstr "Nisu pronađena sledeća opciona polja" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Preuzmite X509 sertifikate u PEM formatu." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Metapodaci za %ENTITYID% nisu pronađeni" @@ -351,7 +350,6 @@ msgstr "" " podešavanja SimpleSAMLphp-a. Kontaktirajte administratora ovog servisa i" " pošaljite mu poruku o grešci prikazanu iznad." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Vaša sesija će biti validna još %remaining% sekundi." diff --git a/locales/st/LC_MESSAGES/messages.po b/locales/st/LC_MESSAGES/messages.po index 7668f78763..d04e2483de 100644 --- a/locales/st/LC_MESSAGES/messages.po +++ b/locales/st/LC_MESSAGES/messages.po @@ -149,7 +149,6 @@ msgstr "E a sebetsa..." msgid "Metadata not found" msgstr "Metadata ha e a fumanwa" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Ha e kgone ho fumana metadata bakeng sa %ID YA SETHEO%" @@ -552,7 +551,6 @@ msgstr "" "Datha ya seshene ya hao ha e kgone ho fumanwa hona jwale ka lebaka la " "mathata a sethekeniki. Ka kopo leka hape kamora metsotso e mmalwa." -#, python-format msgid "Your session is valid for %SECONDS% seconds from now." msgstr "" "Seshene ya hao e na le matla feela bakeng sa metsotswana e %SECONDS% ho " diff --git a/locales/sv/LC_MESSAGES/messages.po b/locales/sv/LC_MESSAGES/messages.po index 8b14a8ae12..84652eab9f 100644 --- a/locales/sv/LC_MESSAGES/messages.po +++ b/locales/sv/LC_MESSAGES/messages.po @@ -111,7 +111,6 @@ msgstr "Följande nödvändiga alternativ hittades inte" msgid "Download the X509 certificates as PEM-encoded files." msgstr "Hämta X509-certifikaten som PEM-kodade filer." -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "Kan inte hitta metadata för %ENTITYID%" @@ -349,7 +348,6 @@ msgstr "" " av SimpleSAMLphp. Kontakta den som sköter inloggningtjänsten för att " "meddela dem ovanstående felmeddelande." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Din session är giltig för %remaining% sekunder från nu." diff --git a/locales/tr/LC_MESSAGES/messages.po b/locales/tr/LC_MESSAGES/messages.po index d64dde933c..944e8ac211 100644 --- a/locales/tr/LC_MESSAGES/messages.po +++ b/locales/tr/LC_MESSAGES/messages.po @@ -326,7 +326,6 @@ msgstr "" " ndeniyle oluşmuş olabilir. Bu oturum açma servisinin yöneticisi ile " "iletişim kurun ve yukarıdaki hata mesajını gönderin." -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "Oturumunuz, şu andan itibaren %remaining% saniyeliğine geçerlidir." diff --git a/locales/zh-tw/LC_MESSAGES/messages.po b/locales/zh-tw/LC_MESSAGES/messages.po index 3a090256ad..533f9b661d 100644 --- a/locales/zh-tw/LC_MESSAGES/messages.po +++ b/locales/zh-tw/LC_MESSAGES/messages.po @@ -114,7 +114,6 @@ msgstr "下列資料找不到必要欄位" msgid "Download the X509 certificates as PEM-encoded files." msgstr "下載 PEM 格式之 X.509 憑證檔案" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "無法找到詮釋資料於 %ENTITYID%" @@ -334,7 +333,6 @@ msgid "" "login service, and send them the error message above." msgstr "這個問題可能是因為 SimpleSAMLphp 的某些例外的行為或無效設定。連絡這個登入服務的管理員,以及傳送這些錯誤訊息。" -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "您的 session 從現在起還有 %remaining% 有效。" diff --git a/locales/zh/LC_MESSAGES/messages.po b/locales/zh/LC_MESSAGES/messages.po index 0856bcdc4b..7f6036d60a 100644 --- a/locales/zh/LC_MESSAGES/messages.po +++ b/locales/zh/LC_MESSAGES/messages.po @@ -103,7 +103,6 @@ msgstr "下列必需的区域没有找到" msgid "Download the X509 certificates as PEM-encoded files." msgstr "下载X509证书作为PEM编码的文件" -#, python-format msgid "Unable to locate metadata for %ENTITYID%" msgstr "无法为%ENTITYID%定位元信息" @@ -315,7 +314,6 @@ msgid "" "login service, and send them the error message above." msgstr "这个错误可能是由于一些意想不到的行为或者是SimpleSAMLphp的配置错误导致的,请联系这个登录服务器的管理员并把上面的错误消息发送给他们" -#, python-format msgid "Your session is valid for %remaining% seconds from now." msgstr "你的会话在%remaining%秒内有效" From 4f85be6e4fc75bbe7b9d95a283662affd3a45edb Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Sun, 10 Jul 2022 09:57:49 +0200 Subject: [PATCH 0010/1127] Run bin/get-translatable-strings --- locales/en/LC_MESSAGES/messages.po | 333 ++++++++++-------- modules/admin/locales/en/LC_MESSAGES/admin.po | 24 ++ modules/core/locales/en/LC_MESSAGES/core.po | 180 ++++++++-- modules/cron/locales/en/LC_MESSAGES/cron.po | 1 - .../locales/en/LC_MESSAGES/multiauth.po | 13 +- modules/saml/locales/en/LC_MESSAGES/saml.po | 31 +- 6 files changed, 387 insertions(+), 195 deletions(-) diff --git a/locales/en/LC_MESSAGES/messages.po b/locales/en/LC_MESSAGES/messages.po index 8c61f8e002..c1c6528ac4 100644 --- a/locales/en/LC_MESSAGES/messages.po +++ b/locales/en/LC_MESSAGES/messages.po @@ -1,4 +1,3 @@ - #, fuzzy msgid "" msgstr "" @@ -11,7 +10,7 @@ msgstr "" "Language-Team: \n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" +"Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Generated-By: Babel 2.3.4\n" @@ -43,11 +42,11 @@ msgid "Shib 1.3 Service Provider (Hosted)" msgstr "Shib 1.3 Service Provider (Hosted)" msgid "" -"LDAP is the user database, and when you try to login, we need to contact " -"an LDAP database. An error occurred when we tried it this time." +"LDAP is the user database, and when you try to login, we need to contact an " +"LDAP database. An error occurred when we tried it this time." msgstr "" -"LDAP is the user database, and when you try to login, we need to contact " -"an LDAP database. An error occurred when we tried it this time." +"LDAP is the user database, and when you try to login, we need to contact an " +"LDAP database. An error occurred when we tried it this time." msgid "" "Optionally enter your email address, for the administrators to be able " @@ -102,7 +101,8 @@ msgid "Incorrect username or password." msgstr "Incorrect username or password." msgid "There is an error in the request to this page. The reason was: %REASON%" -msgstr "There is an error in the request to this page. The reason was: %REASON%" +msgstr "" +"There is an error in the request to this page. The reason was: %REASON%" msgid "E-mail address:" msgstr "E-mail address:" @@ -151,18 +151,18 @@ msgid "CAS Error" msgstr "CAS Error" msgid "" -"The debug information below may be of interest to the administrator / " -"help desk:" +"The debug information below may be of interest to the administrator / help " +"desk:" msgstr "" -"The debug information below may be of interest to the administrator / " -"help desk:" +"The debug information below may be of interest to the administrator / help " +"desk:" msgid "" -"Either no user with the given username could be found, or the password " -"you gave was wrong. Please check the username and try again." +"Either no user with the given username could be found, or the password you " +"gave was wrong. Please check the username and try again." msgstr "" -"Either no user with the given username could be found, or the password " -"you gave was wrong. Please check the username and try again." +"Either no user with the given username could be found, or the password you " +"gave was wrong. Please check the username and try again." msgid "Error" msgstr "Error" @@ -177,11 +177,11 @@ msgid "State information lost" msgstr "State information lost" msgid "" -"The password in the configuration (auth.adminpassword) is not changed " -"from the default value. Please edit the configuration file." +"The password in the configuration (auth.adminpassword) is not changed from " +"the default value. Please edit the configuration file." msgstr "" -"The password in the configuration (auth.adminpassword) is not changed " -"from the default value. Please edit the configuration file." +"The password in the configuration (auth.adminpassword) is not changed from " +"the default value. Please edit the configuration file." msgid "Converted metadata" msgstr "Converted metadata" @@ -193,11 +193,11 @@ msgid "No, cancel" msgstr "No, cancel" msgid "" -"You have chosen %HOMEORG% as your home organization. If this is " -"wrong you may choose another one." +"You have chosen %HOMEORG% as your home organization. If this is wrong " +"you may choose another one." msgstr "" -"You have chosen %HOMEORG% as your home organization. If this is " -"wrong you may choose another one." +"You have chosen %HOMEORG% as your home organization. If this is wrong " +"you may choose another one." msgid "Error processing request from Service Provider" msgstr "Error processing request from Service Provider" @@ -206,11 +206,9 @@ msgid "Distinguished name (DN) of person's primary Organizational Unit" msgstr "Distinguished name (DN) of person's primary Organizational Unit" msgid "" -"To look at the details for an SAML entity, click on the SAML entity " -"header." +"To look at the details for an SAML entity, click on the SAML entity header." msgstr "" -"To look at the details for an SAML entity, click on the SAML entity " -"header." +"To look at the details for an SAML entity, click on the SAML entity header." msgid "Enter your username and password" msgstr "Enter your username and password" @@ -261,11 +259,9 @@ msgid "Authentication failed: the certificate your browser sent is unknown" msgstr "Authentication failed: the certificate your browser sent is unknown" msgid "" -"You are about to send a message. Hit the submit message button to " -"continue." +"You are about to send a message. Hit the submit message button to continue." msgstr "" -"You are about to send a message. Hit the submit message button to " -"continue." +"You are about to send a message. Hit the submit message button to continue." msgid "Home organization domain name" msgstr "Home organization domain name" @@ -301,23 +297,21 @@ msgid "LDAP Error" msgstr "LDAP Error" msgid "" -"The information about the current logout operation has been lost. You " -"should return to the service you were trying to log out from and try to " -"log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amount of time - " -"usually a number of hours. This is longer than any normal logout " -"operation should take, so this error may indicate some other error with " -"the configuration. If the problem persists, contact your service " -"provider." -msgstr "" -"The information about the current logout operation has been lost. You " -"should return to the service you were trying to log out from and try to " -"log out again. This error can be caused by the logout information " -"expiring. The logout information is stored for a limited amount of time - " -"usually a number of hours. This is longer than any normal logout " -"operation should take, so this error may indicate some other error with " -"the configuration. If the problem persists, contact your service " -"provider." +"The information about the current logout operation has been lost. You should " +"return to the service you were trying to log out from and try to log out " +"again. This error can be caused by the logout information expiring. The " +"logout information is stored for a limited amount of time - usually a number " +"of hours. This is longer than any normal logout operation should take, so " +"this error may indicate some other error with the configuration. If the " +"problem persists, contact your service provider." +msgstr "" +"The information about the current logout operation has been lost. You should " +"return to the service you were trying to log out from and try to log out " +"again. This error can be caused by the logout information expiring. The " +"logout information is stored for a limited amount of time - usually a number " +"of hours. This is longer than any normal logout operation should take, so " +"this error may indicate some other error with the configuration. If the " +"problem persists, contact your service provider." msgid "No SAML request provided" msgstr "No SAML request provided" @@ -330,12 +324,12 @@ msgstr "Organization" msgid "" "You accessed the Single Sign On Service interface, but did not provide a " -"SAML Authentication Request. Please note that this endpoint is not " -"intended to be accessed directly." +"SAML Authentication Request. Please note that this endpoint is not intended " +"to be accessed directly." msgstr "" "You accessed the Single Sign On Service interface, but did not provide a " -"SAML Authentication Request. Please note that this endpoint is not " -"intended to be accessed directly." +"SAML Authentication Request. Please note that this endpoint is not intended " +"to be accessed directly." msgid "No certificate" msgstr "No certificate" @@ -372,12 +366,12 @@ msgstr "An error occurred when trying to create the SAML request." msgid "" "This error probably is due to some unexpected behaviour or to " -"misconfiguration of SimpleSAMLphp. Contact the administrator of this " -"login service, and send them the error message above." +"misconfiguration of SimpleSAMLphp. Contact the administrator of this login " +"service, and send them the error message above." msgstr "" "This error probably is due to some unexpected behaviour or to " -"misconfiguration of SimpleSAMLphp. Contact the administrator of this " -"login service, and send them the error message above." +"misconfiguration of SimpleSAMLphp. Contact the administrator of this login " +"service, and send them the error message above." msgid "Your session is valid for %remaining% seconds from now." msgstr "Your session is valid for %remaining% seconds from now." @@ -416,8 +410,10 @@ msgstr "Date of birth" msgid "Private information elements" msgstr "Private information elements" -msgid "Person's non-reassignable, persistent pseudonymous ID at home organization" -msgstr "Person's non-reassignable, persistent pseudonymous ID at home organization" +msgid "" +"Person's non-reassignable, persistent pseudonymous ID at home organization" +msgstr "" +"Person's non-reassignable, persistent pseudonymous ID at home organization" msgid "You are also logged in on these services:" msgstr "You are also logged in on these services:" @@ -520,11 +516,11 @@ msgid "Logging out of the following services:" msgstr "Logging out of the following services:" msgid "" -"When this identity provider tried to create an authentication response, " -"an error occurred." +"When this identity provider tried to create an authentication response, an " +"error occurred." msgstr "" -"When this identity provider tried to create an authentication response, " -"an error occurred." +"When this identity provider tried to create an authentication response, an " +"error occurred." msgid "Could not create authentication response" msgstr "Could not create authentication response" @@ -577,12 +573,12 @@ msgstr "Primary affiliation" msgid "" "If you report this error, please also report this tracking number which " -"makes it possible to locate your session in the logs available to the " -"system administrator:" +"makes it possible to locate your session in the logs available to the system " +"administrator:" msgstr "" "If you report this error, please also report this tracking number which " -"makes it possible to locate your session in the logs available to the " -"system administrator:" +"makes it possible to locate your session in the logs available to the system " +"administrator:" msgid "XML metadata" msgstr "XML metadata" @@ -598,11 +594,11 @@ msgid "Telephone number" msgstr "Telephone number" msgid "" -"Unable to log out of one or more services. To ensure that all your " -"sessions are closed, you are encouraged to close your webbrowser." +"Unable to log out of one or more services. To ensure that all your sessions " +"are closed, you are encouraged to close your webbrowser." msgstr "" -"Unable to log out of one or more services. To ensure that all your " -"sessions are closed, you are encouraged to close your webbrowser." +"Unable to log out of one or more services. To ensure that all your sessions " +"are closed, you are encouraged to close your webbrowser." msgid "Bad request to discovery service" msgstr "Bad request to discovery service" @@ -620,11 +616,11 @@ msgid "Shib 1.3 SP Metadata" msgstr "Shib 1.3 SP Metadata" msgid "" -"As you are in debug mode, you get to see the content of the message you " -"are sending:" +"As you are in debug mode, you get to see the content of the message you are " +"sending:" msgstr "" -"As you are in debug mode, you get to see the content of the message you " -"are sending:" +"As you are in debug mode, you get to see the content of the message you are " +"sending:" msgid "Certificates" msgstr "Certificates" @@ -635,8 +631,10 @@ msgstr "Remember" msgid "Distinguished name (DN) of person's home organization" msgstr "Distinguished name (DN) of person's home organization" -msgid "You are about to send a message. Hit the submit message link to continue." -msgstr "You are about to send a message. Hit the submit message link to continue." +msgid "" +"You are about to send a message. Hit the submit message link to continue." +msgstr "" +"You are about to send a message. Hit the submit message link to continue." msgid "Organizational unit" msgstr "Organizational unit" @@ -676,11 +674,11 @@ msgid "Completed" msgstr "Completed" msgid "" -"The Identity Provider responded with an error. (The status code in the " -"SAML Response was not success)" +"The Identity Provider responded with an error. (The status code in the SAML " +"Response was not success)" msgstr "" -"The Identity Provider responded with an error. (The status code in the " -"SAML Response was not success)" +"The Identity Provider responded with an error. (The status code in the SAML " +"Response was not success)" msgid "Error loading metadata" msgstr "Error loading metadata" @@ -704,35 +702,35 @@ msgid "Help! I don't remember my password." msgstr "Help! I don't remember my password." msgid "" -"You can turn off debug mode in the global SimpleSAMLphp configuration " -"file config/config.php." +"You can turn off debug mode in the global SimpleSAMLphp configuration file " +"config/config.php." msgstr "" -"You can turn off debug mode in the global SimpleSAMLphp configuration " -"file config/config.php." +"You can turn off debug mode in the global SimpleSAMLphp configuration file " +"config/config.php." msgid "How to get help" msgstr "How to get help" msgid "" -"You accessed the SingleLogoutService interface, but did not provide a " -"SAML LogoutRequest or LogoutResponse. Please note that this endpoint is " -"not intended to be accessed directly." +"You accessed the SingleLogoutService interface, but did not provide a SAML " +"LogoutRequest or LogoutResponse. Please note that this endpoint is not " +"intended to be accessed directly." msgstr "" -"You accessed the SingleLogoutService interface, but did not provide a " -"SAML LogoutRequest or LogoutResponse. Please note that this endpoint is " -"not intended to be accessed directly." +"You accessed the SingleLogoutService interface, but did not provide a SAML " +"LogoutRequest or LogoutResponse. Please note that this endpoint is not " +"intended to be accessed directly." msgid "SimpleSAMLphp error" msgstr "SimpleSAMLphp error" msgid "" -"One or more of the services you are logged into do not support " -"logout. To ensure that all your sessions are closed, you are " -"encouraged to close your webbrowser." +"One or more of the services you are logged into do not support logout. To ensure that all your sessions are closed, you are encouraged to " +"close your webbrowser." msgstr "" -"One or more of the services you are logged into do not support " -"logout. To ensure that all your sessions are closed, you are " -"encouraged to close your webbrowser." +"One or more of the services you are logged into do not support logout. To ensure that all your sessions are closed, you are encouraged to " +"close your webbrowser." msgid "or select a file:" msgstr "or select a file:" @@ -753,26 +751,28 @@ msgid "Authentication failed: your browser did not send any certificate" msgstr "Authentication failed: your browser did not send any certificate" msgid "" -"This endpoint is not enabled. Check the enable options in your " -"configuration of SimpleSAMLphp." +"This endpoint is not enabled. Check the enable options in your configuration " +"of SimpleSAMLphp." msgstr "" -"This endpoint is not enabled. Check the enable options in your " -"configuration of SimpleSAMLphp." +"This endpoint is not enabled. Check the enable options in your configuration " +"of SimpleSAMLphp." -msgid "You can get the metadata xml on a dedicated URL:" -msgstr "You can get the metadata xml on a dedicated URL:" +msgid "" +"You can get the metadata xml on a dedicated URL:" +msgstr "" +"You can get the metadata xml on a dedicated URL:" msgid "Street" msgstr "Street" msgid "" -"There is some misconfiguration of your SimpleSAMLphp installation. If you" -" are the administrator of this service, you should make sure your " -"metadata configuration is correctly setup." +"There is some misconfiguration of your SimpleSAMLphp installation. If you " +"are the administrator of this service, you should make sure your metadata " +"configuration is correctly setup." msgstr "" -"There is some misconfiguration of your SimpleSAMLphp installation. If you" -" are the administrator of this service, you should make sure your " -"metadata configuration is correctly setup." +"There is some misconfiguration of your SimpleSAMLphp installation. If you " +"are the administrator of this service, you should make sure your metadata " +"configuration is correctly setup." msgid "Incorrect username or password" msgstr "Incorrect username or password" @@ -803,11 +803,11 @@ msgid "You have previously chosen to authenticate at" msgstr "You have previously chosen to authenticate at" msgid "" -"You sent something to the login page, but for some reason the password " -"was not sent. Try again please." +"You sent something to the login page, but for some reason the password was " +"not sent. Try again please." msgstr "" -"You sent something to the login page, but for some reason the password " -"was not sent. Try again please." +"You sent something to the login page, but for some reason the password was " +"not sent. Try again please." msgid "Fax number" msgstr "Fax number" @@ -825,13 +825,13 @@ msgid "Parse" msgstr "Parse" msgid "" -"Without your username and password you cannot authenticate " -"yourself for access to the service. There may be someone that can help " -"you. Consult the help desk at your organization!" +"Without your username and password you cannot authenticate yourself for " +"access to the service. There may be someone that can help you. Consult the " +"help desk at your organization!" msgstr "" -"Without your username and password you cannot authenticate " -"yourself for access to the service. There may be someone that can help " -"you. Consult the help desk at your organization!" +"Without your username and password you cannot authenticate yourself for " +"access to the service. There may be someone that can help you. Consult the " +"help desk at your organization!" msgid "ADFS Service Provider (Remote)" msgstr "ADFS Service Provider (Remote)" @@ -870,31 +870,28 @@ msgid "We did not accept the response sent from the Identity Provider." msgstr "We did not accept the response sent from the Identity Provider." msgid "" -"You accessed the Artifact Resolution Service interface, but did not " -"provide a SAML ArtifactResolve message. Please note that this endpoint is" -" not intended to be accessed directly." +"You accessed the Artifact Resolution Service interface, but did not provide " +"a SAML ArtifactResolve message. Please note that this endpoint is not " +"intended to be accessed directly." msgstr "" -"You accessed the Artifact Resolution Service interface, but did not " -"provide a SAML ArtifactResolve message. Please note that this endpoint is" -" not intended to be accessed directly." +"You accessed the Artifact Resolution Service interface, but did not provide " +"a SAML ArtifactResolve message. Please note that this endpoint is not " +"intended to be accessed directly." -msgid "The given page was not found. The reason was: %REASON% The URL was: %URL%" -msgstr "The given page was not found. The reason was: %REASON% The URL was: %URL%" +msgid "" +"The given page was not found. The reason was: %REASON% The URL was: %URL%" +msgstr "" +"The given page was not found. The reason was: %REASON% The URL was: %URL%" msgid "Shib 1.3 Identity Provider (Remote)" msgstr "Shib 1.3 Identity Provider (Remote)" msgid "" -"Here is the metadata that SimpleSAMLphp has generated for you. You may " -"send this metadata document to trusted partners to setup a trusted " -"federation." +"Here is the metadata that SimpleSAMLphp has generated for you. You may send " +"this metadata document to trusted partners to setup a trusted federation." msgstr "" -"Here is the metadata that SimpleSAMLphp has generated for you. You may " -"send this metadata document to trusted partners to setup a trusted " -"federation." - -msgid "[Preferred choice]" -msgstr "[Preferred choice]" +"Here is the metadata that SimpleSAMLphp has generated for you. You may send " +"this metadata document to trusted partners to setup a trusted federation." msgid "Organizational homepage" msgstr "Organizational homepage" @@ -903,21 +900,59 @@ msgid "Processing..." msgstr "Processing..." msgid "" -"You accessed the Assertion Consumer Service interface, but did not " -"provide a SAML Authentication Response. Please note that this endpoint is" -" not intended to be accessed directly." +"You accessed the Assertion Consumer Service interface, but did not provide a " +"SAML Authentication Response. Please note that this endpoint is not intended " +"to be accessed directly." msgstr "" -"You accessed the Assertion Consumer Service interface, but did not " -"provide a SAML Authentication Response. Please note that this endpoint is" -" not intended to be accessed directly." +"You accessed the Assertion Consumer Service interface, but did not provide a " +"SAML Authentication Response. Please note that this endpoint is not intended " +"to be accessed directly." msgid "" -"You are now accessing a pre-production system. This authentication setup " -"is for testing and pre-production verification only. If someone sent you " -"a link that pointed you here, and you are not a tester you " -"probably got the wrong link, and should not be here." +"You are now accessing a pre-production system. This authentication setup is " +"for testing and pre-production verification only. If someone sent you a link " +"that pointed you here, and you are not a tester you probably got the " +"wrong link, and should not be here." +msgstr "" +"You are now accessing a pre-production system. This authentication setup is " +"for testing and pre-production verification only. If someone sent you a link " +"that pointed you here, and you are not a tester you probably got the " +"wrong link, and should not be here." + +msgid "Logo" +msgstr "" + +msgid "Language" +msgstr "" + +msgid "Authentication status" +msgstr "" + +msgid "Debug information to be used by your support staff" +msgstr "" + +msgid "Tracking number" +msgstr "" + +msgid "Copy to clipboard" +msgstr "" + +msgid "Information about your current session" +msgstr "" + +msgid "Warning" +msgstr "" + +msgid "" +"Since your browser does not support Javascript, you must press the button " +"below to proceed." +msgstr "" + +msgid "{errors:debuginfo_header}" +msgstr "" + +msgid "{errors:debuginfo_text}" +msgstr "" + +msgid "No identity providers found. Cannot continue." msgstr "" -"You are now accessing a pre-production system. This authentication setup " -"is for testing and pre-production verification only. If someone sent you " -"a link that pointed you here, and you are not a tester you " -"probably got the wrong link, and should not be here." diff --git a/modules/admin/locales/en/LC_MESSAGES/admin.po b/modules/admin/locales/en/LC_MESSAGES/admin.po index d46fc7409f..0723e7037d 100644 --- a/modules/admin/locales/en/LC_MESSAGES/admin.po +++ b/modules/admin/locales/en/LC_MESSAGES/admin.po @@ -315,3 +315,27 @@ msgstr "" msgid "ADFS IdP metadata" msgstr "" + +msgid "Modules" +msgstr "" + +msgid "You have the following modules installed" +msgstr "" + +msgid "disabled" +msgstr "" + +msgid "means the module is not enabled" +msgstr "" + +msgid "enabled" +msgstr "" + +msgid "Details" +msgstr "" + +msgid "Your PHP installation" +msgstr "" + +msgid "PHP intl extension" +msgstr "" diff --git a/modules/core/locales/en/LC_MESSAGES/core.po b/modules/core/locales/en/LC_MESSAGES/core.po index 8351486e2b..16cc8b7b0f 100644 --- a/modules/core/locales/en/LC_MESSAGES/core.po +++ b/modules/core/locales/en/LC_MESSAGES/core.po @@ -17,14 +17,18 @@ msgstr "" msgid "Go back to the previous page and try again." msgstr "Go back to the previous page and try again." -msgid "If this problem persists, you can report it to the system administrators." -msgstr "If this problem persists, you can report it to the system administrators." +msgid "" +"If this problem persists, you can report it to the system administrators." +msgstr "" +"If this problem persists, you can report it to the system administrators." msgid "Welcome" msgstr "Welcome" -msgid "Hosted Shibboleth 1.3 Service Provider Metadata (automatically generated)" -msgstr "Hosted Shibboleth 1.3 Service Provider Metadata (automatically generated)" +msgid "" +"Hosted Shibboleth 1.3 Service Provider Metadata (automatically generated)" +msgstr "" +"Hosted Shibboleth 1.3 Service Provider Metadata (automatically generated)" msgid "Retry login" msgstr "Retry login" @@ -33,24 +37,27 @@ msgid "Close the web browser, and try again." msgstr "Close the web browser, and try again." msgid "We were unable to locate the state information for the current request." -msgstr "We were unable to locate the state information for the current request." +msgstr "" +"We were unable to locate the state information for the current request." msgid "" -"This is most likely a configuration problem on either the service " -"provider or identity provider." +"This is most likely a configuration problem on either the service provider " +"or identity provider." msgstr "" -"This is most likely a configuration problem on either the service " -"provider or identity provider." +"This is most likely a configuration problem on either the service provider " +"or identity provider." msgid "Using the back and forward buttons in the web browser." msgstr "Using the back and forward buttons in the web browser." msgid "" -"You are running an outdated version of SimpleSAMLphp. Please update to the latest version as soon as possible." +"You are running an outdated version of SimpleSAMLphp. Please update to the latest version as soon " +"as possible." msgstr "" -"You are running an outdated version of SimpleSAMLphp. Please update to the latest version as soon as possible." +"You are running an outdated version of SimpleSAMLphp. Please update to the latest version as soon " +"as possible." msgid "Missing cookie" msgstr "Missing cookie" @@ -75,11 +82,11 @@ msgid "Retry" msgstr "Retry" msgid "" -"If you are an user who received this error after following a link on a " -"site, you should report this error to the owner of that site." +"If you are an user who received this error after following a link on a site, " +"you should report this error to the owner of that site." msgstr "" -"If you are an user who received this error after following a link on a " -"site, you should report this error to the owner of that site." +"If you are an user who received this error after following a link on a site, " +"you should report this error to the owner of that site." msgid "Suggestions for resolving this problem:" msgstr "Suggestions for resolving this problem:" @@ -92,28 +99,147 @@ msgstr "State information lost" msgid "" "We have detected that there is only a few seconds since you last " -"authenticated with this service provider, and therefore assume that there" -" is a problem with this SP." +"authenticated with this service provider, and therefore assume that there is " +"a problem with this SP." msgstr "" "We have detected that there is only a few seconds since you last " -"authenticated with this service provider, and therefore assume that there" -" is a problem with this SP." +"authenticated with this service provider, and therefore assume that there is " +"a problem with this SP." msgid "" -"If you are a developer who is deploying a single sign-on solution, you " -"have a problem with the metadata configuration. Verify that metadata is " +"If you are a developer who is deploying a single sign-on solution, you have " +"a problem with the metadata configuration. Verify that metadata is " "configured correctly on both the identity provider and service provider." msgstr "" -"If you are a developer who is deploying a single sign-on solution, you " -"have a problem with the metadata configuration. Verify that metadata is " +"If you are a developer who is deploying a single sign-on solution, you have " +"a problem with the metadata configuration. Verify that metadata is " "configured correctly on both the identity provider and service provider." msgid "Too short interval between single sign on events." msgstr "Too short interval between single sign on events." -msgid "Hosted Shibboleth 1.3 Identity Provider Metadata (automatically generated)" -msgstr "Hosted Shibboleth 1.3 Identity Provider Metadata (automatically generated)" +msgid "" +"Hosted Shibboleth 1.3 Identity Provider Metadata (automatically generated)" +msgstr "" +"Hosted Shibboleth 1.3 Identity Provider Metadata (automatically generated)" msgid "Report this error" msgstr "Report this error" +msgid "Incorrect Attributes" +msgstr "" + +msgid "" +"One or more of the attributes supplied by your identity provider did not " +"contain the expected number of values." +msgstr "" + +msgid "The problematic attribute(s) are:" +msgstr "" + +msgid "got %got% values, want %want%" +msgstr "" + +msgid "Logout" +msgstr "" + +msgid "Error report sent" +msgstr "" + +msgid "The error report has been sent to the administrators." +msgstr "" + +msgid "Enter your username and password" +msgstr "" + +msgid "" +"You are now accessing a pre-production system. This authentication setup is " +"for testing and pre-production verification only. If someone sent you a link " +"that pointed you here, and you are not a tester you probably got the " +"wrong link, and should not be here." +msgstr "" + +msgid "" +"A service has requested you to authenticate yourself. Please enter your " +"username and password in the form below." +msgstr "" + +msgid "Username" +msgstr "" + +msgid "Remember my username" +msgstr "" + +msgid "Password" +msgstr "" + +msgid "Remember me" +msgstr "" + +msgid "Organization" +msgstr "" + +msgid "Remember my organization" +msgstr "" + +msgid "Processing..." +msgstr "" + +msgid "Login" +msgstr "" + +msgid "Help! I don't remember my password." +msgstr "" + +msgid "" +"Without your username and password you cannot authenticate yourself for " +"access to the service. There may be someone that can help you. Consult the " +"help desk at your organization!" +msgstr "" + +msgid "Logging out..." +msgstr "" + +msgid "You are now successfully logged out from %SP%." +msgstr "" + +msgid "You are also logged in on these services:" +msgstr "" + +msgid "logout is not supported" +msgstr "" + +msgid "" +"Unable to log out of one or more services. To ensure that all your sessions " +"are closed, you are encouraged to close your webbrowser." +msgstr "" + +msgid "Continue" +msgstr "" + +msgid "Do you want to logout from all the services above?" +msgstr "" + +msgid "Yes, all services" +msgstr "" + +msgid "No, only %SP%" +msgstr "" + +msgid "No" +msgstr "" + +msgid "Check that the link you used to access the web site is correct." +msgstr "" + +msgid "The link used to get here was bad, perhaps a bookmark." +msgstr "" + +msgid "SimpleSAMLphp" +msgstr "" + +msgid "" +"If you report this error, please also report this tracking number which " +"makes it possible to locate your session in the logs available to the system " +"administrator:" +msgstr "" diff --git a/modules/cron/locales/en/LC_MESSAGES/cron.po b/modules/cron/locales/en/LC_MESSAGES/cron.po index 7dba80ff98..c62083a814 100644 --- a/modules/cron/locales/en/LC_MESSAGES/cron.po +++ b/modules/cron/locales/en/LC_MESSAGES/cron.po @@ -1,4 +1,3 @@ - #, fuzzy msgid "" msgstr "" diff --git a/modules/multiauth/locales/en/LC_MESSAGES/multiauth.po b/modules/multiauth/locales/en/LC_MESSAGES/multiauth.po index bf0c192724..d6fee27fd8 100644 --- a/modules/multiauth/locales/en/LC_MESSAGES/multiauth.po +++ b/modules/multiauth/locales/en/LC_MESSAGES/multiauth.po @@ -1,4 +1,3 @@ - #, fuzzy msgid "" msgstr "" @@ -19,9 +18,13 @@ msgid "Select an authentication source" msgstr "Select an authentication source" msgid "" -"The selected authentication source will be used to authenticate you and " -"to create a valid session." +"The selected authentication source will be used to authenticate you and to " +"create a valid session." msgstr "" -"The selected authentication source will be used to authenticate you and " -"to create a valid session." +"The selected authentication source will be used to authenticate you and to " +"create a valid session." +msgid "" +"The selected authentication source will be used to authenticate you and and " +"to create a valid session." +msgstr "" diff --git a/modules/saml/locales/en/LC_MESSAGES/saml.po b/modules/saml/locales/en/LC_MESSAGES/saml.po index 789141e6a1..2446633680 100644 --- a/modules/saml/locales/en/LC_MESSAGES/saml.po +++ b/modules/saml/locales/en/LC_MESSAGES/saml.po @@ -1,4 +1,3 @@ - #, fuzzy msgid "" msgstr "" @@ -16,26 +15,32 @@ msgstr "" "Generated-By: Babel 2.3.4\n" msgid "" -"Your authentication context is not accepted at this service. Probably too" -" weak or not two-factor." +"Your authentication context is not accepted at this service. Probably too " +"weak or not two-factor." msgstr "" -"Your authentication context is not accepted at this service. Probably too" -" weak or not two-factor." +"Your authentication context is not accepted at this service. Probably too " +"weak or not two-factor." msgid "Invalid Identity Provider" msgstr "Invalid Identity Provider" msgid "" -"You already have a valid session with an identity provider " -"(%IDP%) that is not accepted by %SP%. Would you like to" -" log out from your existing session and log in again with another " -"identity provider?" +"You already have a valid session with an identity provider (%IDP%) " +"that is not accepted by %SP%. Would you like to log out from your " +"existing session and log in again with another identity provider?" msgstr "" -"You already have a valid session with an identity provider " -"(%IDP%) that is not accepted by %SP%. Would you like to" -" log out from your existing session and log in again with another " -"identity provider?" +"You already have a valid session with an identity provider (%IDP%) " +"that is not accepted by %SP%. Would you like to log out from your " +"existing session and log in again with another identity provider?" msgid "Wrong authentication context" msgstr "Wrong authentication context" +msgid "SimpleSAMLphp" +msgstr "" + +msgid "Yes, continue" +msgstr "" + +msgid "No, cancel" +msgstr "" From e756c0271b3b670754ddc9339bb0597d783ddacb Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Mon, 11 Jul 2022 11:03:32 +0200 Subject: [PATCH 0011/1127] Fix typo --- tests/src/SimpleSAML/LoggerTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/SimpleSAML/LoggerTest.php b/tests/src/SimpleSAML/LoggerTest.php index b0c6557a9f..7d3b72a5c0 100644 --- a/tests/src/SimpleSAML/LoggerTest.php +++ b/tests/src/SimpleSAML/LoggerTest.php @@ -29,7 +29,7 @@ protected function setLoggingHandler(string $handler): void 'logging.level' => Logger::DEBUG ]; - // testing static methodss is slightly painful + // testing static methods is slightly painful Configuration::loadFromArray($config, '[ARRAY]', 'simplesaml'); Logger::setLoggingHandler(null); } From 6ecef8709e97d95bdc28824b5a5f8a33efebfcbe Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Mon, 4 Jul 2022 21:47:27 +0200 Subject: [PATCH 0012/1127] Add job to trigger docs build --- .github/workflows/documentation.yml | 70 +++++++++++++++++++++++++++++ .github/workflows/php.yml | 8 ++-- .markdownlintignore | 1 + 3 files changed, 75 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/documentation.yml create mode 100644 .markdownlintignore diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml new file mode 100644 index 0000000000..287796fb42 --- /dev/null +++ b/.github/workflows/documentation.yml @@ -0,0 +1,70 @@ +name: Documentation + +on: + push: + branches: [ master, release-* ] + paths: + - '**.md' + pull_request: + branches: [ master, release-* ] + paths: + - '**.md' + +jobs: + quality: + name: Quality checks + runs-on: [ubuntu-latest] + + steps: + - name: Setup PHP, with composer and extensions + uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php + with: + php-version: '8.0' + tools: composer:v2 + extensions: intl, mbstring, xml + + - name: Setup problem matchers for PHP + run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" + + - uses: actions/checkout@v3 + + - name: Get composer cache directory + id: composer-cache + run: echo "::set-output name=dir::$(composer config cache-files-dir)" + + - name: Cache composer dependencies + uses: actions/cache@v3 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + restore-keys: ${{ runner.os }}-composer- + + - name: Install Composer dependencies + run: composer install --no-progress --prefer-dist --optimize-autoloader + + - name: Lint markdown files + uses: nosborn/github-action-markdown-cli@v3.1.0 + with: + files: . + ignore_path: .markdownlintignore + + build: + name: Build documentation + needs: quality + runs-on: [ubuntu-latest] + + steps: + - name: Run docs build if any of markdown-files have changed + if: steps.changed-files-specific.outputs.any_changed == 'true' && github.event_name != 'pull_request' + uses: actions/github-script@v6 + with: + # Token has to be generated on a user account that controls the docs-repository. + # The _only_ scope to select is "Access public repositories", nothing more. + github-token: ${{ secrets.PAT_TOKEN }} + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: 'simplesamlphp', + repo: 'docs', + workflow_id: 'mk_docs.yml', + ref: 'main' + }) diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index ba59d41e96..a85f4aa085 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -37,7 +37,7 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Get composer cache directory id: composer-cache @@ -91,7 +91,7 @@ jobs: - name: Setup problem matchers for PHP run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Get composer cache directory id: composer-cache @@ -132,7 +132,7 @@ jobs: - name: Setup problem matchers for PHP run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Get composer cache directory id: composer-cache @@ -170,7 +170,7 @@ jobs: - name: Setup problem matchers for PHP run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Get composer cache directory id: composer-cache diff --git a/.markdownlintignore b/.markdownlintignore new file mode 100644 index 0000000000..140fada73f --- /dev/null +++ b/.markdownlintignore @@ -0,0 +1 @@ +vendor/* From 1f6ac1ebc5bf4ff8756766f0ec9575ce6acd7dc6 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Thu, 7 Jul 2022 10:54:54 +0200 Subject: [PATCH 0013/1127] Perform spell checking --- .github/workflows/documentation.yml | 31 +++++++---------------------- 1 file changed, 7 insertions(+), 24 deletions(-) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 287796fb42..298642bfe9 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -16,38 +16,21 @@ jobs: runs-on: [ubuntu-latest] steps: - - name: Setup PHP, with composer and extensions - uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php - with: - php-version: '8.0' - tools: composer:v2 - extensions: intl, mbstring, xml - - - name: Setup problem matchers for PHP - run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - - uses: actions/checkout@v3 - - name: Get composer cache directory - id: composer-cache - run: echo "::set-output name=dir::$(composer config cache-files-dir)" - - - name: Cache composer dependencies - uses: actions/cache@v3 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: ${{ runner.os }}-composer- - - - name: Install Composer dependencies - run: composer install --no-progress --prefer-dist --optimize-autoloader - - name: Lint markdown files uses: nosborn/github-action-markdown-cli@v3.1.0 with: files: . ignore_path: .markdownlintignore + - name: Perform spell check + uses: codespell-project/actions-codespell@master + with: + path: '**/*.md' + check_filenames: true + ignore_words_list: tekst + build: name: Build documentation needs: quality From 62bd330bdbc31057e4ae8541a8449596865697f8 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Thu, 7 Jul 2022 11:27:07 +0200 Subject: [PATCH 0014/1127] Fix markdown --- CONTRIBUTING.md | 36 +- README.md | 5 +- docs/index.md | 13 +- docs/simplesamlphp-advancedfeatures.md | 159 +- docs/simplesamlphp-artifact-idp.md | 82 +- docs/simplesamlphp-authproc.md | 136 +- docs/simplesamlphp-authsource.md | 83 +- docs/simplesamlphp-changelog.md | 3157 +++++++++-------- docs/simplesamlphp-customauth.md | 421 ++- docs/simplesamlphp-database.md | 108 +- docs/simplesamlphp-ecp-idp.md | 85 +- docs/simplesamlphp-errorhandling.md | 133 +- docs/simplesamlphp-googleapps.md | 159 +- docs/simplesamlphp-hok-idp.md | 91 +- docs/simplesamlphp-idp-more.md | 16 +- docs/simplesamlphp-idp.md | 201 +- docs/simplesamlphp-install-repo.md | 48 +- docs/simplesamlphp-install.md | 412 +-- docs/simplesamlphp-maintenance.md | 164 +- docs/simplesamlphp-metadata-endpoints.md | 11 +- ...esamlphp-metadata-extensions-attributes.md | 69 +- docs/simplesamlphp-metadata-extensions-rpi.md | 17 +- docs/simplesamlphp-metadata-extensions-ui.md | 2 - ...implesamlphp-metadata-pdostoragehandler.md | 33 +- docs/simplesamlphp-modules.md | 132 +- docs/simplesamlphp-nostate.md | 20 +- docs/simplesamlphp-reference-idp-hosted.md | 253 +- docs/simplesamlphp-reference-idp-remote.md | 99 +- docs/simplesamlphp-reference-sp-remote.md | 71 +- docs/simplesamlphp-scoping.md | 53 +- docs/simplesamlphp-sp-api.md | 106 +- docs/simplesamlphp-sp.md | 33 +- docs/simplesamlphp-theming.md | 78 +- docs/simplesamlphp-upgrade-notes-1.10.md | 5 +- docs/simplesamlphp-upgrade-notes-1.11.md | 8 +- docs/simplesamlphp-upgrade-notes-1.12.md | 5 +- docs/simplesamlphp-upgrade-notes-1.13.md | 9 +- docs/simplesamlphp-upgrade-notes-1.14.md | 5 +- docs/simplesamlphp-upgrade-notes-1.15.md | 3 +- docs/simplesamlphp-upgrade-notes-1.16.md | 8 +- docs/simplesamlphp-upgrade-notes-1.17.md | 33 +- docs/simplesamlphp-upgrade-notes-1.18.md | 23 +- docs/simplesamlphp-upgrade-notes-1.19.md | 3 +- docs/simplesamlphp-upgrade-notes-1.5.md | 30 +- docs/simplesamlphp-upgrade-notes-1.6.md | 31 +- docs/simplesamlphp-upgrade-notes-1.7.md | 21 +- docs/simplesamlphp-upgrade-notes-1.8.md | 14 +- docs/simplesamlphp-upgrade-notes-1.9.md | 19 +- docs/simplesamlphp-upgrade-notes-2.0.md | 79 +- docs/simplesamlphp-upgrade-notes.md | 5 +- modules/core/docs/authproc_attributeadd.md | 1 - modules/core/docs/authproc_attributealter.md | 16 +- modules/core/docs/authproc_attributecopy.md | 1 - modules/core/docs/authproc_attributelimit.md | 5 +- .../core/docs/authproc_attributevaluemap.md | 18 +- .../core/docs/authproc_cardinalitysingle.md | 2 +- modules/core/docs/authproc_generategroups.md | 2 - modules/core/docs/authproc_languageadaptor.md | 1 - modules/core/docs/authproc_php.md | 5 +- modules/core/docs/authproc_scopeattribute.md | 7 +- .../core/docs/authproc_scopefromattribute.md | 3 - .../docs/authproc_statisticswithattribute.md | 2 - modules/core/docs/authproc_targetedid.md | 1 - .../docs/authproc_warnshortssointerval.md | 2 - modules/cron/docs/cron.md | 67 +- modules/multiauth/docs/multiauth.md | 19 +- modules/saml/docs/filterscopes.md | 10 +- modules/saml/docs/keyrollover.md | 29 +- modules/saml/docs/nameid.md | 41 +- modules/saml/docs/nameidattribute.md | 4 +- modules/saml/docs/sp.md | 70 +- tests/modules/unittest/README.md | 2 + 72 files changed, 3510 insertions(+), 3585 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 25dc2a9854..c8e96d5d81 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,4 +1,5 @@ # Contribution guidelines + **SimpleSAMLphp welcomes all contributions**. It is impossible to make a product like this without the efforts of many people, so please don't be shy and share your help with us. Even the tiniest contribution can make a difference! These guidelines briefly explain how to contribute to SimpleSAMLphp effectively and consistently, making sure to keep high quality standards and making it easier for you to contribute. @@ -6,6 +7,7 @@ These guidelines briefly explain how to contribute to SimpleSAMLphp effectively [TOC] ## Team members + Currently, the core team members are: * Jaime Pérez Crespo, *maintainer and main developer*, UNINETT @@ -22,6 +24,7 @@ We have been lucky enough to have so many people help us through the years. Simp ***Big thanks to you all!*** ## First things first + Before embarking yourself in a contribution, please make sure you are familiar with the way SimpleSAMLphp is written, the way it works, and what is required or not. * Make sure to read [the documentation](https://simplesamlphp.org/docs/stable/). If you use the search engine in the website, please verify that you are reading the latest stable version. If you want to make a change, check [the development branch of the documentation](https://simplesamlphp.org/docs/development/). @@ -30,26 +33,29 @@ Before embarking yourself in a contribution, please make sure you are familiar w * If you think you have discovered a bug, please check the [issue tracker](https://github.com/simplesamlphp/simplesamlphp/issues) and the [pull requests](https://github.com/simplesamlphp/simplesamlphp/pulls) to verify it hasn't been reported already. ## Contributing code + New features are always welcome, provided they will be useful to someone apart from yourself. Please take a look at the [list of issues](https://github.com/simplesamlphp/simplesamlphp/issues) to see what people are asking for. Our [roadmap](https://simplesamlphp.org/releaseplan) might also be a good place to start if you do not know exactly how you can contribute. When submitting a pull request, please make sure to account for: ### Coding standards + * Respect the coding standards. We try to comply with PHP's [PSR-12](http://www.php-fig.org/psr/psr-12/). Pay special attention to the rules below: - * Lines should not be longer than 80 characters. - * Use **4 spaces** instead of tabs. - * Keep the keywords in **lowercase**, including `true`, `false` and `null`. - * Make sure your classes work with *autoloading*. - * Never include a trailing `?>` in your files. - * The first line of every file must be `` in your files. + * The first line of every file must be ` 'default-sp', +```php +'auth' => 'default-sp', +``` In `config/authsources.php`: - 'default-sp' => [ - 'saml:SP', - ], - +```php +'default-sp' => [ + 'saml:SP', +], +``` - -Attribute control ------------------ +## Attribute control Filtering, mapping, etc can be performed by using existing or create new *Authentication Processing Filters*. For more information, read: - * [Authentication Processing Filters in SimpleSAMLphp](simplesamlphp-authproc) - +- [Authentication Processing Filters in SimpleSAMLphp](simplesamlphp-authproc) - -Automatic update of SAML 2.0 Metadata XML from HTTPS ----------------------------------------------------- +## Automatic update of SAML 2.0 Metadata XML from HTTPS The `metarefresh` module is the preferred method for doing this. Please see the [metarefresh documentation](/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata). - - -Using simpleSAMLphp on a web server requiring the use of a web proxy --------------------------------------------------------------------- +## Using simpleSAMLphp on a web server requiring the use of a web proxy Some modules in simpleSAMLphp may require fetching HTTP/HTTPS content from external websites (e.g. the metarefresh module needs to fetch the metadata from an external source). @@ -65,19 +55,13 @@ simpleSAMLphp can be configured to send HTTP/S requests via such a proxy. The pr The default is not to use a proxy ('proxy' = null) and no username and password are used ('proxy.auth' = false). - - -Auth MemCookie --------------- +## Auth MemCookie [Auth MemCookie](http://authmemcookie.sourceforge.net/) support is deprecated in the standard code base of SimpleSAMLphp and will no longer be available starting in SimpleSAMLphp 2.0. Please use the new [memcookie module](https://github.com/simplesamlphp/simplesamlphp-module-memcookie) instead. - - -Metadata signing ----------------- +## Metadata signing SimpleSAMLphp supports signing of the metadata it generates. Metadata signing is configured by four options: @@ -86,73 +70,76 @@ SimpleSAMLphp supports signing of the metadata it generates. Metadata signing is - `metadata.sign.privatekey_pass`: Passphrase which should be used to open the private key. This parameter is optional, and should be left out if the private key is unencrypted. - `metadata.sign.certificate`: Location of certificate data which matches the private key. - `metadata.sign.algorithm`: The algorithm to use when signing metadata for this entity. Defaults to RSA-SHA256. Possible values: - - * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` - *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. - * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` - The default. - * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` - * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` + - `http://www.w3.org/2000/09/xmldsig#rsa-sha1` + *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. + - `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` + The default. + - `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` + - `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` These options can be configured globally in the `config/config.php`-file, or per SP/IdP by adding them to the hosted metadata for the SP/IdP. The configuration in the metadata for the SP/IdP takes precedence over the global configuration. There is also an additional fallback for the private key and the certificate. If `metadata.sign.privatekey` and `metadata.sign.certificate` isn't configured, SimpleSAMLphp will use the `privatekey`, `privatekey_pass` and `certificate` options in the metadata for the SP/IdP. - - - -Session checking function -------------------------- +## Session checking function Optional session checking function, called on session init and loading, defined with 'session.check_function' in config.php. Example code for the function with GeoIP country check: +```php +public static function checkSession($session, $init = false) +{ + $data_type = 'example:check_session'; + $data_key = 'remote_addr'; - public static function checkSession($session, $init = FALSE) { - $data_type = 'example:check_session'; - $data_key = 'remote_addr'; - - $remote_addr = NULL; - if (!empty($_SERVER['REMOTE_ADDR'])) { - $remote_addr = (string)$_SERVER['REMOTE_ADDR']; - } - - if ($init) { - $session->setData($data_type, $data_key, $remote_addr, \SimpleSAML\Session::DATA_TIMEOUT_SESSION_END); - return; - } - - if (!function_exists('geoip_country_code_by_name')) { - SimpleSAML\Logger::warning('geoip php module required.'); - return TRUE; - } + $remote_addr = null; + if (!empty($_SERVER['REMOTE_ADDR'])) { + $remote_addr = (string)$_SERVER['REMOTE_ADDR']; + } - $stored_remote_addr = $session->getData($data_type, $data_key); - if ($stored_remote_addr === NULL) { - SimpleSAML\Logger::warning('Stored data not found.'); - return FALSE; - } + if ($init) { + $session->setData( + $data_type, + $data_key, + $remote_addr, + \SimpleSAML\Session::DATA_TIMEOUT_SESSION_END + ); + return; + } - $country_a = geoip_country_code_by_name($remote_addr); - $country_b = geoip_country_code_by_name($stored_remote_addr); + if (!function_exists('geoip_country_code_by_name')) { + \SimpleSAML\Logger::warning('geoip php module required.'); + return true; + } - if ($country_a === $country_b) { - if ($stored_remote_addr !== $remote_addr) { - $session->setData($data_type, $data_key, $remote_addr, \SimpleSAML\Session::DATA_TIMEOUT_SESSION_END); - } + $stored_remote_addr = $session->getData($data_type, $data_key); + if ($stored_remote_addr === null) { + \SimpleSAML\Logger::warning('Stored data not found.'); + return false; + } - return TRUE; + $country_a = geoip_country_code_by_name($remote_addr); + $country_b = geoip_country_code_by_name($stored_remote_addr); + + if ($country_a === $country_b) { + if ($stored_remote_addr !== $remote_addr) { + $session->setData( + $data_type, + $data_key, + $remote_addr, + \SimpleSAML\Session::DATA_TIMEOUT_SESSION_END + ); } - return FALSE; + return true; } + return false; +} +``` - - -Support -------- +## Support If you need help to make this work, or want to discuss SimpleSAMLphp with other users of the software, you are fortunate: @@ -161,10 +148,6 @@ you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own. -- [SimpleSAMLphp homepage](https://simplesamlphp.org) -- [List of all available SimpleSAMLphp documentation](https://simplesamlphp.org/docs/) -- [Join the SimpleSAMLphp user's mailing list](https://simplesamlphp.org/lists) - - - - +- [SimpleSAMLphp homepage](https://simplesamlphp.org) +- [List of all available SimpleSAMLphp documentation](https://simplesamlphp.org/docs/) +- [Join the SimpleSAMLphp user's mailing list](https://simplesamlphp.org/lists) diff --git a/docs/simplesamlphp-artifact-idp.md b/docs/simplesamlphp-artifact-idp.md index bb08461ea4..4cf783f033 100644 --- a/docs/simplesamlphp-artifact-idp.md +++ b/docs/simplesamlphp-artifact-idp.md @@ -3,10 +3,9 @@ Adding HTTP-Artifact support to the IdP This document describes the necessary steps to enable support for the HTTP-Artifact binding on a SimpleSAMLphp IdP: -1. Configure SimpleSAMLphp to use memcache to store the session. -2. Enable support for sending artifacts in `saml20-idp-hosted`. -3. Add the webserver certificate to the generated metadata. - +1. Configure SimpleSAMLphp to use memcache to store the session. +2. Enable support for sending artifacts in `saml20-idp-hosted`. +3. Add the webserver certificate to the generated metadata. Memcache -------- @@ -17,30 +16,31 @@ You need both a memcache server and a the PHP memcached client (extension). How this is done depends on the distribution. If you are running Debian or Ubuntu, you can install this by running: - apt install memcached php-memcached +```bash +apt install memcached php-memcached +``` simpleSAMLphp also supports the legacy `php-memcache` (without `d`) variant. *Note*: For security, you must make sure that the memcache server is inaccessible to other hosts. The default configuration on Debian is for the memcache server to be accessible to only the local host. - Once the memcache server is configured, you can configure simplesamlphp to use it to store sessions. You can do this by setting the `store.type` option in `config.php` to `memcache`. If you are running memcache on a different server than the IdP, you must also change the `memcache_store.servers` option in `config.php`. - Enabling artifact on the IdP ---------------------------- To enable the IdP to send artifacts, you must add the `saml20.sendartifact` option to the `saml20-idp-hosted` metadata file: - $metadata['https://example.org/saml-idp'] = [ - [....] - 'auth' => 'example-userpass', - 'saml20.sendartifact' => TRUE, - ]; - +```php +$metadata['https://example.org/saml-idp'] = [ + [....] + 'auth' => 'example-userpass', + 'saml20.sendartifact' => true, +]; +``` Add new metadata to SPs ----------------------- @@ -49,14 +49,15 @@ After enabling the Artifact binding, your IdP metadata will change to add a Arti You therefore need to update the metadata for your IdP at your SPs. `saml20-idp-remote` metadata for SimpleSAMLphp SPs should contain something like: - 'ArtifactResolutionService' => [ - [ - 'index' => 0, - 'Location' => 'https://idp.example.org/simplesaml/saml2/idp/ArtifactResolutionService.php', - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', - ], +```php +'ArtifactResolutionService' => [ + [ + 'index' => 0, + 'Location' => 'https://idp.example.org/simplesaml/saml2/idp/ArtifactResolutionService.php', + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', ], - +], +``` SP metadata on the IdP ---------------------- @@ -65,22 +66,23 @@ An SP using the HTTP-Artifact binding must have an AssertionConsumerService endp This means that you must use the complex endpoint format in `saml20-sp-remote` metadata. In general, that should look something like: - 'AssertionConsumerService' => array ( - [ - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', - 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', - 'index' => 0, - ], - [ - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', - 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', - 'index' => 2, - ], - ), +```php +'AssertionConsumerService' => [ + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', + 'index' => 0, + ], + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', + 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', + 'index' => 2, + ], +], +``` (The specific values of the various fields will vary depending on the SP.) - Certificate in metadata ----------------------- @@ -89,9 +91,11 @@ You may therefore have to add the webserver certificate to the metadata that you To do this, you need to set the `https.certificate` option in the `saml20-idp-hosted` metadata file. That option should refer to a file containing the webserver certificate. - $metadata['https://example.org/saml-idp'] = [ - [....] - 'auth' => 'example-userpass', - 'saml20.sendartifact' => TRUE, - 'https.certificate' => '/etc/apache2/webserver.crt', - ]; +```php +$metadata['https://example.org/saml-idp'] = [ + [....] + 'auth' => 'example-userpass', + 'saml20.sendartifact' => true, + 'https.certificate' => '/etc/apache2/webserver.crt', +]; +``` diff --git a/docs/simplesamlphp-authproc.md b/docs/simplesamlphp-authproc.md index 1b8ea9d6d7..53d6c3d649 100644 --- a/docs/simplesamlphp-authproc.md +++ b/docs/simplesamlphp-authproc.md @@ -1,9 +1,7 @@ -Authentication Processing Filters in SimpleSAMLphp -================================================== +# Authentication Processing Filters in SimpleSAMLphp [TOC] - In SimpleSAMLphp, there is an API where you can *do stuff* at the IdP after authentication is complete, and just before you are sent back to the SP. The same API is available on the SP, after you have received a successful Authentication Response from the IdP and before you are sent back to the SP application. Authentication processing filters postprocess authentication information received from authentication sources. It is possible to use this for additional authentication checks, requesting the user's consent before delivering attributes about the user, modifying the user's attributes, and other things which should be performed before returning the user to the service provider he came from. @@ -24,8 +22,7 @@ Be aware that Authentication Processing Filters do replace some of the previous Later in this document, we will describe in detail the alternative Authentication Processing Filters that will replicate these functionalities. -How to configure Auth Proc Filters ----------------------------------- +## How to configure Auth Proc Filters *Auth Proc Filters* can be set globally, or to be specific for only one SP or one IdP. That means there are five locations where you can configure *Auth Proc Filters*: @@ -37,20 +34,22 @@ How to configure Auth Proc Filters The configuration of *Auth Proc Filters* is a list of filters with priority as *index*. Here is an example of *Auth Proc Filters* configured in `config.php`: - 'authproc.idp' => [ - 10 => [ - 'class' => 'core:AttributeMap', - 'addurnprefix' - ], - 20 => 'core:TargetedID', - 50 => 'core:AttributeLimit', - 90 => [ - 'class' => 'consent:Consent', - 'store' => 'consent:Cookie', - 'focus' => 'yes', - 'checked' => TRUE - ], - ], +```php +'authproc.idp' => [ + 10 => [ + 'class' => 'core:AttributeMap', + 'addurnprefix' + ], + 20 => 'core:TargetedID', + 50 => 'core:AttributeLimit', + 90 => [ + 'class' => 'consent:Consent', + 'store' => 'consent:Cookie', + 'focus' => 'yes', + 'checked' => true + ], +], +``` This configuration will execute *Auth Proc Filters* one by one, with the priority value in increasing order. When *Auth Proc Filters* is configured in multiple places, in example both globally, in the hosted IdP and remote SP metadata, then the list is interleaved sorted by priority. @@ -62,23 +61,28 @@ You will see that a bunch of useful filters is included in the `core` module. In When you know the class definition of a filter, and the priority, the simple way to configure the filter is: - 20 => 'core:TargetedID', +```php +20 => 'core:TargetedID', +``` This is analogous to: - 20 => [ - 'class' => 'core:TargetedID' - ], +```php +20 => [ + 'class' => 'core:TargetedID' +], +``` Some *Auth Proc Filters* have optional or required *parameters*. To send parameters to *Auth Proc Filters*, you need to choose the second of the two alernatives above. Here is an example of provided parameters to the consent module: - 90 => [ - 'class' => 'consent:Consent', - 'store' => 'consent:Cookie', - 'focus' => 'yes', - 'checked' => TRUE - ], - +```php +90 => [ + 'class' => 'consent:Consent', + 'store' => 'consent:Cookie', + 'focus' => 'yes', + 'checked' => true, +], +``` ### Filters in `config.php` @@ -93,7 +97,6 @@ The filters in `authproc.idp` will be executed at the IdP side regardless of whi The filters in `authproc.sp` will be executed at the SP side regardless of which SP and IdP entity that is involved. - ### Filters in metadata Filters can be added both in `hosted` and `remote` metadata. Here is an example of a filter added in a metadata file: @@ -112,44 +115,39 @@ Filters can be added both in `hosted` and `remote` metadata. Here is an example The example above is in `saml20-idp-hosted`. - - -Auth Proc Filters included in the SimpleSAMLphp distribution ------------------------------------------------------------- +## Auth Proc Filters included in the SimpleSAMLphp distribution The following filters are included in the SimpleSAMLphp distribution: -- [`core:AttributeAdd`](./core:authproc_attributeadd): Add attributes to the response. -- [`core:AttributeCopy`](./core:authproc_attributecopy): Copy existing attributes to the response. -- [`core:AttributeAlter`](./core:authproc_attributealter): Do search-and-replace on attributevalues. -- [`core:AttributeLimit`](./core:authproc_attributelimit): Limit the attributes in the response. -- [`core:AttributeMap`](./core:authproc_attributemap): Change the name of the attributes. -- [`core:AttributeValueMap`](./core:authproc_attributevaluemap): Map attribute values to new values and attribute name. -- [`core:Cardinality`](./core:authproc_cardinality): Ensure the number of attribute values is within the specified multiplicity. -- [`core:CardinalitySingle`](./core:authproc_cardinalitysingle): Ensure the correct cardinality of single-valued attributes. -- [`core:GenerateGroups`](./core:authproc_generategroups): Generate a `group` attribute for the user. -- [`core:LanguageAdaptor`](./core:authproc_languageadaptor): Transferring language setting from IdP to SP. -- [`core:PHP`](./core:authproc_php): Modify attributes with custom PHP code. -- [`core:ScopeAttribute`](./core:authproc_scopeattribute): Add scope to attribute. -- [`core:ScopeFromAttribute`](./core:authproc_scopefromattribute): Create a new attribute based on the scope on a different attribute. -- [`core:StatisticsWithAttribute`](./core:authproc_statisticswithattribute): Create a statistics logentry. -- [`core:TargetedID`](./core:authproc_targetedid): Generate the `eduPersonTargetedID` attribute. -- [`core:WarnShortSSOInterval`](./core:authproc_warnshortssointerval): Give a warning if the user logs into the same SP twice within a few seconds. -- [`saml:AttributeNameID`](./saml:nameid): Generate custom NameID with the value of an attribute. -- [`saml:AuthnContextClassRef`](./saml:authproc_authncontextclassref): Set the authentication context in the response. -- [`saml:ExpectedAuthnContextClassRef`](./saml:authproc_expectedauthncontextclassref): Verify the user's authentication context. -- [`saml:FilterScopes`](./saml:filterscopes): Filter attribute values with scopes forbidden for an IdP. -- [`saml:NameIDAttribute`](./saml:nameidattribute): Create an attribute based on the NameID we receive from the IdP. -- [`saml:PersistentNameID`](./saml:nameid): Generate persistent NameID from an attribute. -- [`saml:PersistentNameID2TargetedID`](./saml:nameid): Store persistent NameID as eduPersonTargetedID. -- [`saml:TransientNameID`](./saml:nameid): Generate transient NameID. +* [`core:AttributeAdd`](./core:authproc_attributeadd): Add attributes to the response. +* [`core:AttributeCopy`](./core:authproc_attributecopy): Copy existing attributes to the response. +* [`core:AttributeAlter`](./core:authproc_attributealter): Do search-and-replace on attributevalues. +* [`core:AttributeLimit`](./core:authproc_attributelimit): Limit the attributes in the response. +* [`core:AttributeMap`](./core:authproc_attributemap): Change the name of the attributes. +* [`core:AttributeValueMap`](./core:authproc_attributevaluemap): Map attribute values to new values and attribute name. +* [`core:Cardinality`](./core:authproc_cardinality): Ensure the number of attribute values is within the specified multiplicity. +* [`core:CardinalitySingle`](./core:authproc_cardinalitysingle): Ensure the correct cardinality of single-valued attributes. +* [`core:GenerateGroups`](./core:authproc_generategroups): Generate a `group` attribute for the user. +* [`core:LanguageAdaptor`](./core:authproc_languageadaptor): Transferring language setting from IdP to SP. +* [`core:PHP`](./core:authproc_php): Modify attributes with custom PHP code. +* [`core:ScopeAttribute`](./core:authproc_scopeattribute): Add scope to attribute. +* [`core:ScopeFromAttribute`](./core:authproc_scopefromattribute): Create a new attribute based on the scope on a different attribute. +* [`core:StatisticsWithAttribute`](./core:authproc_statisticswithattribute): Create a statistics logentry. +* [`core:TargetedID`](./core:authproc_targetedid): Generate the `eduPersonTargetedID` attribute. +* [`core:WarnShortSSOInterval`](./core:authproc_warnshortssointerval): Give a warning if the user logs into the same SP twice within a few seconds. +* [`saml:AttributeNameID`](./saml:nameid): Generate custom NameID with the value of an attribute. +* [`saml:AuthnContextClassRef`](./saml:authproc_authncontextclassref): Set the authentication context in the response. +* [`saml:ExpectedAuthnContextClassRef`](./saml:authproc_expectedauthncontextclassref): Verify the user's authentication context. +* [`saml:FilterScopes`](./saml:filterscopes): Filter attribute values with scopes forbidden for an IdP. +* [`saml:NameIDAttribute`](./saml:nameidattribute): Create an attribute based on the NameID we receive from the IdP. +* [`saml:PersistentNameID`](./saml:nameid): Generate persistent NameID from an attribute. +* [`saml:PersistentNameID2TargetedID`](./saml:nameid): Store persistent NameID as eduPersonTargetedID. +* [`saml:TransientNameID`](./saml:nameid): Generate transient NameID. See the [Third-party modules](https://simplesamlphp.org/modules) page on the SimpleSAMLphp website for externally hosted modules that may provide a processing filter. - -Writing your own Auth Proc Filter ---------------------------------- +## Writing your own Auth Proc Filter Look at the included *Auth Proc Filters* as examples. Copy the classes into your own module and start playing around. @@ -159,13 +157,13 @@ If a filter for some reason needs to redirect the user, for example to show a we Requirements for authentication processing filters: - - Must be derived from the `\SimpleSAML\Auth\ProcessingFilter`-class. - - If a constructor is implemented, it must first call the parent constructor, passing along all parameters, before accessing any of the parameters. In general, only the $config parameter should be accessed. - - The `process(&$request)`-function must be implemented. If this function completes, it is assumed that processing is completed, and that the $request array has been updated. - - If the `process`-function does not return, it must at a later time call `\SimpleSAML\Auth\ProcessingChain::resumeProcessing` with the new request state. The request state must be an update of the array passed to the `process`-function. - - No pages may be shown to the user from the `process`-function. Instead, the request state should be saved, and the user should be redirected to a new page. This must be done to prevent unpredictable events if the user for example reloads the page. - - No state information should be stored in the filter object. It must instead be stored in the request state array. Any changes to variables in the filter object may be lost. - - The filter object must be serializable. It may be serialized between being constructed and the call to the `process`-function. This means that, for example, no database connections should be created in the constructor and later used in the `process`-function. +* Must be derived from the `\SimpleSAML\Auth\ProcessingFilter`-class. +* If a constructor is implemented, it must first call the parent constructor, passing along all parameters, before accessing any of the parameters. In general, only the $config parameter should be accessed. +* The `process(&$request)`-function must be implemented. If this function completes, it is assumed that processing is completed, and that the $request array has been updated. +* If the `process`-function does not return, it must at a later time call `\SimpleSAML\Auth\ProcessingChain::resumeProcessing` with the new request state. The request state must be an update of the array passed to the `process`-function. +* No pages may be shown to the user from the `process`-function. Instead, the request state should be saved, and the user should be redirected to a new page. This must be done to prevent unpredictable events if the user for example reloads the page. +* No state information should be stored in the filter object. It must instead be stored in the request state array. Any changes to variables in the filter object may be lost. +* The filter object must be serializable. It may be serialized between being constructed and the call to the `process`-function. This means that, for example, no database connections should be created in the constructor and later used in the `process`-function. *Note*: An Auth Proc Filter will not work in the "Test authentication sources" option in the web UI of a SimpleSAMLphp IdP. It will only be triggered in conjunction with an actual SP. So you need to set up an IdP *and* and SP when testing your filter. diff --git a/docs/simplesamlphp-authsource.md b/docs/simplesamlphp-authsource.md index 79c298bbc4..e2d09a1862 100644 --- a/docs/simplesamlphp-authsource.md +++ b/docs/simplesamlphp-authsource.md @@ -1,5 +1,4 @@ -Creating authentication sources -=============================== +# Creating authentication sources All authentication sources are located in the `lib/Auth/Source/` directory in a module, and the class name is `\SimpleSAML\Module\\Auth\Source\`. The authentication source must extend the `\SimpleSAML\Auth\Source` class or one of its subclasses. @@ -20,9 +19,7 @@ If the module needs to redirect the user, for example because it needs to show t For that we have the `\SimpleSAML\Auth\State` class. This is only a convenience class, and you are not required to use it (but its use is encouraged, since it handles some potential pitfalls). - -Saving state ------------- +## Saving state The `\SimpleSAML\Auth\State` class has two functions that you should use: `saveState($state, $stage)`, and `loadState($id, $stage)`. @@ -31,9 +28,7 @@ It is used to prevent a malicious user from taking a state you save in one locat The `saveState()`-function returns an id, which you should pass to the `loadState()`-function later. - -Username/password authentication --------------------------------- +## Username/password authentication Since username/password authentication is quite a common operation, a base class has been created for this. This is the `\SimpleSAML\Module\core\Auth\UserPassBase` class, which is can be found as `modules/core/lib/Auth/UserPassBase.php`. @@ -46,54 +41,52 @@ If the username or password is incorrect, it should throw an error saying so: "[Implementing custom username/password authentication](./simplesamlphp-customauth)" describes how to implement username/password authentication using that base class. +## Generic rules & requirements -Generic rules & requirements ----------------------------- - -- Must be derived from the `\SimpleSAML\Auth\Source`-class. +- Must be derived from the `\SimpleSAML\Auth\Source`-class. - **Rationale**: - - Deriving all authentication sources from a single base class allows us extend all authentication sources by extending the base class. + **Rationale**: + - Deriving all authentication sources from a single base class allows us extend all authentication sources by extending the base class. -- If a constructor is implemented, it must first call the parent constructor, passing along all parameters, before accessing any of the parameters. - In general, only the $config parameter should be accessed when implementing the authentication source. +- If a constructor is implemented, it must first call the parent constructor, passing along all parameters, before accessing any of the parameters. + In general, only the $config parameter should be accessed when implementing the authentication source. - **Rationale**: - - PHP doesn't automatically call any parent constructor, so it needs to be done manually. - - The `$info`-array is used to provide information to the `\SimpleSAML\Auth\Source` base class, and therefore needs to be included. - - Including the `$config`-array makes it possible to add generic configuration options that are valid for all authentication sources. + **Rationale**: + - PHP doesn't automatically call any parent constructor, so it needs to be done manually. + - The `$info`-array is used to provide information to the `\SimpleSAML\Auth\Source` base class, and therefore needs to be included. + - Including the `$config`-array makes it possible to add generic configuration options that are valid for all authentication sources. -- The `authenticate(&$state)`-function must be implemented. - If this function completes, it is assumed that the user is authenticated, and that the `$state`-array has been updated with the user's attributes. +- The `authenticate(&$state)`-function must be implemented. + If this function completes, it is assumed that the user is authenticated, and that the `$state`-array has been updated with the user's attributes. - **Rationale**: - - Allowing the `authenticate()`-function to return after updating the `$state`-array enables us to do authentication without redirecting the user. - This can be used if the authentication doesn't require user input, for example if the authentication can be done based on the IP-address of the user. + **Rationale**: + - Allowing the `authenticate()`-function to return after updating the `$state`-array enables us to do authentication without redirecting the user. + This can be used if the authentication doesn't require user input, for example if the authentication can be done based on the IP-address of the user. -- If the `authenticate`-function does not return, it must at a later time call `\SimpleSAML\Auth\Source::completeAuth` with the new state array. - The state array must be an update of the array passed to the `authenticate`-function. +- If the `authenticate`-function does not return, it must at a later time call `\SimpleSAML\Auth\Source::completeAuth` with the new state array. + The state array must be an update of the array passed to the `authenticate`-function. - **Rationale**: - - Preserving the same state array allows us to save information in that array before the authentication starts, and restoring it when authentication completes. + **Rationale**: + - Preserving the same state array allows us to save information in that array before the authentication starts, and restoring it when authentication completes. -- No pages may be shown to the user from the `authenticate()`-function. - Instead, the state should be saved, and the user should be redirected to a new page. +- No pages may be shown to the user from the `authenticate()`-function. + Instead, the state should be saved, and the user should be redirected to a new page. - **Rationale**: - - The `authenticate()`-function is called in the context of a different PHP page. - If the user reloads that page, unpredictable results may occur. + **Rationale**: + - The `authenticate()`-function is called in the context of a different PHP page. + If the user reloads that page, unpredictable results may occur. -- No state information about any authentication should be stored in the authentication source object. - It must instead be stored in the state array. - Any changes to variables in the authentication source object may be lost. +- No state information about any authentication should be stored in the authentication source object. + It must instead be stored in the state array. + Any changes to variables in the authentication source object may be lost. - **Rationale**: - - This saves us from having to save the entire authentication object between requests. - Instead, we can recreate it from the configuration. + **Rationale**: + - This saves us from having to save the entire authentication object between requests. + Instead, we can recreate it from the configuration. -- The authentication source object must be serializable. - It may be serialized between being constructed and the call to the `authenticate()`-function. - This means that, for example, no database connections should be created in the constructor and later used in the `authenticate()`-function. +- The authentication source object must be serializable. + It may be serialized between being constructed and the call to the `authenticate()`-function. + This means that, for example, no database connections should be created in the constructor and later used in the `authenticate()`-function. - **Rationale**: - - If parsing the configuration and creating the authentication object is shown to be a bottleneck, we can cache an initialized authentication source. + **Rationale**: + - If parsing the configuration and creating the authentication object is shown to be a bottleneck, we can cache an initialized authentication source. diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md index adbe2377a9..02bcf03f47 100644 --- a/docs/simplesamlphp-changelog.md +++ b/docs/simplesamlphp-changelog.md @@ -1,5 +1,4 @@ -SimpleSAMLphp changelog -======================= +# SimpleSAMLphp changelog [TOC] @@ -8,828 +7,902 @@ See the upgrade notes for specific information about upgrading. ## Version 2.0.0 - * Support for certificate fingerprints was removed - * Support for SAML 1.1 was removed - * Old-style PHP templates were removed - * Old-style dictionaries were removed - * The default value for attrname-format was changed to 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri' - to comply with SAML2INT - * core:PairwiseID and core:SubjectID authprocs no longer support the 'scope' config-setting. - Use 'scopeAttribute' instead to identify the attribute holding the scope. - * Accepting unsolicited responses can be disabled by setting `enable_unsolicited` to `false` in the SP authsource. - * Certificates and private keys can now be retrieved from a database +* Support for certificate fingerprints was removed +* Support for SAML 1.1 was removed +* Old-style PHP templates were removed +* Old-style dictionaries were removed +* The default value for attrname-format was changed to 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri' + to comply with SAML2INT +* core:PairwiseID and core:SubjectID authprocs no longer support the 'scope' config-setting. + Use 'scopeAttribute' instead to identify the attribute holding the scope. +* Accepting unsolicited responses can be disabled by setting `enable_unsolicited` to `false` in the SP authsource. +* Certificates and private keys can now be retrieved from a database ## Version 1.19.1 Released TBD - * Fixed a bug in the Artifact Resolution Service (#1428) - * Fixed compatibility with Composer pre 1.8.5 (Debian 10) (#1427) - * Updated npm dependencies up to February 1, 2021 +* Fixed a bug in the Artifact Resolution Service (#1428) +* Fixed compatibility with Composer pre 1.8.5 (Debian 10) (#1427) +* Updated npm dependencies up to February 1, 2021 -### memcacheMonitor - * Fix a bug in the Twig-template that causes an exception on newer Twig-versions +`memcacheMonitor` -### negotiate - * Fix a bug that was breaking the module when using the old UI +* Fix a bug in the Twig-template that causes an exception on newer Twig-versions -### statistics - * Fix a bug in the Twig-template that causes an exception on newer Twig-versions +`negotiate` + +* Fix a bug that was breaking the module when using the old UI + +`statistics` + +* Fix a bug in the Twig-template that causes an exception on newer Twig-versions ## Version 1.19.0 Released 2021-01-21 - * This version will be the last of the 1.x branch and will provide a migration path to our new - templating system, routing system and translation system. - * SAML 1 / Shib 1.3 support is now marked deprecated and will be removed in SimpleSAMLphp 2.0. - * Raised minimum PHP version to 7.1 - * Dropped support for Symfony 3.x - * Update the SAML2 library dependency to 4.1.9 - * Fix a bug where SSP wouldn't write to the tmp-directory if it didn't own it, but could write to it (#1314) - * Fixed several bugs in saml:NameIDAttribute (#1245) - * Fix artifact resolution (#1343) - * Allow additional audiences to be specified (#1345) - * Allow configurable ProviderName (#1348) - * Support saml:Extensions in saml:SP authsources (#1349) - * The `attributename`-setting in the core:TargetedID authproc-filter has been deprecated in - favour of the `identifyingAttribute`-setting. - * Filter multiauth authentication sources from SP using AuthnContextClassRef (#1362) - * Allow easy enabling of SameSite = 'None' (#1382) - * Do not accept the hashed admin password for authentication (#1418) +* This version will be the last of the 1.x branch and will provide a migration path to our new + templating system, routing system and translation system. +* SAML 1 / Shib 1.3 support is now marked deprecated and will be removed in SimpleSAMLphp 2.0. +* Raised minimum PHP version to 7.1 +* Dropped support for Symfony 3.x +* Update the SAML2 library dependency to 4.1.9 +* Fix a bug where SSP wouldn't write to the tmp-directory if it didn't own it, but could write to it (#1314) +* Fixed several bugs in saml:NameIDAttribute (#1245) +* Fix artifact resolution (#1343) +* Allow additional audiences to be specified (#1345) +* Allow configurable ProviderName (#1348) +* Support saml:Extensions in saml:SP authsources (#1349) +* The `attributename`-setting in the core:TargetedID authproc-filter has been deprecated in + favour of the `identifyingAttribute`-setting. +* Filter multiauth authentication sources from SP using AuthnContextClassRef (#1362) +* Allow easy enabling of SameSite = 'None' (#1382) +* Do not accept the hashed admin password for authentication (#1418) ## Version 1.18.8 Released 2020-09-02 - * Fixed Artifact Resolution due to incorrect use of Issuer objects (#1343). - * Fixed some of the German translations (#1331). Thanks @htto! - * Harden against CVE-2020-13625; this package is not affected, but 3rd party modules may (#1333). - * Harden against several JS issues (npm update & npm audit fix) - * Fixed inconsistent configuration of backtraces logging - * Support for Symfony 3.x is now deprecated - * Support for Twig 1.x is now deprecated +* Fixed Artifact Resolution due to incorrect use of Issuer objects (#1343). +* Fixed some of the German translations (#1331). Thanks @htto! +* Harden against CVE-2020-13625; this package is not affected, but 3rd party modules may (#1333). +* Harden against several JS issues (npm update & npm audit fix) +* Fixed inconsistent configuration of backtraces logging +* Support for Symfony 3.x is now deprecated +* Support for Twig 1.x is now deprecated + +`authcrypt` + +* The dependency for whitehat101/apr1-md5 was moved from the base repository to the module (v0.9.2) + +`authx509` + +* Restore PHP 5.6 compatibility (v0.9.5) + +`cron` + +* Fixed old-ui (#1248) -### authcrypt - * The dependency for whitehat101/apr1-md5 was moved from the base repository to the module (v0.9.2) +`ldap` -### authx509 - * Restore PHP 5.6 compatibility (v0.9.5) +* Moved array with binary attributes to authsource config (v0.9.9) + Instead of having to edit code, you can now set 'attributes.binary' in the authsource configuration. -### cron - * Fixed old-ui (#1248) +`metarefresh` -### ldap - * Moved array with binary attributes to authsource config (v0.9.9) - Instead of having to edit code, you can now set 'attributes.binary' in the authsource configuration. +* Add attributewhitelist to support e.g. R&S+Sirtfi (v0.9.5) +* Restore PHP 5.6 compatibility (v0.9.6) -### metarefresh - * Add attributewhitelist to support e.g. R&S+Sirtfi (v0.9.5) - * Restore PHP 5.6 compatibility (v0.9.6) +`negotiate` -### negotiate ### - * Restore PHP 5.6 compatibility (v0.9.8) - * Fixed a link (v0.9.9) +* Restore PHP 5.6 compatibility (v0.9.8) +* Fixed a link (v0.9.9) -### saml2 library - * Fixed a bug in the AuthnRequest-class that would raise an InvalidArgumentException when setting - the AssertionConsumerServiceIndex as an integer on an saml:SP authsource. - Thanks to Andrea @ Oracle for reporting this. +`saml2 library` + +* Fixed a bug in the AuthnRequest-class that would raise an InvalidArgumentException when setting + the AssertionConsumerServiceIndex as an integer on an saml:SP authsource. + Thanks to Andrea @ Oracle for reporting this. ## Version 1.18.7 Released 2020-05-12 - * Fix spurious warnings when session_create_id() fails to create ID (#1291) - * Fix inconsistency in the way PATH_INFO is being used (#1227). - * Fix a potential security issue [CVE-2020-11022](https://nvd.nist.gov/vuln/detail/CVE-2020-11022) by updating jQuery. If any of your custom modules rely on jQuery, - make sure you read the following [update notes](https://jquery.com/upgrade-guide/3.5/), since jQuery has solved this in a non-BC way (#1321). - * Fix incorrect Polish translations (#1311). - * Fix a broken migration query in the LogoutStore (#1324). - * Fix an issue with the SameSite cookie parameter when running on PHP versions older than 7.3 (#1320). +* Fix spurious warnings when session_create_id() fails to create ID (#1291) +* Fix inconsistency in the way PATH_INFO is being used (#1227). +* Fix a potential security issue [CVE-2020-11022](https://nvd.nist.gov/vuln/detail/CVE-2020-11022) by updating jQuery. If any of your custom modules rely on jQuery, + make sure you read the following [update notes](https://jquery.com/upgrade-guide/3.5/), since jQuery has solved this in a non-BC way (#1321). +* Fix incorrect Polish translations (#1311). +* Fix a broken migration query in the LogoutStore (#1324). +* Fix an issue with the SameSite cookie parameter when running on PHP versions older than 7.3 (#1320). + +`adfs` + +* Fixed a broken link to one of the assets (v0.9.6). + +`ldap` + +* Handle binary attributes in a generic way (v0.9.5). + +`oauth` + +* Fix PHP 7.4 incompatibility (v0.9.2). + +`preprodwarning` -### adfs - * Fixed a broken link to one of the assets (v0.9.6). +* Fix Dutch translations (v0.9.2). -### ldap - * Handle binary attributes in a generic way (v0.9.5). +`sanitycheck` -### oauth - * Fix PHP 7.4 incompatibility (v0.9.2). +* Fix broken HTML (v0.9.1). -### preprodwarning - * Fix Dutch translations (v0.9.2). +`saml` -### sanitycheck - * Fix broken HTML (v0.9.1). +* Fix several issues in the saml:NameIDAttribute authproc filter (#1325). -### saml - * Fix several issues in the saml:NameIDAttribute authproc filter (#1325). +`saml2 library` -### saml2 library - * fixed a standards compliance issue regarding ContactPerson EMail addresses (v3.4.4). - * fixed an issue parsing very large metadata files (v3.4.3). +* fixed a standards compliance issue regarding ContactPerson EMail addresses (v3.4.4). +* fixed an issue parsing very large metadata files (v3.4.3). ## Version 1.18.6 Released 2020-04-17 - * Fix source code disclosure on case-insensitive file systems. See - [SSPSA 202004-01](https://simplesamlphp.org/security/202004-01). - * Fix spurious error in logs when using a custom theme (#1312). - * Fix broken metadata converter (#1305). +* Fix source code disclosure on case-insensitive file systems. See + [SSPSA 202004-01](https://simplesamlphp.org/security/202004-01). +* Fix spurious error in logs when using a custom theme (#1312). +* Fix broken metadata converter (#1305). ## Version 1.18.5 Released 2020-03-19 - * Make the URLs for the cron module work again (#1248). - * Email error reports now include metadata again (#1269). - * Fix exampleauth module when using the legacy UI (#1275). - * Fix authorize module when using custom reject message. - * Documentation improvements. - * Fix connection persistence for deployments that switched to memcached. +* Make the URLs for the cron module work again (#1248). +* Email error reports now include metadata again (#1269). +* Fix exampleauth module when using the legacy UI (#1275). +* Fix authorize module when using custom reject message. +* Documentation improvements. +* Fix connection persistence for deployments that switched to memcached. ## Version 1.18.4 Released 2020-01-24 - * Resolved a security issue in email reports. See - [SSPSA 202001-01](https://simplesamlphp.org/security/202001-01). - * Resolved a security issue with the logging system. See - [SSPSA 202001-02](https://simplesamlphp.org/security/202001-02). - * Fixed SQL store index creation for PostgreSQL. - * Handle case where cookie 'domain' parameter was not set. - * Update versions of included JavaScript dependencies. +* Resolved a security issue in email reports. See + [SSPSA 202001-01](https://simplesamlphp.org/security/202001-01). +* Resolved a security issue with the logging system. See + [SSPSA 202001-02](https://simplesamlphp.org/security/202001-02). +* Fixed SQL store index creation for PostgreSQL. +* Handle case where cookie 'domain' parameter was not set. +* Update versions of included JavaScript dependencies. ## Version 1.18.3 Released 2019-12-09 - * Fixed an issue with several modules being enabled by default (#1257). - * Fixed an issue with metadata generation for trusted entities (#1247, #1251). +* Fixed an issue with several modules being enabled by default (#1257). +* Fixed an issue with metadata generation for trusted entities (#1247, #1251). -### ldap - * Fixed an issue affecting the installation in case-insensitive file systems (#1253). +`ldap` + +* Fixed an issue affecting the installation in case-insensitive file systems (#1253). ## Version 1.18.2 Released 2019-11-26 - * Fixed an issue with the `ldap` module that prevented installing SimpleSAMLphp from the repository (#1241). +* Fixed an issue with the `ldap` module that prevented installing SimpleSAMLphp from the repository (#1241). ## Version 1.18.1 Released 2019-11-26 - * Fixed an issue that prevented custom themes from working (#1240). - * Fixed an issue with translations in the discovery service (#1244). - * Fixed an issue with schema validation. +* Fixed an issue that prevented custom themes from working (#1240). +* Fixed an issue with translations in the discovery service (#1244). +* Fixed an issue with schema validation. ## Version 1.18.0 Released 2019-11-19 - * Fixed an issue with warnings being logged when using PHP 7.2 or newer (#1168). - * Fixed an issue with web server aliases or rewritten URLs not working (#1023, #1093). - * Fixed an issue that prevented errors to be logged if the log file was not writeable (#1194). - * Fixed an issue with old-style NameIDPolicy configurations that disallowed creating new NameIDs (#1230). - * Resolved a security issue that exposed host information to unauthenticated users. See - [SSPSA 201911-02](https://simplesamlphp.org/security/201911-02). - * Replaced custom Email class with the phpmailer library. - * Allow logging to STDERR in the `logging.handler` option by setting it to `stderr`. - * Allow use of stream wrappers (e.g. s3://) in paths. - * Improved 'update or insert' handling for different SQL drivers. - * The default algorithm within the TimeLimitedToken class has been bumped from SHA-1 to SHA-256 - as announced by deprecation notice in 1.15-RC1. - * Most modules have been externalized. They will not be included in our future releases by default, - but will be easily installable using Composer. For now, they are still included in the package. - * Many minor fixes to code, css, documentation - -### metarefresh - * The algorithm to compute the fingerprint of the certificate that signed - metadata can be specified with the new `validateFingerprintAlgorithm` - configuration option. - -### saml - * Make the id of the generated signed metadata only change when metadata content changes. - * New SP metadata configuration options `AssertionConsumerService` and `SingleLogoutServiceLocation` - to allow overriding the default URL paths. - * Added support for per-IDP configurable `AuthnContextClassRef`/`AuthnContextComparison`. +* Fixed an issue with warnings being logged when using PHP 7.2 or newer (#1168). +* Fixed an issue with web server aliases or rewritten URLs not working (#1023, #1093). +* Fixed an issue that prevented errors to be logged if the log file was not writeable (#1194). +* Fixed an issue with old-style NameIDPolicy configurations that disallowed creating new NameIDs (#1230). +* Resolved a security issue that exposed host information to unauthenticated users. See + [SSPSA 201911-02](https://simplesamlphp.org/security/201911-02). +* Replaced custom Email class with the phpmailer library. +* Allow logging to STDERR in the `logging.handler` option by setting it to `stderr`. +* Allow use of stream wrappers (e.g. s3://) in paths. +* Improved 'update or insert' handling for different SQL drivers. +* The default algorithm within the TimeLimitedToken class has been bumped from SHA-1 to SHA-256 + as announced by deprecation notice in 1.15-RC1. +* Most modules have been externalized. They will not be included in our future releases by default, + but will be easily installable using Composer. For now, they are still included in the package. +* Many minor fixes to code, css, documentation + +`metarefresh` + +* The algorithm to compute the fingerprint of the certificate that signed + metadata can be specified with the new `validateFingerprintAlgorithm` + configuration option. + +`saml` + +* Make the id of the generated signed metadata only change when metadata content changes. +* New SP metadata configuration options `AssertionConsumerService` and `SingleLogoutServiceLocation` + to allow overriding the default URL paths. +* Added support for per-IDP configurable `AuthnContextClassRef`/`AuthnContextComparison`. ## Version 1.17.8 Released 2019-11-20 - * Resolved a security issue that exposed host information to unauthenticated users. See - [SSPSA 201911-02](https://simplesamlphp.org/security/201911-02). +* Resolved a security issue that exposed host information to unauthenticated users. See + [SSPSA 201911-02](https://simplesamlphp.org/security/201911-02). -### consentAdmin +`consentAdmin` - * Fixed an issue with CSS and JavaScript not loading for the module in the new user - interface. +* Fixed an issue with CSS and JavaScript not loading for the module in the new user + interface. ## Version 1.17.7 Released 2019-11-06 - * Resolved a security issue that allows to bypass signature validation. See - [SSPSA 201911-01](https://simplesamlphp.org/security/201911-01). +* Resolved a security issue that allows to bypass signature validation. See + [SSPSA 201911-01](https://simplesamlphp.org/security/201911-01). ## Version 1.17.6 Released 2019-08-29 - * Fixed a regression with logout database initialization when using MySQL (#1177). - * Fixed an issue with logout when using iframes (#1191). - * Fixed an issue causing log entries to be logged with incorrect relative order (#1107). +* Fixed a regression with logout database initialization when using MySQL (#1177). +* Fixed an issue with logout when using iframes (#1191). +* Fixed an issue causing log entries to be logged with incorrect relative order (#1107). ## Version 1.17.5 Released 2019-08-02 - * Fixed a bug in the SP API where NameID objects weren't taken care of (introduced in 1.17.0). - * Fixed a regression where MetaDataStorageHandlerPdo::getMetaData() would not return a value (#1165). - * Fixed an issue with table indexes (#1089). - * Fixed an issue with table migrations on SQlite (#1169). - * Fixed an issue with generated eduPersonTargetedID lacking a format specified (#1135). - * Updated composer dependencies. +* Fixed a bug in the SP API where NameID objects weren't taken care of (introduced in 1.17.0). +* Fixed a regression where MetaDataStorageHandlerPdo::getMetaData() would not return a value (#1165). +* Fixed an issue with table indexes (#1089). +* Fixed an issue with table migrations on SQlite (#1169). +* Fixed an issue with generated eduPersonTargetedID lacking a format specified (#1135). +* Updated composer dependencies. ## Version 1.17.4 Released 2019-07-11 - * Fix an issue introduced in 1.17.3 with `enable.http_post`. +* Fix an issue introduced in 1.17.3 with `enable.http_post`. ## Version 1.17.3 Released 2019-07-10 - * Resolved a security issue that could lead to a reflected XSS. See - [SSPSA 201907-01](https://simplesamlphp.org/security/201907-01). - * Add new options `session.cookie.samesite` and `language.cookie.samesite` that can be - used to set a specific value for the cookies' SameSite attribute. The default it not - to set it. - * Upgraded jQuery to version 3.4. - * HHVM is no longer supported. - * Fixed a bug (#926) where dynamic metadata records where not loaded from a database. - * Fixed an issue when an error occurs during a passive authentication request. - * Handle duplicate insertions for SQL Server. - * Fix a bug in Short SSO Interval warning filter. - * Apply a workaround for SIGSEGVs during session creation with PHP-FPM 7.3. - -### adfs - * Fixed a missing option to supply a passphrase for the ADFS IDP signing certificate. - -### authlinkedin - * This module has been removed now that LinkedIn no longer supports OAuth1. - If you relied on this module, you may consider migrating to the - [authoauth2 module](https://github.com/cirrusidentity/simplesamlphp-module-authoauth2). - A migration guide for LinkedIn authentication is included in their README. +* Resolved a security issue that could lead to a reflected XSS. See + [SSPSA 201907-01](https://simplesamlphp.org/security/201907-01). +* Add new options `session.cookie.samesite` and `language.cookie.samesite` that can be + used to set a specific value for the cookies' SameSite attribute. The default it not + to set it. +* Upgraded jQuery to version 3.4. +* HHVM is no longer supported. +* Fixed a bug (#926) where dynamic metadata records where not loaded from a database. +* Fixed an issue when an error occurs during a passive authentication request. +* Handle duplicate insertions for SQL Server. +* Fix a bug in Short SSO Interval warning filter. +* Apply a workaround for SIGSEGVs during session creation with PHP-FPM 7.3. + +`adfs` + +* Fixed a missing option to supply a passphrase for the ADFS IDP signing certificate. + +`authlinkedin` + +* This module has been removed now that LinkedIn no longer supports OAuth1. + If you relied on this module, you may consider migrating to the + [authoauth2 module](https://github.com/cirrusidentity/simplesamlphp-module-authoauth2). + A migration guide for LinkedIn authentication is included in their README. ## Version 1.17.2 Released 2019-04-02 - * Fixed that generated metadata was missing some information - when PHP's zend.assertions option is set to < 1. - * Fixed that MDUI Keywords and Logo were not parsed from metadata. - * Fixed DiscoPower module tab display. - * Fixed use group name in Attribute Add Users Groups filter. - * Add metadatadir setting to the default config template. - * Fixed exception processing in loadExceptionState(). - * Fixed preferredidp in built-in 'links'-style discovery. +* Fixed that generated metadata was missing some information + when PHP's zend.assertions option is set to < 1. +* Fixed that MDUI Keywords and Logo were not parsed from metadata. +* Fixed DiscoPower module tab display. +* Fixed use group name in Attribute Add Users Groups filter. +* Add metadatadir setting to the default config template. +* Fixed exception processing in loadExceptionState(). +* Fixed preferredidp in built-in 'links'-style discovery. ## Version 1.17.1 Released 2019-03-07 - * Fixed an issue with composer that made it impossible to install modules - if SimpleSAMLphp was installed itself with the provided package (tar.gz file). +* Fixed an issue with composer that made it impossible to install modules + if SimpleSAMLphp was installed itself with the provided package (tar.gz file). ## Version 1.17.0 Released 2019-03-07 - * Introduce a new experimental user interface based on Twig templates. - The new Twig templates co-exist next to the old ones and come - with a new look-and-feel for SimpleSAMLphp and independent interfaces for - users and administrators. This new interface uses also a new build system - to generate bundled assets. - * Introduce Symfony-style routing and dependency injection(#966). - * Generate session IDs complying with PHP config settings when using the PHP - session handler (#569). - * Update OpenSSL RSA bit length in docs (#993). - * Update all code, configuration templates and documentation to PHP - short array syntax. - * All classes moved to namespaces and code reformatted to PSR-2. - * Use bcrypt for new password hashes, old ones will remain working (#996). - * Many code cleanups. - * Update the SAML2 library dependency to 3.2.5. - * Update the Clipboard.JS library dependency to 2.0.4. - * Translated to Zulu and Xhosa. - * Multiple bug fixes and corrections. +* Introduce a new experimental user interface based on Twig templates. + The new Twig templates co-exist next to the old ones and come + with a new look-and-feel for SimpleSAMLphp and independent interfaces for + users and administrators. This new interface uses also a new build system + to generate bundled assets. +* Introduce Symfony-style routing and dependency injection(#966). +* Generate session IDs complying with PHP config settings when using the PHP + session handler (#569). +* Update OpenSSL RSA bit length in docs (#993). +* Update all code, configuration templates and documentation to PHP + short array syntax. +* All classes moved to namespaces and code reformatted to PSR-2. +* Use bcrypt for new password hashes, old ones will remain working (#996). +* Many code cleanups. +* Update the SAML2 library dependency to 3.2.5. +* Update the Clipboard.JS library dependency to 2.0.4. +* Translated to Zulu and Xhosa. +* Multiple bug fixes and corrections. ### Interoperability - * The minimum PHP version required is now 5.5. - * Fixed compatibility with PHP 7.3 and HVVM. - * SimpleSAMLphp can now be used with applications that use Twig 2 and/or Symfony 4. - * The SAML2 library now uses getters/setters to manipulate objects properties. - -### authfacebook - * Fix Facebook compatibility (query parameters). - -### authorize - * Add the possibility to configure a custom rejection message. - -### consent - * The module is now disabled by default. - -### core - * Allow `core:PHP` to manipulate the entire state array. - * IdP initiated login: add compatibility with Shibboleth parameters. - -### multiauth - * Added a `preselect` configuration option to skip authsource selection (#1005). - -### negotiate - * The `keytab` setting now allows for relative paths too. - -### preprodwarning - * This module is now deprecated. Use the `production` configuration - option instead; set it to `false` to show a pre-production warning - before authentication. - -### saml - * Add initial support for SAML Subject ID Attributes. - * Allow to specify multiple supported NameIdFormats in IdP hosted and SP - remote metadata. - * Allow to specify NameIDPolicy Format and AllowCreate in hosted SP - and remote IdP configuration. Restore the possibility to omit it from - AuthnRequests entirely (#984). - * Add a `assertion.allowed_clock_skew` setting to influence how lenient - we should be with the timestamps in received SAML messages. - * If the Issuer of a SAML response does not match the entity we sent the - request to, log a warning instead of bailing out with an exception. - * Allow setting the AudienceRestriction in SAML2 requests (#998). - * Allow disabling the Scoping element in SP and remote IdP configuration with - the `disable_scoping` option, for compatibility with ADFS which does not - accept the element (#985). - * Receiving an eduPersonTargetedID in string form will no longer break - parsing of the assertion. - -### sanitycheck - * Translated into several languages. + +* The minimum PHP version required is now 5.5. +* Fixed compatibility with PHP 7.3 and HVVM. +* SimpleSAMLphp can now be used with applications that use Twig 2 and/or Symfony 4. +* The SAML2 library now uses getters/setters to manipulate objects properties. + +`authfacebook` + +* Fix Facebook compatibility (query parameters). + +`authorize` + +* Add the possibility to configure a custom rejection message. + +`consent` + +* The module is now disabled by default. + +`core` + +* Allow `core:PHP` to manipulate the entire state array. +* IdP initiated login: add compatibility with Shibboleth parameters. + +`multiauth + +* Added a `preselect` configuration option to skip authsource selection (#1005). + +`negotiate` + +* The `keytab` setting now allows for relative paths too. + +`preprodwarning` + +* This module is now deprecated. Use the `production` configuration + option instead; set it to `false` to show a pre-production warning + before authentication. + +`saml` + +* Add initial support for SAML Subject ID Attributes. +* Allow to specify multiple supported NameIdFormats in IdP hosted and SP + remote metadata. +* Allow to specify NameIDPolicy Format and AllowCreate in hosted SP + and remote IdP configuration. Restore the possibility to omit it from + AuthnRequests entirely (#984). +* Add a `assertion.allowed_clock_skew` setting to influence how lenient + we should be with the timestamps in received SAML messages. +* If the Issuer of a SAML response does not match the entity we sent the + request to, log a warning instead of bailing out with an exception. +* Allow setting the AudienceRestriction in SAML2 requests (#998). +* Allow disabling the Scoping element in SP and remote IdP configuration with + the `disable_scoping` option, for compatibility with ADFS which does not + accept the element (#985). +* Receiving an eduPersonTargetedID in string form will no longer break + parsing of the assertion. + +`sanitycheck` + +* Translated into several languages. ## Version 1.16.3 Released 2018-12-20 - * Resolved a security issue that could expose the user's credentials locally. See - [SSPSA 201812-01](https://simplesamlphp.org/security/201812-01). - * Downgraded the level of log messages regarding the `userid.attribute` configuration option - from _warning_ to _debug_. - * Make the `attr` configuration option of the _negotiate_ allow both a string and an array. - * Look for the _keytab_ file used by the _negotiate_ module in the `cert` directory, accepting - both absolute and relative paths. - * Fixed some broken links. - * Other minor bugfixes. +* Resolved a security issue that could expose the user's credentials locally. See + [SSPSA 201812-01](https://simplesamlphp.org/security/201812-01). +* Downgraded the level of log messages regarding the `userid.attribute` configuration option + from _warning_ to _debug_. +* Make the `attr` configuration option of the _negotiate_ allow both a string and an array. +* Look for the _keytab_ file used by the _negotiate_ module in the `cert` directory, accepting + both absolute and relative paths. +* Fixed some broken links. +* Other minor bugfixes. ## Version 1.16.2 Released 2018-09-28 - * Fixed an issue with PHP sessions in PHP 7.2. - * Fixed a bug in the OAuth module. - * Make schema validation work again. - * Properly document the `saml:AuthnContextClassRef` authentication processing filter. - * Fixed an issue that made it impossible to install the software with composer using the - "stable" minimum-stability setting. - * Changed the default authentication context class to "PasswordProtectedTransport" by default - when authentication happened on an HTTPS exchange. +* Fixed an issue with PHP sessions in PHP 7.2. +* Fixed a bug in the OAuth module. +* Make schema validation work again. +* Properly document the `saml:AuthnContextClassRef` authentication processing filter. +* Fixed an issue that made it impossible to install the software with composer using the + "stable" minimum-stability setting. +* Changed the default authentication context class to "PasswordProtectedTransport" by default + when authentication happened on an HTTPS exchange. ## Version 1.16.1 Released 2018-09-07 - * Fix a bug preventing the consent page from showing. - * Add Catalan to the list of available languages. +* Fix a bug preventing the consent page from showing. +* Add Catalan to the list of available languages. ## Version 1.16.0 Released 2018-09-06 ### Changes - * Default signature algorithm is now RSA-SHA256. - * Renamed class `SimpleSAML_Error_BadUserInnput` to `SimpleSAML_Error_BadUserInput` - * PHP 7.2 compatibility, including removing deprecated use of assert with string. - * Avoid logging database credentials in backtraces. - * Fix edge case in getServerPort. - * Updated Spanish translation. - * Improvements to documentation, testsuite, code quality and coding style. - -### New features - * Added support for SAML "Enhanced Client or Proxy" (ECP) protocol, - IdP side with HTTP Basic Authentication as authentication method. - See the [ECP IdP documentation](./simplesamlphp-ecp-idp) for details. - * New option `sendmail_from`, the from address for email sent by SSP. - * New option `options` for PDO database connections, e.g. for TLS setup. - * New option `search.scope` for LDAP authsources. - * Add support for the DiscoHints IPHint metadata property. - * Add support to specify metadata XML in config with the `xml` parameter, - next to the existing `file` and `url` options. - * Also support CGI/RewriteRule setups that set the `REDIRECT_SIMPLESAMLPHP_CONFIG_DIR` - environment variable next to regular `SIMPLESAMLPHP_CONFIG_DIR`. - * Support creating an AuthSource via factory, for example useful in tests. - * Support preloading of a virtual config file via `SimpleSAML_Configuration::setPreLoadedConfig` - to allow for dynamic population of authsources.php. - * Add basic documentation on Nginx configuration. - * Test authentication: optionally show AuthData array. - * Improve performance of PDO Metadata Storage handler entity lookup. - -### adfs - * Make signature algorithm configurable with `signature.algorithm`. - * Use configuration assertion lifetime when available. - * Use `adfs:wreply` parameter when available. - -### authmyspace - * Module removed because service is no longer available. - -### cas - * Respect all LDAP options in LDAP call. - -### casserver - * Module removed; superseded by externally hosted module. - -### consent - * Sort attribute values for consent. - * Fix table layout for MySQL > 5.6. - * Rename `noconsentattributes` to `attributes.exclude`; the former - is now considered deprecated. - -### consentAdmin - * Work better with TargetedIDs when operating as a proxy. - * Add `attributes.exclude` option to correspond to the same option - in the Consent module. - -### core - * StatisticsWithAttribute: add `passive-` prefix when logging passive - requests, set new option `skipPassive` to skip logging these altogether. - * Replace deprecated `create_function` with an anonymous function. - * New authproc filter Cardinality to enforce attribute cardinality. - * SQLPermanentStorage: proper expiration of stored values. - * AttributeLimit: new options `regex` and `ignoreCase`. - * AttributeMap: prevent possible infinite loop with some PHP versions. - -### ldap - * AttributeAddUsersGroups: if `attribute.groupname` is set, use the - configured attribute as the group name rather than the DN. - * Also base64encode the `ms-ds-consistencyguid` attribute. - -### metarefresh - * Return XML parser error for better debugging of problems. - * Only actually parse metadata types that have been enabled. - * Fix missing translation. - -### Oauth - * Make module HTTP proxy-aware. - * Remove unused demo app. - -### saml - * AttributeConsumingService: allow to set isDefault and index options. - * Encrypted attributes in an assertion are now decrypted correctly. - * Prefer the HTTP-Redirect binding for AuthnRequests if available. - -### smartattributes - * Fix to make the `add_authority` option work. - -### sqlauth - * The module is now disabled by default. - -### statistics - * Show a decent error message when no data is available. + +* Default signature algorithm is now RSA-SHA256. +* Renamed class `SimpleSAML_Error_BadUserInnput` to `SimpleSAML_Error_BadUserInput` +* PHP 7.2 compatibility, including removing deprecated use of assert with string. +* Avoid logging database credentials in backtraces. +* Fix edge case in getServerPort. +* Updated Spanish translation. +* Improvements to documentation, testsuite, code quality and coding style. + +`New features` + +* Added support for SAML "Enhanced Client or Proxy" (ECP) protocol, + IdP side with HTTP Basic Authentication as authentication method. + See the [ECP IdP documentation](./simplesamlphp-ecp-idp) for details. +* New option `sendmail_from`, the from address for email sent by SSP. +* New option `options` for PDO database connections, e.g. for TLS setup. +* New option `search.scope` for LDAP authsources. +* Add support for the DiscoHints IPHint metadata property. +* Add support to specify metadata XML in config with the `xml` parameter, + next to the existing `file` and `url` options. +* Also support CGI/RewriteRule setups that set the `REDIRECT_SIMPLESAMLPHP_CONFIG_DIR` + environment variable next to regular `SIMPLESAMLPHP_CONFIG_DIR`. +* Support creating an AuthSource via factory, for example useful in tests. +* Support preloading of a virtual config file via `SimpleSAML_Configuration::setPreLoadedConfig` + to allow for dynamic population of authsources.php. +* Add basic documentation on Nginx configuration. +* Test authentication: optionally show AuthData array. +* Improve performance of PDO Metadata Storage handler entity lookup. + +`adfs` + +* Make signature algorithm configurable with `signature.algorithm`. +* Use configuration assertion lifetime when available. +* Use `adfs:wreply` parameter when available. + +`authmyspace` + +* Module removed because service is no longer available. + +`cas` + +* Respect all LDAP options in LDAP call. + +`casserver` + +* Module removed; superseded by externally hosted module. + +`consent` + +* Sort attribute values for consent. +* Fix table layout for MySQL > 5.6. +* Rename `noconsentattributes` to `attributes.exclude`; the former + is now considered deprecated. + +`consentAdmin` + +* Work better with TargetedIDs when operating as a proxy. +* Add `attributes.exclude` option to correspond to the same option + in the Consent module. + +`core` + +* StatisticsWithAttribute: add `passive-` prefix when logging passive + requests, set new option `skipPassive` to skip logging these altogether. +* Replace deprecated `create_function` with an anonymous function. +* New authproc filter Cardinality to enforce attribute cardinality. +* SQLPermanentStorage: proper expiration of stored values. +* AttributeLimit: new options `regex` and `ignoreCase`. +* AttributeMap: prevent possible infinite loop with some PHP versions. + +`ldap` + +* AttributeAddUsersGroups: if `attribute.groupname` is set, use the + configured attribute as the group name rather than the DN. +* Also base64encode the `ms-ds-consistencyguid` attribute. + +`metarefresh` + +* Return XML parser error for better debugging of problems. +* Only actually parse metadata types that have been enabled. +* Fix missing translation. + +`oauth` + +* Make module HTTP proxy-aware. +* Remove unused demo app. + +`saml` + +* AttributeConsumingService: allow to set isDefault and index options. +* Encrypted attributes in an assertion are now decrypted correctly. +* Prefer the HTTP-Redirect binding for AuthnRequests if available. + +`smartattributes` + +* Fix to make the `add_authority` option work. + +`sqlauth` + +* The module is now disabled by default. + +`statistics` + +* Show a decent error message when no data is available. ## Version 1.15.4 Released 2018-03-02 - * Resolved a security issue related to signature validation in the SAML2 library. See [SSPSA 201803-01](https://simplesamlphp.org/security/201803-01). +* Resolved a security issue related to signature validation in the SAML2 library. See [SSPSA 201803-01](https://simplesamlphp.org/security/201803-01). ## Version 1.15.3 Released 2018-02-27 - * Resolved a security issue related to signature validation in the SAML2 library. See [SSPSA 201802-01](https://simplesamlphp.org/security/201802-01). - * Fixed edge-case scenario where an application uses one of the known LoggingHandlers' name as a defined class - * Fixed issue #793 in the PHP logging handler. +* Resolved a security issue related to signature validation in the SAML2 library. See [SSPSA 201802-01](https://simplesamlphp.org/security/201802-01). +* Fixed edge-case scenario where an application uses one of the known LoggingHandlers' name as a defined class +* Fixed issue #793 in the PHP logging handler. ## Version 1.15.2 Released 2018-01-31 - * Resolved a Denial of Service security issue when validating timestamps in the SAML2 library. See [SSPSA 201801-01](https://simplesamlphp.org/security/201801-01). - * Resolved a security issue with the open redirect protection mechanism. See [SSPSA 201801-02](https://simplesamlphp.org/security/201801-02). - * Fix _undefined method_ error when using memcacheD. +* Resolved a Denial of Service security issue when validating timestamps in the SAML2 library. See [SSPSA 201801-01](https://simplesamlphp.org/security/201801-01). +* Resolved a security issue with the open redirect protection mechanism. See [SSPSA 201801-02](https://simplesamlphp.org/security/201801-02). +* Fix _undefined method_ error when using memcacheD. + +`authfacebook` + +* Fix compatibility with Facebook strict URI match. -### `authfacebook` - * Fix compatibility with Facebook strict URI match. +`consent` -### `consent` - * Fix statistics not being gathered. +* Fix statistics not being gathered. -### `sqlauth` - * Prevented a security issue with the connection charset used for MySQL backends. See [SSPSA 201801-03](https://simplesamlphp.org/security/201801-03). +`sqlauth` + +* Prevented a security issue with the connection charset used for MySQL backends. See [SSPSA 201801-03](https://simplesamlphp.org/security/201801-03). ## Version 1.15.1 Released 2018-01-12 -### Bug fixes - * AuthX509 error messages were broken. - * Properly calculate supported protocols based on config. - * NameIDAttribute filter: update to use SAML2\XML\saml\NameID. - * Replace remaining uses of SimpleSAML_Logger with namespace version. - * Statistics: prevent mixed content errors. - * Add 'no-store' to the cache-control header to avoid Chrome - caching redirects. +`Bug fixes` + +* AuthX509 error messages were broken. +* Properly calculate supported protocols based on config. +* NameIDAttribute filter: update to use SAML2\XML\saml\NameID. +* Replace remaining uses of SimpleSAML_Logger with namespace version. +* Statistics: prevent mixed content errors. +* Add 'no-store' to the cache-control header to avoid Chrome + caching redirects. ## Version 1.15.0 Released 2017-11-20 -### New features - * Added support for authenticated web proxies with the `proxy.auth` setting. - * Added new `AttributeValueMap` authproc filter. - * Added attributemaps for OIDs from SIS (Swedish Standards Institute) and - for eduPersonUniqueId, eduPersonOrcid and sshPublicKey. - * Added an option to specify metadata signing and digest algorithm - `metadata.sign.algorithm`. - * Added an option for regular expression matching of trusted.url.domains via new - `trusted.url.regex` setting. - * The `debug` option is more finegrained and allows one to specify whether - to log full SAML messages, backtraces or schema validations separately. - * Added a check for the latest SimpleSAMLphp version on the front page. - It can be disabled via the new setting `admin.checkforupdates`. - * Added a warning when there's a probable misconfiguration of PHP sessions. - * Added ability to define additional attributes on ContactPerson elements - in metadata, e.g. for use in Sirtfi contacts. - * Added option to set a secure flag also on the language cookie. - * Added option to specify the base URL for the application protected. - * Added support for PHP Memcached extension next to Memcache extension. - * Added Redis as possible session storage mechanism. - * Added support to specify custom metadata storage handlers. - * Invalidate opcache after writing a file, so simpleSAMLphp works when - `opcache.validate_timestamps` is disabled. - * Metadata converter will deal properly with XML with leading whitespace. - * Update `ldapwhoami()` call for PHP 7.3. - * Made response POST page compatible with strict Content Security Policy on - calling webpage. - * Updated Greek, Polish, Traditional Chinese and Spanish translations and - added Afrikaans. - -### Bug fixes - * The deprecated OpenIdP has been removed from the metadata template. - * Trailing slash is no longer required in `baseurlpath`. - * Make redirections more resilient. - * Fixed empty protocolSupportEnumeration in AttributeAuthorityDescriptor. - * Other bug fixes and numerous documentation enhancements. - * Fixed a bug in the Redis store that could lead to incorrect - _duplicate assertion_ errors. - -### API and user interface - * Updated to Xmlseclibs 3.0. - Minimum PHP version is now 5.4, mcrypt requirement dropped. - * Added a PSR-4 autoloader for modules. Now modules can declare their - classes under the SimpleSAML\Module namespace. - * Added new hook for module loader exception handling `exception_handler`. - * Expose RegistrationInfo in parsed SAML metadata. - * The AuthnInstant is now available in the state array. - * Introduced Twig templating for user interface. - * Lots of refactoring, code cleanup and added many unit tests. - -### `adfs` - * Fixed POST response form parameter encoding. - -### `authYubiKey` - * Fixed PHP 7 support. - -### `authfacebook` - * Updated to work with latest Facebook API. - -### `authlinkedin` - * Added setting `attributes` to specify which attributes to request - from LinkedIn. - -### `authtwitter` - * Added support for fetching the user's email address as attribute. - -### `consent` - * Added support for regular expressions in `consent.disable`. - -### `core` - * Added logging of `REMOTE_ADDR` on successful login. - * `AttributeMap`: allow fetching mapping files from modules. - * `ScopeAttribute`: added option `onlyIfEmpty` to add a scope only if - none was present. - * `AttributeCopy`: added option to copy to multiple destination attributes. - -### `cron` - * Allow invocation via PHP command line interface. - -### `discopower` - * Added South Africa tab. - -### `ldap` - * Added `search.filter` setting to limit LDAP queries to a custom search - filter. - * Added OpenLDAP support in AttributeAddUsersGroups. - * Fixed for using non standard LDAP port numbers. - * Fixed configuration option of whether to follow LDAP referrals. - -### `memcacheMonitor` - * Fixed several missing strings. - -### `metarefresh` - * Fixed several spurious PHP notices. - -### `multiauth` - * Fixed selected source timeout. - -### `negotiate` - * Fixed authentication failure on empty attributes-array. - * Fixed PHP notices concerning missing arguments. - -### `oauth` - * Updated library to improve support for OAuth 1.0 Revision A. - -### `radius` - * Improved error messages. - * Added parameter `realm` that will be suffixed to the username entered. - -### `saml` - * Handle instead of reject assertions that do not contain a NameID. - * Added options to configure `AllowCreate` and `SPNameQualifier`. - * Added option `saml:NameID` to set the Subject NameID in a SAML AuthnRequest. - * Added filter `FilterScopes` to remove values which are not properly scoped. - * Make sure we log the user out before reauthenticating. - * More robust handling of IDPList support in proxy mode. - * Increased `_authSource` field length in Logout Store. - * We now send the eduPersonTargetedID attribute in the correct - NameID XML form, instead of the incorrect simple string. We will also - refuse to parse an assertion with an eduPersonTargetedID in 'string' format. - -### `smartattributes` - * Fix SmartName authproc that failed to load. - -### `sqlauth` - * Fixed SQL schema for usergroups table. +`New features` + +* Added support for authenticated web proxies with the `proxy.auth` setting. +* Added new `AttributeValueMap` authproc filter. +* Added attributemaps for OIDs from SIS (Swedish Standards Institute) and + for eduPersonUniqueId, eduPersonOrcid and sshPublicKey. +* Added an option to specify metadata signing and digest algorithm + `metadata.sign.algorithm`. +* Added an option for regular expression matching of trusted.url.domains via new + `trusted.url.regex` setting. +* The `debug` option is more finegrained and allows one to specify whether + to log full SAML messages, backtraces or schema validations separately. +* Added a check for the latest SimpleSAMLphp version on the front page. + It can be disabled via the new setting `admin.checkforupdates`. +* Added a warning when there's a probable misconfiguration of PHP sessions. +* Added ability to define additional attributes on ContactPerson elements + in metadata, e.g. for use in Sirtfi contacts. +* Added option to set a secure flag also on the language cookie. +* Added option to specify the base URL for the application protected. +* Added support for PHP Memcached extension next to Memcache extension. +* Added Redis as possible session storage mechanism. +* Added support to specify custom metadata storage handlers. +* Invalidate opcache after writing a file, so simpleSAMLphp works when + `opcache.validate_timestamps` is disabled. +* Metadata converter will deal properly with XML with leading whitespace. +* Update `ldapwhoami()` call for PHP 7.3. +* Made response POST page compatible with strict Content Security Policy on + calling webpage. +* Updated Greek, Polish, Traditional Chinese and Spanish translations and + added Afrikaans. + +`Bug fixes` + +* The deprecated OpenIdP has been removed from the metadata template. +* Trailing slash is no longer required in `baseurlpath`. +* Make redirections more resilient. +* Fixed empty protocolSupportEnumeration in AttributeAuthorityDescriptor. +* Other bug fixes and numerous documentation enhancements. +* Fixed a bug in the Redis store that could lead to incorrect + _duplicate assertion_ errors. + +`API and user interface` + +* Updated to Xmlseclibs 3.0. + Minimum PHP version is now 5.4, mcrypt requirement dropped. +* Added a PSR-4 autoloader for modules. Now modules can declare their + classes under the SimpleSAML\Module namespace. +* Added new hook for module loader exception handling `exception_handler`. +* Expose RegistrationInfo in parsed SAML metadata. +* The AuthnInstant is now available in the state array. +* Introduced Twig templating for user interface. +* Lots of refactoring, code cleanup and added many unit tests. + +`adfs` + +* Fixed POST response form parameter encoding. + +`authYubiKey` + +* Fixed PHP 7 support. + +`authfacebook` + +* Updated to work with latest Facebook API. + +`authlinkedin` + +* Added setting `attributes` to specify which attributes to request + from LinkedIn. + +`authtwitter` + +* Added support for fetching the user's email address as attribute. + +`consent` + +* Added support for regular expressions in `consent.disable`. + +`core` + +* Added logging of `REMOTE_ADDR` on successful login. +* `AttributeMap`: allow fetching mapping files from modules. +* `ScopeAttribute`: added option `onlyIfEmpty` to add a scope only if + none was present. +* `AttributeCopy`: added option to copy to multiple destination attributes. + +`cron` + +* Allow invocation via PHP command line interface. + +`discopower` + +* Added South Africa tab. + +`ldap` + +* Added `search.filter` setting to limit LDAP queries to a custom search + filter. +* Added OpenLDAP support in AttributeAddUsersGroups. +* Fixed for using non standard LDAP port numbers. +* Fixed configuration option of whether to follow LDAP referrals. + +`memcacheMonitor` + +* Fixed several missing strings. + +`metarefresh` + +* Fixed several spurious PHP notices. + +`multiauth` + +* Fixed selected source timeout. + +`negotiate` + +* Fixed authentication failure on empty attributes-array. +* Fixed PHP notices concerning missing arguments. + +`oauth` + +* Updated library to improve support for OAuth 1.0 Revision A. + +`radius` + +* Improved error messages. +* Added parameter `realm` that will be suffixed to the username entered. + +`saml` + +* Handle instead of reject assertions that do not contain a NameID. +* Added options to configure `AllowCreate` and `SPNameQualifier`. +* Added option `saml:NameID` to set the Subject NameID in a SAML AuthnRequest. +* Added filter `FilterScopes` to remove values which are not properly scoped. +* Make sure we log the user out before reauthenticating. +* More robust handling of IDPList support in proxy mode. +* Increased `_authSource` field length in Logout Store. +* We now send the eduPersonTargetedID attribute in the correct + NameID XML form, instead of the incorrect simple string. We will also + refuse to parse an assertion with an eduPersonTargetedID in 'string' format. + +`smartattributes` + +* Fix SmartName authproc that failed to load. + +`sqlauth` + +* Fixed SQL schema for usergroups table. ## Version 1.14.17 Released 2017-10-25 - * Resolved a security issue with the SAML 1.1 Service Provider. See [SSPSA 201710-01](https://simplesamlphp.org/security/201710-01). +* Resolved a security issue with the SAML 1.1 Service Provider. See [SSPSA 201710-01](https://simplesamlphp.org/security/201710-01). ## Version 1.14.16 Released 2017-09-04 - * Resolved a security issue in the consentAdmin module. See [SSPSA 201709-01](https://simplesamlphp.org/security/201709-01). +* Resolved a security issue in the consentAdmin module. See [SSPSA 201709-01](https://simplesamlphp.org/security/201709-01). ## Version 1.14.15 Released 2017-08-08 - * Resolved a security issue with the creation and validation of time-limited tokens. See [SSPSA 201708-01](https://simplesamlphp.org/security/201708-01). - * Fixed an issue with session handling that could lead to crashes after upgrading from earlier 1.14.x versions. - * Fixed issue #557 with instances of SimpleSAMLphp installed from the repository as well as custom modules. - * Fixed issue #648 to properly handle SAML responses being sent to reply the same request, but using different response IDs. - * Fixed issues #612 and #618 with the mobile view of the web interface. - * Fixed issue #639 related to IdP names containing special characters not being properly displayed by discopower. - * Fixed issue #571 causing timeouts when using Active Directory as a backend. - * Other minor fixes. +* Resolved a security issue with the creation and validation of time-limited tokens. See [SSPSA 201708-01](https://simplesamlphp.org/security/201708-01). +* Fixed an issue with session handling that could lead to crashes after upgrading from earlier 1.14.x versions. +* Fixed issue #557 with instances of SimpleSAMLphp installed from the repository as well as custom modules. +* Fixed issue #648 to properly handle SAML responses being sent to reply the same request, but using different response IDs. +* Fixed issues #612 and #618 with the mobile view of the web interface. +* Fixed issue #639 related to IdP names containing special characters not being properly displayed by discopower. +* Fixed issue #571 causing timeouts when using Active Directory as a backend. +* Other minor fixes. ## Version 1.14.14 Released 2017-05-05 - * Resolved a security issue with in the authcrypt module (Htpasswd authentication source) and in SimpleSAMLphp's session validation. See [SSPSA 201705-01](https://simplesamlphp.org/security/201705-01). - * Resolved a security issue with in the multiauth module. See [SSPSA 201704-02](https://simplesamlphp.org/security/201704-02). +* Resolved a security issue with in the authcrypt module (Htpasswd authentication source) and in SimpleSAMLphp's session validation. See [SSPSA 201705-01](https://simplesamlphp.org/security/201705-01). +* Resolved a security issue with in the multiauth module. See [SSPSA 201704-02](https://simplesamlphp.org/security/201704-02). ## Version 1.14.13 Released 2017-04-27 - * Resolved a security issue with unauthenticated encryption in the SimpleSAML\Utils\Crypto class. See [SSPSA 201704-01](https://simplesamlphp.org/security/201704-01). - * Added requirement for the Multibyte String PHP extension and the corresponding checks. - * Set a default name for SimpleSAMLphp sessions in the configuration template for the PHP session handler. +* Resolved a security issue with unauthenticated encryption in the SimpleSAML\Utils\Crypto class. See [SSPSA 201704-01](https://simplesamlphp.org/security/201704-01). +* Added requirement for the Multibyte String PHP extension and the corresponding checks. +* Set a default name for SimpleSAMLphp sessions in the configuration template for the PHP session handler. ## Version 1.14.12 Released 2017-03-30 - * Resolved a security issue in the authcrypt module (Htpasswd authentication source) and in SimpleSAMLphp's session validation. See [SSPSA 201703-01](https://simplesamlphp.org/security/201703-01). - * Resolved a security issue with IV generation in the `SimpleSAML\Utils\Crypto::_aesEncrypt()` method. See [SSPSA 201703-02](https://simplesamlphp.org/security/201703-02). - * Fixed an issue with the authfacebook module, broken after a change in Facebook's API. - * Fixed an issue in the discopower module that ignored the `hide.from.discovery` metadata option. - * Fixed an issue with trusted URLs validation that prevented a URL from being accepted if a standard port was explicitly included but not specified in the configuration. - * Fixed an issue that prevented detecting a Memcache server being down when fetching Memcache statistics. - * Fixed an issue with operating system detection that made SimpleSAMLphp identify OSX as Windows. +* Resolved a security issue in the authcrypt module (Htpasswd authentication source) and in SimpleSAMLphp's session validation. See [SSPSA 201703-01](https://simplesamlphp.org/security/201703-01). +* Resolved a security issue with IV generation in the `SimpleSAML\Utils\Crypto::_aesEncrypt()` method. See [SSPSA 201703-02](https://simplesamlphp.org/security/201703-02). +* Fixed an issue with the authfacebook module, broken after a change in Facebook's API. +* Fixed an issue in the discopower module that ignored the `hide.from.discovery` metadata option. +* Fixed an issue with trusted URLs validation that prevented a URL from being accepted if a standard port was explicitly included but not specified in the configuration. +* Fixed an issue that prevented detecting a Memcache server being down when fetching Memcache statistics. +* Fixed an issue with operating system detection that made SimpleSAMLphp identify OSX as Windows. ## Version 1.14.11 Released 2016-12-12 - * Resolved a security issue involving signature validation of SAML 1.1 messages. See [SSPSA 201612-02](https://simplesamlphp.org/security/201612-02). - * Fixed an issue when the user identifier used to generate a persistent NameID was missing due to a misconfiguration, causing SimpleSAMLphp to generate the nameID based on the null data type. - * Fixed an issue when persistent NameIDs were generated out of attributes with empty strings or multiple values. - * Fixed issue #530. An empty SubjectConfirmation element was causing SimpleSAMLphp to crash. On the other hand, invalid SubjectConfirmation elements were ignored in PHP 7.0. +* Resolved a security issue involving signature validation of SAML 1.1 messages. See [SSPSA 201612-02](https://simplesamlphp.org/security/201612-02). +* Fixed an issue when the user identifier used to generate a persistent NameID was missing due to a misconfiguration, causing SimpleSAMLphp to generate the nameID based on the null data type. +* Fixed an issue when persistent NameIDs were generated out of attributes with empty strings or multiple values. +* Fixed issue #530. An empty SubjectConfirmation element was causing SimpleSAMLphp to crash. On the other hand, invalid SubjectConfirmation elements were ignored in PHP 7.0. ## Version 1.14.10 Released 2016-12-02 - * Resolved a security issue involving signature validation. See [SSPSA 201612-01](https://simplesamlphp.org/security/201612-01). - * Fixed issue #517. A misconfigured session when acting as a service provider was leading to a PHP fatal error. - * Fixed issue #519. Prevent persistent NameIDs from being generated from empty strings. - * Fixed issue #520. It was impossible to verify Apache's custom MD5 passwords when using the Htpasswd authentication source. - * Fixed issue #523. Avoid problems caused by different line-ending strategies in the project files. - * Other minor fixes and enhancements. +* Resolved a security issue involving signature validation. See [SSPSA 201612-01](https://simplesamlphp.org/security/201612-01). +* Fixed issue #517. A misconfigured session when acting as a service provider was leading to a PHP fatal error. +* Fixed issue #519. Prevent persistent NameIDs from being generated from empty strings. +* Fixed issue #520. It was impossible to verify Apache's custom MD5 passwords when using the Htpasswd authentication source. +* Fixed issue #523. Avoid problems caused by different line-ending strategies in the project files. +* Other minor fixes and enhancements. ## Version 1.14.9 Released 2016-11-10 - * Fixed an issue that resulted in PHP 7 errors being masked. - * Fixed the smartattributes:SmartName authentication processing filter. - * Fixed issue #500. When parsing metadata, two 'attributes.required' options were generated. - * Fixed the list of requirements in composer, the documentation, and the configuration page. - * Fixed issue #479. There were several minor issues with XHTML compliance. - * Other minor fixes. +* Fixed an issue that resulted in PHP 7 errors being masked. +* Fixed the smartattributes:SmartName authentication processing filter. +* Fixed issue #500. When parsing metadata, two 'attributes.required' options were generated. +* Fixed the list of requirements in composer, the documentation, and the configuration page. +* Fixed issue #479. There were several minor issues with XHTML compliance. +* Other minor fixes. ## Version 1.14.8 Released 2016-08-23 - * Fixed an issue in AuthMemCookie causing it to crash when an attribute received contains XML as its value. - * Fixed an issue in AuthMemCookie that made it impossible to set its own cookie. - * Fixed an issue when acting as a proxy and receiving attributes that contain XML as their values. - * Fixed an issue that led to incorrect URL guessing when a script is invoked with a URI that doesn't include its name. +* Fixed an issue in AuthMemCookie causing it to crash when an attribute received contains XML as its value. +* Fixed an issue in AuthMemCookie that made it impossible to set its own cookie. +* Fixed an issue when acting as a proxy and receiving attributes that contain XML as their values. +* Fixed an issue that led to incorrect URL guessing when a script is invoked with a URI that doesn't include its name. ## Version 1.14.7 Released 2016-08-01 - * Fixed issue #424. Attributes containing XML as their values (like eduPersonTargetedID) were empty. +* Fixed issue #424. Attributes containing XML as their values (like eduPersonTargetedID) were empty. ## Version 1.14.6 Released 2016-07-18 - * Fixed issue #418. SimpleSAMLphp was unable to obtain the current URL correctly when invoked from third-party applications. +* Fixed issue #418. SimpleSAMLphp was unable to obtain the current URL correctly when invoked from third-party applications. ## Version 1.14.5 Released 2016-07-12 - * Fixed several issues with session handling when cookies couldn't be set for some reason. - * Fixed an issue that caused wrong URLs to be generated in the web interface under certain circumstances. - * Fixed the exception handler to be compatible with PHP 7. - * Fixed an issue in the dropdown IdP selection page that prevented it to work with PHP 5.3. - * Fixed compatibility with Windows machines. - * Fixed an issue with the PDO and Serialize metadata storage handlers. - * Fixed the authwindowslive module. It stopped working after the former API was discontinued. - * Other minor issues and fixes. +* Fixed several issues with session handling when cookies couldn't be set for some reason. +* Fixed an issue that caused wrong URLs to be generated in the web interface under certain circumstances. +* Fixed the exception handler to be compatible with PHP 7. +* Fixed an issue in the dropdown IdP selection page that prevented it to work with PHP 5.3. +* Fixed compatibility with Windows machines. +* Fixed an issue with the PDO and Serialize metadata storage handlers. +* Fixed the authwindowslive module. It stopped working after the former API was discontinued. +* Other minor issues and fixes. ## Version 1.14.4 Released 2016-06-08 - * Fixed two minor security issues that allowed malicious URLs to be presented to the user in a link. Reported by John Page. - * Fixed issue #366. The LDAP class was trying to authenticate even when no password was provided (using the CAS module). - * Fixed issue #401. The authenticate.php script was printing exceptions instead of throwing them for the exception handler to capture them. - * Fixed issue #399. The size limitation of the TEXT type in MySQL was creating problems in certain setups. - * Fixed issue #5. Incoherent population of the $_SERVER variable was creating broken links when running PHP with FastCGI. - * Other typos and minor bugs: #389, #392. +* Fixed two minor security issues that allowed malicious URLs to be presented to the user in a link. Reported by John Page. +* Fixed issue #366. The LDAP class was trying to authenticate even when no password was provided (using the CAS module). +* Fixed issue #401. The authenticate.php script was printing exceptions instead of throwing them for the exception handler to capture them. +* Fixed issue #399. The size limitation of the TEXT type in MySQL was creating problems in certain setups. +* Fixed issue #5. Incoherent population of the $_SERVER variable was creating broken links when running PHP with FastCGI. +* Other typos and minor bugs: #389, #392. ## Version 1.14.3 Released 2016-04-19 - * Fixed a bug in the login form that prevented the login button to be displayed in mobile devices. - * Resolved an issue in the PHP session handler that made it impossible to use PHP sessions simultaneously with other applications. +* Fixed a bug in the login form that prevented the login button to be displayed in mobile devices. +* Resolved an issue in the PHP session handler that made it impossible to use PHP sessions simultaneously with other applications. ## Version 1.14.2 Released 2016-03-11 - * Use stable versions of the externalized modules to prevent possible issues when further developing them. +* Use stable versions of the externalized modules to prevent possible issues when further developing them. ## Version 1.14.1 Released 2016-03-08 - * Resolved an information leakage security issue in the sanitycheck module. See [SSPSA 201603-01](/security/201603-01). +* Resolved an information leakage security issue in the sanitycheck module. See [SSPSA 201603-01](/security/201603-01). ## Version 1.14.0 @@ -837,824 +910,822 @@ Released 2016-02-15 ### Security - * Resolved a security issue with multiple modules that were not validating the URLs they were redirecting to. - * Added a security check to disable loading external entities in XML documents. - * Enforced admin access to the metadata converter tool. - * Changed `xmlseclibs` dependency to point to `robrichards/xmlseclibs` version 1.4.1. +* Resolved a security issue with multiple modules that were not validating the URLs they were redirecting to. +* Added a security check to disable loading external entities in XML documents. +* Enforced admin access to the metadata converter tool. +* Changed `xmlseclibs` dependency to point to `robrichards/xmlseclibs` version 1.4.1. -### New features +`New features` - * Allow setting the location of the configuration directory with an environment variable. - * Added support for the Metadata Query Protocol by means of the new MDX metadata storage handler. - * Added support for the Sender-Vouches method. - * Added support for WantAssertionsSigned and AuthnRequestsSigned in SAML 2.0 SP metadata. - * Added support for file uploads in the metadata converter. - * Added support for setting the prefix for Memcache keys. - * Added support for the Hide From Discovery REFEDS Entity Category. - * Added support for the eduPersonAssurance attribute. - * Added support for the full SCHAC 1.5.0 schema. - * Added support for UNIX sockets when configuring memcache servers. - * Added the SAML NameID to the attributes status page, when available. - * Added attribute definitions for schacGender (schac), sisSchoolGrade and sisLegalGuardianFor (skolfederation.se). - * Attributes required in metadata are now taken into account when parsing. +* Allow setting the location of the configuration directory with an environment variable. +* Added support for the Metadata Query Protocol by means of the new MDX metadata storage handler. +* Added support for the Sender-Vouches method. +* Added support for WantAssertionsSigned and AuthnRequestsSigned in SAML 2.0 SP metadata. +* Added support for file uploads in the metadata converter. +* Added support for setting the prefix for Memcache keys. +* Added support for the Hide From Discovery REFEDS Entity Category. +* Added support for the eduPersonAssurance attribute. +* Added support for the full SCHAC 1.5.0 schema. +* Added support for UNIX sockets when configuring memcache servers. +* Added the SAML NameID to the attributes status page, when available. +* Added attribute definitions for schacGender (schac), sisSchoolGrade and sisLegalGuardianFor (skolfederation.se). +* Attributes required in metadata are now taken into account when parsing. -### Bug fixes +`Bug fixes` - * Fixed an issue with friendly names in the attributes released. - * Fixed an issue with memcache that would result in a push for every fetch, when several servers configured. - * Fixed an issue with memcache that would result in an endless loop if all servers are down. - * Fixed an issue with HTML escaping in error reports. - * Fixed an issue with the 'admin.protectmetadata' option not being enforced for SP metadata. - * Fixed an issue with SAML 1.X SSO authentications that removed the NameID of the subject from available data. - * Fixed an issue with the login form that resulted in a `NOSTATE` error if the user clicked the login button twice. - * Fixed an issue with replay detection in IdP-initiated flows. - * Fixed an issue with SessionNotOnOrAfter that kept moving forward in the future with every SSO authentication. - * Fixed an issue with the session cookie being set twice for the first time. - * Fixed an issue with the XXE attack prevention mechanism conflicting with other applications running in the same server. - * Fixed an issue that prevented the SAML 1.X IdP to restart when the session is lost. - * Fixed an issue that prevented classes using namespaces to be loaded automatically. - * Fixed an issue that prevented certain metadata signatures to be verified (fixed upstream in `xmlseclibs`). - * Other bug fixes and numerous documentation enhancements. +* Fixed an issue with friendly names in the attributes released. +* Fixed an issue with memcache that would result in a push for every fetch, when several servers configured. +* Fixed an issue with memcache that would result in an endless loop if all servers are down. +* Fixed an issue with HTML escaping in error reports. +* Fixed an issue with the 'admin.protectmetadata' option not being enforced for SP metadata. +* Fixed an issue with SAML 1.X SSO authentications that removed the NameID of the subject from available data. +* Fixed an issue with the login form that resulted in a `NOSTATE` error if the user clicked the login button twice. +* Fixed an issue with replay detection in IdP-initiated flows. +* Fixed an issue with SessionNotOnOrAfter that kept moving forward in the future with every SSO authentication. +* Fixed an issue with the session cookie being set twice for the first time. +* Fixed an issue with the XXE attack prevention mechanism conflicting with other applications running in the same server. +* Fixed an issue that prevented the SAML 1.X IdP to restart when the session is lost. +* Fixed an issue that prevented classes using namespaces to be loaded automatically. +* Fixed an issue that prevented certain metadata signatures to be verified (fixed upstream in `xmlseclibs`). +* Other bug fixes and numerous documentation enhancements. -### API and user interface +`API and user interface` - * Added a new and simple database class to serve as PDO interface for all the database needs. - * Added the possibility to copy metadata and other elements by clicking a button in the web interface. - * Removed the old, unused `pack` installer tool. - * Improved usability by telling users the endpoints are not to be accessed directly. - * Moved the hostname, port and protocol diagnostics tool to the admin directory. - * Several classes and functions deprecated. - * Changed the signature of several functions. - * Deleted old and deprecated code, interfaces and endpoints. - * Deleted old jQuery remnants. - * Deleted the undocumented dynamic XML metadata storage handler. - * Deleted the backwards-compatible authentication source. - * Updated jQuery to the latest 1.8.X version. - * Updated translations. +* Added a new and simple database class to serve as PDO interface for all the database needs. +* Added the possibility to copy metadata and other elements by clicking a button in the web interface. +* Removed the old, unused `pack` installer tool. +* Improved usability by telling users the endpoints are not to be accessed directly. +* Moved the hostname, port and protocol diagnostics tool to the admin directory. +* Several classes and functions deprecated. +* Changed the signature of several functions. +* Deleted old and deprecated code, interfaces and endpoints. +* Deleted old jQuery remnants. +* Deleted the undocumented dynamic XML metadata storage handler. +* Deleted the backwards-compatible authentication source. +* Updated jQuery to the latest 1.8.X version. +* Updated translations. -### `authcrypt` +`authcrypt` - * Added whitehat101/apr1-md5 as a dependency for Apache htpasswd. +* Added whitehat101/apr1-md5 as a dependency for Apache htpasswd. -### `authX509` +`authX509` - * Added an authentication processing filter to warn about certificate expiration. +* Added an authentication processing filter to warn about certificate expiration. -### `ldap` +`ldap` - * Added a new `port` configuration option. - * Better error reporting. +* Added a new `port` configuration option. +* Better error reporting. -### `metaedit` +`metaedit` - * Removed the `admins` configuration option. +* Removed the `admins` configuration option. -### `metarefresh` +`metarefresh` - * Added the possibility to specify which types of entities to load. - * Added the possibility to verify metadata signatures by using the public key present in a certificate. - * Fix `certificate` precedence over `fingerprint` in the configuration options when verifying metadata signatures. +* Added the possibility to specify which types of entities to load. +* Added the possibility to verify metadata signatures by using the public key present in a certificate. +* Fix `certificate` precedence over `fingerprint` in the configuration options when verifying metadata signatures. -### `smartnameattribute` +`smartnameattribute` - * This module was deprecated long time ago and has now been removed. Use the `smartattributes` module instead. +* This module was deprecated long time ago and has now been removed. Use the `smartattributes` module instead. ## Version 1.13.2 Released 2014-11-04 - * Solved performance issues when processing large metadata sets. - * Fix an issue in the web interface when only one language is enabled. +* Solved performance issues when processing large metadata sets. +* Fix an issue in the web interface when only one language is enabled. ## Version 1.13.1 Released 2014-10-27 - * Solved an issue with empty fields in metadata to cause SimpleSAMLphp to fail with a translation error. Issues #97 and #114. - * Added Basque language to the list of known languages. Issue #117. - * Optimized the execution of redirections by removing an additional, unnecessary function call. - * Solved an issue that caused SimpleSAMLphp to fail when the RelayState parameter was empty or missing on an IdP-initiated authentication. Issues #99 and # 104. - * Fixed a certificate check for SubjectConfirmations with Holder of Key methods. +* Solved an issue with empty fields in metadata to cause SimpleSAMLphp to fail with a translation error. Issues #97 and #114. +* Added Basque language to the list of known languages. Issue #117. +* Optimized the execution of redirections by removing an additional, unnecessary function call. +* Solved an issue that caused SimpleSAMLphp to fail when the RelayState parameter was empty or missing on an IdP-initiated authentication. Issues #99 and # 104. +* Fixed a certificate check for SubjectConfirmations with Holder of Key methods. ## Version 1.13 Released 2014-09-25. - * Added the 'remember me' option to the default login page. - * Improved error reporting. - * Added a new 'logging.format' option to control the formatting of the logs. - * Added support for the 'objectguid' binary attribute in LDAP modules. - * Added support for custom search and private attributes read credentials in all LDAP modules. - * Added support for the WantAuthnRequestsSigned option in generated SAML metadata. - * Tracking identifiers are no longer generated based on MD5. - * Several functions, classes and interfaces marked as deprecated. - * Bug fixes and documentation enhancements. - * Updated translations. - * New language: Basque. +* Added the 'remember me' option to the default login page. +* Improved error reporting. +* Added a new 'logging.format' option to control the formatting of the logs. +* Added support for the 'objectguid' binary attribute in LDAP modules. +* Added support for custom search and private attributes read credentials in all LDAP modules. +* Added support for the WantAuthnRequestsSigned option in generated SAML metadata. +* Tracking identifiers are no longer generated based on MD5. +* Several functions, classes and interfaces marked as deprecated. +* Bug fixes and documentation enhancements. +* Updated translations. +* New language: Basque. -### `adfs` +`adfs` - * Honour the 'wreply' parameter when redirecting. +* Honour the 'wreply' parameter when redirecting. -### `aggregator` +`aggregator` - * Fixed an issue when regenerating metadata from certain metadata sources. +* Fixed an issue when regenerating metadata from certain metadata sources. -### `discopower` +`discopower` - * Bug fix. +* Bug fix. -### `expirycheck` +`expirycheck` - * Translations are now possible for this module. +* Translations are now possible for this module. -### `metarefresh` +`metarefresh` - * Use cached metadata if something goes wrong when refreshing feeds. +* Use cached metadata if something goes wrong when refreshing feeds. -### `openidProvider` +`openidProvider` - * Fix for compatibility with versions of PHP greater or equal to 5.4. +* Fix for compatibility with versions of PHP greater or equal to 5.4. -### `saml` +`saml` - * Make it possible to add friendly names to attributes in SP metadata. - * The RSA_1.5 (RSA with PKCS#1 v1.5 padding) encryption algorithm is now blacklisted by default for security reasons. - * Stop checking the 'IDPList' parameter in IdPs. - * Solved an issue that allowed bypassing authentication status checks when presenting an 'IDPList' parameter. - * The 'Destination' attribute is now always sent in logout responses issued by an SP. +* Make it possible to add friendly names to attributes in SP metadata. +* The RSA_1.5 (RSA with PKCS#1 v1.5 padding) encryption algorithm is now blacklisted by default for security reasons. +* Stop checking the 'IDPList' parameter in IdPs. +* Solved an issue that allowed bypassing authentication status checks when presenting an 'IDPList' parameter. +* The 'Destination' attribute is now always sent in logout responses issued by an SP. -### `sqlauth` +`sqlauth` - * Updated documentation to remove bad practice with regard to password storage. +* Updated documentation to remove bad practice with regard to password storage. ## Version 1.12 Released 2014-03-24. - * Removed example authproc filters from configuration template. - * Stopped using the 'target-densitydpi' option removed from WebKit. - * The SimpleSAML_Utilities::generateRandomBytesMTrand() function is now deprecated. - * Removed code for compatibility with PHP versions older than 5.3. - * Removed the old interface of SimpleSAML_Session. - * Fixed a memory leak in SimpleSAML_Session regarding serialization and unserialization. - * Support for RegistrationInfo (MDRPI) elements in the metadata of identity and service providers. - * Renamed SimpleSAML_Utilities::parseSAML2Time() function to xsDateTimeToTimestamp(). - * New SimpleSAML_Utilities::redirectTrustedURL() and redirectUntrustedURL() functions. - * Deprecated the SimpleSAML_Utilities::redirect() function. - * Improved Russian translation. - * Added Czech translation. - * New 'errorreporting' option to enable or disable error reporting feature. - * Example certificate removed. - * New SimpleSAML_Configuration::getEndpointPrioritizedByBinding() function. - * PHP 5.3 or newer required. - * Started using Composer as dependency manager. - * Detached the basic SAML2 library and moved to a standalone library in GitHub. - * Added support for exporting shibmd:Scope metadata with regular expressions. - * Remember me option in the IdP. - * New SimpleSAML_Utilities::setCookie wrapper. - * Custom HTTP codes on error. - * Added Romanian translation. - * Bug fixes and documentation enhancements. +* Removed example authproc filters from configuration template. +* Stopped using the 'target-densitydpi' option removed from WebKit. +* The SimpleSAML_Utilities::generateRandomBytesMTrand() function is now deprecated. +* Removed code for compatibility with PHP versions older than 5.3. +* Removed the old interface of SimpleSAML_Session. +* Fixed a memory leak in SimpleSAML_Session regarding serialization and unserialization. +* Support for RegistrationInfo (MDRPI) elements in the metadata of identity and service providers. +* Renamed SimpleSAML_Utilities::parseSAML2Time() function to xsDateTimeToTimestamp(). +* New SimpleSAML_Utilities::redirectTrustedURL() and redirectUntrustedURL() functions. +* Deprecated the SimpleSAML_Utilities::redirect() function. +* Improved Russian translation. +* Added Czech translation. +* New 'errorreporting' option to enable or disable error reporting feature. +* Example certificate removed. +* New SimpleSAML_Configuration::getEndpointPrioritizedByBinding() function. +* PHP 5.3 or newer required. +* Started using Composer as dependency manager. +* Detached the basic SAML2 library and moved to a standalone library in GitHub. +* Added support for exporting shibmd:Scope metadata with regular expressions. +* Remember me option in the IdP. +* New SimpleSAML_Utilities::setCookie wrapper. +* Custom HTTP codes on error. +* Added Romanian translation. +* Bug fixes and documentation enhancements. -### `adfs` +`adfs` - * Support for exporting metadata. +* Support for exporting metadata. -### `aggregator` +`aggregator` - * Support for RegistrationInfo (MDRPI) elements in the metadata. - * Fix for HTTP header injection vulnerability. - * Fix for directory traversal vulnerability. +* Support for RegistrationInfo (MDRPI) elements in the metadata. +* Fix for HTTP header injection vulnerability. +* Fix for directory traversal vulnerability. -### `aggregator2` +`aggregator2` - * Support for RegistrationInfo (MDRPI) elements in the metadata. +* Support for RegistrationInfo (MDRPI) elements in the metadata. -### `aselect` +`aselect` - * License changed to LGPL 2.1. +* License changed to LGPL 2.1. -### `authfacebook` +`authfacebook` - * Updated extlibinc to 3.2.2. +* Updated extlibinc to 3.2.2. -### `authtwitter` +`authtwitter` - * Added 'force_login' configuration option. +* Added 'force_login' configuration option. -### `cdc` +`cdc` - * Bugfix related to request validation. +* Bugfix related to request validation. -### `core` +`core` - * The AttributeAlter filter no longer throws an exception if the attribute was not found. - * Support for removal of values in the AttributeAlter filter, with '%remove' flag. - * Support for empty strings and NULL values as a replacement in the AttributeAlter filter. - * Bugfixes in the AttributeAlter filter. - * Support for NULL attribute values. - * Support for limiting values and not only attributes in the AttributeLimit filter. - * Log a message when a user authenticates successfully. - * Added %duplicate flag to AttributeMap, to leave original names in place when using map file. - * Fix infinite loop when overwriting attributes with AttributeMap. +* The AttributeAlter filter no longer throws an exception if the attribute was not found. +* Support for removal of values in the AttributeAlter filter, with '%remove' flag. +* Support for empty strings and NULL values as a replacement in the AttributeAlter filter. +* Bugfixes in the AttributeAlter filter. +* Support for NULL attribute values. +* Support for limiting values and not only attributes in the AttributeLimit filter. +* Log a message when a user authenticates successfully. +* Added %duplicate flag to AttributeMap, to leave original names in place when using map file. +* Fix infinite loop when overwriting attributes with AttributeMap. -### `discopower` +`discopower` - * Bugfix for incorrect handling of the 'idpdisco.extDiscoveryStorage' option. +* Bugfix for incorrect handling of the 'idpdisco.extDiscoveryStorage' option. -### `ldap` +`ldap` - * Support for configuring the duplicate attribute handling policy in AttributeAddFromLDAP, 'attribute.policy' option. - * Support for binary attributes in the AttributeAddFromLDAP filter. - * Support for multiple attributes in the AttributeAddFromLDAP filter. +* Support for configuring the duplicate attribute handling policy in AttributeAddFromLDAP, 'attribute.policy' option. +* Support for binary attributes in the AttributeAddFromLDAP filter. +* Support for multiple attributes in the AttributeAddFromLDAP filter. -### `metarefresh` +`metarefresh` - * Support for specifying permissions of the resulting files. +* Support for specifying permissions of the resulting files. -### `negotiate` +`negotiate` - * Added support for "attributes"-parameter. +* Added support for "attributes"-parameter. -### `oauth` +`oauth` - * Bugfix related to authorize URL building. +* Bugfix related to authorize URL building. -### `openidProvider` +`openidProvider` - * Support for SReg and AX requests. +* Support for SReg and AX requests. -### `saml` +`saml` - * Send 'isPassive' in passive discovery requests. - * Support for generating NameIDFormat in service providers with NameIDPolicy set. - * Support for AttributeConsumingService and AssertionConsumingServiceIndex. - * Support for the HTTP-POST binding in WebSSO profile. - * Fix for entity ID validation problems when using the IDPList configuration option. +* Send 'isPassive' in passive discovery requests. +* Support for generating NameIDFormat in service providers with NameIDPolicy set. +* Support for AttributeConsumingService and AssertionConsumingServiceIndex. +* Support for the HTTP-POST binding in WebSSO profile. +* Fix for entity ID validation problems when using the IDPList configuration option. -### `smartattributes` +`smartattributes` - * New 'add_candidate' option to allow the user to decide whether to prepend or not the candidate attribute name to the resulting value. +* New 'add_candidate' option to allow the user to decide whether to prepend or not the candidate attribute name to the resulting value. -### `statistics` +`statistics` - * Bugfix in statistics aggregator. +* Bugfix in statistics aggregator. ## Version 1.11 Released 2013-06-05. - * Support for RSA_SHA256, RSA_SHA384 and RSA_SHA512 in HTTP Redirect binding. - * Support for RegistrationInfo element in SAML 2.0 metadata. - * Support for AuthnRequestsSigned and WantAssertionsSigned when generating metadata. - * Third party OpenID library updated with a bugfix. - * Added the Name attribute to EntitiesDescriptor. - * Removed deprecated option 'session.requestcache' from config-template. - * Workaround for SSL SNI extension not being correctly set. - * New language cookie and parameter config options. - * Add 'module.enable' configuration option for enabling/disabling modules. - * Check for existence of memcache extension. - * Initial support for limiting redirects to trusted hosts. - * Demo example now shows both friendly and canonical name of the attributes. - * Other minor fixes for bugs and typos. - * Several translations updated. - * Added Latvian translation. +* Support for RSA_SHA256, RSA_SHA384 and RSA_SHA512 in HTTP Redirect binding. +* Support for RegistrationInfo element in SAML 2.0 metadata. +* Support for AuthnRequestsSigned and WantAssertionsSigned when generating metadata. +* Third party OpenID library updated with a bugfix. +* Added the Name attribute to EntitiesDescriptor. +* Removed deprecated option 'session.requestcache' from config-template. +* Workaround for SSL SNI extension not being correctly set. +* New language cookie and parameter config options. +* Add 'module.enable' configuration option for enabling/disabling modules. +* Check for existence of memcache extension. +* Initial support for limiting redirects to trusted hosts. +* Demo example now shows both friendly and canonical name of the attributes. +* Other minor fixes for bugs and typos. +* Several translations updated. +* Added Latvian translation. -### `authorize` +`authorize` - * Added a logout link to the 403 error page. +* Added a logout link to the 403 error page. -### `authtwitter` +`authtwitter` - * Updated API endpoint for version 1.1. - * Fix for oauth_verifier parameter. +* Updated API endpoint for version 1.1. +* Fix for oauth_verifier parameter. -### `authX509` +`authX509` - * ldapusercert validation made optional. +* ldapusercert validation made optional. -### `consent` +`consent` - * Added support for SQLite databases. +* Added support for SQLite databases. -### `core` +`core` - * Fix error propagation in UserPass(Org)Base authentication sources. - * MCrypt module marked as required. +* Fix error propagation in UserPass(Org)Base authentication sources. +* MCrypt module marked as required. -### `discopower` +`discopower` - * Get the name of an IdP from mdui:DisplayName. +* Get the name of an IdP from mdui:DisplayName. -### `expirycheck` +`expirycheck` - * PHP 5.4 compatibility fixes. +* PHP 5.4 compatibility fixes. -### `InfoCard` +`InfoCard` - * PHP 5.4 compatibility fixes. +* PHP 5.4 compatibility fixes. -### `ldap` +`ldap` - * Added an option to disable following referrals. +* Added an option to disable following referrals. -### `metarefresh` +`metarefresh` - * Improved help message. +* Improved help message. -### `oauth` +`oauth` - * PHP 5.4 compatibility fixes. +* PHP 5.4 compatibility fixes. -### `saml` +`saml` - * Verify that the issuer of an AuthnResponse is the same entity ID we sent a request to. - * Added separate option to enable Holder of Key support on SP. - * Fix for HoK profile metadata. - * New filter for storing persistent NameID in eduPersonTargetedID attribute. - * Support for UIInfo elements. - * Bugfix for SAML SP metadata signing. - * Ignore default technical contact. - * Support for MDUI elements in SP metadata. - * Support for more contact types in SP metadata. - * New information in statistics with the time it took for a login to happen. +* Verify that the issuer of an AuthnResponse is the same entity ID we sent a request to. +* Added separate option to enable Holder of Key support on SP. +* Fix for HoK profile metadata. +* New filter for storing persistent NameID in eduPersonTargetedID attribute. +* Support for UIInfo elements. +* Bugfix for SAML SP metadata signing. +* Ignore default technical contact. +* Support for MDUI elements in SP metadata. +* Support for more contact types in SP metadata. +* New information in statistics with the time it took for a login to happen. -### `sanitycheck` +`sanitycheck` - * Configuration file made optional. +* Configuration file made optional. -### `smartattributes` +`smartattributes` - * New filter: smartattributes:SmartID. - * New filter: smartattributes:SmartName. +* New filter: smartattributes:SmartID. +* New filter: smartattributes:SmartName. -### `smartnameattribute` +`smartnameattribute` - * Deprecated. +* Deprecated. -### `wsfed` +`wsfed` - * Support for SLO in WS-Fed. +* Support for SLO in WS-Fed. ## Version 1.10 Released 2012-09-25. - * Add support for storing data without expiration timestamp in memcache. - * Fix for reauthentication in old shib13 authentication handler. - * Clean up executable-permissions on files. - * Change encryption to use the rsa-oaep-mgf1p key padding instead of PKCS 1.5. - * Update translations. - * Added Serbian translation. +* Add support for storing data without expiration timestamp in memcache. +* Fix for reauthentication in old shib13 authentication handler. +* Clean up executable-permissions on files. +* Change encryption to use the rsa-oaep-mgf1p key padding instead of PKCS 1.5. +* Update translations. +* Added Serbian translation. -### `core` +`core` - * `core:UserPass(Org)Base`: Add "remember username" option. +* `core:UserPass(Org)Base`: Add "remember username" option. -### `papi` +`papi` - * New authentication module supporting PAPI protocol. +* New authentication module supporting PAPI protocol. -### `radius` +`radius` - * New feature to configure multiple radius servers. +* New feature to configure multiple radius servers. -### `riak` +`riak` - * New module for storing sessions in a Riak database. +* New module for storing sessions in a Riak database. -### `saml` +`saml` - * Add support for overriding SAML 2.0 SP authentication request generation. - * Add support for blacklisting encryption algorithms. +* Add support for overriding SAML 2.0 SP authentication request generation. +* Add support for blacklisting encryption algorithms. ## Version 1.9.2 Released 2012-08-29 - * Fix related to the security issue addressed in version 1.9.1. +* Fix related to the security issue addressed in version 1.9.1. ## Version 1.9.1 Released 2012-08-02. - * Fix for a new attack against PKCS 1.5 in XML encryption. +* Fix for a new attack against PKCS 1.5 in XML encryption. ## Version 1.9 Released 2012-06-13. - * Restructure error templates to share a common base template. - * Warnings about URL length limits from Suhosin PHP extension. - * New base class for errors from authentication sources. - * Support for overriding URL generation when behind a reverse proxy. - * New languages: Russian, Estonian, Hebrew, Chinese, Indonesian - * Add getAuthSource()-function to SimpleSAML_Auth_Simple. - * Add reauthenticate()-function to SimpleSAML_Auth_Source. (Is called when the IdP receives a new authentication request.) - * iframe logout: Make it possible to skip the "question-page" for code on the IdP. - * RTL text support. - * Make SimpleSAMLAuthToken cookie name configurable. - * Block writing secure cookies when we are on http. - * Fix state information being unavailable to UserPassOrgBase authentication templates. - * Make it possible to send POST-messages to http-endpoints without triggering a warning when the IdP supports both http and https. - * Add IPv6-support to the SimpleSAML_Utilities::ipCIDRcheck()-function. - * Do not allow users to switch to a language that is not enabled. - * iframe logout: Add a per-SP timeout option. - * SimpleSAML_Auth_LDAP: Better logging of the cause of exceptions. - * SimpleSAML_Auth_State: Add $allowMissing-parameter to loadState(). - * module.php: More strict URL parsing. - * Add support for hashed admin passwords. - * Use openssl_random_pseudo_bytes() for better cross-platform random number generation. - * Add the current hostname to the error reports. - * Make the lifetime of SimpleSAML_Auth_State "state-arrays" configurable (via the `session.state.timeout`-option). - * SimpleSAML_Auth_State: Add cloneState()-function. - * Fix log levels used on Windows. - * SimpleSAML_Auth_LDAP: Clean up some unused code. - * core:UserPassOrgBase: Add selected organization to the authentication data that is stored in the session. - * Do not warn about missing Radius and LDAP PHP extensions unless those modules are enabled. - * Support for overriding the logic to determine the language. - * Avoid crashes due to deprecation-warnings issued by PHP. - * Use case-insensitive matching of language codes. - * Add X-Frame-Options to prevent other sites from loading the SSP-pages in an iframe. - * Add SimpleSAML_Utilities::isWindowsOS()-helper function. - * chmod() generated files to only be accessible to the owner of the files. - * Fix "re-posting" of POST data containing a key named "submit". - * Do not attempt to read new sessions from the session handler. - * Fix some pass-by-reference uses. (Support removed in PHP 5.4.) - * Warn the user if the secretsalt-option isn't set. - * A prototype for a new statistics logging core. Provides more structured logging of events, and support for multiple storage backends. - * Support for arbitrary namespace-prefixed attributes in md:EndpointType-elements. - * Fix invalid HTML for login pages where username is set. - * Remove unnecessary check for PHP version >= 5.2 when setting cookies. - * Better error message when a module is missing a default-enable or default-disable file. - * Support for validating RSA-SHA256 signatures. - * Fixes for session expiration handling. +* Restructure error templates to share a common base template. +* Warnings about URL length limits from Suhosin PHP extension. +* New base class for errors from authentication sources. +* Support for overriding URL generation when behind a reverse proxy. +* New languages: Russian, Estonian, Hebrew, Chinese, Indonesian +* Add getAuthSource()-function to SimpleSAML_Auth_Simple. +* Add reauthenticate()-function to SimpleSAML_Auth_Source. (Is called when the IdP receives a new authentication request.) +* iframe logout: Make it possible to skip the "question-page" for code on the IdP. +* RTL text support. +* Make SimpleSAMLAuthToken cookie name configurable. +* Block writing secure cookies when we are on http. +* Fix state information being unavailable to UserPassOrgBase authentication templates. +* Make it possible to send POST-messages to http-endpoints without triggering a warning when the IdP supports both http and https. +* Add IPv6-support to the SimpleSAML_Utilities::ipCIDRcheck()-function. +* Do not allow users to switch to a language that is not enabled. +* iframe logout: Add a per-SP timeout option. +* SimpleSAML_Auth_LDAP: Better logging of the cause of exceptions. +* SimpleSAML_Auth_State: Add $allowMissing-parameter to loadState(). +* module.php: More strict URL parsing. +* Add support for hashed admin passwords. +* Use openssl_random_pseudo_bytes() for better cross-platform random number generation. +* Add the current hostname to the error reports. +* Make the lifetime of SimpleSAML_Auth_State "state-arrays" configurable (via the `session.state.timeout`-option). +* SimpleSAML_Auth_State: Add cloneState()-function. +* Fix log levels used on Windows. +* SimpleSAML_Auth_LDAP: Clean up some unused code. +* core:UserPassOrgBase: Add selected organization to the authentication data that is stored in the session. +* Do not warn about missing Radius and LDAP PHP extensions unless those modules are enabled. +* Support for overriding the logic to determine the language. +* Avoid crashes due to deprecation-warnings issued by PHP. +* Use case-insensitive matching of language codes. +* Add X-Frame-Options to prevent other sites from loading the SSP-pages in an iframe. +* Add SimpleSAML_Utilities::isWindowsOS()-helper function. +* chmod() generated files to only be accessible to the owner of the files. +* Fix "re-posting" of POST data containing a key named "submit". +* Do not attempt to read new sessions from the session handler. +* Fix some pass-by-reference uses. (Support removed in PHP 5.4.) +* Warn the user if the secretsalt-option isn't set. +* A prototype for a new statistics logging core. Provides more structured logging of events, and support for multiple storage backends. +* Support for arbitrary namespace-prefixed attributes in md:EndpointType-elements. +* Fix invalid HTML for login pages where username is set. +* Remove unnecessary check for PHP version >= 5.2 when setting cookies. +* Better error message when a module is missing a default-enable or default-disable file. +* Support for validating RSA-SHA256 signatures. +* Fixes for session expiration handling. -### `aselect` +`aselect` - * New module that replaces the previous module. - * Better error handling. - * Support for request signing. - * Loses support for A-Select Cross. +* New module that replaces the previous module. +* Better error handling. +* Support for request signing. +* Loses support for A-Select Cross. -### `authcrypt` +`authcrypt` - * `authcrypt:Hash`: New authentication source for checking username & password against a list of usernames and hashed passwords. - * `authcrypt:Htpasswd`: New authentication source for checking username & password against a `.htpasswd`-file. +* `authcrypt:Hash`: New authentication source for checking username & password against a list of usernames and hashed passwords. +* `authcrypt:Htpasswd`: New authentication source for checking username & password against a `.htpasswd`-file. -### `authfacebook` +`authfacebook` - * Update to latest Facebook PHP SDK. +* Update to latest Facebook PHP SDK. -### `authorize` +`authorize` - * `authorize:Authorize`: Add flag to change the behaviour from default-deny to default-allow. - * `authorize:Authorize`: Add flag to do simple string matching instead of regex-matching. +* `authorize:Authorize`: Add flag to change the behaviour from default-deny to default-allow. +* `authorize:Authorize`: Add flag to do simple string matching instead of regex-matching. -### `authtwitter` +`authtwitter` - * Update to use the correct API endpoint. - * Propagate "user aborted" errors back to the caller. - * Changes to error handling, throw more relevant exceptions. - * Store state information directly in the state array, instead of the session. +* Update to use the correct API endpoint. +* Propagate "user aborted" errors back to the caller. +* Changes to error handling, throw more relevant exceptions. +* Store state information directly in the state array, instead of the session. -### `authYubiKey` - - * Remove deprecated uses of split(). - -### `cas` - - * Make it possible for subclasses to override finalState(). - -### `core` - - * `core:AttributeCopy`: New filter to copy attributes. - -### `consent` - - * Add a timeout option for the database connection. - * Fix disabling of consent when the data store is down. - * Simpler configuration for disabling consent for one SP or one IdP. - * Do not connect to the database when consent is disabled for the current SP/IdP. - -### `consentAdmin` - - * Fix for bridged IdP setup with `userid.attribute` set in `saml20-idp-hosted` metadata. - -### `cron` - - * Set the From-address to be the technical contact email address. - -### `expirycheck` - - * `expirycheck:ExpiryDate`: New module to check account expiration. - -### `ldap` +`authYubiKey` + +* Remove deprecated uses of split(). + +`cas` + +* Make it possible for subclasses to override finalState(). + +`core` + +* `core:AttributeCopy`: New filter to copy attributes. + +`consent` + +* Add a timeout option for the database connection. +* Fix disabling of consent when the data store is down. +* Simpler configuration for disabling consent for one SP or one IdP. +* Do not connect to the database when consent is disabled for the current SP/IdP. + +`consentAdmin` + +* Fix for bridged IdP setup with `userid.attribute` set in `saml20-idp-hosted` metadata. + +`cron` + +* Set the From-address to be the technical contact email address. + +`expirycheck` + +* `expirycheck:ExpiryDate`: New module to check account expiration. + +`ldap` - * Add a base class for authentication processing filters which fetch data from LDAP. - * `ldap:AttributeAddUsersGroups`: Authentication processing filter that adds group information from LDAP. +* Add a base class for authentication processing filters which fetch data from LDAP. +* `ldap:AttributeAddUsersGroups`: Authentication processing filter that adds group information from LDAP. -### `metarefresh` +`metarefresh` - * Support for blacklisting and whitelisting entities. - * Support for conditional GET of metadata files. - * Reuse old metadata when fetching metadata fails. +* Support for blacklisting and whitelisting entities. +* Support for conditional GET of metadata files. +* Reuse old metadata when fetching metadata fails. -### `multiauth` +`multiauth` - * Add `multiauth:preselect`-parameter, to skip the page to select authentication source. - * Make it possible to configure the names of the authentication sources. - * Remember the last selected authentication source. +* Add `multiauth:preselect`-parameter, to skip the page to select authentication source. +* Make it possible to configure the names of the authentication sources. +* Remember the last selected authentication source. -### `negotiate` +`negotiate` - * New module implementing "negotiate" authentication, which can be used for Kerberos authentication (including Windows SSO). +* New module implementing "negotiate" authentication, which can be used for Kerberos authentication (including Windows SSO). -### `oauth` +`oauth` - * Update to latest version of the OAuth library. - * Remove support for older versions of OAuth than OAuth Rev A. +* Update to latest version of the OAuth library. +* Remove support for older versions of OAuth than OAuth Rev A. -### `openid` +`openid` - * Separate linkback URL from page displaying OpenID URL field. - * Throw more relevant exceptions. - * Update to latest version of the OpenID library. - * Support for sending authentication requests via GET requests (with the prefer_http_redirect option). - * Prevent deprecation warnings from the OpenID library from causing deadlocks in the class loader. +* Separate linkback URL from page displaying OpenID URL field. +* Throw more relevant exceptions. +* Update to latest version of the OpenID library. +* Support for sending authentication requests via GET requests (with the prefer_http_redirect option). +* Prevent deprecation warnings from the OpenID library from causing deadlocks in the class loader. -### `openidProvider` +`openidProvider` - * Prevent deprecation warnings from the OpenID library from causing deadlocks in the class loader. +* Prevent deprecation warnings from the OpenID library from causing deadlocks in the class loader. -### `radius` +`radius` - * Support for setting the "NAS-Identifier" attribute. +* Support for setting the "NAS-Identifier" attribute. -### `saml` +`saml` - * Preserve ID-attributes on elements during signing. (Makes it possible to change the binding for some messages.) - * Allow SAML artifacts to be received through a POST request. - * Log more debug information when we are unable to determine the binding a message was sent with. - * Require HTTP-POST messages to be sent as POST data and HTTP-Redirect messages to be sent as query parameters. - * Link to download certificates from metadata pages. - * Fix canonicalization of <md:EntityDescriptor> and <md:EntitiesDescriptor>. - * Support for receiving and sending extension in authentication request messages. - * Reuse SimpleSAML_Utilities::postRedirect() to send HTTP-POST messages. - * Allow ISO8601 durations with subsecond precision. - * Add support for parsing and serializing the <mdrpi:PublicationInfo> metadata extension. - * Ignore cacheDuration when validating metadata. - * Add support for the Holder-of-Key profile, on both the [SP](./simplesamlphp-hok-sp) and [IdP](./simplesamlphp-hok-idp). - * Better error handling when receiving a SAML 2.0 artifact from an unknown entity. - * Fix parsing of <md:AssertionIDRequestService> metadata elements. - * IdP: Do not always trigger reauthentication when the authentication request contains a IdPList-element. - * IdP: Add `saml:AllowCreate` to the state array. This makes it possible to access this parameter from authentication processing filters. - * IdP: Sign the artifact response message. - * IdP: Allow the "host" metadata option to include more than one path element. - * IdP: Support for generating metadata with MDUI extension elements. - * SP: Use the discojuice-module as a discovery service if it is enabled. - * SP: Add `saml:idp`-parameter to trigger login to a specific IdP to as_login.php. - * SP: Do not display error on duplicate response when we have a valid session. - * SP: Fix for logout after IdP initiated authentication. - * SP: Fix handling of authentication response without a saml:Issuer element. - * SP: Support for specifying required attributes in metadata. - * SP: Support for limiting the AssertionConsumerService endpoints listed in metadata. - * SP: Fix session expiration when the IdP limits the session lifetime. - * `saml:PersistentNameID`: Fail when the user has more than one value in the user ID attribute. - * `saml:SQLPersistentNameID`: Persistent NameID stored in a SQL database. - * `saml:AuthnContextClassRef`: New filter to set the AuthnContextClassRef in responses. - * `saml:ExpectedAuthnContextClassRef`: New filter to verify that the SP received the correct authentication class from the IdP. +* Preserve ID-attributes on elements during signing. (Makes it possible to change the binding for some messages.) +* Allow SAML artifacts to be received through a POST request. +* Log more debug information when we are unable to determine the binding a message was sent with. +* Require HTTP-POST messages to be sent as POST data and HTTP-Redirect messages to be sent as query parameters. +* Link to download certificates from metadata pages. +* Fix canonicalization of <md:EntityDescriptor> and <md:EntitiesDescriptor>. +* Support for receiving and sending extension in authentication request messages. +* Reuse SimpleSAML_Utilities::postRedirect() to send HTTP-POST messages. +* Allow ISO8601 durations with subsecond precision. +* Add support for parsing and serializing the <mdrpi:PublicationInfo> metadata extension. +* Ignore cacheDuration when validating metadata. +* Add support for the Holder-of-Key profile, on both the [SP](./simplesamlphp-hok-sp) and [IdP](./simplesamlphp-hok-idp). +* Better error handling when receiving a SAML 2.0 artifact from an unknown entity. +* Fix parsing of <md:AssertionIDRequestService> metadata elements. +* IdP: Do not always trigger reauthentication when the authentication request contains a IdPList-element. +* IdP: Add `saml:AllowCreate` to the state array. This makes it possible to access this parameter from authentication processing filters. +* IdP: Sign the artifact response message. +* IdP: Allow the "host" metadata option to include more than one path element. +* IdP: Support for generating metadata with MDUI extension elements. +* SP: Use the discojuice-module as a discovery service if it is enabled. +* SP: Add `saml:idp`-parameter to trigger login to a specific IdP to as_login.php. +* SP: Do not display error on duplicate response when we have a valid session. +* SP: Fix for logout after IdP initiated authentication. +* SP: Fix handling of authentication response without a saml:Issuer element. +* SP: Support for specifying required attributes in metadata. +* SP: Support for limiting the AssertionConsumerService endpoints listed in metadata. +* SP: Fix session expiration when the IdP limits the session lifetime. +* `saml:PersistentNameID`: Fail when the user has more than one value in the user ID attribute. +* `saml:SQLPersistentNameID`: Persistent NameID stored in a SQL database. +* `saml:AuthnContextClassRef`: New filter to set the AuthnContextClassRef in responses. +* `saml:ExpectedAuthnContextClassRef`: New filter to verify that the SP received the correct authentication class from the IdP. ## Version 1.8.2 Released 2012-01-10. - * Fix for user-assisted cross site scripting on a couple of pages. +* Fix for user-assisted cross site scripting on a couple of pages. ## Version 1.8.1 Released 2011-10-27. - * Fix for key oracle attack against XML encryption on SP. - * Fix for IdP initiated logout with IdP-initiated SSO. - * Fix a PHP notice if we are unable to open /dev/urandom. - * Fix a PHP notice during SAML 1.1 authentication. +* Fix for key oracle attack against XML encryption on SP. +* Fix for IdP initiated logout with IdP-initiated SSO. +* Fix a PHP notice if we are unable to open /dev/urandom. +* Fix a PHP notice during SAML 1.1 authentication. ## Version 1.8 - * New authentication modules: - * [`authmyspace`](./authmyspace:oauthmyspace) - * [`authlinkedin`](./authlinkedin:oauthlinkedin) - * [`authwindowslive`](./authwindowslive:windowsliveid) - * Support for custom error handler, replacing the default display function. - * Allow error codes to be defined in modules. - * Better control of logout what we do after logout request. - * This makes it possible for the SP to display a warning when receiving a PartialLogout response from the IdP. - * New `cdc` module, for setting and reading common domain cookies. - -### `consent` +* New authentication modules: + * [`authmyspace`](./authmyspace:oauthmyspace) + * [`authlinkedin`](./authlinkedin:oauthlinkedin) + * [`authwindowslive`](./authwindowslive:windowsliveid) +* Support for custom error handler, replacing the default display function. +* Allow error codes to be defined in modules. +* Better control of logout what we do after logout request. + * This makes it possible for the SP to display a warning when receiving a PartialLogout response from the IdP. +* New `cdc` module, for setting and reading common domain cookies. - * Support for disabling consent for some attributes. +`consent` -### `ldap` +* Support for disabling consent for some attributes. - * `ldap:AttributeAddFromLDAP`: Extract values from multiple matching entries. +`ldap` -### `oauth` +* `ldap:AttributeAddFromLDAP`: Extract values from multiple matching entries. - * Added support for: - * RSASHA1 signatures - * consent - * callbackurl - * verifier code - * request parameters +`oauth` -### `openid` +* Added support for: + * RSASHA1 signatures + * consent + * callbackurl + * verifier code + * request parameters - * Support for sending custom extension arguments (e.g. UI extensions). +`openid` -### `saml` +* Support for sending custom extension arguments (e.g. UI extensions). - * Extract Extensions from AuthnRequest for use by custom modules when authenticating. - * Allow signing of SP metadata. - * Better control over NameIDPolicy when sending AuthnRequest. - * Support encrypting/decrypting NameID in LogoutRequest. - * Option to disable client certificate in SOAP client. - * Better selection of AssertionConsumerService endpoint based on parameters in AuthnRequest. - * Set NotOnOrAfter in IdP LogoutRequest. - * Only return PartialLogout from the IdP. +`saml` +* Extract Extensions from AuthnRequest for use by custom modules when authenticating. +* Allow signing of SP metadata. +* Better control over NameIDPolicy when sending AuthnRequest. +* Support encrypting/decrypting NameID in LogoutRequest. +* Option to disable client certificate in SOAP client. +* Better selection of AssertionConsumerService endpoint based on parameters in AuthnRequest. +* Set NotOnOrAfter in IdP LogoutRequest. +* Only return PartialLogout from the IdP. ## Version 1.7 - * New authentication modules: - * `aselect` - * `authX509` - * Unified cookie configuration settings. - * Added protection against session fixation attacks. - * Error logging when failing to initialize the Session class. - * New session storage framework. - * Add and use generic key/value store. - * Support for storing sessions in SQL databases (MySQL, PostgreSQL & SQLite). - * Support for implementing custom session storage handlers. - * Allow loading of multiple sessions simultaneously. - * Set headers allowing caching of static files. - * More descriptive error pages: - * Unable to load $state array because the session was lost. - * Unable to find metadata for the given entityID. - * Support for multiple keys in metadata. - * Allow verification with any of the public keys in metadata. - * Allow key rollower by defining new and old certificate in configuration. - * Verify with signing keys, encrypt with encryption keys. - * Change `debug`-option to log messages instead of displaying them in the browser. - * Also logs data before encryption and after decryption. - * Support for custom attribute dictionaries. - * Add support for several authentication sessions within a single session. - * Allows several SPs on a single host. - * Allows for combining an SP and an IdP on a single host. - * HTTP proxy support. +* New authentication modules: + * `aselect` + * `authX509` +* Unified cookie configuration settings. +* Added protection against session fixation attacks. +* Error logging when failing to initialize the Session class. +* New session storage framework. + * Add and use generic key/value store. + * Support for storing sessions in SQL databases (MySQL, PostgreSQL & SQLite). + * Support for implementing custom session storage handlers. + * Allow loading of multiple sessions simultaneously. +* Set headers allowing caching of static files. +* More descriptive error pages: + * Unable to load $state array because the session was lost. + * Unable to find metadata for the given entityID. +* Support for multiple keys in metadata. + * Allow verification with any of the public keys in metadata. + * Allow key rollower by defining new and old certificate in configuration. + * Verify with signing keys, encrypt with encryption keys. +* Change `debug`-option to log messages instead of displaying them in the browser. + * Also logs data before encryption and after decryption. +* Support for custom attribute dictionaries. +* Add support for several authentication sessions within a single session. + * Allows several SPs on a single host. + * Allows for combining an SP and an IdP on a single host. +* HTTP proxy support. ### Internal API changes & features removed - * The `saml2` module has been removed. - * The `saml2:SP` authsource has been removed. - * The `sspmod_saml2_Error` class has been renamed to `sspmod_saml_Error`. - * The `sspmod_saml2_Message` class has been renamed to `sspmod_saml_Message`. - * Moved IdP functions from `sspmod_saml_Message` to `sspmod_saml_IdP_SAML2`. - * Removed several functions and classes that are unused: - * `SimpleSAML_Utilities::strleft` - * `SimpleSAML_Utilities::array_values_equal` - * `SimpleSAML_Utilities::getRequestURI` - * `SimpleSAML_Utilities::getScriptName` - * `SimpleSAML_Utilities::getSelfProtocol` - * `SimpleSAML_Utilities::cert_fingerprint` - * `SimpleSAML_Utilities::generateTrackID` - * `SimpleSAML_Utilities::buildBacktrace` - * `SimpleSAML_Utilities::formatBacktrace` - * `SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta` - * `SimpleSAML_ModifiedInfo` - * Moved function from Utilities-class to more appropriate locations. - * `getAuthority` to `SimpleSAML_IdP` - * `generateUserId` to `sspmod_saml_IdP_SAML2`. - * Replaced calls to with throwing an `SimpleSAML_Error_Error` exception. - * Removed metadata send functionality from old SP code. - * Removed bin/test.php and www/admin/test.php. - * Removed metashare. - * Removed www/auth/login-auto.php. - * Removed www/auth/login-feide.php. - * Removed optional parameters from `SimpleSAML_XHTML_Template::getLanguage()`. - * Removed functions from `SAML2_Assertion`: `get/setDestination`, `get/setInResponseTo`. - Replaced with `setSubjectConfirmation`. - * Removed several unused files & templates. +* The `saml2` module has been removed. + * The `saml2:SP` authsource has been removed. + * The `sspmod_saml2_Error` class has been renamed to `sspmod_saml_Error`. + * The `sspmod_saml2_Message` class has been renamed to `sspmod_saml_Message`. +* Moved IdP functions from `sspmod_saml_Message` to `sspmod_saml_IdP_SAML2`. +* Removed several functions and classes that are unused: + * `SimpleSAML_Utilities::strleft` + * `SimpleSAML_Utilities::array_values_equal` + * `SimpleSAML_Utilities::getRequestURI` + * `SimpleSAML_Utilities::getScriptName` + * `SimpleSAML_Utilities::getSelfProtocol` + * `SimpleSAML_Utilities::cert_fingerprint` + * `SimpleSAML_Utilities::generateTrackID` + * `SimpleSAML_Utilities::buildBacktrace` + * `SimpleSAML_Utilities::formatBacktrace` + * `SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta` + * `SimpleSAML_ModifiedInfo` +* Moved function from Utilities-class to more appropriate locations. + * `getAuthority` to `SimpleSAML_IdP` + * `generateUserId` to `sspmod_saml_IdP_SAML2`. +* Replaced calls to with throwing an `SimpleSAML_Error_Error` exception. +* Removed metadata send functionality from old SP code. +* Removed bin/test.php and www/admin/test.php. +* Removed metashare. +* Removed www/auth/login-auto.php. +* Removed www/auth/login-feide.php. +* Removed optional parameters from `SimpleSAML_XHTML_Template::getLanguage()`. +* Removed functions from `SAML2_Assertion`: `get/setDestination`, `get/setInResponseTo`. + Replaced with `setSubjectConfirmation`. +* Removed several unused files & templates. -### SAML 2 IdP +`SAML2 IdP` - * Support for generation of NameID values via [processing filters](./saml:nameid) - * Obey the NameIDPolicy Format in authentication request. - * Allow AuthnContextClassRef to be set by processing filters. - * Rework iframe logout page to not rely on cookies. +* Support for generation of NameID values via [processing filters](./saml:nameid) +* Obey the NameIDPolicy Format in authentication request. +* Allow AuthnContextClassRef to be set by processing filters. +* Rework iframe logout page to not rely on cookies. -### SAML 2 SP +`SAML2 SP` - * Support SOAP logout. - * Various fixes to adhere more closely to the specification. - * Allow multiple SessionIndex-elements in LogoutRequest. - * Handle multiple Assertion-elements in Response. - * Reject duplicate assertions. - * Support for encrypted NameID in LogoutRequest. - * Verify Destination-attribute in LogoutRequest messages. - * Add specific options for signing and verifying authentication request and logout messages. - * `saml:NameIDAttribute` filter for extracting NameID from authentication response. +* Support SOAP logout. +* Various fixes to adhere more closely to the specification. + * Allow multiple SessionIndex-elements in LogoutRequest. + * Handle multiple Assertion-elements in Response. + * Reject duplicate assertions. + * Support for encrypted NameID in LogoutRequest. + * Verify Destination-attribute in LogoutRequest messages. +* Add specific options for signing and verifying authentication request and logout messages. +* `saml:NameIDAttribute` filter for extracting NameID from authentication response. -### SAML 1 IdP +`SAML1 IdP` - * Add `urn:mace:shibboleth:1.0` as supported protocol in generated metadata. +* Add `urn:mace:shibboleth:1.0` as supported protocol in generated metadata. -### SAML 1 SP +`SAML1 SP` - * Support for IdP initiated authentication. +* Support for IdP initiated authentication. -### `aggregator` +`aggregator` - * Allow metadata generation from command line. +* Allow metadata generation from command line. -### `authfacebook` +`authfacebook` - * Change attribute names. +* Change attribute names. -### `casserver` +`casserver` - * Support for proxying. - * Add ttl for tickets. +* Support for proxying. +* Add ttl for tickets. -### `core` +`core` - * `core:AttributeLimit`: Make it possible to specify a default set of attributes. - * Make the SP metadata available on the login pages. +* `core:AttributeLimit`: Make it possible to specify a default set of attributes. +* Make the SP metadata available on the login pages. -### `discoPower` +`discoPower` - * Sort IdPs without a name (where we only have an entityID) last in the list. - * CDC cookie support. +* Sort IdPs without a name (where we only have an entityID) last in the list. +* CDC cookie support. -### `exampleAuth` +`exampleAuth` - * Add example of integration with external authentication page. +* Add example of integration with external authentication page. -### `ldap` +`ldap` - * Add `ldap:AttributeAddFromLDAP` filter for adding attributes from a LDAP directory. +* Add `ldap:AttributeAddFromLDAP` filter for adding attributes from a LDAP directory. -### `metarefresh` +`metarefresh` - * Don't stop updates on the first exception. +* Don't stop updates on the first exception. -### `openid` +`openid` - * Don't require access to the PHP session. - * Remove OpenID test page. (May as well use the normal test pages.) - * Support for attribute exchange. - * Add `target` option, for directing authentication to a specific OpenID provider. - * Add `realm` option, for specifying the realm we should send to the OpenID provider. +* Don't require access to the PHP session. +* Remove OpenID test page. (May as well use the normal test pages.) +* Support for attribute exchange. +* Add `target` option, for directing authentication to a specific OpenID provider. +* Add `realm` option, for specifying the realm we should send to the OpenID provider. -### `portal` +`portal` - * Make it possible to register pages from modules, and not only from configuration. +* Make it possible to register pages from modules, and not only from configuration. -### `statistics` +`statistics` - * New y-axis scaling algorithm +* New y-axis scaling algorithm -### `twitter` - - * Change attribute names returned from twitter. +`twitter` +* Change attribute names returned from twitter. ## Version 1.6.3 Released 2010-12-17. - * Fix for cross site scripting in redirect page. +* Fix for cross site scripting in redirect page. ## Version 1.6.2 Released 2010-07-29. - * Various security fixes. +* Various security fixes. ## Version 1.6.1 Released 2010-06-25. - * saml:SP: Fix SingleLogoutService endpoint in SSP-format metadata array. - * Shib13:IdP: Add urn:mace:shibboleth:1.0 to supported protocols. - * Fix SAMLParser::parseElement(). - * SAML2:IdP: Fix persistent NameID generation. - * Fix scoping on IdP discovery page. - * metaedit: Fix endpoints parsed from XML. - * Dictionary update. - * Documentation fixes. +* saml:SP: Fix SingleLogoutService endpoint in SSP-format metadata array. +* Shib13:IdP: Add urn:mace:shibboleth:1.0 to supported protocols. +* Fix SAMLParser::parseElement(). +* SAML2:IdP: Fix persistent NameID generation. +* Fix scoping on IdP discovery page. +* metaedit: Fix endpoints parsed from XML. +* Dictionary update. +* Documentation fixes. ## Version 1.6 @@ -1662,239 +1733,236 @@ Released 2010-05-31. [Upgrade notes](./simplesamlphp-upgrade-notes-1.6) - * Detection of cookies disabled on the IdP. - * New IdP core, which makes it simpler to share code between different IdPs, e.g. between SAML 1.1 and SAML 2.0. - * Dictionaries moved to JSON format. - * New authentication module: [`cas:CAS`](./cas:cas). - * All images that doesn't permit non-commercial use have been replaced. - * Better support for OrganizationName, OrganizationDisplayName and OrganizationURL in metadata. - * Cookie secure flag no longer automatically set. - * Cross-protocol logout between ADFS and SAML 2. - * New experimental module for aggregating metadata: [`aggregator2`](./aggregator2:aggregator2) - * Metadata support for multiple endpoints with [multiple bindings](./simplesamlphp-metadata-endpoints). - * The metadata generation is using a new set of classes. - As a result, all generated metadata elements now have a `md:`-prefix. - * The deprecated functions `init(...)` and `setAuthenticated(...) in the `SimpleSAML_Session` class have been removed. - * Configuration check and metadata check was removed, as they were often wrong. - -### SAML 2 SP - - * SAML 2.0 HTTP-Artifact support on the [SP](./simplesamlphp-artifact-sp). - -### SAML 2 IdP - - * SAML 2.0 HTTP-Artifact support on the [IdP](./simplesamlphp-artifact-idp). - * Support for sending PartialLogout status code in logout response. - * Set AuthnInstant to the timestamp for authentication. - * Combine normal and iframe versions of the logout handlers into a single endpoint. - * The SessionIndex is now unique per SP. - * Statistics for logout failures. - * Better generation of persistent NameID when `nameid.attribute` isn't specified. +* Detection of cookies disabled on the IdP. +* New IdP core, which makes it simpler to share code between different IdPs, e.g. between SAML 1.1 and SAML 2.0. +* Dictionaries moved to JSON format. +* New authentication module: [`cas:CAS`](./cas:cas). +* All images that doesn't permit non-commercial use have been replaced. +* Better support for OrganizationName, OrganizationDisplayName and OrganizationURL in metadata. +* Cookie secure flag no longer automatically set. +* Cross-protocol logout between ADFS and SAML 2. +* New experimental module for aggregating metadata: [`aggregator2`](./aggregator2:aggregator2) +* Metadata support for multiple endpoints with [multiple bindings](./simplesamlphp-metadata-endpoints). +* The metadata generation is using a new set of classes. + As a result, all generated metadata elements now have a `md:`-prefix. +* The deprecated functions `init(...)` and `setAuthenticated(...)` in the `SimpleSAML_Session` class have been removed. +* Configuration check and metadata check was removed, as they were often wrong. + +`SAML2 SP` + +* SAML 2.0 HTTP-Artifact support on the [SP](./simplesamlphp-artifact-sp). + +`SAML2 IdP` + +* SAML 2.0 HTTP-Artifact support on the [IdP](./simplesamlphp-artifact-idp). +* Support for sending PartialLogout status code in logout response. +* Set AuthnInstant to the timestamp for authentication. +* Combine normal and iframe versions of the logout handlers into a single endpoint. +* The SessionIndex is now unique per SP. +* Statistics for logout failures. +* Better generation of persistent NameID when `nameid.attribute` isn't specified. ### The SP API - * Support for handling errors from the IdP. - * Support for passing parameters to the authentication module. - This can be used to specify SAML 2 parameters, such as isPassive and ForceAuthn. - -### `adfs` +* Support for handling errors from the IdP. +* Support for passing parameters to the authentication module. + This can be used to specify SAML 2 parameters, such as isPassive and ForceAuthn. - * Move to new IdP core. +`adfs` -### `casserver` +* Move to new IdP core. - * Collect all endpoints in a single file. - * Fix prefix on the tickets. +`casserver` -### `consent` +* Collect all endpoints in a single file. +* Fix prefix on the tickets. - * Support for deactivating consent for specific services. +`consent` -### `consentAdmin` +* Support for deactivating consent for specific services. - * Support for the SAML SP module. +`consentAdmin` -### `core` +* Support for the SAML SP module. - * New filter: [`core:PHP`](./core:authproc_php), which allows processing of attributes with arbitrary PHP code. - * Support for multiple target attributes in [`core:AttributeMap`](./core:authproc_attributemap). - * New filter: [`core:ScopeFromAttribute`](./core:authproc_scopefromattribute), which allows the creation an attribute based on the scope of another attribute. - * Support for a target attribute in [`core:AttributeAlter`](./core:authproc_attributealter). +`core` -### `discoPower` +* New filter: [`core:PHP`](./core:authproc_php), which allows processing of attributes with arbitrary PHP code. +* Support for multiple target attributes in [`core:AttributeMap`](./core:authproc_attributemap). +* New filter: [`core:ScopeFromAttribute`](./core:authproc_scopefromattribute), which allows the creation an attribute based on the scope of another attribute. +* Support for a target attribute in [`core:AttributeAlter`](./core:authproc_attributealter). - * Support for new scoring algorithm. +`discoPower` -### `ldap` +* Support for new scoring algorithm. - * SASL support in LDAPMulti +`ldap` -### `ldapstatus` +* SASL support in LDAPMulti - * This module was removed, as it was very specific for Feide. +`ldapstatus` -### `multiauth` +* This module was removed, as it was very specific for Feide. - * Support for specifying the target authentication source through a request parameter. +`multiauth` -### `oauth` +* Support for specifying the target authentication source through a request parameter. - * Configurable which authentication source should be used. +`oauth` -### `openidProvider` +* Configurable which authentication source should be used. - * OpenID 2.0 support. - * XRDS generation support. +`openidProvider` -### `saml` +* OpenID 2.0 support. +* XRDS generation support. - * Support for specifying parameters for authentication request. - * Add AttributeConsumingService to generated metadata. - * The two SPSSODescriptor elements in the metadata has been merged. +`saml` +* Support for specifying parameters for authentication request. +* Add AttributeConsumingService to generated metadata. +* The two SPSSODescriptor elements in the metadata has been merged. ## Version 1.5.1 Released 2010-01-08. - * Fix security vulnerability due to insecure temp file creation: - * statistics: The logcleaner script outputs to a file in /tmp. - * InfoCard: Saves state directly in /tmp. Changed to the SimpleSAMLphp temp directory. - * openidProvider: Default configuration saves state information in /tmp. - Changed to '/var/lib/simplesamlphp-openid-provider'. - * SAML 1 artifact support: Saves certificates temporarily in '/tmp/simplesaml', but directory creation was insecure. - * statistics: Handle new year wraparound. - * Dictionary updates. - * Fix bridged logout. - * Some documentation updates. - * Fix all metadata to use assignments to arrays. - * Fix $session->getIdP(). - * Support AuthnContextClassRef in saml-module. - * Do not attempt to send logout request to an IdP that does not support logout. - * LDAP: Disallow bind with empty password. - * LDAP: Assume that LDAP_NO_SUCH_OBJECT is an error due to invalid username/password. - * statistics: Fix configuration template. - * Handle missing authority in idp-hosted metadata better. - +* Fix security vulnerability due to insecure temp file creation: + * statistics: The logcleaner script outputs to a file in /tmp. + * InfoCard: Saves state directly in /tmp. Changed to the SimpleSAMLphp temp directory. + * openidProvider: Default configuration saves state information in /tmp. + Changed to '/var/lib/simplesamlphp-openid-provider'. + * SAML 1 artifact support: Saves certificates temporarily in '/tmp/simplesaml', but directory creation was insecure. +* statistics: Handle new year wraparound. +* Dictionary updates. +* Fix bridged logout. +* Some documentation updates. +* Fix all metadata to use assignments to arrays. +* Fix $session->getIdP(). +* Support AuthnContextClassRef in saml-module. +* Do not attempt to send logout request to an IdP that does not support logout. +* LDAP: Disallow bind with empty password. +* LDAP: Assume that LDAP_NO_SUCH_OBJECT is an error due to invalid username/password. +* statistics: Fix configuration template. +* Handle missing authority in idp-hosted metadata better. ## Version 1.5 Released 2009-11-05. Revision 1937. - * New API for SP authentication. - * Make use of the portal module on the frontpage. - * SQL datastore. - * Support for setting timezone in config (instead of php.ini). - * Logging of PHP errors and notices to SimpleSAMLphp log file. - * Improve handling of unhandled errors and exceptions. - * Admin authentication through authentication sources. - * Various bugfixes & cleanups. - * Translation updates. - * Set the dropdown list as default for built in disco service. - -### New modules: +* New API for SP authentication. +* Make use of the portal module on the frontpage. +* SQL datastore. +* Support for setting timezone in config (instead of php.ini). +* Logging of PHP errors and notices to SimpleSAMLphp log file. +* Improve handling of unhandled errors and exceptions. +* Admin authentication through authentication sources. +* Various bugfixes & cleanups. +* Translation updates. +* Set the dropdown list as default for built in disco service. - * `adfs` - * [`authorize`](./authorize:authorize) - * `authtwitter` - * [`autotest`](./autotest:test) - * `exampleattributeserver` - * `metaedit` - * [`multiauth`](./multiauth:multiauth) - * `oauth` - * [`openidProvider`](./openidProvider:provider) - * [`radius`](./radius:radius) - * [`saml`](./saml:sp) +`New modules` -### `aggregator`: +* `adfs` +* [`authorize`](./authorize:authorize) +* `authtwitter` +* [`autotest`](./autotest:test) +* `exampleattributeserver` +* `metaedit` +* [`multiauth`](./multiauth:multiauth) +* `oauth` +* [`openidProvider`](./openidProvider:provider) +* [`radius`](./radius:radius) +* [`saml`](./saml:sp) - * Add ARP + ARP signing functionality to the aggregator. - * Improvements to the aggregator module. Added documentation, and re-written more OO-oriented. - * Add support for reconstructing XML where XML for an entity is already cached. - * Add support for excluding tags in metadata aggregator. +`aggregator` -### `AuthMemCookie`: +* Add ARP + ARP signing functionality to the aggregator. +* Improvements to the aggregator module. Added documentation, and re-written more OO-oriented. +* Add support for reconstructing XML where XML for an entity is already cached. +* Add support for excluding tags in metadata aggregator. - * Delete the session cookie when deleting the session. - * Support for authentication sources. - * Set expiry time of session data when saving to memcache. - * Support multiple memcache servers. +`AuthMemCookie` -### `cas`: +* Delete the session cookie when deleting the session. +* Support for authentication sources. +* Set expiry time of session data when saving to memcache. +* Support multiple memcache servers. - * Added support for attributes in . +`cas` -### `consent`: +* Added support for attributes in . - * Support for hiding some attribute values. +`consent` -### `consentAdmin`: +* Support for hiding some attribute values. - * Added config option to display description. +`consentAdmin` -### `core`: +* Added config option to display description. - * New WarnShortSSOInterval filter. +`core` -### `discopower`: +* New WarnShortSSOInterval filter. - * Live search in discopower-module. +`discopower` -### `ldap`: +* Live search in discopower-module. - * Support for proxy authentication. - * Add 'debug' and 'timeout' options. - * Privilege separation for LDAP attribute retrieval. - * Allow search.base to be an array. - * (LDAPMulti) Add support for including the organization as part of the username. +`ldap` -### `ldapstatus`: +* Support for proxy authentication. +* Add 'debug' and 'timeout' options. +* Privilege separation for LDAP attribute retrieval. +* Allow search.base to be an array. +* (LDAPMulti) Add support for including the organization as part of the username. - * Do a connect-test to all ip-addresses for a hostname. - * Check whether hostname exists before attempting to connect. - * hobbit output. - * Check schema version. - * Add command line tab to single LDAP status page for easier debugging. +`ldapstatus` -### `logpeek`: +* Do a connect-test to all ip-addresses for a hostname. +* Check whether hostname exists before attempting to connect. +* hobbit output. +* Check schema version. +* Add command line tab to single LDAP status page for easier debugging. - * Blockwise reading of logfile for faster execution. +`logpeek` -### `metarefresh`: +* Blockwise reading of logfile for faster execution. - * Adding support for generating Shibboleth ARP files. - * Add 'serialize' metadata format. +`metarefresh` -### `preprodwarning`: +* Adding support for generating Shibboleth ARP files. +* Add 'serialize' metadata format. - * Don't show warning in passive request. - * Focus on continue-button. +`preprodwarning` -### SAML: +* Don't show warning in passive request. +* Focus on continue-button. - * Support for multiple AssertionConsumerService endpoints. - * SAML 1 artifact support on the SP side. - * New SAML authentication module. - * Deprecation of www/saml2/sp & www/shib13/sp. - * Support for encrypted NameID. - * NameIDPolicy replaces NameIDFormat. - * Better support for IdP initiated SSO and bookmarked login pages. - * Improvements to iframe logout page. - * Scoping support. - * New library for SAML 2 messages. - * Support for transporting errors from the IdP to the SP. - * Sign both the assertion and the response element by default. - * Support for sending XML attribute values from the IdP. +`saml` -### `statistics`: +* Support for multiple AssertionConsumerService endpoints. +* SAML 1 artifact support on the SP side. +* New SAML authentication module. +* Deprecation of www/saml2/sp & www/shib13/sp. +* Support for encrypted NameID. +* NameIDPolicy replaces NameIDFormat. +* Better support for IdP initiated SSO and bookmarked login pages. +* Improvements to iframe logout page. +* Scoping support. +* New library for SAML 2 messages. +* Support for transporting errors from the IdP to the SP. +* Sign both the assertion and the response element by default. +* Support for sending XML attribute values from the IdP. - * Extended Google chart encoding... Add option of alternative compare plot in graph... - * Added support for Ratio type reports in the statistics module.. - * Changed default rule to SSO. - * Added incremental aggregation, independent time resolution from rule def, combined coldefs and more. - * Add DST support in date handler. Added summary columns per delimiter. Added pie chart. +++ - * Log first SSO to a service during a session. +`statistics` +* Extended Google chart encoding... Add option of alternative compare plot in graph... +* Added support for Ratio type reports in the statistics module.. +* Changed default rule to SSO. +* Added incremental aggregation, independent time resolution from rule def, combined coldefs and more. +* Add DST support in date handler. Added summary columns per delimiter. Added pie chart. +++ +* Log first SSO to a service during a session. ## Version 1.4 @@ -1902,76 +1970,74 @@ Released 2009-03-12. Revision 1405. Updates to `config.php`. Please check for updates in your local modified configuration. - * Language updates - * Documentation update. New authentication source API now default and documented. - * New authentication source (new API): - * LDAP - * LDAPMulti - * YubiKey authentication source. (Separate module) - * Facebook authentication source. (Separate module) - * New Authentication Processing Filter: - * AttributeAlter - * AttributeFilter - * AttributeMap - * Smartname. does it best to guess the full name of the user based on several attributes. - * Language adaptor: allow adopting UI by preferredLanguage SAML 2.0 Attribute both on the IdP and the SP. And if the user selects a language, this can be sent to the SP as an attribute. - * New module: portal, allows you to created tabbed interface for custom pages within SimpleSAMLphp. In example user consent management and attribute viewer. - * New module: ldapstatus. Used by Feide to monitor connections to a large list of LDAP connections. Contact Feide on details on how to use. - * ldapstatus also got certificate check capabilities. - * New module: MemcacheMonitor: Show statistics for memcache servers. - * New module: DiscoPower. A tabbed discovery service module with a lot of functionality. - * New module: SAML 2.0 Debugginer. An improved version of the one found on rnd.feide.no earlier is not included in SimpleSAMLphp allowing you to run it locally. - * New module: Simple Consent Amdin module that have one button to remove all consent for one user. - * New module: Consent Administration. Contribution from Wayf. - * We also have a consent administration module that we use in Feide that is not checked in to subversion. - * New module: logpeek. Lets administrator lookup loglines matching a TRackID. - * New module: PreprodWarning: Adding a warning to users that access a preprod system. - * New module: CAS Server - * New module: Aggregator: Aggregates metadata. Used in Kalmar Union. - * New module: Metarefresh, download, parses and consumes metadata. - * New module: SanityCheck. Checks if things looks good and reports bad configuration etc. - * New module: Cron. Will perform tasks regularly. - * Module: SAML2.0. SAML 2.0 SP implemented as an module. Yet not documented how to use, but all SAML 2.0 SP functionality may be moved out to this module for better modularization. - * New module: statistics. Parses STAT log files, and aggregates based on a generic rule system. Output is stored in aggregated text files, and a frontend is included to present statistics with tables and graphs. Used sanitycheck and cron. - * Added support for IdP initiated SSO. - * Added support for IdP-initiated SLO with iFrame type logout. - * Major updates to iFrame AJAX SLO. Improved user experience. - * iFrame AJAX SLO is not safe against simultaneous update of the session. - * Added support for bookmarking login pages. By adding enough information in the URL to be able to bootstrap a new IdP-initiated SSO and sending. - * Major updates to the infocard module. - * Added some handling of isPassive with authentication processing filters. - * More localized UI. - * New login as administrator link on frontpage. - * Tabbed frontpage. Restructured. - * Simplifications to the theming and updated documentation on theming SimpleSAMLphp. - * Attribute presentation hook allows you to tweak attributes before presentation in the attribute viewers. Used by Feide to group orgUnit information in a hieararchy. - * Verification of the Recipient attribute in the response. Will improve security if for some reason an IdP is not includeding sufficient Audience restrictions. - * Added hook to let modules tell about themself moduleinfo hook. - * Improved cron mails - * Improved sanity check exception handling - * Preserver line breaks in stack trace UI - * Improvements to WS-Federation support: dynamic realms, logout etc. - * Better handling of presentation of JPEG photos as attributes. - * Support limiting size of attribute retrieved from LDAP. - * Added notes about how to aggregate and consume metadata. Just a start. - * Large improvements to Configuration class, and config helper functions. - * STAT logging is moved into separate authentication processing filter. - * Fix for NoPassive responses to Google Apps with alternative NameIDFormats. - * LDAP module allows to search multiple searchbases. - * All documentation is converted from docbook to markdown format. - * Added headers to not allow google to index pages. - * Added check on frontpage for magic quotes - * Added statistic logging to Consent class. - * Improvements to Exception handler in LDAP class, and better logging. - * LDAP class supports turning on LDAP-debug logging. - * Much improvements to SAML 2.0 Metadata generation and parsing. - * Adding more recent jQuery library. - * Generic interface for including jQuery dependencies in template headers. - * Improved UI on default theme - * Fix for session duration in the Conditions element in the Assertion (SAML 2.0). - * Updated with new Feide IdP metadata in metadata-templates - - +* Language updates +* Documentation update. New authentication source API now default and documented. +* New authentication source (new API): + * LDAP + * LDAPMulti + * YubiKey authentication source. (Separate module) + * Facebook authentication source. (Separate module) +* New Authentication Processing Filter: + * AttributeAlter + * AttributeFilter + * AttributeMap + * Smartname. does it best to guess the full name of the user based on several attributes. + * Language adaptor: allow adopting UI by preferredLanguage SAML 2.0 Attribute both on the IdP and the SP. And if the user selects a lanauge, this can be sent to the SP as an attribute. +* New module: portal, allows you to created tabbed interface for custom pages within SimpleSAMLphp. In example user consent management and attribute viewer. +* New module: ldapstatus. Used by Feide to monitor connections to a large list of LDAP connections. Contact Feide on details on how to use. +* ldapstatus also got certificate check capabilities. +* New module: MemcacheMonitor: Show statistics for memcache servers. +* New module: DiscoPower. A tabbed discovery service module with a lot of functionality. +* New module: SAML 2.0 Debugginer. An improved version of the one found on rnd.feide.no earlier is not included in SimpleSAMLphp allowing you to run it locally. +* New module: Simple Consent Amdin module that have one button to remove all consent for one user. +* New module: Consent Administration. Contribution from Wayf. +* We also have a consent administration module that we use in Feide that is not checked in to subversion. +* New module: logpeek. Lets administrator lookup loglines matching a TRackID. +* New module: PreprodWarning: Adding a warning to users that access a preprod system. +* New module: CAS Server +* New module: Aggregator: Aggregates metadata. Used in Kalmar Union. +* New module: Metarefresh, download, parses and consumes metadata. +* New module: SanityCheck. Checks if things looks good and reports bad configuration etc. +* New module: Cron. Will perform tasks regularly. +* Module: SAML2.0. SAML 2.0 SP implemented as an module. Yet not documented how to use, but all SAML 2.0 SP functionality may be moved out to this module for better modularization. +* New module: statistics. Parses STAT log files, and aggregates based on a generic rule system. Output is stored in aggregated text files, and a frontend is included to present statistics with tables and graphs. Used sanitycheck and cron. +* Added support for IdP initiated SSO. +* Added support for IdP-initiated SLO with iFrame type logout. +* Major updates to iFrame AJAX SLO. Improved user experience. +* iFrame AJAX SLO is not safe against simultaneous update of the session. +* Added support for bookmarking login pages. By adding enough information in the URL to be able to bootstrap a new IdP-initiated SSO and sending. +* Major updates to the infocard module. +* Added some handling of isPassive with authentication processing filters. +* More localized UI. +* New login as administrator link on frontpage. +* Tabbed frontpage. Restructured. +* Simplifications to the theming and updated documentation on theming SimpleSAMLphp. +* Attribute presentation hook allows you to tweak attributes before presentation in the attribute viewers. Used by Feide to group orgUnit information in a hieararchy. +* Verification of the Recipient attribute in the response. Will improve security if for some reason an IdP is not includeding sufficient Audience restrictions. +* Added hook to let modules tell about themself moduleinfo hook. +* Improved cron mails +* Improved sanity check exception handling +* Preserver line breaks in stack trace UI +* Improvements to WS-Federation support: dynamic realms, logout etc. +* Better handling of presentation of JPEG photos as attributes. +* Support limiting size of attribute retrieved from LDAP. +* Added notes about how to aggregate and consume metadata. Just a start. +* Large improvements to Configuration class, and config helper functions. +* STAT logging is moved into separate authentication processing filter. +* Fix for NoPassive responses to Google Apps with alternative NameIDFormats. +* LDAP module allows to search multiple searchbases. +* All documentation is converted from docbook to markdown format. +* Added headers to not allow google to index pages. +* Added check on frontpage for magic quotes +* Added statistic logging to Consent class. +* Improvements to Exception handler in LDAP class, and better logging. +* LDAP class supports turning on LDAP-debug logging. +* Much improvements to SAML 2.0 Metadata generation and parsing. +* Adding more recent jQuery library. +* Generic interface for including jQuery dependencies in template headers. +* Improved UI on default theme +* Fix for session duration in the Conditions element in the Assertion (SAML 2.0). +* Updated with new Feide IdP metadata in metadata-templates ## Version 1.3 @@ -1979,38 +2045,37 @@ Released 2008-11-04. Revision 973. Configuration file `config.php` should not include significant changes, except one language added. -### New features - - * Documentation update - * Added new language. Now there are two different portuguese - dialects. - * Consent "module" modified. Now added support for preselecting the - checkbox by a configuration parameter. Consent module supports - including attributes values (possible to configure). - * CSS and look changed. Removed transparency to fix problem for some - browsers. - * The login-admin authentication module does not ask for username any - more. - * Added support for persistent NameID Format. (Added by Hans - ZAndbelt) - * Added experimental SAML 2.0 SP AuthSource module. - * More readable XML output formatting. In example metadata. - * Better support for choosing whether or not to sign authnrequest. - Possible to specify both at SP hosted and IdP remote. - * Adding more example metadata in metadata-templates. - * Improved e-mails sent from SimpleSAMLphp. Now both plain text and - html. - * Configuration class may return information about what version. - * iFrame AJAX SLO improved. Now with non-JavaScript fallback - handling. - -### Bug fixes - - * Fixed warning with XML validator. - * Improved loading of private/public keys in XML/Signer. - * Improvements to CAS module. - * Fixed memcache stats. - +`New features` + +* Documentation update +* Added new language. Now there are two different portuguese + dialects. +* Consent "module" modified. Now added support for preselecting the + checkbox by a configuration parameter. Consent module supports + including attributes values (possible to configure). +* CSS and look changed. Removed transparency to fix problem for some + browsers. +* The login-admin authentication module does not ask for username any + more. +* Added support for persistent NameID Format. (Added by Hans + ZAndbelt) +* Added experimental SAML 2.0 SP AuthSource module. +* More readable XML output formatting. In example metadata. +* Better support for choosing whether or not to sign authnrequest. + Possible to specify both at SP hosted and IdP remote. +* Adding more example metadata in metadata-templates. +* Improved e-mails sent from SimpleSAMLphp. Now both plain text and + html. +* Configuration class may return information about what version. +* iFrame AJAX SLO improved. Now with non-JavaScript fallback + handling. + +`Bug fixes` + +* Fixed warning with XML validator. +* Improved loading of private/public keys in XML/Signer. +* Improvements to CAS module. +* Fixed memcache stats. ## Version 1.2 @@ -2022,45 +2087,40 @@ When you upgrade from an previous version you should copy `authsources.php` from There are also some changes to the templates. If you have any custom templates, they should be updated to match the ones included. Of notable changes is that the `t(...)`-functtes, they should be updated to match the ones included. Of notable changes is that the `t(...)`-function has been simplified, and takes far fewer parameters. It is backwardscompatible, but will write a warning to the log until updated. The backwards compatibility will be removed in a future version. -### New features - - * Experimental support for modules. Currently modules can contain - custom authentication sources, authentication processing filters - and themes. - * An generic SQL authentication module added for those who store their - users in an SQL database. - * Limited support for validating against a CA root certificate. The - current implementation only supports cases where the certificate is - directly signed by the CA. - * Allow an IdP to have multiple valid certificate fingerprints, to - allow for easier updating of certificates. - * Shibboleth 1.3 authentication for Auth MemCookie. - * Support for link to privacy policy on consent-pages. - * Customizable initial focus on consent-page. - * Almost all pages should be translatable. - * Allow SAML 2.0 SP to handle error replies from IdP. - * PostgreSQL support for consent storage. - * Add support for encrypted private keys. - * Proof-of-concept MetaShare service, for easy publishing and sharing - of metadata. - - -### Bug fixes - - * Fixed generated SAML 2.0 metadata to be correct. - * Fixed logout for Auth MemCookie. - * Sign SAML 2.0 authentication response on failure (such as - NoPassive). - * Fixes for IsPassive in the SAML 2.0 IdP. - * Fix default syslog configuration on Windows. - * Fix order of signing and encryption of SAML 2.0 responses - * Fix generated metadata for Shib 1.3 - * Fix order of elements in encrypted assertions to be schema - compliant. - * Fix session index sent to SAML 2.0 SPs. - * Remember SAML 2.0 NameID sent to SPs, and include it in logout - requests. - +`New features` + +* Experimental support for modules. Currently modules can contain + custom authentication sources, authentication processing filters + and themes. +* An generic SQL authentication module added for those who store their + users in an SQL database. +* Limited support for validating against a CA root certificate. The + current implementation only supports cases where the certificate is + directly signed by the CA. +* Allow an IdP to have multiple valid certificate fingerprints, to + allow for easier updating of certificates. +* Shibboleth 1.3 authentication for Auth MemCookie. +* Support for link to privacy policy on consent-pages. +* Customizable initial focus on consent-page. +* Almost all pages should be translatable. +* Allow SAML 2.0 SP to handle error replies from IdP. +* PostgreSQL support for consent storage. +* Add support for encrypted private keys. +* Proof-of-concept MetaShare service, for easy publishing and sharing + of metadata. + +`Bug fixes` + +* Fixed generated SAML 2.0 metadata to be correct. +* Fixed logout for Auth MemCookie. +* Sign SAML 2.0 authentication response on failure (such as NoPassive). +* Fixes for IsPassive in the SAML 2.0 IdP. +* Fix default syslog configuration on Windows. +* Fix order of signing and encryption of SAML 2.0 responses +* Fix generated metadata for Shib 1.3 +* Fix order of elements in encrypted assertions to be schema compliant. +* Fix session index sent to SAML 2.0 SPs. +* Remember SAML 2.0 NameID sent to SPs, and include it in logout requests. ## Version 1.1 @@ -2072,82 +2132,80 @@ There are also several changes to the template files. If you have done any custo New localizations in version 1.1: Sami, Svenska (swedish), Suomeksi (finnish), Nederlands, Luxembourgish, Slovenian, Hrvatski (Croatian), Magyar (Hungarian). -### New features - - * Add support for saving the users choice of IdP in the IdP discovery - service. - * Add a config option for whether the Response element or the - Assertion element in the response should be signed. - * Make it easier to add attribute alteration functions. - * Added support for multiple languages in metadata name and - description (for IdP discovery service). - * Added configuration checker for checking if configuration files - should be updated. - * Add support for icons in IdP discovery service. - * Add support for external IdP discovery services. - * Support password encrypted private keys. - * Added PHP autoloading as the preferred way of loading the - SimpleSAMLphp library. - * New error report script which will report errors to the - `technicalcontact_email` address. - * Support lookup of the DN of the user who is logging in by searching - for an attribute when using the LDAP authentication module. - * Add support for fetching name and description of entities from XML - metadata files. - * Support for setting custom AttributeNameFormats. - * Support for signing generated metadata. - * Support for signature validation of metadata. - * Added consent support for Shib 1.3 logging. - * Added errorlog logging handler for logging to the default Apache - error log. - * Added support for WS-Federation single signon. - * Allow `session_save_path` to be overridden by setting the - `session.phpsession.savepath` option in `config.php`. - * Add support for overriding autogenerated metadata values, such as - the `AssertionConsumerService` address. - * Added IsPassive support in the SAML 2.0 IdP. - * Add attribute filter for generating eduPersonTargetedID attribute. - * Add support for validation of sent and received messages and - metadata. - * Add support for dynamic metadata loading with cache. - * Add support for dynamic generation of entityid and metadata. - * Added wayf.dk login module. - * Add support for encrypting and decrypting assertions. - * CAS authentication module: Add support for serviceValidate. - * CAS authentication module: Add support for getting attributes from - response by specifying XPath mappings. - * Add support for specifying a certificate in the `saml20-idp-remote` - metadata instead of a fingerprint. - * Add an attribute alter function for dynamic group generation. - * Add support for attribute processing in SAML 2 SP. - * Added tlsclient authentication module. - * Allow the templates to override the header and footer of pages. - * Major improvements to the Feide authentication module. - * Add support for ForceAuthn in the SAML 2.0 IdP. - * Choose language based on the languages the user has selected in the - web browser. - * Added fallback to base language if translation isn't found. - - -### Bug fixes - - * Modified IdP discovery service to support Shibboleth 2.0 SP. - * Fix setcookie warning for PHP version \< 5.2. - * Fix logout not being performed for Auth MemCache sometimes. - * Preserve case of attribute names during LDAP attribute retrieval. - * Fix IdP-initiated logout. - * Ensure that changed sessions with changed SP associations are - written to memcache. - * Prevent infinite recursion during logging. - * Don't send the relaystate from the SP which initiated the logout to - other SPs during logout. - * Prevent consent module from revealing DB password when an error - occurs. - * Fix logout with memcache session handler. - * Allow new session to be created in login modules. - * Removed the strict parameter from base64\_decode for PHP 5.1 - compatibility. - +`New features` + +* Add support for saving the users choice of IdP in the IdP discovery + service. +* Add a config option for whether the Response element or the + Assertion element in the response should be signed. +* Make it easier to add attribute alteration functions. +* Added support for multiple languages in metadata name and + description (for IdP discovery service). +* Added configuration checker for checking if configuration files + should be updated. +* Add support for icons in IdP discovery service. +* Add support for external IdP discovery services. +* Support password encrypted private keys. +* Added PHP autoloading as the preferred way of loading the + SimpleSAMLphp library. +* New error report script which will report errors to the + `technicalcontact_email` address. +* Support lookup of the DN of the user who is logging in by searching + for an attribute when using the LDAP authentication module. +* Add support for fetching name and description of entities from XML + metadata files. +* Support for setting custom AttributeNameFormats. +* Support for signing generated metadata. +* Support for signature validation of metadata. +* Added consent support for Shib 1.3 logging. +* Added errorlog logging handler for logging to the default Apache + error log. +* Added support for WS-Federation single signon. +* Allow `session_save_path` to be overridden by setting the + `session.phpsession.savepath` option in `config.php`. +* Add support for overriding autogenerated metadata values, such as + the `AssertionConsumerService` address. +* Added IsPassive support in the SAML 2.0 IdP. +* Add attribute filter for generating eduPersonTargetedID attribute. +* Add support for validation of sent and received messages and + metadata. +* Add support for dynamic metadata loading with cache. +* Add support for dynamic generation of entityid and metadata. +* Added wayf.dk login module. +* Add support for encrypting and decrypting assertions. +* CAS authentication module: Add support for serviceValidate. +* CAS authentication module: Add support for getting attributes from + response by specifying XPath mappings. +* Add support for specifying a certificate in the `saml20-idp-remote` + metadata instead of a fingerprint. +* Add an attribute alter function for dynamic group generation. +* Add support for attribute processing in SAML 2 SP. +* Added tlsclient authentication module. +* Allow the templates to override the header and footer of pages. +* Major improvements to the Feide authentication module. +* Add support for ForceAuthn in the SAML 2.0 IdP. +* Choose language based on the languages the user has selected in the + web browser. +* Added fallback to base language if translation isn't found. + +`Bug fixes` + +* Modified IdP discovery service to support Shibboleth 2.0 SP. +* Fix setcookie warning for PHP version \< 5.2. +* Fix logout not being performed for Auth MemCache sometimes. +* Preserve case of attribute names during LDAP attribute retrieval. +* Fix IdP-initiated logout. +* Ensure that changed sessions with changed SP associations are + written to memcache. +* Prevent infinite recursion during logging. +* Don't send the relaystate from the SP which initiated the logout to + other SPs during logout. +* Prevent consent module from revealing DB password when an error + occurs. +* Fix logout with memcache session handler. +* Allow new session to be created in login modules. +* Removed the strict parameter from base64\_decode for PHP 5.1 + compatibility. ## Version 1.0 @@ -2162,48 +2220,47 @@ Released 2007-10-15. Revision 28. Both `config.php` and metadata format are changed. Look at the templates to understand the new format. - * Documentation is updated! - * Metadata files made tidier. Unused entries removed. Look at the new - templates on how to change your existing metadata. - * Support for sending metadata by mail to Feide. Automatically - detecting whether you have configured Feide as the default IdP or - not. - * Improved SAML 2.0 Metadata generation - * Added support for Shibboleth 1.3 IdP functionality (beta, contact - me if any problems) - * Added RADIUS authentication backend - * Added support for HTTP-Redirect debugging when enable `debug=true` - * SAML 2.0 SP example now contains a logout page. - * Added new authentication backend with support for multiple LDAP - based on which organization the user selects. - * Added SAML 2.0 Discovery Service - * Initial 'proof of concept' implementation of "User consent on - attribute release" - * Fixed some minor bugs. - +* Documentation is updated! +* Metadata files made tidier. Unused entries removed. Look at the new + templates on how to change your existing metadata. +* Support for sending metadata by mail to Feide. Automatically + detecting whether you have configured Feide as the default IdP or + not. +* Improved SAML 2.0 Metadata generation +* Added support for Shibboleth 1.3 IdP functionality (beta, contact + me if any problems) +* Added RADIUS authentication backend +* Added support for HTTP-Redirect debugging when enable `debug=true` +* SAML 2.0 SP example now contains a logout page. +* Added new authentication backend with support for multiple LDAP + based on which organization the user selects. +* Added SAML 2.0 Discovery Service +* Initial 'proof of concept' implementation of "User consent on + attribute release" +* Fixed some minor bugs. ## Version 0.4 Released 2007-09-14. Revision X. - * Improved documentation - * Authentication plugin API. Only LDAP authentication plugin is - included, but it is now easier to implement your own plugin. - * Added support for SAML 2.0 IdP to work with Google Apps for - Education. Tested. - * Initial implementation of SAML 2.0 Single Log Out functionality - both for SP and IdP. Seems to work, but not yet well-tested. - * Added support for bridging SAML 2.0 to SAML 2.0. - * Added some time skew offset to the NotBefore timestamp on the - assertion, to allow some time skew between the SP and IdP. - * Fixed Browser/POST page to automatically submit, and have fall back - functionality for user agents with no JavaScript support. - * Fixed some bug with warning traversing Shibboleth 1.3 Assertions. - * Fixed tabindex on the login page of the LDAP authentication module - to allow you to tab from username, to password and then to submit. - * Fixed bug on autodiscovering hostname in multihost environments. - * Cleaned out some debug messages, and added a debug option in the - configuration file. This debug option let's you turn on the - possibility of showing all SAML messages to users in the web - browser, and manually submit them. - * Several minor bugfixes. +* Improved documentation +* Authentication plugin API. Only LDAP authentication plugin is + included, but it is now easier to implement your own plugin. +* Added support for SAML 2.0 IdP to work with Google Apps for + Education. Tested. +* Initial implementation of SAML 2.0 Single Log Out functionality + both for SP and IdP. Seems to work, but not yet well-tested. +* Added support for bridging SAML 2.0 to SAML 2.0. +* Added some time skew offset to the NotBefore timestamp on the + assertion, to allow some time skew between the SP and IdP. +* Fixed Browser/POST page to automatically submit, and have fall back + functionality for user agents with no JavaScript support. +* Fixed some bug with warning traversing Shibboleth 1.3 Assertions. +* Fixed tabindex on the login page of the LDAP authentication module + to allow you to tab from username, to password and then to submit. +* Fixed bug on autodiscovering hostname in multihost environments. +* Cleaned out some debug messages, and added a debug option in the + configuration file. This debug option let's you turn on the + possibility of showing all SAML messages to users in the web + browser, and manually submit them. +* Several minor bugfixes. diff --git a/docs/simplesamlphp-customauth.md b/docs/simplesamlphp-customauth.md index 2e48d002a7..f5e316b623 100644 --- a/docs/simplesamlphp-customauth.md +++ b/docs/simplesamlphp-customauth.md @@ -16,13 +16,14 @@ It will be located under `modules/mymodule`. First we need to create the module directory: - cd modules - mkdir mymodule +```bash +cd modules +mkdir mymodule +``` Since this is a custom module, it should always be enabled in the configuration. Now that we have our own module, we can move on to creating an authentication source. - Creating a basic authentication source -------------------------------------- @@ -33,38 +34,43 @@ It will be implemented in the file `modules/mymodule/lib/Auth/Source/MyAuth.php` To begin with, we will create a very simple authentication source, where the username and password is hardcoded into the source code. Create the file `modules/mymodule/lib/Auth/Source/MyAuth.php` with the following contents: - ['theusername'], - 'displayName' => ['Some Random User'], - 'eduPersonAffiliation' => ['member', 'employee'], - ]; +namespace SimpleSAML\Module\mymodule\Auth\Source; + +class MyAuth extends \SimpleSAML\Module\core\Auth\UserPassBase +{ + protected function login($username, $password) + { + if ($username !== 'theusername' || $password !== 'thepassword') { + throw new \SimpleSAML\Error\Error('WRONGUSERPASS'); } + + return [ + 'uid' => ['theusername'], + 'displayName' => ['Some Random User'], + 'eduPersonAffiliation' => ['member', 'employee'], + ]; } +} +``` Some things to note: - - The classname is `\SimpleSAML\Module\mymodule\Auth\Source\MyAuth`. - This tells SimpleSAMLphp to look for the class in `modules/mymodule/lib/Auth/Source/MyAuth.php`. - - - Our authentication source subclasses `\SimpleSAML\Module\core\Auth\UserPassBase`. - This is a helper-class that implements much of the common code needed for username/password authentication. +- The classname is `\SimpleSAML\Module\mymodule\Auth\Source\MyAuth`. + This tells SimpleSAMLphp to look for the class in `modules/mymodule/lib/Auth/Source/MyAuth.php`. - - The `login` function receives the username and password the user enters. - It is expected to authenticate the user. - If the username or password is correct, it must return a set of attributes for the user. - Otherwise, it must throw the `\SimpleSAML\Error\Error('WRONGUSERPASS');` exception. +- Our authentication source subclasses `\SimpleSAML\Module\core\Auth\UserPassBase`. + This is a helper-class that implements much of the common code needed for username/password authentication. - - Attributes are returned as an associative array of `name => values` pairs. - All attributes can have multiple values, so the values are always stored in an array. +- The `login` function receives the username and password the user enters. + It is expected to authenticate the user. + If the username or password is correct, it must return a set of attributes for the user. + Otherwise, it must throw the `\SimpleSAML\Error\Error('WRONGUSERPASS');` exception. +- Attributes are returned as an associative array of `name => values` pairs. + All attributes can have multiple values, so the values are always stored in an array. Configuring our authentication source ------------------------------------- @@ -74,19 +80,24 @@ Before we can test our authentication source, we must add an entry for it in `co The entry looks like this: - 'myauthinstance' => [ - 'mymodule:MyAuth', - ], +```php +'myauthinstance' => [ + 'mymodule:MyAuth', +], +``` You can add it to the beginning of the list, so that the file looks something like this: - [ - 'mymodule:MyAuth', - ], - /* Other authentication sources follow. */ - ]; +```php + [ + 'mymodule:MyAuth', + ], + /* Other authentication sources follow. */ +]; +``` `myauthinstance` is the name of this instance of the authentication source. (You are allowed to have multiple instances of an authentication source with different configuration.) @@ -95,7 +106,6 @@ The instance name is used to refer to this authentication source in other config The first element of the configuration of the authentication source must be `'mymodule:MyAuth'`. This tells SimpleSAMLphp to look for the `\SimpleSAML\Module\mymodule\Auth\Source\MyAuth` class. - Testing our authentication source --------------------------------- @@ -110,7 +120,6 @@ You should then arrive on a page listing the attributes we return from the `logi Next, you should log out by following the log out link. - Using our authentication source in an IdP ----------------------------------------- @@ -118,22 +127,24 @@ To use our new authentication source in an IdP we just need to update the IdP co Open `metadata/saml20-idp-hosted.php`. In that file you should locate the `auth`-option for your IdP, and change it to `myauthinstance`: - 'myauthinstance', - /* ... */ - ]; + /* + * Authentication source to use. Must be one that is configured in + * 'config/authsources.php'. + */ + 'auth' => 'myauthinstance', + /* ... */ +]; +``` You can then test logging in to the IdP. If you have logged in previously, you may need to log out first. - Adding configuration to our authentication source ------------------------------------------------- @@ -142,71 +153,85 @@ We are now going to extend our authentication source to allow us to configure th First, we need to define the properties in the class that should hold our configuration: - private $username; - private $password; +```php +private $username; +private $password; +``` Next, we create a constructor for the class. The constructor is responsible for parsing the configuration and storing it in the properties. - public function __construct($info, $config) { +```php +public function __construct($info, $config) +{ + parent::__construct($info, $config); + + if (!is_string($config['username'])) { + throw new Exception('Missing or invalid username option in config.'); + } + $this->username = $config['username']; + + if (!is_string($config['password'])) { + throw new Exception('Missing or invalid password option in config.'); + } + $this->password = $config['password']; +} +``` + +We can then use the properties in the `login` function. +The complete class file should look like this: + +```php +username = $config['username']; + if (!is_string($config['password'])) { throw new Exception('Missing or invalid password option in config.'); } $this->password = $config['password']; } -We can then use the properties in the `login` function. -The complete class file should look like this: - - username = $config['username']; - if (!is_string($config['password'])) { - throw new Exception('Missing or invalid password option in config.'); - } - $this->password = $config['password']; - } - - protected function login($username, $password) { - if ($username !== $this->username || $password !== $this->password) { - throw new \SimpleSAML\Error\Error('WRONGUSERPASS'); - } - return [ - 'uid' => [$this->username], - 'displayName' => ['Some Random User'], - 'eduPersonAffiliation' => ['member', 'employee'], - ]; + protected function login($username, $password) + { + if ($username !== $this->username || $password !== $this->password) { + throw new \SimpleSAML\Error\Error('WRONGUSERPASS'); } + return [ + 'uid' => [$this->username], + 'displayName' => ['Some Random User'], + 'eduPersonAffiliation' => ['member', 'employee'], + ]; } +} +``` We can then update our entry in `config/authsources.php` with the configuration options: - 'myauthinstance' => [ - 'mymodule:MyAuth', - 'username' => 'theconfigusername', - 'password' => 'theconfigpassword', - ], +```php +'myauthinstance' => [ + 'mymodule:MyAuth', + 'username' => 'theconfigusername', + 'password' => 'theconfigpassword', +], +``` Next, you should go to the "Test configured authentication sources" page again, and test logging in. Note that we have updated the username & password to "theconfigusername" and "theconfigpassword". (You may need to log out first before you can log in again.) - A more complete example - custom database authentication -------------------------------------------------------- @@ -216,138 +241,152 @@ What follows is an example of an authentication source that fetches an user from This code assumes that the database contains a table that looks like this: - CREATE TABLE userdb ( - username VARCHAR(32) PRIMARY KEY NOT NULL, - password_hash VARCHAR(64) NOT NULL, - full_name TEXT NOT NULL); +```sql +CREATE TABLE userdb ( + username VARCHAR(32) PRIMARY KEY NOT NULL, + password_hash VARCHAR(64) NOT NULL, + full_name TEXT NOT NULL); +``` An example user (with password "secret"): - INSERT INTO userdb (username, password_hash, full_name) - VALUES('exampleuser', 'QwVYkvlrAMsXIgULyQ/pDDwDI3dF2aJD4XeVxg==', 'Example User'); +```sql +INSERT INTO userdb (username, password_hash, full_name) + VALUES('exampleuser', 'QwVYkvlrAMsXIgULyQ/pDDwDI3dF2aJD4XeVxg==', 'Example User'); +``` In this example, the `password_hash` contains a base64 encoded SSHA password. A SSHA password is created like this: - $password = 'secret'; - $numSalt = 8; /* Number of bytes with salt. */ - $salt = ''; - for ($i = 0; $i < $numSalt; $i++) { - $salt .= chr(mt_rand(0, 255)); - } - $digest = sha1($password . $salt, TRUE); - $password_hash = base64_encode($digest . $salt); +```php +$password = 'secret'; +$numSalt = 8; /* Number of bytes with salt. */ +$salt = ''; +for ($i = 0; $i < $numSalt; $i++) { + $salt .= chr(mt_rand(0, 255)); +} +$digest = sha1($password . $salt, true); +$password_hash = base64_encode($digest . $salt); +``` The class follows: - dsn = $config['dsn']; - if (!is_string($config['username'])) { - throw new Exception('Missing or invalid username option in config.'); - } - $this->username = $config['username']; - if (!is_string($config['password'])) { - throw new Exception('Missing or invalid password option in config.'); - } - $this->password = $config['password']; - if (isset($config['options']) { - if (!is_array($config['options'])) { - throw new Exception('Missing or invalid options option in config.'); - } - $this->options = $config['options']; - } + if (!is_string($config['dsn'])) { + throw new Exception('Missing or invalid dsn option in config.'); } + $this->dsn = $config['dsn']; - /** - * A helper function for validating a password hash. - * - * In this example we check a SSHA-password, where the database - * contains a base64 encoded byte string, where the first 20 bytes - * from the byte string is the SHA1 sum, and the remaining bytes is - * the salt. - */ - private function checkPassword($passwordHash, $password) { - $passwordHash = base64_decode($passwordHash); - $digest = substr($passwordHash, 0, 20); - $salt = substr($passwordHash, 20); - - $checkDigest = sha1($password . $salt, TRUE); - return $digest === $checkDigest; + if (!is_string($config['username'])) { + throw new Exception('Missing or invalid username option in config.'); } + $this->username = $config['username']; - protected function login($username, $password) { + if (!is_string($config['password'])) { + throw new Exception('Missing or invalid password option in config.'); + } + $this->password = $config['password']; - /* Connect to the database. */ - $db = new PDO($this->dsn, $this->username, $this->password, $this->options); - $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + if (isset($config['options']) { + if (!is_array($config['options'])) { + throw new Exception('Missing or invalid options option in config.'); + } + $this->options = $config['options']; + } + } - /* Ensure that we are operating with UTF-8 encoding. - * This command is for MySQL. Other databases may need different commands. - */ - $db->exec("SET NAMES 'utf8'"); + /** + * A helper function for validating a password hash. + * + * In this example we check a SSHA-password, where the database + * contains a base64 encoded byte string, where the first 20 bytes + * from the byte string is the SHA1 sum, and the remaining bytes is + * the salt. + */ + private function checkPassword($passwordHash, $password) + { + $passwordHash = base64_decode($passwordHash); + $digest = substr($passwordHash, 0, 20); + $salt = substr($passwordHash, 20); + + $checkDigest = sha1($password . $salt, true); + return $digest === $checkDigest; + } - /* With PDO we use prepared statements. This saves us from having to escape - * the username in the database query. - */ - $st = $db->prepare('SELECT username, password_hash, full_name FROM userdb WHERE username=:username'); + protected function login($username, $password) + { + /* Connect to the database. */ + $db = new PDO($this->dsn, $this->username, $this->password, $this->options); + $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - if (!$st->execute(['username' => $username])) { - throw new Exception('Failed to query database for user.'); - } + /* Ensure that we are operating with UTF-8 encoding. + * This command is for MySQL. Other databases may need different commands. + */ + $db->exec("SET NAMES 'utf8'"); - /* Retrieve the row from the database. */ - $row = $st->fetch(PDO::FETCH_ASSOC); - if (!$row) { - /* User not found. */ - SimpleSAML\Logger::warning('MyAuth: Could not find user ' . var_export($username, TRUE) . '.'); - throw new \SimpleSAML\Error\Error('WRONGUSERPASS'); - } + /* With PDO we use prepared statements. This saves us from having to escape + * the username in the database query. + */ + $st = $db->prepare('SELECT username, password_hash, full_name FROM userdb WHERE username=:username'); - /* Check the password. */ - if (!$this->checkPassword($row['password_hash'], $password)) { - /* Invalid password. */ - SimpleSAML\Logger::warning('MyAuth: Wrong password for user ' . var_export($username, TRUE) . '.'); - throw new \SimpleSAML\Error\Error('WRONGUSERPASS'); - } + if (!$st->execute(['username' => $username])) { + throw new Exception('Failed to query database for user.'); + } - /* Create the attribute array of the user. */ - $attributes = [ - 'uid' => [$username], - 'displayName' => [$row['full_name']], - 'eduPersonAffiliation' => ['member', 'employee'], - ]; + /* Retrieve the row from the database. */ + $row = $st->fetch(PDO::FETCH_ASSOC); + if (!$row) { + /* User not found. */ + SimpleSAML\Logger::warning('MyAuth: Could not find user ' . var_export($username, true) . '.'); + throw new \SimpleSAML\Error\Error('WRONGUSERPASS'); + } - /* Return the attributes. */ - return $attributes; + /* Check the password. */ + if (!$this->checkPassword($row['password_hash'], $password)) { + /* Invalid password. */ + SimpleSAML\Logger::warning('MyAuth: Wrong password for user ' . var_export($username, true) . '.'); + throw new \SimpleSAML\Error\Error('WRONGUSERPASS'); } + /* Create the attribute array of the user. */ + $attributes = [ + 'uid' => [$username], + 'displayName' => [$row['full_name']], + 'eduPersonAffiliation' => ['member', 'employee'], + ]; + + /* Return the attributes. */ + return $attributes; } +} +``` And configured in `config/authsources.php`: - 'myauthinstance' => [ - 'mymodule:MyAuth', - 'dsn' => 'mysql:host=sql.example.org;dbname=userdatabase', - 'username' => 'db_username', - 'password' => 'secret_db_password', - ], - +```php +'myauthinstance' => [ + 'mymodule:MyAuth', + 'dsn' => 'mysql:host=sql.example.org;dbname=userdatabase', + 'username' => 'db_username', + 'password' => 'secret_db_password', +], +``` diff --git a/docs/simplesamlphp-database.md b/docs/simplesamlphp-database.md index d92fab45d9..e72158faef 100644 --- a/docs/simplesamlphp-database.md +++ b/docs/simplesamlphp-database.md @@ -1,91 +1,101 @@ -SimpleSAML\Database -============================= - - - +# SimpleSAML\Database [TOC] -Purpose -------- +## Purpose + This document covers the SimpleSAML\Database class and is only relevant to anyone writing code for SimpleSAMLphp, including modules, that require a database connection. The Database class provides a single class that can be used to connect to a database which can be shared by anything within SimpleSAMLphp. -Getting Started ---------------- +## Getting Started + If you are just using the already configured database, which would normally be the case, all you need to do is get the global instance of the Database class. - $db = \SimpleSAML\Database::getInstance(); +```php +$db = \SimpleSAML\Database::getInstance(); +``` If there is a requirement to connect to an alternate database server (ex. authenticating users that exist on a different SQL server or database) you can specify an alternate configuration. - $config = new \SimpleSAML\Configuration($myconfigarray, "mymodule/lib/Auth/Source/myauth.php"); - $db = \SimpleSAML\Database::getInstance($config); +```php +$config = new \SimpleSAML\Configuration($myconfigarray, "mymodule/lib/Auth/Source/myauth.php"); +$db = \SimpleSAML\Database::getInstance($config); +``` That will create a new instance of the database, separate from the global instance, specific to the configuration defined in $myconfigarray. If you are going to specify an alternate config, your configuration array must contain the same keys that exist in the primary config (database.dsn, database.username, database.password, database.prefix, etc). -Database Prefix ---------------- +## Database Prefix + Administrators can add a prefix to all the table names that this database classes accesses and you should take that in account when querying. Assuming that a prefix has been configured as "sp_": - $table = $db->applyPrefix("saml20_idp_hosted"); +```php +$table = $db->applyPrefix("saml20_idp_hosted"); +``` $table would be set to "sp_saml20_idp_hosted" -Querying The Database ---------------------- +## Querying The Database + You can query the database through two public functions read() and write() which are fairly self-explanitory when it comes to determining which one to use when querying. ### Writing to The Database + Since the database class allows administrators to configure primary and secondary database servers, the write function will always use the primary database connection. The write function takes 2 parameters: SQL, params. - $table = $db->applyPrefix("test"); - $values = [ - 'id' => 20, - 'data' => 'Some data', - ]; - - $query = $db->write("INSERT INTO $table (id, data) VALUES (:id, :data)", $values); +```php +$table = $db->applyPrefix("test"); +$values = [ + 'id' => 20, + 'data' => 'Some data', +]; + +$query = $db->write("INSERT INTO $table (id, data) VALUES (:id, :data)", $values); +``` The values specified in the $values array will be bound to the placeholders and will be executed on the primary. By default, values are binded as PDO::PARAM_STR. If you need to override this, you can specify it in the values array. - $table = $db->applyPrefix("test"); - $values = [ - 'id' => [20, PDO::PARAM_INT], - 'data' => 'Some data', - ]; - - $query = $db->write("INSERT INTO $table (id, data) VALUES (:id, :data)", $values); +```php +$table = $db->applyPrefix("test"); +$values = [ + 'id' => [20, PDO::PARAM_INT], + 'data' => 'Some data', +]; + +$query = $db->write("INSERT INTO $table (id, data) VALUES (:id, :data)", $values); +``` You can also skip usage of prepared statements. You should **only** use this if you have a statement that has no user input (ex. CREATE TABLE). If the params variable is explicitly set to false, it will skip usage of prepared statements. This is only available when writing to the database. - $table = $db->applyPrefix("test"); - $query = $db->write("CREATE TABLE IF NOT EXISTS $table (id INT(16) NOT NULL, data TEXT NOT NULL)", false); +```php +$table = $db->applyPrefix("test"); +$query = $db->write("CREATE TABLE IF NOT EXISTS $table (id INT(16) NOT NULL, data TEXT NOT NULL)", false); +``` ### Reading The Database + Since the database class allows administrators to configure primary and secondary database servers, the read function will randomly select a secondary server to query. If no secondaries are configured, it will read from the primary. The read function takes 2 parameters: SQL, params. - $table = $db->applyPrefix("test"); - $values = [ - 'id' => 20, - ]; - - $query = $db->read("SELECT * FROM $table WHERE id = :id", $values); +```php +$table = $db->applyPrefix("test"); +$values = [ + 'id' => 20, +]; + +$query = $db->read("SELECT * FROM $table WHERE id = :id", $values); +``` The values specified in the $values array will be bound to the placeholders and will be executed on the selected secondary. By default, values are binded as PDO::PARAM_STR. If you need to override this, you can specify it in the values array. - $table = $db->applyPrefix("test"); - $values = [ - 'id' => [20, PDO::PARAM_INT], - ]; - - $query = $db->read("SELECT * FROM $table WHERE id = :id", $values); +```php +$table = $db->applyPrefix("test"); +$values = [ + 'id' => [20, PDO::PARAM_INT], +]; + +$query = $db->read("SELECT * FROM $table WHERE id = :id", $values); +``` diff --git a/docs/simplesamlphp-ecp-idp.md b/docs/simplesamlphp-ecp-idp.md index 54e291971a..e541c0056e 100644 --- a/docs/simplesamlphp-ecp-idp.md +++ b/docs/simplesamlphp-ecp-idp.md @@ -1,12 +1,11 @@ -Adding Enhanced Client or Proxy (ECP) Profile support to the IdP -=============================================================== +# Adding Enhanced Client or Proxy (ECP) Profile support to the IdP This document describes the necessary steps to enable support for the [SAML V2.0 Enhanced Client or Proxy Profile Version 2.0](http://docs.oasis-open.org/security/saml/Post2.0/saml-ecp/v2.0/cs01/saml-ecp-v2.0-cs01.pdf) on a simpleSAMLphp Identity Provider (IdP). The SAML V2.0 Enhanced Client or Proxy (ECP) profile is a SSO profile for use with HTTP, and clients with the capability to directly contact a principal's identity provider(s) without requiring discovery and redirection by the service provider, as in the case of a browser. It is particularly useful for desktop or server-side HTTP clients. -Limitations ------------ +## Limitations + * Authentication must be done via [HTTP Basic authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Basic_authentication_scheme). * Authentication must not require user interaction (e.g. auth filters that require user input). * Channel Bindings are unsupported. @@ -14,61 +13,57 @@ Limitations This feature has been tested to work with Microsoft Office 365, but other service providers may require features of the ECP profile that are currently unsupported! -Enabling ECP Profile on the IdP ------------------------------------ +## Enabling ECP Profile on the IdP To enable the IdP to send ECP assertions you must add the `saml20.ecp` option to the `saml20-idp-hosted` metadata file: - $metadata['https://example.org/saml-idp'] = [ - [....] - 'auth' => 'example-userpass', - 'saml20.ecp' => true, - ]; +```php +$metadata['https://example.org/saml-idp'] = [ + [....] + 'auth' => 'example-userpass', + 'saml20.ecp' => true, +]; +``` Note: authentication filters that require interaction with the user will not work with ECP. -Add new metadata to SPs ------------------------ +## Add new metadata to SPs After enabling the ECP Profile your IdP metadata will change. An additional ECP `SingleSignOnService` endpoint is added. You therefore need to update the metadata for your IdP at your SPs. The `saml20-idp-remote` metadata for simpleSAMLphp SPs should contain something like the following code: - 'SingleSignOnService' => - array ( - 0 => - array ( - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', - 'Location' => 'https://idp.example.org/simplesaml/saml2/idp/SSOService.php', - ), - 1 => - array ( - 'index' => 0, - 'Location' => 'https://didp.example.org/simplesaml/saml2/idp/SSOService.php', - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', - ), - ), +```php +'SingleSignOnService' => [ + 0 => [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + 'Location' => 'https://idp.example.org/simplesaml/saml2/idp/SSOService.php', + ], + 1 => [ + 'index' => 0, + 'Location' => 'https://didp.example.org/simplesaml/saml2/idp/SSOService.php', + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', + ], +], +``` -SP metadata on the IdP ----------------------- +## SP metadata on the IdP A SP using the ECP Profile must have an `AssertionConsumerService` endpoint supporting that profile. This means that you have to use the complex endpoint format in `saml20-sp-remote` metadata. In general, this should look like the following code: - 'AssertionConsumerService' => - array ( - 0 => - array ( - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', - 'Location' => 'https://sp.example.org/Shibboleth.sso/SAML2/POST', - 'index' => 1, - ), - 1 => - array ( - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:PAOS', - 'Location' => 'https://sp.example.org/ECP', - 'index' => 2, - ), - ), - +```php +'AssertionConsumerService' => [ + 0 => [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + 'Location' => 'https://sp.example.org/Shibboleth.sso/SAML2/POST', + 'index' => 1, + ], + 1 => [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:PAOS', + 'Location' => 'https://sp.example.org/ECP', + 'index' => 2, + ], +], +``` diff --git a/docs/simplesamlphp-errorhandling.md b/docs/simplesamlphp-errorhandling.md index 2631b69ed6..b3a4c32f91 100644 --- a/docs/simplesamlphp-errorhandling.md +++ b/docs/simplesamlphp-errorhandling.md @@ -1,5 +1,4 @@ -Exception and error handling in SimpleSAMLphp -============================================= +# Exception and error handling in SimpleSAMLphp [TOC] @@ -10,35 +9,39 @@ This means that internal SimpleSAMLphp exceptions must be mapped to transport sp E.g.: When a `\SAML2\Exception\Protocol\NoPassiveException` error is thrown by an authentication processing filter in a SAML 2.0 IdP, we want to map that exception to the `urn:oasis:names:tc:SAML:2.0:status:NoPassive` status code. That status code should then be returned to the SP. - -Throwing exceptions -------------------- +## Throwing exceptions How you throw an exception depends on where you want to throw it from. The simplest case is if you want to throw it during the `authenticate()`-method in an authentication module or during the `process()`-method in a processing filter. In those methods, you can just throw an exception: - public function process(array &$state): void - { - if ($state['something'] === false) { - throw new \SimpleSAML\Error\Exception('Something is wrong...'); - } +```php +public function process(array &$state): void +{ + if ($state['something'] === false) { + throw new \SimpleSAML\Error\Exception('Something is wrong...'); } +} +``` Exceptions thrown at this stage will be caught and delivered to the appropriate error handler. If you want to throw an exception outside of those methods, i.e. after you have done a redirect, you need to use the `\SimpleSAML\Auth\State::throwException()` function: - \SimpleSAML\Utils\HTTP::getSelfURLNoQuery(), - \SimpleSAML\Auth\State::EXCEPTION_HANDLER_URL => \SimpleSAML\Utils\HTTP::getSelfURLNoQuery(), - [...], - ] +$procChain = [...]; - try { - $procChain->processState($state); - } catch (\SimpleSAML\Error\Exception $e) { - /* Handle exception. */ - [...]; - } +$state = [ + 'ReturnURL' => \SimpleSAML\Utils\HTTP::getSelfURLNoQuery(), + \SimpleSAML\Auth\State::EXCEPTION_HANDLER_URL => \SimpleSAML\Utils\HTTP::getSelfURLNoQuery(), + [...], +] +try { + $procChain->processState($state); +} catch (\SimpleSAML\Error\Exception $e) { + /* Handle exception. */ + [...]; +} #### Note @@ -207,19 +197,18 @@ An exception which isn't a subclass of `\SimpleSAML\Error\Exception` will be con This happens regardless of whether the exception is delivered directly or through the error handler. This is done to be consistent in what the application receives - now it will always receive the same exception, regardless of whether it is delivered directly or through a redirect. - -Custom error show function --------------------------- +## Custom error show function Optional custom error show function, called from \SimpleSAML\Error\Error::show, is defined with 'errors.show_function' in config.php. Example code for this function, which implements the same functionality as \SimpleSAML\Error\Error::show, looks something like: - public static function show(\SimpleSAML\Configuration $config, array $data) - { - $t = new \SimpleSAML\XHTML\Template($config, 'error.twig', 'errors'); - $t->data = array_merge($t->data, $data); - $t->send(); - exit; - } - +```php +public static function show(\SimpleSAML\Configuration $config, array $data) +{ + $t = new \SimpleSAML\XHTML\Template($config, 'error.twig', 'errors'); + $t->data = array_merge($t->data, $data); + $t->send(); + exit; +} +``` diff --git a/docs/simplesamlphp-googleapps.md b/docs/simplesamlphp-googleapps.md index b267e9db0c..fcff46b9ac 100644 --- a/docs/simplesamlphp-googleapps.md +++ b/docs/simplesamlphp-googleapps.md @@ -1,16 +1,13 @@ -Setting up a SimpleSAMLphp SAML 2.0 IdP to use with Google Workspace (G Suite / Google Apps) for Education -============================================ +# Setting up a SimpleSAMLphp SAML 2.0 IdP to use with Google Workspace (G Suite / Google Apps) for Education [TOC] -SimpleSAMLphp news and documentation ------------------------------------- +## SimpleSAMLphp news and documentation This document is part of the SimpleSAMLphp documentation suite. - * [List of all SimpleSAMLphp documentation](https://simplesamlphp.org/docs) - * [SimpleSAMLphp homepage](https://simplesamlphp.org) - +* [List of all SimpleSAMLphp documentation](https://simplesamlphp.org/docs) +* [SimpleSAMLphp homepage](https://simplesamlphp.org) ## Introduction @@ -20,44 +17,46 @@ This article assumes that you have already read the SimpleSAMLphp installation m a version of SimpleSAMLphp at your server. In this example we will setup this server as an IdP for Google Workspace: - dev2.andreas.feide.no +dev2.andreas.feide.no ## Enabling the Identity Provider functionality Edit `config.php`, and enable the SAML 2.0 IdP: - 'enable.saml20-idp' => true, +```php +'enable.saml20-idp' => true, +``` ## Setting up a signing certificate You must generate a certificate for your IdP. Here is an example of an openssl command to generate a new key and a self signed certificate to use for signing SAML messages: - openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out googleworkspaceidp.crt -keyout googleworkspaceidp.pem +```bash +openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out googleworkspaceidp.crt -keyout googleworkspaceidp.pem +``` The certificate above will be valid for 10 years. Here is an example of typical user input when creating a certificate request: - Country Name (2 letter code) [AU]:NO - State or Province Name (full name) [Some-State]:Trondheim - Locality Name (eg, city) []:Trondheim - Organization Name (eg, company) [Internet Widgits Pty Ltd]:UNINETT - Organizational Unit Name (eg, section) []: - Common Name (eg, YOUR name) []:dev2.andreas.feide.no - Email Address []: - - Please enter the following 'extra' attributes - to be sent with your certificate request - A challenge password []: - An optional company name []: +Country Name (2 letter code) [AU]:NO +State or Province Name (full name) [Some-State]:Trondheim +Locality Name (eg, city) []:Trondheim +Organization Name (eg, company) [Internet Widgits Pty Ltd]:UNINETT +Organizational Unit Name (eg, section) []: +Common Name (eg, YOUR name) []:dev2.andreas.feide.no +Email Address []: -**Note**: SimpleSAMLphp will only work with RSA and not DSA certificates. +Please enter the following 'extra' attributes +to be sent with your certificate request +A challenge password []: +An optional company name []: +**Note**: SimpleSAMLphp will only work with RSA and not DSA certificates. -Authentication source ---------------------- +## Authentication source The next step is to configure the way users authenticate on your IdP. Various modules in the `modules/` directory provides methods for authenticating your users. This is an overview of those that are included in the SimpleSAMLphp distribution: @@ -72,52 +71,48 @@ The next step is to configure the way users authenticate on your IdP. Various mo For more authentication modules, see [SimpleSAMLphp Identity Provider QuickStart](simplesamlphp-idp). - In this guide, we will use the `exampleauth:UserPass` authentication module. This module does not have any dependencies, and is therefore simple to set up. After you have successfully tested that everything is working with the simple `exampleauth:UserPass`, you are encouraged to setup SimpleSAMLphp IdP towards your user storage, such as an LDAP directory. (Use the links on the authentication sources above to read more about these setups. `ldap:LDAP` is the most common authentication source.) - -Configuring the authentication source -------------------------------------- +## Configuring the authentication source The `exampleauth:UserPass` authentication module is part of the `exampleauth` module. This module isn't enabled by default, so you will have to enable it. In `config.php`, search for the `module.enable` key and set `exampleauth` to true: -``` - 'module.enable' => [ - 'exampleauth' => true, - … - ], +```php +'module.enable' => [ + 'exampleauth' => true, + … +], ``` The next step is to create an authentication source with this module. An authentication source is an authentication module with a specific configuration. Each authentication source has a name, which is used to refer to this specific configuration in the IdP configuration. Configuration for authentication sources can be found in `config/authsources.php`. In this example we will use `example-userpass`, and hence that section is what matters and will be used. - [ - 'exampleauth:UserPass', - 'student:studentpass' => [ - 'uid' => ['student'], - ], - 'employee:employeepass' => [ - 'uid' => ['employee'], - ], - ], - ]; - ?> - -This configuration creates two users - `student` and `employee`, with the passwords `studentpass` and `employeepass`. The username and password are stored in the array index `student:studentpass` for the `student`-user. The attributes (only `uid` in this example) will be returned by the IdP when the user logs on. +```php + [ + 'exampleauth:UserPass', + 'student:studentpass' => [ + 'uid' => ['student'], + ], + 'employee:employeepass' => [ + 'uid' => ['employee'], + ], + ], +]; +``` +This configuration creates two users - `student` and `employee`, with the passwords `studentpass` and `employeepass`. The username and password are stored in the array index `student:studentpass` for the `student`-user. The attributes (only `uid` in this example) will be returned by the IdP when the user logs on. ## Configuring metadata for an SAML 2.0 IdP If you want to setup a SAML 2.0 IdP for Google Workspace, you need to configure two metadata files: `saml20-idp-hosted.php` and `saml20-sp-remote.php`. - ### Configuring SAML 2.0 IdP Hosted metadata This is the configuration of the IdP itself. Here is some example config: @@ -125,7 +120,6 @@ This is the configuration of the IdP itself. Here is some example config: ```php // The SAML entity ID is the index of this config. $metadata['https://example.org/saml-idp'] => [ - // The hostname of the server (VHOST) that this SAML entity will use. 'host' => '__DEFAULT__', @@ -137,31 +131,32 @@ $metadata['https://example.org/saml-idp'] => [ ] ``` -**Note**: You can only have one entry in the file with host equal to `__DEFAULT__`, therefore you should replace the existing entry with this one, instead of adding this entry as a new entry in the file. - +**Note**: You can only have one entry in the file with host equal to `__DEFAULT__`, therefore you should replace the existing entry with this one, instead of adding this entry as a new entry in the file. ### Configuring SAML 2.0 SP Remote metadata In the `saml20-sp-remote.php` file we will configure an entry for Google Workspace for Education. There is already an entry for Google Workspace in the template, but we will change the domain name: - /* - * This example shows an example config that works with Google Workspace (G Suite / Google Apps) for education. - * What is important is that you have an attribute in your IdP that maps to the local part of the email address - * at Google Workspace. E.g. if your google account is foo.com, and you have a user with email john@foo.com, then you - * must properly configure the saml:AttributeNameID authproc-filter with the name of an attribute that for this user has the value of 'john'. - */ - $metadata['https://www.google.com/a/g.feide.no'] => [ - 'AssertionConsumerService' => 'https://www.google.com/a/g.feide.no/acs', - 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', - 'simplesaml.attributes' => false, - 'authproc' => [ - 1 => [ - 'saml:AttributeNameID', - 'attribute' => 'uid', - 'format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', - ], +```php +/* + * This example shows an example config that works with Google Workspace (G Suite / Google Apps) for education. + * What is important is that you have an attribute in your IdP that maps to the local part of the email address + * at Google Workspace. E.g. if your google account is foo.com, and you have a user with email john@foo.com, then you + * must properly configure the saml:AttributeNameID authproc-filter with the name of an attribute that for this user has the value of 'john'. + */ +$metadata['https://www.google.com/a/g.feide.no'] => [ + 'AssertionConsumerService' => 'https://www.google.com/a/g.feide.no/acs', + 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', + 'simplesaml.attributes' => false, + 'authproc' => [ + 1 => [ + 'saml:AttributeNameID', + 'attribute' => 'uid', + 'format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', ], - ]; + ], +]; +``` You must also map some attributes received from the authentication module into email field sent to Google Workspace. In this example, the `uid` attribute is set. When you later configure the IdP to connect to a LDAP directory or some other authentication source, make sure that the `uid` attribute is set properly, or you can configure another attribute to use here. The `uid` attribute contains the local part of the user name. @@ -177,18 +172,18 @@ For an explanation of the parameters, see the Start by logging in to our Google Workspace for education account panel. Then select "Advanced tools": -**Figure 1. We go to advanced tools** +Figure 1. **We go to advanced tools** ![We go to advanced tools](resources/simplesamlphp-googleapps/googleapps-menu.png) Then select "Set up single sign-on (SSO)": -**Figure 2. We go to setup SSO** +Figure 2. **We go to setup SSO** ![We go to setup SSO](resources/simplesamlphp-googleapps/googleapps-sso.png) Upload a certificate, such as the googleworkspaceidp.crt created above: -**Figure 3. Uploading certificate** +Figure 3. **Uploading certificate** ![Uploading certificate](resources/simplesamlphp-googleapps/googleapps-cert.png) Fill out the remaining fields: @@ -201,13 +196,13 @@ You will find in the metadata the XML tag `` which contains the right URL to input in the field, it will look something like this: - https://dev2.andreas.feide.no/simplesaml/saml2/idp/SSOService.php +`https://dev2.andreas.feide.no/simplesaml/saml2/idp/SSOService.php` You must also configure the IdP initiated Single LogOut endpoint of your server. You will find this in your metadata XML in the tag ``. It will look something like: - http://dev2.andreas.feide.no/simplesaml/saml2/idp/SingleLogoutService.php +`http://dev2.andreas.feide.no/simplesaml/saml2/idp/SingleLogoutService.php` again, using the host name of your IdP server. @@ -217,7 +212,7 @@ The network mask determines which IP addresses will be asked for SSO login. IP addresses not matching this mask will be presented with the normal Google Workspace login page. It is normally best to leave this field empty to enable authentication for all URLs. -**Figure 4. Fill out the remaining fields** +Figure 4. **Fill out the remaining fields** ![Fill out the remaining fields](resources/simplesamlphp-googleapps/googleapps-ssoconfig.png) @@ -229,7 +224,7 @@ Before we can test login, a new user must be defined in Google Workspace. This u Go to the URL of your mail account for this domain, the URL is similar to the following: - http://mail.google.com/a/yourgoogleappsdomain.com +`http://mail.google.com/a/yourgoogleappsdomain.com` replacing the last part with your own Google Workspace domain name. @@ -237,12 +232,10 @@ replacing the last part with your own Google Workspace domain name. Make sure that your IdP server runs HTTPS (TLS). The Apache documentation contains information for how to configure HTTPS. -Support -------- +## Support If you need help to make this work, or want to discuss SimpleSAMLphp with other users of the software, you are fortunate: Around SimpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own. -- [SimpleSAMLphp homepage](https://simplesamlphp.org) -- [List of all available SimpleSAMLphp documentation](https://simplesamlphp.org/docs/) -- [Join the SimpleSAMLphp user's mailing list](https://simplesamlphp.org/lists) - +* [SimpleSAMLphp homepage](https://simplesamlphp.org) +* [List of all available SimpleSAMLphp documentation](https://simplesamlphp.org/docs/) +* [Join the SimpleSAMLphp user's mailing list](https://simplesamlphp.org/lists) diff --git a/docs/simplesamlphp-hok-idp.md b/docs/simplesamlphp-hok-idp.md index ae05518840..1b4908bdca 100644 --- a/docs/simplesamlphp-hok-idp.md +++ b/docs/simplesamlphp-hok-idp.md @@ -1,5 +1,4 @@ -Adding Holder-of-Key Web Browser SSO Profile support to the IdP -=============================================================== +# Adding Holder-of-Key Web Browser SSO Profile support to the IdP This document describes the necessary steps to enable support for the [SAML V2.0 Holder-of-Key (HoK) Web Browser SSO Profile](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-holder-of-key-browser-sso.pdf) on a SimpleSAMLphp Identity Provider (IdP). @@ -10,68 +9,72 @@ while preserving maximum compatibility with existing deployments on client and s When using this profile the communication between the user and the IdP is required to be protected by the TLS protocol. Additionally, the user needs a TLS client certificate. This certificate is usually selfsigned and stored in the certificate store of the browser or the underlying operating system. -Configuring Apache ------------------- +## Configuring Apache The IdP requests a client certificate from the user agent during the TLS handshake. This behaviour is enabled with the following Apache webserver configuration: - SSLEngine on - SSLCertificateFile /etc/openssl/certs/server.crt - SSLCertificateKeyFile /etc/openssl/private/server.key - SSLVerifyClient optional_no_ca - SSLOptions +ExportCertData +```apacheconf +SSLEngine on +SSLCertificateFile /etc/openssl/certs/server.crt +SSLCertificateKeyFile /etc/openssl/private/server.key +SSLVerifyClient optional_no_ca +SSLOptions +ExportCertData +``` If the user agent can successfully prove possession of the private key associated to the public key from the certificate, the received certificate is stored in the environment variable `SSL_CLIENT_CERT` of the webserver. The IdP embeds the client certificate into the created HoK assertion. -Enabling HoK SSO Profile on the IdP ------------------------------------ +## Enabling HoK SSO Profile on the IdP To enable the IdP to send HoK assertions you must add the `saml20.hok.assertion` option to the `saml20-idp-hosted` metadata file: - $metadata['https://example.org/saml-idp'] = [ - [....] - 'auth' => 'example-userpass', - 'saml20.hok.assertion' => TRUE, - ]; +```php +$metadata['https://example.org/saml-idp'] = [ + [....] + 'auth' => 'example-userpass', + 'saml20.hok.assertion' => true, +]; +``` -Add new metadata to SPs ------------------------ +## Add new metadata to SPs After enabling the Holder-of-Key Web Browser SSO Profile your IdP metadata will change. An additional HoK `SingleSignOnService` endpoint is added. You therefore need to update the metadata for your IdP at your SPs. The `saml20-idp-remote` metadata for SimpleSAMLphp SPs should contain something like the following code: - 'SingleSignOnService' => array ( - array ( - 'hoksso:ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser', - 'Location' => 'https://idp.example.org/simplesaml/saml2/idp/SSOService.php', - ), - array ( - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', - 'Location' => 'https://idp.example.org/simplesaml/saml2/idp/SSOService.php', - ), - ), - -SP metadata on the IdP ----------------------- +```php +'SingleSignOnService' => [ + [ + 'hoksso:ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser', + 'Location' => 'https://idp.example.org/simplesaml/saml2/idp/SSOService.php', + ], + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + 'Location' => 'https://idp.example.org/simplesaml/saml2/idp/SSOService.php', + ], +], +``` + +## SP metadata on the IdP A SP using the HoK Web Browser SSO Profile must have an `AssertionConsumerService` endpoint supporting that profile. This means that you have to use the complex endpoint format in `saml20-sp-remote` metadata. In general, this should look like the following code: - 'AssertionConsumerService' => array ( - [ - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', - 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', - 'index' => 0, - ], - [ - 'Binding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser', - 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', - 'index' => 4, - ], - ), +```php +'AssertionConsumerService' => [ + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', + 'index' => 0, + ], + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser', + 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', + 'index' => 4, + ], +], +``` (The specific values of the various fields will vary depending on the SP.) diff --git a/docs/simplesamlphp-idp-more.md b/docs/simplesamlphp-idp-more.md index eabaf95d58..38f05e387b 100644 --- a/docs/simplesamlphp-idp-more.md +++ b/docs/simplesamlphp-idp-more.md @@ -8,15 +8,15 @@ AJAX iFrame Single Log-Out If you have read about the AJAX iFrame Single Log-Out approach at Andreas' blog and want to enable it, edit your saml20-idp-hosted.php metadata, and add this configuration line for the IdP: - 'logouttype' => 'iframe', - +```php +'logouttype' => 'iframe', +``` Attribute Release Consent ------------------------- The attribute release consent is documented in a [separate document](/docs/contrib_modules/consent/consent.html). - Support for bookmarking the login page -------------------------------------- @@ -24,11 +24,10 @@ Most SAML software crash fatally when users bookmark the login page and return l SimpleSAMLphp has implemented a graceful fallback to tackle this situation. When SimpleSAMLphp is not able to lookup a session during the login process, it falls back to the *IdP-first flow*, described in the next section, where the reference to the request is not needed. -What happens in the IdP-first flow is that a *SAML unsolicited response* is sent directly to the SP. An *unsolicited response* is a SAML Response with no reference to a SAML Request (no `InReplyTo` field). +What happens in the IdP-first flow is that a *SAML unsolicited response* is sent directly to the SP. An *unsolicited response* is a SAML Response with no reference to a SAML Request (no `InReplyTo` field). When a SimpleSAMLphp IdP falls back to IdP-first flow, the `RelayState` parameter sent by the SP in the SAML request is also lost. The RelayState information contain a reference key for the SP to lookup where to send the user after successful authentication. The SimpleSAMLphp Service Provider supports configuring a static URL to redirect the user after a unsolicited response is received. See more information about the `RelayState` parameter in the next section: *IdP-first flow*. - IdP-first flow -------------- @@ -36,11 +35,11 @@ If you do not want to start the SSO flow at the SP, you may use the IdP-first se Here is an example of such a URL: - https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=urn:mace:feide.no:someservice +`https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=urn:mace:feide.no:someservice` You can also add a `RelayState` parameter to the IdP-first URL: - https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=urn:mace:feide.no:someservice&RelayState=https://sp.example.org/somepage +`https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=urn:mace:feide.no:someservice&RelayState=https://sp.example.org/somepage` The `RelayState` parameter is often used to carry the URL the SP should redirect to after authentication. It is also possible to specify the Assertion Consumer URL with the `ConsumerURL` parameter. @@ -49,12 +48,11 @@ For compatibility with certain SPs, SimpleSAMLphp will also accept the `providerId`, `target` and `shire` parameters as aliases for `spentityid`, `RelayState` and `ConsumerURL`, respectively. - IdP-initiated logout -------------------- IdP-initiated logout can be initiated by visiting the URL: - https://idp.example.org/simplesaml/saml2/idp/SingleLogoutService.php?ReturnTo= +`https://idp.example.org/simplesaml/saml2/idp/SingleLogoutService.php?ReturnTo=` It will send a logout request to each SP, and afterwards return the user to the URL specified in the `ReturnTo` parameter. Bear in mind that IdPs might disallow redirecting to URLs other than those of their own for security reasons, so in order to get the redirection to work, it might be necessary to ask the IdP to whitelist the URL we are planning to redirect to. diff --git a/docs/simplesamlphp-idp.md b/docs/simplesamlphp-idp.md index 97cdb5318d..0a26891e11 100644 --- a/docs/simplesamlphp-idp.md +++ b/docs/simplesamlphp-idp.md @@ -1,21 +1,18 @@ -SimpleSAMLphp Identity Provider QuickStart -=========================================== +# SimpleSAMLphp Identity Provider QuickStart [TOC] This guide will describe how to configure SimpleSAMLphp as an identity provider (IdP). You should previously have installed SimpleSAMLphp as described in [the SimpleSAMLphp installation instructions](simplesamlphp-install) - -Enabling the Identity Provider functionality --------------------------------------------- +## Enabling the Identity Provider functionality The first that must be done is to enable the identity provider functionality. This is done by editing `config/config.php`. The option `enable.saml20-idp` controls whether SAML 2.0 IdP support is enabled. Enable it by assigning `true` to them: - 'enable.saml20-idp' => true, - +```php +'enable.saml20-idp' => true, +``` -Authentication module ---------------------- +## Authentication module The next step is to configure the way users authenticate on your IdP. Various modules in the `modules/` directory provides methods for authenticating your users. This is an overview of those that are included in the SimpleSAMLphp distribution: @@ -64,155 +61,152 @@ The next step is to configure the way users authenticate on your IdP. Various mo In this guide, we will use the `exampleauth:UserPass` authentication module. This module does not have any dependencies, and is therefore simple to set up. - -Configuring the authentication module -------------------------------------- +## Configuring the authentication module The `exampleauth:UserPass` authentication module is part of the `exampleauth` module. This module isn't enabled by default, so you will have to enable it. In `config.php`, search for the `module.enable` key and set `exampleauth` to true: -``` - 'module.enable' => [ - 'exampleauth' => true, - … - ], +```php +'module.enable' => [ + 'exampleauth' => true, + … +], ``` The next step is to create an authentication source with this module. An authentication source is an authentication module with a specific configuration. Each authentication source has a name, which is used to refer to this specific configuration in the IdP configuration. Configuration for authentication sources can be found in `config/authsources.php`. In this setup, this file should contain a single entry: - [ - 'exampleauth:UserPass', - 'student:studentpass' => [ - 'uid' => ['student'], - 'eduPersonAffiliation' => ['member', 'student'], - ], - 'employee:employeepass' => [ - 'uid' => ['employee'], - 'eduPersonAffiliation' => ['member', 'employee'], - ], - ], - ]; +```php + [ + 'exampleauth:UserPass', + 'student:studentpass' => [ + 'uid' => ['student'], + 'eduPersonAffiliation' => ['member', 'student'], + ], + 'employee:employeepass' => [ + 'uid' => ['employee'], + 'eduPersonAffiliation' => ['member', 'employee'], + ], + ], +]; +``` This configuration creates two users - `student` and `employee`, with the passwords `studentpass` and `employeepass`. The username and password are stored in the array index (`student:studentpass` for the `student`-user). The attributes for each user are configured in the array referenced by the index. So for the student user, these are: - [ - 'uid' => ['student'], - 'eduPersonAffiliation' => ['member', 'student'], - ], +```php +[ + 'uid' => ['student'], + 'eduPersonAffiliation' => ['member', 'student'], +], +``` The attributes will be returned by the IdP when the user logs on. - -Creating a self signed certificate ----------------------------------- +## Creating a self signed certificate The IdP needs a certificate to sign its SAML assertions with. Here is an example of an `openssl`-command which can be used to generate a new private key key and the corresponding self-signed certificate. The private key and certificate go into the directory defined in the certdir setting (defaults to `cert/`) This key and certificate can be used to sign SAML messages: - openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem +```bash +openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem +``` The certificate above will be valid for 10 years. - -### Note ### +`Note`: SimpleSAMLphp will only work with RSA certificates. DSA certificates are not supported. - -Configuring the IdP -------------------- +## Configuring the IdP The SAML 2.0 IdP is configured by the metadata stored in `metadata/saml20-idp-hosted.php`. This is a minimal configuration: - '__DEFAULT__', - - /* - * The private key and certificate to use when signing responses. - * These can be stored as files in the cert-directory or retrieved - * from a database. - */ - 'privatekey' => 'example.org.pem', - 'certificate' => 'example.org.crt', - - /* - * The authentication source which should be used to authenticate the - * user. This must match one of the entries in config/authsources.php. - */ - 'auth' => 'example-userpass', - ]; +```php + '__DEFAULT__', + + /* + * The private key and certificate to use when signing responses. + * These can be stored as files in the cert-directory or retrieved + * from a database. + */ + 'privatekey' => 'example.org.pem', + 'certificate' => 'example.org.crt', + + /* + * The authentication source which should be used to authenticate the + * user. This must match one of the entries in config/authsources.php. + */ + 'auth' => 'example-userpass', +]; +``` For more information about available options in the idp-hosted metadata files, see the [IdP hosted reference](simplesamlphp-reference-idp-hosted). - -Using the `uri` NameFormat on attributes ----------------------------------------- +## Using the `uri` NameFormat on attributes The [interoperable SAML 2 profile](https://kantarainitiative.github.io/SAMLprofiles/saml2int.html) specifies that attributes should be delivered using the `urn:oasis:names:tc:SAML:2.0:attrname-format:uri` NameFormat. We therefore recommended enabling this in new installations. This can be done by adding the following to the saml20-idp-hosted configuration: - 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', - 'authproc' => [ - // Convert LDAP names to oids. - 100 => ['class' => 'core:AttributeMap', 'name2oid'], - ], - +```php +'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', +'authproc' => [ + // Convert LDAP names to oids. + 100 => ['class' => 'core:AttributeMap', 'name2oid'], +], +``` -Adding SPs to the IdP ---------------------- +## Adding SPs to the IdP The identity provider you are configuring needs to know about the service providers you are going to connect to it. This is configured by metadata stored in `metadata/saml20-sp-remote.php`. This is a minimal example of a `metadata/saml20-sp-remote.php` metadata file for a SimpleSAMLphp SP: - 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', - 'SingleLogoutService' => 'https://sp.example.org/simplesaml/module.php/saml/sp/singleLogoutService/default-sp', - ]; +```php + 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp', + 'SingleLogoutService' => 'https://sp.example.org/simplesaml/module.php/saml/sp/singleLogoutService/default-sp', +]; +``` Note that the URI in the entityID and the URLs to the AssertionConsumerService and SingleLogoutService endpoints change between different service providers. If you have the metadata of the remote SP as an XML file, you can use the built-in XML to SimpleSAMLphp metadata converter, which by default is available as `/admin/metadata-converter.php` in your SimpleSAMLphp installation. For more information about available options in the sp-remote metadata files, see the [SP remote reference](simplesamlphp-reference-sp-remote). - -Adding this IdP to other SPs ----------------------------- +## Adding this IdP to other SPs The method for adding this IdP to a SP varies between different types of SPs. In general, most SPs need some metadata from the IdP. This should be available from `/saml2/idp/metadata.php`. - -Testing the IdP ---------------- +## Testing the IdP The simplest way to test the IdP is to configure a SimpleSAMLphp SP on the same machine. See the instructions for [configuring SimpleSAMLphp as an SP](simplesamlphp-sp). - -### Note ### +`Note`: When running a SimpleSAMLphp IdP and a SimpleSAMLphp SP on the same computer, the SP and IdP **MUST** be configured with different hostnames. This prevents cookies from the SP to interfere with cookies from the IdP. - -Support -------- +## Support If you need help to make this work, or want to discuss SimpleSAMLphp with other users of the software, you are fortunate: Around SimpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own. @@ -220,27 +214,26 @@ If you need help to make this work, or want to discuss SimpleSAMLphp with other - [List of all available SimpleSAMLphp documentation](https://simplesamlphp.org/docs/) - [Join the SimpleSAMLphp user's mailing list](https://simplesamlphp.org/lists) - - -A. IdP-first setup ------------------- +## IdP-first setup If you do not want to start the SSO flow at the SP, you may use the IdP-first setup. To do this, redirect the user to the SSOService endpoint on the IdP with one parameter `spentityid` that match the SP EntityId that the user should be logged into. Here is an example of such a URL: - https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=sp.example.org +`https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=sp.example.org` If the SP is a SimpleSAMLphp SP, you must also specify a `RelayState` parameter for the SP. This must be set to a URL the user should be redirected to after authentication. The `RelayState` parameter can be specified in the [SP configuration](./saml:sp), or it can be sent from the IdP. To send the RelayState parameter from a SimpleSAMLphp IdP, specify it in the query string to SSOService.php: - https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=sp.example.org&RelayState=https://sp.example.org/welcome.php +`https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=sp.example.org&RelayState=https://sp.example.org/welcome.php` To set it in the SP configuration, add it to `authsources.php`: - 'default-sp' => [ - 'saml:SP', - 'RelayState' => 'https://sp.example.org/welcome.php', - ], +```php +'default-sp' => [ + 'saml:SP', + 'RelayState' => 'https://sp.example.org/welcome.php', +], +``` diff --git a/docs/simplesamlphp-install-repo.md b/docs/simplesamlphp-install-repo.md index 8c4548b6ba..904fe91e15 100644 --- a/docs/simplesamlphp-install-repo.md +++ b/docs/simplesamlphp-install-repo.md @@ -6,52 +6,66 @@ These are some notes about running SimpleSAMLphp from the repository. Prerequisites ------------- - * NodeJS version >= 10.0. - +* NodeJS version >= 10.0. Installing from git ------------------- Go to the directory where you want to install SimpleSAMLphp: - cd /var +```bash +cd /var +``` Then do a git clone: - git clone git@github.com:simplesamlphp/simplesamlphp.git simplesamlphp +```bash +git clone git@github.com:simplesamlphp/simplesamlphp.git simplesamlphp +``` Initialize configuration and metadata: - cd /var/simplesamlphp - cp -r config-templates/* config/ - cp -r metadata-templates/* metadata/ +```bash +cd /var/simplesamlphp +cp -r config-templates/* config/ +cp -r metadata-templates/* metadata/ +``` Install the external dependencies with Composer (you can refer to [getcomposer.org](https://getcomposer.org/) to get detailed instructions on how to install Composer itself) and npm: - php composer.phar install - npm install +```bash +php composer.phar install +npm install +``` Build the assets: - npm run build - +```bash +npm run build +``` Upgrading --------- Go to the root directory of your SimpleSAMLphp installation: - cd /var/simplesamlphp +```bash +cd /var/simplesamlphp +``` Ask git to update to the latest version: - git fetch origin - git pull origin master +```bash +git fetch origin +git pull origin master +``` Install or upgrade the external dependencies with Composer and npm: - php composer.phar install - npm install - npm run build +```bash +php composer.phar install +npm install +npm run build +``` diff --git a/docs/simplesamlphp-install.md b/docs/simplesamlphp-install.md index 560ddfade1..40b17c6686 100644 --- a/docs/simplesamlphp-install.md +++ b/docs/simplesamlphp-install.md @@ -1,53 +1,46 @@ -SimpleSAMLphp Installation and Configuration -============================================ +# SimpleSAMLphp Installation and Configuration [TOC] - This document is part of the SimpleSAMLphp documentation suite. - * [List of all SimpleSAMLphp documentation](https://simplesamlphp.org/docs) - * [SimpleSAMLphp homepage](https://simplesamlphp.org) - +* [List of all SimpleSAMLphp documentation](https://simplesamlphp.org/docs) +* [SimpleSAMLphp homepage](https://simplesamlphp.org) This document covers the installation of the latest stable version of SimpleSAMLphp. -If you want to install the development version, take a look at the instructions for [installing SimpleSAMLphp from the +If you want to install the development version, take a look at the instructions for [installing SimpleSAMLphp from the repository](simplesamlphp-install-repo). - -Prerequisites -------------- - - * A web server capable of executing PHP scripts. - * PHP version >= 7.2.0. - * Support for the following PHP extensions: - * Always required: `date`, `dom`, `hash`, `intl`, `json`, `libxml`, `mbstring`, `openssl`, `pcre`, `SPL`, `zlib` - * When automatically checking for latest versions, and used by some modules: `cURL` - * When authenticating against an LDAP server: `ldap` - * When authenticating against a RADIUS server: `radius` - * When using the native PHP session handler: `session` - * When saving session information to a memcache server: `memcache` - * When using databases: - * Always required: `PDO` - * Database driver: (`mysql`, `pgsql`, ...) - * Support for the following PHP packages: - * When saving session information to a Redis server: `predis` +## Prerequisites + +* A web server capable of executing PHP scripts. +* PHP version >= 7.2.0. +* Support for the following PHP extensions: + * Always required: `date`, `dom`, `hash`, `intl`, `json`, `libxml`, `mbstring`, `openssl`, `pcre`, `SPL`, `zlib` + * When automatically checking for latest versions, and used by some modules: `cURL` + * When authenticating against an LDAP server: `ldap` + * When authenticating against a RADIUS server: `radius` + * When using the native PHP session handler: `session` + * When saving session information to a memcache server: `memcache` + * When using databases: + * Always required: `PDO` + * Database driver: (`mysql`, `pgsql`, ...) +* Support for the following PHP packages: + * When saving session information to a Redis server: `predis` What actual packages are required for the various extensions varies between different platforms and distributions. - -Download and install SimpleSAMLphp ----------------------------------- +## Download and install SimpleSAMLphp The most recent release of SimpleSAMLphp can always be found at [https://simplesamlphp.org/download](https://simplesamlphp.org/download). Go to the directory where you want to install SimpleSAMLphp and extract the archive file you just downloaded: -``` - cd /var - tar xzf simplesamlphp-x.y.z.tar.gz - mv simplesamlphp-x.y.z simplesamlphp +```bash +cd /var +tar xzf simplesamlphp-x.y.z.tar.gz +mv simplesamlphp-x.y.z simplesamlphp ``` ## Upgrading from a previous version of SimpleSAMLphp @@ -58,71 +51,65 @@ changes. Extract the new version: -``` - cd /var - tar xzf simplesamlphp-x.y.z.tar.gz +```bash +cd /var +tar xzf simplesamlphp-x.y.z.tar.gz ``` Copy the configuration files from the previous version (in case the configuration directory is inside SimpleSAMLphp, keep reading for other alternatives): -``` - cd /var/simplesamlphp-x.y.z - rm -rf config metadata - cp -rv ../simplesamlphp/config config - cp -rv ../simplesamlphp/metadata metadata +```bash +cd /var/simplesamlphp-x.y.z +rm -rf config metadata +cp -rv ../simplesamlphp/config config +cp -rv ../simplesamlphp/metadata metadata ``` -If you have installed any [third-party modules](https://simplesamlphp.org/modules) or [customised the theme](simplesamlphp-theming.md), +If you have installed any [third-party modules](https://simplesamlphp.org/modules) or [customised the theme](simplesamlphp-theming.md), you should check whether your third-party modules need upgrading and then copy or replace those directories too. Replace the old version with the new version: -``` - cd /var - mv simplesamlphp simplesamlphp.old - mv simplesamlphp-x.y.z simplesamlphp +```bash +cd /var +mv simplesamlphp simplesamlphp.old +mv simplesamlphp-x.y.z simplesamlphp ``` If the format of the config files or metadata has changed from your previous version of SimpleSAMLphp (check the upgrade notes), you may have to update your configuration and metadata after updating the SimpleSAMLphp code. - ### Upgrading configuration files A good approach is to run a `diff` between your previous `config.php` file and the new `config.php` file located in -`config-templates/config.php`, and apply relevant modifications to the new template. This will ensure that all new +`config-templates/config.php`, and apply relevant modifications to the new template. This will ensure that all new entries in the latest version of config.php are included, as well as preserve your local modifications. - ### Upgrading metadata files Most likely the metadata format is backwards compatible. If not, you should receive a very clear error message at startup indicating how and what you need to update. You should look through the metadata in the `metadata-templates` directory after the upgrade to see whether recommended defaults have been changed. - -Configuration -------------- +## Configuration ### Location of configuration files By default, SimpleSAMLphp looks for its configuration in the `config` directory in the root of its own directory. This -has some drawbacks, like making it harder to update SimpleSAMLphp or to install it as a composer dependency, or to +has some drawbacks, like making it harder to update SimpleSAMLphp or to install it as a composer dependency, or to package it for different operating systems. In order to avoid this limitations, it is possible to specify an alternative location for the configuration directory -by setting the `SIMPLESAMLPHP_CONFIG_DIR` environment variable to point to this location. This way, the configuration +by setting the `SIMPLESAMLPHP_CONFIG_DIR` environment variable to point to this location. This way, the configuration directory doesn't need to be inside the library's directory, making it easier to manage and to update. The simplest way to set this environment variable is to set it in your web server's configuration. See the next section for more information. - -Configuring Apache ------------------- +## Configuring Apache Examples below assume that SimpleSAMLphp is installed in the default location, `/var/simplesamlphp`. You may choose -another location, but this requires a path update in a few files. See Appendix _Installing SimpleSAMLphp +another location, but this requires a path update in a few files. See Appendix _Installing SimpleSAMLphp in alternative locations_ for more details. The only subdirectory of `SimpleSAMLphp` that needs to be accessible from the web is `www`. There are several ways of @@ -132,39 +119,38 @@ one possible configuration. Find the Apache configuration file for the virtual hosts where you want to run SimpleSAMLphp. The configuration may look like this: -``` - - ServerName service.example.com - DocumentRoot /var/www/service.example.com +```apacheconf + + ServerName service.example.com + DocumentRoot /var/www/service.example.com - SetEnv SIMPLESAMLPHP_CONFIG_DIR /var/simplesamlphp/config + SetEnv SIMPLESAMLPHP_CONFIG_DIR /var/simplesamlphp/config - Alias /simplesaml /var/simplesamlphp/www + Alias /simplesaml /var/simplesamlphp/www - - Require all granted - - + + Require all granted + + ``` Note the `Alias` directive, which gives control to SimpleSAMLphp for all urls matching `http(s)://service.example.com/simplesaml/*`. SimpleSAMLphp makes several SAML interfaces available on the web; all of -them are accessible through the `www` subdirectory of your SimpleSAMLphp installation. You can name the alias -whatever you want, but the name must be specified in the `baseurlpath` configuration option in the `config.php` file of +them are accessible through the `www` subdirectory of your SimpleSAMLphp installation. You can name the alias +whatever you want, but the name must be specified in the `baseurlpath` configuration option in the `config.php` file of SimpleSAMLphp as described in [the section called “SimpleSAMLphp configuration: config.php”](#section_6 "SimpleSAMLphp configuration: config.php"). Here is an example of how this configuration may look like in `config.php`: -``` +```php $config = [ [...] 'baseurlpath' => 'simplesaml/', [...] ] ``` - -Note also the `SetEnv` directive in the Apache configuration. It sets the `SIMPLESAMLPHP_CONFIG_DIR` environment +Note also the `SetEnv` directive in the Apache configuration. It sets the `SIMPLESAMLPHP_CONFIG_DIR` environment variable, in this case, to the default location for the configuration directory. You can omit this environment variable, and SimpleSAMLphp will then look for the `config` directory inside its own directory. If you need to move your configuration to a different location, you can use this environment variable to tell SimpleSAMLphp where to look @@ -175,12 +161,10 @@ This is just the basic configuration to get things working. For a checklist further completing your documentation, please see [Maintenance and configuration: Apache](simplesamlphp-maintenance#section_5). - -Configuring Nginx ------------------- +## Configuring Nginx Examples below assume that SimpleSAMLphp is installed in the default location, `/var/simplesamlphp`. You may choose -another location, but this requires a path update in a few files. See Appendix _Installing SimpleSAMLphp +another location, but this requires a path update in a few files. See Appendix _Installing SimpleSAMLphp in alternative locations_ for more details. The only subdirectory of `SimpleSAMLphp` that needs to be accessible from the web is `www`. There are several ways of @@ -190,110 +174,107 @@ one possible configuration. Find the Nginx configuration file for the virtual hosts where you want to run SimpleSAMLphp. The configuration may look like this: -``` - server { - listen 443 ssl; - server_name idp.example.com; +```nginx +server { + listen 443 ssl; + server_name idp.example.com; - ssl_certificate /etc/pki/tls/certs/idp.example.com.crt; - ssl_certificate_key /etc/pki/tls/private/idp.example.com.key; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_ciphers EECDH+AESGCM:EDH+AESGCM; + ssl_certificate /etc/pki/tls/certs/idp.example.com.crt; + ssl_certificate_key /etc/pki/tls/private/idp.example.com.key; + ssl_protocols TLSv1.3 TLSv1.2; + ssl_ciphers EECDH+AESGCM:EDH+AESGCM; - location ^~ /simplesaml { - alias /var/simplesamlphp/www; + location ^~ /simplesaml { + alias /var/simplesamlphp/www; - location ~^(?/simplesaml)(?.+?\.php)(?/.*)?$ { - include fastcgi_params; - fastcgi_pass $fastcgi_pass; - fastcgi_param SCRIPT_FILENAME $document_root$phpfile; + location ~^(?/simplesaml)(?.+?\.php)(?/.*)?$ { + include fastcgi_params; + fastcgi_pass $fastcgi_pass; + fastcgi_param SCRIPT_FILENAME $document_root$phpfile; - # Must be prepended with the baseurlpath - fastcgi_param SCRIPT_NAME /simplesaml$phpfile; + # Must be prepended with the baseurlpath + fastcgi_param SCRIPT_NAME /simplesaml$phpfile; - fastcgi_param PATH_INFO $pathinfo if_not_empty; - } + fastcgi_param PATH_INFO $pathinfo if_not_empty; } } +} ``` -SimpleSAMLphp configuration: config.php ---------------------------------------- +## SimpleSAMLphp configuration: config.php There are a few steps that you should complete in the main configuration file, `config.php`, right away: -- Set the `baseurlpath` configuration option. Make it point to the canonical URL of your deployment, where - SimpleSAMLphp can be reached: - - ``` - 'baseurlpath' => 'https://your.canonical.host.name/simplesaml/', - ``` +* Set the `baseurlpath` configuration option. Make it point to the canonical URL of your deployment, where + SimpleSAMLphp can be reached: - Please note that your canonical URL should always use HTTPS in order to protect your users. Additionally, if you - are running behind a **reverse proxy** and you are offloading TLS to it, the proper way to tell SimpleSAMLphp that - its base URL should use HTTPS is to set the `baseurlpath` configuration option properly. SimpleSAMLphp deliberately - **ignores** the `X-Forwarded-*` set of headers that your proxy might be setting, so **do not rely on those**. +```php +'baseurlpath' => 'https://your.canonical.host.name/simplesaml/', +``` -- Set an administrator password. This is needed to access some of the pages in your SimpleSAMLphp installation web - interface. - - Hashed passwords can also be used here. See the [`authcrypt`](./authcrypt:authcrypt) documentation - for more information. + Please note that your canonical URL should always use HTTPS in order to protect your users. Additionally, if you + are running behind a **reverse proxy** and you are offloading TLS to it, the proper way to tell SimpleSAMLphp that + its base URL should use HTTPS is to set the `baseurlpath` configuration option properly. SimpleSAMLphp deliberately + **ignores** the `X-Forwarded-*` set of headers that your proxy might be setting, so **do not rely on those**. - ``` - 'auth.adminpassword' => 'setnewpasswordhere', - ``` +* Set an administrator password. This is needed to access some of the pages in your SimpleSAMLphp installation web + interface. -- Set a secret salt. This should be a random string. Some parts of the SimpleSAMLphp needs this salt to generate - cryptographically secure hashes. SimpleSAMLphp will give an error if the salt is not changed from the default value. - The command below can help you to generated a random string on (some) unix systems: + Hashed passwords can also be used here. See the [`authcrypt`](./authcrypt:authcrypt) documentation + for more information. - ``` - tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' /dev/null;echo - ``` +```php +'auth.adminpassword' => 'setnewpasswordhere', +``` - Here is an example of the configuration option: +* Set a secret salt. This should be a random string. Some parts of the SimpleSAMLphp needs this salt to generate + cryptographically secure hashes. SimpleSAMLphp will give an error if the salt is not changed from the default value. + The command below can help you to generated a random string on (some) unix systems: - ``` - 'secretsalt' => 'randombytesinsertedhere', - ``` +```bash +tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' /dev/null;echo +``` - **Please note that changing the secret salt may break access to services for your users**. + Here is an example of the configuration option: -- Configure your data storage. You can do this by editing the `store.type` configuration option, and setting it to - one of the supported values. Now configure the backend of your choice with the relevant options, if needed. - -- Configure your sessions. You have to configure your sessions with the appropriate parameters so that the cookies - used by SimpleSAMLphp to track users are always delivered to the software. You may do this by editing the - `session.*` configuration options. Note that if you are using the `phpsession` data storage, the cookie-related - configuration options are configured in the `session.phpsession.*` options. +```php +'secretsalt' => 'randombytesinsertedhere', +``` -- Set technical contact information. This information will be available in the generated metadata. The e-mail address - will also be used for receiving error reports sent automatically by SimpleSAMLphp. Here is an example: + **Please note that changing the secret salt may break access to services for your users**. - ``` - 'technicalcontact_name' => 'John Smith', - 'technicalcontact_email' => 'john.smith@example.com', - ``` +* Configure your data storage. You can do this by editing the `store.type` configuration option, and setting it to + one of the supported values. Now configure the backend of your choice with the relevant options, if needed. -- If you use SimpleSAMLphp in a country where English is not widespread, you may want to change the default language - from English to something else: +* Configure your sessions. You have to configure your sessions with the appropriate parameters so that the cookies + used by SimpleSAMLphp to track users are always delivered to the software. You may do this by editing the + `session.*` configuration options. Note that if you are using the `phpsession` data storage, the cookie-related + configuration options are configured in the `session.phpsession.*` options. - ``` - 'language.default' => 'no', - ``` +* Set technical contact information. This information will be available in the generated metadata. The e-mail address + will also be used for receiving error reports sent automatically by SimpleSAMLphp. Here is an example: -- Set your timezone +```php +'technicalcontact_name' => 'John Smith', +'technicalcontact_email' => 'john.smith@example.com', +``` - ``` - 'timezone' => 'Europe/Oslo', - ``` +* If you use SimpleSAMLphp in a country where English is not widespread, you may want to change the default language + from English to something else: + +```php +'language.default' => 'no', +``` + +* Set your timezone - You can see [a list of Supported Timezones at php.net](http://php.net/manual/en/timezones.php). +```php +'timezone' => 'Europe/Oslo', +``` + You can see [a list of Supported Timezones at php.net](http://php.net/manual/en/timezones.php). -Configuring PHP ---------------- +## Configuring PHP ### Sending e-mails from PHP @@ -304,18 +285,17 @@ send e-mails. By default SimpleSAMLphp uses the PHP `mail()` function, which you can configure via `php.ini`. For more advanced configuration, including using a remote SMTP server, see the `mail.*` options in `config.php`. -Enabling and disabling modules ------------------------------- +## Enabling and disabling modules -If you want to enable some of the modules that are installed with SimpleSAMLphp, but are disabled by default, you +If you want to enable some of the modules that are installed with SimpleSAMLphp, but are disabled by default, you can do that in the configuration: -``` - 'module.enable' => [ - 'exampleauth' => true, // Setting to TRUE enables. - 'saml' => false, // Setting to FALSE disables. - 'core' => null, // Unset or NULL uses default for this module. - ], +```php +'module.enable' => [ + 'exampleauth' => true, // Setting to TRUE enables. + 'saml' => false, // Setting to FALSE disables. + 'core' => null, // Unset or NULL uses default for this module. +], ``` Set to `true` the modules you want to enable, and to `false` those that you want to disable. @@ -323,22 +303,19 @@ Set to `true` the modules you want to enable, and to `false` those that you want Prior to SSP V2 you could enable or disable modules by setting empty files with names (`enable`, `disable`, `default-enable`) in the module's root directory. You need to now use the `module.enable` config option. - -The SimpleSAMLphp admin interface ---------------------------------- +## The SimpleSAMLphp admin interface After installing SimpleSAMLphp, you can access the homepage of your installation, which by default does not show much information: - https://service.example.org/simplesaml/ +`https://service.example.org/simplesaml/` The exact URL depends on how you set it up with your web server, and of course on your hostname. If this works, you can now also acceas the admin module by adding `admin/` to your base URL: - https://service.example.org/simplesaml/admin/ +`https://service.example.org/simplesaml/admin/` - -**Warning**: before you can actually use SimpleSAMLphp for something useful, you need to configure it either as a +**Warning**: before you can actually use SimpleSAMLphp for something useful, you need to configure it either as a Service Provider or as an Identity Provider, depending on your use case. Here is an example screenshot of what the SimpleSAMLphp page looks like: @@ -348,14 +325,14 @@ Here is an example screenshot of what the SimpleSAMLphp page looks like: ### Check your PHP environment At the bottom of the admin page there are some green lights. SimpleSAMLphp runs some tests to see whether the -required and recommended prerequisites are met. If any of the lights are red, you may have to install some PHP +required and recommended prerequisites are met. If any of the lights are red, you may have to install some PHP extensions or external PHP packages (e.g. you need the PHP LDAP extension to use the LDAP authentication module). ## Building assets Run the following commands to build the default theme. -``` +```bash npm install npm run build ``` @@ -363,50 +340,46 @@ npm run build ## Next steps You have now successfully installed SimpleSAMLphp, and the next steps depend on whether you want to setup a Service -Provider (in order to protect access to an existing application) or an Identity Provider (which you would connect to -a user database where your users can authenticate). Documentation on bridging between federation protocols is found +Provider (in order to protect access to an existing application) or an Identity Provider (which you would connect to +a user database where your users can authenticate). Documentation on bridging between federation protocols is found in a separate document. - - [Using SimpleSAMLphp as a Service Provider (SP)](simplesamlphp-sp) - + [Remote IdP reference](simplesamlphp-reference-idp-remote) - + [Connecting to the UK Access Federation or InCommon](simplesamlphp-ukaccess) - - [Using SimpleSAMLphp as an Identity Provider (IdP)](simplesamlphp-idp) - + [Hosted IdP reference](simplesamlphp-reference-idp-hosted) - + [Remote SP reference](simplesamlphp-reference-sp-remote) - + [Setting up an IdP for Google Workspace (G Suite / Google Apps)](simplesamlphp-googleapps) - + [Advanced Topics](simplesamlphp-idp-more) - - [Automated Metadata Management](/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata) - - [Maintenance and configuration](simplesamlphp-maintenance) +* [Using SimpleSAMLphp as a Service Provider (SP)](simplesamlphp-sp) + * [Remote IdP reference](simplesamlphp-reference-idp-remote) + * [Connecting to the UK Access Federation or InCommon](simplesamlphp-ukaccess) +* [Using SimpleSAMLphp as an Identity Provider (IdP)](simplesamlphp-idp) + * [Hosted IdP reference](simplesamlphp-reference-idp-hosted) + * [Remote SP reference](simplesamlphp-reference-sp-remote) + * [Setting up an IdP for Google Workspace (G Suite / Google Apps)](simplesamlphp-googleapps) + * [Advanced Topics](simplesamlphp-idp-more) +* [Automated Metadata Management](/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata) +* [Maintenance and configuration](simplesamlphp-maintenance) - -Support -------- +## Support If you need help to make this work, or want to discuss SimpleSAMLphp with other users of the software, you are -in luck: there is a great Open Source community around SimpleSAMLphp, and you are welcome to join! The forums are open -for you to ask questions, help others by answering their questions, request improvements or contribute with +in luck: there is a great Open Source community around SimpleSAMLphp, and you are welcome to join! The forums are open +for you to ask questions, help others by answering their questions, request improvements or contribute with code or plugins of your own. -- [Homepage](https://simplesamlphp.org) -- [Documentation](https://simplesamlphp.org/docs/) -- [Mailing lists](https://simplesamlphp.org/lists) - +* [Homepage](https://simplesamlphp.org) +* [Documentation](https://simplesamlphp.org/docs/) +* [Mailing lists](https://simplesamlphp.org/lists) -Appendix: Installing SimpleSAMLphp in alternative locations -------------------------------------------------- +## Appendix: Installing SimpleSAMLphp in alternative locations There may be several reasons why you want to install SimpleSAMLphp in an alternative way. -- You are installing SimpleSAMLphp in a hosted environment where you do not have root access, and cannot change - Apache configuration. You can still install SimpleSAMLphp, keep on reading! +* You are installing SimpleSAMLphp in a hosted environment where you do not have root access, and cannot change + Apache configuration. You can still install SimpleSAMLphp, keep on reading! -- You have full permissions to the server, but cannot edit web server configuration for some reason like internal -policies. +* You have full permissions to the server, but cannot edit web server configuration for some reason like internal + policies. -The SimpleSAMLphp package contains one folder named `simplesamlphp-x.y.z` (where `x.y.z` is the version number). In -this folder there are a lot of subfolders for library, metadata, configuration, etc. One of these folders is named -`www`. **Only this folder should be exposed on the web**. The recommended configuration is to put the whole -`simplesamlphp` folder outside the web root, and then link to the `www` folder by using the `Alias` directive, as +The SimpleSAMLphp package contains one folder named `simplesamlphp-x.y.z` (where `x.y.z` is the version number). In +this folder there are a lot of subfolders for library, metadata, configuration, etc. One of these folders is named +`www`. **Only this folder should be exposed on the web**. The recommended configuration is to put the whole +`simplesamlphp` folder outside the web root, and then link to the `www` folder by using the `Alias` directive, as described in [the section called “Configuring Apache”](#section_4 "Configuring Apache"). This is not the only possible way, though. @@ -414,7 +387,7 @@ As an example, let's see how you can install SimpleSAMLphp in your home director 1. Extract the SimpleSAMLphp archive in your home directory: - ``` + ```bash cd ~ tar xzf simplesamlphp-1.x.y.tar.gz mv simplesamlphp-1.x.y simplesamlphp @@ -422,55 +395,54 @@ As an example, let's see how you can install SimpleSAMLphp in your home director 2. Then you can try to make a symlink into the `public_html` directory. - ``` + ```bash cd ~/public_html ln -s ../simplesamlphp/www simplesaml ``` -3. Next, you need to set the `baseurlpath` configuration option with the URL pointing to the `simplesaml` link you -just created in your `public_html` directory. For example, if your home directory is reachable in -`https://host.example/~myaccount/`, set the base URL path accordingly: +3. Next, you need to set the `baseurlpath` configuration option with the URL pointing to the `simplesaml` link you + just created in your `public_html` directory. For example, if your home directory is reachable in + `https://host.example/~myaccount/`, set the base URL path accordingly: - ``` - 'baseurlpath' => 'https://host.example/~myaccount/simplesaml/', + ```bash + 'baseurlpath' => 'https://host.example/~myaccount/simplesaml/', ``` Now, you can go to the URL of your installation and check if things work: - https://host.example/~myaccount/simplesaml/ - + `https://host.example/~myaccount/simplesaml/` -#### Tip +### Tip -Symlinking may fail, because some Apache configurations do not allow you to link to files from outside the +Symlinking may fail, because some Apache configurations do not allow you to link to files from outside the `public_html` folder. If so, you can move the `www` folder instead of symlinking it: -``` - cd ~/public_html - mv ../simplesamlphp/www simplesaml +```bash +cd ~/public_html +mv ../simplesamlphp/www simplesaml ``` Now you have the following directory structure. -- `~/simplesamlphp` +* `~/simplesamlphp` -- `~/public_html/simplesaml` where `simplesaml` is the `www` directory from the `simplesamlphp` installation directory, +* `~/public_html/simplesaml` where `simplesaml` is the `www` directory from the `simplesamlphp` installation directory, either moved or a symlink. Now, we need to make a few configuration changes. First, let's edit `~/public_html/simplesaml/_include.php`: Change the two lines from: -``` - require_once(dirname(dirname(__FILE__)) . '/lib/_autoload.php'); +```php +require_once(dirname(dirname(__FILE__)) . '/lib/_autoload.php'); ``` to something like: -``` - require_once(dirname(dirname(dirname(__FILE__))) . '/lib/_autoload.php'); +```bash +require_once(dirname(dirname(dirname(__FILE__))) . '/lib/_autoload.php'); ``` -**Warning**: note that this will make upgrading SimpleSAMLphp much more difficult, since you will need to move the +**Warning**: note that this will make upgrading SimpleSAMLphp much more difficult, since you will need to move the `www` directory and manually edit files every time you upgrade. It is also possible that this method does not work in future versions of SimpleSAMLphp, and therefore it is discouraged and should be used only as a last resort. diff --git a/docs/simplesamlphp-maintenance.md b/docs/simplesamlphp-maintenance.md index 3dc8617311..7e849a914a 100644 --- a/docs/simplesamlphp-maintenance.md +++ b/docs/simplesamlphp-maintenance.md @@ -1,5 +1,4 @@ -SimpleSAMLphp Maintenance -========================= +# SimpleSAMLphp Maintenance - [TOC] -SimpleSAMLphp news and documentation ------------------------------------- +## SimpleSAMLphp news and documentation Please check the following sources of information to stay up to date with regard to SimpleSAMLphp: - * [SimpleSAMLphp documentation](http://simplesamlphp.org/docs) - * [SimpleSAMLphp homepage](https://simplesamlphp.org) - * [SimpleSAMLphp mailing lists](https://simplesamlphp.org/lists) - * [SimpleSAMLphp in twitter](https://twitter.com/simplesamlphp) +* [SimpleSAMLphp documentation](http://simplesamlphp.org/docs) +* [SimpleSAMLphp homepage](https://simplesamlphp.org) +* [SimpleSAMLphp mailing lists](https://simplesamlphp.org/lists) +* [SimpleSAMLphp in twitter](https://twitter.com/simplesamlphp) ## Session management @@ -26,26 +23,32 @@ SimpleSAMLphp has an abstraction layer for session management. That means it is The `store.type` configuration option in `config.php` allows you to select which method SimpleSAMLphp should use to store the session information. Currently, three session handlers are included in the distribution: - * `phpsession` uses the built in session management in PHP. This is the default, and is simplest to use. It will not work in a load-balanced environment in most configurations. - * `memcache` uses the memcache software to cache sessions in memory. Sessions can be distributed and replicated among several memcache servers, enabling both load-balancing and fail-over. - * `sql` stores the session in an SQL database. - * `redis` stores the session in Redis. +* `phpsession` uses the built in session management in PHP. This is the default, and is simplest to use. It will not work in a load-balanced environment in most configurations. +* `memcache` uses the memcache software to cache sessions in memory. Sessions can be distributed and replicated among several memcache servers, enabling both load-balancing and fail-over. +* `sql` stores the session in an SQL database. +* `redis` stores the session in Redis. - 'store.type' => 'phpsession', +```php +'store.type' => 'phpsession', +``` ### Configuring PHP sessions To use the PHP session handler, set the `store.type` configuration option in `config.php`: - 'store.type' => 'phpsession', +```php +'store.type' => 'phpsession', +``` Keep in mind that **PHP does not allow two sessions to be open at the same time**. This means if you are using PHP sessions both in your application and in SimpleSAMLphp at the same time, **they need to have different names**. When using the PHP session handler in SimpleSAMLphp, it is configured with different options than for other session handlers: - 'session.phpsession.cookiename' => null, - 'session.phpsession.savepath' => null, - 'session.phpsession.httponly' => true, +```php +'session.phpsession.cookiename' => null, +'session.phpsession.savepath' => null, +'session.phpsession.httponly' => true, +``` Make sure to set `session.phpsession.cookiename` to a name different than the one in use by any other applications. If you are using SimpleSAMLphp as an Identity Provider, or any other applications using it are not using the default session name, you can use the default @@ -58,7 +61,9 @@ If you need to restore your session's application after calling SimpleSAMLphp, y To use the memcache session handler, set the `store.type` parameter in `config.php`: - 'store.type' => 'memcache', +```php +'store.type' => 'memcache', +``` memcache allows you to store multiple redundant copies of sessions on different memcache servers. @@ -68,54 +73,57 @@ Each server group is an array of servers. The data items will be load-balanced b Each server is an array of parameters for the server. The following options are available: -`hostname` -: Host name or ip address where the memcache server runs, or specify other transports like *unix:///path/ssp.sock* to - use UNIX domain sockets. In that case, port will be ignored and forced to *0*. - - This is the only required option. +`hostname`: +Host name or ip address where the memcache server runs, or specify other transports like *unix:///path/ssp.sock* to +use UNIX domain sockets. In that case, port will be ignored and forced to *0*. -`port` -: Port number of the memcache server. If not set, the `memcache.default_port` ini setting is used. This is 11211 by - default. +This is the only required option. - The port will be forced to *0* when a UNIX domain socket is specified in *hostname*. +`port`: +Port number of the memcache server. If not set, the `memcache.default_port` ini setting is used. This is 11211 by +default. -`weight` -: Weight of this server in this server group. - [http://php.net/manual/en/function.Memcache-addServer.php](http://php.net/manual/en/function.Memcache-addServer.php) - has more information about the weight option. +The port will be forced to *0* when a UNIX domain socket is specified in *hostname*. -`timeout` -: Timeout for this server. By default, the timeout is 3 - seconds. +`weight`: +Weight of this server in this server group. +[http://php.net/manual/en/function.Memcache-addServer.php](http://php.net/manual/en/function.Memcache-addServer.php) +has more information about the weight option. +`timeout`: +Timeout for this server. By default, the timeout is 3 +seconds. Here are two examples of configuration of memcache session handling: -**Example 1. Example of redundant configuration with load balancing** +### Example 1. Example of redundant configuration with load balancing Example of redundant configuration with load balancing: This configuration makes it possible to lose both servers in the a-group or both servers in the b-group without losing any sessions. Note that sessions will be lost if one server is lost from both the a-group and the b-group. - 'memcache_store.servers' => [ - [ +```php +'memcache_store.servers' => [ + [ ['hostname' => 'mc_a1'], ['hostname' => 'mc_a2'], - ], - [ + ], + [ ['hostname' => 'mc_b1'], ['hostname' => 'mc_b2'], - ], ], +], +``` -**Example 2. Example of simple configuration with only one memcache server** +### Example 2. Example of simple configuration with only one memcache server Example of simple configuration with only one memcache server, running on the same computer as the web server: Note that all sessions will be lost if the memcache server crashes. - 'memcache_store.servers' => [ - [ +```php +'memcache_store.servers' => [ + [ ['hostname' => 'localhost'], - ], ], +], +``` The expiration value (`memcache_store.expires`) is the duration for which data should be retained in memcache. Data are dropped from the memcache servers when this time expires. The time will be reset every time the data is written to the memcache servers. @@ -123,23 +131,27 @@ This value should always be larger than the `session.duration` option. Not doing Set this value to 0 if you don't want data to expire. -#### Note +`Note` The oldest data will always be deleted if the memcache server runs out of storage space. -**Example 3. Example of configuration setting for session expiration** +### Example 3. Example of configuration setting for session expiration Here is an example of this configuration parameter: - 'memcache_store.expires' => 36 * (60*60), // 36 hours. +```php +'memcache_store.expires' => 36 * (60*60), // 36 hours. +``` #### Memcache PHP configuration Configure memcache to not do internal failover. This parameter is configured in `php.ini`. - memcache.allow_failover = Off +```php +memcache.allow_failover = Off +``` #### Environmental configuration @@ -147,7 +159,6 @@ Setup a firewall restricting access to the memcache server. Because SimpleSAMLphp uses a timestamp to check which session is most recent in a fail-over setup, it is very important to run synchronized clocks on all web servers where you run SimpleSAMLphp. - ### Configuring SQL storage To store session to a SQL database, set the `store.type` option to `sql`. @@ -164,6 +175,7 @@ To store sessions in Redis, set the `store.type` option to `redis`. By default SimpleSAMLphp will attempt to connect to Redis on the `localhost` at port `6379`. These can be configured via the `store.redis.host` and `store.redis.port` options, respectively. You may also set a key prefix with the `store.redis.prefix` option. For Redis instances that [require authentication](https://redis.io/commands/auth): + * If authentication is managed with the `requirepass` directive (legacy password protection): use the `store.redis.password` option * If authentication is managed with [ACL's](https://redis.io/docs/manual/security/acl/) (which are recommended as of Redis 6): use the `store.redis.password` and `store.redis.username` options @@ -173,7 +185,7 @@ Several metadata storage backends are available by default, including `flatfile` [`pdo`](https://simplesamlphp.org/docs/stable/simplesamlphp-metadata-pdostoragehandler). Here you have an example configuration of different metadata sources in use at the same time: -``` +```php 'metadata.sources' => [ ['type' => 'flatfile'], ['type' => 'flatfile', 'directory' => 'metadata/metarefresh-kalmar'], @@ -188,9 +200,9 @@ and override the methods needed to change the backend used. This class **must** Bear in mind that **your class name must follow the PSR-0 autoloading standard**. This means it needs to be named in a particular way, with the use of namespaces being the preferred convention. For example, if your -module is named _mymodule_ and your class is named _MyMetadataHandler_, you should define it like this: +module is named `mymodule` and your class is named `MyMetadataHandler`, you should define it like this: -``` +```php ['en', 'no', 'da', 'es', 'xx'], - 'language.default' => 'en', +```php +/* + * Languages available and which language is default + */ +'language.available' => ['en', 'no', 'da', 'es', 'xx'], +'language.default' => 'en', +``` Please use the standardized two-character [language codes as specified in ISO-639-1](http://en.wikipedia.org/wiki/List_of_ISO_639-1_codes). @@ -259,11 +271,13 @@ You also can set the default language. You should ensure that the default langua All strings that can be localized are found in the files `dictionaries/`. Add a new entry for each string, with your language code, like this: - 'user_pass_header' => [ - 'en' => 'Enter your username and password', - 'no' => 'Skriv inn brukernavn og passord', - 'xx' => 'Pooa jujjique jamba', - ], +```php +'user_pass_header' => [ + 'en' => 'Enter your username and password', + 'no' => 'Skriv inn brukernavn og passord', + 'xx' => 'Pooa jujjique jamba', +], +``` You can translate as many of the texts as you would like; a full translation is not required unless you want to make this the default language. From the end users point of view, it looks best if all text fragments used in a given screen or form is in one single language. @@ -271,12 +285,10 @@ You can translate as many of the texts as you would like; a full translation is Documentation on theming is moved [to a separate document](simplesamlphp-theming). - -Support -------- +### Support If you need help to make this work, or want to discuss SimpleSAMLphp with other users of the software, you are fortunate: Around SimpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own. -- [SimpleSAMLphp homepage](https://simplesamlphp.org) -- [List of all available SimpleSAMLphp documentation](http://simplesamlphp.org/docs/) -- [Join the SimpleSAMLphp user's mailing list](https://simplesamlphp.org/lists) +* [SimpleSAMLphp homepage](https://simplesamlphp.org) +* [List of all available SimpleSAMLphp documentation](http://simplesamlphp.org/docs/) +* [Join the SimpleSAMLphp user's mailing list](https://simplesamlphp.org/lists) diff --git a/docs/simplesamlphp-metadata-endpoints.md b/docs/simplesamlphp-metadata-endpoints.md index aeeff30bf2..8e65dd50ce 100644 --- a/docs/simplesamlphp-metadata-endpoints.md +++ b/docs/simplesamlphp-metadata-endpoints.md @@ -12,13 +12,11 @@ Endpoint | Indexed | Default binding `SingleLogoutService` | N | HTTP-Redirect `SingleSignOnService` | N | HTTP-Redirect - The various endpoints can be specified in three different ways: - * A single string. - * Array of strings. - * Array of arrays. - +* A single string. +* Array of strings. +* Array of arrays. A single string --------------- @@ -28,7 +26,6 @@ A single string This is the simplest endpoint format. It can be used when there is only a single endpoint that uses the default binding. - Array of strings ---------------- @@ -39,7 +36,6 @@ Array of strings This endpoint format can be used to represent multiple endpoints, all of which use the default binding. - Array of arrays --------------- @@ -67,4 +63,3 @@ It can also be used to specify the ResponseLocation attribute on endpoints, e.g. 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', ], ], - diff --git a/docs/simplesamlphp-metadata-extensions-attributes.md b/docs/simplesamlphp-metadata-extensions-attributes.md index 716580c033..4e75bbd3b3 100644 --- a/docs/simplesamlphp-metadata-extensions-attributes.md +++ b/docs/simplesamlphp-metadata-extensions-attributes.md @@ -15,10 +15,10 @@ An example of this is: [ - 'urn:simplesamlphp:v1:simplesamlphp' => ['is', 'really', 'cool'], - '{urn:simplesamlphp:v1}foo' => ['bar'], - ], + 'EntityAttributes' => [ + 'urn:simplesamlphp:v1:simplesamlphp' => ['is', 'really', 'cool'], + '{urn:simplesamlphp:v1}foo' => ['bar'], + ], /* ... */ ]; @@ -37,9 +37,9 @@ metadata. Each item in the `EntityAttributes` array defines a new array. Each item in this array produces a separate `` element within the `` element. - 'EntityAttributes' => [ - 'urn:simplesamlphp:v1:simplesamlphp' => ['is', 'really', 'cool'], - ], + 'EntityAttributes' => [ + 'urn:simplesamlphp:v1:simplesamlphp' => ['is', 'really', 'cool'], + ], This generates: @@ -52,9 +52,9 @@ This generates: Each `` element requires a `NameFormat` attribute. This is specified using curly braces at the beginning of the key name: - 'EntityAttributes' => [ - '{urn:simplesamlphp:v1}foo' => ['bar'], - ], + 'EntityAttributes' => [ + '{urn:simplesamlphp:v1}foo' => ['bar'], + ], This generates: @@ -76,34 +76,33 @@ If given the following configuration... 'privatekey' => 'example.com.pem', 'auth' => 'example-userpass', - 'EntityAttributes' => [ - 'urn:simplesamlphp:v1:simplesamlphp' => ['is', 'really', 'cool'], - '{urn:simplesamlphp:v1}foo' => ['bar'], - ], - ]; + 'EntityAttributes' => [ + 'urn:simplesamlphp:v1:simplesamlphp' => ['is', 'really', 'cool'], + '{urn:simplesamlphp:v1}foo' => ['bar'], + ], + ]; ... will generate the following XML metadata: - - - - - - is - really - cool - - - bar - - - - - - - - ... - + + + + + + is + really + cool + + + bar + + + + + + + + ... An example configuration to declare Géant Data Protection Code of Conduct entity category support for a service provider in `authsources.php`: diff --git a/docs/simplesamlphp-metadata-extensions-rpi.md b/docs/simplesamlphp-metadata-extensions-rpi.md index 9b45c5a79d..bf136709e5 100644 --- a/docs/simplesamlphp-metadata-extensions-rpi.md +++ b/docs/simplesamlphp-metadata-extensions-rpi.md @@ -7,7 +7,7 @@ SAML V2.0 Metadata Extensions for Registration and Publication Information http://daringfireball.net/projects/markdown/syntax --> - * Author: Jaime Perez [jaime.perez@uninett.no](mailto:jaime.perez@uninett.no) +* Author: Jaime Perez [jaime.perez@uninett.no](mailto:jaime.perez@uninett.no) [TOC] @@ -19,19 +19,19 @@ This extension aims to provide information about the registrars and publishers o available through different endpoints and modules that provide metadata all along SimpleSAMLphp. More specifically, this extension can be used for: -- metadata published for a [hosted service provider](./saml:sp). -- metadata published for a [hosted identity provider](./simplesamlphp-reference-idp-hosted). -- metadata collected and published by means of the [`aggregator`](./aggregator:aggregator) or [`aggregator2`](./aggregator2:aggregator2) modules. +* metadata published for a [hosted service provider](./saml:sp). +* metadata published for a [hosted identity provider](./simplesamlphp-reference-idp-hosted). +* metadata collected and published by means of the [`aggregator`](./aggregator:aggregator) or [`aggregator2`](./aggregator2:aggregator2) modules. Currently, only the `` element is supported. Depending on the metadata set you want to add this extension to, you will have to configure it on the corresponding configuration file: -- `metadata/saml20-idp-hosted.php` for hosted identity providers. -- `config/authsources.php` for hosted service providers. -- `config/module_aggregator.php` for the `aggregator` module. -- `config/module_aggregator2.php` for the `aggregator2` module. +* `metadata/saml20-idp-hosted.php` for hosted identity providers. +* `config/authsources.php` for hosted service providers. +* `config/module_aggregator.php` for the `aggregator` module. +* `config/module_aggregator2.php` for the `aggregator2` module. RegistrationInfo Items ---------------------- @@ -53,7 +53,6 @@ The configuration is the same for all the different files, and consists of a sin index must be the language code corresponding to the language of the URL. This parameter is optional, and will be omitted in the resulting metadata if not configured. - Examples -------- diff --git a/docs/simplesamlphp-metadata-extensions-ui.md b/docs/simplesamlphp-metadata-extensions-ui.md index 2d131609e6..fb5f983230 100644 --- a/docs/simplesamlphp-metadata-extensions-ui.md +++ b/docs/simplesamlphp-metadata-extensions-ui.md @@ -195,7 +195,6 @@ key. 'GeolocationHint' => ['geo:47.37328,8.531126', 'geo:19.34343,12.342514'], - Generated XML Metadata Examples ---------------- @@ -281,4 +280,3 @@ If given the following configuration... ... - diff --git a/docs/simplesamlphp-metadata-pdostoragehandler.md b/docs/simplesamlphp-metadata-pdostoragehandler.md index 54d711643b..8459806336 100644 --- a/docs/simplesamlphp-metadata-pdostoragehandler.md +++ b/docs/simplesamlphp-metadata-pdostoragehandler.md @@ -7,7 +7,6 @@ PDO Metadata Storage Handler http://daringfireball.net/projects/markdown/syntax --> - [TOC] Introduction @@ -17,42 +16,40 @@ If you want to run a clustered SimpleSAMLphp IdP service and you would like to h The present document explains how to configure SimpleSAMLphp and your database. - - Preparations ------------ You will need to have the appropriate PDO drivers for your database and you will have to configure the database section within the config/config.php file. - - Configuring SimpleSAMLphp ----------------------------- You will first need to configure a PDO metadata source. - [root@simplesamlphp simplesamlphp]# vi config/config.php +```bash +[root@simplesamlphp simplesamlphp]# vi config/config.php +``` Here is an example of flatfile plus PDO: - 'metadata.sources' => [ - ['type' => 'flatfile'], - ['type' => 'pdo'], - ], - - +```php +'metadata.sources' => [ + ['type' => 'flatfile'], + ['type' => 'pdo'], +], +``` Initializing the Database ------------------------- - Once you have configured your metadata sources to include a PDO source, you will need to initialize the database. This process will create tables in the database for each type of metadata set (saml20-idp-hosted, saml20-idp-remote, saml20-sp-remote, etc). - [root@simplesamlphp simplesamlphp]# php bin/initMDSPdo.php +```bash +[root@simplesamlphp simplesamlphp]# php bin/initMDSPdo.php +``` If you connect to your database, you will see 11 new empty tables; one for each metadata set. - Adding Metadata --------------- @@ -68,12 +65,14 @@ Another example is the saml20_idp_remote table: entity_id | entity_data -------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -https://openidp.feide.no | {"name":{"en":"Feide OpenIdP - guest users","no":"Feide Gjestebrukere"},"description":"Here you can login with your account on Feide RnD OpenID. If you do not already have an account on this identity provider, you can create a new one by following the create new account link and follow the instructions.","SingleSignOnService":"https:\/\/openidp.feide.no\/simplesaml\/saml2\/idp\/SSOService.php","SingleLogoutService":"https:\/\/openidp.feide.no\/simplesaml\/saml2\/idp\/SingleLogoutService.php","certFingerprint":"c9ed4dfb07caf13fc21e0fec1572047eb8a7a4cb"} +`https://openidp.feide.no` | {"name":{"en":"Feide OpenIdP - guest users","no":"Feide Gjestebrukere"},"description":"Here you can login with your account on Feide RnD OpenID. If you do not already have an account on this identity provider, you can create a new one by following the create new account link and follow the instructions.","SingleSignOnService":"https:\/\/openidp.feide.no\/simplesaml\/saml2\/idp\/SSOService.php","SingleLogoutService":"https:\/\/openidp.feide.no\/simplesaml\/saml2\/idp\/SingleLogoutService.php","certFingerprint":"c9ed4dfb07caf13fc21e0fec1572047eb8a7a4cb"} There is an included script in the `bin` directory that will import all flatfile metadata files and store them in the database, but you can use an external tool to maintain the metadata in the database. This document will only cover adding metadata using the included utility, but the tables above should provide enough information if you would like to create a utility to manage your metadata externally. To import all flatfile metadata files into the PDO database, run the following script - [root@simplesamlphp simplesamlphp]# php bin/importPdoMetadata.php +```bash +[root@simplesamlphp simplesamlphp]# php bin/importPdoMetadata.php +``` In the event that you import a metadata for an entity id that already exists in the database, it will be overwritten. diff --git a/docs/simplesamlphp-modules.md b/docs/simplesamlphp-modules.md index a07e2384d6..c302b530d8 100644 --- a/docs/simplesamlphp-modules.md +++ b/docs/simplesamlphp-modules.md @@ -1,5 +1,4 @@ -SimpleSAMLphp modules -================================================== +# SimpleSAMLphp modules - [TOC] This document describes how the module system in SimpleSAMLphp works. It describes what types of modules there are, how they are configured, and how to write new modules. -Overview --------- +## Overview -There are currently three parts of SimpleSAMLphp which can be stored in -modules - authentication sources, authentication processing filters and -themes. There is also support for defining hooks - functions run at -specific times. More than one thing can be stored in a single module. -There is also support for storing supporting files, such as templates +There are currently three parts of SimpleSAMLphp which can be stored in +modules - authentication sources, authentication processing filters and +themes. There is also support for defining hooks - functions run at +specific times. More than one thing can be stored in a single module. +There is also support for storing supporting files, such as templates and dictionaries, in modules. -The different functionalities which can be created as modules will be -described in more detail in the following sections; what follows is a +The different functionalities which can be created as modules will be +described in more detail in the following sections; what follows is a short introduction to what you can do with them: - - Authentication sources implement different methods for - authenticating users, for example simple login forms which - authenticate against a database backend, or login methods which use - client-side certificates. - - Authentication processing filters perform various tasks after the - user is authenticated and has a set of attributes. They can add, - remove and modify attributes, do additional authentication checks, - ask questions of the user, +++. - - Themes allow you to package custom templates for multiple modules - into a single module. - +- Authentication sources implement different methods for + authenticating users, for example simple login forms which + authenticate against a database backend, or login methods which use + client-side certificates. +- Authentication processing filters perform various tasks after the + user is authenticated and has a set of attributes. They can add, + remove and modify attributes, do additional authentication checks, + ask questions of the user, +++. +- Themes allow you to package custom templates for multiple modules + into a single module. ## Module layout @@ -119,93 +115,87 @@ www This function will then return a URL to the given file in the `www`-directory of `module`. - ## Authentication sources -An authentication source is used to authenticate a user and receive a -set of attributes belonging to this user. In a single-signon setup, the -authentication source will only be called once, and the attributes +An authentication source is used to authenticate a user and receive a +set of attributes belonging to this user. In a single-signon setup, the +authentication source will only be called once, and the attributes belonging to the user will be cached until the user logs out. -Authentication sources are defined in `config/authsources.php`. This -file contains an array of `name => configuration` pairs. The name is -used to refer to the authentication source in metadata. When -configuring an IdP to authenticate against an authentication source, -\the `auth` option should be set to this name. The configuration for an -authentication source is an array. The first element in the array -identifies the class which implements the authentication source. The -remaining elements in the array are configuration entries for the +Authentication sources are defined in `config/authsources.php`. This +file contains an array of `name => configuration` pairs. The name is +used to refer to the authentication source in metadata. When +configuring an IdP to authenticate against an authentication source, +\the `auth` option should be set to this name. The configuration for an +authentication source is an array. The first element in the array +identifies the class which implements the authentication source. The +remaining elements in the array are configuration entries for the authentication source. -A typical configuration entry for an authentication source looks like +A typical configuration entry for an authentication source looks like this: 'example-static' => [ - /* This maps to modules/exampleauth/lib/Auth/Source/Static.php */ - 'exampleauth:StaticSource', + /* This maps to modules/exampleauth/lib/Auth/Source/Static.php */ + 'exampleauth:StaticSource', - /* The following is configuration which is passed on to - * the exampleauth:StaticSource authentication source. */ - 'uid' => 'testuser', - 'eduPersonAffiliation' => ['member', 'employee'], - 'cn' => ['Test User'], + /* The following is configuration which is passed on to + * the exampleauth:StaticSource authentication source. */ + 'uid' => 'testuser', + 'eduPersonAffiliation' => ['member', 'employee'], + 'cn' => ['Test User'], ], To use this authentication source in a SAML 2.0 IdP, set the `auth`-option of the IdP to `'example-static'`: 'https://example.org/saml-idp' => [ - 'host' => '__DEFAULT__', - 'privatekey' => 'example.org.pem', - 'certificate' => 'example.org.crt', - 'auth' => 'example-static', + 'host' => '__DEFAULT__', + 'privatekey' => 'example.org.pem', + 'certificate' => 'example.org.crt', + 'auth' => 'example-static', ], ### Creating authentication sources This is described in a separate document: - * [Creating authentication sources](simplesamlphp-authsource) - +- [Creating authentication sources](simplesamlphp-authsource) -Authentication processing filters ---------------------------------- +## Authentication processing filters *Authentication processing filters* is explained in a separate document: - * [Authentication processing filters](simplesamlphp-authproc) - - +- [Authentication processing filters](simplesamlphp-authproc) ## Themes -This feature allows you to collect all your custom templates in one -place. The directory structure is like this: -`modules//themes///