Allow downloading sp metadata without idp

2025-01-23 19:59:18 -08:00 · 2020-05-06 19:50:50 +10:00 · 2020-05-06 19:50:50 +10:00 · c1c37d521c
parent b2930d6069
commit c1c37d521c
3 changed files with 32 additions and 13 deletions
--- a/app/Http/Controllers/Auth/SamlController.php
+++ b/app/Http/Controllers/Auth/SamlController.php
@ -48,12 +48,10 @@ class SamlController extends Controller
     */
    public function metadata(Request $request)
    {
-        $auth = $this->saml->getAuth();
-        $settings = $auth->getSettings();
-        $metadata = $settings->getSPMetadata(true);
+        $metadata = $this->saml->getSPMetadata();

-        if (is_null($metadata)) {
-            return response($metadata, 403);
+        if (empty($metadata)) {
+            return response()->view('errors.403', [], 403);
        }

        return response($metadata)->header('Content-Type', 'text/xml');
--- a/app/Http/Requests/SettingsSamlRequest.php
+++ b/app/Http/Requests/SettingsSamlRequest.php
@ -33,7 +33,6 @@ class SettingsSamlRequest extends FormRequest
    public function rules()
    {
        return [
-            "saml_idp_metadata" => 'sometimes|required_if:saml_enabled,1',
        ];
    }

@ -41,11 +40,11 @@ class SettingsSamlRequest extends FormRequest
    {
        $validator->after(function ($validator) {
            if ($this->input('saml_enabled') == '1') {
-                if ($this->has('saml_idp_metadata')) {
-                    $idpMetadata = $this->input('saml_idp_metadata');
+                
+                $idpMetadata = $this->input('saml_idp_metadata');
+                if (!empty($idpMetadata)) {
                    try {
                        if (filter_var($idpMetadata, FILTER_VALIDATE_URL)) {
-                            $url = $idpMetadata;
                            $metadataInfo = OneLogin_Saml2_IdPMetadataParser::parseRemoteXML($idpMetadata);
                        } else {
                            $metadataInfo = OneLogin_Saml2_IdPMetadataParser::parseXML($idpMetadata);
--- a/app/Services/Saml.php
+++ b/app/Services/Saml.php
@ -4,6 +4,7 @@ namespace App\Services;

 use OneLogin\Saml2\Auth as OneLogin_Saml2_Auth;
 use OneLogin\Saml2\IdPMetadataParser as OneLogin_Saml2_IdPMetadataParser;
+use OneLogin\Saml2\Settings as OneLogin_Saml2_Settings;
 use App\Models\Setting;
 use App\Models\User;
 use Exception;
@ -131,10 +132,6 @@ class Saml
        try {
            $this->_auth = new OneLogin_Saml2_Auth($this->_settings);
        } catch (Exception $e) {
-            if ($this->isEnabled()) {
-                throw $e;
-            }
-
            $this->_enabled = false;
        }
    }
@ -323,6 +320,31 @@ class Saml
        return $this->_auth;
    }

+    /**
+     * Gets the SP metadata. The XML representation.
+     *
+     * @param bool $alwaysPublishEncryptionCert When 'true', the returned
+     * metadata will always include an 'encryption' KeyDescriptor. Otherwise,
+     * the 'encryption' KeyDescriptor will only be included if
+     * $advancedSettings['security']['wantNameIdEncrypted'] or
+     * $advancedSettings['security']['wantAssertionsEncrypted'] are enabled.
+     * @param int|null      $validUntil    Metadata's valid time
+     * @param int|null      $cacheDuration Duration of the cache in seconds
+     *
+     * @return string  SP metadata (xml)
+     */
+    public function getSPMetadata($alwaysPublishEncryptionCert = false, $validUntil = null, $cacheDuration = null)
+    {
+        try {
+            $settings = new OneLogin_Saml2_Settings($this->_settings , true);
+            $metadata = $settings->getSPMetadata($alwaysPublishEncryptionCert, $validUntil, $cacheDuration);
+    
+            return $metadata;
+        } catch (Exception $e) {
+            return "";
+        }
+    }
+
    /**
     * Extract data from SAML Response. 
     *