Merge pull request #40 from RRZE-Webteam/dev

Dev

Author: rvdforst

includes/Authenticate.php

@@ -160,11 +160,12 @@ public function authenticate($user, $userLogin)
         $userLogin = $userLogin ?: explode('@', $subjectId)[0];
 
         $found = false;
-        foreach (array_keys($identityProviders) as $idpName) {
-            $idpName = sanitize_title($idpName);
-            $domainScope = $this->options->domain_scope[$idpName] ?? '';
+        foreach ($identityProviders as $idpKey => $idpName) {
+            $idpKey = sanitize_title($idpKey);
+            $idpName = sanitize_text_field($idpName);
+            $domainScope = $this->options->domain_scope[$idpKey] ?? '';
             $domainScope = $domainScope ? '@' . $domainScope : $domainScope;
-            if (sanitize_title($samlSpIdp) == $idpName) {
+            if (sanitize_title($samlSpIdp) == $idpKey) {
                 $found = true;
                 $userLogin = $userLogin . $domainScope;
                 break;

includes/SimpleSAML.php

@@ -54,7 +54,7 @@ public function loaded()
         }
         $this->setAuthSimple()
             ->setIdentityProviders();
-        return true; 
+        return true;
     }
 
     /**
@@ -94,40 +94,50 @@ public function getIdentityProviders()
     }
 
     /**
-     * Set the available Identity Providers list.
-     * @return object This SimpleSAML object.
+     * Get an array of available Identity Providers.
+     * @return array array
      */
-    protected function setIdentityProviders()
+    public function identityProviders()
     {
-        if (!method_exists('\SimpleSAML\Configuration', 'getConfig')) {
-            return $this;
-        }
-
-        try {
-            // Get the authsources file, which should contain the config.
-            $authsource = \SimpleSAML\Configuration::getConfig('authsources.php');
-        } catch (\Exception $e) {
-            $error = new \WP_Error('simplesaml_configuration_error', $e->getMessage());
-            $this->errorOnLoaded($error);
-            return $this;
+        // Initialize the metadata storage handler
+        $metadataHandler = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+
+        // Load all available metadata entities
+        $entityList = $metadataHandler->getList();
+
+        // Array to store IdP metadata
+        $idpMetadata = [];
+
+        foreach (array_keys($entityList) as $entityId) {
+            try {
+                // Fetch metadata for the entity from metarefresh cache
+                $metadata = $metadataHandler->getMetaDataConfig($entityId, 'saml20-idp-remote');
+
+                // Store only IdP metadata
+                if ($metadata !== null) {
+                    $idpMetadata[$entityId] = $metadata->toArray();
+                }
+            } catch (\Exception $e) {
+                error_log("Error retrieving metadata for entity $entityId: " . $e->getMessage());
+            }
         }
 
-        // Get just the specified authsource config values.
-        $authsource = $authsource->toArray();
-        $idp = $authsource[$this->options->simplesaml_auth_source]['idp'] ?? 'null';
+        return $idpMetadata;
+    }
 
-        $saml20IdpRemoteFile = dirname($this->simplesamlInclude, 2) . '/metadata/saml20-idp-remote.php';
-        if (!file_exists($saml20IdpRemoteFile)) {
-            return $this;
-        }
-        // Load $metadata array.
-        require_once($saml20IdpRemoteFile);
+    /**
+     * Set the available Identity Providers list.
+     * @return object This SimpleSAML object.
+     */
+    protected function setIdentityProviders()
+    {
+        $idpMetadata = $this->identityProviders();
 
-        $metadata = $metadata ?? [];
         $locale = get_locale();
         $lang = explode('_', $locale)[0];
+
         $idps = [];
-        foreach ($metadata as $key => $value) {
+        foreach ($idpMetadata as $key => $value) {
             if (isset($value['name'][$lang])) {
                 $name = $value['name'][$lang];
             } elseif (isset($value['name']) && is_string($value['name'])) {
@@ -138,12 +148,6 @@ protected function setIdentityProviders()
             $idps[$key] = $name;
         }
 
-        if ($idp && isset($idps[$idp])) {
-            $idps = [
-                $idp => $idps[$idp]
-            ];
-        }
-
         $this->identityProviders = $idps;
         return $this;
     }

rrze-sso.php

@@ -3,7 +3,7 @@
 /*
 Plugin Name:        RRZE SSO
 Plugin URI:         https://github.com/RRZE-Webteam/rrze-sso
-Version:            1.6.10
+Version:            1.6.11
 Description:        Single-Sign-On (SSO) SAML-Integrations-Plugin für WordPress.
 Author:             RRZE-Webteam
 Author URI:         https://blogs.fau.de/webworking/