1
|
<html>
|
2
|
<head>
|
3
|
<title>Shibboleth Attributes - <?php echo $_SERVER["SERVER_NAME"]; ?></title>
|
4
|
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
|
5
|
<META HTTP-EQUIV="Expires" CONTENT="-1">
|
6
|
<script language"JavaScript" type="text/JavaScript">
|
7
|
<!--
|
8
|
function decodeAttributeResponse() {
|
9
|
var textarea = document.getElementById("attributeResponseArea");
|
10
|
var base64str = textarea.value;
|
11
|
var decodedMessage = decode64(base64str);
|
12
|
textarea.value = tidyXml(decodedMessage);
|
13
|
textarea.rows = 15;
|
14
|
document.getElementById("decodeButtonBlock").style.display='none';
|
15
|
}
|
16
|
|
17
|
function tidyXml(xmlMessage) {
|
18
|
//put newline before closing tags of values inside xml blocks
|
19
|
xmlMessage = xmlMessage.replace(/([^>])</g,"$1\n<");
|
20
|
//put newline after every tag
|
21
|
xmlMessage = xmlMessage.replace(/>/g,">\n");
|
22
|
var xmlMessageArray = xmlMessage.split("\n");
|
23
|
xmlMessage="";
|
24
|
var nestedLevel=0;
|
25
|
for (var n=0; n < xmlMessageArray.length; n++) {
|
26
|
if ( xmlMessageArray[n].search(/<\//) > -1 ) {
|
27
|
nestedLevel--;
|
28
|
}
|
29
|
for (i=0; i<nestedLevel; i++) {
|
30
|
xmlMessage+=" ";
|
31
|
}
|
32
|
xmlMessage+=xmlMessageArray[n]+"\n";
|
33
|
if ( xmlMessageArray[n].search(/\/>/) > -1 ) {
|
34
|
//level status the same
|
35
|
}
|
36
|
else if ( ( xmlMessageArray[n].search(/<\//) < 0 ) && (xmlMessageArray[n].search(/</) > -1) ) {
|
37
|
//only increment if this was a tag, not if it is a value
|
38
|
nestedLevel++;
|
39
|
}
|
40
|
}
|
41
|
return xmlMessage;
|
42
|
}
|
43
|
|
44
|
var base64Key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
|
45
|
function decode64(encodedString) {
|
46
|
var decodedMessage = "";
|
47
|
var char1, char2, char3;
|
48
|
var enc1, enc2, enc3, enc4;
|
49
|
var i = 0;
|
50
|
|
51
|
//remove all characters that are not A-Z, a-z, 0-9, +, /, or =
|
52
|
encodedString = encodedString.replace(/[^A-Za-z0-9\+\/\=]/g, "");
|
53
|
do {
|
54
|
enc1 = base64Key.indexOf(encodedString.charAt(i++));
|
55
|
enc2 = base64Key.indexOf(encodedString.charAt(i++));
|
56
|
enc3 = base64Key.indexOf(encodedString.charAt(i++));
|
57
|
enc4 = base64Key.indexOf(encodedString.charAt(i++));
|
58
|
|
59
|
char1 = (enc1 << 2) | (enc2 >> 4);
|
60
|
char2 = ((enc2 & 15) << 4) | (enc3 >> 2);
|
61
|
char3 = ((enc3 & 3) << 6) | enc4;
|
62
|
|
63
|
decodedMessage = decodedMessage + String.fromCharCode(char1);
|
64
|
if (enc3 != 64) {
|
65
|
decodedMessage = decodedMessage + String.fromCharCode(char2);
|
66
|
}
|
67
|
if (enc4 != 64) {
|
68
|
decodedMessage = decodedMessage + String.fromCharCode(char3);
|
69
|
}
|
70
|
} while (i < encodedString.length);
|
71
|
return decodedMessage;
|
72
|
}
|
73
|
// -->
|
74
|
</script>
|
75
|
</head>
|
76
|
|
77
|
|
78
|
<body>
|
79
|
|
80
|
<b>-all SHIB headers-</b> (<code>HTTP_SHIB_ATTRIBUTES</code> is not shown in this list)
|
81
|
<?php
|
82
|
echo '<table>';
|
83
|
foreach ($_SERVER as $key => $value)
|
84
|
{
|
85
|
$fkey='_'.$key;
|
86
|
if ( strpos($fkey,'SHIB')>1 && $key!="HTTP_SHIB_ATTRIBUTES")
|
87
|
# if ( strpos($fkey,'SHIB')>1 )
|
88
|
{
|
89
|
echo '<tr>';
|
90
|
echo '<td>'.$key.'</td><td>'.$value.'</td>';
|
91
|
echo '</tr>';
|
92
|
}
|
93
|
}
|
94
|
echo '<tr><td>(REMOTE_USER)</td><td>'.$_SERVER['REMOTE_USER'].'</td></tr>';
|
95
|
echo '<tr><td>(HTTP_REMOTE_USER)</td><td>'.$_SERVER['HTTP_REMOTE_USER'].'</td></tr>';
|
96
|
echo '</table>';
|
97
|
?>
|
98
|
<br/>
|
99
|
|
100
|
attribute response from the IdP (<code>HTTP_SHIB_ATTRIBUTES</code>):<br/>
|
101
|
<textarea id="attributeResponseArea" onclick="select()" rows="1" cols="130"><?php echo $_SERVER["HTTP_SHIB_ATTRIBUTES"]; ?></textarea><br/>
|
102
|
<span id="decodeButtonBlock"><input type="button" id="decodeButton" value="decode base64 encoded attribute response using JavaScript" onClick="decodeAttributeResponse();"><br/></span>
|
103
|
|
104
|
<br/>
|
105
|
|
106
|
<small>
|
107
|
notes:<br/>
|
108
|
The AAP throws away invalid values (eg an unscopedAffiliation of value "myBoss@<yourdomain>" or a value with an invalid scope which scope is checked)<br/>
|
109
|
The raw attribute response (<code>HTTP_SHIB_ATTRIBUTES</code>) is NOT filtered by the AAP and should therefore be disabled for most applications (<code>exportAssertion=false</code>).<br/>
|
110
|
</small>
|
111
|
|
112
|
<br/>
|
113
|
<hr/>
|
114
|
<br/>
|
115
|
|
116
|
|
117
|
<b>$_REQUEST</b>
|
118
|
<?php
|
119
|
echo '<table>';
|
120
|
foreach ($_REQUEST as $key => $value)
|
121
|
{
|
122
|
echo '<tr>';
|
123
|
echo '<td>'.$key.'</td><td>'.$value.'</td>';
|
124
|
echo '</tr>';
|
125
|
|
126
|
}
|
127
|
echo '</table>'
|
128
|
?>
|
129
|
|
130
|
|
131
|
|
132
|
<br/>
|
133
|
<hr/>
|
134
|
<br/>
|
135
|
|
136
|
<b>$_SERVER</b>
|
137
|
<?php
|
138
|
echo '<table>';
|
139
|
foreach ($_SERVER as $key => $value)
|
140
|
{
|
141
|
echo '<tr>';
|
142
|
echo '<td>'.$key.'</td><td>'.$value.'</td>';
|
143
|
echo '</tr>';
|
144
|
|
145
|
}
|
146
|
echo '</table>'
|
147
|
?>
|
148
|
|
149
|
<br/>
|
150
|
<hr/>
|
151
|
<br/>
|
152
|
|
153
|
<b>$_SESSION</b>
|
154
|
<?php
|
155
|
echo '<table>';
|
156
|
foreach ($_SESSION as $key => $value)
|
157
|
{
|
158
|
echo '<tr>';
|
159
|
echo '<td>'.$key.'</td><td>'.$value.'</td>';
|
160
|
echo '</tr>';
|
161
|
|
162
|
}
|
163
|
echo '</table>'
|
164
|
?>
|
165
|
|
166
|
<br/>
|
167
|
<hr/>
|
168
|
<br/>
|
169
|
|
170
|
</body>
|
171
|
</html>
|