T13 saml2 update simplesaml 2.0.15

.extlib/simplesamlphp/SECURITY.md

@@ -12,7 +12,7 @@ The 1.19 branch will receive security and critical bug fixes until the end of 20
 
 ## Reporting a Vulnerability
 
-In case you find a vulnerability in SimpleSAMLphp, or you want to confirm a possible security issue in the software, please get in touch with us through [UNINETT's CERT team](https://www.uninett.no/cert). Please use our PGP public key to encrypt any possible sensitive data that you may need to submit. We will get back to you as soon as possible according to our working hours in Central European Time.
+In case you find a vulnerability in SimpleSAMLphp, or you want to confirm a possible security issue in the software, please get in touch with us through [Sikt's CERT team](https://sikt.no/abuse). Please use our PGP public key to encrypt any possible sensitive data that you may need to submit. We will get back to you as soon as possible according to our working hours in Central European Time.
 
 When reporting a security issue, please add as much information as possible to help us identify, confirm, replicate and fix the problem. In particular, remember to include the following information in your report:
 

.extlib/simplesamlphp/bin/console

@@ -11,7 +11,7 @@ set_time_limit(0);
 require __DIR__.'/../vendor/autoload.php';
 
 $input = new ArgvInput();
-$module = $input->getParameterOption(['--modules', '-m'], 'core');
+$module = $input->getParameterOption(['--module', '-m'], 'core');
 $kernel = new Kernel($module);
 
 $application = new Application($kernel);

.extlib/simplesamlphp/bin/importPdoMetadata.php

@@ -2,9 +2,12 @@
 <?php
 
 $baseDir = dirname(__FILE__, 2);
-
 require_once $baseDir . DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . '_autoload.php';
-require_once \SimpleSAML\Utils\Config::getConfigDir() . DIRECTORY_SEPARATOR . 'config.php';
+
+// This is the config dir of the SimpleSAMLphp installation
+$configDir = (new \SimpleSAML\Utils\Config())->getConfigDir();
+
+require_once $configDir . DIRECTORY_SEPARATOR . 'config.php';
 
 # Iterate through configured metadata sources and ensure
 # that a PDO source exists.

.extlib/simplesamlphp/bin/initMDSPdo.php

@@ -6,7 +6,11 @@
 
 // Add library autoloader and configuration
 require_once $baseDir . DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . '_autoload.php';
-require_once \SimpleSAML\Utils\Config::getConfigDir() . DIRECTORY_SEPARATOR . 'config.php';
+
+// This is the config dir of the SimpleSAMLphp installation
+$configDir = (new \SimpleSAML\Utils\Config())->getConfigDir();
+
+require_once $configDir . DIRECTORY_SEPARATOR . 'config.php';
 
 echo "Initializing Metadata Database..." . PHP_EOL;
 

.extlib/simplesamlphp/config/acl.php.dist

@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * This file defines "named" access control lists, which can
+ * be reused in several places.
+ */
+$config = [
+    'adminlist' => [
+        //['allow', 'equals', 'mail', 'admin1@example.org'],
+        //['allow', 'has', 'groups', 'admin'],
+        // The default action is to deny access.
+    ],
+
+    'example-simple' => [
+        ['allow', 'equals', 'mail', 'admin1@example.org'],
+        ['allow', 'equals', 'mail', 'admin2@example.org'],
+        // The default action is to deny access.
+    ],
+
+    'example-deny-some' => [
+        ['deny', 'equals', 'mail', 'eviluser@example.org'],
+        ['allow'], // Allow everybody else.
+    ],
+
+    'example-maildomain' => [
+        ['allow', 'equals-preg', 'mail', '/@example\.org$/'],
+        // The default action is to deny access.
+    ],
+
+    'example-allow-employees' => [
+        ['allow', 'has', 'eduPersonAffiliation', 'employee'],
+        // The default action is to deny access.
+    ],
+
+    'example-allow-employees-not-students' => [
+        ['deny', 'has', 'eduPersonAffiliation', 'student'],
+        ['allow', 'has', 'eduPersonAffiliation', 'employee'],
+        // The default action is to deny access.
+    ],
+
+    'example-deny-student-except-one' => [
+        ['deny', 'and',
+            ['has', 'eduPersonAffiliation', 'student'],
+            ['not', 'equals', 'mail', 'user@example.org'],
+        ],
+        ['allow'],
+    ],
+
+    'example-allow-or' => [
+        ['allow', 'or',
+            ['equals', 'eduPersonAffiliation', 'student', 'member'],
+            ['equals', 'mail', 'someuser@example2.org'],
+        ],
+    ],
+
+    'example-allow-all' => [
+        ['allow'],
+    ],
+];