EDUCATIC
/
digitaldemocratic
mirror of https://gitlab.com/digitaldemocratic/digitaldemocratic
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(wordpress,nextcloud): added saml plugins src

darta 2022-05-07 13:52:21 +02:00
parent c737044563
commit d4e8525768
321 changed files with 45124 additions and 1532 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docker/nextcloud/src/custom_apps/user_saml/3rdparty/composer.json vendored Normal file
View File

@ -0,0 +1,10 @@
{
"config": {
"optimize-autoloader": true,
"classmap-authoritative": true
},
"require": {
"onelogin/php-saml": "^3.0",
"firebase/php-jwt": "^4.0"
}
}

150
docker/nextcloud/src/custom_apps/user_saml/3rdparty/composer.lock generated vendored Normal file
View File

@ -0,0 +1,150 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "f3e661f8388070704bd9b01b48752bf0",
"packages": [
{
"name": "firebase/php-jwt",
"version": "v4.0.0",
"source": {
"type": "git",
"url": "https://github.com/firebase/php-jwt.git",
"reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/dccf163dc8ed7ed6a00afc06c51ee5186a428d35",
"reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Firebase\\JWT\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Neuman Vong",
"email": "neuman+pear@twilio.com",
"role": "Developer"
},
{
"name": "Anant Narayanan",
"email": "anant@php.net",
"role": "Developer"
}
],
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt",
"time": "2016-07-18T04:51:16+00:00"
},
{
"name": "onelogin/php-saml",
"version": "3.4.1",
"source": {
"type": "git",
"url": "https://github.com/onelogin/php-saml.git",
"reference": "5fbf3486704ac9835b68184023ab54862c95f213"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/5fbf3486704ac9835b68184023ab54862c95f213",
"reference": "5fbf3486704ac9835b68184023ab54862c95f213",
"shasum": ""
},
"require": {
"php": ">=5.4",
"robrichards/xmlseclibs": ">=3.0.4"
},
"require-dev": {
"pdepend/pdepend": "^2.5.0",
"php-coveralls/php-coveralls": "^1.0.2 || ^2.0",
"phploc/phploc": "^2.1 || ^3.0 || ^4.0",
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1",
"sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0",
"squizlabs/php_codesniffer": "^3.1.1"
},
"suggest": {
"ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs",
"ext-gettext": "Install gettext and php5-gettext libs to handle translations",
"ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
},
"type": "library",
"autoload": {
"psr-4": {
"OneLogin\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "OneLogin PHP SAML Toolkit",
"homepage": "https://developers.onelogin.com/saml/php",
"keywords": [
"SAML2",
"onelogin",
"saml"
],
"time": "2019-11-25T17:30:07+00:00"
},
{
"name": "robrichards/xmlseclibs",
"version": "3.1.1",
"source": {
"type": "git",
"url": "https://github.com/robrichards/xmlseclibs.git",
"reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df",
"reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"php": ">= 5.4"
},
"type": "library",
"autoload": {
"psr-4": {
"RobRichards\\XMLSecLibs\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"description": "A PHP library for XML Security",
"homepage": "https://github.com/robrichards/xmlseclibs",
"keywords": [
"security",
"signature",
"xml",
"xmldsig"
],
"time": "2020-09-05T13:00:25+00:00"
}
],
"packages-dev": [],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": [],
"prefer-stable": false,
"prefer-lowest": false,
"platform": [],
"platform-dev": [],
"plugin-api-version": "1.1.0"
}

7
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/autoload.php vendored Normal file
View File

@ -0,0 +1,7 @@
<?php
// autoload.php @generated by Composer
require_once __DIR__ . '/composer/autoload_real.php';
return ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getLoader();

479
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/ClassLoader.php vendored Normal file
View File

@ -0,0 +1,479 @@
<?php
/*
* This file is part of Composer.
*
* (c) Nils Adermann <naderman@naderman.de>
* Jordi Boggiano <j.boggiano@seld.be>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Composer\Autoload;
/**
* ClassLoader implements a PSR-0, PSR-4 and classmap class loader.
*
* $loader = new \Composer\Autoload\ClassLoader();
*
* // register classes with namespaces
* $loader->add('Symfony\Component', __DIR__.'/component');
* $loader->add('Symfony', __DIR__.'/framework');
*
* // activate the autoloader
* $loader->register();
*
* // to enable searching the include path (eg. for PEAR packages)
* $loader->setUseIncludePath(true);
*
* In this example, if you try to use a class in the Symfony\Component
* namespace or one of its children (Symfony\Component\Console for instance),
* the autoloader will first look for the class under the component/
* directory, and it will then fallback to the framework/ directory if not
* found before giving up.
*
* This class is loosely based on the Symfony UniversalClassLoader.
*
* @author Fabien Potencier <fabien@symfony.com>
* @author Jordi Boggiano <j.boggiano@seld.be>
* @see https://www.php-fig.org/psr/psr-0/
* @see https://www.php-fig.org/psr/psr-4/
*/
class ClassLoader
{
private $vendorDir;
// PSR-4
private $prefixLengthsPsr4 = array();
private $prefixDirsPsr4 = array();
private $fallbackDirsPsr4 = array();
// PSR-0
private $prefixesPsr0 = array();
private $fallbackDirsPsr0 = array();
private $useIncludePath = false;
private $classMap = array();
private $classMapAuthoritative = false;
private $missingClasses = array();
private $apcuPrefix;
private static $registeredLoaders = array();
public function __construct($vendorDir = null)
{
$this->vendorDir = $vendorDir;
}
public function getPrefixes()
{
if (!empty($this->prefixesPsr0)) {
return call_user_func_array('array_merge', array_values($this->prefixesPsr0));
}
return array();
}
public function getPrefixesPsr4()
{
return $this->prefixDirsPsr4;
}
public function getFallbackDirs()
{
return $this->fallbackDirsPsr0;
}
public function getFallbackDirsPsr4()
{
return $this->fallbackDirsPsr4;
}
public function getClassMap()
{
return $this->classMap;
}
/**
* @param array $classMap Class to filename map
*/
public function addClassMap(array $classMap)
{
if ($this->classMap) {
$this->classMap = array_merge($this->classMap, $classMap);
} else {
$this->classMap = $classMap;
}
}
/**
* Registers a set of PSR-0 directories for a given prefix, either
* appending or prepending to the ones previously set for this prefix.
*
* @param string $prefix The prefix
* @param array|string $paths The PSR-0 root directories
* @param bool $prepend Whether to prepend the directories
*/
public function add($prefix, $paths, $prepend = false)
{
if (!$prefix) {
if ($prepend) {
$this->fallbackDirsPsr0 = array_merge(
(array) $paths,
$this->fallbackDirsPsr0
);
} else {
$this->fallbackDirsPsr0 = array_merge(
$this->fallbackDirsPsr0,
(array) $paths
);
}
return;
}
$first = $prefix[0];
if (!isset($this->prefixesPsr0[$first][$prefix])) {
$this->prefixesPsr0[$first][$prefix] = (array) $paths;
return;
}
if ($prepend) {
$this->prefixesPsr0[$first][$prefix] = array_merge(
(array) $paths,
$this->prefixesPsr0[$first][$prefix]
);
} else {
$this->prefixesPsr0[$first][$prefix] = array_merge(
$this->prefixesPsr0[$first][$prefix],
(array) $paths
);
}
}
/**
* Registers a set of PSR-4 directories for a given namespace, either
* appending or prepending to the ones previously set for this namespace.
*
* @param string $prefix The prefix/namespace, with trailing '\\'
* @param array|string $paths The PSR-4 base directories
* @param bool $prepend Whether to prepend the directories
*
* @throws \InvalidArgumentException
*/
public function addPsr4($prefix, $paths, $prepend = false)
{
if (!$prefix) {
// Register directories for the root namespace.
if ($prepend) {
$this->fallbackDirsPsr4 = array_merge(
(array) $paths,
$this->fallbackDirsPsr4
);
} else {
$this->fallbackDirsPsr4 = array_merge(
$this->fallbackDirsPsr4,
(array) $paths
);
}
} elseif (!isset($this->prefixDirsPsr4[$prefix])) {
// Register directories for a new namespace.
$length = strlen($prefix);
if ('\\' !== $prefix[$length - 1]) {
throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
}
$this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
$this->prefixDirsPsr4[$prefix] = (array) $paths;
} elseif ($prepend) {
// Prepend directories for an already registered namespace.
$this->prefixDirsPsr4[$prefix] = array_merge(
(array) $paths,
$this->prefixDirsPsr4[$prefix]
);
} else {
// Append directories for an already registered namespace.
$this->prefixDirsPsr4[$prefix] = array_merge(
$this->prefixDirsPsr4[$prefix],
(array) $paths
);
}
}
/**
* Registers a set of PSR-0 directories for a given prefix,
* replacing any others previously set for this prefix.
*
* @param string $prefix The prefix
* @param array|string $paths The PSR-0 base directories
*/
public function set($prefix, $paths)
{
if (!$prefix) {
$this->fallbackDirsPsr0 = (array) $paths;
} else {
$this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths;
}
}
/**
* Registers a set of PSR-4 directories for a given namespace,
* replacing any others previously set for this namespace.
*
* @param string $prefix The prefix/namespace, with trailing '\\'
* @param array|string $paths The PSR-4 base directories
*
* @throws \InvalidArgumentException
*/
public function setPsr4($prefix, $paths)
{
if (!$prefix) {
$this->fallbackDirsPsr4 = (array) $paths;
} else {
$length = strlen($prefix);
if ('\\' !== $prefix[$length - 1]) {
throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
}
$this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
$this->prefixDirsPsr4[$prefix] = (array) $paths;
}
}
/**
* Turns on searching the include path for class files.
*
* @param bool $useIncludePath
*/
public function setUseIncludePath($useIncludePath)
{
$this->useIncludePath = $useIncludePath;
}
/**
* Can be used to check if the autoloader uses the include path to check
* for classes.
*
* @return bool
*/
public function getUseIncludePath()
{
return $this->useIncludePath;
}
/**
* Turns off searching the prefix and fallback directories for classes
* that have not been registered with the class map.
*
* @param bool $classMapAuthoritative
*/
public function setClassMapAuthoritative($classMapAuthoritative)
{
$this->classMapAuthoritative = $classMapAuthoritative;
}
/**
* Should class lookup fail if not found in the current class map?
*
* @return bool
*/
public function isClassMapAuthoritative()
{
return $this->classMapAuthoritative;
}
/**
* APCu prefix to use to cache found/not-found classes, if the extension is enabled.
*
* @param string|null $apcuPrefix
*/
public function setApcuPrefix($apcuPrefix)
{
$this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null;
}
/**
* The APCu prefix in use, or null if APCu caching is not enabled.
*
* @return string|null
*/
public function getApcuPrefix()
{
return $this->apcuPrefix;
}
/**
* Registers this instance as an autoloader.
*
* @param bool $prepend Whether to prepend the autoloader or not
*/
public function register($prepend = false)
{
spl_autoload_register(array($this, 'loadClass'), true, $prepend);
if (null === $this->vendorDir) {
return;
}
if ($prepend) {
self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders;
} else {
unset(self::$registeredLoaders[$this->vendorDir]);
self::$registeredLoaders[$this->vendorDir] = $this;
}
}
/**
* Unregisters this instance as an autoloader.
*/
public function unregister()
{
spl_autoload_unregister(array($this, 'loadClass'));
if (null !== $this->vendorDir) {
unset(self::$registeredLoaders[$this->vendorDir]);
}
}
/**
* Loads the given class or interface.
*
* @param string $class The name of the class
* @return bool|null True if loaded, null otherwise
*/
public function loadClass($class)
{
if ($file = $this->findFile($class)) {
includeFile($file);
return true;
}
}
/**
* Finds the path to the file where the class is defined.
*
* @param string $class The name of the class
*
* @return string|false The path if found, false otherwise
*/
public function findFile($class)
{
// class map lookup
if (isset($this->classMap[$class])) {
return $this->classMap[$class];
}
if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) {
return false;
}
if (null !== $this->apcuPrefix) {
$file = apcu_fetch($this->apcuPrefix.$class, $hit);
if ($hit) {
return $file;
}
}
$file = $this->findFileWithExtension($class, '.php');
// Search for Hack files if we are running on HHVM
if (false === $file && defined('HHVM_VERSION')) {
$file = $this->findFileWithExtension($class, '.hh');
}
if (null !== $this->apcuPrefix) {
apcu_add($this->apcuPrefix.$class, $file);
}
if (false === $file) {
// Remember that this class does not exist.
$this->missingClasses[$class] = true;
}
return $file;
}
/**
* Returns the currently registered loaders indexed by their corresponding vendor directories.
*
* @return self[]
*/
public static function getRegisteredLoaders()
{
return self::$registeredLoaders;
}
private function findFileWithExtension($class, $ext)
{
// PSR-4 lookup
$logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext;
$first = $class[0];
if (isset($this->prefixLengthsPsr4[$first])) {
$subPath = $class;
while (false !== $lastPos = strrpos($subPath, '\\')) {
$subPath = substr($subPath, 0, $lastPos);
$search = $subPath . '\\';
if (isset($this->prefixDirsPsr4[$search])) {
$pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1);
foreach ($this->prefixDirsPsr4[$search] as $dir) {
if (file_exists($file = $dir . $pathEnd)) {
return $file;
}
}
}
}
}
// PSR-4 fallback dirs
foreach ($this->fallbackDirsPsr4 as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) {
return $file;
}
}
// PSR-0 lookup
if (false !== $pos = strrpos($class, '\\')) {
// namespaced class name
$logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1)
. strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR);
} else {
// PEAR-like class name
$logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext;
}
if (isset($this->prefixesPsr0[$first])) {
foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
if (0 === strpos($class, $prefix)) {
foreach ($dirs as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
return $file;
}
}
}
}
}
// PSR-0 fallback dirs
foreach ($this->fallbackDirsPsr0 as $dir) {
if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
return $file;
}
}
// PSR-0 include paths.
if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) {
return $file;
}
return false;
}
}
/**
* Scope isolated include.
*
* Prevents access to $this/self from included files.
*/
function includeFile($file)
{
include $file;
}

310
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/InstalledVersions.php vendored Normal file
View File

@ -0,0 +1,310 @@
<?php
namespace Composer;
use Composer\Autoload\ClassLoader;
use Composer\Semver\VersionParser;
class InstalledVersions
{
private static $installed = array (
'root' =>
array (
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'aliases' =>
array (
),
'reference' => '4207ca69d7f01b2272c44893f150edc2768681d5',
'name' => '__root__',
),
'versions' =>
array (
'__root__' =>
array (
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'aliases' =>
array (
),
'reference' => '4207ca69d7f01b2272c44893f150edc2768681d5',
),
'firebase/php-jwt' =>
array (
'pretty_version' => 'v4.0.0',
'version' => '4.0.0.0',
'aliases' =>
array (
),
'reference' => 'dccf163dc8ed7ed6a00afc06c51ee5186a428d35',
),
'onelogin/php-saml' =>
array (
'pretty_version' => '3.4.1',
'version' => '3.4.1.0',
'aliases' =>
array (
),
'reference' => '5fbf3486704ac9835b68184023ab54862c95f213',
),
'robrichards/xmlseclibs' =>
array (
'pretty_version' => '3.1.1',
'version' => '3.1.1.0',
'aliases' =>
array (
),
'reference' => 'f8f19e58f26cdb42c54b214ff8a820760292f8df',
),
),
);
private static $canGetVendors;
private static $installedByVendor = array();
public static function getInstalledPackages()
{
$packages = array();
foreach (self::getInstalled() as $installed) {
$packages[] = array_keys($installed['versions']);
}
if (1 === \count($packages)) {
return $packages[0];
}
return array_keys(array_flip(\call_user_func_array('array_merge', $packages)));
}
public static function isInstalled($packageName)
{
foreach (self::getInstalled() as $installed) {
if (isset($installed['versions'][$packageName])) {
return true;
}
}
return false;
}
public static function satisfies(VersionParser $parser, $packageName, $constraint)
{
$constraint = $parser->parseConstraints($constraint);
$provided = $parser->parseConstraints(self::getVersionRanges($packageName));
return $provided->matches($constraint);
}
public static function getVersionRanges($packageName)
{
foreach (self::getInstalled() as $installed) {
if (!isset($installed['versions'][$packageName])) {
continue;
}
$ranges = array();
if (isset($installed['versions'][$packageName]['pretty_version'])) {
$ranges[] = $installed['versions'][$packageName]['pretty_version'];
}
if (array_key_exists('aliases', $installed['versions'][$packageName])) {
$ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']);
}
if (array_key_exists('replaced', $installed['versions'][$packageName])) {
$ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']);
}
if (array_key_exists('provided', $installed['versions'][$packageName])) {
$ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']);
}
return implode(' || ', $ranges);
}
throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
}
public static function getVersion($packageName)
{
foreach (self::getInstalled() as $installed) {
if (!isset($installed['versions'][$packageName])) {
continue;
}
if (!isset($installed['versions'][$packageName]['version'])) {
return null;
}
return $installed['versions'][$packageName]['version'];
}
throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
}
public static function getPrettyVersion($packageName)
{
foreach (self::getInstalled() as $installed) {
if (!isset($installed['versions'][$packageName])) {
continue;
}
if (!isset($installed['versions'][$packageName]['pretty_version'])) {
return null;
}
return $installed['versions'][$packageName]['pretty_version'];
}
throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
}
public static function getReference($packageName)
{
foreach (self::getInstalled() as $installed) {
if (!isset($installed['versions'][$packageName])) {
continue;
}
if (!isset($installed['versions'][$packageName]['reference'])) {
return null;
}
return $installed['versions'][$packageName]['reference'];
}
throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
}
public static function getRootPackage()
{
$installed = self::getInstalled();
return $installed[0]['root'];
}
public static function getRawData()
{
return self::$installed;
}
public static function reload($data)
{
self::$installed = $data;
self::$installedByVendor = array();
}
private static function getInstalled()
{
if (null === self::$canGetVendors) {
self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders');
}
$installed = array();
if (self::$canGetVendors) {
foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
if (isset(self::$installedByVendor[$vendorDir])) {
$installed[] = self::$installedByVendor[$vendorDir];
} elseif (is_file($vendorDir.'/composer/installed.php')) {
$installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php';
}
}
}
$installed[] = self::$installed;
return $installed;
}
}

21
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/LICENSE vendored Normal file
View File

@ -0,0 +1,21 @@
Copyright (c) Nils Adermann, Jordi Boggiano
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

30
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/autoload_classmap.php vendored Normal file
View File

@ -0,0 +1,30 @@
<?php
// autoload_classmap.php @generated by Composer
$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php',
'Firebase\\JWT\\BeforeValidException' => $vendorDir . '/firebase/php-jwt/src/BeforeValidException.php',
'Firebase\\JWT\\ExpiredException' => $vendorDir . '/firebase/php-jwt/src/ExpiredException.php',
'Firebase\\JWT\\JWT' => $vendorDir . '/firebase/php-jwt/src/JWT.php',
'Firebase\\JWT\\SignatureInvalidException' => $vendorDir . '/firebase/php-jwt/src/SignatureInvalidException.php',
'OneLogin\\Saml2\\Auth' => $vendorDir . '/onelogin/php-saml/src/Saml2/Auth.php',
'OneLogin\\Saml2\\AuthnRequest' => $vendorDir . '/onelogin/php-saml/src/Saml2/AuthnRequest.php',
'OneLogin\\Saml2\\Constants' => $vendorDir . '/onelogin/php-saml/src/Saml2/Constants.php',
'OneLogin\\Saml2\\Error' => $vendorDir . '/onelogin/php-saml/src/Saml2/Error.php',
'OneLogin\\Saml2\\IdPMetadataParser' => $vendorDir . '/onelogin/php-saml/src/Saml2/IdPMetadataParser.php',
'OneLogin\\Saml2\\LogoutRequest' => $vendorDir . '/onelogin/php-saml/src/Saml2/LogoutRequest.php',
'OneLogin\\Saml2\\LogoutResponse' => $vendorDir . '/onelogin/php-saml/src/Saml2/LogoutResponse.php',
'OneLogin\\Saml2\\Metadata' => $vendorDir . '/onelogin/php-saml/src/Saml2/Metadata.php',
'OneLogin\\Saml2\\Response' => $vendorDir . '/onelogin/php-saml/src/Saml2/Response.php',
'OneLogin\\Saml2\\Settings' => $vendorDir . '/onelogin/php-saml/src/Saml2/Settings.php',
'OneLogin\\Saml2\\Utils' => $vendorDir . '/onelogin/php-saml/src/Saml2/Utils.php',
'OneLogin\\Saml2\\ValidationError' => $vendorDir . '/onelogin/php-saml/src/Saml2/ValidationError.php',
'RobRichards\\XMLSecLibs\\Utils\\XPath' => $vendorDir . '/robrichards/xmlseclibs/src/Utils/XPath.php',
'RobRichards\\XMLSecLibs\\XMLSecEnc' => $vendorDir . '/robrichards/xmlseclibs/src/XMLSecEnc.php',
'RobRichards\\XMLSecLibs\\XMLSecurityDSig' => $vendorDir . '/robrichards/xmlseclibs/src/XMLSecurityDSig.php',
'RobRichards\\XMLSecLibs\\XMLSecurityKey' => $vendorDir . '/robrichards/xmlseclibs/src/XMLSecurityKey.php',
);

9
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/autoload_namespaces.php vendored Normal file
View File

@ -0,0 +1,9 @@
<?php
// autoload_namespaces.php @generated by Composer
$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
);

12
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/autoload_psr4.php vendored Normal file
View File

@ -0,0 +1,12 @@
<?php
// autoload_psr4.php @generated by Composer
$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
'RobRichards\\XMLSecLibs\\' => array($vendorDir . '/robrichards/xmlseclibs/src'),
'OneLogin\\' => array($vendorDir . '/onelogin/php-saml/src'),
'Firebase\\JWT\\' => array($vendorDir . '/firebase/php-jwt/src'),
);

48
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/autoload_real.php vendored Normal file
View File

@ -0,0 +1,48 @@
<?php
// autoload_real.php @generated by Composer
class ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc
{
private static $loader;
public static function loadClassLoader($class)
{
if ('Composer\Autoload\ClassLoader' === $class) {
require __DIR__ . '/ClassLoader.php';
}
}
/**
* @return \Composer\Autoload\ClassLoader
*/
public static function getLoader()
{
if (null !== self::$loader) {
return self::$loader;
}
require __DIR__ . '/platform_check.php';
spl_autoload_register(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader'), true, true);
self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
spl_autoload_unregister(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader'));
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
if ($useStaticLoader) {
require __DIR__ . '/autoload_static.php';
call_user_func(\Composer\Autoload\ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getInitializer($loader));
} else {
$classMap = require __DIR__ . '/autoload_classmap.php';
if ($classMap) {
$loader->addClassMap($classMap);
}
}
$loader->setClassMapAuthoritative(true);
$loader->register(true);
return $loader;
}
}

72
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/autoload_static.php vendored Normal file
View File

@ -0,0 +1,72 @@
<?php
// autoload_static.php @generated by Composer
namespace Composer\Autoload;
class ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc
{
public static $prefixLengthsPsr4 = array (
'R' =>
array (
'RobRichards\\XMLSecLibs\\' => 23,
),
'O' =>
array (
'OneLogin\\' => 9,
),
'F' =>
array (
'Firebase\\JWT\\' => 13,
),
);
public static $prefixDirsPsr4 = array (
'RobRichards\\XMLSecLibs\\' =>
array (
0 => __DIR__ . '/..' . '/robrichards/xmlseclibs/src',
),
'OneLogin\\' =>
array (
0 => __DIR__ . '/..' . '/onelogin/php-saml/src',
),
'Firebase\\JWT\\' =>
array (
0 => __DIR__ . '/..' . '/firebase/php-jwt/src',
),
);
public static $classMap = array (
'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php',
'Firebase\\JWT\\BeforeValidException' => __DIR__ . '/..' . '/firebase/php-jwt/src/BeforeValidException.php',
'Firebase\\JWT\\ExpiredException' => __DIR__ . '/..' . '/firebase/php-jwt/src/ExpiredException.php',
'Firebase\\JWT\\JWT' => __DIR__ . '/..' . '/firebase/php-jwt/src/JWT.php',
'Firebase\\JWT\\SignatureInvalidException' => __DIR__ . '/..' . '/firebase/php-jwt/src/SignatureInvalidException.php',
'OneLogin\\Saml2\\Auth' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Auth.php',
'OneLogin\\Saml2\\AuthnRequest' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/AuthnRequest.php',
'OneLogin\\Saml2\\Constants' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Constants.php',
'OneLogin\\Saml2\\Error' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Error.php',
'OneLogin\\Saml2\\IdPMetadataParser' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/IdPMetadataParser.php',
'OneLogin\\Saml2\\LogoutRequest' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/LogoutRequest.php',
'OneLogin\\Saml2\\LogoutResponse' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/LogoutResponse.php',
'OneLogin\\Saml2\\Metadata' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Metadata.php',
'OneLogin\\Saml2\\Response' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Response.php',
'OneLogin\\Saml2\\Settings' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Settings.php',
'OneLogin\\Saml2\\Utils' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/Utils.php',
'OneLogin\\Saml2\\ValidationError' => __DIR__ . '/..' . '/onelogin/php-saml/src/Saml2/ValidationError.php',
'RobRichards\\XMLSecLibs\\Utils\\XPath' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/Utils/XPath.php',
'RobRichards\\XMLSecLibs\\XMLSecEnc' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/XMLSecEnc.php',
'RobRichards\\XMLSecLibs\\XMLSecurityDSig' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/XMLSecurityDSig.php',
'RobRichards\\XMLSecLibs\\XMLSecurityKey' => __DIR__ . '/..' . '/robrichards/xmlseclibs/src/XMLSecurityKey.php',
);
public static function getInitializer(ClassLoader $loader)
{
return \Closure::bind(function () use ($loader) {
$loader->prefixLengthsPsr4 = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$prefixLengthsPsr4;
$loader->prefixDirsPsr4 = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$prefixDirsPsr4;
$loader->classMap = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$classMap;
}, null, ClassLoader::class);
}
}

146
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/installed.json vendored Normal file
View File

@ -0,0 +1,146 @@
{
"packages": [
{
"name": "firebase/php-jwt",
"version": "v4.0.0",
"version_normalized": "4.0.0.0",
"source": {
"type": "git",
"url": "https://github.com/firebase/php-jwt.git",
"reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/dccf163dc8ed7ed6a00afc06c51ee5186a428d35",
"reference": "dccf163dc8ed7ed6a00afc06c51ee5186a428d35",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"time": "2016-07-18T04:51:16+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
"psr-4": {
"Firebase\\JWT\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Neuman Vong",
"email": "neuman+pear@twilio.com",
"role": "Developer"
},
{
"name": "Anant Narayanan",
"email": "anant@php.net",
"role": "Developer"
}
],
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt",
"install-path": "../firebase/php-jwt"
},
{
"name": "onelogin/php-saml",
"version": "3.4.1",
"version_normalized": "3.4.1.0",
"source": {
"type": "git",
"url": "https://github.com/onelogin/php-saml.git",
"reference": "5fbf3486704ac9835b68184023ab54862c95f213"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/5fbf3486704ac9835b68184023ab54862c95f213",
"reference": "5fbf3486704ac9835b68184023ab54862c95f213",
"shasum": ""
},
"require": {
"php": ">=5.4",
"robrichards/xmlseclibs": ">=3.0.4"
},
"require-dev": {
"pdepend/pdepend": "^2.5.0",
"php-coveralls/php-coveralls": "^1.0.2 || ^2.0",
"phploc/phploc": "^2.1 || ^3.0 || ^4.0",
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1",
"sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0",
"squizlabs/php_codesniffer": "^3.1.1"
},
"suggest": {
"ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs",
"ext-gettext": "Install gettext and php5-gettext libs to handle translations",
"ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
},
"time": "2019-11-25T17:30:07+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
"psr-4": {
"OneLogin\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "OneLogin PHP SAML Toolkit",
"homepage": "https://developers.onelogin.com/saml/php",
"keywords": [
"SAML2",
"onelogin",
"saml"
],
"install-path": "../onelogin/php-saml"
},
{
"name": "robrichards/xmlseclibs",
"version": "3.1.1",
"version_normalized": "3.1.1.0",
"source": {
"type": "git",
"url": "https://github.com/robrichards/xmlseclibs.git",
"reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df",
"reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"php": ">= 5.4"
},
"time": "2020-09-05T13:00:25+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
"psr-4": {
"RobRichards\\XMLSecLibs\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"description": "A PHP library for XML Security",
"homepage": "https://github.com/robrichards/xmlseclibs",
"keywords": [
"security",
"signature",
"xml",
"xmldsig"
],
"install-path": "../robrichards/xmlseclibs"
}
],
"dev": false,
"dev-package-names": []
}

51
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/installed.php vendored Normal file
View File

@ -0,0 +1,51 @@
<?php return array (
'root' =>
array (
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'aliases' =>
array (
),
'reference' => '4207ca69d7f01b2272c44893f150edc2768681d5',
'name' => '__root__',
),
'versions' =>
array (
'__root__' =>
array (
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'aliases' =>
array (
),
'reference' => '4207ca69d7f01b2272c44893f150edc2768681d5',
),
'firebase/php-jwt' =>
array (
'pretty_version' => 'v4.0.0',
'version' => '4.0.0.0',
'aliases' =>
array (
),
'reference' => 'dccf163dc8ed7ed6a00afc06c51ee5186a428d35',
),
'onelogin/php-saml' =>
array (
'pretty_version' => '3.4.1',
'version' => '3.4.1.0',
'aliases' =>
array (
),
'reference' => '5fbf3486704ac9835b68184023ab54862c95f213',
),
'robrichards/xmlseclibs' =>
array (
'pretty_version' => '3.1.1',
'version' => '3.1.1.0',
'aliases' =>
array (
),
'reference' => 'f8f19e58f26cdb42c54b214ff8a820760292f8df',
),
),
);

26
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/composer/platform_check.php vendored Normal file
View File

@ -0,0 +1,26 @@
<?php
// platform_check.php @generated by Composer
$issues = array();
if (!(PHP_VERSION_ID >= 50400)) {
$issues[] = 'Your Composer dependencies require a PHP version ">= 5.4.0". You are running ' . PHP_VERSION . '.';
}
if ($issues) {
if (!headers_sent()) {
header('HTTP/1.1 500 Internal Server Error');
}
if (!ini_get('display_errors')) {
if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
fwrite(STDERR, 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . implode(PHP_EOL, $issues) . PHP_EOL.PHP_EOL);
} elseif (!headers_sent()) {
echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL;
}
}
trigger_error(
'Composer detected issues in your platform: ' . implode(' ', $issues),
E_USER_ERROR
);
}

30
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/LICENSE vendored Normal file
View File

@ -0,0 +1,30 @@
Copyright (c) 2011, Neuman Vong
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
* Neither the name of Neuman Vong nor the names of other
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

119
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/README.md vendored Normal file
View File

@ -0,0 +1,119 @@
[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt)
[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt)
[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt)
[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt)
PHP-JWT
=======
A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519).
Installation
------------
Use composer to manage your dependencies and download PHP-JWT:
```bash
composer require firebase/php-jwt
```
Example
-------
```php
<?php
use \Firebase\JWT\JWT;
$key = "example_key";
$token = array(
"iss" => "http://example.org",
"aud" => "http://example.com",
"iat" => 1356999524,
"nbf" => 1357000000
);
/**
* IMPORTANT:
* You must specify supported algorithms for your application. See
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
* for a list of spec-compliant algorithms.
*/
$jwt = JWT::encode($token, $key);
$decoded = JWT::decode($jwt, $key, array('HS256'));
print_r($decoded);
/*
NOTE: This will now be an object instead of an associative array. To get
an associative array, you will need to cast it as such:
*/
$decoded_array = (array) $decoded;
/**
* You can add a leeway to account for when there is a clock skew times between
* the signing and verifying servers. It is recommended that this leeway should
* not be bigger than a few minutes.
*
* Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
*/
JWT::$leeway = 60; // $leeway in seconds
$decoded = JWT::decode($jwt, $key, array('HS256'));
?>
```
Changelog
---------
#### 4.0.0 / 2016-07-17
- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)!
- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)!
#### 3.0.0 / 2015-07-22
- Minimum PHP version updated from `5.2.0` to `5.3.0`.
- Add `\Firebase\JWT` namespace. See
[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
[@Dashron](https://github.com/Dashron)!
- Require a non-empty key to decode and verify a JWT. See
[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
[@sjones608](https://github.com/sjones608)!
- Cleaner documentation blocks in the code. See
[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
[@johanderuijter](https://github.com/johanderuijter)!
#### 2.2.0 / 2015-06-22
- Add support for adding custom, optional JWT headers to `JWT::encode()`. See
[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
[@mcocaro](https://github.com/mcocaro)!
#### 2.1.0 / 2015-05-20
- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
- Add support for passing an object implementing the `ArrayAccess` interface for
`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
#### 2.0.0 / 2015-04-01
- **Note**: It is strongly recommended that you update to > v2.0.0 to address
known security vulnerabilities in prior versions when both symmetric and
asymmetric keys are used together.
- Update signature for `JWT::decode(...)` to require an array of supported
algorithms to use when verifying token signatures.
Tests
-----
Run the tests using phpunit:
```bash
$ pear install PHPUnit
$ phpunit --configuration phpunit.xml.dist
PHPUnit 3.7.10 by Sebastian Bergmann.
.....
Time: 0 seconds, Memory: 2.50Mb
OK (5 tests, 5 assertions)
```
License
-------
[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause).

27
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/composer.json vendored Normal file
View File

@ -0,0 +1,27 @@
{
"name": "firebase/php-jwt",
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt",
"authors": [
{
"name": "Neuman Vong",
"email": "neuman+pear@twilio.com",
"role": "Developer"
},
{
"name": "Anant Narayanan",
"email": "anant@php.net",
"role": "Developer"
}
],
"license": "BSD-3-Clause",
"require": {
"php": ">=5.3.0"
},
"autoload": {
"psr-4": {
"Firebase\\JWT\\": "src"
}
},
"minimum-stability": "dev"
}

19
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/composer.lock generated vendored Normal file
View File

@ -0,0 +1,19 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "60a5df5d283a7ae9000173248eba8909",
"packages": [],
"packages-dev": [],
"aliases": [],
"minimum-stability": "dev",
"stability-flags": [],
"prefer-stable": false,
"prefer-lowest": false,
"platform": {
"php": ">=5.2.0"
},
"platform-dev": []
}

77
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/package.xml vendored Normal file
View File

@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<package packagerversion="1.9.2" version="2.0" xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0
http://pear.php.net/dtd/tasks-1.0.xsd
http://pear.php.net/dtd/package-2.0
http://pear.php.net/dtd/package-2.0.xsd">
<name>JWT</name>
<channel>pear.php.net</channel>
<summary>A JWT encoder/decoder.</summary>
<description>A JWT encoder/decoder library for PHP.</description>
<lead>
<name>Neuman Vong</name>
<user>lcfrs</user>
<email>neuman+pear@twilio.com</email>
<active>yes</active>
</lead>
<lead>
<name>Firebase Operations</name>
<user>firebase</user>
<email>operations@firebase.com</email>
<active>yes</active>
</lead>
<date>2015-07-22</date>
<version>
<release>3.0.0</release>
<api>3.0.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</license>
<notes>
Initial release with basic support for JWT encoding, decoding and signature verification.
</notes>
<contents>
<dir baseinstalldir="/" name="/">
<dir name="tests">
<file name="JWTTest.php" role="test" />
</dir>
<file name="Authentication/JWT.php" role="php" />
</dir>
</contents>
<dependencies>
<required>
<php>
<min>5.1</min>
</php>
<pearinstaller>
<min>1.7.0</min>
</pearinstaller>
<extension>
<name>json</name>
</extension>
<extension>
<name>hash</name>
</extension>
</required>
</dependencies>
<phprelease />
<changelog>
<release>
<version>
<release>0.1.0</release>
<api>0.1.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<date>2015-04-01</date>
<license uri="http://opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</license>
<notes>
Initial release with basic support for JWT encoding, decoding and signature verification.
</notes>
</release>
</changelog>
</package>

7
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/BeforeValidException.php vendored Normal file
View File

@ -0,0 +1,7 @@
<?php
namespace Firebase\JWT;
class BeforeValidException extends \UnexpectedValueException
{
}

7
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/ExpiredException.php vendored Normal file
View File

@ -0,0 +1,7 @@
<?php
namespace Firebase\JWT;
class ExpiredException extends \UnexpectedValueException
{
}

370
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/JWT.php vendored Normal file
View File

@ -0,0 +1,370 @@
<?php
namespace Firebase\JWT;
use \DomainException;
use \InvalidArgumentException;
use \UnexpectedValueException;
use \DateTime;
/**
* JSON Web Token implementation, based on this spec:
* http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06
*
* PHP version 5
*
* @category Authentication
* @package Authentication_JWT
* @author Neuman Vong <neuman@twilio.com>
* @author Anant Narayanan <anant@php.net>
* @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD
* @link https://github.com/firebase/php-jwt
*/
class JWT
{
/**
* When checking nbf, iat or expiration times,
* we want to provide some extra leeway time to
* account for clock skew.
*/
public static $leeway = 0;
/**
* Allow the current timestamp to be specified.
* Useful for fixing a value within unit testing.
*
* Will default to PHP time() value if null.
*/
public static $timestamp = null;
public static $supported_algs = array(
'HS256' => array('hash_hmac', 'SHA256'),
'HS512' => array('hash_hmac', 'SHA512'),
'HS384' => array('hash_hmac', 'SHA384'),
'RS256' => array('openssl', 'SHA256'),
);
/**
* Decodes a JWT string into a PHP object.
*
* @param string $jwt The JWT
* @param string|array $key The key, or map of keys.
* If the algorithm used is asymmetric, this is the public key
* @param array $allowed_algs List of supported verification algorithms
* Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'
*
* @return object The JWT's payload as a PHP object
*
* @throws UnexpectedValueException Provided JWT was invalid
* @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed
* @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf'
* @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat'
* @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim
*
* @uses jsonDecode
* @uses urlsafeB64Decode
*/
public static function decode($jwt, $key, $allowed_algs = array())
{
$timestamp = is_null(static::$timestamp) ? time() : static::$timestamp;
if (empty($key)) {
throw new InvalidArgumentException('Key may not be empty');
}
if (!is_array($allowed_algs)) {
throw new InvalidArgumentException('Algorithm not allowed');
}
$tks = explode('.', $jwt);
if (count($tks) != 3) {
throw new UnexpectedValueException('Wrong number of segments');
}
list($headb64, $bodyb64, $cryptob64) = $tks;
if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) {
throw new UnexpectedValueException('Invalid header encoding');
}
if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) {
throw new UnexpectedValueException('Invalid claims encoding');
}
$sig = static::urlsafeB64Decode($cryptob64);
if (empty($header->alg)) {
throw new UnexpectedValueException('Empty algorithm');
}
if (empty(static::$supported_algs[$header->alg])) {
throw new UnexpectedValueException('Algorithm not supported');
}
if (!in_array($header->alg, $allowed_algs)) {
throw new UnexpectedValueException('Algorithm not allowed');
}
if (is_array($key) || $key instanceof \ArrayAccess) {
if (isset($header->kid)) {
$key = $key[$header->kid];
} else {
throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
}
}
// Check the signature
if (!static::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) {
throw new SignatureInvalidException('Signature verification failed');
}
// Check if the nbf if it is defined. This is the time that the
// token can actually be used. If it's not yet that time, abort.
if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) {
throw new BeforeValidException(
'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf)
);
}
// Check that this token has been created before 'now'. This prevents
// using tokens that have been created for later use (and haven't
// correctly used the nbf claim).
if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) {
throw new BeforeValidException(
'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat)
);
}
// Check if this token has expired.
if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) {
throw new ExpiredException('Expired token');
}
return $payload;
}
/**
* Converts and signs a PHP object or array into a JWT string.
*
* @param object|array $payload PHP object or array
* @param string $key The secret key.
* If the algorithm used is asymmetric, this is the private key
* @param string $alg The signing algorithm.
* Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'
* @param mixed $keyId
* @param array $head An array with header elements to attach
*
* @return string A signed JWT
*
* @uses jsonEncode
* @uses urlsafeB64Encode
*/
public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null)
{
$header = array('typ' => 'JWT', 'alg' => $alg);
if ($keyId !== null) {
$header['kid'] = $keyId;
}
if ( isset($head) && is_array($head) ) {
$header = array_merge($head, $header);
}
$segments = array();
$segments[] = static::urlsafeB64Encode(static::jsonEncode($header));
$segments[] = static::urlsafeB64Encode(static::jsonEncode($payload));
$signing_input = implode('.', $segments);
$signature = static::sign($signing_input, $key, $alg);
$segments[] = static::urlsafeB64Encode($signature);
return implode('.', $segments);
}
/**
* Sign a string with a given key and algorithm.
*
* @param string $msg The message to sign
* @param string|resource $key The secret key
* @param string $alg The signing algorithm.
* Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'
*
* @return string An encrypted message
*
* @throws DomainException Unsupported algorithm was specified
*/
public static function sign($msg, $key, $alg = 'HS256')
{
if (empty(static::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
}
list($function, $algorithm) = static::$supported_algs[$alg];
switch($function) {
case 'hash_hmac':
return hash_hmac($algorithm, $msg, $key, true);
case 'openssl':
$signature = '';
$success = openssl_sign($msg, $signature, $key, $algorithm);
if (!$success) {
throw new DomainException("OpenSSL unable to sign data");
} else {
return $signature;
}
}
}
/**
* Verify a signature with the message, key and method. Not all methods
* are symmetric, so we must have a separate verify and sign method.
*
* @param string $msg The original message (header and body)
* @param string $signature The original signature
* @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key
* @param string $alg The algorithm
*
* @return bool
*
* @throws DomainException Invalid Algorithm or OpenSSL failure
*/
private static function verify($msg, $signature, $key, $alg)
{
if (empty(static::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
}
list($function, $algorithm) = static::$supported_algs[$alg];
switch($function) {
case 'openssl':
$success = openssl_verify($msg, $signature, $key, $algorithm);
if (!$success) {
throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string());
} else {
return $signature;
}
case 'hash_hmac':
default:
$hash = hash_hmac($algorithm, $msg, $key, true);
if (function_exists('hash_equals')) {
return hash_equals($signature, $hash);
}
$len = min(static::safeStrlen($signature), static::safeStrlen($hash));
$status = 0;
for ($i = 0; $i < $len; $i++) {
$status |= (ord($signature[$i]) ^ ord($hash[$i]));
}
$status |= (static::safeStrlen($signature) ^ static::safeStrlen($hash));
return ($status === 0);
}
}
/**
* Decode a JSON string into a PHP object.
*
* @param string $input JSON string
*
* @return object Object representation of JSON string
*
* @throws DomainException Provided string was invalid JSON
*/
public static function jsonDecode($input)
{
if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) {
/** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you
* to specify that large ints (like Steam Transaction IDs) should be treated as
* strings, rather than the PHP default behaviour of converting them to floats.
*/
$obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
} else {
/** Not all servers will support that, however, so for older versions we must
* manually detect large ints in the JSON string and quote them (thus converting
*them to strings) before decoding, hence the preg_replace() call.
*/
$max_int_length = strlen((string) PHP_INT_MAX) - 1;
$json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input);
$obj = json_decode($json_without_bigints);
}
if (function_exists('json_last_error') && $errno = json_last_error()) {
static::handleJsonError($errno);
} elseif ($obj === null && $input !== 'null') {
throw new DomainException('Null result with non-null input');
}
return $obj;
}
/**
* Encode a PHP object into a JSON string.
*
* @param object|array $input A PHP object or array
*
* @return string JSON representation of the PHP object or array
*
* @throws DomainException Provided object could not be encoded to valid JSON
*/
public static function jsonEncode($input)
{
$json = json_encode($input);
if (function_exists('json_last_error') && $errno = json_last_error()) {
static::handleJsonError($errno);
} elseif ($json === 'null' && $input !== null) {
throw new DomainException('Null result with non-null input');
}
return $json;
}
/**
* Decode a string with URL-safe Base64.
*
* @param string $input A Base64 encoded string
*
* @return string A decoded string
*/
public static function urlsafeB64Decode($input)
{
$remainder = strlen($input) % 4;
if ($remainder) {
$padlen = 4 - $remainder;
$input .= str_repeat('=', $padlen);
}
return base64_decode(strtr($input, '-_', '+/'));
}
/**
* Encode a string with URL-safe Base64.
*
* @param string $input The string you want encoded
*
* @return string The base64 encode of what you passed in
*/
public static function urlsafeB64Encode($input)
{
return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
}
/**
* Helper method to create a JSON error.
*
* @param int $errno An error number from json_last_error()
*
* @return void
*/
private static function handleJsonError($errno)
{
$messages = array(
JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
JSON_ERROR_CTRL_CHAR => 'Unexpected control character found',
JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON'
);
throw new DomainException(
isset($messages[$errno])
? $messages[$errno]
: 'Unknown JSON error: ' . $errno
);
}
/**
* Get the number of bytes in cryptographic strings.
*
* @param string
*
* @return int
*/
private static function safeStrlen($str)
{
if (function_exists('mb_strlen')) {
return mb_strlen($str, '8bit');
}
return strlen($str);
}
}

7
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/firebase/php-jwt/src/SignatureInvalidException.php vendored Normal file
View File

@ -0,0 +1,7 @@
<?php
namespace Firebase\JWT;
class SignatureInvalidException extends \UnexpectedValueException
{
}

296
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/CHANGELOG vendored Normal file
View File

@ -0,0 +1,296 @@
CHANGELOG
=========
v3.4.1
* Add setSchemasPath to Auth class and fix backward compatibility
v.3.4.0
* Support rejecting unsolicited SAMLResponses.
* Support stric destination matching.
* Reject SAMLResponse if requestID was provided to the validotr but the InResponseTo attributeof the SAMLResponse is missing
* Check destination against the getSelfURLNoQuery as well on LogoutRequest and LogoutResponse as we do on Response
* Improve getSelfRoutedURLNoQuery method
* Only add responseUrl to the settings if ResponseLocation present in the IdPMetadataParser
* Remove use of $_GET on static method validateBinarySign
* Fix error message when Assertion and NameId are both encrypted (not supported)
v.3.3.1
* Update xmlseclibs to 3.0.4
* Remove Comparison atribute from RequestedAuthnContext when setting has empty value
v.3.3.0
* Set true as the default value for strict setting
* Relax comparision of false on SignMetadata
* Fix CI
v.3.2.1
* Add missed nameIdValueReq parameter to buildAuthnRequest method
v.3.2.0
* Add support for Subjects on AuthNRequests by the new parameter nameIdValueReq
* Support SLO ResponseLocation
* [#344](https://github.com/onelogin/php-saml/issues/344) Raise errors on IdPMetadataParser::parseRemoteXML and IdPMetadataParser::parseFileXML
* [#356](https://github.com/onelogin/php-saml/issues/356) Support 'x509cert' and 'privateKey' on signMetadata security setting
v.3.1.1
* Force to use at least xmlseclibs 3.0.3 for security reasons
* [#367](https://github.com/onelogin/php-saml/pull/367) Move the creation of the AuthnRequest to separate function
* Set strict=true on config examples
* Move phpunit.xml
v.3.1.0
* Security improvement suggested by Nils Engelbertz to prevent DDOS by expansion of internally defined entities (XEE)
* Fix setting_example.php servicename parameter
v.3.0.0
* Remove mcrypt dependency. Compatible with PHP 7.2
* xmlseclibs now is not part of the toolkit and need to be installed from original source
v.2.18.0
* Support rejecting unsolicited SAMLResponses.
* Support stric destination matching.
* Reject SAMLResponse if requestID was provided to the validotr but the InResponseTo attributeof the SAMLResponse is missing
* Check destination against the getSelfURLNoQuery as well on LogoutRequest and LogoutResponse as we do on Response
* Improve getSelfRoutedURLNoQuery method
* Only add responseUrl to the settings if ResponseLocation present in the IdPMetadataParser
* Remove use of $_GET on static method validateBinarySign
* Fix error message when Assertion and NameId are both encrypted (not supported)
v.2.17.1
* Update xmlseclibs to 3.0.4
* Remove Comparison atribute from RequestedAuthnContext when setting has empty value
v.2.17.0
* Set true as the default value for strict setting
* Support 'x509cert' and 'privateKey' on signMetadata security settings
* Relax comparision of false on SignMetadata
* Fix CI
v.2.16.0
* Support SLO ResponseLocation
* [#344](https://github.com/onelogin/php-saml/issues/344) Raise errors on IdPMetadataParser::parseRemoteXML and IdPMetadataParser::parseFileXML
* Adjusted acs endpoint to extract NameQualifier and SPNameQualifier from SAMLResponse. Adjusted single logout service to provide NameQualifier and SPNameQualifier to logout method. Add getNameIdNameQualifier to Auth and SamlResponse. Extend logout method from Auth and LogoutRequest constructor to support SPNameQualifier parameter. Align LogoutRequest constructor with SAML specs
* Add support for Subjects on AuthNRequests by the new parameter
* Set strict=true on config examples
v.2.15.0
* Security improvement suggested by Nils Engelbertz to prevent DDOS by expansion of internally defined entities (XEE)
* Fix bug on settings_example.php
v.2.14.0
* Add parameter to the decryptElement method to make optional the formatting
* [#283](https://github.com/onelogin/php-saml/pull/283) New method of importing a decrypted assertion into the XML document to replace the EncryptedAssertion. Fix signature issues on Signed Encrypted Assertions with default namespace
* Allow the getSPMetadata() method to always include the encryption Key Descriptor
* Change some Fatal Error to Exceptions
* [#265](https://github.com/onelogin/php-saml/issues/265) Support parameters at getSPMetadata method
* Avoid calling static method using this
v.2.13.0
* Update xmlseclibs with some fixes.
* Add extra protection verifying the Signature algorithm used on SignedInfo element, not only rely on the xmlseclibs verify / verifySignature methods.
* Add getAttributesWithFriendlyName method which returns the set of SAML attributes indexed by FriendlyName
* Fix bug on parseRemoteXML and parseFileXML. Internal calls to parseXML missed the desiredNameIdFormat parameter
v.2.12.0
* Improve Time management. Use DateTime/DateTimeZone classes.
* Escape error messages in debug mode
* Improve phpdoc
* Add an extra filter to the url to be used on redirection
* [#242](https://github.com/onelogin/php-saml/pull/242) Document that SHA-1 must not be used
* [#250](https://github.com/onelogin/php-saml/pull/250) Fixed issue with IdPMetadataParser only keeping 1 certificate when multiple certificates of a single type were provided.
* [#263](https://github.com/onelogin/php-saml/issues/263) Fix incompatibility with ADFS on SLO. When on php saml settings NameID Format is set as unspecified but the SAMLResponse has no NameID Format, no NameID Format should be specified on LogoutRequest.
v.2.11.0
* [#236](https://github.com/onelogin/php-saml/pull/236) Exclude unnecesary files from Composer production downloads
* [#226](https://github.com/onelogin/php-saml/pull/226) Add possibility to handle nameId NameQualifier attribute in SLO Request
* Improve logout documentation on Readme.
* Improve multi-certificate support
v.2.10.7
* Fix IdPMetadataParser. The SingleLogoutService retrieved method was wrong
* [#201](https://github.com/onelogin/php-saml/issues/201) Fix issues with SP entity_id, acs url and sls url that contains &
v.2.10.6
* [#206](https://github.com/onelogin/php-saml/pull/206)Be able to register future SP x509cert on the settings and publish it on SP metadata
* [#206](https://github.com/onelogin/php-saml/pull/206) Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption)
* [#206](https://github.com/onelogin/php-saml/pull/206) Support the ability to parse IdP XML metadata (remote url or file) and be able to inject the data obtained on the settings.
v.2.10.5
* Be able to get at the auth object the last processed ID
* Improve NameID Format support
* Reset errorReason attribute of the auth object after each Process method
* Validate serial number as string to work around libxml2 limitation
* Make the Issuer on the Response Optional
v.2.10.4
* [+](https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1) Security update for signature validation on LogoutRequest/LogoutResponse
* [#192](https://github.com/onelogin/php-saml/pull/192) Added ability to configure DigestAlgorithm in settings
* [#183](https://github.com/onelogin/php-saml/pull/183) Fix strpos bug when decrypting assertions
* [#186](https://github.com/onelogin/php-saml/pull/186) Improve info on entityId validation Exception
* [#188](https://github.com/onelogin/php-saml/pull/188) Fixed issue with undefined constant of UNEXPECTED_SIGNED_ELEMENT
* Read ACS binding on AuthNRequest builder from settings
* Be able to relax Destination validation on SAMLResponses and let this
attribute to be empty with the 'relaxDestinationValidation' setting
v.2.10.3
* Implement a more specific exception class for handling some validation errors
* Minor changes on time validation/exceptions
* Add hooks to retrieve last-sent and last-received requests and responses
* Improve/Fix tests
* Add DigestAlgorithm support on addSign
* [#177](https://github.com/onelogin/php-saml/pull/177) Add error message for bad OneLogin_Saml2_Settings argument
v.2.10.2
* [#175](https://github.com/onelogin/php-saml/pull/175) Allow overriding of host, port, protocol and url path for URL building
* [#173](https://github.com/onelogin/php-saml/pull/173) Provide better support to NameIdFormat
* Fix another issue on Assertion Signature validation when the assertion contains no namespace, container has saml2 namespace and it was encrypted
v.2.10.1
* Fix error message on SignMetadata process
* Fix issue on Assertion Signature validation when the assertion contains no namespace and it was encrypted
v.2.10.0
* Several security improvements:
* Conditions element required and unique.
* AuthnStatement element required and unique.
* SPNameQualifier must math the SP EntityID
* Reject saml:Attribute element with same “Name” attribute
* Reject empty nameID
* Require Issuer element. (Must match IdP EntityID).
* Destination value can't be blank (if present must match ACS URL).
* Check that the EncryptedAssertion element only contains 1 Assertion element.
* Improve Signature validation process
* AttributeConsumingService support
* Support lowercase Urlencoding (ADFS compatibility).
* [#154](https://github.com/onelogin/php-saml/pull/154) getSelfHost no longer returns a port number
* [#156](https://github.com/onelogin/php-saml/pull/156) Use correct host on response destination fallback check
* [#158](https://github.com/onelogin/php-saml/pull/158) NEW Control usage of X-Forwarded-* headers
* Fix issue with buildRequestSignature. Added RelayState to the SignQuery only if is not null.
* Add Signature Wrapping prevention Test
* Improve _decryptAssertion in order to take care of Assertions with problems with namespaces
* Improve documentation
v.2.9.1
.......
* [134](https://github.com/onelogin/php-saml/pull/134) PHP7 production settings compiles out assert(), throw an exception explicitly
* [132](https://github.com/onelogin/php-saml/pull/132) Add note for "wantAssertionsEncrypted"
* Update copyright on LICENSE
v.2.9.0
-------
* Change the decrypt assertion process.
* Add 2 extra validations to prevent Signature wrapping attacks.
* Remove reference to wrong NameIDFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified should be urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
* [128](https://github.com/onelogin/php-saml/pull/128) Test php7 and upgrade phpunit
* Update Readme with more descriptive requestedAuthnContext description and Security Guidelines
v.2.8.0
-------
* Make NameIDPolicy of AuthNRequest optional
* Make nameID requirement on SAMLResponse optional
* Fix empty URI support
* Symmetric encryption key support
* Add more Auth Context options to the constant class
* Fix DSA_SHA1 constant on xmlseclibs
* Set none requestedAuthnContext as default behaviour
* Update xmlseclibs lib
* Improve formatPrivateKey method
* Fix bug when signing metadata, the SignatureMethod was not provided
* Fix getter for lastRequestID parameter in OneLogin_Saml2_Auth class
* Add $wantEncrypted parameter on addX509KeyDescriptors method that will allow to set KeyDescriptor[use='encryption'] if wantNameIdEncrypted or wantAssertionsEncrypted enabled
* Add $stay parameter on redirectTo method. (login/logout supports $stay but I forgot add this on previous 2.7.0 version)
* Improve code style
v.2.7.0
-------
* Trim acs, slo and issuer urls.
* Fix PHP 7 error (used continue outside a loop/switch).
* Fix bug on organization element of the SP metadata builder.
* Fix typos on documentation. Fix ALOWED Misspell.
* Be able to extract RequestID. Add RequestID validation on demo1.
* Add $stay parameter to login, logout and processSLO method.
v.2.6.1
-------
* Fix bug on cacheDuration of the Metadata XML generated.
* Make SPNameQualifier optional on the generateNameId method. Avoid the use of SPNameQualifier when generating the NameID on the LogoutRequest builder.
* Allows the authn comparsion attribute to be set via config.
* Retrieve Session Timeout after processResponse with getSessionExpiration().
* Improve readme readability.
* Allow single log out to work for applications not leveraging php session_start. Added a callback parameter in order to close the session at processSLO.
v.2.6.0
-------
* Set NAMEID_UNSPECIFIED as default NameIDFormat to prevent conflicts with IdPs that don't support NAMEID_PERSISTENT.
* Now the SP is able to select the algorithm to be used on signatures (DSA_SHA1, RSA_SHA1, RSA_SHA256, RSA_SHA384, RSA_SHA512).
* Change visibility of _decryptAssertion to protected.
* Update xmlseclibs library.
* Handle valid but uncommon dsig block with no URI in the reference.
* login, logout and processSLO now return ->redirectTo instead of just call it.
* Split the setting check methods. Now 1 method for IdP settings and other for SP settings.
* Let the setting object to avoid the IdP setting check. required if we want to publish SP SAML Metadata when the IdP data is still not provided.
v.2.5.0
-------
* Do accesible the ID of the object Logout Request (id attribute).
* Add note about the fact that PHP 5.3 is unssuported.
* Add fingerprint algorithm support.
* Add dependences to composer.
v.2.4.0
-------
* Fix wrong element order in generated metadata.
* Added SLO with nameID and SessionIndex in demo1.
* Improve isHTTPS method in order to support HTTP_X_FORWARDED_PORT.
* Set optional the XMLvalidation (enable/disable it with wantXMLValidation security setting).
v.2.3.0
-------
* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion.
* Improve test and documentation.
* Improve ADFS compatibility.
* Remove unnecessary XSDs files.
* Make available the reason for the saml message invalidation.
* Adding ability to set idp cert once the Setting object initialized.
* Fix status info issue.
* Reject SAML Response if not signed and strict = false.
* Support NameId and SessionIndex in LogoutRequest.
* Add ForceAuh and IsPassive support.
v.2.2.0
-------
* Fix bug with Encrypted nameID on LogoutRequest.
* Fixed usability bug. SP will inform about AuthFail status after process a Response.
* Added SessionIndex support on LogoutRequest, and know is accesible from the Auth class.
* LogoutRequest and LogoutResponse classes now accept non deflated xml.
* Improved the XML metadata/ Decrypted Assertion output. (prettyprint).
* Fix bug in formatPrivateKey method, the key could be not RSA.
* Explicit warning message for signed element problem.
* Decrypt method improved.
* Support more algorithm at the SigAlg in the Signed LogoutRequests and LogoutResponses
* AuthNRequest now stores ID (it can be retrieved later).
* Fixed a typo on the 'NameIdPolicy' attribute that appeared at the README and settings_example file.
v.2.1.0
-------
* The isValid method of the Logout Request is now non-static. (affects processSLO method of Auth.php).
* Logout Request constructor now accepts encoded logout requests.
* Now after validate a message, if fails a method getError of the object will return the cause.
* Fix typos.
* Added extra parameters option to login and logout methods.
* Improve Test (new test, use the new getError method for testing).
* Bugfix namespace problem when getting Attributes.
v.2.0.0
-------
* New PHP SAML Toolkit (SLO, Sign, Encryptation).
v.1.0.0
-------
* Old PHP SAML Toolkit.

23
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/LICENSE vendored Normal file
View File

@ -0,0 +1,23 @@
Copyright (c) 2010-2016 OneLogin, Inc.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without
restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following
conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.

1539
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/README.md vendored Normal file
View File

File diff suppressed because it is too large Load Diff

34
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/_toolkit_loader.php vendored Normal file
View File

@ -0,0 +1,34 @@
<?php
// Create an __autoload function
// (can conflicts other autoloaders)
// http://php.net/manual/en/language.oop5.autoload.php
// Load composer vendor folder if any
if (file_exists(__DIR__ . '/vendor/autoload.php')) {
require __DIR__ . '/vendor/autoload.php';
}
/*
// Load xmlseclibs
$xmlseclibsSrcDir = '';
include_once $xmlseclibsSrcDir.'/XMLSecEnc.php';
include_once $xmlseclibsSrcDir.'/XMLSecurityDSig.php';
include_once $xmlseclibsSrcDir.'/XMLSecurityKey.php';
include_once $xmlseclibsSrcDir.'/Utils/XPath.php';
*/
// Load php-saml
$libDir = __DIR__ . '/src/Saml2/';
$folderInfo = scandir($libDir);
foreach ($folderInfo as $element) {
if (is_file($libDir.$element) && (substr($element, -4) === '.php')) {
include_once $libDir.$element;
}
}

150
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/advanced_settings_example.php vendored Normal file
View File

@ -0,0 +1,150 @@
<?php
$advancedSettings = array(
// Compression settings
// Handle if the getRequest/getResponse methods will return the Request/Response deflated.
// But if we provide a $deflate boolean parameter to the getRequest or getResponse
// method it will have priority over the compression settings.
'compress' => array(
'requests' => true,
'responses' => true
),
// Security settings
'security' => array(
/** signatures and encryptions offered */
// Indicates that the nameID of the <samlp:logoutRequest> sent by this SP
// will be encrypted.
'nameIdEncrypted' => false,
// Indicates whether the <samlp:AuthnRequest> messages sent by this SP
// will be signed. [The Metadata of the SP will offer this info]
'authnRequestsSigned' => false,
// Indicates whether the <samlp:logoutRequest> messages sent by this SP
// will be signed.
'logoutRequestSigned' => false,
// Indicates whether the <samlp:logoutResponse> messages sent by this SP
// will be signed.
'logoutResponseSigned' => false,
/* Sign the Metadata
False || True (use sp certs) || array (
'keyFileName' => 'metadata.key',
'certFileName' => 'metadata.crt'
)
|| array (
'x509cert' => '',
'privateKey' => ''
)
*/
'signMetadata' => false,
/** signatures and encryptions required **/
// Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and
// <samlp:LogoutResponse> elements received by this SP to be signed.
'wantMessagesSigned' => false,
// Indicates a requirement for the <saml:Assertion> elements received by
// this SP to be encrypted.
'wantAssertionsEncrypted' => false,
// Indicates a requirement for the <saml:Assertion> elements received by
// this SP to be signed. [The Metadata of the SP will offer this info]
'wantAssertionsSigned' => false,
// Indicates a requirement for the NameID element on the SAMLResponse received
// by this SP to be present.
'wantNameId' => true,
// Indicates a requirement for the NameID received by
// this SP to be encrypted.
'wantNameIdEncrypted' => false,
// Authentication context.
// Set to false and no AuthContext will be sent in the AuthNRequest,
// Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
// Set an array with the possible auth context values: array('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
'requestedAuthnContext' => false,
// Allows the authn comparison parameter to be set, defaults to 'exact' if
// the setting is not present.
'requestedAuthnContextComparison' => 'exact',
// Indicates if the SP will validate all received xmls.
// (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
'wantXMLValidation' => true,
// If true, SAMLResponses with an empty value at its Destination
// attribute will not be rejected for this fact.
'relaxDestinationValidation' => false,
// If true, Destination URL should strictly match to the address to
// which the response has been sent.
// Notice that if 'relaxDestinationValidation' is true an empty Destintation
// will be accepted.
'destinationStrictlyMatches' => false,
// If true, SAMLResponses with an InResponseTo value will be rejectd if not
// AuthNRequest ID provided to the validation method.
'rejectUnsolicitedResponsesWithInResponseTo' => false,
// Algorithm that the toolkit will use on signing process. Options:
// 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
// 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
// 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
// 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
// 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
// Notice that rsa-sha1 is a deprecated algorithm and should not be used
'signatureAlgorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
// Algorithm that the toolkit will use on digest process. Options:
// 'http://www.w3.org/2000/09/xmldsig#sha1'
// 'http://www.w3.org/2001/04/xmlenc#sha256'
// 'http://www.w3.org/2001/04/xmldsig-more#sha384'
// 'http://www.w3.org/2001/04/xmlenc#sha512'
// Notice that sha1 is a deprecated algorithm and should not be used
'digestAlgorithm' => 'http://www.w3.org/2001/04/xmlenc#sha256',
// ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses
// uppercase. Turn it True for ADFS compatibility on signature verification
'lowercaseUrlencoding' => false,
),
// Contact information template, it is recommended to suply a technical and support contacts
'contactPerson' => array(
'technical' => array(
'givenName' => '',
'emailAddress' => ''
),
'support' => array(
'givenName' => '',
'emailAddress' => ''
),
),
// Organization information template, the info in en_US lang is recomended, add more if required
'organization' => array(
'en-US' => array(
'name' => '',
'displayname' => '',
'url' => ''
),
),
);
/* Interoperable SAML 2.0 Web Browser SSO Profile [saml2int] http://saml2int.org/profile/current
'authnRequestsSigned' => false, // SP SHOULD NOT sign the <samlp:AuthnRequest>,
// MUST NOT assume that the IdP validates the sign
'wantAssertionsSigned' => true,
'wantAssertionsEncrypted' => true, // MUST be enabled if SSL/HTTPs is disabled
'wantNameIdEncrypted' => false,
*/

34
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/composer.json vendored Normal file
View File

@ -0,0 +1,34 @@
{
"name": "onelogin/php-saml",
"description": "OneLogin PHP SAML Toolkit",
"license": "MIT",
"homepage": "https://developers.onelogin.com/saml/php",
"keywords": ["saml", "saml2", "onelogin"],
"autoload": {
"psr-4": {
"OneLogin\\": "src/"
}
},
"support": {
"email": "sixto.garcia@onelogin.com",
"issues": "https://github.com/onelogin/php-saml/issues",
"source": "https://github.com/onelogin/php-saml/"
},
"require": {
"php": ">=5.4",
"robrichards/xmlseclibs": ">=3.0.4"
},
"require-dev": {
"php-coveralls/php-coveralls": "^1.0.2 || ^2.0",
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1",
"sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0",
"phploc/phploc": "^2.1 || ^3.0 || ^4.0",
"pdepend/pdepend": "^2.5.0",
"squizlabs/php_codesniffer": "^3.1.1"
},
"suggest": {
"ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)",
"ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs",
"ext-gettext": "Install gettext and php5-gettext libs to handle translations"
}
}

18
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/phpunit.xml vendored Normal file
View File

@ -0,0 +1,18 @@
<phpunit bootstrap="./tests/bootstrap.php" colors="true">
<testsuites>
<testsuite name="OneLogin PHP-SAML Test Suite">
<directory>./tests/src</directory>
</testsuite>
</testsuites>
<filter>
<whitelist processUncoveredFilesFromWhitelist="true">
<directory>./src</directory>
</whitelist>
</filter>
<logging>
<log type="coverage-html" target="./tests/build/coverage" lowUpperBound="35" highLowerBound="70"/>
<log type="coverage-xml" target="./tests/build/logfile.xml"/>
<log type="coverage-clover" target="./tests/build/logs/clover.xml"/>
<log type="coverage-php" target="./tests/build/logs/coverage.cov"/>
</logging>
</phpunit>

137
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/settings_example.php vendored Normal file
View File

@ -0,0 +1,137 @@
<?php
$settings = array(
// If 'strict' is True, then the PHP Toolkit will reject unsigned
// or unencrypted messages if it expects them signed or encrypted
// Also will reject the messages if not strictly follow the SAML
// standard: Destination, NameId, Conditions ... are validated too.
'strict' => true,
// Enable debug mode (to print errors)
'debug' => false,
// Set a BaseURL to be used instead of try to guess
// the BaseURL of the view that process the SAML Message.
// Ex. http://sp.example.com/
// http://example.com/sp/
'baseurl' => null,
// Service Provider Data that we are deploying
'sp' => array(
// Identifier of the SP entity (must be a URI)
'entityId' => '',
// Specifies info about where and how the <AuthnResponse> message MUST be
// returned to the requester, in this case our SP.
'assertionConsumerService' => array(
// URL Location where the <Response> from the IdP will be returned
'url' => '',
// SAML protocol binding to be used when returning the <Response>
// message. Onelogin Toolkit supports for this endpoint the
// HTTP-POST binding only
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
),
// If you need to specify requested attributes, set a
// attributeConsumingService. nameFormat, attributeValue and
// friendlyName can be omitted. Otherwise remove this section.
"attributeConsumingService"=> array(
"serviceName" => "SP test",
"serviceDescription" => "Test Service",
"requestedAttributes" => array(
array(
"name" => "",
"isRequired" => false,
"nameFormat" => "",
"friendlyName" => "",
"attributeValue" => ""
)
)
),
// Specifies info about where and how the <Logout Response> message MUST be
// returned to the requester, in this case our SP.
'singleLogoutService' => array(
// URL Location where the <Response> from the IdP will be returned
'url' => '',
// SAML protocol binding to be used when returning the <Response>
// message. Onelogin Toolkit supports for this endpoint the
// HTTP-Redirect binding only
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
// Specifies constraints on the name identifier to be used to
// represent the requested subject.
// Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
// Usually x509cert and privateKey of the SP are provided by files placed at
// the certs folder. But we can also provide them with the following parameters
'x509cert' => '',
'privateKey' => '',
/*
* Key rollover
* If you plan to update the SP x509cert and privateKey
* you can define here the new x509cert and it will be
* published on the SP metadata so Identity Providers can
* read them and get ready for rollover.
*/
// 'x509certNew' => '',
),
// Identity Provider Data that we want connect with our SP
'idp' => array(
// Identifier of the IdP entity (must be a URI)
'entityId' => '',
// SSO endpoint info of the IdP. (Authentication Request protocol)
'singleSignOnService' => array(
// URL Target of the IdP where the SP will send the Authentication Request Message
'url' => '',
// SAML protocol binding to be used when returning the <Response>
// message. Onelogin Toolkit supports for this endpoint the
// HTTP-Redirect binding only
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
// SLO endpoint info of the IdP.
'singleLogoutService' => array(
// URL Location of the IdP where the SP will send the SLO Request
'url' => '',
// URL location of the IdP where the SP SLO Response will be sent (ResponseLocation)
// if not set, url for the SLO Request will be used
'responseUrl' => '',
// SAML protocol binding to be used when returning the <Response>
// message. Onelogin Toolkit supports for this endpoint the
// HTTP-Redirect binding only
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
// Public x509 certificate of the IdP
'x509cert' => '',
/*
* Instead of use the whole x509cert you can use a fingerprint in
* order to validate the SAMLResponse, but we don't recommend to use
* that method on production since is exploitable by a collision
* attack.
* (openssl x509 -noout -fingerprint -in "idp.crt" to generate it,
* or add for example the -sha256 , -sha384 or -sha512 parameter)
*
* If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to
* let the toolkit know which Algorithm was used. Possible values: sha1, sha256, sha384 or sha512
* 'sha1' is the default value.
*/
// 'certFingerprint' => '',
// 'certFingerprintAlgorithm' => 'sha1',
/* In some scenarios the IdP uses different certificates for
* signing/encryption, or is under key rollover phase and more
* than one certificate is published on IdP metadata.
* In order to handle that the toolkit offers that parameter.
* (when used, 'x509cert' and 'certFingerprint' values are
* ignored).
*/
// 'x509certMulti' => array(
// 'signing' => array(
// 0 => '<cert1-string>',
// ),
// 'encryption' => array(
// 0 => '<cert2-string>',
// )
// ),
),
);

826
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php vendored Normal file
View File

@ -0,0 +1,826 @@
<?php
/**
* This file is part of php-saml.
*
* (c) OneLogin Inc
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @package OneLogin
* @author OneLogin Inc <saml-info@onelogin.com>
* @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE
* @link https://github.com/onelogin/php-saml
*/
namespace OneLogin\Saml2;
use RobRichards\XMLSecLibs\XMLSecurityKey;
use Exception;
/**
* Main class of OneLogin's PHP Toolkit
*/
class Auth
{
/**
* Settings data.
*
* @var Settings
*/
private $_settings;
/**
* User attributes data.
*
* @var array
*/
private $_attributes = array();
/**
* User attributes data with FriendlyName index.
*
* @var array
*/
private $_attributesWithFriendlyName = array();
/**
* NameID
*
* @var string
*/
private $_nameid;
/**
* NameID Format
*
* @var string
*/
private $_nameidFormat;
/**
* NameID NameQualifier
*
* @var string
*/
private $_nameidNameQualifier;
/**
* NameID SP NameQualifier
*
* @var string
*/
private $_nameidSPNameQualifier;
/**
* If user is authenticated.
*
* @var bool
*/
private $_authenticated = false;
/**
* SessionIndex. When the user is logged, this stored it
* from the AuthnStatement of the SAML Response
*
* @var string
*/
private $_sessionIndex;
/**
* SessionNotOnOrAfter. When the user is logged, this stored it
* from the AuthnStatement of the SAML Response
*
* @var int|null
*/
private $_sessionExpiration;
/**
* The ID of the last message processed
*
* @var string
*/
private $_lastMessageId;
/**
* The ID of the last assertion processed
*
* @var string
*/
private $_lastAssertionId;
/**
* The NotOnOrAfter value of the valid SubjectConfirmationData
* node (if any) of the last assertion processed
*
* @var int
*/
private $_lastAssertionNotOnOrAfter;
/**
* If any error.
*
* @var array
*/
private $_errors = array();
/**
* Last error object.
*
* @var Error|null
*/
private $_lastErrorException;
/**
* Last error.
*
* @var string|null
*/
private $_lastError;
/**
* Last AuthNRequest ID or LogoutRequest ID generated by this Service Provider
*
* @var string
*/
private $_lastRequestID;
/**
* The most recently-constructed/processed XML SAML request
* (AuthNRequest, LogoutRequest)
*
* @var string
*/
private $_lastRequest;
/**
* The most recently-constructed/processed XML SAML response
* (SAMLResponse, LogoutResponse). If the SAMLResponse was
* encrypted, by default tries to return the decrypted XML
*
* @var string|\DomDocument|null
*/
private $_lastResponse;
/**
* Initializes the SP SAML instance.
*
* @param array|null $settings Setting data
*
* @throws Exception
* @throws Error
*/
public function __construct(array $settings = null)
{
$this->_settings = new Settings($settings);
}
/**
* Returns the settings info
*
* @return Settings The settings data.
*/
public function getSettings()
{
return $this->_settings;
}
/**
* Set the strict mode active/disable
*
* @param bool $value Strict parameter
*
* @throws Error
*/
public function setStrict($value)
{
if (!is_bool($value)) {
throw new Error(
'Invalid value passed to setStrict()',
Error::SETTINGS_INVALID_SYNTAX
);
}
$this->_settings->setStrict($value);
}
/**
* Set schemas path
*
* @param string $path
* @return $this
*/
public function setSchemasPath($path)
{
$this->_paths['schemas'] = $path;
}
/**
* Process the SAML Response sent by the IdP.
*
* @param string|null $requestId The ID of the AuthNRequest sent by this SP to the IdP
*
* @throws Error
* @throws ValidationError
*/
public function processResponse($requestId = null)
{
$this->_errors = array();
$this->_lastError = $this->_lastErrorException = null;
if (isset($_POST['SAMLResponse'])) {
// AuthnResponse -- HTTP_POST Binding
$response = new Response($this->_settings, $_POST['SAMLResponse']);
$this->_lastResponse = $response->getXMLDocument();
if ($response->isValid($requestId)) {
$this->_attributes = $response->getAttributes();
$this->_attributesWithFriendlyName = $response->getAttributesWithFriendlyName();
$this->_nameid = $response->getNameId();
$this->_nameidFormat = $response->getNameIdFormat();
$this->_nameidNameQualifier = $response->getNameIdNameQualifier();
$this->_nameidSPNameQualifier = $response->getNameIdSPNameQualifier();
$this->_authenticated = true;
$this->_sessionIndex = $response->getSessionIndex();
$this->_sessionExpiration = $response->getSessionNotOnOrAfter();
$this->_lastMessageId = $response->getId();
$this->_lastAssertionId = $response->getAssertionId();
$this->_lastAssertionNotOnOrAfter = $response->getAssertionNotOnOrAfter();
} else {
$this->_errors[] = 'invalid_response';
$this->_lastErrorException = $response->getErrorException();
$this->_lastError = $response->getError();
}
} else {
$this->_errors[] = 'invalid_binding';
throw new Error(
'SAML Response not found, Only supported HTTP_POST Binding',
Error::SAML_RESPONSE_NOT_FOUND
);
}
}
/**
* Process the SAML Logout Response / Logout Request sent by the IdP.
*
* @param bool $keepLocalSession When false will destroy the local session, otherwise will keep it
* @param string|null $requestId The ID of the LogoutRequest sent by this SP to the IdP
* @param bool $retrieveParametersFromServer True if we want to use parameters from $_SERVER to validate the signature
* @param callable $cbDeleteSession Callback to be executed to delete session
* @param bool $stay True if we want to stay (returns the url string) False to redirect
*
* @return string|null
*
* @throws Error
*/
public function processSLO($keepLocalSession = false, $requestId = null, $retrieveParametersFromServer = false, $cbDeleteSession = null, $stay = false)
{
$this->_errors = array();
$this->_lastError = $this->_lastErrorException = null;
if (isset($_GET['SAMLResponse'])) {
$logoutResponse = new LogoutResponse($this->_settings, $_GET['SAMLResponse']);
$this->_lastResponse = $logoutResponse->getXML();
if (!$logoutResponse->isValid($requestId, $retrieveParametersFromServer)) {
$this->_errors[] = 'invalid_logout_response';
$this->_lastErrorException = $logoutResponse->getErrorException();
$this->_lastError = $logoutResponse->getError();
} else if ($logoutResponse->getStatus() !== Constants::STATUS_SUCCESS) {
$this->_errors[] = 'logout_not_success';
} else {
$this->_lastMessageId = $logoutResponse->id;
if (!$keepLocalSession) {
if ($cbDeleteSession === null) {
Utils::deleteLocalSession();
} else {
call_user_func($cbDeleteSession);
}
}
}
} else if (isset($_GET['SAMLRequest'])) {
$logoutRequest = new LogoutRequest($this->_settings, $_GET['SAMLRequest']);
$this->_lastRequest = $logoutRequest->getXML();
if (!$logoutRequest->isValid($retrieveParametersFromServer)) {
$this->_errors[] = 'invalid_logout_request';
$this->_lastErrorException = $logoutRequest->getErrorException();
$this->_lastError = $logoutRequest->getError();
} else {
if (!$keepLocalSession) {
if ($cbDeleteSession === null) {
Utils::deleteLocalSession();
} else {
call_user_func($cbDeleteSession);
}
}
$inResponseTo = $logoutRequest->id;
$this->_lastMessageId = $logoutRequest->id;
$responseBuilder = new LogoutResponse($this->_settings);
$responseBuilder->build($inResponseTo);
$this->_lastResponse = $responseBuilder->getXML();
$logoutResponse = $responseBuilder->getResponse();
$parameters = array('SAMLResponse' => $logoutResponse);
if (isset($_GET['RelayState'])) {
$parameters['RelayState'] = $_GET['RelayState'];
}
$security = $this->_settings->getSecurityData();
if (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned']) {
$signature = $this->buildResponseSignature($logoutResponse, isset($parameters['RelayState'])? $parameters['RelayState']: null, $security['signatureAlgorithm']);
$parameters['SigAlg'] = $security['signatureAlgorithm'];
$parameters['Signature'] = $signature;
}
return $this->redirectTo($this->getSLOResponseUrl(), $parameters, $stay);
}
} else {
$this->_errors[] = 'invalid_binding';
throw new Error(
'SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding',
Error::SAML_LOGOUTMESSAGE_NOT_FOUND
);
}
}
/**
* Redirects the user to the url past by parameter
* or to the url that we defined in our SSO Request.
*
* @param string $url The target URL to redirect the user.
* @param array $parameters Extra parameters to be passed as part of the url
* @param bool $stay True if we want to stay (returns the url string) False to redirect
*
* @return string|null
*/
public function redirectTo($url = '', array $parameters = array(), $stay = false)
{
assert(is_string($url));
if (empty($url) && isset($_REQUEST['RelayState'])) {
$url = $_REQUEST['RelayState'];
}
return Utils::redirect($url, $parameters, $stay);
}
/**
* Checks if the user is authenticated or not.
*
* @return bool True if the user is authenticated
*/
public function isAuthenticated()
{
return $this->_authenticated;
}
/**
* Returns the set of SAML attributes.
*
* @return array Attributes of the user.
*/
public function getAttributes()
{
return $this->_attributes;
}
/**
* Returns the set of SAML attributes indexed by FriendlyName
*
* @return array Attributes of the user.
*/
public function getAttributesWithFriendlyName()
{
return $this->_attributesWithFriendlyName;
}
/**
* Returns the nameID
*
* @return string The nameID of the assertion
*/
public function getNameId()
{
return $this->_nameid;
}
/**
* Returns the nameID Format
*
* @return string The nameID Format of the assertion
*/
public function getNameIdFormat()
{
return $this->_nameidFormat;
}
/**
* Returns the nameID NameQualifier
*
* @return string The nameID NameQualifier of the assertion
*/
public function getNameIdNameQualifier()
{
return $this->_nameidNameQualifier;
}
/**
* Returns the nameID SP NameQualifier
*
* @return string The nameID SP NameQualifier of the assertion
*/
public function getNameIdSPNameQualifier()
{
return $this->_nameidSPNameQualifier;
}
/**
* Returns the SessionIndex
*
* @return string|null The SessionIndex of the assertion
*/
public function getSessionIndex()
{
return $this->_sessionIndex;
}
/**
* Returns the SessionNotOnOrAfter
*
* @return int|null The SessionNotOnOrAfter of the assertion
*/
public function getSessionExpiration()
{
return $this->_sessionExpiration;
}
/**
* Returns if there were any error
*
* @return array Errors
*/
public function getErrors()
{
return $this->_errors;
}
/**
* Returns the reason for the last error
*
* @return string|null Error reason
*/
public function getLastErrorReason()
{
return $this->_lastError;
}
/**
* Returns the last error
*
* @return Exception|null Error
*/
public function getLastErrorException()
{
return $this->_lastErrorException;
}
/**
* Returns the requested SAML attribute
*
* @param string $name The requested attribute of the user.
*
* @return array|null Requested SAML attribute ($name).
*/
public function getAttribute($name)
{
assert(is_string($name));
$value = null;
if (isset($this->_attributes[$name])) {
return $this->_attributes[$name];
}
return $value;
}
/**
* Returns the requested SAML attribute indexed by FriendlyName
*
* @param string $friendlyName The requested attribute of the user.
*
* @return array|null Requested SAML attribute ($friendlyName).
*/
public function getAttributeWithFriendlyName($friendlyName)
{
assert(is_string($friendlyName));
$value = null;
if (isset($this->_attributesWithFriendlyName[$friendlyName])) {
return $this->_attributesWithFriendlyName[$friendlyName];
}
return $value;
}
/**
* Initiates the SSO process.
*
* @param string|null $returnTo The target URL the user should be returned to after login.
* @param array $parameters Extra parameters to be added to the GET
* @param bool $forceAuthn When true the AuthNRequest will set the ForceAuthn='true'
* @param bool $isPassive When true the AuthNRequest will set the Ispassive='true'
* @param bool $stay True if we want to stay (returns the url string) False to redirect
* @param bool $setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy element
* @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated
*
* @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
*
* @throws Error
*/
public function login($returnTo = null, array $parameters = array(), $forceAuthn = false, $isPassive = false, $stay = false, $setNameIdPolicy = true, $nameIdValueReq = null)
{
$authnRequest = $this->buildAuthnRequest($this->_settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq);
$this->_lastRequest = $authnRequest->getXML();
$this->_lastRequestID = $authnRequest->getId();
$samlRequest = $authnRequest->getRequest();
$parameters['SAMLRequest'] = $samlRequest;
if (!empty($returnTo)) {
$parameters['RelayState'] = $returnTo;
} else {
$parameters['RelayState'] = Utils::getSelfRoutedURLNoQuery();
}
$security = $this->_settings->getSecurityData();
if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) {
$signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']);
$parameters['SigAlg'] = $security['signatureAlgorithm'];
$parameters['Signature'] = $signature;
}
return $this->redirectTo($this->getSSOurl(), $parameters, $stay);
}
/**
* Initiates the SLO process.
*
* @param string|null $returnTo The target URL the user should be returned to after logout.
* @param array $parameters Extra parameters to be added to the GET
* @param string|null $nameId The NameID that will be set in the LogoutRequest.
* @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
* @param bool $stay True if we want to stay (returns the url string) False to redirect
* @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
* @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest.
*
* @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
*
* @throws Error
*/
public function logout($returnTo = null, array $parameters = array(), $nameId = null, $sessionIndex = null, $stay = false, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null)
{
$sloUrl = $this->getSLOurl();
if (empty($sloUrl)) {
throw new Error(
'The IdP does not support Single Log Out',
Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED
);
}
if (empty($nameId) && !empty($this->_nameid)) {
$nameId = $this->_nameid;
}
if (empty($nameIdFormat) && !empty($this->_nameidFormat)) {
$nameIdFormat = $this->_nameidFormat;
}
$logoutRequest = new LogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier);
$this->_lastRequest = $logoutRequest->getXML();
$this->_lastRequestID = $logoutRequest->id;
$samlRequest = $logoutRequest->getRequest();
$parameters['SAMLRequest'] = $samlRequest;
if (!empty($returnTo)) {
$parameters['RelayState'] = $returnTo;
} else {
$parameters['RelayState'] = Utils::getSelfRoutedURLNoQuery();
}
$security = $this->_settings->getSecurityData();
if (isset($security['logoutRequestSigned']) && $security['logoutRequestSigned']) {
$signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']);
$parameters['SigAlg'] = $security['signatureAlgorithm'];
$parameters['Signature'] = $signature;
}
return $this->redirectTo($sloUrl, $parameters, $stay);
}
/**
* Gets the SSO url.
*
* @return string The url of the Single Sign On Service
*/
public function getSSOurl()
{
$idpData = $this->_settings->getIdPData();
return $idpData['singleSignOnService']['url'];
}
/**
* Gets the SLO url.
*
* @return string|null The url of the Single Logout Service
*/
public function getSLOurl()
{
$url = null;
$idpData = $this->_settings->getIdPData();
if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['url'])) {
$url = $idpData['singleLogoutService']['url'];
}
return $url;
}
/**
* Gets the SLO response url.
*
* @return string|null The response url of the Single Logout Service
*/
public function getSLOResponseUrl()
{
$idpData = $this->_settings->getIdPData();
if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['responseUrl'])) {
return $idpData['singleLogoutService']['responseUrl'];
}
return $this->getSLOurl();
}
/**
* Gets the ID of the last AuthNRequest or LogoutRequest generated by the Service Provider.
*
* @return string The ID of the Request SAML message.
*/
public function getLastRequestID()
{
return $this->_lastRequestID;
}
/**
* Creates an AuthnRequest
*
* @param Settings $settings Setting data
* @param bool $forceAuthn When true the AuthNRequest will set the ForceAuthn='true'
* @param bool $isPassive When true the AuthNRequest will set the Ispassive='true'
* @param bool $setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy element
* @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated
*
* @return AuthnRequest The AuthnRequest object
*/
public function buildAuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq = null)
{
return new AuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq);
}
/**
* Generates the Signature for a SAML Request
*
* @param string $samlRequest The SAML Request
* @param string $relayState The RelayState
* @param string $signAlgorithm Signature algorithm method
*
* @return string A base64 encoded signature
*
* @throws Exception
* @throws Error
*/
public function buildRequestSignature($samlRequest, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA256)
{
return $this->buildMessageSignature($samlRequest, $relayState, $signAlgorithm, "SAMLRequest");
}
/**
* Generates the Signature for a SAML Response
*
* @param string $samlResponse The SAML Response
* @param string $relayState The RelayState
* @param string $signAlgorithm Signature algorithm method
*
* @return string A base64 encoded signature
*
* @throws Exception
* @throws Error
*/
public function buildResponseSignature($samlResponse, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA256)
{
return $this->buildMessageSignature($samlResponse, $relayState, $signAlgorithm, "SAMLResponse");
}
/**
* Generates the Signature for a SAML Message
*
* @param string $samlMessage The SAML Message
* @param string $relayState The RelayState
* @param string $signAlgorithm Signature algorithm method
* @param string $type "SAMLRequest" or "SAMLResponse"
*
* @return string A base64 encoded signature
*
* @throws Exception
* @throws Error
*/
private function buildMessageSignature($samlMessage, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA256, $type = "SAMLRequest")
{
$key = $this->_settings->getSPkey();
if (empty($key)) {
if ($type == "SAMLRequest") {
$errorMsg = "Trying to sign the SAML Request but can't load the SP private key";
} else {
$errorMsg = "Trying to sign the SAML Response but can't load the SP private key";
}
throw new Error($errorMsg, Error::PRIVATE_KEY_NOT_FOUND);
}
$objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private'));
$objKey->loadKey($key, false);
$security = $this->_settings->getSecurityData();
if ($security['lowercaseUrlencoding']) {
$msg = $type.'='.rawurlencode($samlMessage);
if (isset($relayState)) {
$msg .= '&RelayState='.rawurlencode($relayState);
}
$msg .= '&SigAlg=' . rawurlencode($signAlgorithm);
} else {
$msg = $type.'='.urlencode($samlMessage);
if (isset($relayState)) {
$msg .= '&RelayState='.urlencode($relayState);
}
$msg .= '&SigAlg=' . urlencode($signAlgorithm);
}
$signature = $objKey->signData($msg);
return base64_encode($signature);
}
/**
* @return string The ID of the last message processed
*/
public function getLastMessageId()
{
return $this->_lastMessageId;
}
/**
* @return string The ID of the last assertion processed
*/
public function getLastAssertionId()
{
return $this->_lastAssertionId;
}
/**
* @return int The NotOnOrAfter value of the valid
* SubjectConfirmationData node (if any)
* of the last assertion processed
*/
public function getLastAssertionNotOnOrAfter()
{
return $this->_lastAssertionNotOnOrAfter;
}
/**
* Returns the most recently-constructed/processed
* XML SAML request (AuthNRequest, LogoutRequest)
*
* @return string|null The Request XML
*/
public function getLastRequestXML()
{
return $this->_lastRequest;
}
/**
* Returns the most recently-constructed/processed
* XML SAML response (SAMLResponse, LogoutResponse).
* If the SAMLResponse was encrypted, by default tries
* to return the decrypted XML.
*
* @return string|null The Response XML
*/
public function getLastResponseXML()
{
$response = null;
if (isset($this->_lastResponse)) {
if (is_string($this->_lastResponse)) {
$response = $this->_lastResponse;
} else {
$response = $this->_lastResponse->saveXML();
}
}
return $response;
}
}

214
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/AuthnRequest.php vendored Normal file
View File

@ -0,0 +1,214 @@
<?php
/**
* This file is part of php-saml.
*
* (c) OneLogin Inc
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @package OneLogin
* @author OneLogin Inc <saml-info@onelogin.com>
* @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE
* @link https://github.com/onelogin/php-saml
*/
namespace OneLogin\Saml2;
/**
* SAML 2 Authentication Request
*/
class AuthnRequest
{
/**
* Object that represents the setting info
*
* @var Settings
*/
protected $_settings;
/**
* SAML AuthNRequest string
*
* @var string
*/
private $_authnRequest;
/**
* SAML AuthNRequest ID.
*
* @var string
*/
private $_id;
/**
* Constructs the AuthnRequest object.
*
* @param Settings $settings SAML Toolkit Settings
* @param bool $forceAuthn When true the AuthNReuqest will set the ForceAuthn='true'
* @param bool $isPassive When true the AuthNReuqest will set the Ispassive='true'
* @param bool $setNameIdPolicy When true the AuthNReuqest will set a nameIdPolicy
* @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated
*/
public function __construct(\OneLogin\Saml2\Settings $settings, $forceAuthn = false, $isPassive = false, $setNameIdPolicy = true, $nameIdValueReq = null)
{
$this->_settings = $settings;
$spData = $this->_settings->getSPData();
$idpData = $this->_settings->getIdPData();
$security = $this->_settings->getSecurityData();
$id = Utils::generateUniqueID();
$issueInstant = Utils::parseTime2SAML(time());
$subjectStr = "";
if (isset($nameIdValueReq)) {
$subjectStr = <<<SUBJECT
<saml:Subject>
<saml:NameID Format="{$spData['NameIDFormat']}">{$nameIdValueReq}</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"></saml:SubjectConfirmation>
</saml:Subject>
SUBJECT;
}
$nameIdPolicyStr = '';
if ($setNameIdPolicy) {
$nameIDPolicyFormat = $spData['NameIDFormat'];
if (isset($security['wantNameIdEncrypted']) && $security['wantNameIdEncrypted']) {
$nameIDPolicyFormat = Constants::NAMEID_ENCRYPTED;
}
$nameIdPolicyStr = <<<NAMEIDPOLICY
<samlp:NameIDPolicy
Format="{$nameIDPolicyFormat}"
AllowCreate="true" />
NAMEIDPOLICY;
}
$providerNameStr = '';
$organizationData = $settings->getOrganization();
if (!empty($organizationData)) {
$langs = array_keys($organizationData);
if (in_array('en-US', $langs)) {
$lang = 'en-US';
} else {
$lang = $langs[0];
}
if (isset($organizationData[$lang]['displayname']) && !empty($organizationData[$lang]['displayname'])) {
$providerNameStr = <<<PROVIDERNAME
ProviderName="{$organizationData[$lang]['displayname']}"
PROVIDERNAME;
}
}
$forceAuthnStr = '';
if ($forceAuthn) {
$forceAuthnStr = <<<FORCEAUTHN
ForceAuthn="true"
FORCEAUTHN;
}
$isPassiveStr = '';
if ($isPassive) {
$isPassiveStr = <<<ISPASSIVE
IsPassive="true"
ISPASSIVE;
}
$requestedAuthnStr = '';
if (isset($security['requestedAuthnContext']) && $security['requestedAuthnContext'] !== false) {
$authnComparison = 'exact';
if (isset($security['requestedAuthnContextComparison'])) {
$authnComparison = $security['requestedAuthnContextComparison'];
}
$authnComparisonAttr = '';
if (!empty($authnComparison)) {
$authnComparisonAttr = sprintf('Comparison="%s"', $authnComparison);
}
if ($security['requestedAuthnContext'] === true) {
$requestedAuthnStr = <<<REQUESTEDAUTHN
<samlp:RequestedAuthnContext $authnComparisonAttr>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
REQUESTEDAUTHN;
} else {
$requestedAuthnStr .= " <samlp:RequestedAuthnContext $authnComparisonAttr>\n";
foreach ($security['requestedAuthnContext'] as $contextValue) {
$requestedAuthnStr .= " <saml:AuthnContextClassRef>".$contextValue."</saml:AuthnContextClassRef>\n";
}
$requestedAuthnStr .= ' </samlp:RequestedAuthnContext>';
}
}
$spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES);
$acsUrl = htmlspecialchars($spData['assertionConsumerService']['url'], ENT_QUOTES);
$request = <<<AUTHNREQUEST
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="$id"
Version="2.0"
{$providerNameStr}{$forceAuthnStr}{$isPassiveStr}
IssueInstant="$issueInstant"
Destination="{$idpData['singleSignOnService']['url']}"
ProtocolBinding="{$spData['assertionConsumerService']['binding']}"
AssertionConsumerServiceURL="{$acsUrl}">
<saml:Issuer>{$spEntityId}</saml:Issuer>{$subjectStr}{$nameIdPolicyStr}{$requestedAuthnStr}
</samlp:AuthnRequest>
AUTHNREQUEST;
$this->_id = $id;
$this->_authnRequest = $request;
}
/**
* Returns deflated, base64 encoded, unsigned AuthnRequest.
*
* @param bool|null $deflate Whether or not we should 'gzdeflate' the request body before we return it.
*
* @return string
*/
public function getRequest($deflate = null)
{
$subject = $this->_authnRequest;
if (is_null($deflate)) {
$deflate = $this->_settings->shouldCompressRequests();
}
if ($deflate) {
$subject = gzdeflate($this->_authnRequest);
}
$base64Request = base64_encode($subject);
return $base64Request;
}
/**
* Returns the AuthNRequest ID.
*
* @return string
*/
public function getId()
{
return $this->_id;
}
/**
* Returns the XML that will be sent as part of the request
*
* @return string
*/
public function getXML()
{
return $this->_authnRequest;
}
}

84
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Constants.php vendored Normal file
View File

@ -0,0 +1,84 @@
<?php
/**
* This file is part of php-saml.
*
* (c) OneLogin Inc
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @package OneLogin
* @author OneLogin Inc <saml-info@onelogin.com>
* @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE
* @link https://github.com/onelogin/php-saml
*/
namespace OneLogin\Saml2;
/**
* Constants of OneLogin PHP Toolkit
*
* Defines all required constants
*/
class Constants
{
// Value added to the current time in time condition validations
const ALLOWED_CLOCK_DRIFT = 180; // 3 min in seconds
// NameID Formats
const NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress';
const NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName';
const NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName';
const NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified';
const NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos';
const NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity';
const NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
const NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent';
const NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted';
// Attribute Name Formats
const ATTRNAME_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified';
const ATTRNAME_FORMAT_URI = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri';
const ATTRNAME_FORMAT_BASIC = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic';
// Namespaces
const NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion';
const NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol';
const NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/';
const NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata';
const NS_XS = 'http://www.w3.org/2001/XMLSchema';
const NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance';
const NS_XENC = 'http://www.w3.org/2001/04/xmlenc#';
const NS_DS = 'http://www.w3.org/2000/09/xmldsig#';
// Bindings
const BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST';
const BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect';
const BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact';
const BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP';
const BINDING_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE';
// Auth Context Class
const AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified';
const AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password';
const AC_PASSWORD_PROTECTED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport';
const AC_X509 = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509';
const AC_SMARTCARD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard';
const AC_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos';
const AC_WINDOWS = 'urn:federation:authentication:windows';
const AC_TLS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient';
// Subject Confirmation
const CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer';
const CM_HOLDER_KEY = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key';
const CM_SENDER_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches';
// Status Codes
const STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success';
const STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester';
const STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder';
const STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch';
const STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive';
const STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout';
const STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded';
}

66
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Error.php vendored Normal file
View File

@ -0,0 +1,66 @@
<?php
/**
* This file is part of php-saml.
*
* (c) OneLogin Inc
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @package OneLogin
* @author OneLogin Inc <saml-info@onelogin.com>
* @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE
* @link https://github.com/onelogin/php-saml
*/
namespace OneLogin\Saml2;
use Exception;
/**
* Error class of OneLogin PHP Toolkit
*
* Defines the Error class
*/
class Error extends Exception
{
// Errors
const SETTINGS_FILE_NOT_FOUND = 0;
const SETTINGS_INVALID_SYNTAX = 1;
const SETTINGS_INVALID = 2;
const METADATA_SP_INVALID = 3;
const SP_CERTS_NOT_FOUND = 4;
// SP_CERTS_NOT_FOUND is deprecated, use CERT_NOT_FOUND instead
const CERT_NOT_FOUND = 4;
const REDIRECT_INVALID_URL = 5;
const PUBLIC_CERT_FILE_NOT_FOUND = 6;
const PRIVATE_KEY_FILE_NOT_FOUND = 7;
const SAML_RESPONSE_NOT_FOUND = 8;
const SAML_LOGOUTMESSAGE_NOT_FOUND = 9;
const SAML_LOGOUTREQUEST_INVALID = 10;
const SAML_LOGOUTRESPONSE_INVALID = 11;
const SAML_SINGLE_LOGOUT_NOT_SUPPORTED = 12;
const PRIVATE_KEY_NOT_FOUND = 13;
const UNSUPPORTED_SETTINGS_OBJECT = 14;
/**
* Constructor
*
* @param string $msg Describes the error.
* @param int $code The code error (defined in the error class).
* @param array|null $args Arguments used in the message that describes the error.
*/
public function __construct($msg, $code = 0, $args = array())
{
assert(is_string($msg));
assert(is_int($code));
if (!isset($args)) {
$args = array();
}
$params = array_merge(array($msg), $args);
$message = call_user_func_array('sprintf', $params);
parent::__construct($message, $code);
}
}

243
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/IdPMetadataParser.php vendored Normal file
View File

@ -0,0 +1,243 @@
<?php
/**
* This file is part of php-saml.
*
* (c) OneLogin Inc
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @package OneLogin
* @author OneLogin Inc <saml-info@onelogin.com>
* @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE
* @link https://github.com/onelogin/php-saml
*/
namespace OneLogin\Saml2;
use DOMDocument;
use Exception;
/**
* IdP Metadata Parser of OneLogin PHP Toolkit
*/
class IdPMetadataParser
{
/**
* Get IdP Metadata Info from URL
*
* @param string $url URL where the IdP metadata is published
* @param string $entityId Entity Id of the desired IdP, if no
* entity Id is provided and the XML
* metadata contains more than one
* IDPSSODescriptor, the first is returned
* @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat
* @param string $desiredSSOBinding Parse specific binding SSO endpoint
* @param string $desiredSLOBinding Parse specific binding SLO endpoint
*
* @return array metadata info in php-saml settings format
*/
public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT)
{
$metadataInfo = array();
try {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$xml = curl_exec($ch);
if ($xml !== false) {
$metadataInfo = self::parseXML($xml, $entityId, $desiredNameIdFormat, $desiredSSOBinding, $desiredSLOBinding);
} else {
throw new Exception(curl_error($ch), curl_errno($ch));
}
} catch (Exception $e) {
throw new Exception('Error on parseRemoteXML. '.$e->getMessage());
}
return $metadataInfo;
}
/**
* Get IdP Metadata Info from File
*
* @param string $filepath File path
* @param string $entityId Entity Id of the desired IdP, if no
* entity Id is provided and the XML
* metadata contains more than one
* IDPSSODescriptor, the first is returned
* @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat
* @param string $desiredSSOBinding Parse specific binding SSO endpoint
* @param string $desiredSLOBinding Parse specific binding SLO endpoint
*
* @return array metadata info in php-saml settings format
*/
public static function parseFileXML($filepath, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT)
{
$metadataInfo = array();
try {
if (file_exists($filepath)) {
$data = file_get_contents($filepath);
$metadataInfo = self::parseXML($data, $entityId, $desiredNameIdFormat, $desiredSSOBinding, $desiredSLOBinding);
}
} catch (Exception $e) {
throw new Exception('Error on parseFileXML. '.$e->getMessage());
}
return $metadataInfo;
}
/**
* Get IdP Metadata Info from URL
*
* @param string $xml XML that contains IdP metadata
* @param string $entityId Entity Id of the desired IdP, if no
* entity Id is provided and the XML
* metadata contains more than one
* IDPSSODescriptor, the first is returned
* @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat
* @param string $desiredSSOBinding Parse specific binding SSO endpoint
* @param string $desiredSLOBinding Parse specific binding SLO endpoint
*
* @return array metadata info in php-saml settings format
*
* @throws Exception
*/
public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT)
{
$metadataInfo = array();
$dom = new DOMDocument();
$dom->preserveWhiteSpace = false;
$dom->formatOutput = true;
try {
$dom = Utils::loadXML($dom, $xml);
if (!$dom) {
throw new Exception('Error parsing metadata');
}
$customIdPStr = '';
if (!empty($entityId)) {
$customIdPStr = '[@entityID="' . $entityId . '"]';
}
$idpDescryptorXPath = '//md:EntityDescriptor' . $customIdPStr . '/md:IDPSSODescriptor';
$idpDescriptorNodes = Utils::query($dom, $idpDescryptorXPath);
if (isset($idpDescriptorNodes) && $idpDescriptorNodes->length > 0) {
$metadataInfo['idp'] = array();
$idpDescriptor = $idpDescriptorNodes->item(0);
if (empty($entityId) && $idpDescriptor->parentNode->hasAttribute('entityID')) {
$entityId = $idpDescriptor->parentNode->getAttribute('entityID');
}
if (!empty($entityId)) {
$metadataInfo['idp']['entityId'] = $entityId;
}
$ssoNodes = Utils::query($dom, './md:SingleSignOnService[@Binding="'.$desiredSSOBinding.'"]', $idpDescriptor);
if ($ssoNodes->length < 1) {
$ssoNodes = Utils::query($dom, './md:SingleSignOnService', $idpDescriptor);
}
if ($ssoNodes->length > 0) {
$metadataInfo['idp']['singleSignOnService'] = array(
'url' => $ssoNodes->item(0)->getAttribute('Location'),
'binding' => $ssoNodes->item(0)->getAttribute('Binding')
);
}
$sloNodes = Utils::query($dom, './md:SingleLogoutService[@Binding="'.$desiredSLOBinding.'"]', $idpDescriptor);
if ($sloNodes->length < 1) {
$sloNodes = Utils::query($dom, './md:SingleLogoutService', $idpDescriptor);
}
if ($sloNodes->length > 0) {
$metadataInfo['idp']['singleLogoutService'] = array(
'url' => $sloNodes->item(0)->getAttribute('Location'),
'binding' => $sloNodes->item(0)->getAttribute('Binding')
);
if ($sloNodes->item(0)->hasAttribute('ResponseLocation')) {
$metadataInfo['idp']['singleLogoutService']['responseUrl'] = $sloNodes->item(0)->getAttribute('ResponseLocation');
}
}
$keyDescriptorCertSigningNodes = Utils::query($dom, './md:KeyDescriptor[not(contains(@use, "encryption"))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate', $idpDescriptor);
$keyDescriptorCertEncryptionNodes = Utils::query($dom, './md:KeyDescriptor[not(contains(@use, "signing"))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate', $idpDescriptor);
if (!empty($keyDescriptorCertSigningNodes) || !empty($keyDescriptorCertEncryptionNodes)) {
$metadataInfo['idp']['x509certMulti'] = array();
if (!empty($keyDescriptorCertSigningNodes)) {
$idpInfo['x509certMulti']['signing'] = array();
foreach ($keyDescriptorCertSigningNodes as $keyDescriptorCertSigningNode) {
$metadataInfo['idp']['x509certMulti']['signing'][] = Utils::formatCert($keyDescriptorCertSigningNode->nodeValue, false);
}
}
if (!empty($keyDescriptorCertEncryptionNodes)) {
$idpInfo['x509certMulti']['encryption'] = array();
foreach ($keyDescriptorCertEncryptionNodes as $keyDescriptorCertEncryptionNode) {
$metadataInfo['idp']['x509certMulti']['encryption'][] = Utils::formatCert($keyDescriptorCertEncryptionNode->nodeValue, false);
}
}
$idpCertdata = $metadataInfo['idp']['x509certMulti'];
if ((count($idpCertdata) == 1 and
((isset($idpCertdata['signing']) and count($idpCertdata['signing']) == 1) or (isset($idpCertdata['encryption']) and count($idpCertdata['encryption']) == 1))) or
((isset($idpCertdata['signing']) && count($idpCertdata['signing']) == 1) && isset($idpCertdata['encryption']) && count($idpCertdata['encryption']) == 1 && strcmp($idpCertdata['signing'][0], $idpCertdata['encryption'][0]) == 0)) {
if (isset($metadataInfo['idp']['x509certMulti']['signing'][0])) {
$metadataInfo['idp']['x509cert'] = $metadataInfo['idp']['x509certMulti']['signing'][0];
} else {
$metadataInfo['idp']['x509cert'] = $metadataInfo['idp']['x509certMulti']['encryption'][0];
}
unset($metadataInfo['idp']['x509certMulti']);
}
}
$nameIdFormatNodes = Utils::query($dom, './md:NameIDFormat', $idpDescriptor);
if ($nameIdFormatNodes->length > 0) {
$metadataInfo['sp']['NameIDFormat'] = $nameIdFormatNodes->item(0)->nodeValue;
if (!empty($desiredNameIdFormat)) {
foreach ($nameIdFormatNodes as $nameIdFormatNode) {
if (strcmp($nameIdFormatNode->nodeValue, $desiredNameIdFormat) == 0) {
$metadataInfo['sp']['NameIDFormat'] = $nameIdFormatNode->nodeValue;
break;
}
}
}
}
}
} catch (Exception $e) {
throw new Exception('Error parsing metadata. '.$e->getMessage());
}
return $metadataInfo;
}
/**
* Inject metadata info into php-saml settings array
*
* @param array $settings php-saml settings array
* @param array $metadataInfo array metadata info
*
* @return array settings
*/
public static function injectIntoSettings($settings, $metadataInfo)
{
if (isset($metadataInfo['idp']) && isset($settings['idp'])) {
if (isset($metadataInfo['idp']['x509certMulti']) && !empty($metadataInfo['idp']['x509certMulti']) && isset($settings['idp']['x509cert'])) {
unset($settings['idp']['x509cert']);
}
if (isset($metadataInfo['idp']['x509cert']) && !empty($metadataInfo['idp']['x509cert']) && isset($settings['idp']['x509certMulti'])) {
unset($settings['idp']['x509certMulti']);
}
}
return array_replace_recursive($settings, $metadataInfo);
}
}

492
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutRequest.php vendored Normal file
View File

@ -0,0 +1,492 @@
<?php
/**
* This file is part of php-saml.
*
* (c) OneLogin Inc
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @package OneLogin
* @author OneLogin Inc <saml-info@onelogin.com>
* @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE
* @link https://github.com/onelogin/php-saml
*/
namespace OneLogin\Saml2;
use RobRichards\XMLSecLibs\XMLSecurityKey;
use DOMDocument;
use Exception;
/**
* SAML 2 Logout Request
*/
class LogoutRequest
{
/**
* Contains the ID of the Logout Request
*
* @var string
*/
public $id;
/**
* Object that represents the setting info
*
* @var Settings
*/
protected $_settings;
/**
* SAML Logout Request
*
* @var string
*/
protected $_logoutRequest;
/**
* After execute a validation process, this var contains the cause
*
* @var Exception
*/
private $_error;
/**
* Constructs the Logout Request object.
*
* @param Settings $settings Settings
* @param string|null $request A UUEncoded Logout Request.
* @param string|null $nameId The NameID that will be set in the LogoutRequest.
* @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
* @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
* @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest.
* @param string|null $nameIdSPNameQualifier The NameID SP NameQualifier will be set in the LogoutRequest.
*/
public function __construct(\OneLogin\Saml2\Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null)
{
$this->_settings = $settings;
$baseURL = $this->_settings->getBaseURL();
if (!empty($baseURL)) {
Utils::setBaseURL($baseURL);
}
if (!isset($request) || empty($request)) {
$spData = $this->_settings->getSPData();
$idpData = $this->_settings->getIdPData();
$security = $this->_settings->getSecurityData();
$id = Utils::generateUniqueID();
$this->id = $id;
$issueInstant = Utils::parseTime2SAML(time());
$cert = null;
if (isset($security['nameIdEncrypted']) && $security['nameIdEncrypted']) {
$existsMultiX509Enc = isset($idpData['x509certMulti']) && isset($idpData['x509certMulti']['encryption']) && !empty($idpData['x509certMulti']['encryption']);
if ($existsMultiX509Enc) {
$cert = $idpData['x509certMulti']['encryption'][0];
} else {
$cert = $idpData['x509cert'];
}
}
if (!empty($nameId)) {
if (empty($nameIdFormat)
&& $spData['NameIDFormat'] != Constants::NAMEID_UNSPECIFIED) {
$nameIdFormat = $spData['NameIDFormat'];
}
} else {
$nameId = $idpData['entityId'];
$nameIdFormat = Constants::NAMEID_ENTITY;
}
/* From saml-core-2.0-os 8.3.6, when the entity Format is used:
"The NameQualifier, SPNameQualifier, and SPProvidedID attributes MUST be omitted.
*/
if (!empty($nameIdFormat) && $nameIdFormat == Constants::NAMEID_ENTITY) {
$nameIdNameQualifier = null;
$nameIdSPNameQualifier = null;
}
// NameID Format UNSPECIFIED omitted
if (!empty($nameIdFormat) && $nameIdFormat == Constants::NAMEID_UNSPECIFIED) {
$nameIdFormat = null;
}
$nameIdObj = Utils::generateNameId(
$nameId,
$nameIdSPNameQualifier,
$nameIdFormat,
$cert,
$nameIdNameQualifier
);
$sessionIndexStr = isset($sessionIndex) ? "<samlp:SessionIndex>{$sessionIndex}</samlp:SessionIndex>" : "";
$spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES);
$logoutRequest = <<<LOGOUTREQUEST
<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="{$id}"
Version="2.0"
IssueInstant="{$issueInstant}"
Destination="{$idpData['singleLogoutService']['url']}">
<saml:Issuer>{$spEntityId}</saml:Issuer>
{$nameIdObj}
{$sessionIndexStr}
</samlp:LogoutRequest>
LOGOUTREQUEST;
} else {
$decoded = base64_decode($request);
// We try to inflate
$inflated = @gzinflate($decoded);
if ($inflated != false) {
$logoutRequest = $inflated;
} else {
$logoutRequest = $decoded;
}
$this->id = static::getID($logoutRequest);
}
$this->_logoutRequest = $logoutRequest;
}
/**
* Returns the Logout Request defated, base64encoded, unsigned
*
* @param bool|null $deflate Whether or not we should 'gzdeflate' the request body before we return it.
*
* @return string Deflated base64 encoded Logout Request
*/
public function getRequest($deflate = null)
{
$subject = $this->_logoutRequest;
if (is_null($deflate)) {
$deflate = $this->_settings->shouldCompressRequests();
}
if ($deflate) {
$subject = gzdeflate($this->_logoutRequest);
}
return base64_encode($subject);
}
/**
* Returns the ID of the Logout Request.
*
* @param string|DOMDocument $request Logout Request Message
*
* @return string ID
*
* @throws Error
*/
public static function getID($request)
{
if ($request instanceof DOMDocument) {
$dom = $request;
} else {
$dom = new DOMDocument();
$dom = Utils::loadXML($dom, $request);
}
if (false === $dom) {
throw new Error(
"LogoutRequest could not be processed",
Error::SAML_LOGOUTREQUEST_INVALID
);
}
$id = $dom->documentElement->getAttribute('ID');
return $id;
}
/**
* Gets the NameID Data of the the Logout Request.
*
* @param string|DOMDocument $request Logout Request Message
* @param string|null $key The SP key
*
* @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
*
* @throws Error
* @throws Exception
* @throws ValidationError
*/
public static function getNameIdData($request, $key = null)
{
if ($request instanceof DOMDocument) {
$dom = $request;
} else {
$dom = new DOMDocument();
$dom = Utils::loadXML($dom, $request);
}
$encryptedEntries = Utils::query($dom, '/samlp:LogoutRequest/saml:EncryptedID');
if ($encryptedEntries->length == 1) {
$encryptedDataNodes = $encryptedEntries->item(0)->getElementsByTagName('EncryptedData');
$encryptedData = $encryptedDataNodes->item(0);
if (empty($key)) {
throw new Error(
"Private Key is required in order to decrypt the NameID, check settings",
Error::PRIVATE_KEY_NOT_FOUND
);
}
$seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private'));
$seckey->loadKey($key);
$nameId = Utils::decryptElement($encryptedData, $seckey);
} else {
$entries = Utils::query($dom, '/samlp:LogoutRequest/saml:NameID');
if ($entries->length == 1) {
$nameId = $entries->item(0);
}
}
if (!isset($nameId)) {
throw new ValidationError(
"NameID not found in the Logout Request",
ValidationError::NO_NAMEID
);
}
$nameIdData = array();
$nameIdData['Value'] = $nameId->nodeValue;
foreach (array('Format', 'SPNameQualifier', 'NameQualifier') as $attr) {
if ($nameId->hasAttribute($attr)) {
$nameIdData[$attr] = $nameId->getAttribute($attr);
}
}
return $nameIdData;
}
/**
* Gets the NameID of the Logout Request.
*
* @param string|DOMDocument $request Logout Request Message
* @param string|null $key The SP key
*
* @return string Name ID Value
*
* @throws Error
* @throws Exception
* @throws ValidationError
*/
public static function getNameId($request, $key = null)
{
$nameId = self::getNameIdData($request, $key);
return $nameId['Value'];
}
/**
* Gets the Issuer of the Logout Request.
*
* @param string|DOMDocument $request Logout Request Message
*
* @return string|null $issuer The Issuer
*
* @throws Exception
*/
public static function getIssuer($request)
{
if ($request instanceof DOMDocument) {
$dom = $request;
} else {
$dom = new DOMDocument();
$dom = Utils::loadXML($dom, $request);
}
$issuer = null;
$issuerNodes = Utils::query($dom, '/samlp:LogoutRequest/saml:Issuer');
if ($issuerNodes->length == 1) {
$issuer = $issuerNodes->item(0)->textContent;
}
return $issuer;
}
/**
* Gets the SessionIndexes from the Logout Request.
* Notice: Our Constructor only support 1 SessionIndex but this parser
* extracts an array of all the SessionIndex found on a
* Logout Request, that could be many.
*
* @param string|DOMDocument $request Logout Request Message
*
* @return array The SessionIndex value
*
* @throws Exception
*/
public static function getSessionIndexes($request)
{
if ($request instanceof DOMDocument) {
$dom = $request;
} else {
$dom = new DOMDocument();
$dom = Utils::loadXML($dom, $request);
}
$sessionIndexes = array();
$sessionIndexNodes = Utils::query($dom, '/samlp:LogoutRequest/samlp:SessionIndex');
foreach ($sessionIndexNodes as $sessionIndexNode) {
$sessionIndexes[] = $sessionIndexNode->textContent;
}
return $sessionIndexes;
}
/**
* Checks if the Logout Request recieved is valid.
*
* @param bool $retrieveParametersFromServer True if we want to use parameters from $_SERVER to validate the signature
*
* @return bool If the Logout Request is or not valid
*
* @throws Exception
* @throws ValidationError
*/
public function isValid($retrieveParametersFromServer = false)
{
$this->_error = null;
try {
$dom = new DOMDocument();
$dom = Utils::loadXML($dom, $this->_logoutRequest);
$idpData = $this->_settings->getIdPData();
$idPEntityId = $idpData['entityId'];
if ($this->_settings->isStrict()) {
$security = $this->_settings->getSecurityData();
if ($security['wantXMLValidation']) {
$res = Utils::validateXML($dom, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath());
if (!$res instanceof DOMDocument) {
throw new ValidationError(
"Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd",
ValidationError::INVALID_XML_FORMAT
);
}
}
$currentURL = Utils::getSelfRoutedURLNoQuery();
// Check NotOnOrAfter
if ($dom->documentElement->hasAttribute('NotOnOrAfter')) {
$na = Utils::parseSAML2Time($dom->documentElement->getAttribute('NotOnOrAfter'));
if ($na <= time()) {
throw new ValidationError(
"Could not validate timestamp: expired. Check system clock.",
ValidationError::RESPONSE_EXPIRED
);
}
}
// Check destination
if ($dom->documentElement->hasAttribute('Destination')) {
$destination = $dom->documentElement->getAttribute('Destination');
if (empty($destination)) {
if (!$security['relaxDestinationValidation']) {
throw new ValidationError(
"The LogoutRequest has an empty Destination value",
ValidationError::EMPTY_DESTINATION
);
}
} else {
$urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL);
if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) {
$currentURLNoRouted = Utils::getSelfURLNoQuery();
$urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted);
if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) {
throw new ValidationError(
"The LogoutRequest was received at $currentURL instead of $destination",
ValidationError::WRONG_DESTINATION
);
}
}
}
}
$nameId = static::getNameId($dom, $this->_settings->getSPkey());
// Check issuer
$issuer = static::getIssuer($dom);
if (!empty($issuer) && $issuer != $idPEntityId) {
throw new ValidationError(
"Invalid issuer in the Logout Request",
ValidationError::WRONG_ISSUER
);
}
if ($security['wantMessagesSigned'] && !isset($_GET['Signature'])) {
throw new ValidationError(
"The Message of the Logout Request is not signed and the SP require it",
ValidationError::NO_SIGNED_MESSAGE
);
}
}
if (isset($_GET['Signature'])) {
$signatureValid = Utils::validateBinarySign("SAMLRequest", $_GET, $idpData, $retrieveParametersFromServer);
if (!$signatureValid) {
throw new ValidationError(
"Signature validation failed. Logout Request rejected",
ValidationError::INVALID_SIGNATURE
);
}
}
return true;
} catch (Exception $e) {
$this->_error = $e;
$debug = $this->_settings->isDebugActive();
if ($debug) {
echo htmlentities($this->_error->getMessage());
}
return false;
}
}
/**
* After execute a validation process, if fails this method returns the Exception of the cause
*
* @return Exception Cause
*/
public function getErrorException()
{
return $this->_error;
}
/**
* After execute a validation process, if fails this method returns the cause
*
* @return null|string Error reason
*/
public function getError()
{
$errorMsg = null;
if (isset($this->_error)) {
$errorMsg = htmlentities($this->_error->getMessage());
}
return $errorMsg;
}
/**
* Returns the XML that will be sent as part of the request
* or that was received at the SP
*
* @return string
*/
public function getXML()
{
return $this->_logoutRequest;
}
}

348
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/LogoutResponse.php vendored Normal file
View File

@ -0,0 +1,348 @@
<?php
/**
* This file is part of php-saml.
*
* (c) OneLogin Inc
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @package OneLogin
* @author OneLogin Inc <saml-info@onelogin.com>
* @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE
* @link https://github.com/onelogin/php-saml
*/
namespace OneLogin\Saml2;
use DOMDocument;
use DOMNodeList;
use Exception;
/**
* SAML 2 Logout Response
*/
class LogoutResponse
{
/**
* Contains the ID of the Logout Response
*
* @var string
*/
public $id;
/**
* Object that represents the setting info
*
* @var Settings
*/
protected $_settings;
/**
* The decoded, unprocessed XML response provided to the constructor.
*
* @var string|null
*/
protected $_logoutResponse;
/**
* A DOMDocument class loaded from the SAML LogoutResponse.
*
* @var DOMDocument
*/
public $document;
/**
* After execute a validation process, if it fails, this var contains the cause
*
* @var Exception|null
*/
private $_error;
/**
* Constructs a Logout Response object (Initialize params from settings and if provided
* load the Logout Response.
*
* @param Settings $settings Settings.
* @param string|null $response An UUEncoded SAML Logout response from the IdP.
*
* @throws Error
* @throws Exception
*/
public function __construct(\OneLogin\Saml2\Settings $settings, $response = null)
{
$this->_settings = $settings;
$baseURL = $this->_settings->getBaseURL();
if (!empty($baseURL)) {
Utils::setBaseURL($baseURL);
}
if ($response) {
$decoded = base64_decode($response);
$inflated = @gzinflate($decoded);
if ($inflated != false) {
$this->_logoutResponse = $inflated;
} else {
$this->_logoutResponse = $decoded;
}
$this->document = new DOMDocument();
$this->document = Utils::loadXML($this->document, $this->_logoutResponse);
if (false === $this->document) {
throw new Error(
"LogoutResponse could not be processed",
Error::SAML_LOGOUTRESPONSE_INVALID
);
}
if ($this->document->documentElement->hasAttribute('ID')) {
$this->id = $this->document->documentElement->getAttribute('ID');
}
}
}
/**
* Gets the Issuer of the Logout Response.
*
* @return string|null $issuer The Issuer
*/
public function getIssuer()
{
$issuer = null;
$issuerNodes = $this->_query('/samlp:LogoutResponse/saml:Issuer');
if ($issuerNodes->length == 1) {
$issuer = $issuerNodes->item(0)->textContent;
}
return $issuer;
}
/**
* Gets the Status of the Logout Response.
*
* @return string|null The Status
*/
public function getStatus()
{
$entries = $this->_query('/samlp:LogoutResponse/samlp:Status/samlp:StatusCode');
if ($entries->length != 1) {
return null;
}
$status = $entries->item(0)->getAttribute('Value');
return $status;
}
/**
* Determines if the SAML LogoutResponse is valid
*
* @param string|null $requestId The ID of the LogoutRequest sent by this SP to the IdP
* @param bool $retrieveParametersFromServer True if we want to use parameters from $_SERVER to validate the signature
*
* @return bool Returns if the SAML LogoutResponse is or not valid
*
* @throws ValidationError
*/
public function isValid($requestId = null, $retrieveParametersFromServer = false)
{
$this->_error = null;
try {
$idpData = $this->_settings->getIdPData();
$idPEntityId = $idpData['entityId'];
if ($this->_settings->isStrict()) {
$security = $this->_settings->getSecurityData();
if ($security['wantXMLValidation']) {
$res = Utils::validateXML($this->document, 'saml-schema-protocol-2.0.xsd', $this->_settings->isDebugActive(), $this->_settings->getSchemasPath());
if (!$res instanceof DOMDocument) {
throw new ValidationError(
"Invalid SAML Logout Response. Not match the saml-schema-protocol-2.0.xsd",
ValidationError::INVALID_XML_FORMAT
);
}
}
// Check if the InResponseTo of the Logout Response matchs the ID of the Logout Request (requestId) if provided
if (isset($requestId) && $this->document->documentElement->hasAttribute('InResponseTo')) {
$inResponseTo = $this->document->documentElement->getAttribute('InResponseTo');
if ($requestId != $inResponseTo) {
throw new ValidationError(
"The InResponseTo of the Logout Response: $inResponseTo, does not match the ID of the Logout request sent by the SP: $requestId",
ValidationError::WRONG_INRESPONSETO
);
}
}
// Check issuer
$issuer = $this->getIssuer();
if (!empty($issuer) && $issuer != $idPEntityId) {
throw new ValidationError(
"Invalid issuer in the Logout Response",
ValidationError::WRONG_ISSUER
);
}
$currentURL = Utils::getSelfRoutedURLNoQuery();
if ($this->document->documentElement->hasAttribute('Destination')) {
$destination = $this->document->documentElement->getAttribute('Destination');
if (empty($destination)) {
if (!$security['relaxDestinationValidation']) {
throw new ValidationError(
"The LogoutResponse has an empty Destination value",
ValidationError::EMPTY_DESTINATION
);
}
} else {
$urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL);
if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) {
$currentURLNoRouted = Utils::getSelfURLNoQuery();
$urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted);
if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) {
throw new ValidationError(
"The LogoutResponse was received at $currentURL instead of $destination",
ValidationError::WRONG_DESTINATION
);
}
}
}
}
if ($security['wantMessagesSigned'] && !isset($_GET['Signature'])) {
throw new ValidationError(
"The Message of the Logout Response is not signed and the SP requires it",
ValidationError::NO_SIGNED_MESSAGE
);
}
}
if (isset($_GET['Signature'])) {
$signatureValid = Utils::validateBinarySign("SAMLResponse", $_GET, $idpData, $retrieveParametersFromServer);
if (!$signatureValid) {
throw new ValidationError(
"Signature validation failed. Logout Response rejected",
ValidationError::INVALID_SIGNATURE
);
}
}
return true;
} catch (Exception $e) {
$this->_error = $e;
$debug = $this->_settings->isDebugActive();
if ($debug) {
echo htmlentities($this->_error->getMessage());
}
return false;
}
}
/**
* Extracts a node from the DOMDocument (Logout Response Menssage)
*
* @param string $query Xpath Expression
*
* @return DOMNodeList The queried node
*/
private function _query($query)
{
return Utils::query($this->document, $query);
}
/**
* Generates a Logout Response object.
*
* @param string $inResponseTo InResponseTo value for the Logout Response.
*/
public function build($inResponseTo)
{
$spData = $this->_settings->getSPData();
$idpData = $this->_settings->getIdPData();
$this->id = Utils::generateUniqueID();
$issueInstant = Utils::parseTime2SAML(time());
$spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES);
$logoutResponse = <<<LOGOUTRESPONSE
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="{$this->id}"
Version="2.0"
IssueInstant="{$issueInstant}"
Destination="{$idpData['singleLogoutService']['url']}"
InResponseTo="{$inResponseTo}"
>
<saml:Issuer>{$spEntityId}</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
</samlp:LogoutResponse>
LOGOUTRESPONSE;
$this->_logoutResponse = $logoutResponse;
}
/**
* Returns a Logout Response object.
*
* @param bool|null $deflate Whether or not we should 'gzdeflate' the response body before we return it.
*
* @return string Logout Response deflated and base64 encoded
*/
public function getResponse($deflate = null)
{
$logoutResponse = $this->_logoutResponse;
if (is_null($deflate)) {
$deflate = $this->_settings->shouldCompressResponses();
}
if ($deflate) {
$logoutResponse = gzdeflate($this->_logoutResponse);
}
return base64_encode($logoutResponse);
}
/**
* After execute a validation process, if fails this method returns the cause.
*
* @return Exception|null Cause
*/
public function getErrorException()
{
return $this->_error;
}
/**
* After execute a validation process, if fails this method returns the cause
*
* @return null|string Error reason
*/
public function getError()
{
$errorMsg = null;
if (isset($this->_error)) {
$errorMsg = htmlentities($this->_error->getMessage());
}
return $errorMsg;
}
/**
* @return string the ID of the Response
*/
public function getId()
{
return $this->id;
}
/**
* Returns the XML that will be sent as part of the response
* or that was received at the SP
*
* @return string|null
*/
public function getXML()
{
return $this->_logoutResponse;
}
}

267
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Metadata.php vendored Normal file
View File

@ -0,0 +1,267 @@
<?php
/**
* This file is part of php-saml.
*
* (c) OneLogin Inc
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @package OneLogin
* @author OneLogin Inc <saml-info@onelogin.com>
* @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE
* @link https://github.com/onelogin/php-saml
*/
namespace OneLogin\Saml2;
use RobRichards\XMLSecLibs\XMLSecurityKey;
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use DOMDocument;
use Exception;
/**
* Metadata lib of OneLogin PHP Toolkit
*/
class Metadata
{
const TIME_VALID = 172800; // 2 days
const TIME_CACHED = 604800; // 1 week
/**
* Generates the metadata of the SP based on the settings
*
* @param array $sp The SP data
* @param bool|string $authnsign authnRequestsSigned attribute
* @param bool|string $wsign wantAssertionsSigned attribute
* @param int|null $validUntil Metadata's valid time
* @param int|null $cacheDuration Duration of the cache in seconds
* @param array $contacts Contacts info
* @param array $organization Organization ingo
* @param array $attributes
*
* @return string SAML Metadata XML
*/
public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array())
{
if (!isset($validUntil)) {
$validUntil = time() + self::TIME_VALID;
}
$validUntilTime = Utils::parseTime2SAML($validUntil);
if (!isset($cacheDuration)) {
$cacheDuration = self::TIME_CACHED;
}
$sls = '';
if (isset($sp['singleLogoutService'])) {
$slsUrl = htmlspecialchars($sp['singleLogoutService']['url'], ENT_QUOTES);
$sls = <<<SLS_TEMPLATE
<md:SingleLogoutService Binding="{$sp['singleLogoutService']['binding']}"
Location="{$slsUrl}" />
SLS_TEMPLATE;
}
if ($authnsign) {
$strAuthnsign = 'true';
} else {
$strAuthnsign = 'false';
}
if ($wsign) {
$strWsign = 'true';
} else {
$strWsign = 'false';
}
$strOrganization = '';
if (!empty($organization)) {
$organizationInfoNames = array();
$organizationInfoDisplaynames = array();
$organizationInfoUrls = array();
foreach ($organization as $lang => $info) {
$organizationInfoNames[] = <<<ORGANIZATION_NAME
<md:OrganizationName xml:lang="{$lang}">{$info['name']}</md:OrganizationName>
ORGANIZATION_NAME;
$organizationInfoDisplaynames[] = <<<ORGANIZATION_DISPLAY
<md:OrganizationDisplayName xml:lang="{$lang}">{$info['displayname']}</md:OrganizationDisplayName>
ORGANIZATION_DISPLAY;
$organizationInfoUrls[] = <<<ORGANIZATION_URL
<md:OrganizationURL xml:lang="{$lang}">{$info['url']}</md:OrganizationURL>
ORGANIZATION_URL;
}
$orgData = implode("\n", $organizationInfoNames)."\n".implode("\n", $organizationInfoDisplaynames)."\n".implode("\n", $organizationInfoUrls);
$strOrganization = <<<ORGANIZATIONSTR
<md:Organization>
{$orgData}
</md:Organization>
ORGANIZATIONSTR;
}
$strContacts = '';
if (!empty($contacts)) {
$contactsInfo = array();
foreach ($contacts as $type => $info) {
$contactsInfo[] = <<<CONTACT
<md:ContactPerson contactType="{$type}">
<md:GivenName>{$info['givenName']}</md:GivenName>
<md:EmailAddress>{$info['emailAddress']}</md:EmailAddress>
</md:ContactPerson>
CONTACT;
}
$strContacts = "\n".implode("\n", $contactsInfo);
}
$strAttributeConsumingService = '';
if (isset($sp['attributeConsumingService'])) {
$attrCsDesc = '';
if (isset($sp['attributeConsumingService']['serviceDescription'])) {
$attrCsDesc = sprintf(
' <md:ServiceDescription xml:lang="en">%s</md:ServiceDescription>' . PHP_EOL,
$sp['attributeConsumingService']['serviceDescription']
);
}
if (!isset($sp['attributeConsumingService']['serviceName'])) {
$sp['attributeConsumingService']['serviceName'] = 'Service';
}
$requestedAttributeData = array();
foreach ($sp['attributeConsumingService']['requestedAttributes'] as $attribute) {
$requestedAttributeStr = sprintf(' <md:RequestedAttribute Name="%s"', $attribute['name']);
if (isset($attribute['nameFormat'])) {
$requestedAttributeStr .= sprintf(' NameFormat="%s"', $attribute['nameFormat']);
}
if (isset($attribute['friendlyName'])) {
$requestedAttributeStr .= sprintf(' FriendlyName="%s"', $attribute['friendlyName']);
}
if (isset($attribute['isRequired'])) {
$requestedAttributeStr .= sprintf(' isRequired="%s"', $attribute['isRequired'] === true ? 'true' : 'false');
}
$reqAttrAuxStr = " />";
if (isset($attribute['attributeValue']) && !empty($attribute['attributeValue'])) {
$reqAttrAuxStr = '>';
if (is_string($attribute['attributeValue'])) {
$attribute['attributeValue'] = array($attribute['attributeValue']);
}
foreach ($attribute['attributeValue'] as $attrValue) {
$reqAttrAuxStr .=<<<ATTRIBUTEVALUE
<saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">{$attrValue}</saml:AttributeValue>
ATTRIBUTEVALUE;
}
$reqAttrAuxStr .= "\n </md:RequestedAttribute>";
}
$requestedAttributeData[] = $requestedAttributeStr . $reqAttrAuxStr;
}
$requestedAttributeStr = implode(PHP_EOL, $requestedAttributeData);
$strAttributeConsumingService = <<<METADATA_TEMPLATE
<md:AttributeConsumingService index="1">
<md:ServiceName xml:lang="en">{$sp['attributeConsumingService']['serviceName']}</md:ServiceName>
{$attrCsDesc}{$requestedAttributeStr}
</md:AttributeConsumingService>
METADATA_TEMPLATE;
}
$spEntityId = htmlspecialchars($sp['entityId'], ENT_QUOTES);
$acsUrl = htmlspecialchars($sp['assertionConsumerService']['url'], ENT_QUOTES);
$metadata = <<<METADATA_TEMPLATE
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
validUntil="{$validUntilTime}"
cacheDuration="PT{$cacheDuration}S"
entityID="{$spEntityId}">
<md:SPSSODescriptor AuthnRequestsSigned="{$strAuthnsign}" WantAssertionsSigned="{$strWsign}" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
{$sls} <md:NameIDFormat>{$sp['NameIDFormat']}</md:NameIDFormat>
<md:AssertionConsumerService Binding="{$sp['assertionConsumerService']['binding']}"
Location="{$acsUrl}"
index="1" />
{$strAttributeConsumingService}
</md:SPSSODescriptor>{$strOrganization}{$strContacts}
</md:EntityDescriptor>
METADATA_TEMPLATE;
return $metadata;
}
/**
* Signs the metadata with the key/cert provided
*
* @param string $metadata SAML Metadata XML
* @param string $key x509 key
* @param string $cert x509 cert
* @param string $signAlgorithm Signature algorithm method
* @param string $digestAlgorithm Digest algorithm method
*
* @return string Signed Metadata
*
* @throws Exception
*/
public static function signMetadata($metadata, $key, $cert, $signAlgorithm = XMLSecurityKey::RSA_SHA256, $digestAlgorithm = XMLSecurityDSig::SHA256)
{
return Utils::addSign($metadata, $key, $cert, $signAlgorithm, $digestAlgorithm);
}
/**
* Adds the x509 descriptors (sign/encryption) to the metadata
* The same cert will be used for sign/encrypt
*
* @param string $metadata SAML Metadata XML
* @param string $cert x509 cert
* @param bool $wantsEncrypted Whether to include the KeyDescriptor for encryption
*
* @return string Metadata with KeyDescriptors
*
* @throws Exception
*/
public static function addX509KeyDescriptors($metadata, $cert, $wantsEncrypted = true)
{
$xml = new DOMDocument();
$xml->preserveWhiteSpace = false;
$xml->formatOutput = true;
try {
$xml = Utils::loadXML($xml, $metadata);
if (!$xml) {
throw new Exception('Error parsing metadata');
}
} catch (Exception $e) {
throw new Exception('Error parsing metadata. '.$e->getMessage());
}
$formatedCert = Utils::formatCert($cert, false);
$x509Certificate = $xml->createElementNS(Constants::NS_DS, 'X509Certificate', $formatedCert);
$keyData = $xml->createElementNS(Constants::NS_DS, 'ds:X509Data');
$keyData->appendChild($x509Certificate);
$keyInfo = $xml->createElementNS(Constants::NS_DS, 'ds:KeyInfo');
$keyInfo->appendChild($keyData);
$keyDescriptor = $xml->createElementNS(Constants::NS_MD, "md:KeyDescriptor");
$SPSSODescriptor = $xml->getElementsByTagName('SPSSODescriptor')->item(0);
$SPSSODescriptor->insertBefore($keyDescriptor->cloneNode(), $SPSSODescriptor->firstChild);
if ($wantsEncrypted === true) {
$SPSSODescriptor->insertBefore($keyDescriptor->cloneNode(), $SPSSODescriptor->firstChild);
}
$signing = $xml->getElementsByTagName('KeyDescriptor')->item(0);
$signing->setAttribute('use', 'signing');
$signing->appendChild($keyInfo);
if ($wantsEncrypted === true) {
$encryption = $xml->getElementsByTagName('KeyDescriptor')->item(1);
$encryption->setAttribute('use', 'encryption');
$encryption->appendChild($keyInfo->cloneNode(true));
}
return $xml->saveXML();
}
}

1227
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1116
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Settings.php vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1564
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php vendored Normal file
View File

File diff suppressed because it is too large Load Diff

100
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/ValidationError.php vendored Normal file
View File

@ -0,0 +1,100 @@
<?php
/**
* This file is part of php-saml.
*
* (c) OneLogin Inc
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @package OneLogin
* @author OneLogin Inc <saml-info@onelogin.com>
* @license MIT https://github.com/onelogin/php-saml/blob/master/LICENSE
* @link https://github.com/onelogin/php-saml
*/
namespace OneLogin\Saml2;
use Exception;
/**
* ValidationError class of OneLogin PHP Toolkit
*
* This class implements another custom Exception handler,
* related to exceptions that happens during validation process.
*/
class ValidationError extends Exception
{
// Validation Errors
const UNSUPPORTED_SAML_VERSION = 0;
const MISSING_ID = 1;
const WRONG_NUMBER_OF_ASSERTIONS = 2;
const MISSING_STATUS = 3;
const MISSING_STATUS_CODE = 4;
const STATUS_CODE_IS_NOT_SUCCESS = 5;
const WRONG_SIGNED_ELEMENT = 6;
const ID_NOT_FOUND_IN_SIGNED_ELEMENT = 7;
const DUPLICATED_ID_IN_SIGNED_ELEMENTS = 8;
const INVALID_SIGNED_ELEMENT = 9;
const DUPLICATED_REFERENCE_IN_SIGNED_ELEMENTS = 10;
const UNEXPECTED_SIGNED_ELEMENTS = 11;
const WRONG_NUMBER_OF_SIGNATURES_IN_RESPONSE = 12;
const WRONG_NUMBER_OF_SIGNATURES_IN_ASSERTION = 13;
const INVALID_XML_FORMAT = 14;
const WRONG_INRESPONSETO = 15;
const NO_ENCRYPTED_ASSERTION = 16;
const NO_ENCRYPTED_NAMEID = 17;
const MISSING_CONDITIONS = 18;
const ASSERTION_TOO_EARLY = 19;
const ASSERTION_EXPIRED = 20;
const WRONG_NUMBER_OF_AUTHSTATEMENTS = 21;
const NO_ATTRIBUTESTATEMENT = 22;
const ENCRYPTED_ATTRIBUTES = 23;
const WRONG_DESTINATION = 24;
const EMPTY_DESTINATION = 25;
const WRONG_AUDIENCE = 26;
const ISSUER_MULTIPLE_IN_RESPONSE = 27;
const ISSUER_NOT_FOUND_IN_ASSERTION = 28;
const WRONG_ISSUER = 29;
const SESSION_EXPIRED = 30;
const WRONG_SUBJECTCONFIRMATION = 31;
const NO_SIGNED_MESSAGE = 32;
const NO_SIGNED_ASSERTION = 33;
const NO_SIGNATURE_FOUND = 34;
const KEYINFO_NOT_FOUND_IN_ENCRYPTED_DATA = 35;
const CHILDREN_NODE_NOT_FOUND_IN_KEYINFO = 36;
const UNSUPPORTED_RETRIEVAL_METHOD = 37;
const NO_NAMEID = 38;
const EMPTY_NAMEID = 39;
const SP_NAME_QUALIFIER_NAME_MISMATCH = 40;
const DUPLICATED_ATTRIBUTE_NAME_FOUND = 41;
const INVALID_SIGNATURE = 42;
const WRONG_NUMBER_OF_SIGNATURES = 43;
const RESPONSE_EXPIRED = 44;
const UNEXPECTED_REFERENCE = 45;
const NOT_SUPPORTED = 46;
const KEY_ALGORITHM_ERROR = 47;
const MISSING_ENCRYPTED_ELEMENT = 48;
/**
* Constructor
*
* @param string $msg Describes the error.
* @param int $code The code error (defined in the error class).
* @param array|null $args Arguments used in the message that describes the error.
*/
public function __construct($msg, $code = 0, $args = array())
{
assert(is_string($msg));
assert(is_int($code));
if (!isset($args)) {
$args = array();
}
$params = array_merge(array($msg), $args);
$message = call_user_func_array('sprintf', $params);
parent::__construct($message, $code);
}
}

283
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-assertion-2.0.xsd vendored Normal file
View File

@ -0,0 +1,283 @@
<?xml version="1.0" encoding="US-ASCII"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
schemaLocation="xenc-schema.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-assertion-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V1.0 (November, 2002):
Initial Standard Schema.
V1.1 (September, 2003):
Updates within the same V1.0 namespace.
V2.0 (March, 2005):
New assertion schema for SAML V2.0 namespace.
</documentation>
</annotation>
<attributeGroup name="IDNameQualifiers">
<attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="SPNameQualifier" type="string" use="optional"/>
</attributeGroup>
<element name="BaseID" type="saml:BaseIDAbstractType"/>
<complexType name="BaseIDAbstractType" abstract="true">
<attributeGroup ref="saml:IDNameQualifiers"/>
</complexType>
<element name="NameID" type="saml:NameIDType"/>
<complexType name="NameIDType">
<simpleContent>
<extension base="string">
<attributeGroup ref="saml:IDNameQualifiers"/>
<attribute name="Format" type="anyURI" use="optional"/>
<attribute name="SPProvidedID" type="string" use="optional"/>
</extension>
</simpleContent>
</complexType>
<complexType name="EncryptedElementType">
<sequence>
<element ref="xenc:EncryptedData"/>
<element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="EncryptedID" type="saml:EncryptedElementType"/>
<element name="Issuer" type="saml:NameIDType"/>
<element name="AssertionIDRef" type="NCName"/>
<element name="AssertionURIRef" type="anyURI"/>
<element name="Assertion" type="saml:AssertionType"/>
<complexType name="AssertionType">
<sequence>
<element ref="saml:Issuer"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="saml:Subject" minOccurs="0"/>
<element ref="saml:Conditions" minOccurs="0"/>
<element ref="saml:Advice" minOccurs="0"/>
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Statement"/>
<element ref="saml:AuthnStatement"/>
<element ref="saml:AuthzDecisionStatement"/>
<element ref="saml:AttributeStatement"/>
</choice>
</sequence>
<attribute name="Version" type="string" use="required"/>
<attribute name="ID" type="ID" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
</complexType>
<element name="Subject" type="saml:SubjectType"/>
<complexType name="SubjectType">
<choice>
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
</choice>
</complexType>
<element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
<complexType name="SubjectConfirmationType">
<sequence>
<choice minOccurs="0">
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="saml:SubjectConfirmationData" minOccurs="0"/>
</sequence>
<attribute name="Method" type="anyURI" use="required"/>
</complexType>
<element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
<complexType name="SubjectConfirmationDataType" mixed="true">
<complexContent>
<restriction base="anyType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
<attribute name="Recipient" type="anyURI" use="optional"/>
<attribute name="InResponseTo" type="NCName" use="optional"/>
<attribute name="Address" type="string" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</restriction>
</complexContent>
</complexType>
<complexType name="KeyInfoConfirmationDataType" mixed="false">
<complexContent>
<restriction base="saml:SubjectConfirmationDataType">
<sequence>
<element ref="ds:KeyInfo" maxOccurs="unbounded"/>
</sequence>
</restriction>
</complexContent>
</complexType>
<element name="Conditions" type="saml:ConditionsType"/>
<complexType name="ConditionsType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Condition"/>
<element ref="saml:AudienceRestriction"/>
<element ref="saml:OneTimeUse"/>
<element ref="saml:ProxyRestriction"/>
</choice>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
</complexType>
<element name="Condition" type="saml:ConditionAbstractType"/>
<complexType name="ConditionAbstractType" abstract="true"/>
<element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
<complexType name="AudienceRestrictionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Audience" type="anyURI"/>
<element name="OneTimeUse" type="saml:OneTimeUseType" />
<complexType name="OneTimeUseType">
<complexContent>
<extension base="saml:ConditionAbstractType"/>
</complexContent>
</complexType>
<element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
<complexType name="ProxyRestrictionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Count" type="nonNegativeInteger" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="Advice" type="saml:AdviceType"/>
<complexType name="AdviceType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:AssertionIDRef"/>
<element ref="saml:AssertionURIRef"/>
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
<element name="Statement" type="saml:StatementAbstractType"/>
<complexType name="StatementAbstractType" abstract="true"/>
<element name="AuthnStatement" type="saml:AuthnStatementType"/>
<complexType name="AuthnStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:SubjectLocality" minOccurs="0"/>
<element ref="saml:AuthnContext"/>
</sequence>
<attribute name="AuthnInstant" type="dateTime" use="required"/>
<attribute name="SessionIndex" type="string" use="optional"/>
<attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="SubjectLocality" type="saml:SubjectLocalityType"/>
<complexType name="SubjectLocalityType">
<attribute name="Address" type="string" use="optional"/>
<attribute name="DNSName" type="string" use="optional"/>
</complexType>
<element name="AuthnContext" type="saml:AuthnContextType"/>
<complexType name="AuthnContextType">
<sequence>
<choice>
<sequence>
<element ref="saml:AuthnContextClassRef"/>
<choice minOccurs="0">
<element ref="saml:AuthnContextDecl"/>
<element ref="saml:AuthnContextDeclRef"/>
</choice>
</sequence>
<choice>
<element ref="saml:AuthnContextDecl"/>
<element ref="saml:AuthnContextDeclRef"/>
</choice>
</choice>
<element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="AuthnContextClassRef" type="anyURI"/>
<element name="AuthnContextDeclRef" type="anyURI"/>
<element name="AuthnContextDecl" type="anyType"/>
<element name="AuthenticatingAuthority" type="anyURI"/>
<element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
<complexType name="AuthzDecisionStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
<attribute name="Decision" type="saml:DecisionType" use="required"/>
</extension>
</complexContent>
</complexType>
<simpleType name="DecisionType">
<restriction base="string">
<enumeration value="Permit"/>
<enumeration value="Deny"/>
<enumeration value="Indeterminate"/>
</restriction>
</simpleType>
<element name="Action" type="saml:ActionType"/>
<complexType name="ActionType">
<simpleContent>
<extension base="string">
<attribute name="Namespace" type="anyURI" use="required"/>
</extension>
</simpleContent>
</complexType>
<element name="Evidence" type="saml:EvidenceType"/>
<complexType name="EvidenceType">
<choice maxOccurs="unbounded">
<element ref="saml:AssertionIDRef"/>
<element ref="saml:AssertionURIRef"/>
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
</choice>
</complexType>
<element name="AttributeStatement" type="saml:AttributeStatementType"/>
<complexType name="AttributeStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<choice maxOccurs="unbounded">
<element ref="saml:Attribute"/>
<element ref="saml:EncryptedAttribute"/>
</choice>
</extension>
</complexContent>
</complexType>
<element name="Attribute" type="saml:AttributeType"/>
<complexType name="AttributeType">
<sequence>
<element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Name" type="string" use="required"/>
<attribute name="NameFormat" type="anyURI" use="optional"/>
<attribute name="FriendlyName" type="string" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="AttributeValue" type="anyType" nillable="true"/>
<element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
</schema>

23
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-2.0.xsd vendored Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:ac"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac"
blockDefault="substitution"
version="2.0">
<xs:annotation>
<xs:documentation>
Document identifier: saml-schema-authn-context-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New core authentication context schema for SAML V2.0.
This is just an include of all types from the schema
referred to in the include statement below.
</xs:documentation>
</xs:annotation>
<xs:include schemaLocation="saml-schema-authn-context-types-2.0.xsd"/>
</xs:schema>

821
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-authn-context-types-2.0.xsd vendored Normal file
View File

@ -0,0 +1,821 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"
version="2.0">
<xs:annotation>
<xs:documentation>
Document identifier: saml-schema-authn-context-types-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New core authentication context schema types for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:element name="AuthenticationContextDeclaration" type="AuthnContextDeclarationBaseType">
<xs:annotation>
<xs:documentation>
A particular assertion on an identity
provider's part with respect to the authentication
context associated with an authentication assertion.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Identification" type="IdentificationType">
<xs:annotation>
<xs:documentation>
Refers to those characteristics that describe the
processes and mechanisms
the Authentication Authority uses to initially create
an association between a Principal
and the identity (or name) by which the Principal will
be known
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PhysicalVerification">
<xs:annotation>
<xs:documentation>
This element indicates that identification has been
performed in a physical
face-to-face meeting with the principal and not in an
online manner.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="credentialLevel">
<xs:simpleType>
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="primary"/>
<xs:enumeration value="secondary"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="WrittenConsent" type="ExtensionOnlyType"/>
<xs:element name="TechnicalProtection" type="TechnicalProtectionBaseType">
<xs:annotation>
<xs:documentation>
Refers to those characterstics that describe how the
'secret' (the knowledge or possession
of which allows the Principal to authenticate to the
Authentication Authority) is kept secure
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SecretKeyProtection" type="SecretKeyProtectionType">
<xs:annotation>
<xs:documentation>
This element indicates the types and strengths of
facilities
of a UA used to protect a shared secret key from
unauthorized access and/or use.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType">
<xs:annotation>
<xs:documentation>
This element indicates the types and strengths of
facilities
of a UA used to protect a private key from
unauthorized access and/or use.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="KeyActivation" type="KeyActivationType">
<xs:annotation>
<xs:documentation>The actions that must be performed
before the private key can be used. </xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="KeySharing" type="KeySharingType">
<xs:annotation>
<xs:documentation>Whether or not the private key is shared
with the certificate authority.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="KeyStorage" type="KeyStorageType">
<xs:annotation>
<xs:documentation>
In which medium is the key stored.
memory - the key is stored in memory.
smartcard - the key is stored in a smartcard.
token - the key is stored in a hardware token.
MobileDevice - the key is stored in a mobile device.
MobileAuthCard - the key is stored in a mobile
authentication card.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SubscriberLineNumber" type="ExtensionOnlyType"/>
<xs:element name="UserSuffix" type="ExtensionOnlyType"/>
<xs:element name="Password" type="PasswordType">
<xs:annotation>
<xs:documentation>
This element indicates that a password (or passphrase)
has been used to
authenticate the Principal to a remote system.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationPin" type="ActivationPinType">
<xs:annotation>
<xs:documentation>
This element indicates that a Pin (Personal
Identification Number) has been used to authenticate the Principal to
some local system in order to activate a key.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Token" type="TokenType">
<xs:annotation>
<xs:documentation>
This element indicates that a hardware or software
token is used
as a method of identifying the Principal.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="TimeSyncToken" type="TimeSyncTokenType">
<xs:annotation>
<xs:documentation>
This element indicates that a time synchronization
token is used to identify the Principal. hardware -
the time synchonization
token has been implemented in hardware. software - the
time synchronization
token has been implemented in software. SeedLength -
the length, in bits, of the
random seed used in the time synchronization token.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Smartcard" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that a smartcard is used to
identity the Principal.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Length" type="LengthType">
<xs:annotation>
<xs:documentation>
This element indicates the minimum and/or maximum
ASCII length of the password which is enforced (by the UA or the
IdP). In other words, this is the minimum and/or maximum number of
ASCII characters required to represent a valid password.
min - the minimum number of ASCII characters required
in a valid password, as enforced by the UA or the IdP.
max - the maximum number of ASCII characters required
in a valid password, as enforced by the UA or the IdP.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationLimit" type="ActivationLimitType">
<xs:annotation>
<xs:documentation>
This element indicates the length of time for which an
PIN-based authentication is valid.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Generation">
<xs:annotation>
<xs:documentation>
Indicates whether the password was chosen by the
Principal or auto-supplied by the Authentication Authority.
principalchosen - the Principal is allowed to choose
the value of the password. This is true even if
the initial password is chosen at random by the UA or
the IdP and the Principal is then free to change
the password.
automatic - the password is chosen by the UA or the
IdP to be cryptographically strong in some sense,
or to satisfy certain password rules, and that the
Principal is not free to change it or to choose a new password.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="mechanism" use="required">
<xs:simpleType>
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="principalchosen"/>
<xs:enumeration value="automatic"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="AuthnMethod" type="AuthnMethodBaseType">
<xs:annotation>
<xs:documentation>
Refers to those characteristics that define the
mechanisms by which the Principal authenticates to the Authentication
Authority.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType">
<xs:annotation>
<xs:documentation>
The method that a Principal employs to perform
authentication to local system components.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Authenticator" type="AuthenticatorBaseType">
<xs:annotation>
<xs:documentation>
The method applied to validate a principal's
authentication across a network
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ComplexAuthenticator" type="ComplexAuthenticatorType">
<xs:annotation>
<xs:documentation>
Supports Authenticators with nested combinations of
additional complexity.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PreviousSession" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
Indicates that the Principal has been strongly
authenticated in a previous session during which the IdP has set a
cookie in the UA. During the present session the Principal has only
been authenticated by the UA returning the cookie to the IdP.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ResumeSession" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
Rather like PreviousSession but using stronger
security. A secret that was established in a previous session with
the Authentication Authority has been cached by the local system and
is now re-used (e.g. a Master Secret is used to derive new session
keys in TLS, SSL, WTLS).
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ZeroKnowledge" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Principal has been
authenticated by a zero knowledge technique as specified in ISO/IEC
9798-5.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SharedSecretChallengeResponse" type="SharedSecretChallengeResponseType"/>
<xs:complexType name="SharedSecretChallengeResponseType">
<xs:annotation>
<xs:documentation>
This element indicates that the Principal has been
authenticated by a challenge-response protocol utilizing shared secret
keys and symmetric cryptography.
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="method" type="xs:anyURI" use="optional"/>
</xs:complexType>
<xs:element name="DigSig" type="PublicKeyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Principal has been
authenticated by a mechanism which involves the Principal computing a
digital signature over at least challenge data provided by the IdP.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="AsymmetricDecryption" type="PublicKeyType">
<xs:annotation>
<xs:documentation>
The local system has a private key but it is used
in decryption mode, rather than signature mode. For example, the
Authentication Authority generates a secret and encrypts it using the
local system's public key: the local system then proves it has
decrypted the secret.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="AsymmetricKeyAgreement" type="PublicKeyType">
<xs:annotation>
<xs:documentation>
The local system has a private key and uses it for
shared secret key agreement with the Authentication Authority (e.g.
via Diffie Helman).
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:complexType name="PublicKeyType">
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="keyValidation" use="optional"/>
</xs:complexType>
<xs:element name="IPAddress" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Principal has been
authenticated through connection from a particular IP address.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SharedSecretDynamicPlaintext" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
The local system and Authentication Authority
share a secret key. The local system uses this to encrypt a
randomised string to pass to the Authentication Authority.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="AuthenticatorTransportProtocol" type="AuthenticatorTransportProtocolType">
<xs:annotation>
<xs:documentation>
The protocol across which Authenticator information is
transferred to an Authentication Authority verifier.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="HTTP" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted using bare HTTP utilizing no additional security
protocols.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="IPSec" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted using a transport mechanism protected by an IPSEC session.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="WTLS" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted using a transport mechanism protected by a WTLS session.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="MobileNetworkNoEncryption" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted solely across a mobile network using no additional
security mechanism.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="MobileNetworkRadioEncryption" type="ExtensionOnlyType"/>
<xs:element name="MobileNetworkEndToEndEncryption" type="ExtensionOnlyType"/>
<xs:element name="SSL" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted using a transport mechnanism protected by an SSL or TLS
session.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PSTN" type="ExtensionOnlyType"/>
<xs:element name="ISDN" type="ExtensionOnlyType"/>
<xs:element name="ADSL" type="ExtensionOnlyType"/>
<xs:element name="OperationalProtection" type="OperationalProtectionType">
<xs:annotation>
<xs:documentation>
Refers to those characteristics that describe
procedural security controls employed by the Authentication Authority.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SecurityAudit" type="SecurityAuditType"/>
<xs:element name="SwitchAudit" type="ExtensionOnlyType"/>
<xs:element name="DeactivationCallCenter" type="ExtensionOnlyType"/>
<xs:element name="GoverningAgreements" type="GoverningAgreementsType">
<xs:annotation>
<xs:documentation>
Provides a mechanism for linking to external (likely
human readable) documents in which additional business agreements,
(e.g. liability constraints, obligations, etc) can be placed.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="GoverningAgreementRef" type="GoverningAgreementRefType"/>
<xs:simpleType name="nymType">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="anonymity"/>
<xs:enumeration value="verinymity"/>
<xs:enumeration value="pseudonymity"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod" minOccurs="0"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:complexType>
<xs:complexType name="IdentificationType">
<xs:sequence>
<xs:element ref="PhysicalVerification" minOccurs="0"/>
<xs:element ref="WrittenConsent" minOccurs="0"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="nym" type="nymType">
<xs:annotation>
<xs:documentation>
This attribute indicates whether or not the
Identification mechanisms allow the actions of the Principal to be
linked to an actual end user.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:complexType name="TechnicalProtectionBaseType">
<xs:sequence>
<xs:choice minOccurs="0">
<xs:element ref="PrivateKeyProtection"/>
<xs:element ref="SecretKeyProtection"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="OperationalProtectionType">
<xs:sequence>
<xs:element ref="SecurityAudit" minOccurs="0"/>
<xs:element ref="DeactivationCallCenter" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator" minOccurs="0"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="GoverningAgreementsType">
<xs:sequence>
<xs:element ref="GoverningAgreementRef" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="GoverningAgreementRefType">
<xs:attribute name="governingAgreementRef" type="xs:anyURI" use="required"/>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="Password" minOccurs="0"/>
<xs:element ref="RestrictedPassword" minOccurs="0"/>
<xs:element ref="Token" minOccurs="0"/>
<xs:element ref="Smartcard" minOccurs="0"/>
<xs:element ref="ActivationPin" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
</xs:complexType>
<xs:group name="AuthenticatorChoiceGroup">
<xs:choice>
<xs:element ref="PreviousSession"/>
<xs:element ref="ResumeSession"/>
<xs:element ref="DigSig"/>
<xs:element ref="Password"/>
<xs:element ref="RestrictedPassword"/>
<xs:element ref="ZeroKnowledge"/>
<xs:element ref="SharedSecretChallengeResponse"/>
<xs:element ref="SharedSecretDynamicPlaintext"/>
<xs:element ref="IPAddress"/>
<xs:element ref="AsymmetricDecryption"/>
<xs:element ref="AsymmetricKeyAgreement"/>
<xs:element ref="SubscriberLineNumber"/>
<xs:element ref="UserSuffix"/>
<xs:element ref="ComplexAuthenticator"/>
</xs:choice>
</xs:group>
<xs:group name="AuthenticatorSequenceGroup">
<xs:sequence>
<xs:element ref="PreviousSession" minOccurs="0"/>
<xs:element ref="ResumeSession" minOccurs="0"/>
<xs:element ref="DigSig" minOccurs="0"/>
<xs:element ref="Password" minOccurs="0"/>
<xs:element ref="RestrictedPassword" minOccurs="0"/>
<xs:element ref="ZeroKnowledge" minOccurs="0"/>
<xs:element ref="SharedSecretChallengeResponse" minOccurs="0"/>
<xs:element ref="SharedSecretDynamicPlaintext" minOccurs="0"/>
<xs:element ref="IPAddress" minOccurs="0"/>
<xs:element ref="AsymmetricDecryption" minOccurs="0"/>
<xs:element ref="AsymmetricKeyAgreement" minOccurs="0"/>
<xs:element ref="SubscriberLineNumber" minOccurs="0"/>
<xs:element ref="UserSuffix" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:group>
<xs:complexType name="AuthenticatorBaseType">
<xs:sequence>
<xs:group ref="AuthenticatorChoiceGroup"/>
<xs:group ref="AuthenticatorSequenceGroup"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ComplexAuthenticatorType">
<xs:sequence>
<xs:group ref="AuthenticatorChoiceGroup"/>
<xs:group ref="AuthenticatorSequenceGroup"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice minOccurs="0">
<xs:element ref="HTTP"/>
<xs:element ref="SSL"/>
<xs:element ref="MobileNetworkNoEncryption"/>
<xs:element ref="MobileNetworkRadioEncryption"/>
<xs:element ref="MobileNetworkEndToEndEncryption"/>
<xs:element ref="WTLS"/>
<xs:element ref="IPSec"/>
<xs:element ref="PSTN"/>
<xs:element ref="ISDN"/>
<xs:element ref="ADSL"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="KeyActivationType">
<xs:sequence>
<xs:element ref="ActivationPin" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="KeySharingType">
<xs:attribute name="sharing" type="xs:boolean" use="required"/>
</xs:complexType>
<xs:complexType name="PrivateKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation" minOccurs="0"/>
<xs:element ref="KeyStorage" minOccurs="0"/>
<xs:element ref="KeySharing" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="PasswordType">
<xs:sequence>
<xs:element ref="Length" minOccurs="0"/>
<xs:element ref="Alphabet" minOccurs="0"/>
<xs:element ref="Generation" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
</xs:complexType>
<xs:element name="RestrictedPassword" type="RestrictedPasswordType"/>
<xs:complexType name="RestrictedPasswordType">
<xs:complexContent>
<xs:restriction base="PasswordType">
<xs:sequence>
<xs:element name="Length" type="RestrictedLengthType" minOccurs="1"/>
<xs:element ref="Generation" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="RestrictedLengthType">
<xs:complexContent>
<xs:restriction base="LengthType">
<xs:attribute name="min" use="required">
<xs:simpleType>
<xs:restriction base="xs:integer">
<xs:minInclusive value="3"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="max" type="xs:integer" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="ActivationPinType">
<xs:sequence>
<xs:element ref="Length" minOccurs="0"/>
<xs:element ref="Alphabet" minOccurs="0"/>
<xs:element ref="Generation" minOccurs="0"/>
<xs:element ref="ActivationLimit" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:element name="Alphabet" type="AlphabetType"/>
<xs:complexType name="AlphabetType">
<xs:attribute name="requiredChars" type="xs:string" use="required"/>
<xs:attribute name="excludedChars" type="xs:string" use="optional"/>
<xs:attribute name="case" type="xs:string" use="optional"/>
</xs:complexType>
<xs:complexType name="TokenType">
<xs:sequence>
<xs:element ref="TimeSyncToken"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="DeviceTypeType">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="hardware"/>
<xs:enumeration value="software"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="booleanType">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="true"/>
<xs:enumeration value="false"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="TimeSyncTokenType">
<xs:attribute name="DeviceType" type="DeviceTypeType" use="required"/>
<xs:attribute name="SeedLength" type="xs:integer" use="required"/>
<xs:attribute name="DeviceInHand" type="booleanType" use="required"/>
</xs:complexType>
<xs:complexType name="ActivationLimitType">
<xs:choice>
<xs:element ref="ActivationLimitDuration"/>
<xs:element ref="ActivationLimitUsages"/>
<xs:element ref="ActivationLimitSession"/>
</xs:choice>
</xs:complexType>
<xs:element name="ActivationLimitDuration" type="ActivationLimitDurationType">
<xs:annotation>
<xs:documentation>
This element indicates that the Key Activation Limit is
defined as a specific duration of time.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationLimitUsages" type="ActivationLimitUsagesType">
<xs:annotation>
<xs:documentation>
This element indicates that the Key Activation Limit is
defined as a number of usages.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationLimitSession" type="ActivationLimitSessionType">
<xs:annotation>
<xs:documentation>
This element indicates that the Key Activation Limit is
the session.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:complexType name="ActivationLimitDurationType">
<xs:attribute name="duration" type="xs:duration" use="required"/>
</xs:complexType>
<xs:complexType name="ActivationLimitUsagesType">
<xs:attribute name="number" type="xs:integer" use="required"/>
</xs:complexType>
<xs:complexType name="ActivationLimitSessionType"/>
<xs:complexType name="LengthType">
<xs:attribute name="min" type="xs:integer" use="required"/>
<xs:attribute name="max" type="xs:integer" use="optional"/>
</xs:complexType>
<xs:simpleType name="mediumType">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="memory"/>
<xs:enumeration value="smartcard"/>
<xs:enumeration value="token"/>
<xs:enumeration value="MobileDevice"/>
<xs:enumeration value="MobileAuthCard"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="KeyStorageType">
<xs:attribute name="medium" type="mediumType" use="required"/>
</xs:complexType>
<xs:complexType name="SecretKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation" minOccurs="0"/>
<xs:element ref="KeyStorage" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="SecurityAuditType">
<xs:sequence>
<xs:element ref="SwitchAudit" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ExtensionOnlyType">
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:element name="Extension" type="ExtensionType"/>
<xs:complexType name="ExtensionType">
<xs:sequence>
<xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:schema>

336
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-metadata-2.0.xsd vendored Normal file
View File

@ -0,0 +1,336 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
schemaLocation="xenc-schema.xsd"/>
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="saml-schema-assertion-2.0.xsd"/>
<import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="xml.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-metadata-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
Schema for SAML metadata, first published in SAML 2.0.
</documentation>
</annotation>
<simpleType name="entityIDType">
<restriction base="anyURI">
<maxLength value="1024"/>
</restriction>
</simpleType>
<complexType name="localizedNameType">
<simpleContent>
<extension base="string">
<attribute ref="xml:lang" use="required"/>
</extension>
</simpleContent>
</complexType>
<complexType name="localizedURIType">
<simpleContent>
<extension base="anyURI">
<attribute ref="xml:lang" use="required"/>
</extension>
</simpleContent>
</complexType>
<element name="Extensions" type="md:ExtensionsType"/>
<complexType final="#all" name="ExtensionsType">
<sequence>
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="EndpointType">
<sequence>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Binding" type="anyURI" use="required"/>
<attribute name="Location" type="anyURI" use="required"/>
<attribute name="ResponseLocation" type="anyURI" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<complexType name="IndexedEndpointType">
<complexContent>
<extension base="md:EndpointType">
<attribute name="index" type="unsignedShort" use="required"/>
<attribute name="isDefault" type="boolean" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
<complexType name="EntitiesDescriptorType">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="md:Extensions" minOccurs="0"/>
<choice minOccurs="1" maxOccurs="unbounded">
<element ref="md:EntityDescriptor"/>
<element ref="md:EntitiesDescriptor"/>
</choice>
</sequence>
<attribute name="validUntil" type="dateTime" use="optional"/>
<attribute name="cacheDuration" type="duration" use="optional"/>
<attribute name="ID" type="ID" use="optional"/>
<attribute name="Name" type="string" use="optional"/>
</complexType>
<element name="EntityDescriptor" type="md:EntityDescriptorType"/>
<complexType name="EntityDescriptorType">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="md:Extensions" minOccurs="0"/>
<choice>
<choice maxOccurs="unbounded">
<element ref="md:RoleDescriptor"/>
<element ref="md:IDPSSODescriptor"/>
<element ref="md:SPSSODescriptor"/>
<element ref="md:AuthnAuthorityDescriptor"/>
<element ref="md:AttributeAuthorityDescriptor"/>
<element ref="md:PDPDescriptor"/>
</choice>
<element ref="md:AffiliationDescriptor"/>
</choice>
<element ref="md:Organization" minOccurs="0"/>
<element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="entityID" type="md:entityIDType" use="required"/>
<attribute name="validUntil" type="dateTime" use="optional"/>
<attribute name="cacheDuration" type="duration" use="optional"/>
<attribute name="ID" type="ID" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="Organization" type="md:OrganizationType"/>
<complexType name="OrganizationType">
<sequence>
<element ref="md:Extensions" minOccurs="0"/>
<element ref="md:OrganizationName" maxOccurs="unbounded"/>
<element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
<element ref="md:OrganizationURL" maxOccurs="unbounded"/>
</sequence>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="OrganizationName" type="md:localizedNameType"/>
<element name="OrganizationDisplayName" type="md:localizedNameType"/>
<element name="OrganizationURL" type="md:localizedURIType"/>
<element name="ContactPerson" type="md:ContactType"/>
<complexType name="ContactType">
<sequence>
<element ref="md:Extensions" minOccurs="0"/>
<element ref="md:Company" minOccurs="0"/>
<element ref="md:GivenName" minOccurs="0"/>
<element ref="md:SurName" minOccurs="0"/>
<element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="contactType" type="md:ContactTypeType" use="required"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="Company" type="string"/>
<element name="GivenName" type="string"/>
<element name="SurName" type="string"/>
<element name="EmailAddress" type="anyURI"/>
<element name="TelephoneNumber" type="string"/>
<simpleType name="ContactTypeType">
<restriction base="string">
<enumeration value="technical"/>
<enumeration value="support"/>
<enumeration value="administrative"/>
<enumeration value="billing"/>
<enumeration value="other"/>
</restriction>
</simpleType>
<element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
<complexType name="AdditionalMetadataLocationType">
<simpleContent>
<extension base="anyURI">
<attribute name="namespace" type="anyURI" use="required"/>
</extension>
</simpleContent>
</complexType>
<element name="RoleDescriptor" type="md:RoleDescriptorType"/>
<complexType name="RoleDescriptorType" abstract="true">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="md:Extensions" minOccurs="0"/>
<element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:Organization" minOccurs="0"/>
<element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="ID" type="ID" use="optional"/>
<attribute name="validUntil" type="dateTime" use="optional"/>
<attribute name="cacheDuration" type="duration" use="optional"/>
<attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
<attribute name="errorURL" type="anyURI" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<simpleType name="anyURIListType">
<list itemType="anyURI"/>
</simpleType>
<element name="KeyDescriptor" type="md:KeyDescriptorType"/>
<complexType name="KeyDescriptorType">
<sequence>
<element ref="ds:KeyInfo"/>
<element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="use" type="md:KeyTypes" use="optional"/>
</complexType>
<simpleType name="KeyTypes">
<restriction base="string">
<enumeration value="encryption"/>
<enumeration value="signing"/>
</restriction>
</simpleType>
<element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
<complexType name="SSODescriptorType" abstract="true">
<complexContent>
<extension base="md:RoleDescriptorType">
<sequence>
<element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
<element name="SingleLogoutService" type="md:EndpointType"/>
<element name="ManageNameIDService" type="md:EndpointType"/>
<element name="NameIDFormat" type="anyURI"/>
<element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
<complexType name="IDPSSODescriptorType">
<complexContent>
<extension base="md:SSODescriptorType">
<sequence>
<element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
<element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="SingleSignOnService" type="md:EndpointType"/>
<element name="NameIDMappingService" type="md:EndpointType"/>
<element name="AssertionIDRequestService" type="md:EndpointType"/>
<element name="AttributeProfile" type="anyURI"/>
<element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
<complexType name="SPSSODescriptorType">
<complexContent>
<extension base="md:SSODescriptorType">
<sequence>
<element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
<element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
<attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
<element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
<complexType name="AttributeConsumingServiceType">
<sequence>
<element ref="md:ServiceName" maxOccurs="unbounded"/>
<element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
</sequence>
<attribute name="index" type="unsignedShort" use="required"/>
<attribute name="isDefault" type="boolean" use="optional"/>
</complexType>
<element name="ServiceName" type="md:localizedNameType"/>
<element name="ServiceDescription" type="md:localizedNameType"/>
<element name="RequestedAttribute" type="md:RequestedAttributeType"/>
<complexType name="RequestedAttributeType">
<complexContent>
<extension base="saml:AttributeType">
<attribute name="isRequired" type="boolean" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
<complexType name="AuthnAuthorityDescriptorType">
<complexContent>
<extension base="md:RoleDescriptorType">
<sequence>
<element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthnQueryService" type="md:EndpointType"/>
<element name="PDPDescriptor" type="md:PDPDescriptorType"/>
<complexType name="PDPDescriptorType">
<complexContent>
<extension base="md:RoleDescriptorType">
<sequence>
<element ref="md:AuthzService" maxOccurs="unbounded"/>
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthzService" type="md:EndpointType"/>
<element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
<complexType name="AttributeAuthorityDescriptorType">
<complexContent>
<extension base="md:RoleDescriptorType">
<sequence>
<element ref="md:AttributeService" maxOccurs="unbounded"/>
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AttributeService" type="md:EndpointType"/>
<element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
<complexType name="AffiliationDescriptorType">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="md:Extensions" minOccurs="0"/>
<element ref="md:AffiliateMember" maxOccurs="unbounded"/>
</sequence>
<attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
<attribute name="validUntil" type="dateTime" use="optional"/>
<attribute name="cacheDuration" type="duration" use="optional"/>
<attribute name="ID" type="ID" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="AffiliateMember" type="md:entityIDType"/>
</schema>

302
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/saml-schema-protocol-2.0.xsd vendored Normal file
View File

@ -0,0 +1,302 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="saml-schema-assertion-2.0.xsd"/>
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="xmldsig-core-schema.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-protocol-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V1.0 (November, 2002):
Initial Standard Schema.
V1.1 (September, 2003):
Updates within the same V1.0 namespace.
V2.0 (March, 2005):
New protocol schema based in a SAML V2.0 namespace.
</documentation>
</annotation>
<complexType name="RequestAbstractType" abstract="true">
<sequence>
<element ref="saml:Issuer" minOccurs="0"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="samlp:Extensions" minOccurs="0"/>
</sequence>
<attribute name="ID" type="ID" use="required"/>
<attribute name="Version" type="string" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
<attribute name="Destination" type="anyURI" use="optional"/>
<attribute name="Consent" type="anyURI" use="optional"/>
</complexType>
<element name="Extensions" type="samlp:ExtensionsType"/>
<complexType name="ExtensionsType">
<sequence>
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="StatusResponseType">
<sequence>
<element ref="saml:Issuer" minOccurs="0"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="samlp:Extensions" minOccurs="0"/>
<element ref="samlp:Status"/>
</sequence>
<attribute name="ID" type="ID" use="required"/>
<attribute name="InResponseTo" type="NCName" use="optional"/>
<attribute name="Version" type="string" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
<attribute name="Destination" type="anyURI" use="optional"/>
<attribute name="Consent" type="anyURI" use="optional"/>
</complexType>
<element name="Status" type="samlp:StatusType"/>
<complexType name="StatusType">
<sequence>
<element ref="samlp:StatusCode"/>
<element ref="samlp:StatusMessage" minOccurs="0"/>
<element ref="samlp:StatusDetail" minOccurs="0"/>
</sequence>
</complexType>
<element name="StatusCode" type="samlp:StatusCodeType"/>
<complexType name="StatusCodeType">
<sequence>
<element ref="samlp:StatusCode" minOccurs="0"/>
</sequence>
<attribute name="Value" type="anyURI" use="required"/>
</complexType>
<element name="StatusMessage" type="string"/>
<element name="StatusDetail" type="samlp:StatusDetailType"/>
<complexType name="StatusDetailType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
<complexType name="AssertionIDRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
<complexType name="SubjectQueryAbstractType" abstract="true">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="saml:Subject"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthnQuery" type="samlp:AuthnQueryType"/>
<complexType name="AuthnQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
</sequence>
<attribute name="SessionIndex" type="string" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
<complexType name="RequestedAuthnContextType">
<choice>
<element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
<element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
</choice>
<attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
</complexType>
<simpleType name="AuthnContextComparisonType">
<restriction base="string">
<enumeration value="exact"/>
<enumeration value="minimum"/>
<enumeration value="maximum"/>
<enumeration value="better"/>
</restriction>
</simpleType>
<element name="AttributeQuery" type="samlp:AttributeQueryType"/>
<complexType name="AttributeQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
<complexType name="AuthzDecisionQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
</extension>
</complexContent>
</complexType>
<element name="AuthnRequest" type="samlp:AuthnRequestType"/>
<complexType name="AuthnRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="saml:Subject" minOccurs="0"/>
<element ref="samlp:NameIDPolicy" minOccurs="0"/>
<element ref="saml:Conditions" minOccurs="0"/>
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
<element ref="samlp:Scoping" minOccurs="0"/>
</sequence>
<attribute name="ForceAuthn" type="boolean" use="optional"/>
<attribute name="IsPassive" type="boolean" use="optional"/>
<attribute name="ProtocolBinding" type="anyURI" use="optional"/>
<attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
<attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
<attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
<attribute name="ProviderName" type="string" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
<complexType name="NameIDPolicyType">
<attribute name="Format" type="anyURI" use="optional"/>
<attribute name="SPNameQualifier" type="string" use="optional"/>
<attribute name="AllowCreate" type="boolean" use="optional"/>
</complexType>
<element name="Scoping" type="samlp:ScopingType"/>
<complexType name="ScopingType">
<sequence>
<element ref="samlp:IDPList" minOccurs="0"/>
<element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
</complexType>
<element name="RequesterID" type="anyURI"/>
<element name="IDPList" type="samlp:IDPListType"/>
<complexType name="IDPListType">
<sequence>
<element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
<element ref="samlp:GetComplete" minOccurs="0"/>
</sequence>
</complexType>
<element name="IDPEntry" type="samlp:IDPEntryType"/>
<complexType name="IDPEntryType">
<attribute name="ProviderID" type="anyURI" use="required"/>
<attribute name="Name" type="string" use="optional"/>
<attribute name="Loc" type="anyURI" use="optional"/>
</complexType>
<element name="GetComplete" type="anyURI"/>
<element name="Response" type="samlp:ResponseType"/>
<complexType name="ResponseType">
<complexContent>
<extension base="samlp:StatusResponseType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
</choice>
</extension>
</complexContent>
</complexType>
<element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
<complexType name="ArtifactResolveType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="samlp:Artifact"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Artifact" type="string"/>
<element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
<complexType name="ArtifactResponseType">
<complexContent>
<extension base="samlp:StatusResponseType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
<complexType name="ManageNameIDRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<choice>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<choice>
<element ref="samlp:NewID"/>
<element ref="samlp:NewEncryptedID"/>
<element ref="samlp:Terminate"/>
</choice>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="NewID" type="string"/>
<element name="NewEncryptedID" type="saml:EncryptedElementType"/>
<element name="Terminate" type="samlp:TerminateType"/>
<complexType name="TerminateType"/>
<element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
<element name="LogoutRequest" type="samlp:LogoutRequestType"/>
<complexType name="LogoutRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Reason" type="string" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="SessionIndex" type="string"/>
<element name="LogoutResponse" type="samlp:StatusResponseType"/>
<element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
<complexType name="NameIDMappingRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="samlp:NameIDPolicy"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
<complexType name="NameIDMappingResponseType">
<complexContent>
<extension base="samlp:StatusResponseType">
<choice>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
</extension>
</complexContent>
</complexType>
</schema>

35
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-metadata-attr.xsd vendored Normal file
View File

@ -0,0 +1,35 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<annotation>
<documentation>
Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema
Document identifier: sstc-metadata-attr.xsd
Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
Revision history:
V1.0 (November 2008):
Initial version.
</documentation>
</annotation>
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="saml-schema-assertion-2.0.xsd"/>
<element name="EntityAttributes" type="mdattr:EntityAttributesType"/>
<complexType name="EntityAttributesType">
<choice maxOccurs="unbounded">
<element ref="saml:Attribute"/>
<element ref="saml:Assertion"/>
</choice>
</complexType>
</schema>

25
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-attribute-ext.xsd vendored Normal file
View File

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:attribute:ext"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<annotation>
<documentation>
Document title: SAML V2.0 Attribute Extension Schema
Document identifier: sstc-saml-attribute-ext.xsd
Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
Revision history:
V1.0 (October 2008):
Initial version.
</documentation>
</annotation>
<attribute name="OriginalIssuer" type="anyURI"/>
<attribute name="LastModified" type="dateTime"/>
</schema>

41
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-algsupport-v1.0.xsd vendored Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:metadata:algsupport"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="1.0">
<annotation>
<documentation>
Document title: Metadata Extension Schema for SAML V2.0 Metadata Profile for Algorithm Support Version 1.0
Document identifier: sstc-saml-metadata-algsupport.xsd
Location: http://docs.oasis-open.org/security/saml/Post2.0/
Revision history:
V1.0 (June 2010):
Initial version.
</documentation>
</annotation>
<element name="DigestMethod" type="alg:DigestMethodType"/>
<complexType name="DigestMethodType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<element name="SigningMethod" type="alg:SigningMethodType"/>
<complexType name="SigningMethodType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
<attribute name="MinKeySize" type="positiveInteger"/>
<attribute name="MaxKeySize" type="positiveInteger"/>
</complexType>
</schema>

89
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/sstc-saml-metadata-ui-v1.0.xsd vendored Normal file
View File

@ -0,0 +1,89 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:metadata:ui"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="1.0">
<annotation>
<documentation>
Document title: Metadata Extension Schema for SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0
Document identifier: sstc-saml-metadata-ui-v1.0.xsd
Location: http://docs.oasis-open.org/security/saml/Post2.0/
Revision history:
16 November 2010:
Added Keywords element/type.
01 November 2010
Changed filename.
September 2010:
Initial version.
</documentation>
</annotation>
<import namespace="urn:oasis:names:tc:SAML:2.0:metadata"
schemaLocation="saml-schema-metadata-2.0.xsd"/>
<import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="xml.xsd"/>
<element name="UIInfo" type="mdui:UIInfoType" />
<complexType name="UIInfoType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="mdui:DisplayName"/>
<element ref="mdui:Description"/>
<element ref="mdui:Keywords"/>
<element ref="mdui:Logo"/>
<element ref="mdui:InformationURL"/>
<element ref="mdui:PrivacyStatementURL"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="DisplayName" type="md:localizedNameType"/>
<element name="Description" type="md:localizedNameType"/>
<element name="InformationURL" type="md:localizedURIType"/>
<element name="PrivacyStatementURL" type="md:localizedURIType"/>
<element name="Keywords" type="mdui:KeywordsType"/>
<complexType name="KeywordsType">
<simpleContent>
<extension base="mdui:listOfStrings">
<attribute ref="xml:lang" use="required"/>
</extension>
</simpleContent>
</complexType>
<simpleType name="listOfStrings">
<list itemType="string"/>
</simpleType>
<element name="Logo" type="mdui:LogoType"/>
<complexType name="LogoType">
<simpleContent>
<extension base="anyURI">
<attribute name="height" type="positiveInteger" use="required"/>
<attribute name="width" type="positiveInteger" use="required"/>
<attribute ref="xml:lang"/>
</extension>
</simpleContent>
</complexType>
<element name="DiscoHints" type="mdui:DiscoHintsType"/>
<complexType name="DiscoHintsType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="mdui:IPHint"/>
<element ref="mdui:DomainHint"/>
<element ref="mdui:GeolocationHint"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="IPHint" type="string"/>
<element name="DomainHint" type="string"/>
<element name="GeolocationHint" type="anyURI"/>
</schema>

136
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xenc-schema.xsd vendored Normal file
View File

@ -0,0 +1,136 @@
<?xml version="1.0" encoding="utf-8"?>
<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
targetNamespace='http://www.w3.org/2001/04/xmlenc#'
elementFormDefault='qualified'>
<import namespace='http://www.w3.org/2000/09/xmldsig#'
schemaLocation='xmldsig-core-schema.xsd'/>
<complexType name='EncryptedType' abstract='true'>
<sequence>
<element name='EncryptionMethod' type='xenc:EncryptionMethodType'
minOccurs='0'/>
<element ref='ds:KeyInfo' minOccurs='0'/>
<element ref='xenc:CipherData'/>
<element ref='xenc:EncryptionProperties' minOccurs='0'/>
</sequence>
<attribute name='Id' type='ID' use='optional'/>
<attribute name='Type' type='anyURI' use='optional'/>
<attribute name='MimeType' type='string' use='optional'/>
<attribute name='Encoding' type='anyURI' use='optional'/>
</complexType>
<complexType name='EncryptionMethodType' mixed='true'>
<sequence>
<element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
<element name='OAEPparams' minOccurs='0' type='base64Binary'/>
<any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
</sequence>
<attribute name='Algorithm' type='anyURI' use='required'/>
</complexType>
<simpleType name='KeySizeType'>
<restriction base="integer"/>
</simpleType>
<element name='CipherData' type='xenc:CipherDataType'/>
<complexType name='CipherDataType'>
<choice>
<element name='CipherValue' type='base64Binary'/>
<element ref='xenc:CipherReference'/>
</choice>
</complexType>
<element name='CipherReference' type='xenc:CipherReferenceType'/>
<complexType name='CipherReferenceType'>
<choice>
<element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
</choice>
<attribute name='URI' type='anyURI' use='required'/>
</complexType>
<complexType name='TransformsType'>
<sequence>
<element ref='ds:Transform' maxOccurs='unbounded'/>
</sequence>
</complexType>
<element name='EncryptedData' type='xenc:EncryptedDataType'/>
<complexType name='EncryptedDataType'>
<complexContent>
<extension base='xenc:EncryptedType'>
</extension>
</complexContent>
</complexType>
<!-- Children of ds:KeyInfo -->
<element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
<complexType name='EncryptedKeyType'>
<complexContent>
<extension base='xenc:EncryptedType'>
<sequence>
<element ref='xenc:ReferenceList' minOccurs='0'/>
<element name='CarriedKeyName' type='string' minOccurs='0'/>
</sequence>
<attribute name='Recipient' type='string'
use='optional'/>
</extension>
</complexContent>
</complexType>
<element name="AgreementMethod" type="xenc:AgreementMethodType"/>
<complexType name="AgreementMethodType" mixed="true">
<sequence>
<element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
<!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
<any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
<element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
<element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<!-- End Children of ds:KeyInfo -->
<element name='ReferenceList'>
<complexType>
<choice minOccurs='1' maxOccurs='unbounded'>
<element name='DataReference' type='xenc:ReferenceType'/>
<element name='KeyReference' type='xenc:ReferenceType'/>
</choice>
</complexType>
</element>
<complexType name='ReferenceType'>
<sequence>
<any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
</sequence>
<attribute name='URI' type='anyURI' use='required'/>
</complexType>
<element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
<complexType name='EncryptionPropertiesType'>
<sequence>
<element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
</sequence>
<attribute name='Id' type='ID' use='optional'/>
</complexType>
<element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
<complexType name='EncryptionPropertyType' mixed='true'>
<choice maxOccurs='unbounded'>
<any namespace='##other' processContents='lax'/>
</choice>
<attribute name='Target' type='anyURI' use='optional'/>
<attribute name='Id' type='ID' use='optional'/>
<anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
</complexType>
</schema>

287
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xml.xsd vendored Normal file
View File

@ -0,0 +1,287 @@
<?xml version='1.0'?>
<?xml-stylesheet href="../2008/09/xsd.xsl" type="text/xsl"?>
<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns ="http://www.w3.org/1999/xhtml"
xml:lang="en">
<xs:annotation>
<xs:documentation>
<div>
<h1>About the XML namespace</h1>
<div class="bodytext">
<p>
This schema document describes the XML namespace, in a form
suitable for import by other schema documents.
</p>
<p>
See <a href="http://www.w3.org/XML/1998/namespace.html">
http://www.w3.org/XML/1998/namespace.html</a> and
<a href="http://www.w3.org/TR/REC-xml">
http://www.w3.org/TR/REC-xml</a> for information
about this namespace.
</p>
<p>
Note that local names in this namespace are intended to be
defined only by the World Wide Web Consortium or its subgroups.
The names currently defined in this namespace are listed below.
They should not be used with conflicting semantics by any Working
Group, specification, or document instance.
</p>
<p>
See further below in this document for more information about <a
href="#usage">how to refer to this schema document from your own
XSD schema documents</a> and about <a href="#nsversioning">the
namespace-versioning policy governing this schema document</a>.
</p>
</div>
</div>
</xs:documentation>
</xs:annotation>
<xs:attribute name="lang">
<xs:annotation>
<xs:documentation>
<div>
<h3>lang (as an attribute name)</h3>
<p>
denotes an attribute whose value
is a language code for the natural language of the content of
any element; its value is inherited. This name is reserved
by virtue of its definition in the XML specification.</p>
</div>
<div>
<h4>Notes</h4>
<p>
Attempting to install the relevant ISO 2- and 3-letter
codes as the enumerated possible values is probably never
going to be a realistic possibility.
</p>
<p>
See BCP 47 at <a href="http://www.rfc-editor.org/rfc/bcp/bcp47.txt">
http://www.rfc-editor.org/rfc/bcp/bcp47.txt</a>
and the IANA language subtag registry at
<a href="http://www.iana.org/assignments/language-subtag-registry">
http://www.iana.org/assignments/language-subtag-registry</a>
for further information.
</p>
<p>
The union allows for the 'un-declaration' of xml:lang with
the empty string.
</p>
</div>
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:union memberTypes="xs:language">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value=""/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="space">
<xs:annotation>
<xs:documentation>
<div>
<h3>space (as an attribute name)</h3>
<p>
denotes an attribute whose
value is a keyword indicating what whitespace processing
discipline is intended for the content of the element; its
value is inherited. This name is reserved by virtue of its
definition in the XML specification.</p>
</div>
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:NCName">
<xs:enumeration value="default"/>
<xs:enumeration value="preserve"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="base" type="xs:anyURI"> <xs:annotation>
<xs:documentation>
<div>
<h3>base (as an attribute name)</h3>
<p>
denotes an attribute whose value
provides a URI to be used as the base for interpreting any
relative URIs in the scope of the element on which it
appears; its value is inherited. This name is reserved
by virtue of its definition in the XML Base specification.</p>
<p>
See <a
href="http://www.w3.org/TR/xmlbase/">http://www.w3.org/TR/xmlbase/</a>
for information about this attribute.
</p>
</div>
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="id" type="xs:ID">
<xs:annotation>
<xs:documentation>
<div>
<h3>id (as an attribute name)</h3>
<p>
denotes an attribute whose value
should be interpreted as if declared to be of type ID.
This name is reserved by virtue of its definition in the
xml:id specification.</p>
<p>
See <a
href="http://www.w3.org/TR/xml-id/">http://www.w3.org/TR/xml-id/</a>
for information about this attribute.
</p>
</div>
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attributeGroup name="specialAttrs">
<xs:attribute ref="xml:base"/>
<xs:attribute ref="xml:lang"/>
<xs:attribute ref="xml:space"/>
<xs:attribute ref="xml:id"/>
</xs:attributeGroup>
<xs:annotation>
<xs:documentation>
<div>
<h3>Father (in any context at all)</h3>
<div class="bodytext">
<p>
denotes Jon Bosak, the chair of
the original XML Working Group. This name is reserved by
the following decision of the W3C XML Plenary and
XML Coordination groups:
</p>
<blockquote>
<p>
In appreciation for his vision, leadership and
dedication the W3C XML Plenary on this 10th day of
February, 2000, reserves for Jon Bosak in perpetuity
the XML name "xml:Father".
</p>
</blockquote>
</div>
</div>
</xs:documentation>
</xs:annotation>
<xs:annotation>
<xs:documentation>
<div xml:id="usage" id="usage">
<h2><a name="usage">About this schema document</a></h2>
<div class="bodytext">
<p>
This schema defines attributes and an attribute group suitable
for use by schemas wishing to allow <code>xml:base</code>,
<code>xml:lang</code>, <code>xml:space</code> or
<code>xml:id</code> attributes on elements they define.
</p>
<p>
To enable this, such a schema must import this schema for
the XML namespace, e.g. as follows:
</p>
<pre>
&lt;schema . . .>
. . .
&lt;import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="http://www.w3.org/2001/xml.xsd"/>
</pre>
<p>
or
</p>
<pre>
&lt;import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="http://www.w3.org/2009/01/xml.xsd"/>
</pre>
<p>
Subsequently, qualified reference to any of the attributes or the
group defined below will have the desired effect, e.g.
</p>
<pre>
&lt;type . . .>
. . .
&lt;attributeGroup ref="xml:specialAttrs"/>
</pre>
<p>
will define a type which will schema-validate an instance element
with any of those attributes.
</p>
</div>
</div>
</xs:documentation>
</xs:annotation>
<xs:annotation>
<xs:documentation>
<div id="nsversioning" xml:id="nsversioning">
<h2><a name="nsversioning">Versioning policy for this schema document</a></h2>
<div class="bodytext">
<p>
In keeping with the XML Schema WG's standard versioning
policy, this schema document will persist at
<a href="http://www.w3.org/2009/01/xml.xsd">
http://www.w3.org/2009/01/xml.xsd</a>.
</p>
<p>
At the date of issue it can also be found at
<a href="http://www.w3.org/2001/xml.xsd">
http://www.w3.org/2001/xml.xsd</a>.
</p>
<p>
The schema document at that URI may however change in the future,
in order to remain compatible with the latest version of XML
Schema itself, or with the XML namespace itself. In other words,
if the XML Schema or XML namespaces change, the version of this
document at <a href="http://www.w3.org/2001/xml.xsd">
http://www.w3.org/2001/xml.xsd
</a>
will change accordingly; the version at
<a href="http://www.w3.org/2009/01/xml.xsd">
http://www.w3.org/2009/01/xml.xsd
</a>
will not change.
</p>
<p>
Previous dated (and unchanging) versions of this schema
document are at:
</p>
<ul>
<li><a href="http://www.w3.org/2009/01/xml.xsd">
http://www.w3.org/2009/01/xml.xsd</a></li>
<li><a href="http://www.w3.org/2007/08/xml.xsd">
http://www.w3.org/2007/08/xml.xsd</a></li>
<li><a href="http://www.w3.org/2004/10/xml.xsd">
http://www.w3.org/2004/10/xml.xsd</a></li>
<li><a href="http://www.w3.org/2001/03/xml.xsd">
http://www.w3.org/2001/03/xml.xsd</a></li>
</ul>
</div>
</div>
</xs:documentation>
</xs:annotation>
</xs:schema>

309
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/schemas/xmldsig-core-schema.xsd vendored Normal file
View File

@ -0,0 +1,309 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Schema for XML Signatures
http://www.w3.org/2000/09/xmldsig#
$Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
Copyright 2001 The Internet Society and W3C (Massachusetts Institute
of Technology, Institut National de Recherche en Informatique et en
Automatique, Keio University). All Rights Reserved.
http://www.w3.org/Consortium/Legal/
This document is governed by the W3C Software License [1] as described
in the FAQ [2].
[1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
[2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
-->
<schema xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
targetNamespace="http://www.w3.org/2000/09/xmldsig#"
version="0.1" elementFormDefault="qualified">
<!-- Basic Types Defined for Signatures -->
<simpleType name="CryptoBinary">
<restriction base="base64Binary">
</restriction>
</simpleType>
<!-- Start Signature -->
<element name="Signature" type="ds:SignatureType"/>
<complexType name="SignatureType">
<sequence>
<element ref="ds:SignedInfo"/>
<element ref="ds:SignatureValue"/>
<element ref="ds:KeyInfo" minOccurs="0"/>
<element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="SignatureValue" type="ds:SignatureValueType"/>
<complexType name="SignatureValueType">
<simpleContent>
<extension base="base64Binary">
<attribute name="Id" type="ID" use="optional"/>
</extension>
</simpleContent>
</complexType>
<!-- Start SignedInfo -->
<element name="SignedInfo" type="ds:SignedInfoType"/>
<complexType name="SignedInfoType">
<sequence>
<element ref="ds:CanonicalizationMethod"/>
<element ref="ds:SignatureMethod"/>
<element ref="ds:Reference" maxOccurs="unbounded"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
<complexType name="CanonicalizationMethodType" mixed="true">
<sequence>
<any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
<!-- (0,unbounded) elements from (1,1) namespace -->
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<element name="SignatureMethod" type="ds:SignatureMethodType"/>
<complexType name="SignatureMethodType" mixed="true">
<sequence>
<element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
<any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
<!-- (0,unbounded) elements from (1,1) external namespace -->
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<!-- Start Reference -->
<element name="Reference" type="ds:ReferenceType"/>
<complexType name="ReferenceType">
<sequence>
<element ref="ds:Transforms" minOccurs="0"/>
<element ref="ds:DigestMethod"/>
<element ref="ds:DigestValue"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
<attribute name="URI" type="anyURI" use="optional"/>
<attribute name="Type" type="anyURI" use="optional"/>
</complexType>
<element name="Transforms" type="ds:TransformsType"/>
<complexType name="TransformsType">
<sequence>
<element ref="ds:Transform" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="Transform" type="ds:TransformType"/>
<complexType name="TransformType" mixed="true">
<choice minOccurs="0" maxOccurs="unbounded">
<any namespace="##other" processContents="lax"/>
<!-- (1,1) elements from (0,unbounded) namespaces -->
<element name="XPath" type="string"/>
</choice>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<!-- End Reference -->
<element name="DigestMethod" type="ds:DigestMethodType"/>
<complexType name="DigestMethodType" mixed="true">
<sequence>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<element name="DigestValue" type="ds:DigestValueType"/>
<simpleType name="DigestValueType">
<restriction base="base64Binary"/>
</simpleType>
<!-- End SignedInfo -->
<!-- Start KeyInfo -->
<element name="KeyInfo" type="ds:KeyInfoType"/>
<complexType name="KeyInfoType" mixed="true">
<choice maxOccurs="unbounded">
<element ref="ds:KeyName"/>
<element ref="ds:KeyValue"/>
<element ref="ds:RetrievalMethod"/>
<element ref="ds:X509Data"/>
<element ref="ds:PGPData"/>
<element ref="ds:SPKIData"/>
<element ref="ds:MgmtData"/>
<any processContents="lax" namespace="##other"/>
<!-- (1,1) elements from (0,unbounded) namespaces -->
</choice>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="KeyName" type="string"/>
<element name="MgmtData" type="string"/>
<element name="KeyValue" type="ds:KeyValueType"/>
<complexType name="KeyValueType" mixed="true">
<choice>
<element ref="ds:DSAKeyValue"/>
<element ref="ds:RSAKeyValue"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
<complexType name="RetrievalMethodType">
<sequence>
<element ref="ds:Transforms" minOccurs="0"/>
</sequence>
<attribute name="URI" type="anyURI"/>
<attribute name="Type" type="anyURI" use="optional"/>
</complexType>
<!-- Start X509Data -->
<element name="X509Data" type="ds:X509DataType"/>
<complexType name="X509DataType">
<sequence maxOccurs="unbounded">
<choice>
<element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
<element name="X509SKI" type="base64Binary"/>
<element name="X509SubjectName" type="string"/>
<element name="X509Certificate" type="base64Binary"/>
<element name="X509CRL" type="base64Binary"/>
<any namespace="##other" processContents="lax"/>
</choice>
</sequence>
</complexType>
<complexType name="X509IssuerSerialType">
<sequence>
<element name="X509IssuerName" type="string"/>
<element name="X509SerialNumber" type="string"/>
</sequence>
</complexType>
<!-- End X509Data -->
<!-- Begin PGPData -->
<element name="PGPData" type="ds:PGPDataType"/>
<complexType name="PGPDataType">
<choice>
<sequence>
<element name="PGPKeyID" type="base64Binary"/>
<element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
<any namespace="##other" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
<sequence>
<element name="PGPKeyPacket" type="base64Binary"/>
<any namespace="##other" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
</choice>
</complexType>
<!-- End PGPData -->
<!-- Begin SPKIData -->
<element name="SPKIData" type="ds:SPKIDataType"/>
<complexType name="SPKIDataType">
<sequence maxOccurs="unbounded">
<element name="SPKISexp" type="base64Binary"/>
<any namespace="##other" processContents="lax" minOccurs="0"/>
</sequence>
</complexType>
<!-- End SPKIData -->
<!-- End KeyInfo -->
<!-- Start Object (Manifest, SignatureProperty) -->
<element name="Object" type="ds:ObjectType"/>
<complexType name="ObjectType" mixed="true">
<sequence minOccurs="0" maxOccurs="unbounded">
<any namespace="##any" processContents="lax"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
<attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
<attribute name="Encoding" type="anyURI" use="optional"/>
</complexType>
<element name="Manifest" type="ds:ManifestType"/>
<complexType name="ManifestType">
<sequence>
<element ref="ds:Reference" maxOccurs="unbounded"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
<complexType name="SignaturePropertiesType">
<sequence>
<element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="SignatureProperty" type="ds:SignaturePropertyType"/>
<complexType name="SignaturePropertyType" mixed="true">
<choice maxOccurs="unbounded">
<any namespace="##other" processContents="lax"/>
<!-- (1,1) elements from (1,unbounded) namespaces -->
</choice>
<attribute name="Target" type="anyURI" use="required"/>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<!-- End Object (Manifest, SignatureProperty) -->
<!-- Start Algorithm Parameters -->
<simpleType name="HMACOutputLengthType">
<restriction base="integer"/>
</simpleType>
<!-- Start KeyValue Element-types -->
<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
<complexType name="DSAKeyValueType">
<sequence>
<sequence minOccurs="0">
<element name="P" type="ds:CryptoBinary"/>
<element name="Q" type="ds:CryptoBinary"/>
</sequence>
<element name="G" type="ds:CryptoBinary" minOccurs="0"/>
<element name="Y" type="ds:CryptoBinary"/>
<element name="J" type="ds:CryptoBinary" minOccurs="0"/>
<sequence minOccurs="0">
<element name="Seed" type="ds:CryptoBinary"/>
<element name="PgenCounter" type="ds:CryptoBinary"/>
</sequence>
</sequence>
</complexType>
<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
<complexType name="RSAKeyValueType">
<sequence>
<element name="Modulus" type="ds:CryptoBinary"/>
<element name="Exponent" type="ds:CryptoBinary"/>
</sequence>
</complexType>
<!-- End KeyValue Element-types -->
<!-- End Signature -->
</schema>

7
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/version.json vendored Normal file
View File

@ -0,0 +1,7 @@
{
"php-saml": {
"version": "3.4.1",
"released": "25/11/2019"
}
}

228
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/CHANGELOG.txt vendored Normal file
View File

@ -0,0 +1,228 @@
xmlseclibs.php
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
05, Sep 2020, 3.1.1
Features:
- Support OAEP (iggyvolz)
Bug Fixes:
- Fix AES128 (iggyvolz)
Improvements:
- Fix tests for older PHP
22, Apr 2020, 3.1.0
Features:
- Support AES-GCM. Requires PHP 7.1. (François Kooman)
Improvements:
- Fix Travis tests for older PHP versions.
- Use DOMElement interface to fix some IDEs reporting documentation errors
Bug Fixes:
- FIX missing InclusiveNamespaces PrefixList from Java + Apache WSS4J. (njake)
06, Nov 2019, 3.0.4
Security Improvements:
- Insure only a single SignedInfo element exists within a signature during
verification. Refs CVE-2019-3465.
Bug Fixes:
- Fix variable casing.
15, Nov 2018, 3.0.3
Bug Fixes:
- Fix casing of class name. (Willem Stuursma-Ruwen)
- Fix Xpath casing. (Tim van Dijen)
Improvements:
- Make PCRE2 compliant. (Stefan Winter)
- Add PHP 7.3 support. (Stefan Winter)
27, Sep 2018, 3.0.2
Security Improvements:
- OpenSSL is now a requirement rather than suggestion. (Slaven Bacelic)
- Filter input to avoid XPath injection. (Jaime Pérez)
Bug Fixes:
- Fix missing parentheses (Tim van Dijen)
Improvements:
- Use strict comparison operator to compare digest values. (Jaime Pérez)
- Remove call to file_get_contents that doesn't even work. (Jaime Pérez)
- Document potentially dangerous return value behaviour. (Thijs Kinkhorst)
31, Aug 2017, 3.0.1
Bug Fixes:
- Fixed missing () in function call. (Dennis Væversted)
Improvements:
- Add OneLogin to supported software.
- Add .gitattributes to remove unneeded files. (Filippo Tessarotto)
- Fix bug in example code. (Dan Church)
- Travis: add PHP 7.1, move hhvm to allowed failures. (Thijs Kinkhorst)
- Drop failing extract-win-cert test (Thijs Kinkhorst). (Thijs Kinkhorst)
- Add comments to warn about return values of verify(). (Thijs Kinkhorst)
- Fix tests to properly check return code of verify(). (Thijs Kinkhorst)
- Restore support for PHP >= 5.4. (Jaime Pérez)
25, May 2017, 3.0.0
Improvements:
- Remove use of mcrypt (skymeyer)
08, Sep 2016, 2.0.1
Bug Fixes:
- Strip whitespace characters when parsing X509Certificate. fixes #84
(klemen.bratec)
- Certificate 'subject' values can be arrays. fixes #80 (Andreas Stangl)
- HHVM signing node with ID attribute w/out namespace regenerates ID value.
fixes #88 (Milos Tomic)
Improvements:
- Fix typos and add some PHPDoc Blocks. (gfaust-qb)
- Update lightSAML link. (Milos Tomic)
- Update copyright dates.
31, Jul 2015, 2.0.0
Features:
- Namespace support. Classes now in the RobRichards\XMLSecLibs\ namespace.
Improvements:
- Dropped support for PHP 5.2
31, Jul 2015, 1.4.1
Bug Fixes:
- Allow for large digest values that may have line breaks. fixes #62
Features:
- Support for locating specific signature when multiple exist in
document. (griga3k)
Improvements:
- Add optional argument to XMLSecurityDSig to define the prefix to be used,
also allowing for null to use no prefix, for the dsig namespace. fixes #13
- Code cleanup
- Depreciated XMLSecurityDSig::generate_GUID for XMLSecurityDSig::generateGUID
23, Jun 2015, 1.4.0
Features:
- Support for PSR-0 standard.
- Support for X509SubjectName. (Milos Tomic)
- Add HMAC-SHA1 support.
Improvements:
- Add how to install to README. (Bernardo Vieira da Silva)
- Code cleanup. (Jaime Pérez)
- Normalilze tests. (Hidde Wieringa)
- Add basic usage to README. (Hidde Wieringa)
21, May 2015, 1.3.2
Bug Fixes:
- Fix Undefined variable notice. (dpieper85)
- Fix typo when setting MimeType attribute. (Eugene OZ)
- Fix validateReference() with enveloping signatures
Features:
- canonicalizeData performance optimization. (Jaime Pérez)
- Add composer support (Maks3w)
19, Jun 2013, 1.3.1
Features:
- return encrypted node from XMLSecEnc::encryptNode() when replace is set to
false. (Olav)
- Add support for RSA SHA384 and RSA_SHA512 and SHA384 digest. (Jaime PŽrez)
- Add options parameter to the add cert methods.
- Add optional issuerSerial creation with cert
Bug Fixes:
- Fix persisted Id when namespaced. (Koen Thomeer)
Improvements:
- Add LICENSE file
- Convert CHANGELOG.txt to UTF-8
26, Sep 2011, 1.3.0
Features:
- Add param to append sig to node when signing. Fixes a problem when using
inclusive canonicalization to append a signature within a namespaced subtree.
ex. $objDSig->sign($objKey, $appendToNode);
- Add ability to encrypt by reference
- Add support for refences within an encrypted key
- Add thumbprint generation capability (XMLSecurityKey->getX509Thumbprint() and
XMLSecurityKey::getRawThumbprint($cert))
- Return signature element node from XMLSecurityDSig::insertSignature() and
XMLSecurityDSig::appendSignature() methods
- Support for <ds:RetrievalMethod> with simple URI Id reference.
- Add XMLSecurityKey::getSymmetricKeySize() method (Olav)
- Add XMLSecEnc::getCipherValue() method (Olav)
- Improve XMLSecurityKey:generateSessionKey() logic (Olav)
Bug Fixes:
- Change split() to explode() as split is now depreciated
- ds:References using empty or simple URI Id reference should never include
comments in canonicalized data.
- Make sure that the elements in EncryptedData are emitted in the correct
sequence.
11 Jan 2010, 1.2.2
Features:
- Add support XPath support when creating signature. Provides support for
working with EBXML documents.
- Add reference option to force creation of URI attribute. For use
when adding a DOM Document where by default no URI attribute is added.
- Add support for RSA-SHA256
Bug Fixes:
- fix bug #5: createDOMDocumentFragment() in decryptNode when data is node
content (patch by Francois Wang)
08 Jul 2008, 1.2.1
Features:
- Attempt to use mhash when hash extension is not present. (Alfredo Cubitos).
- Add fallback to built-in sha1 if both hash and mhash are not available and
throw error for other for other missing hashes. (patch by Olav Morken).
- Add getX509Certificate method to retrieve the x509 cert used for Key.
(patch by Olav Morken).
- Add getValidatedNodes method to retrieve the elements signed by the
signature. (patch by Olav Morken).
- Add insertSignature method for precision signature insertion. Merge
functionality from appendSignature in the process. (Olav Morken, Rob).
- Finally add some tests
Bug Fixes:
- Fix canonicalization for Document node when using PHP < 5.2.
- Add padding for RSA_SHA1. (patch by Olav Morken).
27 Nov 2007, 1.2.0
Features:
- New addReference/List option (overwrite). Boolean flag indicating if URI
value should be overwritten if already existing within document.
Default is TRUE to maintain BC.
18 Nov 2007, 1.1.2
Bug Fixes:
- Remove closing PHP tag to fix extra whitespace characters from being output
11 Nov 2007, 1.1.1
Features:
- Add getRefNodeID() and getRefIDs() methods missed in previous release.
Provide functionality to find URIs of existing reference nodes.
Required by simpleSAMLphp project
Bug Fixes:
- Remove erroneous whitespace causing issues under certain circumastances.
18 Oct 2007, 1.1.0
Features:
- Enable creation of enveloping signature. This allows the creation of
managed information cards.
- Add addObject method for enveloping signatures.
- Add staticGet509XCerts method. Chained certificates within a PEM file can
now be added within the X509Data node.
- Add xpath support within transformations
- Add InclusiveNamespaces prefix list support within exclusive transformations.
Bug Fixes:
- Initialize random number generator for mcrypt_create_iv. (Joan Cornadó).
- Fix an interoperability issue with .NET when encrypting data in CBC mode.
(Joan Cornadó).

31
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/LICENSE vendored Normal file
View File

@ -0,0 +1,31 @@
Copyright (c) 2007-2019, Robert Richards <rrichards@cdatazone.org>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
* Neither the name of Robert Richards nor the names of his
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

85
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/README.md vendored Normal file
View File

@ -0,0 +1,85 @@
#xmlseclibs
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures.
The author of xmlseclibs is Rob Richards.
# Branches
Master is currently the only actively maintained branch.
* master/3.1: Added AES-GCM support requiring 7.1+
* 3.0: Removes mcrypt usage requiring 5.4+ (5.6.24+ recommended for security reasons)
* 2.0: Contains namespace support requiring 5.3+
* 1.4: Contains auto-loader support while also maintaining backwards compatiblity with the older 1.3 version using the xmlseclibs.php file. Supports PHP 5.2+
# Requirements
xmlseclibs requires PHP version 5.4 or greater. **5.6.24+ recommended for security reasons**
## How to Install
Install with [`composer.phar`](http://getcomposer.org).
```sh
php composer.phar require "robrichards/xmlseclibs"
```
## Use cases
xmlseclibs is being used in many different software.
* [SimpleSAMLPHP](https://github.com/simplesamlphp/simplesamlphp)
* [LightSAML](https://github.com/lightsaml/lightsaml)
* [OneLogin](https://github.com/onelogin/php-saml)
## Basic usage
The example below shows basic usage of xmlseclibs, with a SHA-256 signature.
```php
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
// Load the XML to be signed
$doc = new DOMDocument();
$doc->load('./path/to/file/tobesigned.xml');
// Create a new Security object
$objDSig = new XMLSecurityDSig();
// Use the c14n exclusive canonicalization
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
// Sign using SHA-256
$objDSig->addReference(
$doc,
XMLSecurityDSig::SHA256,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')
);
// Create a new (private) Security key
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private'));
/*
If key has a passphrase, set it using
$objKey->passphrase = '<passphrase>';
*/
// Load the private key
$objKey->loadKey('./path/to/privatekey.pem', TRUE);
// Sign the XML file
$objDSig->sign($objKey);
// Add the associated public key to the signature
$objDSig->add509Cert(file_get_contents('./path/to/file/mycert.pem'));
// Append the signature to the XML
$objDSig->appendSignature($doc->documentElement);
// Save the signed XML
$doc->save('./path/to/signed.xml');
```
## How to Contribute
* [Open Issues](https://github.com/robrichards/xmlseclibs/issues)
* [Open Pull Requests](https://github.com/robrichards/xmlseclibs/pulls)
Mailing List: https://groups.google.com/forum/#!forum/xmlseclibs

21
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/composer.json vendored Normal file
View File

@ -0,0 +1,21 @@
{
"name": "robrichards/xmlseclibs",
"description": "A PHP library for XML Security",
"license": "BSD-3-Clause",
"keywords": [
"xml",
"xmldsig",
"signature",
"security"
],
"homepage": "https://github.com/robrichards/xmlseclibs",
"autoload": {
"psr-4": {
"RobRichards\\XMLSecLibs\\": "src"
}
},
"require": {
"php": ">= 5.4",
"ext-openssl": "*"
}
}

44
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/Utils/XPath.php vendored Normal file
View File

@ -0,0 +1,44 @@
<?php
namespace RobRichards\XMLSecLibs\Utils;
class XPath
{
const ALPHANUMERIC = '\w\d';
const NUMERIC = '\d';
const LETTERS = '\w';
const EXTENDED_ALPHANUMERIC = '\w\d\s\-_:\.';
const SINGLE_QUOTE = '\'';
const DOUBLE_QUOTE = '"';
const ALL_QUOTES = '[\'"]';
/**
* Filter an attribute value for save inclusion in an XPath query.
*
* @param string $value The value to filter.
* @param string $quotes The quotes used to delimit the value in the XPath query.
*
* @return string The filtered attribute value.
*/
public static function filterAttrValue($value, $quotes = self::ALL_QUOTES)
{
return preg_replace('#'.$quotes.'#', '', $value);
}
/**
* Filter an attribute name for save inclusion in an XPath query.
*
* @param string $name The attribute name to filter.
* @param mixed $allow The set of characters to allow. Can be one of the constants provided by this class, or a
* custom regex excluding the '#' character (used as delimiter).
*
* @return string The filtered attribute name.
*/
public static function filterAttrName($name, $allow = self::EXTENDED_ALPHANUMERIC)
{
return preg_replace('#[^'.$allow.']#', '', $name);
}
}

511
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecEnc.php vendored Normal file
View File

@ -0,0 +1,511 @@
<?php
namespace RobRichards\XMLSecLibs;
use DOMDocument;
use DOMElement;
use DOMNode;
use DOMXPath;
use Exception;
use RobRichards\XMLSecLibs\Utils\XPath as XPath;
/**
* xmlseclibs.php
*
* Copyright (c) 2007-2020, Robert Richards <rrichards@cdatazone.org>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* * Neither the name of Robert Richards nor the names of his
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* @author Robert Richards <rrichards@cdatazone.org>
* @copyright 2007-2020 Robert Richards <rrichards@cdatazone.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
*/
class XMLSecEnc
{
const template = "<xenc:EncryptedData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
<xenc:CipherData>
<xenc:CipherValue></xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>";
const Element = 'http://www.w3.org/2001/04/xmlenc#Element';
const Content = 'http://www.w3.org/2001/04/xmlenc#Content';
const URI = 3;
const XMLENCNS = 'http://www.w3.org/2001/04/xmlenc#';
/** @var null|DOMDocument */
private $encdoc = null;
/** @var null|DOMNode */
private $rawNode = null;
/** @var null|string */
public $type = null;
/** @var null|DOMElement */
public $encKey = null;
/** @var array */
private $references = array();
public function __construct()
{
$this->_resetTemplate();
}
private function _resetTemplate()
{
$this->encdoc = new DOMDocument();
$this->encdoc->loadXML(self::template);
}
/**
* @param string $name
* @param DOMNode $node
* @param string $type
* @throws Exception
*/
public function addReference($name, $node, $type)
{
if (! $node instanceOf DOMNode) {
throw new Exception('$node is not of type DOMNode');
}
$curencdoc = $this->encdoc;
$this->_resetTemplate();
$encdoc = $this->encdoc;
$this->encdoc = $curencdoc;
$refuri = XMLSecurityDSig::generateGUID();
$element = $encdoc->documentElement;
$element->setAttribute("Id", $refuri);
$this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri);
}
/**
* @param DOMNode $node
*/
public function setNode($node)
{
$this->rawNode = $node;
}
/**
* Encrypt the selected node with the given key.
*
* @param XMLSecurityKey $objKey The encryption key and algorithm.
* @param bool $replace Whether the encrypted node should be replaced in the original tree. Default is true.
* @throws Exception
*
* @return DOMElement The <xenc:EncryptedData>-element.
*/
public function encryptNode($objKey, $replace = true)
{
$data = '';
if (empty($this->rawNode)) {
throw new Exception('Node to encrypt has not been set');
}
if (! $objKey instanceof XMLSecurityKey) {
throw new Exception('Invalid Key');
}
$doc = $this->rawNode->ownerDocument;
$xPath = new DOMXPath($this->encdoc);
$objList = $xPath->query('/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue');
$cipherValue = $objList->item(0);
if ($cipherValue == null) {
throw new Exception('Error locating CipherValue element within template');
}
switch ($this->type) {
case (self::Element):
$data = $doc->saveXML($this->rawNode);
$this->encdoc->documentElement->setAttribute('Type', self::Element);
break;
case (self::Content):
$children = $this->rawNode->childNodes;
foreach ($children AS $child) {
$data .= $doc->saveXML($child);
}
$this->encdoc->documentElement->setAttribute('Type', self::Content);
break;
default:
throw new Exception('Type is currently not supported');
}
$encMethod = $this->encdoc->documentElement->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod'));
$encMethod->setAttribute('Algorithm', $objKey->getAlgorithm());
$cipherValue->parentNode->parentNode->insertBefore($encMethod, $cipherValue->parentNode->parentNode->firstChild);
$strEncrypt = base64_encode($objKey->encryptData($data));
$value = $this->encdoc->createTextNode($strEncrypt);
$cipherValue->appendChild($value);
if ($replace) {
switch ($this->type) {
case (self::Element):
if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
return $this->encdoc;
}
$importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true);
$this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode);
return $importEnc;
case (self::Content):
$importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, true);
while ($this->rawNode->firstChild) {
$this->rawNode->removeChild($this->rawNode->firstChild);
}
$this->rawNode->appendChild($importEnc);
return $importEnc;
}
} else {
return $this->encdoc->documentElement;
}
}
/**
* @param XMLSecurityKey $objKey
* @throws Exception
*/
public function encryptReferences($objKey)
{
$curRawNode = $this->rawNode;
$curType = $this->type;
foreach ($this->references AS $name => $reference) {
$this->encdoc = $reference["encnode"];
$this->rawNode = $reference["node"];
$this->type = $reference["type"];
try {
$encNode = $this->encryptNode($objKey);
$this->references[$name]["encnode"] = $encNode;
} catch (Exception $e) {
$this->rawNode = $curRawNode;
$this->type = $curType;
throw $e;
}
}
$this->rawNode = $curRawNode;
$this->type = $curType;
}
/**
* Retrieve the CipherValue text from this encrypted node.
*
* @throws Exception
* @return string|null The Ciphervalue text, or null if no CipherValue is found.
*/
public function getCipherValue()
{
if (empty($this->rawNode)) {
throw new Exception('Node to decrypt has not been set');
}
$doc = $this->rawNode->ownerDocument;
$xPath = new DOMXPath($doc);
$xPath->registerNamespace('xmlencr', self::XMLENCNS);
/* Only handles embedded content right now and not a reference */
$query = "./xmlencr:CipherData/xmlencr:CipherValue";
$nodeset = $xPath->query($query, $this->rawNode);
$node = $nodeset->item(0);
if (!$node) {
return null;
}
return base64_decode($node->nodeValue);
}
/**
* Decrypt this encrypted node.
*
* The behaviour of this function depends on the value of $replace.
* If $replace is false, we will return the decrypted data as a string.
* If $replace is true, we will insert the decrypted element(s) into the
* document, and return the decrypted element(s).
*
* @param XMLSecurityKey $objKey The decryption key that should be used when decrypting the node.
* @param boolean $replace Whether we should replace the encrypted node in the XML document with the decrypted data. The default is true.
*
* @return string|DOMElement The decrypted data.
*/
public function decryptNode($objKey, $replace=true)
{
if (! $objKey instanceof XMLSecurityKey) {
throw new Exception('Invalid Key');
}
$encryptedData = $this->getCipherValue();
if ($encryptedData) {
$decrypted = $objKey->decryptData($encryptedData);
if ($replace) {
switch ($this->type) {
case (self::Element):
$newdoc = new DOMDocument();
$newdoc->loadXML($decrypted);
if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
return $newdoc;
}
$importEnc = $this->rawNode->ownerDocument->importNode($newdoc->documentElement, true);
$this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode);
return $importEnc;
case (self::Content):
if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
$doc = $this->rawNode;
} else {
$doc = $this->rawNode->ownerDocument;
}
$newFrag = $doc->createDocumentFragment();
$newFrag->appendXML($decrypted);
$parent = $this->rawNode->parentNode;
$parent->replaceChild($newFrag, $this->rawNode);
return $parent;
default:
return $decrypted;
}
} else {
return $decrypted;
}
} else {
throw new Exception("Cannot locate encrypted data");
}
}
/**
* Encrypt the XMLSecurityKey
*
* @param XMLSecurityKey $srcKey
* @param XMLSecurityKey $rawKey
* @param bool $append
* @throws Exception
*/
public function encryptKey($srcKey, $rawKey, $append=true)
{
if ((! $srcKey instanceof XMLSecurityKey) || (! $rawKey instanceof XMLSecurityKey)) {
throw new Exception('Invalid Key');
}
$strEncKey = base64_encode($srcKey->encryptData($rawKey->key));
$root = $this->encdoc->documentElement;
$encKey = $this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptedKey');
if ($append) {
$keyInfo = $root->insertBefore($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo'), $root->firstChild);
$keyInfo->appendChild($encKey);
} else {
$this->encKey = $encKey;
}
$encMethod = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:EncryptionMethod'));
$encMethod->setAttribute('Algorithm', $srcKey->getAlgorith());
if (! empty($srcKey->name)) {
$keyInfo = $encKey->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo'));
$keyInfo->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyName', $srcKey->name));
}
$cipherData = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherData'));
$cipherData->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:CipherValue', $strEncKey));
if (is_array($this->references) && count($this->references) > 0) {
$refList = $encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:ReferenceList'));
foreach ($this->references AS $name => $reference) {
$refuri = $reference["refuri"];
$dataRef = $refList->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 'xenc:DataReference'));
$dataRef->setAttribute("URI", '#' . $refuri);
}
}
return;
}
/**
* @param XMLSecurityKey $encKey
* @return DOMElement|string
* @throws Exception
*/
public function decryptKey($encKey)
{
if (! $encKey->isEncrypted) {
throw new Exception("Key is not Encrypted");
}
if (empty($encKey->key)) {
throw new Exception("Key is missing data to perform the decryption");
}
return $this->decryptNode($encKey, false);
}
/**
* @param DOMDocument $element
* @return DOMNode|null
*/
public function locateEncryptedData($element)
{
if ($element instanceof DOMDocument) {
$doc = $element;
} else {
$doc = $element->ownerDocument;
}
if ($doc) {
$xpath = new DOMXPath($doc);
$query = "//*[local-name()='EncryptedData' and namespace-uri()='".self::XMLENCNS."']";
$nodeset = $xpath->query($query);
return $nodeset->item(0);
}
return null;
}
/**
* Returns the key from the DOM
* @param null|DOMNode $node
* @return null|XMLSecurityKey
*/
public function locateKey($node=null)
{
if (empty($node)) {
$node = $this->rawNode;
}
if (! $node instanceof DOMNode) {
return null;
}
if ($doc = $node->ownerDocument) {
$xpath = new DOMXPath($doc);
$xpath->registerNamespace('xmlsecenc', self::XMLENCNS);
$query = ".//xmlsecenc:EncryptionMethod";
$nodeset = $xpath->query($query, $node);
if ($encmeth = $nodeset->item(0)) {
$attrAlgorithm = $encmeth->getAttribute("Algorithm");
try {
$objKey = new XMLSecurityKey($attrAlgorithm, array('type' => 'private'));
} catch (Exception $e) {
return null;
}
return $objKey;
}
}
return null;
}
/**
* @param null|XMLSecurityKey $objBaseKey
* @param null|DOMNode $node
* @return null|XMLSecurityKey
* @throws Exception
*/
public static function staticLocateKeyInfo($objBaseKey=null, $node=null)
{
if (empty($node) || (! $node instanceof DOMNode)) {
return null;
}
$doc = $node->ownerDocument;
if (!$doc) {
return null;
}
$xpath = new DOMXPath($doc);
$xpath->registerNamespace('xmlsecenc', self::XMLENCNS);
$xpath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS);
$query = "./xmlsecdsig:KeyInfo";
$nodeset = $xpath->query($query, $node);
$encmeth = $nodeset->item(0);
if (!$encmeth) {
/* No KeyInfo in EncryptedData / EncryptedKey. */
return $objBaseKey;
}
foreach ($encmeth->childNodes AS $child) {
switch ($child->localName) {
case 'KeyName':
if (! empty($objBaseKey)) {
$objBaseKey->name = $child->nodeValue;
}
break;
case 'KeyValue':
foreach ($child->childNodes AS $keyval) {
switch ($keyval->localName) {
case 'DSAKeyValue':
throw new Exception("DSAKeyValue currently not supported");
case 'RSAKeyValue':
$modulus = null;
$exponent = null;
if ($modulusNode = $keyval->getElementsByTagName('Modulus')->item(0)) {
$modulus = base64_decode($modulusNode->nodeValue);
}
if ($exponentNode = $keyval->getElementsByTagName('Exponent')->item(0)) {
$exponent = base64_decode($exponentNode->nodeValue);
}
if (empty($modulus) || empty($exponent)) {
throw new Exception("Missing Modulus or Exponent");
}
$publicKey = XMLSecurityKey::convertRSA($modulus, $exponent);
$objBaseKey->loadKey($publicKey);
break;
}
}
break;
case 'RetrievalMethod':
$type = $child->getAttribute('Type');
if ($type !== 'http://www.w3.org/2001/04/xmlenc#EncryptedKey') {
/* Unsupported key type. */
break;
}
$uri = $child->getAttribute('URI');
if ($uri[0] !== '#') {
/* URI not a reference - unsupported. */
break;
}
$id = substr($uri, 1);
$query = '//xmlsecenc:EncryptedKey[@Id="'.XPath::filterAttrValue($id, XPath::DOUBLE_QUOTE).'"]';
$keyElement = $xpath->query($query)->item(0);
if (!$keyElement) {
throw new Exception("Unable to locate EncryptedKey with @Id='$id'.");
}
return XMLSecurityKey::fromEncryptedKeyElement($keyElement);
case 'EncryptedKey':
return XMLSecurityKey::fromEncryptedKeyElement($child);
case 'X509Data':
if ($x509certNodes = $child->getElementsByTagName('X509Certificate')) {
if ($x509certNodes->length > 0) {
$x509cert = $x509certNodes->item(0)->textContent;
$x509cert = str_replace(array("\r", "\n", " "), "", $x509cert);
$x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n";
$objBaseKey->loadKey($x509cert, false, true);
}
}
break;
}
}
return $objBaseKey;
}
/**
* @param null|XMLSecurityKey $objBaseKey
* @param null|DOMNode $node
* @return null|XMLSecurityKey
*/
public function locateKeyInfo($objBaseKey=null, $node=null)
{
if (empty($node)) {
$node = $this->rawNode;
}
return self::staticLocateKeyInfo($objBaseKey, $node);
}
}

1162
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php vendored Normal file
View File

File diff suppressed because it is too large Load Diff

813
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php vendored Normal file
View File

@ -0,0 +1,813 @@
<?php
namespace RobRichards\XMLSecLibs;
use DOMElement;
use Exception;
/**
* xmlseclibs.php
*
* Copyright (c) 2007-2020, Robert Richards <rrichards@cdatazone.org>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* * Neither the name of Robert Richards nor the names of his
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* @author Robert Richards <rrichards@cdatazone.org>
* @copyright 2007-2020 Robert Richards <rrichards@cdatazone.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
*/
class XMLSecurityKey
{
const TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc';
const AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc';
const AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc';
const AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc';
const AES128_GCM = 'http://www.w3.org/2009/xmlenc11#aes128-gcm';
const AES192_GCM = 'http://www.w3.org/2009/xmlenc11#aes192-gcm';
const AES256_GCM = 'http://www.w3.org/2009/xmlenc11#aes256-gcm';
const RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5';
const RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p';
const RSA_OAEP = 'http://www.w3.org/2009/xmlenc11#rsa-oaep';
const DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1';
const RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
const RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
const RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384';
const RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';
const HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1';
const AUTHTAG_LENGTH = 16;
/** @var array */
private $cryptParams = array();
/** @var int|string */
public $type = 0;
/** @var mixed|null */
public $key = null;
/** @var string */
public $passphrase = "";
/** @var string|null */
public $iv = null;
/** @var string|null */
public $name = null;
/** @var mixed|null */
public $keyChain = null;
/** @var bool */
public $isEncrypted = false;
/** @var XMLSecEnc|null */
public $encryptedCtx = null;
/** @var mixed|null */
public $guid = null;
/**
* This variable contains the certificate as a string if this key represents an X509-certificate.
* If this key doesn't represent a certificate, this will be null.
* @var string|null
*/
private $x509Certificate = null;
/**
* This variable contains the certificate thumbprint if we have loaded an X509-certificate.
* @var string|null
*/
private $X509Thumbprint = null;
/**
* @param string $type
* @param null|array $params
* @throws Exception
*/
public function __construct($type, $params=null)
{
switch ($type) {
case (self::TRIPLEDES_CBC):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['cipher'] = 'des-ede3-cbc';
$this->cryptParams['type'] = 'symmetric';
$this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc';
$this->cryptParams['keysize'] = 24;
$this->cryptParams['blocksize'] = 8;
break;
case (self::AES128_CBC):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['cipher'] = 'aes-128-cbc';
$this->cryptParams['type'] = 'symmetric';
$this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc';
$this->cryptParams['keysize'] = 16;
$this->cryptParams['blocksize'] = 16;
break;
case (self::AES192_CBC):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['cipher'] = 'aes-192-cbc';
$this->cryptParams['type'] = 'symmetric';
$this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc';
$this->cryptParams['keysize'] = 24;
$this->cryptParams['blocksize'] = 16;
break;
case (self::AES256_CBC):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['cipher'] = 'aes-256-cbc';
$this->cryptParams['type'] = 'symmetric';
$this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc';
$this->cryptParams['keysize'] = 32;
$this->cryptParams['blocksize'] = 16;
break;
case (self::AES128_GCM):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['cipher'] = 'aes-128-gcm';
$this->cryptParams['type'] = 'symmetric';
$this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes128-gcm';
$this->cryptParams['keysize'] = 16;
$this->cryptParams['blocksize'] = 16;
break;
case (self::AES192_GCM):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['cipher'] = 'aes-192-gcm';
$this->cryptParams['type'] = 'symmetric';
$this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes192-gcm';
$this->cryptParams['keysize'] = 24;
$this->cryptParams['blocksize'] = 16;
break;
case (self::AES256_GCM):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['cipher'] = 'aes-256-gcm';
$this->cryptParams['type'] = 'symmetric';
$this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#aes256-gcm';
$this->cryptParams['keysize'] = 32;
$this->cryptParams['blocksize'] = 16;
break;
case (self::RSA_1_5):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
$this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5';
if (is_array($params) && ! empty($params['type'])) {
if ($params['type'] == 'public' || $params['type'] == 'private') {
$this->cryptParams['type'] = $params['type'];
break;
}
}
throw new Exception('Certificate "type" (private/public) must be passed via parameters');
case (self::RSA_OAEP_MGF1P):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING;
$this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p';
$this->cryptParams['hash'] = null;
if (is_array($params) && ! empty($params['type'])) {
if ($params['type'] == 'public' || $params['type'] == 'private') {
$this->cryptParams['type'] = $params['type'];
break;
}
}
throw new Exception('Certificate "type" (private/public) must be passed via parameters');
case (self::RSA_OAEP):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING;
$this->cryptParams['method'] = 'http://www.w3.org/2009/xmlenc11#rsa-oaep';
$this->cryptParams['hash'] = 'http://www.w3.org/2009/xmlenc11#mgf1sha1';
if (is_array($params) && ! empty($params['type'])) {
if ($params['type'] == 'public' || $params['type'] == 'private') {
$this->cryptParams['type'] = $params['type'];
break;
}
}
throw new Exception('Certificate "type" (private/public) must be passed via parameters');
case (self::RSA_SHA1):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
$this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
if (is_array($params) && ! empty($params['type'])) {
if ($params['type'] == 'public' || $params['type'] == 'private') {
$this->cryptParams['type'] = $params['type'];
break;
}
}
throw new Exception('Certificate "type" (private/public) must be passed via parameters');
case (self::RSA_SHA256):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
$this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
$this->cryptParams['digest'] = 'SHA256';
if (is_array($params) && ! empty($params['type'])) {
if ($params['type'] == 'public' || $params['type'] == 'private') {
$this->cryptParams['type'] = $params['type'];
break;
}
}
throw new Exception('Certificate "type" (private/public) must be passed via parameters');
case (self::RSA_SHA384):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384';
$this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
$this->cryptParams['digest'] = 'SHA384';
if (is_array($params) && ! empty($params['type'])) {
if ($params['type'] == 'public' || $params['type'] == 'private') {
$this->cryptParams['type'] = $params['type'];
break;
}
}
throw new Exception('Certificate "type" (private/public) must be passed via parameters');
case (self::RSA_SHA512):
$this->cryptParams['library'] = 'openssl';
$this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';
$this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
$this->cryptParams['digest'] = 'SHA512';
if (is_array($params) && ! empty($params['type'])) {
if ($params['type'] == 'public' || $params['type'] == 'private') {
$this->cryptParams['type'] = $params['type'];
break;
}
}
throw new Exception('Certificate "type" (private/public) must be passed via parameters');
case (self::HMAC_SHA1):
$this->cryptParams['library'] = $type;
$this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1';
break;
default:
throw new Exception('Invalid Key Type');
}
$this->type = $type;
}
/**
* Retrieve the key size for the symmetric encryption algorithm..
*
* If the key size is unknown, or this isn't a symmetric encryption algorithm,
* null is returned.
*
* @return int|null The number of bytes in the key.
*/
public function getSymmetricKeySize()
{
if (! isset($this->cryptParams['keysize'])) {
return null;
}
return $this->cryptParams['keysize'];
}
/**
* Generates a session key using the openssl-extension.
* In case of using DES3-CBC the key is checked for a proper parity bits set.
* @return string
* @throws Exception
*/
public function generateSessionKey()
{
if (!isset($this->cryptParams['keysize'])) {
throw new Exception('Unknown key size for type "' . $this->type . '".');
}
$keysize = $this->cryptParams['keysize'];
$key = openssl_random_pseudo_bytes($keysize);
if ($this->type === self::TRIPLEDES_CBC) {
/* Make sure that the generated key has the proper parity bits set.
* Mcrypt doesn't care about the parity bits, but others may care.
*/
for ($i = 0; $i < strlen($key); $i++) {
$byte = ord($key[$i]) & 0xfe;
$parity = 1;
for ($j = 1; $j < 8; $j++) {
$parity ^= ($byte >> $j) & 1;
}
$byte |= $parity;
$key[$i] = chr($byte);
}
}
$this->key = $key;
return $key;
}
/**
* Get the raw thumbprint of a certificate
*
* @param string $cert
* @return null|string
*/
public static function getRawThumbprint($cert)
{
$arCert = explode("\n", $cert);
$data = '';
$inData = false;
foreach ($arCert AS $curData) {
if (! $inData) {
if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) {
$inData = true;
}
} else {
if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) {
break;
}
$data .= trim($curData);
}
}
if (! empty($data)) {
return strtolower(sha1(base64_decode($data)));
}
return null;
}
/**
* Loads the given key, or - with isFile set true - the key from the keyfile.
*
* @param string $key
* @param bool $isFile
* @param bool $isCert
* @throws Exception
*/
public function loadKey($key, $isFile=false, $isCert = false)
{
if ($isFile) {
$this->key = file_get_contents($key);
} else {
$this->key = $key;
}
if ($isCert) {
$this->key = openssl_x509_read($this->key);
openssl_x509_export($this->key, $str_cert);
$this->x509Certificate = $str_cert;
$this->key = $str_cert;
} else {
$this->x509Certificate = null;
}
if ($this->cryptParams['library'] == 'openssl') {
switch ($this->cryptParams['type']) {
case 'public':
if ($isCert) {
/* Load the thumbprint if this is an X509 certificate. */
$this->X509Thumbprint = self::getRawThumbprint($this->key);
}
$this->key = openssl_get_publickey($this->key);
if (! $this->key) {
throw new Exception('Unable to extract public key');
}
break;
case 'private':
$this->key = openssl_get_privatekey($this->key, $this->passphrase);
break;
case'symmetric':
if (strlen($this->key) < $this->cryptParams['keysize']) {
throw new Exception('Key must contain at least '.$this->cryptParams['keysize'].' characters for this cipher, contains '.strlen($this->key));
}
break;
default:
throw new Exception('Unknown type');
}
}
}
/**
* ISO 10126 Padding
*
* @param string $data
* @param integer $blockSize
* @throws Exception
* @return string
*/
private function padISO10126($data, $blockSize)
{
if ($blockSize > 256) {
throw new Exception('Block size higher than 256 not allowed');
}
$padChr = $blockSize - (strlen($data) % $blockSize);
$pattern = chr($padChr);
return $data . str_repeat($pattern, $padChr);
}
/**
* Remove ISO 10126 Padding
*
* @param string $data
* @return string
*/
private function unpadISO10126($data)
{
$padChr = substr($data, -1);
$padLen = ord($padChr);
return substr($data, 0, -$padLen);
}
/**
* Encrypts the given data (string) using the openssl-extension
*
* @param string $data
* @return string
*/
private function encryptSymmetric($data)
{
$this->iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->cryptParams['cipher']));
$authTag = null;
if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) {
if (version_compare(PHP_VERSION, '7.1.0') < 0) {
throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms');
}
$authTag = openssl_random_pseudo_bytes(self::AUTHTAG_LENGTH);
$encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag);
} else {
$data = $this->padISO10126($data, $this->cryptParams['blocksize']);
$encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv);
}
if (false === $encrypted) {
throw new Exception('Failure encrypting Data (openssl symmetric) - ' . openssl_error_string());
}
return $this->iv . $encrypted . $authTag;
}
/**
* Decrypts the given data (string) using the openssl-extension
*
* @param string $data
* @return string
*/
private function decryptSymmetric($data)
{
$iv_length = openssl_cipher_iv_length($this->cryptParams['cipher']);
$this->iv = substr($data, 0, $iv_length);
$data = substr($data, $iv_length);
$authTag = null;
if(in_array($this->cryptParams['cipher'], ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])) {
if (version_compare(PHP_VERSION, '7.1.0') < 0) {
throw new Exception('PHP 7.1.0 is required to use AES GCM algorithms');
}
// obtain and remove the authentication tag
$offset = 0 - self::AUTHTAG_LENGTH;
$authTag = substr($data, $offset);
$data = substr($data, 0, $offset);
$decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag);
} else {
$decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv);
}
if (false === $decrypted) {
throw new Exception('Failure decrypting Data (openssl symmetric) - ' . openssl_error_string());
}
return null !== $authTag ? $decrypted : $this->unpadISO10126($decrypted);
}
/**
* Encrypts the given public data (string) using the openssl-extension
*
* @param string $data
* @return string
* @throws Exception
*/
private function encryptPublic($data)
{
if (! openssl_public_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) {
throw new Exception('Failure encrypting Data (openssl public) - ' . openssl_error_string());
}
return $encrypted;
}
/**
* Decrypts the given public data (string) using the openssl-extension
*
* @param string $data
* @return string
* @throws Exception
*/
private function decryptPublic($data)
{
if (! openssl_public_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) {
throw new Exception('Failure decrypting Data (openssl public) - ' . openssl_error_string());
}
return $decrypted;
}
/**
* Encrypts the given private data (string) using the openssl-extension
*
* @param string $data
* @return string
* @throws Exception
*/
private function encryptPrivate($data)
{
if (! openssl_private_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) {
throw new Exception('Failure encrypting Data (openssl private) - ' . openssl_error_string());
}
return $encrypted;
}
/**
* Decrypts the given private data (string) using the openssl-extension
*
* @param string $data
* @return string
* @throws Exception
*/
private function decryptPrivate($data)
{
if (! openssl_private_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) {
throw new Exception('Failure decrypting Data (openssl private) - ' . openssl_error_string());
}
return $decrypted;
}
/**
* Signs the given data (string) using the openssl-extension
*
* @param string $data
* @return string
* @throws Exception
*/
private function signOpenSSL($data)
{
$algo = OPENSSL_ALGO_SHA1;
if (! empty($this->cryptParams['digest'])) {
$algo = $this->cryptParams['digest'];
}
if (! openssl_sign($data, $signature, $this->key, $algo)) {
throw new Exception('Failure Signing Data: ' . openssl_error_string() . ' - ' . $algo);
}
return $signature;
}
/**
* Verifies the given data (string) belonging to the given signature using the openssl-extension
*
* Returns:
* 1 on succesful signature verification,
* 0 when signature verification failed,
* -1 if an error occurred during processing.
*
* NOTE: be very careful when checking the return value, because in PHP,
* -1 will be cast to True when in boolean context. So always check the
* return value in a strictly typed way, e.g. "$obj->verify(...) === 1".
*
* @param string $data
* @param string $signature
* @return int
*/
private function verifyOpenSSL($data, $signature)
{
$algo = OPENSSL_ALGO_SHA1;
if (! empty($this->cryptParams['digest'])) {
$algo = $this->cryptParams['digest'];
}
return openssl_verify($data, $signature, $this->key, $algo);
}
/**
* Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.
*
* @param string $data
* @return mixed|string
*/
public function encryptData($data)
{
if ($this->cryptParams['library'] === 'openssl') {
switch ($this->cryptParams['type']) {
case 'symmetric':
return $this->encryptSymmetric($data);
case 'public':
return $this->encryptPublic($data);
case 'private':
return $this->encryptPrivate($data);
}
}
}
/**
* Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.
*
* @param string $data
* @return mixed|string
*/
public function decryptData($data)
{
if ($this->cryptParams['library'] === 'openssl') {
switch ($this->cryptParams['type']) {
case 'symmetric':
return $this->decryptSymmetric($data);
case 'public':
return $this->decryptPublic($data);
case 'private':
return $this->decryptPrivate($data);
}
}
}
/**
* Signs the data (string) using the extension assigned to the type in the constructor.
*
* @param string $data
* @return mixed|string
*/
public function signData($data)
{
switch ($this->cryptParams['library']) {
case 'openssl':
return $this->signOpenSSL($data);
case (self::HMAC_SHA1):
return hash_hmac("sha1", $data, $this->key, true);
}
}
/**
* Verifies the data (string) against the given signature using the extension assigned to the type in the constructor.
*
* Returns in case of openSSL:
* 1 on succesful signature verification,
* 0 when signature verification failed,
* -1 if an error occurred during processing.
*
* NOTE: be very careful when checking the return value, because in PHP,
* -1 will be cast to True when in boolean context. So always check the
* return value in a strictly typed way, e.g. "$obj->verify(...) === 1".
*
* @param string $data
* @param string $signature
* @return bool|int
*/
public function verifySignature($data, $signature)
{
switch ($this->cryptParams['library']) {
case 'openssl':
return $this->verifyOpenSSL($data, $signature);
case (self::HMAC_SHA1):
$expectedSignature = hash_hmac("sha1", $data, $this->key, true);
return strcmp($signature, $expectedSignature) == 0;
}
}
/**
* @deprecated
* @see getAlgorithm()
* @return mixed
*/
public function getAlgorith()
{
return $this->getAlgorithm();
}
/**
* @return mixed
*/
public function getAlgorithm()
{
return $this->cryptParams['method'];
}
/**
*
* @param int $type
* @param string $string
* @return null|string
*/
public static function makeAsnSegment($type, $string)
{
switch ($type) {
case 0x02:
if (ord($string) > 0x7f)
$string = chr(0).$string;
break;
case 0x03:
$string = chr(0).$string;
break;
}
$length = strlen($string);
if ($length < 128) {
$output = sprintf("%c%c%s", $type, $length, $string);
} else if ($length < 0x0100) {
$output = sprintf("%c%c%c%s", $type, 0x81, $length, $string);
} else if ($length < 0x010000) {
$output = sprintf("%c%c%c%c%s", $type, 0x82, $length / 0x0100, $length % 0x0100, $string);
} else {
$output = null;
}
return $output;
}
/**
*
* Hint: Modulus and Exponent must already be base64 decoded
* @param string $modulus
* @param string $exponent
* @return string
*/
public static function convertRSA($modulus, $exponent)
{
/* make an ASN publicKeyInfo */
$exponentEncoding = self::makeAsnSegment(0x02, $exponent);
$modulusEncoding = self::makeAsnSegment(0x02, $modulus);
$sequenceEncoding = self::makeAsnSegment(0x30, $modulusEncoding.$exponentEncoding);
$bitstringEncoding = self::makeAsnSegment(0x03, $sequenceEncoding);
$rsaAlgorithmIdentifier = pack("H*", "300D06092A864886F70D0101010500");
$publicKeyInfo = self::makeAsnSegment(0x30, $rsaAlgorithmIdentifier.$bitstringEncoding);
/* encode the publicKeyInfo in base64 and add PEM brackets */
$publicKeyInfoBase64 = base64_encode($publicKeyInfo);
$encoding = "-----BEGIN PUBLIC KEY-----\n";
$offset = 0;
while ($segment = substr($publicKeyInfoBase64, $offset, 64)) {
$encoding = $encoding.$segment."\n";
$offset += 64;
}
return $encoding."-----END PUBLIC KEY-----\n";
}
/**
* @param mixed $parent
*/
public function serializeKey($parent)
{
}
/**
* Retrieve the X509 certificate this key represents.
*
* Will return the X509 certificate in PEM-format if this key represents
* an X509 certificate.
*
* @return string The X509 certificate or null if this key doesn't represent an X509-certificate.
*/
public function getX509Certificate()
{
return $this->x509Certificate;
}
/**
* Get the thumbprint of this X509 certificate.
*
* Returns:
* The thumbprint as a lowercase 40-character hexadecimal number, or null
* if this isn't a X509 certificate.
*
* @return string Lowercase 40-character hexadecimal number of thumbprint
*/
public function getX509Thumbprint()
{
return $this->X509Thumbprint;
}
/**
* Create key from an EncryptedKey-element.
*
* @param DOMElement $element The EncryptedKey-element.
* @throws Exception
*
* @return XMLSecurityKey The new key.
*/
public static function fromEncryptedKeyElement(DOMElement $element)
{
$objenc = new XMLSecEnc();
$objenc->setNode($element);
if (! $objKey = $objenc->locateKey()) {
throw new Exception("Unable to locate algorithm for this Encrypted Key");
}
$objKey->isEncrypted = true;
$objKey->encryptedCtx = $objenc;
XMLSecEnc::staticLocateKeyInfo($objKey, $element);
return $objKey;
}
}

47
docker/nextcloud/src/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/xmlseclibs.php vendored Normal file
View File

@ -0,0 +1,47 @@
<?php
/**
* xmlseclibs.php
*
* Copyright (c) 2007-2020, Robert Richards <rrichards@cdatazone.org>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* * Neither the name of Robert Richards nor the names of his
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* @author Robert Richards <rrichards@cdatazone.org>
* @copyright 2007-2020 Robert Richards <rrichards@cdatazone.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
* @version 3.1.1
*/
$xmlseclibs_srcdir = dirname(__FILE__) . '/src/';
require $xmlseclibs_srcdir . '/XMLSecurityKey.php';
require $xmlseclibs_srcdir . '/XMLSecurityDSig.php';
require $xmlseclibs_srcdir . '/XMLSecEnc.php';
require $xmlseclibs_srcdir . '/Utils/XPath.php';

184
docker/nextcloud/src/custom_apps/user_saml/CHANGELOG.md Normal file
View File

@ -0,0 +1,184 @@
# Changelog
All notable changes to this project will be documented in this file.
## 4.1.0
### Added
- Nextcloud 22 support
### Fixed
- logins with base64 resembling UIDs
## 4.0.0
### Removed
- Nextcloud <21 support
## 3.3.3
### Added
- Possibility to add custom direct login message
## 3.3.2
### Added
- Possible url for SLO response
### Fixed
- Fix login flow support yet again
- Buton colors
- Translations
- Fixed provisioning users from encoded uids
- Fix missing IDP variable
## 3.3.1
### Fixed
- 21 suport
- login flow support with strict cookies
## 3.1.2
### Fixed
- 19 support. This was broken due to stricter cookies
## 3.0.1
### Added
- Add setting to specify a different signature algorithm #401
### Changed
- translation updates
## 3.0.0
### Changed
- fixed login with chrome browser #379
- translation updates
- Make 19 compatible #380
## 2.4.0
### Added
- IdP initiated logout
### Fixed
- No password confirmation for passwordless users
- Handle exceptions more graceful (prevent app from disabling)
- Desktop client login failing in some cases
## 2.3.1
### Fixed
- name id format is set per provider
## 2.3.0
### Added
- Ability to specify nameformat when configuring IdPs
- Properly set the timezone
### Changed
- Also search for diplayname and email in backend
- Bumped onelogin/php-saml to 3.1.1
- Updated translations
### Fixed
- Catch exception so app does not get disabled on random PUT requests
## 2.2.0
### Changed
- Update dependencies for PHP 7.3 compatibility
- Ready for Nextcloud 16
- improve logging
## 2.1.1
### Changed
- sort IDP's alphabetical
- improved documentation in UI, add hint for direct login URL
### Fixed
- create skeleton files if SAML is used in combination with LDAP
## 2.1.0
### Changed
- add attribute mapping for the users home directory when creating a new user
- use a combobox to select the IDP on login when more then 4 IDPs are configured
- improved debug logging and in case of errors
- Add sabredav plugin to register environment auth for dav requests
### Fixed
- remove trailing and leading spaces on settings
- adjust login page to the theme
## 2.0.0
### Changed
- update to upstream php-saml 3.0 (upstream library) which removes the mcrypt dependency
- Improve SAML behaviour in a Global Scale setup
## 1.7.0
### Changed
- many small changes/fixes to make SAML work in a Global Scale setup
## 1.6.2
### Changed
- Add reset button to start over with the configuration
- Show default login screen until SSO is configured
- updated translations
### Fixed
- small fixes
## 1.6.1
### Fixed
- internal version number
## 1.6.0
### Changed
- Allow multiple IDP's
- Add attribute mapping for groups
## 1.5.0
### Changed
- add attribute mapping for the users quota
- add option to use the local user back-end (and LDAP) in parallel to SAML
### Fixed
- fix redirect loop in case a user was disabled
- query LDAP for user data during auto-provisioning in case "Only allow authentication if an account is existent on some other backend" is enabled
## 1.4.2
- update display name in accounts table correctly
- improve error messages and logging
## 1.4.0
### Fixed
- Spelling mistakes
- Keep displayname after login
- Fix compatibility with reverse proxies
- Set last login after successful login operation
- SLO support
- Hide attribute mapping until a type is selected
## 1.3.2
### Added
- Added sample screenshots

661
docker/nextcloud/src/custom_apps/user_saml/LICENSE Normal file
View File

@ -0,0 +1,661 @@
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for
software and other kinds of works, specifically designed to ensure
cooperation with the community in the case of network server software.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
our General Public Licenses are intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
Developers that use our General Public Licenses protect your rights
with two steps: (1) assert copyright on the software, and (2) offer
you this License which gives you legal permission to copy, distribute
and/or modify the software.
A secondary benefit of defending all users' freedom is that
improvements made in alternate versions of the program, if they
receive widespread use, become available for other developers to
incorporate. Many developers of free software are heartened and
encouraged by the resulting cooperation. However, in the case of
software used on network servers, this result may fail to come about.
The GNU General Public License permits making a modified version and
letting the public access it on a server without ever releasing its
source code to the public.
The GNU Affero General Public License is designed specifically to
ensure that, in such cases, the modified source code becomes available
to the community. It requires the operator of a network server to
provide the source code of the modified version running there to the
users of that server. Therefore, public use of a modified version, on
a publicly accessible server, gives the public access to the source
code of the modified version.
An older license, called the Affero General Public License and
published by Affero, was designed to accomplish similar goals. This is
a different license, not a version of the Affero GPL, but Affero has
released a new version of the Affero GPL which permits relicensing under
this license.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the work with which it is combined will remain governed by version
3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU Affero General Public License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU Affero General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU Affero General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU Affero General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer
network, you should also make sure that it provides a way for users to
get its source. For example, if your program is a web application, its
interface could display a "Source" link that leads users to an archive
of the code. There are many ways you could offer source, and different
solutions will be better for different programs; see section 13 for the
specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU AGPL, see
<https://www.gnu.org/licenses/>.

213
docker/nextcloud/src/custom_apps/user_saml/appinfo/app.php Normal file
View File

@ -0,0 +1,213 @@
<?php
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
require_once __DIR__ . '/../3rdparty/vendor/autoload.php';
// If we run in CLI mode do not setup the app as it can fail the OCC execution
// since the URLGenerator isn't accessible.
$cli = false;
if(OC::$CLI) {
$cli = true;
}
try {
$urlGenerator = \OC::$server->getURLGenerator();
$l = \OC::$server->getL10N('user_saml');
$config = \OC::$server->getConfig();
$request = \OC::$server->getRequest();
$userSession = \OC::$server->getUserSession();
$session = \OC::$server->getSession();
} catch (Throwable $e) {
\OC::$server->getLogger()->logException($e);
return;
}
$samlSettings = new \OCA\User_SAML\SAMLSettings(
$urlGenerator,
$config,
$request,
$session
);
$userData = new \OCA\User_SAML\UserData(
new \OCA\User_SAML\UserResolver(\OC::$server->getUserManager()),
$samlSettings,
$config
);
$userBackend = new \OCA\User_SAML\UserBackend(
$config,
$urlGenerator,
\OC::$server->getSession(),
\OC::$server->getDatabaseConnection(),
\OC::$server->getUserManager(),
\OC::$server->getGroupManager(),
$samlSettings,
\OC::$server->getLogger(),
$userData
);
$userBackend->registerBackends(\OC::$server->getUserManager()->getBackends());
OC_User::useBackend($userBackend);
$params = [];
// Setting up the one login config may fail, if so, do not catch the requests later.
$returnScript = false;
$type = '';
switch($config->getAppValue('user_saml', 'type')) {
case 'saml':
try {
$oneLoginSettings = new \OneLogin\Saml2\Settings($samlSettings->getOneLoginSettingsArray(1));
} catch (\OneLogin\SAML2\Error $e) {
$returnScript = true;
}
$type = 'saml';
break;
case 'environment-variable':
$type = 'environment-variable';
break;
default:
return;
}
if ($type === 'environment-variable') {
// We should ignore oauth2 token endpoint (oauth can send the credentials as basic auth which will fail with apache auth)
$uri = $request->getRequestUri();
if (substr($uri, -24) === '/apps/oauth/api/v1/token') {
return;
}
OC_User::handleApacheAuth();
}
if($returnScript === true) {
return;
}
$app = \OC::$server->query(\OCA\User_SAML\AppInfo\Application::class);
$app->registerDavAuth();
$redirectSituation = false;
$user = $userSession->getUser();
if ($user !== null) {
$enabled = $user->isEnabled();
if ($enabled === false) {
$targetUrl = $urlGenerator->linkToRouteAbsolute(
'user_saml.SAML.genericError',
[
'message' => $l->t('This user account is disabled, please contact your administrator.')
]
);
header('Location: '.$targetUrl);
exit();
}
}
// All requests that are not authenticated and match against the "/login" route are
// redirected to the SAML login endpoint
if(!$cli &&
!$userSession->isLoggedIn() &&
\OC::$server->getRequest()->getPathInfo() === '/login' &&
$type !== '') {
try {
$params = $request->getParams();
} catch (\LogicException $e) {
// ignore exception when PUT is called since getParams cannot parse parameters in that case
}
if (isset($params['direct'])) {
return;
}
$redirectSituation = true;
}
// If a request to OCS or remote.php is sent by the official desktop clients it can
// be intercepted as it supports SAML. All other clients don't yet and thus we
// require the usage of application specific passwords there.
//
// However, it is an opt-in setting to use SAML for the desktop clients. For better
// UX (users don't have to reauthenticate) we default to disallow the access via
// SAML at the moment.
$useSamlForDesktopClients = $config->getAppValue('user_saml', 'general-use_saml_auth_for_desktop', '0');
if($useSamlForDesktopClients === '1') {
$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') {
if(!$userSession->isLoggedIn() && $request->isUserAgent([\OCP\IRequest::USER_AGENT_CLIENT_DESKTOP])) {
$redirectSituation = true;
if (preg_match('/^.*\/(\d+\.\d+\.\d+).*$/', $request->getHeader('USER_AGENT'), $matches) === 1) {
$versionstring = $matches[1];
if (version_compare($versionstring, '2.5.0', '>=') === true) {
$redirectSituation = false;
}
}
}
}
}
$multipleUserBackEnds = $samlSettings->allowMultipleUserBackEnds();
$configuredIdps = $samlSettings->getListOfIdps();
$showLoginOptions = $multipleUserBackEnds || count($configuredIdps) > 1;
if ($redirectSituation === true && $showLoginOptions) {
try {
$params = $request->getParams();
} catch (\LogicException $e) {
// ignore exception when PUT is called since getParams cannot parse parameters in that case
}
$redirectUrl = '';
if(isset($params['redirect_url'])) {
$redirectUrl = $params['redirect_url'];
}
$targetUrl = $urlGenerator->linkToRouteAbsolute(
'user_saml.SAML.selectUserBackEnd',
[
'redirectUrl' => $redirectUrl
]
);
header('Location: '.$targetUrl);
exit();
}
if($redirectSituation === true) {
try {
$params = $request->getParams();
} catch (\LogicException $e) {
// ignore exception when PUT is called since getParams cannot parse parameters in that case
}
$originalUrl = '';
if(isset($params['redirect_url'])) {
$originalUrl = $urlGenerator->getAbsoluteURL($params['redirect_url']);
}
$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
$targetUrl = $urlGenerator->linkToRouteAbsolute(
'user_saml.SAML.login',
[
'requesttoken' => $csrfToken->getEncryptedValue(),
'originalUrl' => $originalUrl,
'idp' => 1,
]
);
header('Location: '.$targetUrl);
exit();
}

45
docker/nextcloud/src/custom_apps/user_saml/appinfo/info.xml Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0"?>
<info>
<id>user_saml</id>
<name>SSO &amp; SAML authentication</name>
<summary>Authenticate using single sign-on</summary>
<description><![CDATA[Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)
The following providers are supported and tested at the moment:
* **SAML 2.0**
* OneLogin
* Shibboleth
* Active Directory Federation Services (ADFS)
* **Authentication via Environment Variable**
* Kerberos (mod_auth_kerb)
* Any other provider that authenticates using the environment variable
While theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.]]></description>
<version>4.1.1</version>
<licence>agpl</licence>
<author>Lukas Reschke</author>
<namespace>User_SAML</namespace>
<types>
<authentication/>
</types>
<documentation>
<admin>https://portal.nextcloud.com/article/configuring-single-sign-on-10.html</admin>
</documentation>
<category>integration</category>
<website>https://github.com/nextcloud/user_saml</website>
<bugs>https://github.com/nextcloud/user_saml/issues</bugs>
<repository type="git">https://github.com/nextcloud/user_saml.git</repository>
<screenshot>https://raw.githubusercontent.com/nextcloud/user_saml/master/screenshots/1.png</screenshot>
<screenshot>https://raw.githubusercontent.com/nextcloud/user_saml/master/screenshots/2.png</screenshot>
<dependencies>
<nextcloud min-version="21" max-version="22" />
</dependencies>
<commands>
<command>OCA\User_SAML\Command\GetMetadata</command>
</commands>
<settings>
<admin>OCA\User_SAML\Settings\Admin</admin>
<admin-section>OCA\User_SAML\Settings\Section</admin-section>
</settings>
</info>

94
docker/nextcloud/src/custom_apps/user_saml/appinfo/routes.php Normal file
View File

@ -0,0 +1,94 @@
<?php
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\User_SAML\AppInfo;
return [
'routes' => [
[
'name' => 'SAML#login',
'url' => '/saml/login',
'verb' => 'GET',
],
[
'name' => 'SAML#base',
'url' => '/saml',
'verb' => 'GET',
],
[
'name' => 'SAML#getMetadata',
'url' => '/saml/metadata',
'verb' => 'GET',
],
[
'name' => 'SAML#assertionConsumerService',
'url' => '/saml/acs',
'verb' => 'POST',
],
[
'name' => 'SAML#singleLogoutService',
'url' => '/saml/sls',
'verb' => 'GET',
],
[
'name' => 'SAML#singleLogoutService',
'url' => '/saml/sls',
'verb' => 'POST',
'postfix' => 'slspost',
],
[
'name' => 'SAML#notProvisioned',
'url' => '/saml/notProvisioned',
'verb' => 'GET',
],
[
'name' => 'SAML#genericError',
'url' => '/saml/error',
'verb' => 'GET',
],
[
'name' => 'SAML#selectUserBackEnd',
'url' => '/saml/selectUserBackEnd',
'verb' => 'GET',
],
[
'name' => 'Settings#getSamlProviderSettings',
'url' => '/settings/providerSettings/{providerId}',
'verb' => 'GET',
'defaults' => [
'providerId' => '1'
]
],
[
'name' => 'Settings#deleteSamlProviderSettings',
'url' => '/settings/providerSettings/{providerId}',
'verb' => 'DELETE',
'defaults' => [
'providerId' => '1'
]
],
[
'name' => 'Timezone#setTimezone',
'url' => '/config/timezone',
'verb' => 'POST',
],
],
];

60
docker/nextcloud/src/custom_apps/user_saml/css/admin.css Normal file
View File

@ -0,0 +1,60 @@
#user-saml input[type="text"],textarea {
max-width: 600px;
width: 100%;
}
#user-saml input[type="checkbox"] {
vertical-align:middle;
cursor: pointer;
}
#user-saml h3 .icon-delete {
display: inline-block;
padding: 5px;
margin-bottom: -6px;
}
#user-saml h4 {
font-size: 14px;
font-weight: 300;
margin: 12px 0;
}
#user-saml-settings > div {
margin-bottom: 10px;
}
.indent {
padding-left: 14px;
}
#user-saml-settings .toggle {
clear: both;
padding: 7px 0;
cursor: pointer;
opacity: .5;
}
#user-saml .account-list {
margin: 10px 0 10px 0;
overflow:hidden;
padding: 10px 0 10px 0;
}
#user-saml .account-list li {
float: left;
}
#user-saml .account-list li a:not(.button) {
padding: 7px;
}
#user-saml .account-list li a.button {
margin-left: 20px;
}
#user-saml .account-list li.active a {
border-bottom: 1px solid #333;
font-weight: bold;
}
#user-saml-reset-settings {
float: right;
}

30
docker/nextcloud/src/custom_apps/user_saml/css/personal.css Normal file
View File

@ -0,0 +1,30 @@
#user-saml-apppasswords table {
width: 100%;
min-height: 150px;
padding-top: 25px;
}
#user-saml-appasswords table th {
font-weight: 800;
}
#user-saml-apppasswords table th,
#user-saml-apppasswords table td {
padding: 10px;
}
#user-saml-apppasswords .token-list td {
border-top: 1px solid #DDD;
text-overflow: ellipsis;
max-width: 200px;
white-space: nowrap;
overflow: hidden;
}
#user-saml-apppasswords .token-list td a.icon-delete {
display: block;
opacity: 0.6;
}
#user-saml-new-app-password {
width: 186px;
font-family: monospace;
background-color: lightyellow;
}

38
docker/nextcloud/src/custom_apps/user_saml/css/selectUserBackEnd.css Normal file
View File

@ -0,0 +1,38 @@
#saml-select-user-back-end {
color: var(--color-primary-text);
}
#saml-select-user-back-end #av_mode{
height: auto;
}
#saml-select-user-back-end h1 {
font-size: 16px;
padding: 20px 0;
}
.login-option {
background-color: var(--color-primary);
border: 1px solid var(--color-primary-text);
font-weight: 600;
height: 40px;
margin: 15px 0;
min-width: 269px;
border-radius: 3px;
font-size: 20px;
}
.login-option a {
display:inline-block;
width:100%;
line-height:40px;
color: var(--color-primary-text);
cursor: pointer;
}
.login-option .icon-confirm-white {
float: right;
line-height: 40px;
}

4
docker/nextcloud/src/custom_apps/user_saml/img/app-dark.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg xmlns="http://www.w3.org/2000/svg" height="16" width="16" version="1.0" viewBox="0 0 16 16">
<path style="block-progression:tb;color:#000000;text-transform:none;text-indent:0" fill="#000" d="m8.4036 1c-1.7312 0-3.1998 1.2661-3.1998 2.9 0.012287 0.51643 0.058473 1.1532 0.36664 2.5v0.033333l0.033328 0.033333c0.098928 0.28338 0.24289 0.44549 0.4333 0.66666s0.41742 0.48149 0.63328 0.69999c0.025397 0.025708 0.041676 0.041633 0.066656 0.066677 0.04281 0.18631 0.094672 0.38681 0.13332 0.56666 0.10284 0.47851 0.092296 0.81737 0.066668 0.93332-0.74389 0.26121-1.6694 0.57228-2.4998 0.93332-0.46622 0.2027-0.8881 0.3837-1.2332 0.59999-0.34513 0.2163-0.68837 0.37971-0.79994 0.86666-0.16004 0.63293-0.19866 0.7539-0.39997 1.5333-0.027212 0.20914 0.083011 0.42961 0.26665 0.53333 1.5078 0.81451 3.824 1.1423 6.1329 1.1333s4.6066-0.35609 6.0662-1.1333c0.11739-0.07353 0.14304-0.10869 0.13332-0.2333-0.04365-0.68908-0.08154-1.3669-0.13332-1.7666-0.01807-0.09908-0.06492-0.19275-0.13332-0.26666-0.46366-0.5537-1.1564-0.89218-1.9665-1.2333-0.7396-0.31144-1.6067-0.63486-2.4665-0.99999-0.048123-0.10721-0.095926-0.41912 0-0.89999 0.025759-0.12912 0.066096-0.26742 0.099994-0.4 0.0808-0.090507 0.14378-0.16447 0.23332-0.26666 0.19096-0.21796 0.39614-0.44661 0.56662-0.66666s0.30996-0.40882 0.39997-0.66666l0.03333-0.033333c0.34839-1.4062 0.34857-1.9929 0.36664-2.5v-0.033333c0-1.6339-1.4686-2.9-3.1998-2.9z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

4
docker/nextcloud/src/custom_apps/user_saml/img/app.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg xmlns="http://www.w3.org/2000/svg" height="16" width="16" version="1.0" viewBox="0 0 16 16">
<path style="block-progression:tb;color:#000000;text-transform:none;text-indent:0" fill="#fff" d="m8.4036 1c-1.7312 0-3.1998 1.2661-3.1998 2.9 0.012287 0.51643 0.058473 1.1532 0.36664 2.5v0.033333l0.033328 0.033333c0.098928 0.28338 0.24289 0.44549 0.4333 0.66666s0.41742 0.48149 0.63328 0.69999c0.025397 0.025708 0.041676 0.041633 0.066656 0.066677 0.04281 0.18631 0.094672 0.38681 0.13332 0.56666 0.10284 0.47851 0.092296 0.81737 0.066668 0.93332-0.74389 0.26121-1.6694 0.57228-2.4998 0.93332-0.46622 0.2027-0.8881 0.3837-1.2332 0.59999-0.34513 0.2163-0.68837 0.37971-0.79994 0.86666-0.16004 0.63293-0.19866 0.7539-0.39997 1.5333-0.027212 0.20914 0.083011 0.42961 0.26665 0.53333 1.5078 0.81451 3.824 1.1423 6.1329 1.1333s4.6066-0.35609 6.0662-1.1333c0.11739-0.07353 0.14304-0.10869 0.13332-0.2333-0.04365-0.68908-0.08154-1.3669-0.13332-1.7666-0.01807-0.09908-0.06492-0.19275-0.13332-0.26666-0.46366-0.5537-1.1564-0.89218-1.9665-1.2333-0.7396-0.31144-1.6067-0.63486-2.4665-0.99999-0.048123-0.10721-0.095926-0.41912 0-0.89999 0.025759-0.12912 0.066096-0.26742 0.099994-0.4 0.0808-0.090507 0.14378-0.16447 0.23332-0.26666 0.19096-0.21796 0.39614-0.44661 0.56662-0.66666s0.30996-0.40882 0.39997-0.66666l0.03333-0.033333c0.34839-1.4062 0.34857-1.9929 0.36664-2.5v-0.033333c0-1.6339-1.4686-2.9-3.1998-2.9z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

411
docker/nextcloud/src/custom_apps/user_saml/js/admin.js Normal file
View File

@ -0,0 +1,411 @@
(function(OCA) {
OCA.User_SAML = OCA.User_SAML || {};
/**
* @namespace OCA.User_SAML.Admin
*/
OCA.User_SAML.Admin = {
currentConfig: '1',
providerIds: '1',
_getAppConfig: function (key) {
return $.ajax({
type: 'GET',
url: OC.linkToOCS('apps/provisioning_api/api/v1', 2) + 'config/apps' + '/user_saml/' + key + '?format=json'
});
},
init: function(callback) {
this._getAppConfig('providerIds').done(function (data){
if (data.ocs.data.data !== '') {
OCA.User_SAML.Admin.providerIds = data.ocs.data.data;
OCA.User_SAML.Admin.currentConfig = OCA.User_SAML.Admin.providerIds.split(',').sort()[0];
}
callback();
});
},
chooseEnv: function() {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.chooseEnv, this));
return;
}
OCP.AppConfig.setValue('user_saml', 'type', 'environment-variable', {success: function() {location.reload();}});
},
chooseSaml: function() {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.chooseSaml, this));
return;
}
OCP.AppConfig.setValue('user_saml', 'type', 'saml', {success: function() {location.reload();}});
},
resetSettings: function() {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.resetSettings, this));
return;
}
OCP.AppConfig.setValue('user_saml', 'type', '', {success: function() {location.reload();}});
},
getConfigIdentifier: function() {
if (this.currentConfig === '1') {
return '';
}
return this.currentConfig + '-';
},
/**
* Add a new provider
* @returns {number} id of the provider
*/
addProvider: function(callback) {
var providerIds = OCA.User_SAML.Admin.providerIds.split(',');
var nextId = 1;
if (providerIds.indexOf('1') >= 0) {
nextId = 2;
while ($.inArray('' + nextId, providerIds) >= 0) {
nextId++;
}
}
OCP.AppConfig.setValue('user_saml', 'providerIds', OCA.User_SAML.Admin.providerIds + ',' + nextId, {
success: function () {
OCA.User_SAML.Admin.providerIds += ',' + nextId;
callback(nextId)
}
});
},
removeProvider: function(callback) {
var providerIds = OCA.User_SAML.Admin.providerIds.split(',');
if (providerIds.length > 1) {
var index = providerIds.indexOf(this.currentConfig);
if (index > -1) {
providerIds.splice(index, 1);
}
var config = this.currentConfig;
$.ajax({ url: OC.generateUrl('/apps/user_saml/settings/providerSettings/' + this.currentConfig), type: 'DELETE'})
.done(function(data) {
OCP.AppConfig.setValue('user_saml', 'providerIds', providerIds.join(','), {
success: function () {
OCA.User_SAML.Admin.providerIds = providerIds.join(',');
callback(config);
}
});
});
}
},
setSamlConfigValue: function(category, setting, value, global) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.setSamlConfigValue, this, category, setting, value));
return;
}
// store global config flags without idp prefix
var configIdentifier = this.getConfigIdentifier();
if (global === true) {
configIdentifier = '';
}
OC.msg.startSaving('#user-saml-save-indicator');
OCP.AppConfig.setValue('user_saml', configIdentifier + category + '-' + setting, value.trim());
OC.msg.finishedSaving('#user-saml-save-indicator', {status: 'success', data: {message: t('user_saml', 'Saved')}});
}
}
})(OCA);
$(function() {
var type = $('#user-saml').data('type');
OCA.User_SAML.Admin.init(function() {
$('.account-list li[data-id="' + OCA.User_SAML.Admin.currentConfig + '"]').addClass('active');
if (OCA.User_SAML.Admin.providerIds.split(',').length <= 1) {
$('[data-js="remove-idp"]').addClass('hidden');
}
// Hide depending on the setup state
if(type !== 'environment-variable' && type !== 'saml') {
$('#user-saml-choose-type').removeClass('hidden');
} else {
$('#user-saml-global').removeClass('hidden');
$('#user-saml-warning-admin-user').removeClass('hidden');
$('#user-saml-settings').removeClass('hidden');
}
if(type === 'environment-variable') {
// we need the settings div to be visible for require_providioned_account
$('#user-saml-settings div').addClass('hidden');
$('#user-saml-settings .button').addClass('hidden');
$('#user-saml-general').removeClass('hidden');
}
if (type === 'saml') {
$('#user-saml .account-list').removeClass('hidden');
$('#user-saml-general').removeClass('hidden');
}
if($('#user-saml-general-require_provisioned_account').val() === '0' && type !== '') {
$('#user-saml-attribute-mapping').removeClass('hidden');
} else {
$('#user-saml-attribute-mapping').addClass('hidden');
}
});
$('#user-saml-choose-saml').click(function(e) {
e.preventDefault();
if(type === '') {
OCA.User_SAML.Admin.chooseSaml();
}
});
$('#user-saml-choose-env').click(function(e) {
e.preventDefault();
if(type === '') {
OCA.User_SAML.Admin.chooseEnv();
}
});
$('#user-saml-reset-settings').click(function(e) {
e.preventDefault();
OCA.User_SAML.Admin.resetSettings();
});
var switchProvider = function(providerId) {
$('.account-list li').removeClass('active');
$('.account-list li[data-id="' + providerId + '"]').addClass('active');
OCA.User_SAML.Admin.currentConfig = '' + providerId;
$.get(OC.generateUrl('/apps/user_saml/settings/providerSettings/' + providerId)).done(function(data) {
Object.keys(data).forEach(function(category, index){
var entries = data[category];
Object.keys(entries).forEach(function (configKey) {
var element = $('#user-saml-settings *[data-key="' + configKey + '"]');
if ($('#user-saml-settings #user-saml-' + category + ' #user-saml-' + configKey).length) {
element = $('#user-saml-' + category + ' #user-saml-' + configKey);
}
if ($('#user-saml-settings #user-saml-' + category + ' [name="' + configKey + '"]').length) {
element = $('#user-saml-' + category + ' [name="' + configKey + '"]');
}
if(element.is('input') && element.prop('type') === 'text') {
element.val(entries[configKey])
}
else if(element.is('textarea')) {
element.val(entries[configKey]);
}
else if(element.prop('type') === 'checkbox') {
var value = entries[configKey] === '1' ? '1' : '0';
element.val(value);
} else {
console.log('unable to find element for ' + configKey);
}
});
});
$('input:checkbox[value="1"]').attr('checked', true);
$('input:checkbox[value="0"]').attr('checked', false);
var xmlDownloadButton = $('#get-metadata');
var url = xmlDownloadButton.data('base') + '?idp=' + providerId;
xmlDownloadButton.attr('href', url);
});
};
$('.account-list').on('click', 'li:not(.add-provider):not(.remove-provider)', function() {
var providerId = '' + $(this).data('id');
switchProvider(providerId);
});
$('.account-list .add-provider').on('click', function() {
OCA.User_SAML.Admin.addProvider(function (nextId) {
$('<li data-id="' + nextId + '"><a>' + t('user_saml', 'Provider') + ' ' + nextId + '</a></li>').insertBefore('.account-list .remove-provider');
switchProvider(nextId);
$('[data-js="remove-idp"]').removeClass('hidden');
});
});
$('[data-js="remove-idp"]').on('click', function() {
OCA.User_SAML.Admin.removeProvider(function(currentConfig) {
$('.account-list li[data-id="' + currentConfig + '"]').remove();
switchProvider(OCA.User_SAML.Admin.providerIds.split(',')[0]);
if (OCA.User_SAML.Admin.providerIds.split(',').length <= 1) {
$('[data-js="remove-idp"]').addClass('hidden');
}
});
});
// Enable tabs
$('input:checkbox[value="1"]').attr('checked', true);
$('#user-saml-sp input[type="text"], #user-saml-sp textarea').change(function(e) {
var el = $(this);
$.when(el.focusout()).then(function() {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('sp', key, $(this).val());
});
if (e.keyCode === 13) {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('sp', key, $(this).val());
}
});
$('#user-saml-sp select').change(function(e) {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('sp', key, $(this).val());
});
$('#user-saml-idp input[type="text"], #user-saml-idp textarea').change(function(e) {
var el = $(this);
$.when(el.focusout()).then(function() {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('idp', key, $(this).val());
});
if (e.keyCode === 13) {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('idp', key, $(this).val());
}
});
$('#user-saml-general input[type="text"], #user-saml-general textarea').change(function(e) {
var el = $(this);
$.when(el.focusout()).then(function() {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val());
});
if (e.keyCode === 13) {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val());
}
if(el.data('key') === 'idp0_display_name') {
if ($(this).val() !== '') {
$('.account-list li[data-id=' + OCA.User_SAML.Admin.currentConfig + '] a').text($(this).val())
} else {
$('.account-list li[data-id=' + OCA.User_SAML.Admin.currentConfig + '] a').text(t('user_saml', 'Provider') + ' ' + OCA.User_SAML.Admin.currentConfig);
}
}
});
$('#user-saml-global input[type="checkbox"]').change(function(e) {
var el = $(this);
$.when(el.focusout()).then(function() {
var key = $(this).attr('name');
if($(this).val() === "0") {
$(this).val("1");
} else {
$(this).val("0");
}
if(key === 'require_provisioned_account') {
$('#user-saml-attribute-mapping').toggleClass('hidden');
}
OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val(), true);
});
});
$('#user-saml-general input[type="checkbox"]').change(function(e) {
var el = $(this);
$.when(el.focusout()).then(function() {
var key = $(this).attr('name');
if($(this).val() === "0") {
$(this).val("1");
} else {
$(this).val("0");
}
OCA.User_SAML.Admin.setSamlConfigValue('general', key, $(this).val());
});
});
$('#user-saml-security input[type="checkbox"]').change(function(e) {
var el = $(this);
$.when(el.focusout()).then(function() {
var key = $(this).attr('name');
if($(this).val() === "0") {
$(this).val("1");
} else {
$(this).val("0");
}
OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val());
});
});
$('#user-saml-security input[type="text"], #user-saml-security textarea').change(function(e) {
var el = $(this);
$.when(el.focusout()).then(function() {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val());
});
if (e.keyCode === 13) {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val());
}
});
$('#user-saml-attribute-mapping input[type="text"], #user-saml-attribute-mapping textarea').change(function(e) {
var el = $(this);
$.when(el.focusout()).then(function() {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('saml-attribute-mapping', key, $(this).val());
});
if (e.keyCode === 13) {
var key = $(this).attr('name');
OCA.User_SAML.Admin.setSamlConfigValue('saml-attribute-mapping', key, $(this).val());
}
});
$('#user-saml').change(function() {
if(type === 'saml') {
// Checks on each request whether the settings make sense or not
$.ajax({
url: OC.generateUrl('/apps/user_saml/saml/metadata'),
data: { idp: OCA.User_SAML.Admin.getConfigIdentifier() },
type: 'GET'
}).fail(function (e) {
if (e.status === 500) {
$('#user-saml-settings-complete').addClass('hidden');
$('#user-saml-settings-incomplete').removeClass('hidden');
}
}).success(function (e) {
$('#user-saml-settings-complete').removeClass('hidden');
$('#user-saml-settings-incomplete').addClass('hidden');
})
}
});
$('#user-saml-settings .toggle').on('click', function() {
var el = $(this),
nextSibling = el.parent().next(),
parentSettingId = el.closest('div').attr('id'),
text = '';
switch(parentSettingId) {
case 'user-saml-security':
if (nextSibling.hasClass('hidden')) {
text = 'Hide security settings ...';
} else {
text = 'Show security settings ...';
}
break;
case 'user-saml-idp':
if (nextSibling.hasClass('hidden')) {
text = 'Hide optional Identity Provider settings ...';
} else {
text = 'Show optional Identity Provider settings ...';
}
break;
case 'user-saml-sp':
if (nextSibling.hasClass('hidden')) {
text = 'Hide Service Provider settings ...';
} else {
text = 'Show Service Provider settings ...';
}
break;
case 'user-saml-attribute-mapping':
if (nextSibling.hasClass('hidden')) {
text = 'Hide attribute mapping settings ...';
} else {
text = 'Show attribute mapping settings ...';
}
break;
}
el.html(t('user_saml', text));
if (nextSibling.is(":visible")) {
nextSibling.slideUp();
} else {
nextSibling.slideDown();
}
});
});

10
docker/nextcloud/src/custom_apps/user_saml/js/selectUserBackEnd.js Normal file
View File

@ -0,0 +1,10 @@
$(window).load(function() {
$(".login-chose-saml-idp").change(function() {
var target = $(this).val();
if (target !== '') {
window.location.href = target;
}
});
});

39
docker/nextcloud/src/custom_apps/user_saml/js/timezone.js Normal file
View File

@ -0,0 +1,39 @@
/* global $, jstz, OC */
/*
* @copyright 2019 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2019 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
console.debug('updating timezone and offset for SAML user')
$.ajax({
type: 'POST',
url: OC.generateUrl('/apps/user_saml/config/timezone'),
data: {
timezone: jstz.determine().name(),
timezoneOffset: (-new Date().getTimezoneOffset() / 60)
},
error: function(e) {
console.error('could not set timezone and offset for SAML user', e)
},
success: function() {
console.info('timezone and offset udpated for SAML user')
}
})

0
docker/nextcloud/src/custom_apps/user_saml/l10n/.gitkeep Normal file
View File

22
docker/nextcloud/src/custom_apps/user_saml/l10n/af.js Normal file
View File

@ -0,0 +1,22 @@
OC.L10N.register(
"user_saml",
{
"Saved" : "Bewaar",
"Provider" : "Verskaffer",
"Provider " : "Verskaffer",
"Private key of the Service Provider" : "Privaatsleutel van die Diensverskaffer",
"Open documentation" : "Open dokumentasie",
"Remove identity provider" : "Verwyder identiteitsverskaffer",
"Add identity provider" : "Voeg identiteitsverskaffer toe",
"General" : "Algemeen",
"Service Provider Data" : "Diensverskafferdata",
"Identity Provider Data" : "Identiteitsverskafferdata",
"Security settings" : "Sekuriteitsinstellings",
"Signatures and encryption offered" : "Handtekeninge en enkripsie gebied",
"Signatures and encryption required" : "Handtekeninge en enkripsie vereis",
"Download metadata XML" : "Laai metadata XML af",
"Metadata invalid" : "Metadata ongeldig",
"Metadata valid" : "Metadata geldig",
"Error" : "Fout"
},
"nplurals=2; plural=(n != 1);");

20
docker/nextcloud/src/custom_apps/user_saml/l10n/af.json Normal file
View File

@ -0,0 +1,20 @@
{ "translations": {
"Saved" : "Bewaar",
"Provider" : "Verskaffer",
"Provider " : "Verskaffer",
"Private key of the Service Provider" : "Privaatsleutel van die Diensverskaffer",
"Open documentation" : "Open dokumentasie",
"Remove identity provider" : "Verwyder identiteitsverskaffer",
"Add identity provider" : "Voeg identiteitsverskaffer toe",
"General" : "Algemeen",
"Service Provider Data" : "Diensverskafferdata",
"Identity Provider Data" : "Identiteitsverskafferdata",
"Security settings" : "Sekuriteitsinstellings",
"Signatures and encryption offered" : "Handtekeninge en enkripsie gebied",
"Signatures and encryption required" : "Handtekeninge en enkripsie vereis",
"Download metadata XML" : "Laai metadata XML af",
"Metadata invalid" : "Metadata ongeldig",
"Metadata valid" : "Metadata geldig",
"Error" : "Fout"
},"pluralForm" :"nplurals=2; plural=(n != 1);"
}

18
docker/nextcloud/src/custom_apps/user_saml/l10n/ar.js Normal file
View File

@ -0,0 +1,18 @@
OC.L10N.register(
"user_saml",
{
"Saved" : "تم الإحتفاظ به",
"Provider" : "المزوّد",
"Provider " : "المزوّد",
"Private key of the Service Provider" : "المفتاح الشخصي لموفر الخدمة",
"Email address" : "عنوان البريد الإلكتروني",
"SSO & SAML authentication" : "المصادقة عبر SSO و SAML",
"Open documentation" : "فتح الدليل",
"Global settings" : "الإعدادات العامة",
"General" : "العامة",
"Identity Provider Data" : "مُزوِّد بيانات الهوية",
"Security settings" : "الإعدادات الأمنية",
"Show security settings…" : "إظهار إعدادات الأمان …",
"Error" : "خطأ"
},
"nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;");

16
docker/nextcloud/src/custom_apps/user_saml/l10n/ar.json Normal file
View File

@ -0,0 +1,16 @@
{ "translations": {
"Saved" : "تم الإحتفاظ به",
"Provider" : "المزوّد",
"Provider " : "المزوّد",
"Private key of the Service Provider" : "المفتاح الشخصي لموفر الخدمة",
"Email address" : "عنوان البريد الإلكتروني",
"SSO & SAML authentication" : "المصادقة عبر SSO و SAML",
"Open documentation" : "فتح الدليل",
"Global settings" : "الإعدادات العامة",
"General" : "العامة",
"Identity Provider Data" : "مُزوِّد بيانات الهوية",
"Security settings" : "الإعدادات الأمنية",
"Show security settings…" : "إظهار إعدادات الأمان …",
"Error" : "خطأ"
},"pluralForm" :"nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;"
}

23
docker/nextcloud/src/custom_apps/user_saml/l10n/ast.js Normal file
View File

@ -0,0 +1,23 @@
OC.L10N.register(
"user_saml",
{
"Saved" : "Guardóse",
"X.509 certificate of the Service Provider" : "Certificáu X.509 del fornidor de servicios",
"Private key of the Service Provider" : "Clave privada del fornidor de servicios",
"Whether the metadata should be signed." : "Si los datos meta deberíen roblase.",
"SSO & SAML authentication" : "Autenticación SSO y SAML",
"Open documentation" : "Abrir documentación",
"Use built-in SAML authentication" : "Usar autenticación integrada SAML",
"Use environment variable" : "Usar variable d'entornu",
"General" : "Xeneral",
"Service Provider Data" : "Datos del fornidor de servicios",
"Identifier of the IdP entity (must be a URI)" : "Identificador de la entidá IdP (ha ser una URI)",
"Security settings" : "Axustes de seguranza",
"Signatures and encryption offered" : "Ufriéronse robles y cifráu",
"Signatures and encryption required" : "Ríquense robles y cifráu",
"Download metadata XML" : "Baxar XML de datos meta",
"Metadata invalid" : "Datos meta non válidos",
"Metadata valid" : "Datos meta válidos",
"Error" : "Fallu"
},
"nplurals=2; plural=(n != 1);");

21
docker/nextcloud/src/custom_apps/user_saml/l10n/ast.json Normal file
View File

@ -0,0 +1,21 @@
{ "translations": {
"Saved" : "Guardóse",
"X.509 certificate of the Service Provider" : "Certificáu X.509 del fornidor de servicios",
"Private key of the Service Provider" : "Clave privada del fornidor de servicios",
"Whether the metadata should be signed." : "Si los datos meta deberíen roblase.",
"SSO & SAML authentication" : "Autenticación SSO y SAML",
"Open documentation" : "Abrir documentación",
"Use built-in SAML authentication" : "Usar autenticación integrada SAML",
"Use environment variable" : "Usar variable d'entornu",
"General" : "Xeneral",
"Service Provider Data" : "Datos del fornidor de servicios",
"Identifier of the IdP entity (must be a URI)" : "Identificador de la entidá IdP (ha ser una URI)",
"Security settings" : "Axustes de seguranza",
"Signatures and encryption offered" : "Ufriéronse robles y cifráu",
"Signatures and encryption required" : "Ríquense robles y cifráu",
"Download metadata XML" : "Baxar XML de datos meta",
"Metadata invalid" : "Datos meta non válidos",
"Metadata valid" : "Datos meta válidos",
"Error" : "Fallu"
},"pluralForm" :"nplurals=2; plural=(n != 1);"
}

14
docker/nextcloud/src/custom_apps/user_saml/l10n/bg.js Normal file
View File

@ -0,0 +1,14 @@
OC.L10N.register(
"user_saml",
{
"Saved" : "Запазено",
"Email address" : "Имейл адрес",
"SSO & SAML authentication" : "SSO и SAML удостоверяване",
"Open documentation" : "Отвори документацията",
"Use built-in SAML authentication" : "Ползвай вграденото SAML удостоверяване",
"General" : "Общи",
"Security settings" : "Настройки за сигурност",
"Reset settings" : "Нулиране на настройките",
"Error" : "Грешка"
},
"nplurals=2; plural=(n != 1);");

12
docker/nextcloud/src/custom_apps/user_saml/l10n/bg.json Normal file
View File

@ -0,0 +1,12 @@
{ "translations": {
"Saved" : "Запазено",
"Email address" : "Имейл адрес",
"SSO & SAML authentication" : "SSO и SAML удостоверяване",
"Open documentation" : "Отвори документацията",
"Use built-in SAML authentication" : "Ползвай вграденото SAML удостоверяване",
"General" : "Общи",
"Security settings" : "Настройки за сигурност",
"Reset settings" : "Нулиране на настройките",
"Error" : "Грешка"
},"pluralForm" :"nplurals=2; plural=(n != 1);"
}

88
docker/nextcloud/src/custom_apps/user_saml/l10n/ca.js Normal file
View File

@ -0,0 +1,88 @@
OC.L10N.register(
"user_saml",
{
"This user account is disabled, please contact your administrator." : "Aquest compte d'usuari està inhabilitat, contacteu amb l'administrador.",
"Saved" : "Desat",
"Provider" : "Proveïdor",
"Unknown error, please check the log file for more details." : "Error desconegut, comprovar el fitxer de registre per a més detalls.",
"Direct log in" : "Entrada directa",
"SSO & SAML log in" : "Entrada SSO i SAML",
"This page should not be visited directly." : "No s' hauria de visitar directament aquesta plana.",
"Provider " : "Proveïdor ",
"X.509 certificate of the Service Provider" : "X.509 El certificat d'aquest servidor és invàlid",
"Private key of the Service Provider" : "Clau privada del proveïdor de serveis",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Indica que la identificació del nom de la <samlp: logout Request> enviada per aquest SP serà xifrada.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si es signaran els missatges <samlp: AuthnRequest> enviats per aquest SP. [Les metadades del SP oferiran aquesta informació]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Indica si els signes <samlp: logoutRequest> enviats per aquest SP seran signats.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Indica si es signaran els missatges <samlp: logoutResponse> enviats per aquest SP.",
"Whether the metadata should be signed." : "Shan de signar les metadades.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Indica un requisit per a la signatura de la <samlp: Response>, <samlp: Output Request> i <samlp: Output Response> elements rebuts per aquest SP.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisit per a la signatura dels elements <saml: Assertion> rebuts per aquest SP. [Les metadades del SP oferiran aquesta informació]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Indica un requisit perquè els elements <saml: Assertion> rebuts per aquest SP es codifiquin.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indica un requisit per a l'element NameID de la resposta SAML rebuda per aquest SP per estar present.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisit perquè l'encriptació de nom d'aquest SP sigui xifrada.",
"Indicates if the SP will validate all received XML." : "Indica si el SP validarà tots els XML rebuts.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL: codifica les dades SAML com a minúscules, i el kit d'eines per defecte usa majúscules. Activa la compatibilitat ADFS sobre la verificació de la signatura.",
"Algorithm that the toolkit will use on signing process." : "Algorisme que s'emprarà en el procés de signatura.",
"Attribute to map the UID to." : "Atribut per assignar un UID a.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Només permetre l'autenticació si hi ha un compte en un altre suport. (p. ex., LDAP)",
"Attribute to map the displayname to." : "Atribut per assignar el nom de la pantalla a.",
"Attribute to map the email address to." : "Atribut per assignar l'adreça de correu electrònic a.",
"Attribute to map the quota to." : "Atribut per mapejar la quota.",
"Attribute to map the users groups to." : "Atribut per mapejar els grups d'usuaris.",
"Attribute to map the users home to." : "Atribut per ubicar al mapa la casa dels usuaris.",
"Email address" : "Adreça de correu electrònic",
"Encrypted" : "Xifrat",
"Entity" : "Entitat",
"Kerberos" : "Kerberos",
"Persistent" : "Persistent",
"Transient" : "Transitori",
"Unspecified" : "No especificat",
"Windows domain qualified name" : "Nom qualificat del domini de Windows (FQDN)",
"X509 subject name" : "Nom X509 del subjecte",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilitzeu l'autenticació SAML per als clients %s (requereix una autenticació de l'usuari)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom de visualització opcional del proveïdor d'identitat (per defecte: “Entrada SSO i SAML\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Permetre l'ús de múltiples bases d'usuaris (p. ex. LDAP)",
"SSO & SAML authentication" : "Autenticació SSO & SAML",
"Authenticate using single sign-on" : "Autenticar mitjançant inici únic de sessió",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilitzant lapp d'SSO i SAML del teu Nextcloud pots fer fàcilment possible integrar la seva solució existent dinici únic de sessió amb Nextcloud. A més, pots utilitzar el proveïdor d'usuaris LDAP de Nextcloud per la comoditat dels usuaris. (p. ex. en compartir)\nEls proveïdors següents es dóna suport i provats actualment:\n\n * **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation serveis (ADFS)\n\n* **Autenticació mitjançant variable dentorn**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsevol altre proveïdor que autentiqui amb una variable d'entorn\n\nMentre que teòricament qualsevol altre proveïdor d'autenticació que implementi alguna d'aquestes normes és compatible, voldríem comentar que no formen part de cap banc de proves intern.",
"Open documentation" : "Obre la documentació",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que activeu \"%s\" o aneu directament a l'URL %s.",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que aneu directament a l'URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Trieu si voleu autenticar amb el proveïdor de SAML incorporat a Nextcloud o si voleu autenticar-se amb una variable d'entorn.",
"Use built-in SAML authentication" : "Utilitzeu l'autenticació SAML integrada",
"Use environment variable" : "Utilitza la variable d'entorn",
"Global settings" : "Paràmetres globals",
"Remove identity provider" : "Treure proveïdor d'identitat",
"Add identity provider" : "Afegir proveïdor d'identitat",
"General" : "General",
"Service Provider Data" : "Dades del proveïdor de serveis",
"If your Service Provider should use certificates you can optionally specify them here." : "Si el vostre proveïdor de serveis ha d'utilitzar certificats, podeu especificar-los aquí.",
"Show Service Provider settings…" : "Dades del proveïdor de serveis…",
"Name ID format" : "Format del nom ID",
"Identity Provider Data" : "Dades del proveïdor de serveis",
"Configure your IdP settings here." : "Configureu aquí la configuració d'IdP.",
"Identifier of the IdP entity (must be a URI)" : "Identificador de l'entitat IdP (ha de ser un URI)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "Orientació URL de l'IdP on SP enviarà el missatge de sol·licitud d'autenticació",
"Show optional Identity Provider settings…" : "Dades del proveïdor de serveis…",
"URL Location of the IdP where the SP will send the SLO Request" : "Ubicació URL de l'IdP on SP enviarà la sol·licitud SLO",
"Public X.509 certificate of the IdP" : "Certificat públic X.509 de l'IdP",
"Attribute mapping" : "Mapatge datributs",
"If you want to optionally map attributes to the user you can configure these here." : "Si voleu assignar atributs a l'usuari opcionalment, podeu configurar-los aquí.",
"Show attribute mapping settings…" : "Mostra la configuració del mapa d'atributs…",
"Security settings" : "Paràmetres de seguretat",
"For increased security we recommend enabling the following settings if supported by your environment." : "Per a una major seguretat, us recomanem que activeu la configuració següent si l'accepta el vostre entorn.",
"Show security settings…" : "Mostra els paràmetres de seguretat…",
"Signatures and encryption offered" : "Firmes i encriptació oferts",
"Signatures and encryption required" : "S'han de signar i xifrar",
"Download metadata XML" : "Descarrega metadades XML",
"Reset settings" : "Reinicialitza els paràmetres",
"Metadata invalid" : "Les metadades no són vàlides",
"Metadata valid" : "Les metadades vàlides",
"Error" : "Error",
"Account not provisioned." : "Compte no subministrat.",
"Your account is not provisioned, access to this service is thus not possible." : "El vostre compte no està proveït, per tant, l'accés a aquest servei no és possible.",
"Login options:" : "Opcions d'inici de sessió:",
"Choose a authentication provider" : "Tria un proveïdor d'autenticació"
},
"nplurals=2; plural=(n != 1);");

86
docker/nextcloud/src/custom_apps/user_saml/l10n/ca.json Normal file
View File

@ -0,0 +1,86 @@
{ "translations": {
"This user account is disabled, please contact your administrator." : "Aquest compte d'usuari està inhabilitat, contacteu amb l'administrador.",
"Saved" : "Desat",
"Provider" : "Proveïdor",
"Unknown error, please check the log file for more details." : "Error desconegut, comprovar el fitxer de registre per a més detalls.",
"Direct log in" : "Entrada directa",
"SSO & SAML log in" : "Entrada SSO i SAML",
"This page should not be visited directly." : "No s' hauria de visitar directament aquesta plana.",
"Provider " : "Proveïdor ",
"X.509 certificate of the Service Provider" : "X.509 El certificat d'aquest servidor és invàlid",
"Private key of the Service Provider" : "Clau privada del proveïdor de serveis",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Indica que la identificació del nom de la <samlp: logout Request> enviada per aquest SP serà xifrada.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indica si es signaran els missatges <samlp: AuthnRequest> enviats per aquest SP. [Les metadades del SP oferiran aquesta informació]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Indica si els signes <samlp: logoutRequest> enviats per aquest SP seran signats.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Indica si es signaran els missatges <samlp: logoutResponse> enviats per aquest SP.",
"Whether the metadata should be signed." : "Shan de signar les metadades.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Indica un requisit per a la signatura de la <samlp: Response>, <samlp: Output Request> i <samlp: Output Response> elements rebuts per aquest SP.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indica un requisit per a la signatura dels elements <saml: Assertion> rebuts per aquest SP. [Les metadades del SP oferiran aquesta informació]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Indica un requisit perquè els elements <saml: Assertion> rebuts per aquest SP es codifiquin.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indica un requisit per a l'element NameID de la resposta SAML rebuda per aquest SP per estar present.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Indica un requisit perquè l'encriptació de nom d'aquest SP sigui xifrada.",
"Indicates if the SP will validate all received XML." : "Indica si el SP validarà tots els XML rebuts.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL: codifica les dades SAML com a minúscules, i el kit d'eines per defecte usa majúscules. Activa la compatibilitat ADFS sobre la verificació de la signatura.",
"Algorithm that the toolkit will use on signing process." : "Algorisme que s'emprarà en el procés de signatura.",
"Attribute to map the UID to." : "Atribut per assignar un UID a.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Només permetre l'autenticació si hi ha un compte en un altre suport. (p. ex., LDAP)",
"Attribute to map the displayname to." : "Atribut per assignar el nom de la pantalla a.",
"Attribute to map the email address to." : "Atribut per assignar l'adreça de correu electrònic a.",
"Attribute to map the quota to." : "Atribut per mapejar la quota.",
"Attribute to map the users groups to." : "Atribut per mapejar els grups d'usuaris.",
"Attribute to map the users home to." : "Atribut per ubicar al mapa la casa dels usuaris.",
"Email address" : "Adreça de correu electrònic",
"Encrypted" : "Xifrat",
"Entity" : "Entitat",
"Kerberos" : "Kerberos",
"Persistent" : "Persistent",
"Transient" : "Transitori",
"Unspecified" : "No especificat",
"Windows domain qualified name" : "Nom qualificat del domini de Windows (FQDN)",
"X509 subject name" : "Nom X509 del subjecte",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Utilitzeu l'autenticació SAML per als clients %s (requereix una autenticació de l'usuari)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Nom de visualització opcional del proveïdor d'identitat (per defecte: “Entrada SSO i SAML\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Permetre l'ús de múltiples bases d'usuaris (p. ex. LDAP)",
"SSO & SAML authentication" : "Autenticació SSO & SAML",
"Authenticate using single sign-on" : "Autenticar mitjançant inici únic de sessió",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Utilitzant lapp d'SSO i SAML del teu Nextcloud pots fer fàcilment possible integrar la seva solució existent dinici únic de sessió amb Nextcloud. A més, pots utilitzar el proveïdor d'usuaris LDAP de Nextcloud per la comoditat dels usuaris. (p. ex. en compartir)\nEls proveïdors següents es dóna suport i provats actualment:\n\n * **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation serveis (ADFS)\n\n* **Autenticació mitjançant variable dentorn**\n\t* Kerberos (mod_auth_kerb)\n\t* Qualsevol altre proveïdor que autentiqui amb una variable d'entorn\n\nMentre que teòricament qualsevol altre proveïdor d'autenticació que implementi alguna d'aquestes normes és compatible, voldríem comentar que no formen part de cap banc de proves intern.",
"Open documentation" : "Obre la documentació",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que activeu \"%s\" o aneu directament a l'URL %s.",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Assegureu-vos de configurar un usuari administratiu que pugui accedir a la instància via SSO. Doncs ja no serà possible accedir amb el vostre compte regular %s , a menys que aneu directament a l'URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Trieu si voleu autenticar amb el proveïdor de SAML incorporat a Nextcloud o si voleu autenticar-se amb una variable d'entorn.",
"Use built-in SAML authentication" : "Utilitzeu l'autenticació SAML integrada",
"Use environment variable" : "Utilitza la variable d'entorn",
"Global settings" : "Paràmetres globals",
"Remove identity provider" : "Treure proveïdor d'identitat",
"Add identity provider" : "Afegir proveïdor d'identitat",
"General" : "General",
"Service Provider Data" : "Dades del proveïdor de serveis",
"If your Service Provider should use certificates you can optionally specify them here." : "Si el vostre proveïdor de serveis ha d'utilitzar certificats, podeu especificar-los aquí.",
"Show Service Provider settings…" : "Dades del proveïdor de serveis…",
"Name ID format" : "Format del nom ID",
"Identity Provider Data" : "Dades del proveïdor de serveis",
"Configure your IdP settings here." : "Configureu aquí la configuració d'IdP.",
"Identifier of the IdP entity (must be a URI)" : "Identificador de l'entitat IdP (ha de ser un URI)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "Orientació URL de l'IdP on SP enviarà el missatge de sol·licitud d'autenticació",
"Show optional Identity Provider settings…" : "Dades del proveïdor de serveis…",
"URL Location of the IdP where the SP will send the SLO Request" : "Ubicació URL de l'IdP on SP enviarà la sol·licitud SLO",
"Public X.509 certificate of the IdP" : "Certificat públic X.509 de l'IdP",
"Attribute mapping" : "Mapatge datributs",
"If you want to optionally map attributes to the user you can configure these here." : "Si voleu assignar atributs a l'usuari opcionalment, podeu configurar-los aquí.",
"Show attribute mapping settings…" : "Mostra la configuració del mapa d'atributs…",
"Security settings" : "Paràmetres de seguretat",
"For increased security we recommend enabling the following settings if supported by your environment." : "Per a una major seguretat, us recomanem que activeu la configuració següent si l'accepta el vostre entorn.",
"Show security settings…" : "Mostra els paràmetres de seguretat…",
"Signatures and encryption offered" : "Firmes i encriptació oferts",
"Signatures and encryption required" : "S'han de signar i xifrar",
"Download metadata XML" : "Descarrega metadades XML",
"Reset settings" : "Reinicialitza els paràmetres",
"Metadata invalid" : "Les metadades no són vàlides",
"Metadata valid" : "Les metadades vàlides",
"Error" : "Error",
"Account not provisioned." : "Compte no subministrat.",
"Your account is not provisioned, access to this service is thus not possible." : "El vostre compte no està proveït, per tant, l'accés a aquest servei no és possible.",
"Login options:" : "Opcions d'inici de sessió:",
"Choose a authentication provider" : "Tria un proveïdor d'autenticació"
},"pluralForm" :"nplurals=2; plural=(n != 1);"
}

90
docker/nextcloud/src/custom_apps/user_saml/l10n/cs.js Normal file
View File

@ -0,0 +1,90 @@
OC.L10N.register(
"user_saml",
{
"This user account is disabled, please contact your administrator." : "Tento uživatelský účet byl znepřístupněn, obraťte se na správce.",
"Saved" : "Uloženo",
"Provider" : "Poskytovatel",
"Unknown error, please check the log file for more details." : "Neznámá chyba, podrobnosti naleznete v záznamu událostí.",
"Direct log in" : "Přímé přihlášení",
"SSO & SAML log in" : "SSO a SAML přihlášení",
"This page should not be visited directly." : "Tato stránka by neměla být zobrazována přímo.",
"Provider " : "Poskytovatel",
"X.509 certificate of the Service Provider" : "X.509 certifikát poskytovatele služby",
"Private key of the Service Provider" : "Soukromý klíč poskytovatele služby",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Značí, že nameID <samlp:logoutRequest> odeslané tímto poskytovatelem služeb bude šifrováno.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikuje, zda budou zprávy <samlp:AuthnRequest> odeslané tímto SP podepsané. [Tato informace bude dostupná v metadatech SP]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Indikuje, zda budou zprávy <samlp:logoutRequest> odeslané tímto SP podepsané.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Indikuje, zda budou zprávy <samlp:logoutResponse> odeslané tímto SP podepsané.",
"Whether the metadata should be signed." : "Zda mají být metadata podepisována.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Indikuje požadavek na podepsání elementů <samlp:Response>, <samlp:LogoutRequest> a <samlp:LogoutResponse> ve zprávách tímto SP.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikuje požadavek na podepsání elementů <saml:Assertion> přijaté tímto SP. [Tato informace bude dostupná v metadatech SP]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Indikuje požadavek na šifrování elementů <saml:Assertion> přijaté tímto SP.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indikuje požadavek na přítomnost elementu NameID v SAMLResponse přijaté tímto SP.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikuje požadavek poskytovatele služby na přijetí NameID v zašifrované podobě.",
"Indicates if the SP will validate all received XML." : "Indikuje, zda poskytovatel služeb ověří všechna přijatá XML.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL kóduje SAML data malými písmeny, a toolkit používá ve výchozím nastavení velká písmena. Povolit pro ADFS kompatibilitu pro ověření podpisu.",
"Algorithm that the toolkit will use on signing process." : "Algoritmus který sada nástrojů použije při procesu podepisování.",
"Retrieve query parameters from $_SERVER. Some SAML servers require this on SLO requests." : "Získat parametry dotazu ze $_SERVER. Některé SAML servery toto vyžadují v případě SLO požadavků.",
"Attribute to map the UID to." : "Atribut k přiřazení UID.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Přihlášení povolit pouze pokud účet už existuje i někde jinde. (např. LDAP)",
"Attribute to map the displayname to." : "Atribut, na který se má mapovat zobrazované jméno.",
"Attribute to map the email address to." : "Atribut, na který se má mapovat e-mailová adresa.",
"Attribute to map the quota to." : "Atribut, na který namapovat kvótu.",
"Attribute to map the users groups to." : "Atribut, na který namapovat uživatelovy skupiny.",
"Attribute to map the users home to." : "Atribut, na který namapovat uživatelovu domovskou složku.",
"Email address" : "E-mailová adresa",
"Encrypted" : "Šifrováno",
"Entity" : "Entita",
"Kerberos" : "Kerberos",
"Persistent" : "Trvalé",
"Transient" : "Přechodné",
"Unspecified" : "Neurčeno",
"Windows domain qualified name" : "Úplný název domény Windows",
"X509 subject name" : "Název subjektu pro X509",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použít SAML pro %s desktopové klienty (vyžaduje, aby se uživatele znovu přihlásil)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Volitelný zobrazovaný název poskytovatele identity (výchozí: „SSO a SAML přihlášení“)",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Povolit použití vícero podpůrných vrstev pro uživatelské účty (např. LDAP)",
"SSO & SAML authentication" : "SSO a SAML ověření",
"Authenticate using single sign-on" : "Ověřit pomocí sjednoceného přihlášení (sso)",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Použitím SSO & SAML aplikace svého Nextcloud do něho můžete snadno začlenit své stávající řešení pro sjednocené přihlašování. Krom toho můžete použít Nextcloud LDAP poskytovatele uživatelů pro pohodlí uživatelů. (např. při sdílení)\nV tuto chvíli jsou podporováni a vyzkoušení tito poskytovatelé:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Ověřování prostřednictvím proměnné prostředí**\n\t* Kerberos (mod_auth_kerb)\n\t* Jakýkoli jiný poskytovatel který ověřuje pomocí proměnné prostředí\n\nByť by teoreticky mohl být podporovaný jakýkoli poskytovatel, implementující buď jednu nebo druhý z těchto standardů, rádi bychom poznamenali, že nejsou součástí mřížky interních testů.",
"Open documentation" : "Otevřít dokumentaci",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele, který může přistupovat k instanci prostřednictvím SSO. Přihlášení vaším běžným %s účtem nadále nebude možné, pokud nezapnete „%s“ nebo nepůjdete přímo na URL %s.",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele který může přistupovat k instanci přes SSO. Přihlašování vaším běžným %s účtem nadále nebude možné, jedině že půjdete přímo na URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte zda chcete ověřovat za použití dodané zabudované SAML funkce v Nextcloud nebo zda chcete ověřovat za pomoci proměnné prostředí.",
"Use built-in SAML authentication" : "Použít zabudované SAML ověření",
"Use environment variable" : "Použít hodnotu z proměnné prostředí",
"Global settings" : "Globální nastavení",
"Remove identity provider" : "Vzdálený poskytovatel identity",
"Add identity provider" : "Přidat poskytovatele identity",
"General" : "Obecné",
"Service Provider Data" : "Poskytovatel datových služeb",
"If your Service Provider should use certificates you can optionally specify them here." : "Pokud by měl váš poskytovatel služeb používat certifikáty, můžete je zde specifikovat.",
"Show Service Provider settings…" : "Zobrazit nastavení poskytovatele služeb…",
"Name ID format" : "Formát identifikátoru názvu",
"Identity Provider Data" : "Poskytovatel přihlašovacích dat",
"Configure your IdP settings here." : "Zde lze vytvořit nastavení pro poskytovatele přihlašovacích údajů.",
"Identifier of the IdP entity (must be a URI)" : "Identifikátor entity z poskytovatele identit (je třeba, aby bylo URI)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "Cíl URL IdP, kam SP odešle zprávu s požadavkem na ověření se",
"Show optional Identity Provider settings…" : "Zobrazit nepovinná nastavení poskytovatele přihlašovacích údajů…",
"URL Location of the IdP where the SP will send the SLO Request" : "Umístění URL IdP, kam SP odešle SLO požadavek",
"URL Location of the IDP's SLO Response" : "Umístění URL IDP, kam SLO odešle odpověď",
"Public X.509 certificate of the IdP" : "Veřejný X.509 certifikát poskytovatele přihlašovacích údajů",
"Attribute mapping" : "Mapování atributů",
"If you want to optionally map attributes to the user you can configure these here." : "Pokud chcete volitelně provést mapování atributů na uživatele, můžete to provést zde.",
"Show attribute mapping settings…" : "Zobrazit nastavení pro mapování atributů…",
"Security settings" : "Nastavení zabezpečení",
"For increased security we recommend enabling the following settings if supported by your environment." : "Pro zvýšení bezpečnosti doporučujeme povolení následujících možností, pokud jsou tyto podporovány ve vašem prostředí.",
"Show security settings…" : "Zobrazit nastavení zabezpečení…",
"Signatures and encryption offered" : "Podpisy a šifrování nabízeno",
"Signatures and encryption required" : "Podpisy a šifrování vyžadováno",
"Download metadata XML" : "Stahovat metadata XML",
"Reset settings" : "Resetovat nastavení",
"Metadata invalid" : "Metadata neplatná",
"Metadata valid" : "Metadata platná",
"Error" : "Chyba",
"Account not provisioned." : "Účet není zprovozněn.",
"Your account is not provisioned, access to this service is thus not possible." : "Váš účet ještě nebyl zprovozněn, přístup ke službě tedy ještě není možný.",
"Login options:" : "Možnosti přihlašování:",
"Choose a authentication provider" : "Zvolte poskytovatele ověřování se"
},
"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;");

88
docker/nextcloud/src/custom_apps/user_saml/l10n/cs.json Normal file
View File

@ -0,0 +1,88 @@
{ "translations": {
"This user account is disabled, please contact your administrator." : "Tento uživatelský účet byl znepřístupněn, obraťte se na správce.",
"Saved" : "Uloženo",
"Provider" : "Poskytovatel",
"Unknown error, please check the log file for more details." : "Neznámá chyba, podrobnosti naleznete v záznamu událostí.",
"Direct log in" : "Přímé přihlášení",
"SSO & SAML log in" : "SSO a SAML přihlášení",
"This page should not be visited directly." : "Tato stránka by neměla být zobrazována přímo.",
"Provider " : "Poskytovatel",
"X.509 certificate of the Service Provider" : "X.509 certifikát poskytovatele služby",
"Private key of the Service Provider" : "Soukromý klíč poskytovatele služby",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Značí, že nameID <samlp:logoutRequest> odeslané tímto poskytovatelem služeb bude šifrováno.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikuje, zda budou zprávy <samlp:AuthnRequest> odeslané tímto SP podepsané. [Tato informace bude dostupná v metadatech SP]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Indikuje, zda budou zprávy <samlp:logoutRequest> odeslané tímto SP podepsané.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Indikuje, zda budou zprávy <samlp:logoutResponse> odeslané tímto SP podepsané.",
"Whether the metadata should be signed." : "Zda mají být metadata podepisována.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Indikuje požadavek na podepsání elementů <samlp:Response>, <samlp:LogoutRequest> a <samlp:LogoutResponse> ve zprávách tímto SP.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indikuje požadavek na podepsání elementů <saml:Assertion> přijaté tímto SP. [Tato informace bude dostupná v metadatech SP]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Indikuje požadavek na šifrování elementů <saml:Assertion> přijaté tímto SP.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indikuje požadavek na přítomnost elementu NameID v SAMLResponse přijaté tímto SP.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Indikuje požadavek poskytovatele služby na přijetí NameID v zašifrované podobě.",
"Indicates if the SP will validate all received XML." : "Indikuje, zda poskytovatel služeb ověří všechna přijatá XML.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL kóduje SAML data malými písmeny, a toolkit používá ve výchozím nastavení velká písmena. Povolit pro ADFS kompatibilitu pro ověření podpisu.",
"Algorithm that the toolkit will use on signing process." : "Algoritmus který sada nástrojů použije při procesu podepisování.",
"Retrieve query parameters from $_SERVER. Some SAML servers require this on SLO requests." : "Získat parametry dotazu ze $_SERVER. Některé SAML servery toto vyžadují v případě SLO požadavků.",
"Attribute to map the UID to." : "Atribut k přiřazení UID.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Přihlášení povolit pouze pokud účet už existuje i někde jinde. (např. LDAP)",
"Attribute to map the displayname to." : "Atribut, na který se má mapovat zobrazované jméno.",
"Attribute to map the email address to." : "Atribut, na který se má mapovat e-mailová adresa.",
"Attribute to map the quota to." : "Atribut, na který namapovat kvótu.",
"Attribute to map the users groups to." : "Atribut, na který namapovat uživatelovy skupiny.",
"Attribute to map the users home to." : "Atribut, na který namapovat uživatelovu domovskou složku.",
"Email address" : "E-mailová adresa",
"Encrypted" : "Šifrováno",
"Entity" : "Entita",
"Kerberos" : "Kerberos",
"Persistent" : "Trvalé",
"Transient" : "Přechodné",
"Unspecified" : "Neurčeno",
"Windows domain qualified name" : "Úplný název domény Windows",
"X509 subject name" : "Název subjektu pro X509",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Použít SAML pro %s desktopové klienty (vyžaduje, aby se uživatele znovu přihlásil)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Volitelný zobrazovaný název poskytovatele identity (výchozí: „SSO a SAML přihlášení“)",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Povolit použití vícero podpůrných vrstev pro uživatelské účty (např. LDAP)",
"SSO & SAML authentication" : "SSO a SAML ověření",
"Authenticate using single sign-on" : "Ověřit pomocí sjednoceného přihlášení (sso)",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Použitím SSO & SAML aplikace svého Nextcloud do něho můžete snadno začlenit své stávající řešení pro sjednocené přihlašování. Krom toho můžete použít Nextcloud LDAP poskytovatele uživatelů pro pohodlí uživatelů. (např. při sdílení)\nV tuto chvíli jsou podporováni a vyzkoušení tito poskytovatelé:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Ověřování prostřednictvím proměnné prostředí**\n\t* Kerberos (mod_auth_kerb)\n\t* Jakýkoli jiný poskytovatel který ověřuje pomocí proměnné prostředí\n\nByť by teoreticky mohl být podporovaný jakýkoli poskytovatel, implementující buď jednu nebo druhý z těchto standardů, rádi bychom poznamenali, že nejsou součástí mřížky interních testů.",
"Open documentation" : "Otevřít dokumentaci",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele, který může přistupovat k instanci prostřednictvím SSO. Přihlášení vaším běžným %s účtem nadále nebude možné, pokud nezapnete „%s“ nebo nepůjdete přímo na URL %s.",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Nezapomeňte nastavit správního uživatele který může přistupovat k instanci přes SSO. Přihlašování vaším běžným %s účtem nadále nebude možné, jedině že půjdete přímo na URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Vyberte zda chcete ověřovat za použití dodané zabudované SAML funkce v Nextcloud nebo zda chcete ověřovat za pomoci proměnné prostředí.",
"Use built-in SAML authentication" : "Použít zabudované SAML ověření",
"Use environment variable" : "Použít hodnotu z proměnné prostředí",
"Global settings" : "Globální nastavení",
"Remove identity provider" : "Vzdálený poskytovatel identity",
"Add identity provider" : "Přidat poskytovatele identity",
"General" : "Obecné",
"Service Provider Data" : "Poskytovatel datových služeb",
"If your Service Provider should use certificates you can optionally specify them here." : "Pokud by měl váš poskytovatel služeb používat certifikáty, můžete je zde specifikovat.",
"Show Service Provider settings…" : "Zobrazit nastavení poskytovatele služeb…",
"Name ID format" : "Formát identifikátoru názvu",
"Identity Provider Data" : "Poskytovatel přihlašovacích dat",
"Configure your IdP settings here." : "Zde lze vytvořit nastavení pro poskytovatele přihlašovacích údajů.",
"Identifier of the IdP entity (must be a URI)" : "Identifikátor entity z poskytovatele identit (je třeba, aby bylo URI)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "Cíl URL IdP, kam SP odešle zprávu s požadavkem na ověření se",
"Show optional Identity Provider settings…" : "Zobrazit nepovinná nastavení poskytovatele přihlašovacích údajů…",
"URL Location of the IdP where the SP will send the SLO Request" : "Umístění URL IdP, kam SP odešle SLO požadavek",
"URL Location of the IDP's SLO Response" : "Umístění URL IDP, kam SLO odešle odpověď",
"Public X.509 certificate of the IdP" : "Veřejný X.509 certifikát poskytovatele přihlašovacích údajů",
"Attribute mapping" : "Mapování atributů",
"If you want to optionally map attributes to the user you can configure these here." : "Pokud chcete volitelně provést mapování atributů na uživatele, můžete to provést zde.",
"Show attribute mapping settings…" : "Zobrazit nastavení pro mapování atributů…",
"Security settings" : "Nastavení zabezpečení",
"For increased security we recommend enabling the following settings if supported by your environment." : "Pro zvýšení bezpečnosti doporučujeme povolení následujících možností, pokud jsou tyto podporovány ve vašem prostředí.",
"Show security settings…" : "Zobrazit nastavení zabezpečení…",
"Signatures and encryption offered" : "Podpisy a šifrování nabízeno",
"Signatures and encryption required" : "Podpisy a šifrování vyžadováno",
"Download metadata XML" : "Stahovat metadata XML",
"Reset settings" : "Resetovat nastavení",
"Metadata invalid" : "Metadata neplatná",
"Metadata valid" : "Metadata platná",
"Error" : "Chyba",
"Account not provisioned." : "Účet není zprovozněn.",
"Your account is not provisioned, access to this service is thus not possible." : "Váš účet ještě nebyl zprovozněn, přístup ke službě tedy ještě není možný.",
"Login options:" : "Možnosti přihlašování:",
"Choose a authentication provider" : "Zvolte poskytovatele ověřování se"
},"pluralForm" :"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;"
}

44
docker/nextcloud/src/custom_apps/user_saml/l10n/da.js Normal file
View File

@ -0,0 +1,44 @@
OC.L10N.register(
"user_saml",
{
"This user account is disabled, please contact your administrator." : "Denne bruger konto er deaktiveret. Kontakt venligst din administrator.",
"Saved" : "Gemt",
"Provider" : "Udbyder",
"Unknown error, please check the log file for more details." : "Ukendt fejl, tjek venligst logfilen for flere detaljer.",
"Direct log in" : "Direkte login",
"SSO & SAML log in" : "SSO & SAML log in",
"Provider " : "Udbyder",
"X.509 certificate of the Service Provider" : "X.509 certifikat hos udbyderen",
"Private key of the Service Provider" : "Privat nøgle for udbyderen",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Indikerer at nameID af <samlp:logoutRequest> sendt af denne SP vil blive krypteret.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerer om <samlp:AuthnRequest> beskeder sendt af denne SP vil blive underskrevet [Metadata af denne SP vil indeholde denne info]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Indikerer om <samlp:logoutRequest> sendt af denne SP vil blive underskrevet.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Indikerer om <samlp:logoutRequest> sendt af denne SP vil blive underskrevet.",
"Whether the metadata should be signed." : "Indikerer om metadata vil blive underskrevet.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Angiver et krav til <samlp:Response>, <samlp:LogoutRequest> og <samlp:LogoutResponse> elementer modtaget af denne SP, der skal underskrives.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Angiver et krav for <saml:Assertion> -elementer modtaget af denne SP, der skal underskrives. [SP-metadata vil tilbyde denne info]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Angiver et krav for, at <saml:Assertion> elementer modtaget af denne SP der skal krypteres.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Angiver et krav til NameID-elementet på SAMLResponse modtaget af denne SP skal være til stede.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Angiver et krav for, at NameID modtaget af denne SP skal krypteres.",
"Indicates if the SP will validate all received XML." : "Angiver om SP'en vil validere alle modtagne XML'er.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bogstaver, og værktøjet bruger som standard store bogstaver. Aktivér for ADFS-kompatibilitet ved underskriftskontrol.",
"Attribute to map the UID to." : "Egenskab til at kortlægge UID til.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillad kun godkendelse, hvis der findes en konto på en anden backend. (f.eks. LDAP)",
"Attribute to map the displayname to." : "Egenskab til at kortlægge visningsnavn til.",
"Attribute to map the email address to." : "Egenskab til at kortlægge e-mail-adressen til.",
"Email address" : "E-mailadresse",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfrit visningsnavn for identitetsudbyderen (standard: \"SSO & SAML log ind\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillad brug af flere brugerbackender (f.eks. LDAP)",
"Open documentation" : "Åbn dokumentation",
"Use environment variable" : "Brug miljøvariabel",
"Global settings" : "Globale indstillinger",
"General" : "General",
"Configure your IdP settings here." : "Indstil IdP her.",
"Security settings" : "Sikkerhedsindstillinger",
"Download metadata XML" : "Download metadata XML",
"Reset settings" : "Nulstil indstillinger",
"Metadata invalid" : "Ugyldig metadata",
"Metadata valid" : "Gyldig metadata",
"Error" : "Fejl"
},
"nplurals=2; plural=(n != 1);");

42
docker/nextcloud/src/custom_apps/user_saml/l10n/da.json Normal file
View File

@ -0,0 +1,42 @@
{ "translations": {
"This user account is disabled, please contact your administrator." : "Denne bruger konto er deaktiveret. Kontakt venligst din administrator.",
"Saved" : "Gemt",
"Provider" : "Udbyder",
"Unknown error, please check the log file for more details." : "Ukendt fejl, tjek venligst logfilen for flere detaljer.",
"Direct log in" : "Direkte login",
"SSO & SAML log in" : "SSO & SAML log in",
"Provider " : "Udbyder",
"X.509 certificate of the Service Provider" : "X.509 certifikat hos udbyderen",
"Private key of the Service Provider" : "Privat nøgle for udbyderen",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Indikerer at nameID af <samlp:logoutRequest> sendt af denne SP vil blive krypteret.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indikerer om <samlp:AuthnRequest> beskeder sendt af denne SP vil blive underskrevet [Metadata af denne SP vil indeholde denne info]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Indikerer om <samlp:logoutRequest> sendt af denne SP vil blive underskrevet.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Indikerer om <samlp:logoutRequest> sendt af denne SP vil blive underskrevet.",
"Whether the metadata should be signed." : "Indikerer om metadata vil blive underskrevet.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Angiver et krav til <samlp:Response>, <samlp:LogoutRequest> og <samlp:LogoutResponse> elementer modtaget af denne SP, der skal underskrives.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Angiver et krav for <saml:Assertion> -elementer modtaget af denne SP, der skal underskrives. [SP-metadata vil tilbyde denne info]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Angiver et krav for, at <saml:Assertion> elementer modtaget af denne SP der skal krypteres.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Angiver et krav til NameID-elementet på SAMLResponse modtaget af denne SP skal være til stede.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Angiver et krav for, at NameID modtaget af denne SP skal krypteres.",
"Indicates if the SP will validate all received XML." : "Angiver om SP'en vil validere alle modtagne XML'er.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-koder SAML-data som små bogstaver, og værktøjet bruger som standard store bogstaver. Aktivér for ADFS-kompatibilitet ved underskriftskontrol.",
"Attribute to map the UID to." : "Egenskab til at kortlægge UID til.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Tillad kun godkendelse, hvis der findes en konto på en anden backend. (f.eks. LDAP)",
"Attribute to map the displayname to." : "Egenskab til at kortlægge visningsnavn til.",
"Attribute to map the email address to." : "Egenskab til at kortlægge e-mail-adressen til.",
"Email address" : "E-mailadresse",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Valgfrit visningsnavn for identitetsudbyderen (standard: \"SSO & SAML log ind\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Tillad brug af flere brugerbackender (f.eks. LDAP)",
"Open documentation" : "Åbn dokumentation",
"Use environment variable" : "Brug miljøvariabel",
"Global settings" : "Globale indstillinger",
"General" : "General",
"Configure your IdP settings here." : "Indstil IdP her.",
"Security settings" : "Sikkerhedsindstillinger",
"Download metadata XML" : "Download metadata XML",
"Reset settings" : "Nulstil indstillinger",
"Metadata invalid" : "Ugyldig metadata",
"Metadata valid" : "Gyldig metadata",
"Error" : "Fejl"
},"pluralForm" :"nplurals=2; plural=(n != 1);"
}

90
docker/nextcloud/src/custom_apps/user_saml/l10n/de.js Normal file
View File

@ -0,0 +1,90 @@
OC.L10N.register(
"user_saml",
{
"This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktiere Deinen Administrator.",
"Saved" : "Gespeichert",
"Provider" : "Anbieter",
"Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfe die Log-Datei für weitere Informationen.",
"Direct log in" : "Direkte Anmeldung",
"SSO & SAML log in" : "SSO- & SAML-Anmeldung",
"This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden",
"Provider " : "Anbieter",
"X.509 certificate of the Service Provider" : "X.509-Zertifikat des Service-Providers",
"Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Zeigt an, dass die nameID des <samlp:logoutRequest> von diesem Diensteanbieter verschlüsselt versandt werden.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:AuthnRequest> - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:logoutRequest> - Nachrichten signiert werden.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:logoutResponse> - Nachrichten signiert werden.",
"Whether the metadata should be signed." : "Ob die Metadaten signiert werden sollen.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Zeigt an, dass die von diesem Diensteanbieter empfangenen <samlp:Response>, <samlp:LogoutRequest> und <samlp:LogoutResponse> Elemente signiert sein müssen.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Zeigt an, dass die <saml:Assertion> Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Zeigt an, dass die <saml:Assertion> Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Zeigt an, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Zeigt an, dass die NameID die von diesem Diensteanbieter empfangen wird verschlüsselt sein muss.",
"Indicates if the SP will validate all received XML." : "Zeigt an, ob der Diensteanbieter alles empfangene XML überprüft. ",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.",
"Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.",
"Retrieve query parameters from $_SERVER. Some SAML servers require this on SLO requests." : "Abfrageparameter von $_SERVER abrufen. Einige SAML-Server erfordern dies bei SLO-Anfragen.",
"Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)",
"Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.",
"Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.",
"Attribute to map the quota to." : "Attribut, dem das Kontingent zugeordnet werden soll.",
"Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.",
"Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.",
"Email address" : "E-Mail-Adresse",
"Encrypted" : "Verschlüsselt",
"Entity" : "Einheit",
"Kerberos" : "Kerberos",
"Persistent" : "Dauerhaft",
"Transient" : "Flüchtig",
"Unspecified" : "Nicht spezifiziert",
"Windows domain qualified name" : "Windows-Domäne qualifizierter Name",
"X509 subject name" : "X509-Subjektname ",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)",
"SSO & SAML authentication" : "SSO & SAML-Autorisierung",
"Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO-&-SAML-App ermöglicht es, Deine bereits bestehende Single-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud-LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z. B. beim Teilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungsanbieter, der einen der Standards implementiert hat, verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Testmatrix berücksichtigt werden.",
"Open documentation" : "Dokumentation öffnen",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, außer Du hast \"%s\" aktiviert oder Du gehst Direkt zur URL %s .",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Du gehst direkt zur URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.",
"Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen",
"Use environment variable" : "Umgebungsvariable benutzen",
"Global settings" : "Globale Einstellungen",
"Remove identity provider" : "Autorisierungsdienst entfernen",
"Add identity provider" : "Autorisierungsdienst hinzufügen",
"General" : "Allgemein",
"Service Provider Data" : "Diensteanbieter-Daten",
"If your Service Provider should use certificates you can optionally specify them here." : "Sollte Dein Diensteanbieter Zertifikate benutzen, dann hast Du hier die Möglichkeit, diese anzugeben.",
"Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…",
"Name ID format" : "Name-ID-Format",
"Identity Provider Data" : "Daten des Autorisierungsdienstes",
"Configure your IdP settings here." : "Autorisierungsdiensteinstellungen hier konfigurieren.",
"Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Dienstanbieter die Anmeldungsanfrage senden soll",
"Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen",
"URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll",
"URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes",
"Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes",
"Attribute mapping" : "Attribute zuordnen",
"If you want to optionally map attributes to the user you can configure these here." : "Wenn Du optional Attribute dem Benutzer zuordnen möchtest, kannst Du dies hier einstellen.",
"Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ",
"Security settings" : "Sicherheitseinstellungen",
"For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Deiner Installation unterstützt werden.",
"Show security settings…" : "Zeige Sicherheitseinstellungen… ",
"Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten",
"Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich",
"Download metadata XML" : "Lade Metadaten-XML herunter",
"Reset settings" : "Einstellungen zurücksetzen",
"Metadata invalid" : "Metadaten ungültig",
"Metadata valid" : "Metadaten gültig",
"Error" : "Fehler",
"Account not provisioned." : "Konto nicht bereitgestellt.",
"Your account is not provisioned, access to this service is thus not possible." : "Dein Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.",
"Login options:" : "Anmeldeoptionen:",
"Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen"
},
"nplurals=2; plural=(n != 1);");

88
docker/nextcloud/src/custom_apps/user_saml/l10n/de.json Normal file
View File

@ -0,0 +1,88 @@
{ "translations": {
"This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktiere Deinen Administrator.",
"Saved" : "Gespeichert",
"Provider" : "Anbieter",
"Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfe die Log-Datei für weitere Informationen.",
"Direct log in" : "Direkte Anmeldung",
"SSO & SAML log in" : "SSO- & SAML-Anmeldung",
"This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden",
"Provider " : "Anbieter",
"X.509 certificate of the Service Provider" : "X.509-Zertifikat des Service-Providers",
"Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Zeigt an, dass die nameID des <samlp:logoutRequest> von diesem Diensteanbieter verschlüsselt versandt werden.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:AuthnRequest> - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:logoutRequest> - Nachrichten signiert werden.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:logoutResponse> - Nachrichten signiert werden.",
"Whether the metadata should be signed." : "Ob die Metadaten signiert werden sollen.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Zeigt an, dass die von diesem Diensteanbieter empfangenen <samlp:Response>, <samlp:LogoutRequest> und <samlp:LogoutResponse> Elemente signiert sein müssen.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Zeigt an, dass die <saml:Assertion> Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Zeigt an, dass die <saml:Assertion> Elemente die von diesem Diensteanbieter empfangen wurden verschlüsselt sein müssen.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Zeigt an, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Zeigt an, dass die NameID die von diesem Diensteanbieter empfangen wird verschlüsselt sein muss.",
"Indicates if the SP will validate all received XML." : "Zeigt an, ob der Diensteanbieter alles empfangene XML überprüft. ",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.",
"Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.",
"Retrieve query parameters from $_SERVER. Some SAML servers require this on SLO requests." : "Abfrageparameter von $_SERVER abrufen. Einige SAML-Server erfordern dies bei SLO-Anfragen.",
"Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)",
"Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.",
"Attribute to map the email address to." : "Attribut dem die E-Mail-Adresse zugeordnet werden soll.",
"Attribute to map the quota to." : "Attribut, dem das Kontingent zugeordnet werden soll.",
"Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.",
"Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.",
"Email address" : "E-Mail-Adresse",
"Encrypted" : "Verschlüsselt",
"Entity" : "Einheit",
"Kerberos" : "Kerberos",
"Persistent" : "Dauerhaft",
"Transient" : "Flüchtig",
"Unspecified" : "Nicht spezifiziert",
"Windows domain qualified name" : "Windows-Domäne qualifizierter Name",
"X509 subject name" : "X509-Subjektname ",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)",
"SSO & SAML authentication" : "SSO & SAML-Autorisierung",
"Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO-&-SAML-App ermöglicht es, Deine bereits bestehende Single-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud-LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z. B. beim Teilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungsanbieter, der einen der Standards implementiert hat, verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Testmatrix berücksichtigt werden.",
"Open documentation" : "Dokumentation öffnen",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, außer Du hast \"%s\" aktiviert oder Du gehst Direkt zur URL %s .",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Deinem normalen Zugang %s ist dann nicht mehr möglich, es sei denn, Du gehst direkt zur URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Autorisierung mittels in Nextcloud integriertem SAML oder gegen eine Umgebungsvariable erfolgen soll.",
"Use built-in SAML authentication" : "Integrierte SAML-Autorisierung benutzen",
"Use environment variable" : "Umgebungsvariable benutzen",
"Global settings" : "Globale Einstellungen",
"Remove identity provider" : "Autorisierungsdienst entfernen",
"Add identity provider" : "Autorisierungsdienst hinzufügen",
"General" : "Allgemein",
"Service Provider Data" : "Diensteanbieter-Daten",
"If your Service Provider should use certificates you can optionally specify them here." : "Sollte Dein Diensteanbieter Zertifikate benutzen, dann hast Du hier die Möglichkeit, diese anzugeben.",
"Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…",
"Name ID format" : "Name-ID-Format",
"Identity Provider Data" : "Daten des Autorisierungsdienstes",
"Configure your IdP settings here." : "Autorisierungsdiensteinstellungen hier konfigurieren.",
"Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Autorisierungsdienstes (muss URI sein)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Autorisierungsdienstes an den der Dienstanbieter die Anmeldungsanfrage senden soll",
"Show optional Identity Provider settings…" : "Zeige optionale Autorisierungsdienst-Einstellungen",
"URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Autorisierungsdienstes an den der Diensteanbieter die SLO-Anfrage senden soll",
"URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Autorisierungsdienstes",
"Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Autorisierungsdienstes",
"Attribute mapping" : "Attribute zuordnen",
"If you want to optionally map attributes to the user you can configure these here." : "Wenn Du optional Attribute dem Benutzer zuordnen möchtest, kannst Du dies hier einstellen.",
"Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen… ",
"Security settings" : "Sicherheitseinstellungen",
"For increased security we recommend enabling the following settings if supported by your environment." : "Um die Sicherheit zu erhöhen empfehlen wir die nachfolgenden Einstellungen, soweit diese von Deiner Installation unterstützt werden.",
"Show security settings…" : "Zeige Sicherheitseinstellungen… ",
"Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten",
"Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich",
"Download metadata XML" : "Lade Metadaten-XML herunter",
"Reset settings" : "Einstellungen zurücksetzen",
"Metadata invalid" : "Metadaten ungültig",
"Metadata valid" : "Metadaten gültig",
"Error" : "Fehler",
"Account not provisioned." : "Konto nicht bereitgestellt.",
"Your account is not provisioned, access to this service is thus not possible." : "Dein Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.",
"Login options:" : "Anmeldeoptionen:",
"Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen"
},"pluralForm" :"nplurals=2; plural=(n != 1);"
}

90
docker/nextcloud/src/custom_apps/user_saml/l10n/de_DE.js Normal file
View File

@ -0,0 +1,90 @@
OC.L10N.register(
"user_saml",
{
"This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktieren Sie Ihren Administrator.",
"Saved" : "Gespeichert",
"Provider" : "Anbieter",
"Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfen Sie die Log-Datei für weitere Informationen.",
"Direct log in" : "Direkte Anmeldung",
"SSO & SAML log in" : "SSO- & SAML-Anmeldung",
"This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden.",
"Provider " : "Anbieter",
"X.509 certificate of the Service Provider" : "X.509-Zertifikat des Diensteanbieters",
"Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Zeigt an, dass die nameID des <samlp:logoutRequest> von diesem Diensteanbieter verschlüsselt versandt werden.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:AuthnRequest> - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Erfordert, dass die von diesem Diensteanbieter gesendeten <samlp:logoutRequest> Nachrichten signiert werden.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:logoutResponse> Nachrichten signiert werden.",
"Whether the metadata should be signed." : "Gibt an, ob die Metadaten signiert werden sollen.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Zeigt an, dass die von diesem SP empfangenen Elemente <samlp:Response>, <samlp:LogoutRequest> und <samlp:LogoutResponse> signiert werden müssen.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Erfordert, dass die <saml:Assertion> Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Erfordert, dass die <saml:Assertion> Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Erfordert, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Erfordert, dass die NameID, die von diesem Diensteanbieter empfangen wird, verschlüsselt sein muss.",
"Indicates if the SP will validate all received XML." : "Gibt an, ob der Diensteanbieter alle empfangenen XML-Inhalte überprüft.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.",
"Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.",
"Retrieve query parameters from $_SERVER. Some SAML servers require this on SLO requests." : "Abfrageparameter von $_SERVER abrufen. Einige SAML-Server erfordern dies bei SLO-Anfragen.",
"Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)",
"Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.",
"Attribute to map the email address to." : "Attribut, dem die E-Mail-Adresse zugeordnet werden soll.",
"Attribute to map the quota to." : "Attribut, dem das Speicherkontingent zugeordnet werden soll.",
"Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.",
"Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.",
"Email address" : "E-Mail-Adresse",
"Encrypted" : "Verschlüsselt",
"Entity" : "Einheit",
"Kerberos" : "Kerberos",
"Persistent" : "Dauerhaft",
"Transient" : "Flüchtig",
"Unspecified" : "Nicht spezifiziert",
"Windows domain qualified name" : "Windows-Domäne qualifizierter Name",
"X509 subject name" : "X509-Subjektname ",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)",
"SSO & SAML authentication" : "SSO & SAML-Autorisierung",
"Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO & SAML-App ermöglicht es Ihre bereits bestehende Singl-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z.B. beim eilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungs-Anbieter der einen der Standards implementiert hat verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Test-Matrix berücksichtigt werden.",
"Open documentation" : "Dokumentation öffnen",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Ihrem normalen Zugang %s ist dann nicht mehr möglich, außer Sie haben \"%s\" aktiviert oder Sie gehen direkt zur URL %s.",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit ihrem normalen Konto %s wird nicht mehr möglich sein, es sei denn, Sie gehen direkt zur URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Authentifizierung mittels in Nextcloud integriertem SAML-Provider oder gegen eine Umgebungsvariable erfolgen soll.",
"Use built-in SAML authentication" : "Integrierte SAML-Authentifizierung benutzen",
"Use environment variable" : "Umgebungsvariable benutzen",
"Global settings" : "Globale Einstellungen",
"Remove identity provider" : "Identitätsanbieter entfernen",
"Add identity provider" : "Identitätsanbieter hinzufügen",
"General" : "Allgemein",
"Service Provider Data" : "Diensteanbieter-Daten",
"If your Service Provider should use certificates you can optionally specify them here." : "Wenn Ihr Dienstanbieter Zertifikate verwenden soll, können Sie diese hier optional angeben.",
"Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…",
"Name ID format" : "Name-ID-Format",
"Identity Provider Data" : "Daten des Identitätsanbieters",
"Configure your IdP settings here." : "Einstellungen des Identitätsanbieters hier konfigurieren.",
"Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Identitätsanbieters (muss eine URL sein)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Identitätsanbieters, an den der Diensteanbieter die Anmeldungsanfrage senden soll",
"Show optional Identity Provider settings…" : "Optionale Einstellungen des Identitätsanbieters anzeigen …",
"URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Identitätsanbieters, an den der Diensteanbieter die SLO-Anfrage senden soll",
"URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Identitätsanbieters",
"Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Identitätsanbieters",
"Attribute mapping" : "Attribute zuordnen",
"If you want to optionally map attributes to the user you can configure these here." : "Wenn Sie optional Attribute dem Benutzer zuordnen möchten, können Sie dies hier einstellen.",
"Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen …",
"Security settings" : "Sicherheitseinstellungen",
"For increased security we recommend enabling the following settings if supported by your environment." : "Zur Erhöhung der Sicherheit empfehlen wir, die folgenden Einstellungen zu aktivieren, sofern dies von Ihrer Installation unterstützt wird.",
"Show security settings…" : "Sicherheitseinstellungen anzeigen …",
"Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten",
"Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich",
"Download metadata XML" : "Lade Metadaten-XML herunter",
"Reset settings" : "Einstellungen zurücksetzen",
"Metadata invalid" : "Metadaten ungültig",
"Metadata valid" : "Metadaten gültig",
"Error" : "Fehler",
"Account not provisioned." : "Konto nicht bereitgestellt.",
"Your account is not provisioned, access to this service is thus not possible." : "Ihr Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.",
"Login options:" : "Anmeldeoptionen:",
"Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen"
},
"nplurals=2; plural=(n != 1);");

88
docker/nextcloud/src/custom_apps/user_saml/l10n/de_DE.json Normal file
View File

@ -0,0 +1,88 @@
{ "translations": {
"This user account is disabled, please contact your administrator." : "Dieses Nutzerkonto ist deaktiviert. Bitte kontaktieren Sie Ihren Administrator.",
"Saved" : "Gespeichert",
"Provider" : "Anbieter",
"Unknown error, please check the log file for more details." : "Unbekannter Fehler, bitte prüfen Sie die Log-Datei für weitere Informationen.",
"Direct log in" : "Direkte Anmeldung",
"SSO & SAML log in" : "SSO- & SAML-Anmeldung",
"This page should not be visited directly." : "Diese Seite sollte nicht direkt aufgerufen werden.",
"Provider " : "Anbieter",
"X.509 certificate of the Service Provider" : "X.509-Zertifikat des Diensteanbieters",
"Private key of the Service Provider" : "Privater Schlüssel des Diensteanbieters",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Zeigt an, dass die nameID des <samlp:logoutRequest> von diesem Diensteanbieter verschlüsselt versandt werden.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:AuthnRequest> - Nachrichten signiert werden. [Die Metadaten des Diensteanbieters zeigen diese Infos an]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Erfordert, dass die von diesem Diensteanbieter gesendeten <samlp:logoutRequest> Nachrichten signiert werden.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Zeigt an, ob die von diesem Diensteanbieter gesendeten <samlp:logoutResponse> Nachrichten signiert werden.",
"Whether the metadata should be signed." : "Gibt an, ob die Metadaten signiert werden sollen.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Zeigt an, dass die von diesem SP empfangenen Elemente <samlp:Response>, <samlp:LogoutRequest> und <samlp:LogoutResponse> signiert werden müssen.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Erfordert, dass die <saml:Assertion> Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen. [Metadaten des Diensteanbieters enthalten diese Informationen]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Erfordert, dass die <saml:Assertion> Elemente, die von diesem Diensteanbieter empfangen wurden, verschlüsselt sein müssen.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Erfordert, dass das NameID-Element der SAML-Antwort dieses Diensteanbieters vorhanden sein muss.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Erfordert, dass die NameID, die von diesem Diensteanbieter empfangen wird, verschlüsselt sein muss.",
"Indicates if the SP will validate all received XML." : "Gibt an, ob der Diensteanbieter alle empfangenen XML-Inhalte überprüft.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS kodiert SAML-URL-Daten in Kleinbuchstaben und das Toolkit nutzt als Standard Großbuchstaben. Diese Option für ADFS-Kompatibilität bei Signatur-Überprüfung aktivieren.",
"Algorithm that the toolkit will use on signing process." : "Algorithmus, den das Toolkit beim Signieren verwendet.",
"Retrieve query parameters from $_SERVER. Some SAML servers require this on SLO requests." : "Abfrageparameter von $_SERVER abrufen. Einige SAML-Server erfordern dies bei SLO-Anfragen.",
"Attribute to map the UID to." : "Attribut dem die UID zugeordnet werden soll.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Anmeldung nur erlauben, wenn ein Konto auf einem anderen Backend vorhanden ist (z.B. LDAP)",
"Attribute to map the displayname to." : "Attribut dem der Anzeigename zugeordnet werden soll.",
"Attribute to map the email address to." : "Attribut, dem die E-Mail-Adresse zugeordnet werden soll.",
"Attribute to map the quota to." : "Attribut, dem das Speicherkontingent zugeordnet werden soll.",
"Attribute to map the users groups to." : "Attribut, dem die Gruppen des Benutzers zugeordnet werden sollen.",
"Attribute to map the users home to." : "Attribut dem das zu Hause des Benutzers zugeordnet werden soll.",
"Email address" : "E-Mail-Adresse",
"Encrypted" : "Verschlüsselt",
"Entity" : "Einheit",
"Kerberos" : "Kerberos",
"Persistent" : "Dauerhaft",
"Transient" : "Flüchtig",
"Unspecified" : "Nicht spezifiziert",
"Windows domain qualified name" : "Windows-Domäne qualifizierter Name",
"X509 subject name" : "X509-Subjektname ",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "SAML-Autorisierung für die %s Desktop-Clients nutzen (erfordert eine Neu-Autorisierung der Benutzer)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional den Namen des Identitätsanbieters anzeigen (Standard: \"SSO- & SAML-Anmeldung\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Die Verwendung von mehreren Benutzerverwaltungen erlauben (z. B. LDAP)",
"SSO & SAML authentication" : "SSO & SAML-Autorisierung",
"Authenticate using single sign-on" : "Authentifizieren mit Single-Sign-On",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Die SSO & SAML-App ermöglicht es Ihre bereits bestehende Singl-Sign-On-Lösung einfach in Nextcloud zu integrieren. Ausserdem kann der Nextcloud LDAP-Nutzer-Anbieter verwendet werden, um es den Nutzern (z.B. beim eilen) besonders einfach zu machen.\nBislang werden folgende Anbieter unterstützt und sind getestet:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Anmeldung über Umgebungsvariable**\n\t* Kerberos (mod_auth_kerb)\n\t* Alle anderen Anbieter, die die Umgebungsvariable verwenden\n\nObwohl theoretisch jeder andere Anmeldungs-Anbieter der einen der Standards implementiert hat verwendet werden kann, weisen wir darauf hin, dass diese anderen Anbieter nicht in unserer Test-Matrix berücksichtigt werden.",
"Open documentation" : "Dokumentation öffnen",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit Ihrem normalen Zugang %s ist dann nicht mehr möglich, außer Sie haben \"%s\" aktiviert oder Sie gehen direkt zur URL %s.",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Es muss ein Benutzer mit Administrator-Rechten vorhanden sein, der sich mittels SSO anmelden kann. Eine Anmeldung mit ihrem normalen Konto %s wird nicht mehr möglich sein, es sei denn, Sie gehen direkt zur URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Bitte auswählen ob die Authentifizierung mittels in Nextcloud integriertem SAML-Provider oder gegen eine Umgebungsvariable erfolgen soll.",
"Use built-in SAML authentication" : "Integrierte SAML-Authentifizierung benutzen",
"Use environment variable" : "Umgebungsvariable benutzen",
"Global settings" : "Globale Einstellungen",
"Remove identity provider" : "Identitätsanbieter entfernen",
"Add identity provider" : "Identitätsanbieter hinzufügen",
"General" : "Allgemein",
"Service Provider Data" : "Diensteanbieter-Daten",
"If your Service Provider should use certificates you can optionally specify them here." : "Wenn Ihr Dienstanbieter Zertifikate verwenden soll, können Sie diese hier optional angeben.",
"Show Service Provider settings…" : "Zeige die Diensteanbieter-Einstellungen…",
"Name ID format" : "Name-ID-Format",
"Identity Provider Data" : "Daten des Identitätsanbieters",
"Configure your IdP settings here." : "Einstellungen des Identitätsanbieters hier konfigurieren.",
"Identifier of the IdP entity (must be a URI)" : "Identifikationsmerkmal des Identitätsanbieters (muss eine URL sein)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "URL-Ziel des Identitätsanbieters, an den der Diensteanbieter die Anmeldungsanfrage senden soll",
"Show optional Identity Provider settings…" : "Optionale Einstellungen des Identitätsanbieters anzeigen …",
"URL Location of the IdP where the SP will send the SLO Request" : "URL-Adresse des Identitätsanbieters, an den der Diensteanbieter die SLO-Anfrage senden soll",
"URL Location of the IDP's SLO Response" : "URL-Adresse der SLO-Antwort des Identitätsanbieters",
"Public X.509 certificate of the IdP" : "Öffentliches X.509-Zertifikat des Identitätsanbieters",
"Attribute mapping" : "Attribute zuordnen",
"If you want to optionally map attributes to the user you can configure these here." : "Wenn Sie optional Attribute dem Benutzer zuordnen möchten, können Sie dies hier einstellen.",
"Show attribute mapping settings…" : "Einstellungen der Attribute-Zuordnung anzeigen …",
"Security settings" : "Sicherheitseinstellungen",
"For increased security we recommend enabling the following settings if supported by your environment." : "Zur Erhöhung der Sicherheit empfehlen wir, die folgenden Einstellungen zu aktivieren, sofern dies von Ihrer Installation unterstützt wird.",
"Show security settings…" : "Sicherheitseinstellungen anzeigen …",
"Signatures and encryption offered" : "Signaturen und Verschlüsselung werden angeboten",
"Signatures and encryption required" : "Signaturen und Verschlüsselung erforderlich",
"Download metadata XML" : "Lade Metadaten-XML herunter",
"Reset settings" : "Einstellungen zurücksetzen",
"Metadata invalid" : "Metadaten ungültig",
"Metadata valid" : "Metadaten gültig",
"Error" : "Fehler",
"Account not provisioned." : "Konto nicht bereitgestellt.",
"Your account is not provisioned, access to this service is thus not possible." : "Ihr Konto wird nicht bereitgestellt. Der Zugriff ist daher nicht möglich.",
"Login options:" : "Anmeldeoptionen:",
"Choose a authentication provider" : "Einen Authentifizierungsanbieter auswählen"
},"pluralForm" :"nplurals=2; plural=(n != 1);"
}

89
docker/nextcloud/src/custom_apps/user_saml/l10n/el.js Normal file
View File

@ -0,0 +1,89 @@
OC.L10N.register(
"user_saml",
{
"This user account is disabled, please contact your administrator." : "Ο λογαριασμός χρήστη είναι απενεργοποιημένος, επικοινωνήστε με τον διαχειριστή σας.",
"Saved" : "Αποθηκεύτηκαν",
"Provider" : "Πάροχος",
"Unknown error, please check the log file for more details." : "Άγνωστο σφάλμα, παρακαλούμε ελέξτε το ιστορικό για περισσότερες λεπτομέρειες.",
"Direct log in" : "Άμεση είσοδος",
"SSO & SAML log in" : "Είσοδος SSO & SAML",
"This page should not be visited directly." : "Αυτή η σελίδα δεν πρέπει να επισκέφτεται απευθείας",
"Provider " : "Πάροχος",
"X.509 certificate of the Service Provider" : "Το πιστοποιητικό του Παρόχου Υπηρεσιών X.509",
"Private key of the Service Provider" : "Ιδιωτικό κλειδί για τον παροχέα δικτύου",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Υποδεικνύει ότι το αναγνωριστικό όνομα του <samlp:logoutRequest> που αποστέλλονται από αυτό το SP θα κρυπτογραφηθούν.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Υποδεικνύει το κατα πόσο <samlp:AuthnRequest>των μηνυμάτων που αποστέλλονται από αυτό το SP θα υπογραφούν. [Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο <samlp:logoutRequest> των μηνυμάτων που έχουν σταλλεί από αυτό το SP θα υπογραφούν.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο του <samlp:logoutResponse> σταλθέντων μηνυμάτων απο αυτό το SP θα υπογραφούν.",
"Whether the metadata should be signed." : "Εάν τα μεταδεδομένα πρέπει να είναι υπογεγραμένα.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Υποδεικνύει μία απαίτηση για το<samlp:Response>,<samlp:LogoutRequest>και<samlp:LogoutResponse>των ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Προαπαιτείται για το <saml:Assertion> των ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.[Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση κρυπτογράφησης <saml:Assertion> των στοιχείων που λαμβάνονται από αυτό το SP.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Υποδεικνύει μια απαίτηση για το στοιχείο ΌνομαΑντικειμένου στο SAMLResponse που λαμβάνεται από αυτό το SP να είναι παρόν.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση για κρυπτογράφηση του αναγνωριστικού ονόματος που λαμβάνεται από αυτό το SP.",
"Indicates if the SP will validate all received XML." : "Υποδεικνύει εάν το SP θα επικυρώσει όλες τις ληφθείσες XML.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Διεύθυνση URL ADFS - Κωδικοποιεί τα δεδομένα SAML ως πεζά και το κιτ εργαλείων χρησιμοποιεί από προεπιλογή κεφαλαία γράμματα. Ενεργοποιήστε τη συμβατότητα ADFS κατά την επαλήθευση υπογραφής.",
"Algorithm that the toolkit will use on signing process." : "Αλγόριθμος που θα χρησιμοποιήσει η εργαλειοθήκη κατά τη διαδικασία υπογραφής.",
"Attribute to map the UID to." : "Χαρακτηριστικό χαρτογράφησης του UID.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Να επιτρέπεται η πιστοποίηση μόνον εάν ένας λογαριασμός υπάρχει σε κάποιο άλλο backend. (πχ. LDAP)",
"Attribute to map the displayname to." : "Χαρακτηριστικό για τη χαρτογράφηση του ονόματος εμφάνισης.",
"Attribute to map the email address to." : "Χαρακτηριστικό για τη χαρτογράφηση της διεύθυνσης αλληλογραφίας.",
"Attribute to map the quota to." : "Χαρακτηριστικό χαρτογράφησης της ποσόστωσης.",
"Attribute to map the users groups to." : "Χαρακτηριστικό χαρτογράφησης της ομάδας χρηστών.",
"Attribute to map the users home to." : "Χαρακτηριστικό χαρτογράφησης της οικίας χρηστών.",
"Email address" : "Διεύθυνση αλληλογραφίας",
"Encrypted" : "Κρυπτογραφημένο",
"Entity" : "Οντότητα",
"Kerberos" : "Kerberos",
"Persistent" : "Επίμονος",
"Transient" : "Παροδικός",
"Unspecified" : "Απροσδιόριστος",
"Windows domain qualified name" : "Χαρακτηριστικό όνομα τομέα των Windows",
"X509 subject name" : "Όνομα θέματος X509",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Χρησιμοποιείστε πιστοποίηση SAML για τους %s σταθερούς υπολογιστές (απαιτείται έλεγχος επαλήθευσης από τον χρήστη)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Προαιρετικά εμφάνιση ονόματος ταυτότητας παρόχου (προεπιλογή:\"SSO & SAML\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Επιτρέψτε τη χρήση εφαρμογών παρασκηνίου (π.χ. LDAP)",
"SSO & SAML authentication" : "Πιστοποίηση SSO & SAML",
"Authenticate using single sign-on" : "Πιστοποίηση με χρήση απλής σύνδεσης",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Χρησιμοποιώντας την εφαρμογή SSO & SAML του Nextcloud, μπορείτε εύκολα να ενσωματώσετε την υπάρχουσα λύση Ευκολή Σύνδεση με το Nextcloud. Επιπλέον, μπορείτε να χρησιμοποιήσετε τον πάροχο χρηστών του Nextcloud LDAP για να διατηρήσετε την ευκολία των χρηστών. (π.χ. κατά την κοινή χρήση)\nΣήμερα υποστηρίζονται και δοκιμάστηκαν οι παρακάτω πάροχες:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t * Κάθε άλλος πάροχος που πιστοποιείται με χρήση της μεταβλητής περιβάλλοντος\n\nΕνώ θεωρητικά οποιοσδήποτε άλλος πάροχος πιστοποίησης που εφαρμόζει ένα από αυτά τα πρότυπα είναι συμβατός, θέλουμε να σημειώσουμε ότι δεν αποτελούν μέρος εσωτερικών δοκιμών.",
"Open documentation" : "Άνοιγμα τεκμηρίωσης",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν ενεργοποιηθεί το \"%s\" ή μεταβείτε απευθείας στην URL %s.",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν μεταβείτε απευθείας στην URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Επιλέξτε εάν θέλετε να επαληθεύσετε την ταυτότητα χρησιμοποιώντας τον ενσωματωμένο στο Nextcloud φορέα SAML ή αν θέλετε να επαληθεύσετε την ταυτότητά σας σε σχέση με μια μεταβλητή περιβάλλοντος.",
"Use built-in SAML authentication" : "Χρησιμοποιήστε ενσωματωμένο έλεγχο ταυτότητας SAML",
"Use environment variable" : "Χρησιμοποιήστε μεταβλητή περιβάλλοντος",
"Global settings" : "Γενικές ρυθμίσεις",
"Remove identity provider" : "Κατάργηση ταυτότητας παρόχου",
"Add identity provider" : "Προσθήκη ταυτότητας παρόχου",
"General" : "Γενικά",
"Service Provider Data" : "Δεδομένα φορέα παροχής υπηρεσιών",
"If your Service Provider should use certificates you can optionally specify them here." : "Εάν ο πάροχος υπηρεσιών σας πρέπει να χρησιμοποιήσει πιστοποιητικά, μπορείτε να τα ορίσετε προαιρετικά εδώ.",
"Show Service Provider settings…" : "Εμφάνιση ρυθμίσεων Υπηρεσίας Παρόχου ...",
"Name ID format" : "Μορφή ταυτότητας ονόματος",
"Identity Provider Data" : "Στοιχεία παροχέα ταυτότητας",
"Configure your IdP settings here." : "Ρυθμίστε το IdP εδώ.",
"Identifier of the IdP entity (must be a URI)" : "Αναγνωριστικό οντότητας IdP (πρέπει να είναι URI)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "Αποδέκτης URL του IdP όπου το SP θα στείλει μήνυμα Αίτησης Ελέγχου Ταυτότητας",
"Show optional Identity Provider settings…" : "Εμφάνιση προαιρετικών ρυθμίσεων Παροχέα Ταυτότητας ...",
"URL Location of the IdP where the SP will send the SLO Request" : "Τοποθεσία URL του IdP όπου το SP θα στείλει Αίτηση SLO",
"URL Location of the IDP's SLO Response" : "Τοποθεσία URL της απάντησης SLO του IDP",
"Public X.509 certificate of the IdP" : "Δημόσιο πιστοποιητικό X.509 του IdP",
"Attribute mapping" : "Χαρτογράφηση χαρακτηριστικών",
"If you want to optionally map attributes to the user you can configure these here." : "Αν επιθυμείτε προαιρετικά να χαρτογραφήσετε χαρακτηριστικά στον χρήστη, μπορείτε να τις διαμορφώσετε εδώ.",
"Show attribute mapping settings…" : "Εμφάνιση ρυθμίσεων χαρτογράφησης χαρακτηριστικών ",
"Security settings" : "Ρυθμίσεις ασφαλείας",
"For increased security we recommend enabling the following settings if supported by your environment." : "Για αυξημένη ασφάλεια σας συνιστούμε να ενεργοποιήσετε τις παρακάτω ρυθμίσεις εάν υποστηρίζονται από το περιβάλλον σας.",
"Show security settings…" : "Εμφάνιση ρυθμίσεων ασφαλείας...",
"Signatures and encryption offered" : "Υπογραφές και κρυπτογράφηση που προσφέρονται",
"Signatures and encryption required" : "Απαιτούνται υπογραφές και κρυπτογράφηση",
"Download metadata XML" : "Λήψη μεταδεδομένων XML",
"Reset settings" : "Επαναφορά ρυθμίσεων",
"Metadata invalid" : "Μη έγκυρα μεταδεδομένα",
"Metadata valid" : "Έγκυρα μεταδεδομένα",
"Error" : "Σφάλμα",
"Account not provisioned." : "Ο λογαριασμός δεν προβλέφθηκε.",
"Your account is not provisioned, access to this service is thus not possible." : "Ο λογαριασμός σας δεν προβλέπεται, επομένως δεν είναι δυνατή η πρόσβαση σε αυτήν την υπηρεσία.",
"Login options:" : "Επιλογές σύνδεσης:",
"Choose a authentication provider" : "Επιλογή παρόχου πιστοποίησης"
},
"nplurals=2; plural=(n != 1);");

87
docker/nextcloud/src/custom_apps/user_saml/l10n/el.json Normal file
View File

@ -0,0 +1,87 @@
{ "translations": {
"This user account is disabled, please contact your administrator." : "Ο λογαριασμός χρήστη είναι απενεργοποιημένος, επικοινωνήστε με τον διαχειριστή σας.",
"Saved" : "Αποθηκεύτηκαν",
"Provider" : "Πάροχος",
"Unknown error, please check the log file for more details." : "Άγνωστο σφάλμα, παρακαλούμε ελέξτε το ιστορικό για περισσότερες λεπτομέρειες.",
"Direct log in" : "Άμεση είσοδος",
"SSO & SAML log in" : "Είσοδος SSO & SAML",
"This page should not be visited directly." : "Αυτή η σελίδα δεν πρέπει να επισκέφτεται απευθείας",
"Provider " : "Πάροχος",
"X.509 certificate of the Service Provider" : "Το πιστοποιητικό του Παρόχου Υπηρεσιών X.509",
"Private key of the Service Provider" : "Ιδιωτικό κλειδί για τον παροχέα δικτύου",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Υποδεικνύει ότι το αναγνωριστικό όνομα του <samlp:logoutRequest> που αποστέλλονται από αυτό το SP θα κρυπτογραφηθούν.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Υποδεικνύει το κατα πόσο <samlp:AuthnRequest>των μηνυμάτων που αποστέλλονται από αυτό το SP θα υπογραφούν. [Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο <samlp:logoutRequest> των μηνυμάτων που έχουν σταλλεί από αυτό το SP θα υπογραφούν.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Υποδεικνύει το κατα πόσο του <samlp:logoutResponse> σταλθέντων μηνυμάτων απο αυτό το SP θα υπογραφούν.",
"Whether the metadata should be signed." : "Εάν τα μεταδεδομένα πρέπει να είναι υπογεγραμένα.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Υποδεικνύει μία απαίτηση για το<samlp:Response>,<samlp:LogoutRequest>και<samlp:LogoutResponse>των ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Προαπαιτείται για το <saml:Assertion> των ληφθέντων στοιχείων απο αυτό το SP ως προς υπογραφή.[Τα μεταδεδομένα του SP θα προσφέρουν αυτές τις πληροφορίες]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση κρυπτογράφησης <saml:Assertion> των στοιχείων που λαμβάνονται από αυτό το SP.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : "Υποδεικνύει μια απαίτηση για το στοιχείο ΌνομαΑντικειμένου στο SAMLResponse που λαμβάνεται από αυτό το SP να είναι παρόν.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Υποδεικνύει την απαίτηση για κρυπτογράφηση του αναγνωριστικού ονόματος που λαμβάνεται από αυτό το SP.",
"Indicates if the SP will validate all received XML." : "Υποδεικνύει εάν το SP θα επικυρώσει όλες τις ληφθείσες XML.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "Διεύθυνση URL ADFS - Κωδικοποιεί τα δεδομένα SAML ως πεζά και το κιτ εργαλείων χρησιμοποιεί από προεπιλογή κεφαλαία γράμματα. Ενεργοποιήστε τη συμβατότητα ADFS κατά την επαλήθευση υπογραφής.",
"Algorithm that the toolkit will use on signing process." : "Αλγόριθμος που θα χρησιμοποιήσει η εργαλειοθήκη κατά τη διαδικασία υπογραφής.",
"Attribute to map the UID to." : "Χαρακτηριστικό χαρτογράφησης του UID.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Να επιτρέπεται η πιστοποίηση μόνον εάν ένας λογαριασμός υπάρχει σε κάποιο άλλο backend. (πχ. LDAP)",
"Attribute to map the displayname to." : "Χαρακτηριστικό για τη χαρτογράφηση του ονόματος εμφάνισης.",
"Attribute to map the email address to." : "Χαρακτηριστικό για τη χαρτογράφηση της διεύθυνσης αλληλογραφίας.",
"Attribute to map the quota to." : "Χαρακτηριστικό χαρτογράφησης της ποσόστωσης.",
"Attribute to map the users groups to." : "Χαρακτηριστικό χαρτογράφησης της ομάδας χρηστών.",
"Attribute to map the users home to." : "Χαρακτηριστικό χαρτογράφησης της οικίας χρηστών.",
"Email address" : "Διεύθυνση αλληλογραφίας",
"Encrypted" : "Κρυπτογραφημένο",
"Entity" : "Οντότητα",
"Kerberos" : "Kerberos",
"Persistent" : "Επίμονος",
"Transient" : "Παροδικός",
"Unspecified" : "Απροσδιόριστος",
"Windows domain qualified name" : "Χαρακτηριστικό όνομα τομέα των Windows",
"X509 subject name" : "Όνομα θέματος X509",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Χρησιμοποιείστε πιστοποίηση SAML για τους %s σταθερούς υπολογιστές (απαιτείται έλεγχος επαλήθευσης από τον χρήστη)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Προαιρετικά εμφάνιση ονόματος ταυτότητας παρόχου (προεπιλογή:\"SSO & SAML\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Επιτρέψτε τη χρήση εφαρμογών παρασκηνίου (π.χ. LDAP)",
"SSO & SAML authentication" : "Πιστοποίηση SSO & SAML",
"Authenticate using single sign-on" : "Πιστοποίηση με χρήση απλής σύνδεσης",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Χρησιμοποιώντας την εφαρμογή SSO & SAML του Nextcloud, μπορείτε εύκολα να ενσωματώσετε την υπάρχουσα λύση Ευκολή Σύνδεση με το Nextcloud. Επιπλέον, μπορείτε να χρησιμοποιήσετε τον πάροχο χρηστών του Nextcloud LDAP για να διατηρήσετε την ευκολία των χρηστών. (π.χ. κατά την κοινή χρήση)\nΣήμερα υποστηρίζονται και δοκιμάστηκαν οι παρακάτω πάροχες:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t * Κάθε άλλος πάροχος που πιστοποιείται με χρήση της μεταβλητής περιβάλλοντος\n\nΕνώ θεωρητικά οποιοσδήποτε άλλος πάροχος πιστοποίησης που εφαρμόζει ένα από αυτά τα πρότυπα είναι συμβατός, θέλουμε να σημειώσουμε ότι δεν αποτελούν μέρος εσωτερικών δοκιμών.",
"Open documentation" : "Άνοιγμα τεκμηρίωσης",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you enabled \"%s\" or you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν ενεργοποιηθεί το \"%s\" ή μεταβείτε απευθείας στην URL %s.",
"Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account won't be possible anymore, unless you go directly to the URL %s." : "Βεβαιωθείτε ότι έχετε ρυθμίσει έναν χρήστη διαχείρισης ο οποίος μπορεί να έχει άμεση πρόσβαση μέσω SSO. Σύνδεση στον τακτικό λογαριασμό σας %sδε θα είναι δυνατή πλέον, εκτός και εάν μεταβείτε απευθείας στην URL %s.",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Επιλέξτε εάν θέλετε να επαληθεύσετε την ταυτότητα χρησιμοποιώντας τον ενσωματωμένο στο Nextcloud φορέα SAML ή αν θέλετε να επαληθεύσετε την ταυτότητά σας σε σχέση με μια μεταβλητή περιβάλλοντος.",
"Use built-in SAML authentication" : "Χρησιμοποιήστε ενσωματωμένο έλεγχο ταυτότητας SAML",
"Use environment variable" : "Χρησιμοποιήστε μεταβλητή περιβάλλοντος",
"Global settings" : "Γενικές ρυθμίσεις",
"Remove identity provider" : "Κατάργηση ταυτότητας παρόχου",
"Add identity provider" : "Προσθήκη ταυτότητας παρόχου",
"General" : "Γενικά",
"Service Provider Data" : "Δεδομένα φορέα παροχής υπηρεσιών",
"If your Service Provider should use certificates you can optionally specify them here." : "Εάν ο πάροχος υπηρεσιών σας πρέπει να χρησιμοποιήσει πιστοποιητικά, μπορείτε να τα ορίσετε προαιρετικά εδώ.",
"Show Service Provider settings…" : "Εμφάνιση ρυθμίσεων Υπηρεσίας Παρόχου ...",
"Name ID format" : "Μορφή ταυτότητας ονόματος",
"Identity Provider Data" : "Στοιχεία παροχέα ταυτότητας",
"Configure your IdP settings here." : "Ρυθμίστε το IdP εδώ.",
"Identifier of the IdP entity (must be a URI)" : "Αναγνωριστικό οντότητας IdP (πρέπει να είναι URI)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "Αποδέκτης URL του IdP όπου το SP θα στείλει μήνυμα Αίτησης Ελέγχου Ταυτότητας",
"Show optional Identity Provider settings…" : "Εμφάνιση προαιρετικών ρυθμίσεων Παροχέα Ταυτότητας ...",
"URL Location of the IdP where the SP will send the SLO Request" : "Τοποθεσία URL του IdP όπου το SP θα στείλει Αίτηση SLO",
"URL Location of the IDP's SLO Response" : "Τοποθεσία URL της απάντησης SLO του IDP",
"Public X.509 certificate of the IdP" : "Δημόσιο πιστοποιητικό X.509 του IdP",
"Attribute mapping" : "Χαρτογράφηση χαρακτηριστικών",
"If you want to optionally map attributes to the user you can configure these here." : "Αν επιθυμείτε προαιρετικά να χαρτογραφήσετε χαρακτηριστικά στον χρήστη, μπορείτε να τις διαμορφώσετε εδώ.",
"Show attribute mapping settings…" : "Εμφάνιση ρυθμίσεων χαρτογράφησης χαρακτηριστικών ",
"Security settings" : "Ρυθμίσεις ασφαλείας",
"For increased security we recommend enabling the following settings if supported by your environment." : "Για αυξημένη ασφάλεια σας συνιστούμε να ενεργοποιήσετε τις παρακάτω ρυθμίσεις εάν υποστηρίζονται από το περιβάλλον σας.",
"Show security settings…" : "Εμφάνιση ρυθμίσεων ασφαλείας...",
"Signatures and encryption offered" : "Υπογραφές και κρυπτογράφηση που προσφέρονται",
"Signatures and encryption required" : "Απαιτούνται υπογραφές και κρυπτογράφηση",
"Download metadata XML" : "Λήψη μεταδεδομένων XML",
"Reset settings" : "Επαναφορά ρυθμίσεων",
"Metadata invalid" : "Μη έγκυρα μεταδεδομένα",
"Metadata valid" : "Έγκυρα μεταδεδομένα",
"Error" : "Σφάλμα",
"Account not provisioned." : "Ο λογαριασμός δεν προβλέφθηκε.",
"Your account is not provisioned, access to this service is thus not possible." : "Ο λογαριασμός σας δεν προβλέπεται, επομένως δεν είναι δυνατή η πρόσβαση σε αυτήν την υπηρεσία.",
"Login options:" : "Επιλογές σύνδεσης:",
"Choose a authentication provider" : "Επιλογή παρόχου πιστοποίησης"
},"pluralForm" :"nplurals=2; plural=(n != 1);"
}

65
docker/nextcloud/src/custom_apps/user_saml/l10n/en_GB.js Normal file
View File

@ -0,0 +1,65 @@
OC.L10N.register(
"user_saml",
{
"This user account is disabled, please contact your administrator." : "This user account is disabled, please contact your administrator.",
"Saved" : "Saved",
"Unknown error, please check the log file for more details." : "Unknown error, please check the log file for more details.",
"Direct log in" : "Direct log in",
"SSO & SAML log in" : "SSO & SAML log in",
"X.509 certificate of the Service Provider" : "X.509 certificate of the Service Provider",
"Private key of the Service Provider" : "Private key of the Service Provider",
"Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted." : "Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.",
"Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]" : "Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]",
"Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed." : "Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed.",
"Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed." : "Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed.",
"Whether the metadata should be signed." : "Whether the metadata should be signed.",
"Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed." : "Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed.",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]" : "Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]",
"Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted." : "Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted.",
" Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present." : " Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.",
"Indicates a requirement for the NameID received by this SP to be encrypted." : "Indicates a requirement for the NameID received by this SP to be encrypted.",
"Indicates if the SP will validate all received XML." : "Indicates if the SP will validate all received XML.",
"ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification." : "ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.",
"Attribute to map the UID to." : "Attribute to map the UID to.",
"Only allow authentication if an account exists on some other backend. (e.g. LDAP)" : "Only allow authentication if an account exists on some other backend. (e.g. LDAP)",
"Attribute to map the displayname to." : "Attribute to map the displayname to.",
"Attribute to map the email address to." : "Attribute to map the email address to.",
"Attribute to map the quota to." : "Attribute to map the quota to.",
"Attribute to map the users groups to." : "Attribute to map the users groups to.",
"Use SAML auth for the %s desktop clients (requires user re-authentication)" : "Use SAML auth for the %s desktop clients (requires user re-authentication)",
"Optional display name of the identity provider (default: \"SSO & SAML log in\")" : "Optional display name of the identity provider (default: \"SSO & SAML log in\")",
"Allow the use of multiple user back-ends (e.g. LDAP)" : "Allow the use of multiple user back-ends (e.g. LDAP)",
"SSO & SAML authentication" : "SSO & SAML authentication",
"Authenticate using single sign-on" : "Authenticate using single sign-on",
"Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix." : "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.",
"Open documentation" : "Open documentation",
"Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable." : "Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable.",
"Use built-in SAML authentication" : "Use built-in SAML authentication",
"Use environment variable" : "Use environment variable",
"General" : "General",
"Service Provider Data" : "Service Provider Data",
"If your Service Provider should use certificates you can optionally specify them here." : "If your Service Provider should use certificates you can optionally specify them here.",
"Show Service Provider settings…" : "Show Service Provider settings…",
"Identity Provider Data" : "Identity Provider Data",
"Configure your IdP settings here." : "Configure your IdP settings here.",
"Identifier of the IdP entity (must be a URI)" : "Identifier of the IdP entity (must be a URI)",
"URL Target of the IdP where the SP will send the Authentication Request Message" : "URL Target of the IdP where the SP will send the Authentication Request Message",
"Show optional Identity Provider settings…" : "Show optional Identity Provider settings…",
"URL Location of the IdP where the SP will send the SLO Request" : "URL Location of the IdP where the SP will send the SLO Request",
"Public X.509 certificate of the IdP" : "Public X.509 certificate of the IdP",
"Attribute mapping" : "Attribute mapping",
"If you want to optionally map attributes to the user you can configure these here." : "If you want to optionally map attributes to the user you can configure these here.",
"Show attribute mapping settings…" : "Show attribute mapping settings…",
"Security settings" : "Security settings",
"For increased security we recommend enabling the following settings if supported by your environment." : "For increased security we recommend enabling the following settings if supported by your environment.",
"Show security settings…" : "Show security settings…",
"Signatures and encryption offered" : "Signatures and encryption offered",
"Signatures and encryption required" : "Signatures and encryption required",
"Download metadata XML" : "Download metadata XML",
"Metadata invalid" : "Metadata invalid",
"Metadata valid" : "Metadata valid",
"Error" : "Error",
"Account not provisioned." : "Account not provisioned.",
"Your account is not provisioned, access to this service is thus not possible." : "Your account is not provisioned, access to this service is thus not possible."
},
"nplurals=2; plural=(n != 1);");

Some files were not shown because too many files have changed in this diff Show More