Statically store the SP metadata and refresh on config changes

brendanheywood · brendanheywood · commit ebd0298fa17e · 2016-06-24T11:56:06.000+10:00
diff --git a/auth.php b/auth.php
@@ -363,10 +363,18 @@ public function validate_form($form, &$err) {
      * @param object $config
      */
     public function process_config($config) {
+        $haschanged = false;
+
         foreach ($this->defaults as $key => $value) {
-            set_config($key, $config->$key, 'auth_saml2');
+            if ($config->$key != $this->config->$key) {
+                set_config($key, $config->$key, 'auth_saml2');
+                $haschanged = true;
+            }
         }
-        return true;
+
+        if ($haschanged) {
+            $file = $this->certdir . $this->spname . '.xml';
+            @unlink($file);
     }
 
     /**
diff --git a/locallib.php b/locallib.php
@@ -35,9 +35,16 @@ function auth_saml2_get_sp_metadata() {
 
     global $saml2auth, $CFG;
 
-    $auth = new SimpleSAML_Auth_Simple($saml2auth->spname);
-    $config = SimpleSAML_Configuration::getInstance();
     $sourceId = $saml2auth->spname;
+
+    $file = $saml2auth->certdir . $saml2auth->spname . '.xml';
+    if (file_exists($file)) {
+        $xml = file_get_contents($file);
+        return $xml;
+    }
+
+    $auth = new SimpleSAML_Auth_Simple($sourceId);
+    $config = SimpleSAML_Configuration::getInstance();
     $source = SimpleSAML_Auth_Source::getById($sourceId);
     if ($source === NULL) {
         throw new SimpleSAML_Error_NotFound('Could not find authentication source with id ' . $sourceId);
@@ -265,6 +272,9 @@ function auth_saml2_get_sp_metadata() {
     /* Sign the metadata if enabled. */
     $xml = SimpleSAML_Metadata_Signer::sign($xml, $spconfig->toArray(), 'SAML 2 SP');
 
+    // Store the file so it is exactly the same next time.
+    file_put_contents($file, $xml);
+
     return $xml;
 }
 
diff --git a/regenerate.php b/regenerate.php
@@ -54,6 +54,10 @@
     $saml2auth = new auth_plugin_saml2();
     $error = create_certificates($saml2auth, $dn, $numberofdays);
 
+    // Also refresh the SP metadata as well.
+    $file = $saml2auth->certdir . $saml2auth->spname . '.xml';
+    @unlink($file);
+
     if (empty($error)) {
         redirect("$CFG->wwwroot/admin/auth_config.php?auth=saml2");
     }
