/**
* @param ServiceProvider $serviceProvider
* @param IdentityProvider $identityProvider
* @return AuthnRequest
*/
public static function createNewRequest(ServiceProvider $serviceProvider, IdentityProvider $identityProvider)
{
$request = new SAML2_AuthnRequest();
$request->setAssertionConsumerServiceURL($serviceProvider->getAssertionConsumerUrl());
$request->setDestination($identityProvider->getSsoUrl());
$request->setIssuer($serviceProvider->getEntityId());
$request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$request->setSignatureKey(self::loadPrivateKey($serviceProvider->getPrivateKey(SAML2_Configuration_PrivateKey::NAME_DEFAULT)));
return AuthnRequest::createNew($request);
}
/**
* @param AuthnRequest $request
* @param ServiceProvider $serviceProvider
* @return bool
*/
public function hasValidSignature(AuthnRequest $request, ServiceProvider $serviceProvider)
{
$this->logger->debug(sprintf('Extracting public keys for ServiceProvider "%s"', $serviceProvider->getEntityId()));
$keys = $this->keyLoader->extractPublicKeys($serviceProvider);
$this->logger->debug(sprintf('Found "%d" keys, filtering the keys to get X509 keys', $keys->count()));
$x509Keys = $keys->filter(function (SAML2_Certificate_Key $key) {
return $key instanceof SAML2_Certificate_X509;
});
$this->logger->debug(sprintf('Found "%d" X509 keys, attempting to use each for signature verification', $x509Keys->count()));
foreach ($x509Keys as $key) {
if ($this->isSignedWith($request, $key)) {
return true;
}
}
$this->logger->debug('Signature could not be verified with any of the found X509 keys.');
return false;
}
