/**
* @return EngineBlock_Corto_Module_Bindings
*/
private function mockBindingsModule()
{
$spRequest = new SAML2_AuthnRequest();
$spRequest->setId('SPREQUEST');
$spRequest->setIssuer('testSp');
$spRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($spRequest);
$ebRequest = new SAML2_AuthnRequest();
$ebRequest->setId('EBREQUEST');
$ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($ebRequest);
$dummyLog = new Psr\Log\NullLogger();
$authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($dummyLog);
$authnRequestRepository->store($spRequest);
$authnRequestRepository->store($ebRequest);
$authnRequestRepository->link($ebRequest, $spRequest);
$assertion = new SAML2_Assertion();
$assertion->setAttributes(array('urn:org:openconext:corto:internal:sp-entity-id' => array('testSp'), 'urn:mace:dir:attribute-def:cn' => array(null)));
$responseFixture = new SAML2_Response();
$responseFixture->setInResponseTo('EBREQUEST');
$responseFixture->setAssertions(array($assertion));
$responseFixture = new EngineBlock_Saml2_ResponseAnnotationDecorator($responseFixture);
$responseFixture->setOriginalIssuer('testIdP');
// Mock bindings module
/** @var EngineBlock_Corto_Module_Bindings $bindingsModuleMock */
$bindingsModuleMock = Phake::mock('EngineBlock_Corto_Module_Bindings');
Phake::when($bindingsModuleMock)->receiveResponse()->thenReturn($responseFixture);
return $bindingsModuleMock;
}
public function testToString()
{
$request = new SAML2_AuthnRequest();
$request->setId('TEST123');
$request->setIssueInstant(0);
$annotatedRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($request);
$annotatedRequest->setDebug();
$this->assertEquals('{"sspMessage":"<?xml version=\\"1.0\\"?>\\n<samlp:AuthnRequest xmlns:samlp=\\"urn:oasis:names:tc:SAML:2.0:protocol\\" xmlns:saml=\\"urn:oasis:names:tc:SAML:2.0:assertion\\" ID=\\"TEST123\\" Version=\\"2.0\\" IssueInstant=\\"1970-01-01T00:00:00Z\\"\\/>\\n","voContext":null,"keyId":null,"explicitVoContext":true,"wasSigned":false,"debug":true,"unsolicited":false,"transparent":false,"deliverByBinding":null}', $annotatedRequest->__toString());
}
public static function createFromRequest(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $originalRequest, IdentityProvider $idpMetadata, EngineBlock_Corto_ProxyServer $server)
{
$nameIdPolicy = array('AllowCreate' => 'true');
/**
* Name policy is not required, so it is only set if configured, SAML 2.0 spec
* says only following values are allowed:
* - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
* - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
*
* Note: Some IDP's like those using ADFS2 do not understand those, for these cases the format can be 'configured as empty
* or set to an older version.
*/
if (!empty($idpMetadata->nameIdFormat)) {
$nameIdPolicy['Format'] = $idpMetadata->nameIdFormat;
}
/** @var SAML2_AuthnRequest $originalRequest */
$sspRequest = new SAML2_AuthnRequest();
$sspRequest->setId($server->getNewId(\OpenConext\Component\EngineBlockFixtures\IdFrame::ID_USAGE_SAML2_REQUEST));
$sspRequest->setIssueInstant(time());
$sspRequest->setDestination($idpMetadata->singleSignOnServices[0]->location);
$sspRequest->setForceAuthn($originalRequest->getForceAuthn());
$sspRequest->setIsPassive($originalRequest->getIsPassive());
$sspRequest->setAssertionConsumerServiceURL($server->getUrl('assertionConsumerService'));
$sspRequest->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$sspRequest->setIssuer($server->getUrl('spMetadataService'));
$sspRequest->setNameIdPolicy($nameIdPolicy);
if (empty($idpMetadata->disableScoping)) {
// Copy over the Idps that are allowed to answer this request.
$sspRequest->setIDPList($originalRequest->getIDPList());
// Proxy Count
$sspRequest->setProxyCount($originalRequest->getProxyCount() ? $originalRequest->getProxyCount() : $server->getConfig('max_proxies', 10));
// Add the SP to the requesterIds
$requesterIds = $originalRequest->getRequesterID();
$requesterIds[] = $originalRequest->getIssuer();
// Add the SP as the requester
$sspRequest->setRequesterID($requesterIds);
}
// Use the default binding even if more exist
$request = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($sspRequest);
$request->setDeliverByBinding($idpMetadata->singleSignOnServices[0]->binding);
return $request;
}
/**
* @return EngineBlock_Saml2_AuthnRequestAnnotationDecorator
*/
protected function _createDebugRequest()
{
$sspRequest = new SAML2_AuthnRequest();
$sspRequest->setId($this->_server->getNewId(\OpenConext\Component\EngineBlockFixtures\IdFrame::ID_USAGE_SAML2_REQUEST));
$sspRequest->setIssuer($this->_server->getUrl('spMetadataService'));
$request = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($sspRequest);
$request->setDebug();
return $request;
}
/**
* launchkey_form - login form for wp-login.php
*
* @since 1.1.0
*
* @param string $class A space separated list of classes to set on the "class" attribute of a containing DIV for the login button
* @param string $id The value to set on the "id" attribute of a containing DIV for the login button
* @param string $style A string of HTML style code tto set on the "style" attribute of a containing DIV for the login button
*/
public function launchkey_form($class = '', $id = '', $style = '')
{
if (isset($_GET['launchkey_error'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'The LaunchKey request was denied or an issue was detected during authentication. Please try again.')));
} elseif (isset($_GET['launchkey_ssl_error'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was an error trying to request the LaunchKey servers. If this persists you may need to disable SSL verification.')));
} elseif (isset($_GET['launchkey_security'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was a security issue detected and you have been logged out for your safety. Log back in to ensure a secure session.')));
}
$container = SAML2_Utils::getContainer();
$request = new SAML2_AuthnRequest();
$request->setId($container->generateId());
//$request->setProviderName( parse_url( $this->wp_facade->home_url( '/' ), PHP_URL_HOST ) );
$request->setDestination($this->login_url);
$request->setIssuer($this->entity_id);
$request->setRelayState($this->wp_facade->admin_url());
$request->setAssertionConsumerServiceURL($this->wp_facade->wp_login_url());
$request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$request->setIsPassive(false);
$request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true));
// Send it off using the HTTP-Redirect binding
$binding = new SAML2_HTTPRedirect();
$binding->setDestination($this->login_url);
$this->wp_facade->_echo($this->template->render_template('launchkey-form', array('class' => $class, 'id' => $id, 'style' => $style, 'login_url' => $binding->getRedirectURL($request), 'login_text' => 'Log in with', 'login_with_app_name' => 'LaunchKey', 'size' => in_array($this->wp_facade->get_locale(), array('fr_FR', 'es_ES')) ? 'small' : 'medium')));
}
private function mockGlobals()
{
$_POST['ID'] = 'test';
$_POST['consent'] = 'yes';
$assertion = new SAML2_Assertion();
$assertion->setAttributes(array('urn:mace:dir:attribute-def:mail' => '*****@*****.**'));
$spRequest = new SAML2_AuthnRequest();
$spRequest->setId('SPREQUEST');
$spRequest->setIssuer('https://sp.example.edu');
$spRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($spRequest);
$ebRequest = new SAML2_AuthnRequest();
$ebRequest->setId('EBREQUEST');
$ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($ebRequest);
$dummySessionLog = new Psr\Log\NullLogger();
$authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($dummySessionLog);
$authnRequestRepository->store($spRequest);
$authnRequestRepository->store($ebRequest);
$authnRequestRepository->link($ebRequest, $spRequest);
$sspResponse = new SAML2_Response();
$sspResponse->setInResponseTo('EBREQUEST');
$sspResponse->setAssertions(array($assertion));
$_SESSION['consent']['test']['response'] = new EngineBlock_Saml2_ResponseAnnotationDecorator($sspResponse);
}
