/** * Test unmarshalling / marshalling of XML with Extensions element */ public function testExtensionOrdering() { $document = new DOMDocument(); $document->loadXML(<<<AUTHNREQUEST <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_306f8ec5b618f361c70b6ffb1480eade" Version="2.0" IssueInstant="2004-12-05T09:21:59Z" Destination="https://idp.example.org/SAML2/SSO/Artifact" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" AssertionConsumerServiceURL="https://sp.example.com/SAML2/SSO/Artifact"> <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer> <samlp:Extensions> <myns:AttributeList xmlns:myns="urn:mynamespace"> <myns:Attribute name="UserName" value=""/> </myns:AttributeList> </samlp:Extensions> <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/> </samlp:AuthnRequest> AUTHNREQUEST ); $authnRequest = new SAML2_AuthnRequest($document->documentElement); $this->assertXmlStringEqualsXmlString($document->C14N(), $authnRequest->toUnsignedXML()->C14N()); }
public function testMarshalling() { $fixtureRequestDom = new DOMDocument(); $fixtureRequestDom->loadXML(<<<XML <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_bec424fa5103428909a30ff1e31168327f79474984" Version="2.0" IssueInstant="2007-12-10T11:39:34Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://moodle.bridge.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php"> <saml:Issuer>urn:mace:feide.no:services:no.feide.moodle</saml:Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" SPNameQualifier="moodle.bridge.feide.no" AllowCreate="true" /> <samlp:RequestedAuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest> XML , LIBXML_NOBLANKS); $request = new SAML2_AuthnRequest($fixtureRequestDom->firstChild); $context = $request->getRequestedAuthnContext(); $this->assertEquals('_bec424fa5103428909a30ff1e31168327f79474984', $request->getId()); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport', $context['AuthnContextClassRef'][0]); $requestXml = $requestDocument = $request->toUnsignedXML()->ownerDocument->C14N(); $fixtureXml = $fixtureRequestDom->C14N(); $this->assertXmlStringEqualsXmlString($requestXml, $fixtureXml, 'Request after Unmarshalling and re-marshalling remains the same'); }
public function testUnmarshalling() { $authnRequest = new SAML2_AuthnRequest(); $authnRequest->setRequestedAuthnContext(array('AuthnContextClassRef' => array('accr1', 'accr2'), 'Comparison' => 'better')); $authnRequestElement = $authnRequest->toUnsignedXML(); $requestedAuthnContextElements = SAML2_Utils::xpQuery($authnRequestElement, './saml_protocol:RequestedAuthnContext'); $this->assertCount(1, $requestedAuthnContextElements); $requestedAuthnConextElement = $requestedAuthnContextElements[0]; $this->assertEquals('better', $requestedAuthnConextElement->getAttribute("Comparison")); $authnContextClassRefElements = SAML2_Utils::xpQuery($requestedAuthnConextElement, './saml_assertion:AuthnContextClassRef'); $this->assertCount(2, $authnContextClassRefElements); $this->assertEquals('accr1', $authnContextClassRefElements[0]->textContent); $this->assertEquals('accr2', $authnContextClassRefElements[1]->textContent); }
/** * Due to the fact that the symmetric key is generated each time, we cannot test whether or not the resulting XML * matches a specific XML, but we can test whether or not the resulting structure is actually correct, conveying * all information required to decrypt the NameId. */ public function testThatAnEncryptedNameIdResultsInTheCorrectXmlStructure() { // the NameID we're going to encrypt $nameId = array('Value' => md5('Arthur Dent'), 'Format' => SAML2_Const::NAMEID_ENCRYPTED); // basic AuthnRequest $request = new SAML2_AuthnRequest(); $request->setIssuer('https://gateway.stepup.org/saml20/sp/metadata'); $request->setDestination('https://tiqr.stepup.org/idp/profile/saml2/Redirect/SSO'); $request->setNameId($nameId); // encrypt the NameID $key = SAML2_CertificatesMock::getPublicKey(); $request->encryptNameId($key); $expectedStructureDocument = new DOMDocument(); $expectedStructureDocument->loadXML(<<<AUTHNREQUEST <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="" Version="" IssueInstant="" Destination=""> <saml:Issuer></saml:Issuer> <saml:Subject> <saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <xenc:CipherData> <xenc:CipherValue></xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue></xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </saml:EncryptedID> </saml:Subject> </samlp:AuthnRequest> AUTHNREQUEST ); $expectedStructure = $expectedStructureDocument->documentElement; $requestStructure = $request->toUnsignedXML(); $this->assertEqualXMLStructure($expectedStructure, $requestStructure); }
/** * Test for setting IDPEntry values via setIDPList. * Tests legacy support (single string), array of attributes, and skipping of unknown attributes. */ public function testIDPlistAttributes() { // basic AuthnRequest $request = new SAML2_AuthnRequest(); $request->setIssuer('https://gateway.example.org/saml20/sp/metadata'); $request->setDestination('https://tiqr.example.org/idp/profile/saml2/Redirect/SSO'); $request->setIDPList(array('Legacy1', array('ProviderID' => 'http://example.org/AAP', 'Name' => 'N00T', 'Loc' => 'https://mies'), array('ProviderID' => 'urn:example:1', 'Name' => 'Voorbeeld', 'Something' => 'Else'))); $expectedStructureDocument = new DOMDocument(); $expectedStructureDocument->loadXML(<<<AUTHNREQUEST <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="" Version="" IssueInstant="" Destination=""> <saml:Issuer></saml:Issuer> <samlp:Scoping><samlp:IDPList> <samlp:IDPEntry ProviderID="Legacy1"/> <samlp:IDPEntry ProviderID="http://example.org/AAP" Name="N00T" Loc="https://mies"/> <samlp:IDPEntry ProviderID="urn:example:1" Name="Voorbeeld"/> </samlp:IDPList></samlp:Scoping> </samlp:AuthnRequest> AUTHNREQUEST ); $expectedStructure = $expectedStructureDocument->documentElement; $requestStructure = $request->toUnsignedXML(); $this->assertEqualXMLStructure($expectedStructure, $requestStructure); }