}
break;
default:
break;
}
$messageid = $doc->getElementsByTagname('MessageID')->item(0)->nodeValue;
if ($authenticated) {
$ICconfig['InfoCard'] = $autoconfig->getValue('InfoCard');
$ICconfig['issuer'] = $autoconfig->getValue('issuer');
$ICconfig['sts_crt'] = $autoconfig->getValue('sts_crt');
$ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
$requiredClaims = sspmod_InfoCard_Utils::extractClaims($ICconfig['InfoCard']['schema'], $doc->getElementsByTagname('ClaimType'));
$claimValues = sspmod_InfoCard_UserFunctions::fillClaims($username, $ICconfig['InfoCard']['requiredClaims'], $ICconfig['InfoCard']['optionalClaims'], $requiredClaims);
$response = sspmod_InfoCard_STS::createToken($claimValues, $ICconfig, $messageid);
} else {
$response = sspmod_InfoCard_STS::errorMessage('Wrong Credentials', $messageid);
}
Header('Content-length: ' . strlen($response) + 1);
print $response;
//LOG
if ($debugDir != null) {
$handle = fopen($debugDir . '/' . $messageid . '.log', 'w');
fwrite($handle, " ------ InfoCard simpleSAMLphp Module LOG ------\n\n");
fwrite($handle, "-- TIME: " . gmdate('Y-m-d') . ' ' . gmdate('H:i:s') . "\n");
fwrite($handle, "-- MESSAGE ID: " . $messageid . "\n\n\n");
fwrite($handle, "-- RST\n");
fwrite($handle, $HTTP_RAW_POST_DATA);
fwrite($handle, "\n\n\n-- RSTR\n");
fwrite($handle, $response);
fclose($handle);
}
$token->addIDPKey($idp_key);
$token->addSTSCertificate('');
$claims = $token->process($_POST['xmlToken']);
if ($claims->isValid() && $claims->privatepersonalidentifier != NULL) {
$ppid = $claims->privatepersonalidentifier;
SimpleSAML_Logger::debug("PPID = {$ppid}");
$ICconfig['InfoCard'] = $Infocard;
$ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');
//sspmod_InfoCard_Utils::getIssuer($sts_crt);
$ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
$ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
$ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
$ICconfig['certificates'] = $autoconfig->getValue('certificates');
$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
$ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username, $userCredential, $ppid);
$IC = sspmod_InfoCard_STS::createCard($ICdata, $ICconfig);
header('Content-Disposition: attachment; filename="' . $ICdata['CardName'] . '.crd"');
header('Content-Type: application/x-informationcard');
header('Content-Length:' . strlen($IC));
echo $IC;
$state = 'end';
} else {
SimpleSAML_Logger::debug('Wrong Self-Issued card');
$error = 'wrong_IC';
$state = "selfIssued";
}
} else {
SimpleSAML_Logger::debug('NO HAY XML TOKEN');
$error = NULL;
$state = "selfIssued";
}
private static function RequestSecurityTokenResponse($claimValues, $config, $assertionid, $created, $expires)
{
$tr = '<wst:RequestSecurityTokenResponse>';
$tr .= '<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</wst:TokenType>';
$tr .= '<wst:LifeTime>';
$tr .= '<wsu:Created>' . $created . '</wsu:Created>';
$tr .= '<wsu:Expires>' . $expires . '</wsu:Expires>';
$tr .= '</wst:LifeTime>';
//Encrypted token: SAML assertion
$tr .= '<wst:RequestedSecurityToken>';
$tr .= sspmod_InfoCard_STS::saml_assertion($claimValues, $config, $assertionid, $created, $expires);
$tr .= '</wst:RequestedSecurityToken>';
//RequestedAattachedReference
$tr .= '<wst:RequestedAttachedReference>';
$tr .= '<wsse:SecurityTokenReference>';
$tr .= '<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">';
$tr .= $assertionid;
$tr .= '</wsse:KeyIdentifier>';
$tr .= '</wsse:SecurityTokenReference>';
$tr .= '</wst:RequestedAttachedReference>';
//RequestedUnattachedReference
$tr .= '<wst:RequestedUnattachedReference>';
$tr .= '<wsse:SecurityTokenReference>';
$tr .= '<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">';
$tr .= $assertionid;
$tr .= '</wsse:KeyIdentifier>';
$tr .= '</wsse:SecurityTokenReference>';
$tr .= '</wst:RequestedUnattachedReference>';
//RequestedDisplayToken
$tr .= '<ic:RequestedDisplayToken>';
$tr .= '<ic:DisplayToken xml:lang="en-us">';
foreach ($claimValues as $claim => $data) {
$tr .= '<ic:DisplayClaim Uri="' . $config['InfoCard']['schema'] . '/claims/' . $claim . '">';
$tr .= '<ic:DisplayTag>' . $data['displayTag'] . '</ic:DisplayTag>';
$tr .= '<ic:DisplayValue>' . $data['value'] . '</ic:DisplayValue>';
$tr .= "</ic:DisplayClaim>";
}
$tr .= '</ic:DisplayToken>';
$tr .= '</ic:RequestedDisplayToken>';
$tr .= '</wst:RequestSecurityTokenResponse>';
return $tr;
}
