/**
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @throws \RuntimeException
  * @throws \InvalidArgumentException if cannot manage the Request
  * @return \Symfony\Component\HttpFoundation\Response|SamlSpInfo|null
  */
 public function manage(Request $request)
 {
     if (!$this->supports($request)) {
         throw new \InvalidArgumentException('Unsupported request');
     }
     $logoutRequest = $this->receiveRequest($request);
     $serviceInfo = $this->getServiceInfo($logoutRequest);
     $this->validateLogoutRequest($serviceInfo, $logoutRequest);
     $arrStates = $this->getSSOState($serviceInfo, $logoutRequest->getNameID()->getValue(), $logoutRequest->getSessionIndex());
     $this->deleteSSOState($arrStates);
     $logoutResponse = new LogoutResponse();
     $logoutResponse->setID(Helper::generateID());
     $logoutResponse->setIssuer($serviceInfo->getSpProvider()->getEntityDescriptor()->getEntityID());
     $logoutResponse->setInResponseTo($logoutRequest->getID());
     $arrSLO = $serviceInfo->getIdpProvider()->getEntityDescriptor()->getFirstIdpSsoDescriptor()->findSingleLogoutServices();
     /** @var  $slo SingleLogoutService */
     $slo = array_pop($arrSLO);
     $logoutResponse->setDestination($slo->getLocation());
     $status = new Status();
     $status->setSuccess();
     $logoutResponse->setStatus($status);
     $context = new SerializationContext();
     $logoutResponse->getXml($context->getDocument(), $context);
     $xml = $context->getDocument()->saveXML();
     return new Response($xml, 200, array('Content-Type' => 'application/xml'));
 }
Ejemplo n.º 2
0
 /**
  * @param AbstractService $service
  * @return SpSsoDescriptor
  * @throws \InvalidArgumentException
  */
 public function addService(AbstractService $service)
 {
     $class = Helper::getClassNameOnly($service);
     if ($class != 'SingleLogoutService' && $class != 'SingleSignOnService') {
         throw new \InvalidArgumentException("Invalid service type {$class} for IDPSSODescriptor");
     }
     return parent::addService($service);
 }
Ejemplo n.º 3
0
 /**
  * @param string $class
  * @param int|bool $count
  * @return GetXmlInterface[]|LoadFromXmlInterface[]
  */
 public function getItemsByType($class, $count = false)
 {
     $result = array();
     foreach ($this->items as $item) {
         if (Helper::doClassNameMatch($item, $class)) {
             $result[] = $item;
             if ($count && count($result) >= $count) {
                 break;
             }
         }
     }
     return $result;
 }
Ejemplo n.º 4
0
 /**
  * @param \DOMNode $parent
  * @param \AerialShip\LightSaml\Meta\SerializationContext $context
  * @return \DOMElement
  */
 function getXml(\DOMNode $parent, SerializationContext $context)
 {
     $result = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'saml:AuthnStatement');
     $parent->appendChild($result);
     $result->setAttribute('AuthnInstant', Helper::time2string($this->getAuthnInstant()));
     if ($this->getSessionIndex()) {
         $result->setAttribute('SessionIndex', $this->getSessionIndex());
     }
     $authnContextNode = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'saml:AuthnContext');
     $result->appendChild($authnContextNode);
     $refNode = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'saml:AuthnContextClassRef', $this->getAuthnContext());
     $authnContextNode->appendChild($refNode);
     return $result;
 }
Ejemplo n.º 5
0
 /**
  * @return AuthnRequest
  */
 public function build()
 {
     $result = new AuthnRequest();
     $edSP = $this->getEdSP();
     $result->setID(Helper::generateID());
     $result->setDestination($this->getDestination());
     $result->setIssueInstant(time());
     $asc = $this->getAssertionConsumerService();
     $result->setAssertionConsumerServiceURL($asc->getLocation());
     $result->setProtocolBinding($asc->getBinding());
     $result->setIssuer($edSP->getEntityID());
     if ($this->spMeta->getNameIdFormat()) {
         $result->setNameIdPolicyFormat($this->spMeta->getNameIdFormat());
     }
     return $result;
 }
 /**
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @throws \RuntimeException
  * @throws \InvalidArgumentException if cannot manage the Request
  * @return \Symfony\Component\HttpFoundation\Response|SamlSpInfo|null
  */
 public function manage(Request $request)
 {
     if (!$this->supports($request)) {
         throw new \InvalidArgumentException('Unsupported request');
     }
     $logoutRequest = $this->receiveRequest($request);
     $serviceInfo = $this->getServiceInfo($logoutRequest, $request);
     $this->validateLogoutRequest($serviceInfo, $logoutRequest);
     $arrStates = $this->getSSOState($serviceInfo, $logoutRequest->getNameID()->getValue(), $logoutRequest->getSessionIndex());
     $this->deleteSSOState($arrStates);
     $logoutResponse = new LogoutResponse();
     $logoutResponse->setID(Helper::generateID());
     $logoutResponse->setIssuer($serviceInfo->getSpProvider()->getEntityDescriptor()->getEntityID());
     $logoutResponse->setInResponseTo($logoutRequest->getID());
     $logoutResponse->setRelayState($logoutRequest->getRelayState());
     $arrSLO = $serviceInfo->getIdpProvider()->getEntityDescriptor()->getFirstIdpSsoDescriptor()->findSingleLogoutServices();
     /** @var  $slo SingleLogoutService */
     $slo = array_pop($arrSLO);
     $logoutResponse->setDestination($slo->getLocation());
     $status = new Status();
     $status->setSuccess();
     $logoutResponse->setStatus($status);
     // Log the user out
     $request->getSession()->invalidate();
     $this->securityContext->setToken(null);
     // Return the response to SLO Service
     $bindingType = $serviceInfo->getSpMetaProvider()->getSpMeta()->getResponseBinding();
     if ($bindingType) {
         $detector = new BindingDetector();
         $binding = $detector->instantiate($bindingType);
     } else {
         $binding = new HttpRedirect();
     }
     $bindingResponse = $binding->send($logoutResponse);
     if ($bindingResponse instanceof PostResponse) {
         return new Response($bindingResponse->render());
     } else {
         if ($bindingResponse instanceof RedirectResponse) {
             return new RedirectResponse($bindingResponse->getDestination());
         } else {
             $context = new SerializationContext();
             $logoutResponse->getXml($context->getDocument(), $context);
             $xml = $context->getDocument()->saveXML();
             return new Response($xml, 200, array('Content-Type' => 'application/xml'));
         }
     }
 }
 /**
  * @param string $nameIDValue
  * @param string|null $nameIDFormat
  * @param string|null $sessionIndex
  * @param string|null $reason
  * @return LogoutRequest
  */
 public function build($nameIDValue, $nameIDFormat = null, $sessionIndex = null, $reason = null)
 {
     $result = new LogoutRequest();
     $edSP = $this->getEdSP();
     $result->setID(Helper::generateID());
     $result->setDestination($this->getDestination());
     $result->setIssueInstant(time());
     if ($reason) {
         $result->setReason($reason);
     }
     if ($sessionIndex) {
         $result->setSessionIndex($sessionIndex);
     }
     $nameID = new NameID();
     $nameID->setValue($nameIDValue);
     if ($nameIDFormat) {
         $nameID->setFormat($nameIDFormat);
     }
     $result->setNameID($nameID);
     $result->setIssuer($edSP->getEntityID());
     return $result;
 }
Ejemplo n.º 8
0
 /**
  * @param string $class
  * @param string|null $binding
  * @return AbstractService[]
  */
 public function findServices($class, $binding)
 {
     $result = array();
     foreach ($this->getServices() as $service) {
         if (Helper::doClassNameMatch($service, $class)) {
             if (!$binding || $binding == $service->getBinding()) {
                 $result[] = $service;
             }
         }
     }
     return $result;
 }
 /**
  * @param \DOMNode $parent
  * @param \AerialShip\LightSaml\Meta\SerializationContext $context
  * @return \DOMElement
  */
 function getXml(\DOMNode $parent, SerializationContext $context)
 {
     $result = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'saml:SubjectConfirmationData');
     $parent->appendChild($result);
     if ($this->getNotBefore()) {
         $result->setAttribute('NotBefore', Helper::time2string($this->getNotBefore()));
     }
     if ($this->getNotOnOrAfter()) {
         $result->setAttribute('NotOnOrAfter', Helper::time2string($this->getNotOnOrAfter()));
     }
     foreach (array('Recipient', 'InResponseTo', 'Address') as $name) {
         $method = "get{$name}";
         if ($this->{$method}()) {
             $result->setAttribute($name, $this->{$method}());
         }
     }
     return $result;
 }
Ejemplo n.º 10
0
 function getXml(\DOMNode $parent, SerializationContext $context)
 {
     $result = parent::getXml($parent, $context);
     if ($this->getNotOnOrAfter()) {
         $result->setAttribute('NotOnOrAfter', Helper::time2string($this->getNotOnOrAfter()));
     }
     if ($this->getReason()) {
         $result->setAttribute('Reason', $this->getReason());
     }
     if ($this->getNameID()) {
         $result->appendChild($this->getNameID()->getXml($parent, $context));
     }
     if ($this->getSessionIndex()) {
         $sessionIndex = $context->getDocument()->createElementNS(Protocol::SAML2, 'samlp:SessionIndex', $this->getSessionIndex());
         $result->appendChild($sessionIndex);
     }
     return $result;
 }
Ejemplo n.º 11
0
 /**
  * @param \DOMElement $xml
  * @throws \AerialShip\LightSaml\Error\InvalidXmlException
  */
 public function loadFromXml(\DOMElement $xml)
 {
     $name = $this->getXmlNodeLocalName();
     if (($pos = strpos($name, ':')) !== false) {
         $name = substr($name, $pos + 1);
     }
     if ($xml->localName != $name) {
         throw new InvalidXmlException('Expected ' . $this->getXmlNodeLocalName() . ' node but got ' . $xml->localName);
     }
     if ($this->getXmlNodeNamespace() && $xml->namespaceURI != $this->getXmlNodeNamespace()) {
         throw new InvalidXmlException('Expected ' . $this->getXmlNodeNamespace() . ' namespace but got' . $xml->namespaceURI);
     }
     $this->checkRequiredAttributes($xml, array('ID', 'Version', 'IssueInstant'));
     $this->setID($xml->getAttribute('ID'));
     $this->setVersion($xml->getAttribute('Version'));
     $this->setIssueInstant(Helper::parseSAMLTime($xml->getAttribute('IssueInstant')));
     $this->setDestination($xml->getAttribute('Destination'));
     $this->iterateChildrenElements($xml, function (\DOMElement $node) {
         if ($node->localName == 'Issuer' && $node->namespaceURI == Protocol::NS_ASSERTION) {
             $this->setIssuer($node->textContent);
         }
     });
 }
Ejemplo n.º 12
0
 /**
  * @param \DOMElement $xml
  * @throws \AerialShip\LightSaml\Error\InvalidXmlException
  */
 function loadFromXml(\DOMElement $xml)
 {
     if ($xml->localName != 'EntitiesDescriptor' || $xml->namespaceURI != Protocol::NS_METADATA) {
         throw new InvalidXmlException('Expected EntitiesDescriptor element and ' . Protocol::NS_METADATA . ' namespace but got ' . $xml->localName);
     }
     if ($xml->hasAttribute('validUntil')) {
         $this->setValidUntil(Helper::parseSAMLTime($xml->getAttribute('validUntil')));
     }
     if ($xml->hasAttribute('cacheDuration')) {
         $this->setCacheDuration($xml->getAttribute('cacheDuration'));
     }
     if ($xml->hasAttribute('ID')) {
         $this->setId($xml->getAttribute('ID'));
     }
     if ($xml->hasAttribute('Name')) {
         $this->setName($xml->getAttribute('Name'));
     }
     $this->items = array();
     $this->loadXmlChildren($xml, array(array('node' => array('name' => 'EntitiesDescriptor', 'ns' => Protocol::NS_METADATA), 'class' => '\\AerialShip\\LightSaml\\Model\\Metadata\\EntitiesDescriptor'), array('node' => array('name' => 'EntityDescriptor', 'ns' => Protocol::NS_METADATA), 'class' => '\\AerialShip\\LightSaml\\Model\\Metadata\\EntityDescriptor')), function (LoadFromXmlInterface $obj) {
         $this->addItem($obj);
     });
     if (empty($this->items)) {
         throw new InvalidXmlException('Expected at least one of EntityDescriptor or EntitiesDescriptor');
     }
 }
Ejemplo n.º 13
0
 /**
  * @param \DOMNode $parent
  * @param \AerialShip\LightSaml\Meta\SerializationContext $context
  * @throws \AerialShip\LightSaml\Error\InvalidAssertionException
  * @return \DOMElement
  */
 function getXml(\DOMNode $parent, SerializationContext $context)
 {
     $this->prepareForXml();
     $result = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'saml:Assertion');
     $parent->appendChild($result);
     $result->setAttribute('ID', $this->getID());
     $result->setAttribute('Version', $this->getVersion());
     $result->setAttribute('IssueInstant', Helper::time2string($this->getIssueInstant()));
     $issuerNode = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'saml:Issuer', $this->getIssuer());
     $result->appendChild($issuerNode);
     $this->getSubject()->getXml($result, $context);
     $conditionsNode = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'saml:Conditions');
     $result->appendChild($conditionsNode);
     $conditionsNode->setAttribute('NotBefore', Helper::time2string($this->getNotBefore()));
     $conditionsNode->setAttribute('NotOnOrAfter', Helper::time2string($this->getNotOnOrAfter()));
     if ($this->getValidAudience()) {
         $audienceRestrictionNode = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'AudienceRestriction');
         $conditionsNode->appendChild($audienceRestrictionNode);
         foreach ($this->getValidAudience() as $v) {
             $audienceNode = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'Audience', $v);
             $audienceRestrictionNode->appendChild($audienceNode);
         }
     }
     $attributeStatementNode = $context->getDocument()->createElementNS(Protocol::NS_ASSERTION, 'saml:AttributeStatement');
     $result->appendChild($attributeStatementNode);
     foreach ($this->getAllAttributes() as $attribute) {
         $attribute->getXml($attributeStatementNode, $context);
     }
     $this->getAuthnStatement()->getXml($result, $context);
     if ($signature = $this->getSignature()) {
         if (!$signature instanceof SignatureCreator) {
             throw new InvalidAssertionException('Signature must be SignatureCreator');
         }
         $signature->getXml($result, $context);
     }
     return $result;
 }