/**
* @param SSODescriptor $ssoDescriptor
* @param EntityDescriptor $entityDescriptor
* @param array $result
*/
protected function handleDescriptor(SSODescriptor $ssoDescriptor, EntityDescriptor $entityDescriptor, array &$result)
{
foreach ($ssoDescriptor->getAllKeyDescriptors() as $keyDescriptor) {
$credential = (new X509Credential($keyDescriptor->getCertificate()))->setEntityId($entityDescriptor->getEntityID())->addKeyName($keyDescriptor->getCertificate()->getName())->setCredentialContext(new CredentialContextSet(array(new MetadataCredentialContext($keyDescriptor, $ssoDescriptor, $entityDescriptor))))->setUsageType($keyDescriptor->getUse());
$result[] = $credential;
}
}
/**
* @return EntityDescriptor
*/
public function get()
{
if (null == $this->entityDescriptor) {
$this->entityDescriptor = new EntityDescriptor();
$deserializationContext = new DeserializationContext();
$deserializationContext->getDocument()->load($this->filename);
$this->entityDescriptor->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
}
return $this->entityDescriptor;
}
public function test__serialization()
{
$ed = new EntityDescriptor();
$ed->setEntityID($entityID = 'http://vendor.com/id')->setID($edID = '_127800fe-39ac-46ad-b073-6fb6106797a0')->addItem((new IdpSsoDescriptor())->addSingleSignOnService((new SingleSignOnService())->setBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setLocation('http://idp.example.com/sso/post'))->addSingleSignOnService((new SingleSignOnService())->setBinding(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)->setLocation('http://idp.example.com/slo/get'))->addSingleLogoutService((new SingleLogoutService())->setBinding(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)->setLocation('http://idp.example.com/slo/redirect'))->addAttribute((new Attribute())->setName(ClaimTypes::COMMON_NAME)->setFriendlyName('Common Name')->addAttributeValue('common name value'))->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_EMAIL)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT)->addKeyDescriptor((new KeyDescriptor())->setCertificate((new X509Certificate())->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt')))->addOrganization((new Organization())->setOrganizationName('Organization Name')->setOrganizationDisplayName('Display Name')->setOrganizationURL('http://organization.org'))->addContactPerson((new ContactPerson())->setContactType(ContactPerson::TYPE_SUPPORT)->setGivenName('Support')->setSurName('Smith')->setEmailAddress('*****@*****.**')))->addItem((new SpSsoDescriptor())->addSingleLogoutService((new SingleLogoutService())->setBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setLocation('http://sp.example.com/slo/post'))->addAssertionConsumerService((new AssertionConsumerService())->setBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setLocation('http://sp.example.com/acs/post')->setIndex(0)->setIsDefault(true))->addAssertionConsumerService((new AssertionConsumerService())->setBinding(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)->setLocation('http://sp.example.com/acs/redirect')->setIndex(1)->setIsDefault(false))->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT));
$context = new SerializationContext();
$ed->serialize($context->getDocument(), $context);
$context->getDocument()->formatOutput = true;
$xml = $context->getDocument()->saveXML();
$expectedXml = <<<EOT
<?xml version="1.0"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://vendor.com/id" ID="_127800fe-39ac-46ad-b073-6fb6106797a0">
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDrDCCApSgAwIBAgIJAIxzbGLou3BjMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlJTMQ8wDQYDVQQIEwZTZXJiaWExDDAKBgNVBAoTA0JPUzEUMBIGA1UEAxMLbXQuZXZvLnRlYW0wHhcNMTMxMDA4MTg1OTMyWhcNMjMxMDA4MTg1OTMyWjBCMQswCQYDVQQGEwJSUzEPMA0GA1UECBMGU2VyYmlhMQwwCgYDVQQKEwNCT1MxFDASBgNVBAMTC210LmV2by50ZWFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAws7jML47jTQbWleRwihk15wOjuspoKPcxW1aERexAMWe8BMs1MeeTOMXjnA35breGa9PwJi2KjtDz3gkhVCglZzLZGBLLO7uchZvagFhTomZa20jTqO6JQbDli3pYNP0fBIrmEbH9cfhgm91Fm+6bTVnJ4xQhT4aPWrPAVKU2FDTBFBf4QNMIb1iI1oNErt3iocsbRTbIyjjvIe8yLVrtmZXA0DnkxB/riym0GT+4gpOEKV6GUMTF1x0eQMUzw4dkxhFs7fv6YrJymtEMmHOeiA5vVPEtxEr84JAXJyZUaZfufkj/jHUlX+POFWx2JRv+428ghrXpNvqUNqv7ozfFwIDAQABo4GkMIGhMB0GA1UdDgQWBBRomf3Xyc5ck3ceIXq0n45pxUkgwjByBgNVHSMEazBpgBRomf3Xyc5ck3ceIXq0n45pxUkgwqFGpEQwQjELMAkGA1UEBhMCUlMxDzANBgNVBAgTBlNlcmJpYTEMMAoGA1UEChMDQk9TMRQwEgYDVQQDEwttdC5ldm8udGVhbYIJAIxzbGLou3BjMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGAXc8pe6+6owl9z2iqybE6pbjXTKqjSclMGrdeooItU1xGqBhYu/b2q6hEvYZCzlqYe5euf3r8C7GAAKEYyuwu3xuLDYV4n6l6eWTIl1doug+r0Bl8Z3157A4BcgmUT64QkekI2VDHO8WAdDOWQg1UTEoqCryTOtmRaC391iGAqbz1wtZtV95boGdur8SChK9LKcPrbCDxpo64BMgtPk2HkRgE7h5YWkLHxmxwZrYi3EAfS6IucblY3wwY4GEix8DQh1lYgpv5TOD8IMVf+oUWdp81Un/IqHqLhnSupwk6rBYbUFhN/ClK5UcoDqWHcj27tGKD6aNlxTdSwcYBl3Ts=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<Organization>
<OrganizationName>Organization Name</OrganizationName>
<OrganizationDisplayName>Display Name</OrganizationDisplayName>
<OrganizationURL>http://organization.org</OrganizationURL>
</Organization>
<ContactPerson contactType="support">
<GivenName>Support</GivenName>
<SurName>Smith</SurName>
<EmailAddress>support@idp.com</EmailAddress>
</ContactPerson>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://idp.example.com/slo/redirect"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://idp.example.com/sso/post"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://idp.example.com/slo/get"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" FriendlyName="Common Name">
<AttributeValue>common name value</AttributeValue>
</Attribute>
</IDPSSODescriptor>
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://sp.example.com/slo/post"/>
<AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://sp.example.com/acs/post"/>
<AssertionConsumerService index="1" isDefault="false" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://sp.example.com/acs/redirect"/>
</SPSSODescriptor>
</EntityDescriptor>
EOT;
$xml = trim(str_replace("\r", '', $xml));
$expectedXml = trim(str_replace("\r", '', $expectedXml));
$this->assertEquals($expectedXml, $xml);
}
/**
* @return EntityDescriptor
*/
protected function getEntityDescriptor()
{
$entityDescriptor = new EntityDescriptor();
$entityDescriptor->setEntityID($this->entityId);
$spSsoDescriptor = $this->getSpSsoDescriptor();
if ($spSsoDescriptor) {
$entityDescriptor->addItem($spSsoDescriptor);
}
$idpSsoDescriptor = $this->getIdpSsoDescriptor();
if ($idpSsoDescriptor) {
$entityDescriptor->addItem($idpSsoDescriptor);
}
return $entityDescriptor;
}
public function test__deserialize_formatted_certificate()
{
$context = new DeserializationContext();
$context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/ed01-formatted-certificate.xml');
$ed = new EntityDescriptor();
$ed->deserialize($context->getDocument()->firstChild, $context);
$this->assertNotNull($ed->getFirstIdpSsoDescriptor());
$arr = $ed->getFirstIdpSsoDescriptor()->getAllKeyDescriptors();
$this->assertCount(1, $arr);
/** @var KeyDescriptor $kd */
$kd = array_shift($arr);
$crt = openssl_x509_parse($kd->getCertificate()->toPem());
$this->assertEquals('idp.testshib.org', $crt['subject']['CN']);
}
public function test_creates_composite_store()
{
$factory = new CredentialFactory();
$idpStore = new FixedEntityDescriptorStore();
$idpStore->add(EntityDescriptor::load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/idp-ed.xml'));
$spStore = new FixedEntityDescriptorStore();
$spStore->add(EntityDescriptor::load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/sp-ed2.xml'));
$ownCredential = new X509Credential(X509Certificate::fromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.pem', '', true));
$ownCredential->setEntityId('own');
$extraCredential = new X509Credential(X509Certificate::fromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/lightsaml-idp.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/lightsaml-idp.key', '', true));
$extraCredential->setEntityId('extra');
$store = $factory->build($idpStore, $spStore, [$ownCredential], [$extraCredential]);
/** @var X509Credential[] $credentials */
$credentials = $store->getByEntityId('https://sts.windows.net/554fadfe-f04f-4975-90cb-ddc8b147aaa2/');
$this->assertCount(1, $credentials);
$this->assertEquals('https://sts.windows.net/554fadfe-f04f-4975-90cb-ddc8b147aaa2/', $credentials[0]->getEntityId());
$this->assertEquals(['CN' => 'accounts.accesscontrol.windows.net'], $credentials[0]->getCertificate()->getSubject());
$this->assertEquals(UsageType::SIGNING, $credentials[0]->getUsageType());
$credentials = $store->getByEntityId('https://mt.evo.team/simplesaml/module.php/saml/sp/metadata.php/default-sp');
$this->assertCount(2, $credentials);
$this->assertEquals('https://mt.evo.team/simplesaml/module.php/saml/sp/metadata.php/default-sp', $credentials[0]->getEntityId());
$subject = $credentials[0]->getCertificate()->getSubject();
$this->assertEquals('mt.evo.team', $subject['CN']);
$this->assertEquals(UsageType::SIGNING, $credentials[0]->getUsageType());
$this->assertEquals(UsageType::ENCRYPTION, $credentials[1]->getUsageType());
$credentials = $store->getByEntityId('own');
$this->assertCount(1, $credentials);
$credentials = $store->getByEntityId('extra');
$this->assertCount(1, $credentials);
}
/**
* @param EntityDescriptor|EntitiesDescriptor $entityDescriptor
*
* @return FixedEntityDescriptorStore
*
* @throws \InvalidArgumentException
*/
public function add($entityDescriptor)
{
if ($entityDescriptor instanceof EntityDescriptor) {
if (false == $entityDescriptor->getEntityID()) {
throw new \InvalidArgumentException('EntityDescriptor must have entityId set');
}
$this->descriptors[$entityDescriptor->getEntityID()] = $entityDescriptor;
} elseif ($entityDescriptor instanceof EntitiesDescriptor) {
foreach ($entityDescriptor->getAllItems() as $item) {
$this->add($item);
}
} else {
throw new \InvalidArgumentException('Expected EntityDescriptor or EntitiesDescriptor');
}
return $this;
}
private function load()
{
try {
$this->object = EntityDescriptor::load($this->filename);
} catch (LightSamlXmlException $ex) {
$this->object = EntitiesDescriptor::load($this->filename);
}
}
/**
* @param string $ownRole
* @param SamlMessage $inboundMessage
* @param Endpoint $endpoint
* @param EntityDescriptor $partyEntityDescriptor
* @param string $profileId
*
* @return \LightSaml\Context\Profile\ProfileContext
*/
protected function createContext($ownRole = ProfileContext::ROLE_IDP, SamlMessage $inboundMessage = null, Endpoint $endpoint = null, EntityDescriptor $partyEntityDescriptor = null, $profileId = Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST)
{
$context = TestHelper::getProfileContext($profileId, $ownRole);
if ($endpoint) {
$context->getEndpointContext()->setEndpoint($endpoint);
}
if (null == $partyEntityDescriptor) {
$partyEntityDescriptor = EntityDescriptor::load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/idp2-ed-formatted.xml');
}
$context->getPartyEntityContext()->setEntityDescriptor($partyEntityDescriptor);
if ($inboundMessage) {
$context->getInboundContext()->setMessage($inboundMessage);
}
return $context;
}
public function test_entity_descriptor_with_xsd()
{
$entityDescriptor = new EntityDescriptor();
$entityDescriptor->setID(Helper::generateID())->setEntityID('https://idp.com');
$entityDescriptor->addItem($idpSsoDescriptor = new IdpSsoDescriptor());
$idpSsoDescriptor->addAttribute((new Attribute(ClaimTypes::EMAIL_ADDRESS))->setNameFormat('urn:oasis:names:tc:SAML:2.0:attrname-format:uri')->setFriendlyName('Email address'))->addSingleSignOnService(new SingleSignOnService('https://idp.com/login', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleSignOnService(new SingleSignOnService('https://idp.com/login', SamlConstants::BINDING_SAML2_HTTP_REDIRECT))->addSingleLogoutService(new SingleLogoutService('https://idp.com/logout', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleLogoutService(new SingleLogoutService('https://idp.com/logout', SamlConstants::BINDING_SAML2_HTTP_REDIRECT))->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_EMAIL)->setProtocolSupportEnumeration(SamlConstants::PROTOCOL_SAML2)->addKeyDescriptor(new KeyDescriptor(UsageType::SIGNING, $this->getX509Certificate()))->addKeyDescriptor(new KeyDescriptor(UsageType::ENCRYPTION, $this->getX509Certificate()));
$entityDescriptor->addItem($spSsoDescriptor = new SpSsoDescriptor());
$spSsoDescriptor->addAssertionConsumerService(new AssertionConsumerService('https://sp.com/acs', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleLogoutService(new SingleLogoutService('https://sp.com/logout', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleLogoutService(new SingleLogoutService('https://sp.com/logout', SamlConstants::BINDING_SAML2_HTTP_REDIRECT))->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_EMAIL)->setProtocolSupportEnumeration(SamlConstants::PROTOCOL_SAML2)->addKeyDescriptor(new KeyDescriptor(UsageType::SIGNING, $this->getX509Certificate()))->addKeyDescriptor(new KeyDescriptor(UsageType::ENCRYPTION, $this->getX509Certificate()));
$entityDescriptor->addContactPerson((new ContactPerson())->setContactType(ContactPerson::TYPE_SUPPORT)->setEmailAddress('*****@*****.**'))->addOrganization((new Organization())->setOrganizationName('Org name')->setOrganizationDisplayName('Org display name')->setOrganizationURL('https://idp.com'));
$this->sign($entityDescriptor);
$this->validateMetadata($entityDescriptor);
}
private function getBuildContainer($inResponseTo = null, TimeProviderInterface $timeProvider = null)
{
$buildContainer = new BuildContainer($pimple = new Container());
// OWN
$ownCredential = new \LightSaml\Credential\X509Credential(\LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'), \LightSaml\Credential\KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true));
$ownCredential->setEntityId(self::OWN_ENTITY_ID);
$ownEntityDescriptor = new \LightSaml\Builder\EntityDescriptor\SimpleEntityDescriptorBuilder(self::OWN_ENTITY_ID, 'https://localhost/lightsaml/lightSAML/web/sp/acs.php', null, $ownCredential->getCertificate());
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\OwnContainerProvider($ownEntityDescriptor, [$ownCredential]));
// SYSTEM
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\SystemContainerProvider(true));
if ($timeProvider) {
$pimple[SystemContainer::TIME_PROVIDER] = function () use($timeProvider) {
return $timeProvider;
};
}
// PARTY
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\PartyContainerProvider());
$pimple[PartyContainer::IDP_ENTITY_DESCRIPTOR] = function () {
$idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore();
$idpProvider->add(\LightSaml\Model\Metadata\EntitiesDescriptor::load(__DIR__ . '/../../../../../../web/sp/testshib-providers.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/localhost-lightsaml-lightsaml-idp.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/openidp.feide.no.xml'));
return $idpProvider;
};
// STORE
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\StoreContainerProvider($buildContainer->getSystemContainer()));
if ($inResponseTo) {
$pimple[StoreContainer::REQUEST_STATE_STORE] = function () use($inResponseTo) {
$store = new RequestStateArrayStore();
$store->set(new RequestState($inResponseTo));
return $store;
};
}
// PROVIDER
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ProviderContainerProvider());
// CREDENTIAL
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\CredentialContainerProvider($buildContainer->getPartyContainer(), $buildContainer->getOwnContainer()));
// SERVICE
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ServiceContainerProvider($buildContainer->getCredentialContainer(), $buildContainer->getStoreContainer(), $buildContainer->getSystemContainer()));
return $buildContainer;
}
/**
* @param EntitiesDescriptor|EntityDescriptor $item
*
* @return EntitiesDescriptor
*
* @throws \InvalidArgumentException
*/
public function addItem($item)
{
if (false == $item instanceof self && false == $item instanceof EntityDescriptor) {
throw new \InvalidArgumentException('Expected EntitiesDescriptor or EntityDescriptor');
}
if ($item === $this) {
throw new \InvalidArgumentException('Circular reference detected');
}
if ($item instanceof self) {
if ($item->containsItem($this)) {
throw new \InvalidArgumentException('Circular reference detected');
}
}
$this->items[] = $item;
return $this;
}
/**
* @param SamlMessage|EntityDescriptor|EntitiesDescriptor|Assertion $object
*/
protected function sign($object)
{
$object->setSignature(new SignatureWriter($this->getX509Certificate(), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true)));
}
/**
* @return \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore
*/
private function buildSpEntityStore()
{
$idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore();
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/localhost-lightsaml-demosp.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/localhost-lightsaml-lightsaml.xml'));
return $idpProvider;
}
/**
* @return \LightSaml\Resolver\Credential\CredentialResolverInterface
*/
private function getResolver()
{
$provider = new FixedEntityDescriptorStore();
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp2-ed.xml'));
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp-ed.xml'));
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/ed01-formatted-certificate.xml'));
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/sp-ed2.xml'));
$metadataStore = new MetadataCredentialStore($provider);
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../resources/sample/Certificate/saml.crt');
$credential = new X509Credential($certificate, KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../resources/sample/Certificate/saml.pem', '', true));
$credential->setUsageType(UsageType::ENCRYPTION)->setEntityId('https://mt.evo.loc/sp');
$staticStore = new StaticCredentialStore();
$staticStore->add($credential);
$compositeStore = new CompositeCredentialStore();
$compositeStore->add($metadataStore)->add($staticStore);
$resolverFactory = new CredentialResolverFactory($compositeStore);
$resolver = $resolverFactory->build();
return $resolver;
}
/**
* @param EntityDescriptor $ed
*/
private function fillEntityDescriptor(EntityDescriptor $ed)
{
$ed->addItem($sp = new SpSsoDescriptor());
$sp->addAssertionConsumerService(new AssertionConsumerService('https://location.com', SamlConstants::BINDING_SAML2_HTTP_POST));
}
/**
* @return \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore
*/
private function buildIdpEntityStore()
{
$idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore();
$idpProvider->add(\LightSaml\Model\Metadata\EntitiesDescriptor::load(__DIR__ . '/testshib-providers.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/localhost-lightsaml-lightsaml-idp.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/openidp.feide.no.xml'));
return $idpProvider;
}
/**
* @expectedException \LightSaml\Error\LightSamlXmlException
* @expectedExceptionMessage Expected 'EntityDescriptor' xml node and 'urn:oasis:names:tc:SAML:2.0:metadata' namespace but got node 'EntitiesDescriptor' and namespace 'urn:oasis:names:tc:SAML:2.0:metadata'
*/
public function test_throws_on_entities_descriptor_document()
{
EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntitiesDescriptor/testshib-providers.xml');
}
