Ejemplo n.º 1
0
 public function test_authn_request_with_xsd()
 {
     $authnRequest = new AuthnRequest();
     $authnRequest->setAssertionConsumerServiceURL('https://sp.com/acs')->setNameIDPolicy(new NameIDPolicy(SamlConstants::NAME_ID_FORMAT_EMAIL, true))->setProtocolBinding(SamlConstants::PROTOCOL_SAML2)->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://idp.com/destination')->setIssuer(new Issuer('https://sp.com'));
     $this->sign($authnRequest);
     $this->validateProtocol($authnRequest);
 }
 public function test__signed_serialize_deserialize()
 {
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
     $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true);
     $authnRequest = new AuthnRequest();
     $authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205');
     $authnRequest->setIssueInstant('2015-09-13T11:47:33Z');
     $authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO');
     $authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity'));
     $authnRequest->setSignature(new SignatureWriter($certificate, $privateKey));
     $serializationContext = new SerializationContext();
     $authnRequest->serialize($serializationContext->getDocument(), $serializationContext);
     $temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-');
     $serializationContext->getDocument()->save($temporaryFilename);
     $xml = file_get_contents($temporaryFilename);
     $deserializationContext = new DeserializationContext();
     $deserializationContext->getDocument()->loadXML($xml);
     $authnRequest = new AuthnRequest();
     $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
     $signatureReader = $authnRequest->getSignature();
     if ($signatureReader instanceof SignatureXmlReader) {
         $certificate = new X509Certificate();
         $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
         $key = KeyHelper::createPublicKey($certificate);
         $ok = $signatureReader->validate($key);
         $this->assertTrue($ok);
     } else {
         throw new \LogicException('Expected Signature Xml Reader');
     }
 }
Ejemplo n.º 3
0
 public function test_sets_outbounding_message_version_to_value_from_constructor()
 {
     $action = new MessageVersionAction(TestHelper::getLoggerMock($this), $value = SamlConstants::VERSION_20);
     $context = TestHelper::getProfileContext();
     $context->getOutboundContext()->setMessage($message = new AuthnRequest());
     $action->execute($context);
     $this->assertEquals($value, $message->getVersion());
 }
Ejemplo n.º 4
0
 public function test_sets_id_of_outbounding_message()
 {
     $action = new MessageIdAction(TestHelper::getLoggerMock($this));
     $context = TestHelper::getProfileContext();
     $context->getOutboundContext()->setMessage($message = new AuthnRequest());
     $action->execute($context);
     $this->assertNotNull($message->getID());
 }
 public function test_authn_request()
 {
     $authnRequest = new AuthnRequest();
     $authnRequest->setAssertionConsumerServiceURL('https://mydomain.com/index.php?action_51=saml_callback')->setNameIDPolicy($nameIdPolicy = new NameIDPolicy())->setDestination('https://idp.com/login');
     $nameIdPolicy->setFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT);
     $nameIdPolicy->setAllowCreate(true);
     $this->verify($authnRequest);
 }
 public function test_sets_outbounding_message_issue_instant_to_value_from_time_provider()
 {
     $action = new MessageIssueInstantAction(TestHelper::getLoggerMock($this), $timeProviderMock = TestHelper::getTimeProviderMock($this));
     $timeProviderMock->expects($this->any())->method('getTimestamp')->willReturn(1412399250);
     $context = TestHelper::getProfileContext();
     $context->getOutboundContext()->setMessage($message = new AuthnRequest());
     $action->execute($context);
     $this->assertEquals('2014-10-04T05:07:30Z', $message->getIssueInstantString());
 }
 public function test_sets_relat_state_from_inbound_to_outbound_message()
 {
     $action = new ForwardRelayStateAction(TestHelper::getLoggerMock($this));
     $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP);
     $context->getInboundContext()->setMessage($inboundMessage = new AuthnRequest());
     $context->getOutboundContext()->setMessage($outboundMessage = new Response());
     $inboundMessage->setRelayState($relayState = '123');
     $action->execute($context);
     $this->assertEquals($relayState, $context->getOutboundMessage()->getRelayState());
 }
Ejemplo n.º 8
0
 public function test_sets_outbounding_message_destination_to_endpoint_context_value()
 {
     $action = new DestinationAction(TestHelper::getLoggerMock($this));
     $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP);
     $context->getOutboundContext()->setMessage($message = new AuthnRequest());
     $context->getEndpointContext()->setEndpoint($endpoint = new SingleSignOnService());
     $endpoint->setLocation($location = 'http://idp.com/login');
     $action->execute($context);
     $this->assertEquals($location, $message->getDestination());
 }
 public function test_adds_location_criteria_for_authn_request_with_acs_url()
 {
     $message = new AuthnRequest();
     $message->setAssertionConsumerServiceURL($url = 'http://domain.com/acs');
     $context = $this->createContext(ProfileContext::ROLE_IDP, $message);
     $this->setEndpointResolver(true, function (CriteriaSet $criteriaSet) use($url) {
         $this->criteriaSetShouldHaveLocationCriteria($criteriaSet, $url);
         return [TestHelper::getEndpointReferenceMock($this, $endpoint = new SingleSignOnService())];
     });
     $this->action->execute($context);
 }
 public function test_creates_request_state_with_outbound_message_id()
 {
     $action = new SaveRequestStateAction(TestHelper::getLoggerMock($this), $requestStateStoreMock = TestHelper::getRequestStateStoreMock($this));
     $context = TestHelper::getProfileContext();
     $context->getOutboundContext()->setMessage($message = new AuthnRequest());
     $message->setID($id = '123123123');
     $requestStateStoreMock->expects($this->once())->method('set')->with($this->isInstanceOf(RequestState::class))->willReturnCallback(function (RequestState $requestState) use($id) {
         $this->assertEquals($id, $requestState->getId());
     });
     $action->execute($context);
 }
 public function test_sets_own_entity_id_to_outbounding_message_issuer_with_name_id_format_entity()
 {
     $action = new CreateMessageIssuerAction(TestHelper::getLoggerMock($this));
     $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP);
     $context->getOutboundContext()->setMessage($message = new AuthnRequest());
     $context->getOwnEntityContext()->setEntityDescriptor(new EntityDescriptor($ownEntityId = 'http://own.entity.id'));
     $action->execute($context);
     $this->assertNotNull($message->getIssuer());
     $this->assertEquals($ownEntityId, $message->getIssuer()->getValue());
     $this->assertEquals(SamlConstants::NAME_ID_FORMAT_ENTITY, $message->getIssuer()->getFormat());
 }
 public function test_warning_logged_if_no_verification()
 {
     $action = new MessageSignatureValidatorAction($logger = TestHelper::getLoggerMock($this), $signatureValidator = $this->getSignatureValidatorMock());
     $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP);
     $context->getInboundContext()->setMessage($message = new AuthnRequest());
     $message->setSignature($signature = new SignatureStringReader());
     $message->setIssuer(new Issuer($issuerValue = 'http://localhost/issuer'));
     $signatureValidator->expects($this->once())->method('validate')->willReturn(null);
     $logger->expects($this->never())->method('debug');
     $logger->expects($this->once())->method('warning')->with('Signature verification was not performed', $this->isType('array'));
     $action->execute($context);
 }
Ejemplo n.º 13
0
 public function test_signs_message_when_signing_enabled()
 {
     $action = new SignMessageAction($loggerMock = TestHelper::getLoggerMock($this), $signatureResolverMock = TestHelper::getSignatureResolverMock($this));
     $context = TestHelper::getProfileContext();
     $context->getPartyEntityContext()->setTrustOptions(new TrustOptions());
     $context->getTrustOptions()->setSignAuthnRequest(true);
     $context->getOutboundContext()->setMessage($message = new AuthnRequest());
     $signature = new SignatureWriter($certificateMock = TestHelper::getX509CertificateMock($this));
     $certificateMock->expects($this->any())->method('getInfo')->willReturn($expectedInfo = ['a' => 1]);
     $certificateMock->expects($this->any())->method('getFingerprint')->willReturn($expectedFingerprint = '123123123');
     $signatureResolverMock->expects($this->once())->method('getSignature')->with($context)->willReturn($signature);
     $loggerMock->expects($this->once())->method('debug')->with('Message signed with fingerprint "123123123"', $this->isType('array'));
     $action->execute($context);
     $this->assertSame($signature, $message->getSignature());
 }
 /**
  * @param  AuthnRequest $message
  * @throws Exception
  */
 private function validateSignature(AuthnRequest $message)
 {
     $key = KeyHelper::createPublicKey(X509Certificate::fromFile($this->saml_crt));
     /** @var SignatureStringReader $signature_reader */
     $signature_reader = $message->getSignature();
     try {
         if ($signature_reader->validate($key)) {
             return;
         }
         throw new Exception('Signature not validated');
     } catch (Exception $e) {
         if ($this->logger) {
             $this->logger->error("AuthnRequest validation failed with message {$e->getMessage()}.", ['exception' => $e]);
         }
         throw $e;
     }
 }
Ejemplo n.º 15
0
 /**
  * Get saml authnRequest.
  *
  * @param  string $consumer_service_url
  * @param  string $idp_destination
  * @param  string $issuer
  * @param  string $saml_crt
  * @param  string $saml_key
  * @return string
  */
 public function getAuthnRequest($consumer_service_url, $idp_destination, $issuer, $saml_crt, $saml_key)
 {
     $authn_request = new AuthnRequest();
     $authn_request->setAssertionConsumerServiceURL($consumer_service_url)->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($idp_destination)->setIssuer(new Issuer($issuer));
     $certificate = new X509Certificate();
     $certificate->loadPem($saml_crt);
     $private_key = KeyHelper::createPrivateKey($saml_key, '', false);
     $authn_request->setSignature(new SignatureWriter($certificate, $private_key));
     $serialization_context = new SerializationContext();
     $authn_request->serialize($serialization_context->getDocument(), $serialization_context);
     $binding_factory = new BindingFactory();
     $redirect_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT);
     $message_context = new MessageContext();
     $message_context->setMessage($authn_request);
     /** @var \Symfony\Component\HttpFoundation\RedirectResponse $http_response */
     $http_response = $redirect_binding->send($message_context);
     return $http_response->getTargetUrl();
 }
Ejemplo n.º 16
0
    public function test__serialize()
    {
        $context = new SerializationContext();
        $request = new AuthnRequest();
        $request->setID('request-id')->setIssueInstant(new \DateTime('2013-10-10T15:26:20Z'))->setDestination('http://destination.com/authn')->setAssertionConsumerServiceURL('http://sp.com/acs')->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)->setIssuer((new Issuer())->setValue('the-issuer'))->setNameIDPolicy((new NameIDPolicy())->setFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT)->setAllowCreate(true));
        $request->serialize($context->getDocument(), $context);
        $context->getDocument()->formatOutput = true;
        $xml = $context->getDocument()->saveXML();
        $expectedXml = <<<EOT
<?xml version="1.0"?>
<AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="request-id" Version="2.0" IssueInstant="2013-10-10T15:26:20Z" Destination="http://destination.com/authn" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" AssertionConsumerServiceURL="http://sp.com/acs">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">the-issuer</saml:Issuer>
  <NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/>
</AuthnRequest>
EOT;
        $xml = trim(str_replace("\r", '', $xml));
        $expectedXml = trim(str_replace("\r", '', $expectedXml));
        $this->assertEquals($expectedXml, $xml);
    }
Ejemplo n.º 17
0
 public function test_finds_acs_endpoint_and_sets_outbounding_authn_request_acs_url()
 {
     $action = new ACSUrlAction($loggerMock = TestHelper::getLoggerMock($this), $endpointResolverMock = $this->getEndpointResolverMock());
     $context = new ProfileContext(Profiles::SSO_SP_SEND_AUTHN_REQUEST, ProfileContext::ROLE_SP);
     $context->getOwnEntityContext()->setEntityDescriptor($entityDescriptorMock = $this->getEntityDescriptorMock());
     $entityDescriptorMock->expects($this->once())->method('getAllEndpoints')->willReturn([TestHelper::getEndpointReferenceMock($this, $endpoint = new AssertionConsumerService('http://localhost/acs'))]);
     $endpointResolverMock->expects($this->once())->method('resolve')->with($this->isInstanceOf(CriteriaSet::class), $this->isType('array'))->willReturnCallback(function (CriteriaSet $criteriaSet, array $candidates) {
         $this->assertTrue($criteriaSet->has(DescriptorTypeCriteria::class));
         $this->assertEquals(SpSsoDescriptor::class, $criteriaSet->getSingle(DescriptorTypeCriteria::class)->getDescriptorType());
         $this->assertTrue($criteriaSet->has(ServiceTypeCriteria::class));
         $this->assertEquals(AssertionConsumerService::class, $criteriaSet->getSingle(ServiceTypeCriteria::class)->getServiceType());
         $this->assertTrue($criteriaSet->has(BindingCriteria::class));
         $this->assertEquals([SamlConstants::BINDING_SAML2_HTTP_POST], $criteriaSet->getSingle(BindingCriteria::class)->getAllBindings());
         return $candidates;
     });
     $context->getOutboundContext()->setMessage($authnRequest = new AuthnRequest());
     $action->execute($context);
     $this->assertEquals($endpoint->getLocation(), $authnRequest->getAssertionConsumerServiceURL());
 }
 /**
  * @return AuthnRequest
  */
 private function getAuthnRequest()
 {
     $authnRequest = new AuthnRequest();
     $authnRequest->setIssueInstant('2014-01-01T12:00:00Z');
     $authnRequest->setID('_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7');
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
     $key = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true);
     $authnRequest->setSignature(new SignatureWriter($certificate, $key));
     return $authnRequest;
 }