/** * Obtains the SSO URL containing the AuthRequest * message deflated. * * @param OneLogin_Saml2_Settings $settings Settings */ public function getRedirectUrl($returnTo = null) { $settings = $this->auth->getSettings(); $authnRequest = new OneLogin_Saml2_AuthnRequest($settings); $parameters = array('SAMLRequest' => $authnRequest->getRequest()); if (!empty($returnTo)) { $parameters['RelayState'] = $returnTo; } else { $parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfURLNoQuery(); } $url = OneLogin_Saml2_Utils::redirect($this->auth->getSSOurl(), $parameters, true); return $url; }
/** * Send the AuthNRequest to WSO2 Identity Server * * @param $username * @param $password * @param bool|false $forceAuthn * @param bool|false $isPassive */ public function sendAuthnRequest($username, $password, $forceAuthn = false, $isPassive = false) { $SamlSettings = new OneLogin_Saml2_Settings(Mage::helper('hukmedia_wso2/config')->getWso2SamlConfig()); $AuthnRequest = new OneLogin_Saml2_AuthnRequest($SamlSettings, $forceAuthn, $isPassive); $samlRequest = $AuthnRequest->getRequest(); $curlOptions = $this->getCurlOptions($username, $password, $samlRequest); $curlHandle = curl_init(); curl_setopt_array($curlHandle, $curlOptions); curl_exec($curlHandle); $curlInfo = curl_getinfo($curlHandle); if (!empty($curlInfo['redirect_url'])) { header('Location: ' . $curlInfo['redirect_url']); die; } }
/** * Tests the OneLogin_Saml2_AuthnRequest Constructor. * The creation of a deflated SAML Request * * @covers OneLogin_Saml2_AuthnRequest */ public function testCreateEncSAMLRequest() { $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; $settingsInfo['organization'] = array('es' => array('name' => 'sp_prueba', 'displayname' => 'SP prueba', 'url' => 'http://sp.example.com')); $settingsInfo['security']['wantNameIdEncrypted'] = true; $settings = new OneLogin_Saml2_Settings($settingsInfo); $authnRequest = new OneLogin_Saml2_AuthnRequest($settings); $parameters = array('SAMLRequest' => $authnRequest->getRequest()); $authUrl = OneLogin_Saml2_Utils::redirect('http://idp.example.com/SSOService.php', $parameters, true); $this->assertRegExp('#^http://idp\\.example\\.com\\/SSOService\\.php\\?SAMLRequest=#', $authUrl); parse_str(parse_url($authUrl, PHP_URL_QUERY), $exploded); // parse_url already urldecode de params so is not required. $payload = $exploded['SAMLRequest']; $decoded = base64_decode($payload); $message = gzinflate($decoded); $this->assertRegExp('#^<samlp:AuthnRequest#', $message); $this->assertRegExp('#AssertionConsumerServiceURL="http://stuff.com/endpoints/endpoints/acs.php">#', $message); $this->assertRegExp('#<saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>#', $message); $this->assertRegExp('#Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"#', $message); $this->assertRegExp('#ProviderName="SP prueba"#', $message); }
<?php /** * SAMPLE Code to demonstrate how to initiate a SAML Authorization request * * When the user visits this URL, the browser will be redirected to the SSO * IdP with an authorization request. If successful, it will then be * redirected to the consume URL (specified in settings) with the auth * details. */ session_start(); require_once '../_toolkit_loader.php'; if (!isset($_SESSION['samlUserdata'])) { $settings = new OneLogin_Saml2_Settings(); $authRequest = new OneLogin_Saml2_AuthnRequest($settings); $samlRequest = $authRequest->getRequest(); $parameters = array('SAMLRequest' => $samlRequest); $parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfURLNoQuery(); $idpData = $settings->getIdPData(); $ssoUrl = $idpData['singleSignOnService']['url']; $url = OneLogin_Saml2_Utils::redirect($ssoUrl, $parameters, true); header("Location: {$url}"); } else { if (!empty($_SESSION['samlUserdata'])) { $attributes = $_SESSION['samlUserdata']; echo 'You have the following attributes:<br>'; echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>'; foreach ($attributes as $attributeName => $attributeValues) { echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>'; foreach ($attributeValues as $attributeValue) { echo '<li>' . htmlentities($attributeValue) . '</li>';
/** * Initiates the SSO process. * * @param string $returnTo The target URL the user should be returned to after login. * @param array $parameters Extra parameters to be added to the GET * @param bool $forceAuthn When true the AuthNReuqest will set the ForceAuthn='true' * @param bool $isPassive When true the AuthNReuqest will set the Ispassive='true' * */ public function login($returnTo = null, $parameters = array(), $forceAuthn = false, $isPassive = false) { assert('is_array($parameters)'); $authnRequest = new OneLogin_Saml2_AuthnRequest($this->_settings, $forceAuthn, $isPassive); $samlRequest = $authnRequest->getRequest(); $parameters['SAMLRequest'] = $samlRequest; if (!empty($returnTo)) { $parameters['RelayState'] = $returnTo; } else { $parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery(); } $security = $this->_settings->getSecurityData(); if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) { $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']); $parameters['SigAlg'] = $security['signatureAlgorithm']; $parameters['Signature'] = $signature; } //echo "<pre>"; print_r($parameters); echo "</pre>"; die(); return $this->redirectTo($this->getSSOurl(), $parameters); }
/** * Initiates the SSO process. * * @param string $returnTo The target URL the user should be returned to after login. * @param array $parameters Extra parameters to be added to the GET */ public function login($returnTo = null, $parameters = array()) { assert('is_array($parameters)'); $authnRequest = new OneLogin_Saml2_AuthnRequest($this->_settings); $samlRequest = $authnRequest->getRequest(); $parameters['SAMLRequest'] = $samlRequest; if (!empty($returnTo)) { $parameters['RelayState'] = $returnTo; } else { $parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery(); } $security = $this->_settings->getSecurityData(); if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) { $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState']); $parameters['SigAlg'] = XMLSecurityKey::RSA_SHA1; $parameters['Signature'] = $signature; } $this->redirectTo($this->getSSOurl(), $parameters); }
/** * Tests that we can pass a boolean value to the getRequest() * method to choose whether it should 'gzdeflate' the body * of the request. * * @covers OneLogin_Saml2_AuthnRequest::getRequest() */ public function testWeCanChooseToDeflateARequestBody() { //Test that we can choose not to compress the request payload. $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; //Compression is currently turned on in settings. $settings = new OneLogin_Saml2_Settings($settingsInfo); $authnRequest = new OneLogin_Saml2_AuthnRequest($settings); $payload = $authnRequest->getRequest(false); $decoded = base64_decode($payload); $this->assertRegExp('#^<samlp:AuthnRequest#', $decoded); //Test that we can choose not to compress the request payload. $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings2.php'; //Compression is currently turned off in settings. $settings = new OneLogin_Saml2_Settings($settingsInfo); $authnRequest = new OneLogin_Saml2_AuthnRequest($settings); $payload = $authnRequest->getRequest(true); $decoded = base64_decode($payload); $decompressed = gzinflate($decoded); $this->assertRegExp('#^<samlp:AuthnRequest#', $decompressed); }