/**
* Obtains the SSO URL containing the AuthRequest
* message deflated.
*
* @param OneLogin_Saml2_Settings $settings Settings
*/
public function getRedirectUrl($returnTo = null)
{
$settings = $this->auth->getSettings();
$authnRequest = new OneLogin_Saml2_AuthnRequest($settings);
$parameters = array('SAMLRequest' => $authnRequest->getRequest());
if (!empty($returnTo)) {
$parameters['RelayState'] = $returnTo;
} else {
$parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfURLNoQuery();
}
$url = OneLogin_Saml2_Utils::redirect($this->auth->getSSOurl(), $parameters, true);
return $url;
}
/**
* Send the AuthNRequest to WSO2 Identity Server
*
* @param $username
* @param $password
* @param bool|false $forceAuthn
* @param bool|false $isPassive
*/
public function sendAuthnRequest($username, $password, $forceAuthn = false, $isPassive = false)
{
$SamlSettings = new OneLogin_Saml2_Settings(Mage::helper('hukmedia_wso2/config')->getWso2SamlConfig());
$AuthnRequest = new OneLogin_Saml2_AuthnRequest($SamlSettings, $forceAuthn, $isPassive);
$samlRequest = $AuthnRequest->getRequest();
$curlOptions = $this->getCurlOptions($username, $password, $samlRequest);
$curlHandle = curl_init();
curl_setopt_array($curlHandle, $curlOptions);
curl_exec($curlHandle);
$curlInfo = curl_getinfo($curlHandle);
if (!empty($curlInfo['redirect_url'])) {
header('Location: ' . $curlInfo['redirect_url']);
die;
}
}
/**
* Tests the OneLogin_Saml2_AuthnRequest Constructor.
* The creation of a deflated SAML Request
*
* @covers OneLogin_Saml2_AuthnRequest
*/
public function testCreateEncSAMLRequest()
{
$settingsDir = TEST_ROOT . '/settings/';
include $settingsDir . 'settings1.php';
$settingsInfo['organization'] = array('es' => array('name' => 'sp_prueba', 'displayname' => 'SP prueba', 'url' => 'http://sp.example.com'));
$settingsInfo['security']['wantNameIdEncrypted'] = true;
$settings = new OneLogin_Saml2_Settings($settingsInfo);
$authnRequest = new OneLogin_Saml2_AuthnRequest($settings);
$parameters = array('SAMLRequest' => $authnRequest->getRequest());
$authUrl = OneLogin_Saml2_Utils::redirect('http://idp.example.com/SSOService.php', $parameters, true);
$this->assertRegExp('#^http://idp\\.example\\.com\\/SSOService\\.php\\?SAMLRequest=#', $authUrl);
parse_str(parse_url($authUrl, PHP_URL_QUERY), $exploded);
// parse_url already urldecode de params so is not required.
$payload = $exploded['SAMLRequest'];
$decoded = base64_decode($payload);
$message = gzinflate($decoded);
$this->assertRegExp('#^<samlp:AuthnRequest#', $message);
$this->assertRegExp('#AssertionConsumerServiceURL="http://stuff.com/endpoints/endpoints/acs.php">#', $message);
$this->assertRegExp('#<saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>#', $message);
$this->assertRegExp('#Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"#', $message);
$this->assertRegExp('#ProviderName="SP prueba"#', $message);
}
<?php
/**
* SAMPLE Code to demonstrate how to initiate a SAML Authorization request
*
* When the user visits this URL, the browser will be redirected to the SSO
* IdP with an authorization request. If successful, it will then be
* redirected to the consume URL (specified in settings) with the auth
* details.
*/
session_start();
require_once '../_toolkit_loader.php';
if (!isset($_SESSION['samlUserdata'])) {
$settings = new OneLogin_Saml2_Settings();
$authRequest = new OneLogin_Saml2_AuthnRequest($settings);
$samlRequest = $authRequest->getRequest();
$parameters = array('SAMLRequest' => $samlRequest);
$parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfURLNoQuery();
$idpData = $settings->getIdPData();
$ssoUrl = $idpData['singleSignOnService']['url'];
$url = OneLogin_Saml2_Utils::redirect($ssoUrl, $parameters, true);
header("Location: {$url}");
} else {
if (!empty($_SESSION['samlUserdata'])) {
$attributes = $_SESSION['samlUserdata'];
echo 'You have the following attributes:<br>';
echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
foreach ($attributes as $attributeName => $attributeValues) {
echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
foreach ($attributeValues as $attributeValue) {
echo '<li>' . htmlentities($attributeValue) . '</li>';
/**
* Initiates the SSO process.
*
* @param string $returnTo The target URL the user should be returned to after login.
* @param array $parameters Extra parameters to be added to the GET
* @param bool $forceAuthn When true the AuthNReuqest will set the ForceAuthn='true'
* @param bool $isPassive When true the AuthNReuqest will set the Ispassive='true'
*
*/
public function login($returnTo = null, $parameters = array(), $forceAuthn = false, $isPassive = false)
{
assert('is_array($parameters)');
$authnRequest = new OneLogin_Saml2_AuthnRequest($this->_settings, $forceAuthn, $isPassive);
$samlRequest = $authnRequest->getRequest();
$parameters['SAMLRequest'] = $samlRequest;
if (!empty($returnTo)) {
$parameters['RelayState'] = $returnTo;
} else {
$parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery();
}
$security = $this->_settings->getSecurityData();
if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) {
$signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']);
$parameters['SigAlg'] = $security['signatureAlgorithm'];
$parameters['Signature'] = $signature;
}
//echo "<pre>"; print_r($parameters); echo "</pre>"; die();
return $this->redirectTo($this->getSSOurl(), $parameters);
}
/**
* Initiates the SSO process.
*
* @param string $returnTo The target URL the user should be returned to after login.
* @param array $parameters Extra parameters to be added to the GET
*/
public function login($returnTo = null, $parameters = array())
{
assert('is_array($parameters)');
$authnRequest = new OneLogin_Saml2_AuthnRequest($this->_settings);
$samlRequest = $authnRequest->getRequest();
$parameters['SAMLRequest'] = $samlRequest;
if (!empty($returnTo)) {
$parameters['RelayState'] = $returnTo;
} else {
$parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery();
}
$security = $this->_settings->getSecurityData();
if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) {
$signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState']);
$parameters['SigAlg'] = XMLSecurityKey::RSA_SHA1;
$parameters['Signature'] = $signature;
}
$this->redirectTo($this->getSSOurl(), $parameters);
}
/**
* Tests that we can pass a boolean value to the getRequest()
* method to choose whether it should 'gzdeflate' the body
* of the request.
*
* @covers OneLogin_Saml2_AuthnRequest::getRequest()
*/
public function testWeCanChooseToDeflateARequestBody()
{
//Test that we can choose not to compress the request payload.
$settingsDir = TEST_ROOT . '/settings/';
include $settingsDir . 'settings1.php';
//Compression is currently turned on in settings.
$settings = new OneLogin_Saml2_Settings($settingsInfo);
$authnRequest = new OneLogin_Saml2_AuthnRequest($settings);
$payload = $authnRequest->getRequest(false);
$decoded = base64_decode($payload);
$this->assertRegExp('#^<samlp:AuthnRequest#', $decoded);
//Test that we can choose not to compress the request payload.
$settingsDir = TEST_ROOT . '/settings/';
include $settingsDir . 'settings2.php';
//Compression is currently turned off in settings.
$settings = new OneLogin_Saml2_Settings($settingsInfo);
$authnRequest = new OneLogin_Saml2_AuthnRequest($settings);
$payload = $authnRequest->getRequest(true);
$decoded = base64_decode($payload);
$decompressed = gzinflate($decoded);
$this->assertRegExp('#^<samlp:AuthnRequest#', $decompressed);
}
