/** * Tests the isValid method of the OneLogin_Saml2_Response * Case valid sign response / sign assertion / both signed * * Strict mode will always fail due destination problem, if we manipulate it * the sign will fail. * * @covers OneLogin_Saml2_Response::isValid */ public function testIsValidSign() { $xml = file_get_contents(TEST_ROOT . '/data/responses/signed_message_response.xml.base64'); $response = new OneLogin_Saml2_Response($this->_settings, $xml); $this->assertTrue($response->isValid()); $xml2 = file_get_contents(TEST_ROOT . '/data/responses/signed_assertion_response.xml.base64'); $response2 = new OneLogin_Saml2_Response($this->_settings, $xml2); $this->assertTrue($response2->isValid()); $xml3 = file_get_contents(TEST_ROOT . '/data/responses/double_signed_response.xml.base64'); $response3 = new OneLogin_Saml2_Response($this->_settings, $xml3); $this->assertTrue($response3->isValid()); $dom = new DOMDocument(); $dom->loadXML(base64_decode($xml)); $dom->firstChild->firstChild->nodeValue = 'https://example.com/other-idp'; $xml4 = base64_encode($dom->saveXML()); $response4 = new OneLogin_Saml2_Response($this->_settings, $xml4); $this->assertFalse($response4->isValid()); $this->assertEquals('Reference validation failed', $response4->getError()); $dom2 = new DOMDocument(); $dom2->loadXML(base64_decode($xml2)); $dom2->firstChild->firstChild->nodeValue = 'https://example.com/other-idp'; $xml5 = base64_encode($dom2->saveXML()); $response5 = new OneLogin_Saml2_Response($this->_settings, $xml5); $this->assertTrue($response5->isValid()); $dom3 = new DOMDocument(); $dom3->loadXML(base64_decode($xml3)); $dom3->firstChild->firstChild->nodeValue = 'https://example.com/other-idp'; $xml6 = base64_encode($dom3->saveXML()); $response6 = new OneLogin_Saml2_Response($this->_settings, $xml6); $this->assertFalse($response6->isValid()); $this->assertEquals('Reference validation failed', $response6->getError()); }
/** * Process the SAML Response sent by the IdP. * * @param string $requestId The ID of the AuthNRequest sent by this SP to the IdP */ public function processResponse($requestId = null) { $this->_errors = array(); if (isset($_POST) && isset($_POST['SAMLResponse'])) { // AuthnResponse -- HTTP_POST Binding $response = new OneLogin_Saml2_Response($this->_settings, $_POST['SAMLResponse']); if ($response->isValid($requestId)) { $this->_attributes = $response->getAttributes(); $this->_nameid = $response->getNameId(); $this->_authenticated = true; $this->_sessionIndex = $response->getSessionIndex(); } else { $this->_errors[] = 'invalid_response'; $this->_errorReason = $response->getError(); } } else { $this->_errors[] = 'invalid_binding'; throw new OneLogin_Saml2_Error('SAML Response not found, Only supported HTTP_POST Binding', OneLogin_Saml2_Error::SAML_RESPONSE_NOT_FOUND); } }