/** * Constructs the Logout Request object. * * @param OneLogin_Saml2_Settings $settings Settings * @param string|null $request A UUEncoded Logout Request. * @param string|null $nameId The NameID that will be set in the LogoutRequest. * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest. */ public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null) { $this->_settings = $settings; $baseURL = $this->_settings->getBaseURL(); if (!empty($baseURL)) { OneLogin_Saml2_Utils::setBaseURL($baseURL); } if (!isset($request) || empty($request)) { $spData = $this->_settings->getSPData(); $idpData = $this->_settings->getIdPData(); $security = $this->_settings->getSecurityData(); $id = OneLogin_Saml2_Utils::generateUniqueID(); $this->id = $id; $nameIdValue = OneLogin_Saml2_Utils::generateUniqueID(); $issueInstant = OneLogin_Saml2_Utils::parseTime2SAML(time()); $cert = null; if (isset($security['nameIdEncrypted']) && $security['nameIdEncrypted']) { $cert = $idpData['x509cert']; } if (!empty($nameId)) { if (empty($nameIdFormat)) { $nameIdFormat = $spData['NameIDFormat']; } $spNameQualifier = null; } else { $nameId = $idpData['entityId']; $nameIdFormat = OneLogin_Saml2_Constants::NAMEID_ENTITY; $spNameQualifier = $spData['entityId']; } $nameIdObj = OneLogin_Saml2_Utils::generateNameId($nameId, $spNameQualifier, $nameIdFormat, $cert); $sessionIndexStr = isset($sessionIndex) ? "<samlp:SessionIndex>{$sessionIndex}</samlp:SessionIndex>" : ""; $logoutRequest = <<<LOGOUTREQUEST <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{$id}" Version="2.0" IssueInstant="{$issueInstant}" Destination="{$idpData['singleLogoutService']['url']}"> <saml:Issuer>{$spData['entityId']}</saml:Issuer> {$nameIdObj} {$sessionIndexStr} </samlp:LogoutRequest> LOGOUTREQUEST; } else { $decoded = base64_decode($request); // We try to inflate $inflated = @gzinflate($decoded); if ($inflated != false) { $logoutRequest = $inflated; } else { $logoutRequest = $decoded; } $this->id = self::getID($logoutRequest); } $this->_logoutRequest = $logoutRequest; }
/** * Constructs a Logout Response object (Initialize params from settings and if provided * load the Logout Response. * * @param OneLogin_Saml2_Settings $settings Settings. * @param string|null $response An UUEncoded SAML Logout response from the IdP. */ public function __construct(OneLogin_Saml2_Settings $settings, $response = null) { $this->_settings = $settings; $baseURL = $this->_settings->getBaseURL(); if (!empty($baseURL)) { OneLogin_Saml2_Utils::setBaseURL($baseURL); } if ($response) { $decoded = base64_decode($response); $inflated = @gzinflate($decoded); if ($inflated != false) { $this->_logoutResponse = $inflated; } else { $this->_logoutResponse = $decoded; } $this->document = new DOMDocument(); $this->document = OneLogin_Saml2_Utils::loadXML($this->document, $this->_logoutResponse); } }
/** * Constructs the SAML Response object. * * @param OneLogin_Saml2_Settings $settings Settings. * @param string $response A UUEncoded SAML response from the IdP. * * @throws Exception */ public function __construct(OneLogin_Saml2_Settings $settings, $response) { $this->_settings = $settings; $baseURL = $this->_settings->getBaseURL(); if (!empty($baseURL)) { OneLogin_Saml2_Utils::setBaseURL($baseURL); } $this->response = base64_decode($response); $this->document = new DOMDocument(); $this->document = OneLogin_Saml2_Utils::loadXML($this->document, $this->response); if (!$this->document) { throw new Exception('SAML Response could not be processed'); } // Quick check for the presence of EncryptedAssertion $encryptedAssertionNodes = $this->document->getElementsByTagName('EncryptedAssertion'); if ($encryptedAssertionNodes->length !== 0) { $this->decryptedDocument = clone $this->document; $this->encrypted = true; $this->decryptedDocument = $this->_decryptAssertion($this->decryptedDocument); } }
/** * @covers OneLogin_Saml2_Utils::setBaseURL */ public function testSetBaseURL() { $_SERVER['HTTP_HOST'] = 'sp.example.com'; $_SERVER['HTTPS'] = 'https'; $_SERVER['REQUEST_URI'] = '/example1/route.php?x=test'; $_SERVER['QUERY_STRING'] = '?x=test'; $_SERVER['SCRIPT_NAME'] = '/example1/route.php'; unset($_SERVER['PATH_INFO']); $expectedUrlNQ = 'https://sp.example.com/example1/route.php'; $expectedRoutedUrlNQ = 'https://sp.example.com/example1/route.php'; $expectedUrl = 'https://sp.example.com/example1/route.php?x=test'; OneLogin_Saml2_Utils::setBaseURL("no-valid-url"); $this->assertEquals('https', OneLogin_Saml2_Utils::getSelfProtocol()); $this->assertEquals('sp.example.com', OneLogin_Saml2_Utils::getSelfHost()); $this->assertNull(OneLogin_Saml2_Utils::getSelfPort()); $this->assertNull(OneLogin_Saml2_Utils::getBaseURLPath()); $this->assertEquals($expectedUrlNQ, OneLogin_Saml2_Utils::getSelfURLNoQuery()); $this->assertEquals($expectedRoutedUrlNQ, OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery()); $this->assertEquals($expectedUrl, OneLogin_Saml2_Utils::getSelfURL()); OneLogin_Saml2_Utils::setBaseURL("http://anothersp.example.com:81/example2/"); $expectedUrlNQ2 = 'http://anothersp.example.com:81/example2/route.php'; $expectedRoutedUrlNQ2 = 'http://anothersp.example.com:81/example2/route.php'; $expectedUrl2 = 'http://anothersp.example.com:81/example2/route.php?x=test'; $this->assertEquals('http', OneLogin_Saml2_Utils::getSelfProtocol()); $this->assertEquals('anothersp.example.com', OneLogin_Saml2_Utils::getSelfHost()); $this->assertEquals('81', OneLogin_Saml2_Utils::getSelfPort()); $this->assertEquals('/example2/', OneLogin_Saml2_Utils::getBaseURLPath()); $this->assertEquals($expectedUrlNQ2, OneLogin_Saml2_Utils::getSelfURLNoQuery()); $this->assertEquals($expectedRoutedUrlNQ2, OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery()); $this->assertEquals($expectedUrl2, OneLogin_Saml2_Utils::getSelfURL()); $_SERVER['PATH_INFO'] = '/test'; $expectedUrlNQ2 = 'http://anothersp.example.com:81/example2/route.php/test'; $this->assertEquals($expectedUrlNQ2, OneLogin_Saml2_Utils::getSelfURLNoQuery()); $this->assertEquals($expectedRoutedUrlNQ2, OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery()); $this->assertEquals($expectedUrl2, OneLogin_Saml2_Utils::getSelfURL()); }