/** * Helper function for handling exception/errors. * * This function will send an error response to the SP which contacted this IdP. * * @param Exception $exception The exception. */ function handleError(Exception $exception) { global $requestcache, $config, $metadata, $idpentityid; assert('is_array($requestcache)'); assert('array_key_exists("Issuer", $requestcache)'); $issuer = $requestcache['Issuer']; if (array_key_exists('RequestID', $requestcache)) { $requestID = $requestcache['RequestID']; } else { $requestID = NULL; } if (array_key_exists('RelayState', $requestcache)) { $relayState = $requestcache['RelayState']; } else { $relayState = NULL; } $error = sspmod_saml2_Error::fromException($exception); SimpleSAML_Logger::warning('Returning error to sp: ' . var_export($issuer, TRUE)); $error->logWarning(); try { $idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted'); $spMetadata = $metadata->getMetaDataConfig($issuer, 'saml20-sp-remote'); if (array_key_exists('ConsumerURL', $requestcache)) { $consumerURL = $requestcache['ConsumerURL']; } else { $urlArray = $spMetadata->getArrayizeString('AssertionConsumerService'); $consumerURL = $urlArray[0]; } $ar = sspmod_saml2_Message::buildResponse($idpMetadata, $spMetadata, $consumerURL); $ar->setInResponseTo($requestID); $ar->setRelayState($relayState); $ar->setStatus(array('Code' => $error->getStatus(), 'SubCode' => $error->getSubStatus(), 'Message' => $error->getStatusMessage())); $binding = new SAML2_HTTPPost(); $binding->setDestination(sspmod_SAML2_Message::getDebugDestination()); $binding->send($ar); } catch (Exception $e) { SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $e); } }
} /* Filter which attribute values we should return. */ $returnAttributes[$name] = array_intersect($values, $attributes[$name]); } } /* $returnAttributes contains the attributes we should return. Send them. */ $assertion = new SAML2_Assertion(); $assertion->setIssuer($idpEntityId); $assertion->setNameId($query->getNameId()); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + 5 * 60); $assertion->setValidAudiences(array($spEntityId)); $assertion->setAttributes($returnAttributes); $assertion->setAttributeNameFormat($attributeNameFormat); $sc = new SAML2_XML_saml_SubjectConfirmation(); $sc->Method = SAML2_Const::CM_BEARER; $sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); $sc->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60; $sc->SubjectConfirmationData->Recipient = $endpoint; $sc->SubjectConfirmationData->InResponseTo = $query->getId(); $assertion->setSubjectConfirmation(array($sc)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $assertion); $response = new SAML2_Response(); $response->setRelayState($query->getRelayState()); $response->setDestination($endpoint); $response->setIssuer($idpEntityId); $response->setInResponseTo($query->getId()); $response->setAssertions(array($assertion)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $response); $binding = new SAML2_HTTPPost(); $binding->send($response);
if (count($values) === 0) { /* Return all attributes. */ $returnAttributes[$name] = $attributes[$name]; continue; } /* Filter which attribute values we should return. */ $returnAttributes[$name] = array_intersect($values, $attributes[$name]); } } /* $returnAttributes contains the attributes we should return. Send them. */ $assertion = new SAML2_Assertion(); $assertion->setDestination($endpoint); $assertion->setIssuer($idpEntityId); $assertion->setNameId($query->getNameId()); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + 5 * 60); $assertion->setInResponseTo($query->getId()); $assertion->setValidAudiences(array($spEntityId)); $assertion->setAttributes($returnAttributes); $assertion->setAttributeNameFormat($attributeNameFormat); sspmod_saml2_Message::addSign($idpMetadata, $spMetadata, $assertion); $response = new SAML2_Response(); $response->setRelayState($query->getRelayState()); $response->setDestination($endpoint); $response->setIssuer($idpEntityId); $response->setInResponseTo($query->getId()); $response->setAssertions(array($assertion)); sspmod_saml2_Message::addSign($idpMetadata, $spMetadata, $response); $binding = new SAML2_HTTPPost(); $binding->setDestination(sspmod_saml2_Message::getDebugDestination()); $binding->send($response);