Example #1
0
/**
 * Helper function for handling exception/errors.
 *
 * This function will send an error response to the SP which contacted this IdP.
 *
 * @param Exception $exception  The exception.
 */
function handleError(Exception $exception)
{
    global $requestcache, $config, $metadata, $idpentityid;
    assert('is_array($requestcache)');
    assert('array_key_exists("Issuer", $requestcache)');
    $issuer = $requestcache['Issuer'];
    if (array_key_exists('RequestID', $requestcache)) {
        $requestID = $requestcache['RequestID'];
    } else {
        $requestID = NULL;
    }
    if (array_key_exists('RelayState', $requestcache)) {
        $relayState = $requestcache['RelayState'];
    } else {
        $relayState = NULL;
    }
    $error = sspmod_saml2_Error::fromException($exception);
    SimpleSAML_Logger::warning('Returning error to sp: ' . var_export($issuer, TRUE));
    $error->logWarning();
    try {
        $idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
        $spMetadata = $metadata->getMetaDataConfig($issuer, 'saml20-sp-remote');
        if (array_key_exists('ConsumerURL', $requestcache)) {
            $consumerURL = $requestcache['ConsumerURL'];
        } else {
            $urlArray = $spMetadata->getArrayizeString('AssertionConsumerService');
            $consumerURL = $urlArray[0];
        }
        $ar = sspmod_saml2_Message::buildResponse($idpMetadata, $spMetadata, $consumerURL);
        $ar->setInResponseTo($requestID);
        $ar->setRelayState($relayState);
        $ar->setStatus(array('Code' => $error->getStatus(), 'SubCode' => $error->getSubStatus(), 'Message' => $error->getStatusMessage()));
        $binding = new SAML2_HTTPPost();
        $binding->setDestination(sspmod_SAML2_Message::getDebugDestination());
        $binding->send($ar);
    } catch (Exception $e) {
        SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $e);
    }
}
        }
        /* Filter which attribute values we should return. */
        $returnAttributes[$name] = array_intersect($values, $attributes[$name]);
    }
}
/* $returnAttributes contains the attributes we should return. Send them. */
$assertion = new SAML2_Assertion();
$assertion->setIssuer($idpEntityId);
$assertion->setNameId($query->getNameId());
$assertion->setNotBefore(time());
$assertion->setNotOnOrAfter(time() + 5 * 60);
$assertion->setValidAudiences(array($spEntityId));
$assertion->setAttributes($returnAttributes);
$assertion->setAttributeNameFormat($attributeNameFormat);
$sc = new SAML2_XML_saml_SubjectConfirmation();
$sc->Method = SAML2_Const::CM_BEARER;
$sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData();
$sc->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60;
$sc->SubjectConfirmationData->Recipient = $endpoint;
$sc->SubjectConfirmationData->InResponseTo = $query->getId();
$assertion->setSubjectConfirmation(array($sc));
sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $assertion);
$response = new SAML2_Response();
$response->setRelayState($query->getRelayState());
$response->setDestination($endpoint);
$response->setIssuer($idpEntityId);
$response->setInResponseTo($query->getId());
$response->setAssertions(array($assertion));
sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $response);
$binding = new SAML2_HTTPPost();
$binding->send($response);
Example #3
0
        if (count($values) === 0) {
            /* Return all attributes. */
            $returnAttributes[$name] = $attributes[$name];
            continue;
        }
        /* Filter which attribute values we should return. */
        $returnAttributes[$name] = array_intersect($values, $attributes[$name]);
    }
}
/* $returnAttributes contains the attributes we should return. Send them. */
$assertion = new SAML2_Assertion();
$assertion->setDestination($endpoint);
$assertion->setIssuer($idpEntityId);
$assertion->setNameId($query->getNameId());
$assertion->setNotBefore(time());
$assertion->setNotOnOrAfter(time() + 5 * 60);
$assertion->setInResponseTo($query->getId());
$assertion->setValidAudiences(array($spEntityId));
$assertion->setAttributes($returnAttributes);
$assertion->setAttributeNameFormat($attributeNameFormat);
sspmod_saml2_Message::addSign($idpMetadata, $spMetadata, $assertion);
$response = new SAML2_Response();
$response->setRelayState($query->getRelayState());
$response->setDestination($endpoint);
$response->setIssuer($idpEntityId);
$response->setInResponseTo($query->getId());
$response->setAssertions(array($assertion));
sspmod_saml2_Message::addSign($idpMetadata, $spMetadata, $response);
$binding = new SAML2_HTTPPost();
$binding->setDestination(sspmod_saml2_Message::getDebugDestination());
$binding->send($response);