/**
* Receive a SAML 2 message sent using the HTTP-Artifact binding.
*
* Throws an exception if it is unable receive the message.
*
* @return SAML2_Message The received message.
* @throws Exception
*/
public function receive()
{
if (array_key_exists('SAMLart', $_REQUEST)) {
$artifact = base64_decode($_REQUEST['SAMLart']);
$endpointIndex = bin2hex(substr($artifact, 2, 2));
$sourceId = bin2hex(substr($artifact, 4, 20));
} else {
throw new Exception('Missing SAMLArt parameter.');
}
$metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $metadataHandler->getMetaDataConfigForSha1($sourceId, 'saml20-idp-remote');
if ($idpMetadata === NULL) {
throw new Exception('No metadata found for remote provider with SHA1 ID: ' . var_export($sourceId, TRUE));
}
$endpoint = NULL;
foreach ($idpMetadata->getEndpoints('ArtifactResolutionService') as $ep) {
if ($ep['index'] === hexdec($endpointIndex)) {
$endpoint = $ep;
break;
}
}
if ($endpoint === NULL) {
throw new Exception('No ArtifactResolutionService with the correct index.');
}
SAML2_Utils::getContainer()->getLogger()->debug("ArtifactResolutionService endpoint being used is := " . $endpoint['Location']);
//Construct the ArtifactResolve Request
$ar = new SAML2_ArtifactResolve();
/* Set the request attributes */
$ar->setIssuer($this->spMetadata->getString('entityid'));
$ar->setArtifact($_REQUEST['SAMLart']);
$ar->setDestination($endpoint['Location']);
/* Sign the request */
sspmod_saml_Message::addSign($this->spMetadata, $idpMetadata, $ar);
// Shoaib - moved from the SOAPClient.
$soap = new SAML2_SOAPClient();
// Send message through SoapClient
/** @var SAML2_ArtifactResponse $artifactResponse */
$artifactResponse = $soap->send($ar, $this->spMetadata);
if (!$artifactResponse->isSuccess()) {
throw new Exception('Received error from ArtifactResolutionService.');
}
$xml = $artifactResponse->getAny();
if ($xml === NULL) {
/* Empty ArtifactResponse - possibly because of Artifact replay? */
return NULL;
}
$samlResponse = SAML2_Message::fromXML($xml);
$samlResponse->addValidator(array(get_class($this), 'validateSignature'), $artifactResponse);
if (isset($_REQUEST['RelayState'])) {
$samlResponse->setRelayState($_REQUEST['RelayState']);
}
return $samlResponse;
}
/**
* build and send AttributeQuery
*/
function sendQuery($dataId, $url, $nameId, $attributes, $attributeNameFormat, $src, $dst)
{
assert('is_string($dataId)');
assert('is_string($url)');
assert('is_array($nameId)');
assert('is_array($attributes)');
SimpleSAML_Logger::debug('[attributeaggregator] - sending request');
$query = new SAML2_AttributeQuery();
$query->setRelayState($dataId);
$query->setDestination($url);
$query->setIssuer($src->getValue('entityid'));
$query->setNameId($nameId);
$query->setAttributeNameFormat($attributeNameFormat);
if (!empty($attributes)) {
$query->setAttributes($attributes);
}
sspmod_saml_Message::addSign($src, $dst, $query);
if (!$query->getSignatureKey()) {
throw new SimpleSAML_Error_Exception('[attributeaggregator] - Unable to find private key for signing attribute request.');
}
SimpleSAML_Logger::debug('[attributeaggregator] - sending attribute query: ' . var_export($query, 1));
$binding = new SAML2_SOAPClient();
$result = $binding->send($query, $src);
return $result;
}
