/** * Convert this AdditionalMetadataLocation to XML. * * @param DOMElement $parent The element we should append to. * @return DOMElement This AdditionalMetadataLocation-element. */ public function toXML(DOMElement $parent) { assert('is_string($this->namespace)'); assert('is_string($this->location)'); $e = SAML2_Utils::addString($parent, SAML2_Const::NS_MD, 'md:AdditionalMetadataLocation', $this->location); $e->setAttribute('namespace', $this->namespace); return $e; }
/** * Test adding an element with a string value. */ public function testAddString() { $document = SAML2_DOMDocumentFactory::fromString('<root/>'); SAML2_Utils::addString($document->firstChild, 'testns', 'ns:somenode', 'value'); $this->assertEquals('<root><ns:somenode xmlns:ns="testns">value</ns:somenode></root>', $document->saveXML($document->firstChild)); $document->loadXML('<ns:root xmlns:ns="testns"/>'); SAML2_Utils::addString($document->firstChild, 'testns', 'ns:somenode', 'value'); $this->assertEquals('<ns:root xmlns:ns="testns"><ns:somenode>value</ns:somenode></ns:root>', $document->saveXML($document->firstChild)); }
/** * Convert this IDPList to XML. * * @param DOMElement $parent The element we should append this element to. */ public function toXML(DOMElement $parent) { assert('is_array($this->IDPEntry)'); assert('!empty($this->IDPEntry)'); assert('is_string($this->GetComplete) || is_null($this->GetComplete)'); $doc = $parent->ownerDocument; $e = $doc->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:IDPList'); $parent->appendChild($e); foreach ($this->IDPEntry as $ie) { $ie->toXML($e); } if ($this->GetComplete !== NULL) { SAML2_Utils::addString($e, SAML2_Const::NS_SAMLP, 'samlp:GetComplete', $this->GetComplete); } return $e; }
/** * Convert status response message to an XML element. * * @return DOMElement This status response. */ public function toUnsignedXML() { $root = parent::toUnsignedXML(); if ($this->inResponseTo !== NULL) { $root->setAttribute('InResponseTo', $this->inResponseTo); } if ($this->extensions !== NULL) { if ($this->extensions === TRUE) { $ee = $this->document->createElementNS('http://rnd.feide.no/fedlab-ns', 'UnknownExtension'); } else { $ee = $this->extensions; } $extensions = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Extensions'); $extensions->appendChild($ee); $root->appendChild($extensions); } $status = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Status'); $root->appendChild($status); $statusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode'); $statusCode->setAttribute('Value', $this->status['Code']); $status->appendChild($statusCode); if (!is_null($this->status['SubCode'])) { $subStatusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode'); $subStatusCode->setAttribute('Value', $this->status['SubCode']); $statusCode->appendChild($subStatusCode); } if (!is_null($this->status['Message'])) { SAML2_Utils::addString($status, SAML2_Const::NS_SAMLP, 'StatusMessage', $this->status['Message']); } return $root; }
/** * Convert this authentication request to an XML element. * * @return DOMElement This authentication request. */ public function toUnsignedXML() { $root = parent::toUnsignedXML(); if ($this->forceAuthn) { $root->setAttribute('ForceAuthn', 'true'); } if ($this->isPassive) { $root->setAttribute('IsPassive', 'true'); } if ($this->assertionConsumerServiceIndex !== NULL) { $root->setAttribute('AssertionConsumerServiceIndex', $this->assertionConsumerServiceIndex); } else { if ($this->assertionConsumerServiceURL !== NULL) { $root->setAttribute('AssertionConsumerServiceURL', $this->assertionConsumerServiceURL); } if ($this->protocolBinding !== NULL) { $root->setAttribute('ProtocolBinding', $this->protocolBinding); } } if ($this->attributeConsumingServiceIndex !== NULL) { $root->setAttribute('AttributeConsumingServiceIndex', $this->attributeConsumingServiceIndex); } if (!empty($this->nameIdPolicy)) { $nameIdPolicy = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'NameIDPolicy'); if (array_key_exists('Format', $this->nameIdPolicy)) { $nameIdPolicy->setAttribute('Format', $this->nameIdPolicy['Format']); } if (array_key_exists('SPNameQualifier', $this->nameIdPolicy)) { $nameIdPolicy->setAttribute('SPNameQualifier', $this->nameIdPolicy['SPNameQualifier']); } if (array_key_exists('AllowCreate', $this->nameIdPolicy) && $this->nameIdPolicy['AllowCreate']) { $nameIdPolicy->setAttribute('AllowCreate', 'true'); } $root->appendChild($nameIdPolicy); } $rac = $this->requestedAuthnContext; if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) { $e = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'RequestedAuthnContext'); $root->appendChild($e); if (isset($rac['Comparison']) && $rac['Comparison'] !== 'exact') { $e->setAttribute('Comparison', $rac['Comparison']); } foreach ($rac['AuthnContextClassRef'] as $accr) { SAML2_Utils::addString($e, SAML2_Const::NS_SAML, 'AuthnContextClassRef', $accr); } } if (!empty($this->extensions)) { SAML2_XML_samlp_Extensions::addList($root, $this->extensions); } if ($this->ProxyCount !== NULL || count($this->IDPList) > 0 || count($this->RequesterID) > 0) { $scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping'); $root->appendChild($scoping); if ($this->ProxyCount !== NULL) { $scoping->setAttribute('ProxyCount', $this->ProxyCount); } if (count($this->IDPList) > 0) { $idplist = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPList'); foreach ($this->IDPList as $provider) { $idpEntry = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPEntry'); $idpEntry->setAttribute('ProviderID', $provider); $idplist->appendChild($idpEntry); } $scoping->appendChild($idplist); } if (count($this->RequesterID) > 0) { SAML2_Utils::addStrings($scoping, SAML2_Const::NS_SAMLP, 'RequesterID', FALSE, $this->RequesterID); } } return $root; }
/** * Convert the attribute query message to an XML element. * * @return DOMElement This attribute query. */ public function toUnsignedXML() { $root = parent::toUnsignedXML(); foreach ($this->attributes as $name => $values) { $attribute = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:Attribute'); $root->appendChild($attribute); $attribute->setAttribute('Name', $name); if ($this->nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) { $attribute->setAttribute('NameFormat', $this->nameFormat); } foreach ($values as $value) { if (is_string($value)) { $type = 'xs:string'; } elseif (is_int($value)) { $type = 'xs:integer'; } else { $type = NULL; } $attributeValue = SAML2_Utils::addString($attribute, SAML2_Const::NS_SAML, 'saml:AttributeValue', $value); if ($type !== NULL) { $attributeValue->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', $type); } } } return $root; }
/** * Convert this KeyName element to XML. * * @param DOMElement $parent The element we should append this KeyName element to. * @return DOMElement */ public function toXML(DOMElement $parent) { assert('is_string($this->name)'); return SAML2_Utils::addString($parent, XMLSecurityDSig::XMLDSIGNS, 'ds:KeyName', $this->name); }
/** * Create a NameID element. * * The NameId array can have the following elements: 'Value', 'Format', * 'NameQualifier, 'SPNameQualifier' * * Only the 'Value'-element is required. * * @param DOMElement $node The DOM node we should append the NameId to. * @param array $nameId The name identifier. */ public static function addNameId(DOMElement $node, array $nameId) { assert('array_key_exists("Value", $nameId)'); $xml = SAML2_Utils::addString($node, SAML2_Const::NS_SAML, 'saml:NameID', $nameId['Value']); if (array_key_exists('NameQualifier', $nameId) && $nameId['NameQualifier'] !== NULL) { $xml->setAttribute('NameQualifier', $nameId['NameQualifier']); } if (array_key_exists('SPNameQualifier', $nameId) && $nameId['SPNameQualifier'] !== NULL) { $xml->setAttribute('SPNameQualifier', $nameId['SPNameQualifier']); } if (array_key_exists('Format', $nameId) && $nameId['Format'] !== NULL) { $xml->setAttribute('Format', $nameId['Format']); } }
/** * Convert this message to an unsigned XML document. * * This method does not sign the resulting XML document. * * @return DOMElement The root element of the DOM tree. */ public function toUnsignedXML() { $this->document = new DOMDocument(); $root = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:' . $this->tagName); $this->document->appendChild($root); /* Ugly hack to add another namespace declaration to the root element. */ $root->setAttributeNS(SAML2_Const::NS_SAML, 'saml:tmp', 'tmp'); $root->removeAttributeNS(SAML2_Const::NS_SAML, 'tmp'); $root->setAttribute('ID', $this->id); $root->setAttribute('Version', '2.0'); $root->setAttribute('IssueInstant', gmdate('Y-m-d\\TH:i:s\\Z', $this->issueInstant)); if ($this->destination !== NULL) { $root->setAttribute('Destination', $this->destination); } if ($this->consent !== NULL && $this->consent !== SAML2_Const::CONSENT_UNSPECIFIED) { $root->setAttribute('Consent', $this->consent); } if ($this->issuer !== NULL) { SAML2_Utils::addString($root, SAML2_Const::NS_SAML, 'saml:Issuer', $this->issuer); } if (!empty($this->extensions)) { SAML2_XML_samlp_Extensions::addList($root, $this->extensions); } return $root; }
/** * Convert this logout request message to an XML element. * * @return DOMElement This logout request. */ public function toUnsignedXML() { $root = parent::toUnsignedXML(); SAML2_Utils::addNameId($root, $this->nameId); $root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\\TH:i:s\\Z', time() + 3600)); if ($this->sessionIndex !== NULL) { if (is_array($this->sessionIndex)) { foreach ($this->sessionIndex as $si) { SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $si); } } elseif (is_string($this->sessionIndex)) { SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $this->sessionIndex); } } return $root; }
/** * Convert this ContactPerson to XML. * * @param DOMElement $parent The element we should add this contact to. * @return DOMElement The new ContactPerson-element. */ public function toXML(DOMElement $parent) { assert('is_string($this->contactType)'); assert('is_array($this->Extensions)'); assert('is_null($this->Company) || is_string($this->Company)'); assert('is_null($this->GivenName) || is_string($this->GivenName)'); assert('is_null($this->SurName) || is_string($this->SurName)'); assert('is_array($this->EmailAddress)'); assert('is_array($this->TelephoneNumber)'); $doc = $parent->ownerDocument; $e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:ContactPerson'); $parent->appendChild($e); $e->setAttribute('contactType', $this->contactType); SAML2_XML_md_Extensions::addList($e, $this->Extensions); if (isset($this->Company)) { SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:Company', $this->Company); } if (isset($this->GivenName)) { SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:GivenName', $this->GivenName); } if (isset($this->SurName)) { SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:SurName', $this->SurName); } if (!empty($this->EmailAddress)) { SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:EmailAddress', FALSE, $this->EmailAddress); } if (!empty($this->TelephoneNumber)) { SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:TelephoneNumber', FALSE, $this->TelephoneNumber); } return $e; }
/** * Convert status response message to an XML element. * * @return DOMElement This status response. */ public function toUnsignedXML() { $root = parent::toUnsignedXML(); if ($this->inResponseTo !== NULL) { $root->setAttribute('InResponseTo', $this->inResponseTo); } $status = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Status'); $root->appendChild($status); $statusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode'); $statusCode->setAttribute('Value', $this->status['Code']); $status->appendChild($statusCode); if (!is_null($this->status['SubCode'])) { $subStatusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode'); $subStatusCode->setAttribute('Value', $this->status['SubCode']); $statusCode->appendChild($subStatusCode); } if (!is_null($this->status['Message'])) { SAML2_Utils::addString($status, SAML2_Const::NS_SAMLP, 'StatusMessage', $this->status['Message']); } return $root; }
/** * Convert this logout request message to an XML element. * * @return DOMElement This logout request. */ public function toUnsignedXML() { $root = parent::toUnsignedXML(); if ($this->notOnOrAfter !== NULL) { $root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\\TH:i:s\\Z', $this->notOnOrAfter)); } if ($this->encryptedNameId === NULL) { SAML2_Utils::addNameId($root, $this->nameId); } else { $eid = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedID'); $root->appendChild($eid); $eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, TRUE)); } foreach ($this->sessionIndexes as $sessionIndex) { SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $sessionIndex); } return $root; }
/** * Convert this logout request message to an XML element. * * @return DOMElement This logout request. */ public function toUnsignedXML() { $root = parent::toUnsignedXML(); SAML2_Utils::addNameId($root, $this->nameId); if ($this->sessionIndex !== NULL) { if (is_array($this->sessionIndex)) { foreach ($this->sessionIndex as $si) { SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $si); } } elseif (is_string($this->sessionIndex)) { SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $this->sessionIndex); } } return $root; }
/** * Add a AuthnStatement-node to the assertion. * * @param DOMElement $root The assertion element we should add the authentication statement to. */ private function addAuthnStatement(DOMElement $root) { if ($this->authnInstant === NULL || $this->authnContextClassRef === NULL && $this->authnContextDecl === NULL && $this->authnContextDeclRef === NULL) { /* No authentication context or AuthnInstant => no authentication statement. */ return; } $document = $root->ownerDocument; $authnStatementEl = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnStatement'); $root->appendChild($authnStatementEl); $authnStatementEl->setAttribute('AuthnInstant', gmdate('Y-m-d\\TH:i:s\\Z', $this->authnInstant)); if ($this->sessionNotOnOrAfter !== NULL) { $authnStatementEl->setAttribute('SessionNotOnOrAfter', gmdate('Y-m-d\\TH:i:s\\Z', $this->sessionNotOnOrAfter)); } if ($this->sessionIndex !== NULL) { $authnStatementEl->setAttribute('SessionIndex', $this->sessionIndex); } $authnContextEl = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnContext'); $authnStatementEl->appendChild($authnContextEl); if (!empty($this->authnContextClassRef)) { SAML2_Utils::addString($authnContextEl, SAML2_Const::NS_SAML, 'saml:AuthnContextClassRef', $this->authnContextClassRef); } if (!empty($this->authnContextDecl)) { $this->authnContextDecl->toXML($authnContextEl); } if (!empty($this->authnContextDeclRef)) { SAML2_Utils::addString($authnContextEl, SAML2_Const::NS_SAML, 'saml:AuthnContextDeclRef', $this->authnContextDeclRef); } SAML2_Utils::addStrings($authnContextEl, SAML2_Const::NS_SAML, 'saml:AuthenticatingAuthority', FALSE, $this->AuthenticatingAuthority); }
/** * Add a AuthnStatement-node to the assertion. * * @param DOMElement $root The assertion element we should add the authentication statement to. */ private function addAuthnStatement(DOMElement $root) { if ($this->authnContext === NULL || $this->authnInstant === NULL) { /* No authentication context or AuthnInstant => no authentication statement. */ return; } $document = $root->ownerDocument; $as = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnStatement'); $root->appendChild($as); $as->setAttribute('AuthnInstant', gmdate('Y-m-d\\TH:i:s\\Z', $this->authnInstant)); if ($this->sessionNotOnOrAfter !== NULL) { $as->setAttribute('SessionNotOnOrAfter', gmdate('Y-m-d\\TH:i:s\\Z', $this->sessionNotOnOrAfter)); } if ($this->sessionIndex !== NULL) { $as->setAttribute('SessionIndex', $this->sessionIndex); } $ac = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnContext'); $as->appendChild($ac); SAML2_Utils::addString($ac, SAML2_Const::NS_SAML, 'saml:AuthnContextClassRef', $this->authnContext); SAML2_Utils::addStrings($ac, SAML2_Const::NS_SAML, 'saml:AuthenticatingAuthority', false, $this->AuthenticatingAuthority); }
/** * Convert this ECP Request to XML. * * @param DOMElement $parent The element we should append this element to. */ public function toXML(DOMElement $parent) { assert('is_string($this->ProviderName) || is_null($this->ProviderName)'); assert('is_bool($this->IsPassive) || is_null($this->IsPassive)'); assert('is_string($this->Issuer)'); assert('is_null($this->IDPList) || $this->IDPList instanceof SAML2_XML_samlp_IDPList'); $doc = $parent->ownerDocument; $e = $doc->createElementNS(SAML2_Const::NS_ECP, 'ecp:Request'); $parent->appendChild($e); $e->setAttributeNS(SAML2_Const::NS_SOAP, 'SOAP-ENV:mustUnderstand', '1'); $e->setAttributeNS(SAML2_Const::NS_SOAP, 'SOAP-ENV:actor', 'http://schemas.xmlsoap.org/soap/actor/next'); if ($this->ProviderName !== NULL) { $e->setAttribute('ProviderName', $this->ProviderName); } if ($this->IsPassive === TRUE) { $e->setAttribute('IsPassive', 'true'); } elseif ($this->IsPassive === FALSE) { $e->setAttribute('IsPassive', 'false'); } SAML2_Utils::addString($e, SAML2_Const::NS_SAML, 'saml:Issuer', $this->Issuer); if ($this->IDPList !== NULL) { $this->IDPList->toXML($e); } return $e; }