/**
* @param ProfileContext $context
*/
protected function doExecute(ProfileContext $context)
{
$message = MessageContextHelper::asSamlMessage($context->getOutboundContext());
$state = new RequestState();
$state->setId($message->getID());
$state->setNonce($message);
$this->requestStore->set($state);
}
/**
* @param string $inResponseTo
* @param AssertionContext $context
*
* @return \LightSaml\State\Request\RequestState
*/
protected function validateInResponseTo($inResponseTo, AssertionContext $context)
{
$requestState = $this->requestStore->get($inResponseTo);
if (null == $requestState) {
$message = sprintf("Unknown InResponseTo '%s'", $inResponseTo);
$this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
return $requestState;
}
/**
* @param ContextInterface|null $requestStateContext
*/
protected function flush($requestStateContext = null)
{
if ($requestStateContext instanceof RequestStateContext && $requestStateContext->getRequestState() && $requestStateContext->getRequestState()->getId()) {
$existed = $this->requestStore->remove($requestStateContext->getRequestState()->getId());
if ($existed) {
$this->logger->debug(sprintf('Removed request state "%s"', $requestStateContext->getRequestState()->getId()), LogHelper::getActionContext($requestStateContext, $this));
} else {
$this->logger->debug(sprintf('Request state "%s" does not exist', $requestStateContext->getRequestState()->getId()), LogHelper::getActionContext($requestStateContext, $this));
}
}
}
/**
* @param ProfileContext $context
*/
protected function doExecute(ProfileContext $context)
{
$message = MessageContextHelper::asSamlMessage($context->getOutboundContext());
$state = new RequestState();
$state->setId($message->getID());
$partyEntityId = $context->getPartyEntityContext() ? $context->getPartyEntityContext()->getEntityId() : '';
if ($context->getPartyEntityContext() && $context->getPartyEntityContext()->getEntityDescriptor()) {
$partyEntityId = $context->getPartyEntityContext()->getEntityDescriptor()->getEntityID();
}
$state->getParameters()->add([RequestStateParameters::ID => $message->getID(), RequestStateParameters::TYPE => get_class($message), RequestStateParameters::TIMESTAMP => $message->getIssueInstantTimestamp(), RequestStateParameters::PARTY => $partyEntityId, RequestStateParameters::RELAY_STATE => $message->getRelayState()]);
if ($message instanceof LogoutRequest) {
$state->getParameters()->add([RequestStateParameters::NAME_ID => $message->getNameID()->getValue(), RequestStateParameters::NAME_ID_FORMAT => $message->getNameID()->getFormat(), RequestStateParameters::SESSION_INDEX => $message->getSessionIndex()]);
}
$this->requestStore->set($state);
}
/**
* @param ProfileContext $context
*/
protected function doExecute(ProfileContext $context)
{
$response = MessageContextHelper::asStatusResponse($context->getInboundContext());
$inResponseTo = $response->getInResponseTo();
if ($inResponseTo) {
$requestState = $this->requestStore->get($inResponseTo);
if (null == $requestState) {
$message = sprintf("Unknown InResponseTo '%s'", $inResponseTo);
$this->logger->error($message, LogHelper::getActionErrorContext($context, $this, array('in_response_to' => $inResponseTo)));
throw new LightSamlContextException($context, $message);
}
/** @var RequestStateContext $requestStateContext */
$requestStateContext = $context->getInboundContext()->getSubContext(ProfileContexts::REQUEST_STATE, RequestStateContext::class);
$requestStateContext->setRequestState($requestState);
}
}
protected function doExecute(ProfileContext $context)
{
$logoutResponse = MessageContextHelper::asLogoutResponse($context->getInboundContext());
$id = $logoutResponse->getInResponseTo();
$requestState = $this->requestStore->get($id);
$partyEntityId = $requestState->getParameters()->get(RequestStateParameters::PARTY);
if ($partyEntityId && $logoutResponse->getIssuer() && $partyEntityId != $logoutResponse->getIssuer()->getValue()) {
$message = sprintf('LogoutRequest sent to %s but LogoutResponse for that request was issued by %s', $partyEntityId, $logoutResponse->getIssuer()->getValue());
$this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, ['sent_to' => $partyEntityId, 'received_from' => $logoutResponse->getIssuer()->getValue()]));
throw new LightSamlContextException($context, $message);
}
$nameId = $requestState->getParameters()->get(RequestStateParameters::NAME_ID);
$nameIdFormat = $requestState->getParameters()->get(RequestStateParameters::NAME_ID_FORMAT);
$sessionIndex = $requestState->getParameters()->get(RequestStateParameters::SESSION_INDEX);
$numberOfTerminatedSessions = $this->logoutResolver->terminateSession($logoutResponse->getIssuer()->getValue(), $nameId, $nameIdFormat, $sessionIndex);
$this->logger->debug(sprintf('Processing LogoutResponse from %s for %s in format %s and session index %s resulted in termination of %s sso session from the store', $partyEntityId, $nameId, $nameIdFormat, $sessionIndex, $numberOfTerminatedSessions), LogHelper::getActionContext($context, $this));
}
/**
* @param ProfileContext $context
*/
protected function doExecute(ProfileContext $context)
{
$response = MessageContextHelper::asStatusResponse($context->getInboundContext());
$inResponseTo = $response->getInResponseTo();
if ($inResponseTo) {
$requestState = $this->requestStore->get($inResponseTo);
if (null == $requestState) {
$message = sprintf("Unknown InResponseTo '%s'", $inResponseTo);
$this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, array('in_response_to' => $inResponseTo)));
throw new LightSamlContextException($context, $message);
}
$sentToParty = $requestState->getParameters()->get(RequestStateParameters::PARTY);
if ($sentToParty && $response->getIssuer() && $response->getIssuer()->getValue() != $sentToParty) {
$message = sprintf('AuthnRequest with id "%s" sent to party "%s" but StatusResponse for that request issued by party "%s"', $inResponseTo, $sentToParty, $response->getIssuer()->getValue());
$this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, array('sent_to' => $sentToParty, 'received_from' => $response->getIssuer()->getValue())));
throw new LightSamlContextException($context, $message);
}
/** @var RequestStateContext $requestStateContext */
$requestStateContext = $context->getInboundContext()->getSubContext(ProfileContexts::REQUEST_STATE, RequestStateContext::class);
$requestStateContext->setRequestState($requestState);
}
}
