public function testMarshalling() { $indexedEndpointType = new IndexedEndpointType(); $indexedEndpointType->Binding = 'TestBinding'; $indexedEndpointType->Location = 'TestLocation'; $indexedEndpointType->index = 42; $indexedEndpointType->isDefault = false; $document = DOMDocumentFactory::fromString('<root />'); $indexedEndpointTypeElement = $indexedEndpointType->toXML($document->firstChild, 'md:Test'); $indexedEndpointElements = Utils::xpQuery($indexedEndpointTypeElement, '/root/saml_metadata:Test'); $this->assertCount(1, $indexedEndpointElements); $indexedEndpointElement = $indexedEndpointElements[0]; $this->assertEquals('TestBinding', $indexedEndpointElement->getAttribute('Binding')); $this->assertEquals('TestLocation', $indexedEndpointElement->getAttribute('Location')); $this->assertEquals('42', $indexedEndpointElement->getAttribute('index')); $this->assertEquals('false', $indexedEndpointElement->getAttribute('isDefault')); $indexedEndpointType->isDefault = true; $document->loadXML('<root />'); $indexedEndpointTypeElement = $indexedEndpointType->toXML($document->firstChild, 'md:Test'); $indexedEndpointTypeElement = Utils::xpQuery($indexedEndpointTypeElement, '/root/saml_metadata:Test'); $this->assertCount(1, $indexedEndpointTypeElement); $this->assertEquals('true', $indexedEndpointTypeElement[0]->getAttribute('isDefault')); $indexedEndpointType->isDefault = null; $document->loadXML('<root />'); $indexedEndpointTypeElement = $indexedEndpointType->toXML($document->firstChild, 'md:Test'); $indexedEndpointTypeElement = Utils::xpQuery($indexedEndpointTypeElement, '/root/saml_metadata:Test'); $this->assertCount(1, $indexedEndpointTypeElement); $this->assertTrue(!$indexedEndpointTypeElement[0]->hasAttribute('isDefault')); }
/** * Verifies that we can create an AttributeValue from a DOMElement. */ public function testCreateAttributeFromDOMElement() { $attribute = new Attribute(); $attribute->Name = 'TheName'; $attribute->NameFormat = 'TheNameFormat'; $attribute->FriendlyName = 'TheFriendlyName'; $element = new \DOMDocument(); $element->loadXML(<<<ATTRIBUTEVALUE <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">urn:collab:person:surftest.nl:example</NameID> ATTRIBUTEVALUE ); $attribute->AttributeValue = array(new AttributeValue($element->documentElement)); $document = DOMDocumentFactory::fromString('<root />'); $returnedStructure = $attribute->toXML($document->firstChild); $expectedStructureDocument = new \DOMDocument(); $expectedStructureDocument->loadXML(<<<ATTRIBUTEXML <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="TheName" NameFormat="TheNameFormat" FriendlyName="TheFriendlyName"> <saml:AttributeValue> <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">urn:collab:person:surftest.nl:example</NameID> </saml:AttributeValue> </saml:Attribute> ATTRIBUTEXML ); $expectedStructure = $expectedStructureDocument->documentElement; $this->assertEqualXMLStructure($expectedStructure, $returnedStructure); $this->assertEquals("urn:collab:person:surftest.nl:example", $attribute->AttributeValue[0]->getString()); }
/** * Prepare a basic DOMelement to test against */ public function setUp() { $document = DOMDocumentFactory::fromString(<<<XML <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s2a0da3504aff978b0f8c80f6a62c713c4a2f64c5b" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984" Version="2.0" IssueInstant="2007-12-10T11:39:48Z" Destination="http://moodle.bridge.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php"> <saml:Issuer>max.feide.no</saml:Issuer> <samlp:Extensions> <myns:AttributeList xmlns:myns="urn:mynamespace"> <myns:Attribute name="UserName" value=""/> </myns:AttributeList> <ExampleElement name="AnotherExtension" /> </samlp:Extensions> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> </samlp:Response> XML ); $this->testElement = $document->documentElement; }
public function testUnmarshalling() { $mdNamespace = Constants::NS_MD; $document = DOMDocumentFactory::fromString(<<<XML <md:Test xmlns:md="{$mdNamespace}" Binding="urn:something" Location="https://whatever/" xmlns:test="urn:test" test:attr="value" /> XML ); $endpointType = new EndpointType($document->firstChild); $this->assertEquals(true, $endpointType->hasAttributeNS('urn:test', 'attr')); $this->assertEquals('value', $endpointType->getAttributeNS('urn:test', 'attr')); $this->assertEquals(false, $endpointType->hasAttributeNS('urn:test', 'invalid')); $this->assertEquals('', $endpointType->getAttributeNS('urn:test', 'invalid')); $endpointType->removeAttributeNS('urn:test', 'attr'); $this->assertEquals(false, $endpointType->hasAttributeNS('urn:test', 'attr')); $this->assertEquals('', $endpointType->getAttributeNS('urn:test', 'attr')); $endpointType->setAttributeNS('urn:test2', 'test2:attr2', 'value2'); $this->assertEquals('value2', $endpointType->getAttributeNS('urn:test2', 'attr2')); $document->loadXML('<root />'); $endpointTypeElement = $endpointType->toXML($document->firstChild, 'md:Test'); $endpointTypeElements = Utils::xpQuery($endpointTypeElement, '/root/saml_metadata:Test'); $this->assertCount(1, $endpointTypeElements); $endpointTypeElement = $endpointTypeElements[0]; $this->assertEquals('value2', $endpointTypeElement->getAttributeNS('urn:test2', 'attr2')); $this->assertEquals(false, $endpointTypeElement->hasAttributeNS('urn:test', 'attr')); }
/** * Test unmarshalling / marshalling of XML with Extensions element */ public function testExtensionOrdering() { $xml = <<<AUTHNREQUEST <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_306f8ec5b618f361c70b6ffb1480eade" Version="2.0" IssueInstant="2004-12-05T09:21:59Z" Destination="https://idp.example.org/SAML2/SSO/Artifact" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" AssertionConsumerServiceURL="https://sp.example.com/SAML2/SSO/Artifact"> <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer> <samlp:Extensions> <myns:AttributeList xmlns:myns="urn:mynamespace"> <myns:Attribute name="UserName" value=""/> </myns:AttributeList> </samlp:Extensions> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">user@example.org</saml:NameID> </saml:Subject> <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/> </samlp:AuthnRequest> AUTHNREQUEST; $document = DOMDocumentFactory::fromString($xml); $authnRequest = new AuthnRequest($document->documentElement); $this->assertXmlStringEqualsXmlString($document->C14N(), $authnRequest->toUnsignedXML()->C14N()); }
/** * Extract the response element from the SOAP response. * * @param string $soapResponse The SOAP response. * @return string The <saml1p:Response> element, as a string. */ private static function extractResponse($soapResponse) { assert('is_string($soapResponse)'); try { $doc = \SAML2\DOMDocumentFactory::fromString($soapResponse); } catch (\Exception $e) { throw new SimpleSAML_Error_Exception('Error parsing SAML 1 artifact response.'); } $soapEnvelope = $doc->firstChild; if (!SimpleSAML\Utils\XML::isDOMElementOfType($soapEnvelope, 'Envelope', 'http://schemas.xmlsoap.org/soap/envelope/')) { throw new SimpleSAML_Error_Exception('Expected artifact response to contain a <soap:Envelope> element.'); } $soapBody = SimpleSAML\Utils\XML::getDOMChildren($soapEnvelope, 'Body', 'http://schemas.xmlsoap.org/soap/envelope/'); if (count($soapBody) === 0) { throw new SimpleSAML_Error_Exception('Couldn\'t find <soap:Body> in <soap:Envelope>.'); } $soapBody = $soapBody[0]; $responseElement = SimpleSAML\Utils\XML::getDOMChildren($soapBody, 'Response', 'urn:oasis:names:tc:SAML:1.0:protocol'); if (count($responseElement) === 0) { throw new SimpleSAML_Error_Exception('Couldn\'t find <saml1p:Response> in <soap:Body>.'); } $responseElement = $responseElement[0]; /* * Save the <saml1p:Response> element. Note that we need to import it * into a new document, in order to preserve namespace declarations. */ $newDoc = \SAML2\DOMDocumentFactory::create(); $newDoc->appendChild($newDoc->importNode($responseElement, TRUE)); $responseXML = $newDoc->saveXML(); return $responseXML; }
/** * Un-serialize this XML chunk. * * @param string $serialized The serialized chunk. * @return \SAML2\XML\Chunk The chunk object represented by the serialized string. */ public function unserialize($serialized) { $doc = DOMDocumentFactory::fromString(unserialize($serialized)); $this->xml = $doc->documentElement; $this->localName = $this->xml->localName; $this->namespaceURI = $this->xml->namespaceURI; }
/** * Convert this NameID to XML. * * @param \DOMElement|null $parent The element we should append to. * @return \DOMElement This AdditionalMetadataLocation-element. */ public function toXML(\DOMElement $parent = null) { assert('is_string($this->NameQualifier) || is_null($this->NameQualifier)'); assert('is_string($this->SPNameQualifier) || is_null($this->SPNameQualifier)'); assert('is_string($this->Format) || is_null($this->Format)'); assert('is_string($this->SPProvidedID) || is_null($this->SPProvidedID)'); assert('is_string($this->value)'); if ($parent === null) { $parent = DOMDocumentFactory::create(); $doc = $parent; } else { $doc = $parent->ownerDocument; } $e = $doc->createElementNS(Constants::NS_SAML, 'saml:NameID'); $parent->appendChild($e); if ($this->NameQualifier !== null) { $e->setAttribute('NameQualifier', $this->NameQualifier); } if ($this->SPNameQualifier !== null) { $e->setAttribute('SPNameQualifier', $this->SPNameQualifier); } if ($this->Format !== null) { $e->setAttribute('Format', $this->Format); } if ($this->SPProvidedID !== null) { $e->setAttribute('SPProvidedID', $this->SPProvidedID); } $t = $doc->createTextNode($this->value); $e->appendChild($t); return $e; }
/** * Test serialization and unserialization */ public function testChunkSerializationLoop() { $ser = $this->chunk->serialize(); $document = DOMDocumentFactory::fromString('<root />'); $newchunk = new Chunk($document->firstChild); $newchunk->unserialize($ser); $this->assertEqualXMLStructure($this->chunk->getXML(), $newchunk->getXML()); }
public function testEmptyRegistrationAuthorityOutboundThrowsException() { $registrationInfo = new RegistrationInfo(); $registrationInfo->registrationAuthority = ''; $document = DOMDocumentFactory::fromString('<root />'); $this->setExpectedException('Exception', 'Missing required registration authority.'); $xml = $registrationInfo->toXML($document->firstChild); }
public function setXML($xml) { assert('is_string($xml)'); try { $this->dom = \SAML2\DOMDocumentFactory::fromString(str_replace("\r", "", $xml)); } catch (\Exception $e) { throw new Exception('Unable to parse AuthnResponse XML.'); } }
/** * Unmarshalling fails if height attribute not present */ public function testUnmarshallingFailsMissingHeight() { $document = DOMDocumentFactory::fromString(<<<XML <mdui:Logo width="300" xml:lang="nl">https://static.example.org/images/logos/logo300x200.png</mdui:Logo> XML ); $this->setExpectedException('Exception', 'Missing height of Logo'); $logo = new Logo($document->firstChild); }
/** * Unmarshalling fails if attribute is empty */ public function testUnmarshallingFailsMissingKeywords() { $document = DOMDocumentFactory::fromString(<<<XML <mdui:Keywords xml:lang="nl"></mdui:Keywords> XML ); $this->setExpectedException('Exception', 'Missing value for Keywords'); $keywords = new Keywords($document->firstChild); }
public function testUnmarshalling() { $document = DOMDocumentFactory::fromString('<md:AdditionalMetadataLocation xmlns:md="' . Constants::NS_MD . '"' . ' namespace="TheNamespaceAttribute">LocationText</md:AdditionalMetadataLocation>'); $additionalMetadataLocation = new AdditionalMetadataLocation($document->firstChild); $this->assertEquals('TheNamespaceAttribute', $additionalMetadataLocation->namespace); $this->assertEquals('LocationText', $additionalMetadataLocation->location); $document->loadXML('<md:AdditionalMetadataLocation xmlns:md="' . Constants::NS_MD . '"' . '>LocationText</md:AdditionalMetadataLocation>'); $this->setExpectedException('Exception', 'Missing namespace attribute on AdditionalMetadataLocation element.'); new AdditionalMetadataLocation($document->firstChild); }
public function testMissingPublisherThrowsException() { $document = DOMDocumentFactory::fromString(<<<XML <mdrpi:PublicationInfo xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" creationInstant="2011-01-01T00:00:00Z" publicationId="SomePublicationId"> </mdrpi:PublicationInfo> XML ); $this->setExpectedException('Exception', 'Missing required attribute "publisher"'); $publicationInfo = new PublicationInfo($document->firstChild); }
function __construct($metaxml) { $template = ''; if (strpos("\n", $metaxml) === FALSE) { foreach (explode("\n", self::template) as $line) { $template .= trim($line); } } else { $template = self::template; } $sigdoc = \SAML2\DOMDocumentFactory::fromString($template); $this->sigNode = $sigdoc->documentElement; }
public function testUnmarshallingFailure() { $samlNamespace = Constants::NS_SAML; $document = DOMDocumentFactory::fromString(<<<XML <saml:Attribute xmlns:saml="{$samlNamespace}" NameFormat="TheNameFormat" FriendlyName="TheFriendlyName"> <saml:AttributeValue>FirstValue</saml:AttributeValue> <saml:AttributeValue>SecondValue</saml:AttributeValue> </saml:Attribute> XML ); $this->setExpectedException('Exception', 'Missing Name on Attribute.'); new Attribute($document->firstChild); }
public function testUnmarshallingWithoutOwner() { $mdNamespace = Constants::NS_MD; $document = DOMDocumentFactory::fromString(<<<XML <md:AffiliationDescriptor xmlns:md="{$mdNamespace}" ID="TheID" validUntil="2009-02-13T23:31:30Z" cacheDuration="PT5000S"> <md:AffiliateMember>Member</md:AffiliateMember> <md:AffiliateMember>OtherMember</md:AffiliateMember> </md:AffiliationDescriptor> XML ); $this->setExpectedException('Exception', 'Missing affiliationOwnerID on AffiliationDescriptor.'); new AffiliationDescriptor($document->firstChild); }
public function testManySubjectConfirmationDataThrowsException() { $samlNamespace = Constants::NS_SAML; $document = DOMDocumentFactory::fromString(<<<XML <saml:SubjectConfirmation xmlns:saml="{$samlNamespace}" Method="SomeMethod"> <saml:NameID>SomeNameIDValue</saml:NameID> <saml:SubjectConfirmationData Recipient="Me" /> <saml:SubjectConfirmationData Recipient="Someone Else" /> </saml:SubjectConfirmation> XML ); $this->setExpectedException('Exception', 'More than one SubjectConfirmationData child in a SubjectConfirmation element'); $subjectConfirmation = new SubjectConfirmation($document->firstChild); }
public function testUnmarshalling() { $samlNamespace = Constants::NS_SAML; $document = DOMDocumentFactory::fromString(<<<XML <saml:NameID xmlns:saml="{$samlNamespace}" NameQualifier="TheNameQualifier" SPNameQualifier="TheSPNameQualifier" Format="TheFormat" SPProvidedID="TheSPProvidedID">TheNameIDValue</saml:NameID> XML ); $nameId = new NameID($document->firstChild); $this->assertEquals('TheNameQualifier', $nameId->NameQualifier); $this->assertEquals('TheSPNameQualifier', $nameId->SPNameQualifier); $this->assertEquals('TheFormat', $nameId->Format); $this->assertEquals('TheSPProvidedID', $nameId->SPProvidedID); $this->assertEquals('TheNameIDValue', $nameId->value); }
/** * @test * @group signature */ public function signed_message_with_valid_signature_is_validated_correctly() { $pattern = Certificate::CERTIFICATE_PATTERN; preg_match($pattern, CertificatesMock::PUBLIC_KEY_PEM, $matches); $config = new IdentityProvider(array('certificateData' => $matches[1])); $validator = new PublicKeyValidator(new SimpleTestLogger(), new KeyLoader()); $doc = DOMDocumentFactory::fromFile(__DIR__ . '/response.xml'); $response = new Response($doc->firstChild); $response->setSignatureKey(CertificatesMock::getPrivateKey()); $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM)); // convert to signed response $response = new Response($response->toSignedXML()); $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element'); $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid'); }
public function testUnmarshalling() { $samlNamespace = Constants::NS_SAML; $document = DOMDocumentFactory::fromString(<<<XML <saml:SubjectConfirmation xmlns:saml="{$samlNamespace}" Method="SomeMethod"> <saml:NameID>SomeNameIDValue</saml:NameID> <saml:SubjectConfirmationData/> </saml:SubjectConfirmation> XML ); $subjectConfirmation = new SubjectConfirmation($document->firstChild); $this->assertEquals('SomeMethod', $subjectConfirmation->Method); $this->assertTrue($subjectConfirmation->NameID instanceof NameID); $this->assertEquals('SomeNameIDValue', $subjectConfirmation->NameID->value); $this->assertTrue($subjectConfirmation->SubjectConfirmationData instanceof SubjectConfirmationData); }
/** * Store a NameID to attribute. * * @param array &$state The request state. */ public function process(&$state) { assert('is_array($state)'); if (!isset($state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT])) { SimpleSAML\Logger::warning('Unable to generate eduPersonTargetedID because no persistent NameID was available.'); return; } $nameID = $state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT]; if ($this->nameId) { $doc = \SAML2\DOMDocumentFactory::create(); $root = $doc->createElement('root'); $doc->appendChild($root); \SAML2\Utils::addNameId($root, $nameID); $value = $doc->saveXML($root->firstChild); } else { $value = $nameID['Value']; } $state['Attributes'][$this->attribute] = array($value); }
/** * @test * @group signature */ public function signed_message_with_valid_signature_is_validated_correctly() { $pattern = Certificate::CERTIFICATE_PATTERN; preg_match($pattern, CertificatesMock::PUBLIC_KEY_PEM, $matches); $certdata = X509::createFromCertificateData($matches[1]); $fingerprint = $certdata->getFingerprint(); $fingerprint_retry = $certdata->getFingerprint(); $this->assertTrue($fingerprint->equals($fingerprint_retry), 'Cached fingerprint does not match original'); $config = new IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw()))); $validator = new FingerprintValidator(new SimpleTestLogger(), new FingerprintLoader()); $doc = DOMDocumentFactory::fromFile(__DIR__ . '/response.xml'); $response = new Response($doc->firstChild); $response->setSignatureKey(CertificatesMock::getPrivateKey()); $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM)); // convert to signed response $response = new Response($response->toSignedXML()); $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element'); $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid'); }
public function testUnmarshalling() { $document = DOMDocumentFactory::fromString(<<<XML <mdrpi:PublicationInfo xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" publisher="SomePublisher" creationInstant="2011-01-01T00:00:00Z" publicationId="SomePublicationId"> <mdrpi:UsagePolicy xml:lang="en">http://TheEnglishUsagePolicy</mdrpi:UsagePolicy> <mdrpi:UsagePolicy xml:lang="no">http://TheNorwegianUsagePolicy</mdrpi:UsagePolicy> </mdrpi:PublicationInfo> XML ); $publicationInfo = new PublicationInfo($document->firstChild); $this->assertEquals('SomePublisher', $publicationInfo->publisher); $this->assertEquals(1293840000, $publicationInfo->creationInstant); $this->assertEquals('SomePublicationId', $publicationInfo->publicationId); $this->assertCount(2, $publicationInfo->UsagePolicy); $this->assertEquals('http://TheEnglishUsagePolicy', $publicationInfo->UsagePolicy["en"]); $this->assertEquals('http://TheNorwegianUsagePolicy', $publicationInfo->UsagePolicy["no"]); }
public function testMarshalling() { $roleDescriptor = new RoleDescriptorMock(); $roleDescriptor->ID = 'SomeID'; $roleDescriptor->validUntil = 1234567890; $roleDescriptor->cacheDuration = 'PT5000S'; $roleDescriptor->protocolSupportEnumeration = array('protocol1', 'protocol2'); $roleDescriptor->errorURL = 'https://example.org/error'; $document = DOMDocumentFactory::fromString('<root />'); $roleDescriptorElement = $roleDescriptor->toXML($document->firstChild); $roleDescriptorElement = Utils::xpQuery($roleDescriptorElement, '/root/md:RoleDescriptor'); $this->assertCount(1, $roleDescriptorElement); $roleDescriptorElement = $roleDescriptorElement[0]; $this->assertEquals('SomeID', $roleDescriptorElement->getAttribute("ID")); $this->assertEquals('2009-02-13T23:31:30Z', $roleDescriptorElement->getAttribute("validUntil")); $this->assertEquals('PT5000S', $roleDescriptorElement->getAttribute("cacheDuration")); $this->assertEquals('protocol1 protocol2', $roleDescriptorElement->getAttribute("protocolSupportEnumeration")); $this->assertEquals('myns:MyElement', $roleDescriptorElement->getAttributeNS(Constants::NS_XSI, "type")); $this->assertEquals('http://example.org/mynsdefinition', $roleDescriptorElement->lookupNamespaceURI("myns")); }
/** * Send an authenticationResponse using HTTP-POST. * * @param string $response The response which should be sent. * @param SimpleSAML_Configuration $idpmd The metadata of the IdP which is sending the response. * @param SimpleSAML_Configuration $spmd The metadata of the SP which is receiving the response. * @param string|null $relayState The relaystate for the SP. * @param string $shire The shire which should receive the response. */ public function sendResponse($response, SimpleSAML_Configuration $idpmd, SimpleSAML_Configuration $spmd, $relayState, $shire) { \SimpleSAML\Utils\XML::checkSAMLMessage($response, 'saml11'); $privatekey = SimpleSAML\Utils\Crypto::loadPrivateKey($idpmd, true); $publickey = SimpleSAML\Utils\Crypto::loadPublicKey($idpmd, true); $responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace("\r", "", $response)); $responseroot = $responsedom->getElementsByTagName('Response')->item(0); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); /* Determine what we should sign - either the Response element or the Assertion. The default is to sign the * Assertion, but that can be overridden by the 'signresponse' option in the SP metadata or * 'saml20.signresponse' in the global configuration. * * TODO: neither 'signresponse' nor 'shib13.signresponse' are valid options any longer. Remove! */ if ($spmd->hasValue('signresponse')) { $signResponse = $spmd->getBoolean('signresponse'); } else { $signResponse = $this->configuration->getBoolean('shib13.signresponse', true); } // check if we have an assertion to sign. Force to sign the response if not if ($firstassertionroot === null) { $signResponse = true; } $signer = new SimpleSAML_XML_Signer(array('privatekey_array' => $privatekey, 'publickey_array' => $publickey, 'id' => $signResponse ? 'ResponseID' : 'AssertionID')); if ($idpmd->hasValue('certificatechain')) { $signer->addCertificate($idpmd->getString('certificatechain')); } if ($signResponse) { // sign the response - this must be done after encrypting the assertion // we insert the signature before the saml2p:Status element $statusElements = SimpleSAML\Utils\XML::getDOMChildren($responseroot, 'Status', '@saml1p'); assert('count($statusElements) === 1'); $signer->sign($responseroot, $responseroot, $statusElements[0]); } else { // Sign the assertion $signer->sign($firstassertionroot, $firstassertionroot); } $response = $responsedom->saveXML(); \SimpleSAML\Utils\XML::debugSAMLMessage($response, 'out'); \SimpleSAML\Utils\HTTP::submitPOSTData($shire, array('TARGET' => $relayState, 'SAMLResponse' => base64_encode($response))); }
/** * Convert this Issuer to XML. * * @param \DOMElement|null $parent The element we should append to. * * @return \DOMElement The current Issuer object converted into a \DOMElement. */ public function toXML(\DOMElement $parent = null) { if ($this->Format !== Constants::NAMEID_ENTITY) { return parent::toXML($parent); } /* * From saml-core-2.0-os 8.3.6, when the entity Format is used: "The NameQualifier, SPNameQualifier, and * SPProvidedID attributes MUST be omitted." */ if ($parent === null) { $parent = DOMDocumentFactory::create(); $doc = $parent; } else { $doc = $parent->ownerDocument; } $element = $doc->createElementNS(Constants::NS_SAML, 'saml:Issuer'); $parent->appendChild($element); $value = $element->ownerDocument->createTextNode($this->value); $element->appendChild($value); return $element; }
public function testUnmarshalling() { $samlNamespace = Constants::NS_SAML; $document = DOMDocumentFactory::fromString(<<<XML <saml:SubjectConfirmationData xmlns:saml="{$samlNamespace}" NotBefore="2001-04-19T04:25:21Z" NotOnOrAfter="2009-02-13T23:31:30Z" Recipient="https://sp.example.org/asdf" InResponseTo="SomeRequestID" Address="127.0.0.1" /> XML ); $subjectConfirmationData = new SubjectConfirmationData($document->firstChild); $this->assertEquals(987654321, $subjectConfirmationData->NotBefore); $this->assertEquals(1234567890, $subjectConfirmationData->NotOnOrAfter); $this->assertEquals('https://sp.example.org/asdf', $subjectConfirmationData->Recipient); $this->assertEquals('SomeRequestID', $subjectConfirmationData->InResponseTo); $this->assertEquals('127.0.0.1', $subjectConfirmationData->Address); }
public function testUnmarshallingAttributes() { $document = DOMDocumentFactory::fromString(<<<XML <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:simplesamlphp:v1:simplesamlphp" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">is</saml:AttributeValue> <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">really</saml:AttributeValue> <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">cool</saml:AttributeValue> </saml:Attribute> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="foo" NameFormat="urn:simplesamlphp:v1"> <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">bar</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> XML ); $entityAttributes = new EntityAttributes($document->firstChild); $this->assertCount(2, $entityAttributes->children); $this->assertEquals('urn:simplesamlphp:v1:simplesamlphp', $entityAttributes->children[0]->Name); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', $entityAttributes->children[0]->NameFormat); $this->assertCount(3, $entityAttributes->children[0]->AttributeValue); $this->assertEquals('foo', $entityAttributes->children[1]->Name); $this->assertEquals('urn:simplesamlphp:v1', $entityAttributes->children[1]->NameFormat); $this->assertCount(1, $entityAttributes->children[1]->AttributeValue); }