/**
* Decode a received response.
*
* @param array $post POST data received.
* @return SimpleSAML_XML_Shib13_AuthnResponse Response.
*/
public function decodeResponse($post)
{
assert('is_array($post)');
if (!array_key_exists('SAMLResponse', $post)) {
throw new Exception('Missing required SAMLResponse parameter.');
}
$rawResponse = $post['SAMLResponse'];
$samlResponseXML = base64_decode($rawResponse);
\SimpleSAML\Utils\XML::debugSAMLMessage($samlResponseXML, 'in');
\SimpleSAML\Utils\XML::checkSAMLMessage($samlResponseXML, 'saml11');
$samlResponse = new SimpleSAML_XML_Shib13_AuthnResponse();
$samlResponse->setXML($samlResponseXML);
if (array_key_exists('TARGET', $post)) {
$samlResponse->setRelayState($post['TARGET']);
}
return $samlResponse;
}
<?php
require_once '../_include.php';
/* Make sure that the user has admin access rights. */
SimpleSAML\Utils\Auth::requireAdmin();
$config = SimpleSAML_Configuration::getInstance();
if (!empty($_FILES['xmlfile']['tmp_name'])) {
$xmldata = file_get_contents($_FILES['xmlfile']['tmp_name']);
} elseif (array_key_exists('xmldata', $_POST)) {
$xmldata = $_POST['xmldata'];
}
if (!empty($xmldata)) {
\SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
/* Get all metadata for the entities. */
foreach ($entities as &$entity) {
$entity = array('shib13-sp-remote' => $entity->getMetadata1xSP(), 'shib13-idp-remote' => $entity->getMetadata1xIdP(), 'saml20-sp-remote' => $entity->getMetadata20SP(), 'saml20-idp-remote' => $entity->getMetadata20IdP());
}
/* Transpose from $entities[entityid][type] to $output[type][entityid]. */
$output = SimpleSAML\Utils\Arrays::transpose($entities);
/* Merge all metadata of each type to a single string which should be
* added to the corresponding file.
*/
foreach ($output as $type => &$entities) {
$text = '';
foreach ($entities as $entityId => $entityMetadata) {
if ($entityMetadata === NULL) {
continue;
}
/* Remove the entityDescriptor element because it is unused, and only
* makes the output harder to read.
/**
* This function receives a SAML 1.1 artifact.
*
* @param SimpleSAML_Configuration $spMetadata The metadata of the SP.
* @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP.
* @return string The <saml1p:Response> element, as an XML string.
*/
public static function receive(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
{
$artifacts = self::getArtifacts();
$request = self::buildRequest($artifacts);
\SimpleSAML\Utils\XML::debugSAMLMessage($request, 'out');
$url = $idpMetadata->getDefaultEndpoint('ArtifactResolutionService', array('urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding'));
$url = $url['Location'];
$peerPublicKeys = $idpMetadata->getPublicKeys('signing', TRUE);
$certData = '';
foreach ($peerPublicKeys as $key) {
if ($key['type'] !== 'X509Certificate') {
continue;
}
$certData .= "-----BEGIN CERTIFICATE-----\n" . chunk_split($key['X509Certificate'], 64) . "-----END CERTIFICATE-----\n";
}
$file = SimpleSAML\Utils\System::getTempDir() . DIRECTORY_SEPARATOR . sha1($certData) . '.crt';
if (!file_exists($file)) {
SimpleSAML\Utils\System::writeFile($file, $certData);
}
$spKeyCertFile = \SimpleSAML\Utils\Config::getCertPath($spMetadata->getString('privatekey'));
$opts = array('ssl' => array('verify_peer' => TRUE, 'cafile' => $file, 'local_cert' => $spKeyCertFile, 'capture_peer_cert' => TRUE, 'capture_peer_chain' => TRUE), 'http' => array('method' => 'POST', 'content' => $request, 'header' => 'SOAPAction: http://www.oasis-open.org/committees/security' . "\r\n" . 'Content-Type: text/xml'));
// Fetch the artifact
$response = \SimpleSAML\Utils\HTTP::fetch($url, $opts);
if ($response === FALSE) {
throw new SimpleSAML_Error_Exception('Failed to retrieve assertion from IdP.');
}
\SimpleSAML\Utils\XML::debugSAMLMessage($response, 'in');
// Find the response in the SOAP message
$response = self::extractResponse($response);
return $response;
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\XML::debugSAMLMessage() instead.
*/
public static function debugMessage($message, $type)
{
\SimpleSAML\Utils\XML::debugSAMLMessage($message, $type);
}
