PHP Surfnet\SamlBundle\SAML2 AuthnRequestFactory Examples

Example #1

File: RedirectBinding.php Project: stuartwilsondev/Stepup-saml-bundle

 /**
  * @param Request $request
  * @return AuthnRequest
  * @throws \Exception
  *
  * @SuppressWarnings(PHPMD.CyclomaticComplexity)
  * @SuppressWarnings(PHPMD.NPathComplexity)
  */
 public function processRequest(Request $request)
 {
     if (!$this->entityRepository) {
         throw new LogicException('RedirectBinding::processRequest requires a ServiceProviderRepository to be configured');
     }
     $rawSamlRequest = $request->get(AuthnRequest::PARAMETER_REQUEST);
     if (!$rawSamlRequest) {
         throw new BadRequestHttpException(sprintf('Required GET parameter "%s" is missing', AuthnRequest::PARAMETER_REQUEST));
     }
     if ($request->get(AuthnRequest::PARAMETER_SIGNATURE) && !$request->get(AuthnRequest::PARAMETER_SIGNATURE_ALGORITHM)) {
         throw new BadRequestHttpException(sprintf('The request includes a signature "%s", but does not include the signature algorithm (SigAlg) parameter', $request->get('Signature')));
     }
     $authnRequest = AuthnRequestFactory::createFromHttpRequest($request);
     $currentUri = $this->getFullRequestUri($request);
     if (!$authnRequest->getDestination() === $currentUri) {
         throw new BadRequestHttpException(sprintf('Actual Destination "%s" does no match the AuthnRequest Destination "%s"', $currentUri, $authnRequest->getDestination()));
     }
     if (!$this->entityRepository->hasServiceProvider($authnRequest->getServiceProvider())) {
         throw new UnknownServiceProviderException($authnRequest->getServiceProvider());
     }
     if (!$authnRequest->isSigned()) {
         return $authnRequest;
     }
     if (!$authnRequest->getSignatureAlgorithm()) {
         throw new BadRequestHttpException(sprintf('The SAMLRequest has to be signed with SHA256 algorithm: "%s"', XMLSecurityKey::RSA_SHA256));
     }
     $serviceProvider = $this->entityRepository->getServiceProvider($authnRequest->getServiceProvider());
     if (!$this->signatureVerifier->hasValidSignature($authnRequest, $serviceProvider)) {
         throw new BadRequestHttpException('The SAMLRequest has been signed, but the signature could not be validated');
     }
     return $authnRequest;
 }

Example #2

File: SamlInteractionProvider.php Project: eefjevanderharst/Stepup-RA

 /**
  * @return \Symfony\Component\HttpFoundation\RedirectResponse
  */
 public function initiateSamlRequest()
 {
     $authnRequest = AuthnRequestFactory::createNewRequest($this->serviceProvider, $this->identityProvider);
     $authnRequest->setAuthenticationContextClassRef((string) $this->requiredLoa);
     $this->sessionHandler->setRequestId($authnRequest->getRequestId());
     return $this->redirectBinding->createRedirectResponseFor($authnRequest);
 }

Example #3

File: GssfController.php Project: eefjevanderharst/Stepup-SelfService

 /**
  * @param string $provider
  * @return array|Response
  */
 public function authenticateAction($provider)
 {
     $provider = $this->getProvider($provider);
     $authnRequest = AuthnRequestFactory::createNewRequest($provider->getServiceProvider(), $provider->getRemoteIdentityProvider());
     $stateHandler = $provider->getStateHandler();
     $stateHandler->setRequestId($authnRequest->getRequestId());
     /** @var \Surfnet\SamlBundle\Http\RedirectBinding $redirectBinding */
     $redirectBinding = $this->get('surfnet_saml.http.redirect_binding');
     $this->getLogger()->notice(sprintf('Sending AuthnRequest with request ID: "%s" to GSSP "%s" at "%s"', $authnRequest->getRequestId(), $provider->getName(), $provider->getRemoteIdentityProvider()->getSsoUrl()));
     return $redirectBinding->createRedirectResponseFor($authnRequest);
 }

Example #4

File: GssfController.php Project: eefjevanderharst/Stepup-RA

 /**
  * @param string $procedureId
  * @param string $provider
  * @return array|Response
  */
 public function authenticateAction($procedureId, $provider)
 {
     $this->denyAccessUnlessGranted(['ROLE_RA']);
     $logger = $this->get('ra.procedure_logger')->forProcedure($procedureId);
     $logger->notice('Generating GSSF verification request', ['provider' => $provider]);
     if (!$this->getVettingService()->hasProcedure($procedureId)) {
         $logger->notice(sprintf('Vetting procedure "%s" not found', $procedureId));
         throw new NotFoundHttpException(sprintf('Vetting procedure "%s" not found', $procedureId));
     }
     $provider = $this->getProvider($provider);
     $authnRequest = AuthnRequestFactory::createNewRequest($provider->getServiceProvider(), $provider->getRemoteIdentityProvider());
     /** @var \Surfnet\StepupRa\RaBundle\Service\VettingService $vettingService */
     $vettingService = $this->get('ra.service.vetting');
     $authnRequest->setSubject($vettingService->getSecondFactorIdentifier($procedureId));
     $stateHandler = $provider->getStateHandler();
     $stateHandler->setRequestId($authnRequest->getRequestId());
     /** @var \Surfnet\SamlBundle\Http\RedirectBinding $redirectBinding */
     $redirectBinding = $this->get('surfnet_saml.http.redirect_binding');
     $logger->notice(sprintf('Sending AuthnRequest with request ID: "%s" to GSSP "%s" at "%s"', $authnRequest->getRequestId(), $provider->getName(), $provider->getRemoteIdentityProvider()->getSsoUrl()), ['provider' => $provider]);
     $vettingService->startGssfVerification($procedureId);
     return $redirectBinding->createRedirectResponseFor($authnRequest);
 }

Example #5

File: SamlInteractionProvider.php Project: OpenConext/OpenConext-profile

 /**
  * @return \Symfony\Component\HttpFoundation\RedirectResponse
  */
 public function initiateSamlRequest()
 {
     $authnRequest = AuthnRequestFactory::createNewRequest($this->serviceProvider, $this->identityProvider);
     $this->stateHandler->setRequestId($authnRequest->getRequestId());
     return $this->redirectBinding->createRedirectResponseFor($authnRequest);
 }

Example #6

File: AuthnRequestFactoryTest.php Project: surfnet/stepup-saml-bundle

 /**
  * @test
  * @group saml2
  *
  * @expectedException \Surfnet\SamlBundle\Http\Exception\InvalidRequestException
  * @expectedExceptionMessage Failed inflating the request;
  */
 public function an_exception_is_thrown_when_a_request_cannot_be_inflated()
 {
     $request = new Request([AuthnRequest::PARAMETER_REQUEST => base64_encode('nope, not deflated')]);
     AuthnRequestFactory::createFromHttpRequest($request);
 }

Example #7

File: RedirectBinding.php Project: surfnet/stepup-saml-bundle

 /**
  * @param Request $request
  * @return AuthnRequest
  */
 public function processSignedRequest(Request $request)
 {
     if (!$this->entityRepository) {
         throw new LogicException('RedirectBinding::processRequest requires a ServiceProviderRepository to be configured');
     }
     $rawSamlRequest = $request->get(AuthnRequest::PARAMETER_REQUEST);
     if (!$rawSamlRequest) {
         throw new BadRequestHttpException(sprintf('Required GET parameter "%s" is missing', AuthnRequest::PARAMETER_REQUEST));
     }
     if ($request->get(AuthnRequest::PARAMETER_SIGNATURE) && !$request->get(AuthnRequest::PARAMETER_SIGNATURE_ALGORITHM)) {
         throw new BadRequestHttpException(sprintf('The request includes a signature "%s", but does not include the signature algorithm (SigAlg) parameter', $request->get('Signature')));
     }
     $authnRequest = AuthnRequestFactory::createSignedFromHttpRequest($request);
     $currentUri = $this->getFullRequestUri($request);
     if (!$authnRequest->getDestination() === $currentUri) {
         throw new BadRequestHttpException(sprintf('Actual Destination "%s" does no match the AuthnRequest Destination "%s"', $currentUri, $authnRequest->getDestination()));
     }
     if (!$this->entityRepository->hasServiceProvider($authnRequest->getServiceProvider())) {
         throw new UnknownServiceProviderException($authnRequest->getServiceProvider());
     }
     $this->verifySignature($authnRequest);
     return $authnRequest;
 }