private function getTraceHtml($xml)
{
if (!$this->_server->getConfig('debug', false)) {
return '';
}
$doc = new DOMDocument();
$doc->preserveWhiteSpace = false;
$doc->formatOutput = true;
$doc->loadXML($xml);
$xml = $doc->saveXML();
return htmlentities(trim($xml));
}
public static function createFromRequest(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $originalRequest, IdentityProvider $idpMetadata, EngineBlock_Corto_ProxyServer $server)
{
$nameIdPolicy = array('AllowCreate' => 'true');
/**
* Name policy is not required, so it is only set if configured, SAML 2.0 spec
* says only following values are allowed:
* - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
* - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
*
* Note: Some IDP's like those using ADFS2 do not understand those, for these cases the format can be 'configured as empty
* or set to an older version.
*/
if (!empty($idpMetadata->nameIdFormat)) {
$nameIdPolicy['Format'] = $idpMetadata->nameIdFormat;
}
/** @var SAML2_AuthnRequest $originalRequest */
$sspRequest = new SAML2_AuthnRequest();
$sspRequest->setId($server->getNewId(\OpenConext\Component\EngineBlockFixtures\IdFrame::ID_USAGE_SAML2_REQUEST));
$sspRequest->setIssueInstant(time());
$sspRequest->setDestination($idpMetadata->singleSignOnServices[0]->location);
$sspRequest->setForceAuthn($originalRequest->getForceAuthn());
$sspRequest->setIsPassive($originalRequest->getIsPassive());
$sspRequest->setAssertionConsumerServiceURL($server->getUrl('assertionConsumerService'));
$sspRequest->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$sspRequest->setIssuer($server->getUrl('spMetadataService'));
$sspRequest->setNameIdPolicy($nameIdPolicy);
if (empty($idpMetadata->disableScoping)) {
// Copy over the Idps that are allowed to answer this request.
$sspRequest->setIDPList($originalRequest->getIDPList());
// Proxy Count
$sspRequest->setProxyCount($originalRequest->getProxyCount() ? $originalRequest->getProxyCount() : $server->getConfig('max_proxies', 10));
// Add the SP to the requesterIds
$requesterIds = $originalRequest->getRequesterID();
$requesterIds[] = $originalRequest->getIssuer();
// Add the SP as the requester
$sspRequest->setRequesterID($requesterIds);
}
// Use the default binding even if more exist
$request = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($sspRequest);
$request->setDeliverByBinding($idpMetadata->singleSignOnServices[0]->binding);
return $request;
}
/**
* Creates a new Consent instance
*
* @param EngineBlock_Corto_ProxyServer $proxyServer
* @param EngineBlock_Saml2_ResponseAnnotationDecorator $response
* @param array $attributes
* @return EngineBlock_Corto_Model_Consent
*/
public function create(EngineBlock_Corto_ProxyServer $proxyServer, EngineBlock_Saml2_ResponseAnnotationDecorator $response, array $attributes)
{
return new EngineBlock_Corto_Model_Consent($proxyServer->getConfig('ConsentDbTable', 'consent'), $proxyServer->getConfig('ConsentStoreValues', true), $response, $attributes, $this->_databaseConnectionFactory);
}
