public function send(EngineBlock_Saml2_MessageAnnotationDecorator $message, AbstractRole $remoteEntity)
{
$bindingUrn = $message->getDeliverByBinding();
$sspMessage = $message->getSspMessage();
if ($bindingUrn === 'INTERNAL') {
$this->sendInternal($message);
return;
}
if ($this->shouldMessageBeSigned($sspMessage, $remoteEntity)) {
$keyPair = $this->_server->getSigningCertificates();
$sspMessage->setCertificates(array($keyPair->getCertificate()->toPem()));
$sspMessage->setSignatureKey($keyPair->getPrivateKey()->toXmlSecurityKey());
}
$sspBinding = SAML2_Binding::getBinding($bindingUrn);
if ($sspBinding instanceof SAML2_HTTPPost) {
// SAML2int dictates that we MUST sign assertions.
// The SAML2 library will do that for us, if we just set the key to sign with.
if ($sspMessage instanceof SAML2_Response) {
foreach ($sspMessage->getAssertions() as $assertion) {
$assertion->setCertificates($sspMessage->getCertificates());
$assertion->setSignatureKey($sspMessage->getSignatureKey());
}
// BWC dictates that we don't sign responses.
$messageElement = $sspMessage->toUnsignedXML();
} else {
$messageElement = $sspMessage->toSignedXML();
}
$xml = $messageElement->ownerDocument->saveXML($messageElement);
$this->validateXml($xml);
$extra = '';
$extra .= method_exists($message, 'getReturn') ? '<input type="hidden" name="return" value="' . htmlspecialchars($message->getReturn()) . '">' : '';
$extra .= $sspMessage->getRelayState() ? '<input type="hidden" name="RelayState" value="' . htmlspecialchars($sspMessage->getRelayState()) . '">' : '';
$encodedMessage = htmlspecialchars(base64_encode($xml));
$action = $sspMessage->getDestination();
$log = $this->_server->getSessionLog();
$log->info('HTTP-Post: Sending Message', array('saml_message' => $xml));
$output = $this->_server->renderTemplate('form', array('action' => $action, 'message' => $encodedMessage, 'xtra' => $extra, 'name' => $message->getMessageType(), 'trace' => $this->getTraceHtml($xml)));
$this->_server->sendOutput($output);
} else {
if ($sspBinding instanceof SAML2_HTTPRedirect) {
if ($sspMessage instanceof SAML2_Response) {
throw new EngineBlock_Corto_Module_Bindings_UnsupportedBindingException('May not send a Reponse via HTTP Redirect');
}
$url = $sspBinding->getRedirectURL($sspMessage);
$this->_server->redirect($url, $message);
} else {
throw new EngineBlock_Corto_Module_Bindings_Exception('Unsupported Binding');
}
}
}
