/**
* Filter the response.
*
* @param EngineBlock_Saml2_ResponseAnnotationDecorator $response
* @param array $responseAttributes
* @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request
* @param ServiceProvider $serviceProvider
* @param IdentityProvider $identityProvider
* @throws EngineBlock_Exception
* @throws Exception
*/
public function filter(EngineBlock_Saml2_ResponseAnnotationDecorator $response, array &$responseAttributes, EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, ServiceProvider $serviceProvider, IdentityProvider $identityProvider)
{
/** @var SAML2_AuthnRequest $request */
// Note that IDs are only unique per SP... we hope...
$responseNameId = $response->getAssertion()->getNameId();
$sessionKey = $serviceProvider->entityId . '>' . $request->getId();
if (isset($_SESSION[$sessionKey]['collabPersonId'])) {
$collabPersonId = $_SESSION[$sessionKey]['collabPersonId'];
} else {
if ($response->getCollabPersonId()) {
$collabPersonId = $response->getCollabPersonId();
} else {
if (isset($responseAttributes['urn:oid:1.3.6.1.4.1.1076.20.40.40.1'][0])) {
$collabPersonId = $responseAttributes['urn:oid:1.3.6.1.4.1.1076.20.40.40.1'][0];
} else {
if (!empty($responseNameId['Value'])) {
$collabPersonId = $responseNameId['Value'];
} else {
$collabPersonId = null;
}
}
}
}
$commands = $this->_getCommands();
/** @var EngineBlock_Corto_Filter_Command_Abstract $command */
foreach ($commands as $command) {
// Inject everything we have into the adapter
$command->setProxyServer($this->_server);
$command->setIdentityProvider($identityProvider);
$command->setServiceProvider($serviceProvider);
$command->setRequest($request);
$command->setResponse($response);
$command->setResponseAttributes($responseAttributes);
$command->setCollabPersonId($collabPersonId);
// Execute the command
try {
$command->execute();
} catch (EngineBlock_Exception $e) {
$e->idpEntityId = $identityProvider->entityId;
$e->spEntityId = $serviceProvider->entityId;
$e->userId = $collabPersonId;
throw $e;
}
if (method_exists($command, 'getResponse')) {
$response = $command->getResponse();
}
if (method_exists($command, 'getResponseAttributes')) {
$responseAttributes = $command->getResponseAttributes();
}
if (method_exists($command, 'getCollabPersonId')) {
$collabPersonId = $command->getCollabPersonId();
}
// Give the command a chance to stop filtering
if (!$command->mustContinueFiltering()) {
break;
}
}
$_SESSION[$sessionKey]['collabPersonId'] = $collabPersonId;
}
protected function _showWayf(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, array $candidateIdpEntityIds)
{
// Post to the 'continueToIdp' service
$action = $this->_server->getUrl('continueToIdP');
$serviceProvider = $this->_server->getRepository()->fetchServiceProviderByEntityId($request->getIssuer());
$idpList = $this->_transformIdpsForWAYF($candidateIdpEntityIds, $request->isDebugRequest());
$output = $this->_server->renderTemplate('discover', array('preselectedIdp' => $this->_server->getCookie('selectedIdp'), 'action' => $action, 'ID' => $request->getId(), 'idpList' => $idpList, 'metaDataSP' => $serviceProvider));
$this->_server->sendOutput($output);
}
/**
* @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $fromRequest
* @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $toRequest
* @return $this
*/
public function link(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $fromRequest, EngineBlock_Saml2_AuthnRequestAnnotationDecorator $toRequest)
{
// Store the mapping from the new request ID to the original request ID
$this->linkStorage[$fromRequest->getId()] = $toRequest->getId();
return $this;
}
protected function _createBaseResponse(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request)
{
if ($request->getVoContext() && $request->isVoContextExplicit()) {
$this->setVirtualOrganisationContext($request->getVoContext());
}
if ($keyId = $request->getKeyId()) {
$this->setKeyId($keyId);
}
$requestWasUnsolicited = $request->isUnsolicited();
$response = new SAML2_Response();
/** @var SAML2_AuthnRequest $request */
$response->setRelayState($request->getRelayState());
$response->setId($this->getNewId(IdFrame::ID_USAGE_SAML2_RESPONSE));
$response->setIssueInstant(time());
if (!$requestWasUnsolicited) {
$response->setInResponseTo($request->getId());
}
$response->setDestination($request->getIssuer());
$response->setIssuer($this->getUrl('idpMetadataService', $request->getIssuer(), $request));
$acs = $this->getRequestAssertionConsumer($request);
$response->setDestination($acs->location);
$response->setStatus(array('Code' => SAML2_Const::STATUS_SUCCESS));
$response = new EngineBlock_Saml2_ResponseAnnotationDecorator($response);
$response->setDeliverByBinding($acs->binding);
return $response;
}
