PHP EngineBlock_Saml2_AuthnRequestAnnotationDecorator::getNameIdPolicy Exemples

Exemple #1

Fichier : NameIdResolver.php Projet : WebSpider/OpenConext-engineblock

 protected function _getNameIdFormat(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, ServiceProvider $spEntityMetadata)
 {
     // If a NameIDFormat was explicitly set in the ServiceRegistry, use that...
     if ($spEntityMetadata->nameIdFormat) {
         return $spEntityMetadata->nameIdFormat;
     }
     // If the SP requests a specific NameIDFormat in their AuthnRequest
     /** @var SAML2_AuthnRequest $request */
     $nameIdPolicy = $request->getNameIdPolicy();
     if (!empty($nameIdPolicy['Format'])) {
         $mayUseRequestedNameIdFormat = true;
         $requestedNameIdFormat = $nameIdPolicy['Format'];
         // Do we support the NameID Format that the SP requests?
         if (!in_array($requestedNameIdFormat, $this->SUPPORTED_NAMEID_FORMATS)) {
             EngineBlock_ApplicationSingleton::getLog()->notice("Whoa, SP '{$spEntityMetadata->entityId}' requested '{$requestedNameIdFormat}' " . "however we don't support that format, opting to try something else it supports " . "instead of sending an error. SP might not be happy with this violation of the spec " . "but it's probably a lot happier with a valid Response than an Error Response");
             $mayUseRequestedNameIdFormat = false;
         }
         // Is this SP restricted to specific NameIDFormats?
         if (!empty($spEntityMetadata->supportedNameIdFormats)) {
             if (!in_array($requestedNameIdFormat, $spEntityMetadata->supportedNameIdFormats)) {
                 EngineBlock_ApplicationSingleton::getLog()->notice("Whoa, SP '{$spEntityMetadata->entityId}' requested '{$requestedNameIdFormat}' " . "opting to try something else it supports " . "instead of sending an error. SP might not be happy with this violation of the spec " . "but it's probably a lot happier with a valid Response than an Error Response");
                 $mayUseRequestedNameIdFormat = false;
             }
         }
         if ($mayUseRequestedNameIdFormat) {
             return $requestedNameIdFormat;
         }
     }
     // So neither a NameIDFormat is explicitly set in the metadata OR a (valid) NameIDPolicy is set in the AuthnRequest
     // so we check what the SP supports (or what JANUS claims that it supports) and
     // return the least privacy sensitive one.
     if (!empty($spEntityMetadata->supportedNameIdFormats)) {
         foreach ($this->SUPPORTED_NAMEID_FORMATS as $supportedNameIdFormat) {
             if (in_array($supportedNameIdFormat, $spEntityMetadata->supportedNameIdFormats)) {
                 return $supportedNameIdFormat;
             }
         }
     }
     throw new EngineBlock_Exception("Whoa, SP '{$spEntityMetadata->entityId}' has no NameIDFormat set, did send a (valid) NameIDPolicy and has no supported NameIDFormats set... I give up...", EngineBlock_Exception::CODE_NOTICE);
 }