PHP EngineBlock_Saml2_AuthnRequestAnnotationDecorator::getSspMessage Exemples

Exemple #1

Fichier : Bindings.php Projet : WebSpider/OpenConext-engineblock

 /**
  * @return EngineBlock_Saml2_AuthnRequestAnnotationDecorator
  * @throws EngineBlock_Corto_Module_Bindings_UnsupportedBindingException
  * @throws EngineBlock_Corto_Module_Bindings_VerificationException
  * @throws EngineBlock_Corto_Module_Bindings_Exception
  */
 public function receiveRequest()
 {
     // Detect the current binding from the super globals
     $sspBinding = SAML2_Binding::getCurrentBinding();
     // Receive the request.
     $sspRequest = $sspBinding->receive();
     if (!$sspRequest instanceof SAML2_AuthnRequest) {
         throw new EngineBlock_Corto_Module_Bindings_UnsupportedBindingException('Unsupported Binding used', EngineBlock_Exception::CODE_NOTICE);
     }
     $ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($sspRequest);
     // Make sure the request from the sp has an Issuer
     $spEntityId = $ebRequest->getIssuer();
     if (!$spEntityId) {
         throw new EngineBlock_Corto_Module_Bindings_Exception('Missing <saml:Issuer> in message delivered to AssertionConsumerService.');
     }
     // Remember sp for debugging
     $_SESSION['currentServiceProvider'] = $ebRequest->getIssuer();
     // Verify that we know this SP and have metadata for it.
     $serviceProvider = $this->_verifyKnownMessageIssuer($spEntityId, $ebRequest->getDestination());
     if (!$serviceProvider instanceof ServiceProvider) {
         throw new EngineBlock_Corto_Module_Bindings_Exception("Requesting entity '{$spEntityId}' is not a Service Provider");
     }
     // Load the metadata for this IdP in SimpleSAMLphp style
     $sspSpMetadata = SimpleSAML_Configuration::loadFromArray($this->mapCortoEntityMetadataToSspEntityMetadata($serviceProvider));
     // Determine if we should check the signature of the message
     $wantRequestsSigned = $serviceProvider->requestsMustBeSigned || $this->_server->getConfig('WantsAuthnRequestsSigned');
     // If we should, then check it.
     if ($wantRequestsSigned) {
         // Check the Signature on the Request, if there is no signature, or verification fails
         // throw an exception.
         $className = $this->_sspmodSamlMessageClassName;
         if (!$className::checkSign($sspSpMetadata, $ebRequest->getSspMessage())) {
             throw new EngineBlock_Corto_Module_Bindings_VerificationException('Validation of received messages enabled, but no signature found on message.');
         }
         /** @var EngineBlock_Saml2_AuthnRequestAnnotationDecorator $ebRequest */
         $ebRequest->setWasSigned();
     }
     $this->_annotateRequestWithVoContext($ebRequest, $serviceProvider);
     $this->_annotateRequestWithKeyId($ebRequest);
     return $ebRequest;
 }