* After execute a validation process, if fails this method returns the cause
| public getError ( ) |
/**
* Tests the isValid method of the OneLogin_Saml2_Response
* Case valid sign response / sign assertion / both signed
*
* Strict mode will always fail due destination problem, if we manipulate it
* the sign will fail.
*
* @covers OneLogin_Saml2_Response::isValid
*/
public function testIsValidSign()
{
$xml = file_get_contents(TEST_ROOT . '/data/responses/signed_message_response.xml.base64');
$response = new OneLogin_Saml2_Response($this->_settings, $xml);
$this->assertTrue($response->isValid());
$xml2 = file_get_contents(TEST_ROOT . '/data/responses/signed_assertion_response.xml.base64');
$response2 = new OneLogin_Saml2_Response($this->_settings, $xml2);
$this->assertTrue($response2->isValid());
$xml3 = file_get_contents(TEST_ROOT . '/data/responses/double_signed_response.xml.base64');
$response3 = new OneLogin_Saml2_Response($this->_settings, $xml3);
$this->assertTrue($response3->isValid());
$dom = new DOMDocument();
$dom->loadXML(base64_decode($xml));
$dom->firstChild->firstChild->nodeValue = 'https://example.com/other-idp';
$xml4 = base64_encode($dom->saveXML());
$response4 = new OneLogin_Saml2_Response($this->_settings, $xml4);
$this->assertFalse($response4->isValid());
$this->assertEquals('Reference validation failed', $response4->getError());
$dom2 = new DOMDocument();
$dom2->loadXML(base64_decode($xml2));
$dom2->firstChild->firstChild->nodeValue = 'https://example.com/other-idp';
$xml5 = base64_encode($dom2->saveXML());
$response5 = new OneLogin_Saml2_Response($this->_settings, $xml5);
$this->assertTrue($response5->isValid());
$dom3 = new DOMDocument();
$dom3->loadXML(base64_decode($xml3));
$dom3->firstChild->firstChild->nodeValue = 'https://example.com/other-idp';
$xml6 = base64_encode($dom3->saveXML());
$response6 = new OneLogin_Saml2_Response($this->_settings, $xml6);
$this->assertFalse($response6->isValid());
$this->assertEquals('Reference validation failed', $response6->getError());
}
/**
* Process the SAML Response sent by the IdP.
*
* @param string $requestId The ID of the AuthNRequest sent by this SP to the IdP
*/
public function processResponse($requestId = null)
{
$this->_errors = array();
if (isset($_POST) && isset($_POST['SAMLResponse'])) {
// AuthnResponse -- HTTP_POST Binding
$response = new OneLogin_Saml2_Response($this->_settings, $_POST['SAMLResponse']);
if ($response->isValid($requestId)) {
$this->_attributes = $response->getAttributes();
$this->_nameid = $response->getNameId();
$this->_authenticated = true;
$this->_sessionIndex = $response->getSessionIndex();
} else {
$this->_errors[] = 'invalid_response';
$this->_errorReason = $response->getError();
}
} else {
$this->_errors[] = 'invalid_binding';
throw new OneLogin_Saml2_Error('SAML Response not found, Only supported HTTP_POST Binding', OneLogin_Saml2_Error::SAML_RESPONSE_NOT_FOUND);
}
}
