/**
* @param SAML2_AuthnRequest $authnRequest
* @param SimpleSAML_Configuration $idpConfig
* @param $nameId
* @param $issuer
* @param array $attributes
* @return SAML2_Response
*/
public function create(SAML2_AuthnRequest $authnRequest, SimpleSAML_Configuration $idpConfig, $nameId, $issuer, array $attributes)
{
/* $returnAttributes contains the attributes we should return. Send them. */
$assertion = new SAML2_Assertion();
$assertion->setIssuer($issuer);
$assertion->setNameId(array('Value' => $nameId, 'Format' => SAML2_Const::NAMEID_UNSPECIFIED));
$assertion->setNotBefore(time());
$assertion->setNotOnOrAfter(time() + 5 * 60);
// Valid audiences is not required so disabled for now
// $assertion->setValidAudiences(array($authnRequest->getIssuer()));
$assertion->setAttributes($attributes);
$assertion->setAttributeNameFormat(SAML2_Const::NAMEFORMAT_UNSPECIFIED);
$assertion->setAuthnContext(SAML2_Const::AC_PASSWORD);
$subjectConfirmation = new SAML2_XML_saml_SubjectConfirmation();
$subjectConfirmation->Method = SAML2_Const::CM_BEARER;
$subjectConfirmation->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData();
$subjectConfirmation->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60;
$subjectConfirmation->SubjectConfirmationData->Recipient = $authnRequest->getAssertionConsumerServiceURL();
$subjectConfirmation->SubjectConfirmationData->InResponseTo = $authnRequest->getId();
$assertion->setSubjectConfirmation(array($subjectConfirmation));
$response = new SAML2_Response();
$response->setRelayState($authnRequest->getRelayState());
$response->setDestination($authnRequest->getAssertionConsumerServiceURL());
$response->setIssuer($issuer);
$response->setInResponseTo($authnRequest->getId());
$response->setAssertions(array($assertion));
$this->addSigns($response, $idpConfig);
return $response;
}
public function testMarshalling()
{
$fixtureRequestDom = new DOMDocument();
$fixtureRequestDom->loadXML(<<<XML
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_bec424fa5103428909a30ff1e31168327f79474984"
Version="2.0"
IssueInstant="2007-12-10T11:39:34Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://moodle.bridge.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php">
<saml:Issuer>urn:mace:feide.no:services:no.feide.moodle</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
SPNameQualifier="moodle.bridge.feide.no"
AllowCreate="true" />
<samlp:RequestedAuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
XML
, LIBXML_NOBLANKS);
$request = new SAML2_AuthnRequest($fixtureRequestDom->firstChild);
$context = $request->getRequestedAuthnContext();
$this->assertEquals('_bec424fa5103428909a30ff1e31168327f79474984', $request->getId());
$this->assertEquals('urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport', $context['AuthnContextClassRef'][0]);
$requestXml = $requestDocument = $request->toUnsignedXML()->ownerDocument->C14N();
$fixtureXml = $fixtureRequestDom->C14N();
$this->assertXmlStringEqualsXmlString($requestXml, $fixtureXml, 'Request after Unmarshalling and re-marshalling remains the same');
}
/**
* @depends test_login_url_has_valid_auth_request
* @param SAML2_AuthnRequest $request
*/
public function test_login_url_request_uses_expected_id(SAML2_AuthnRequest $request)
{
$this->assertEquals(static::UNIQUE_ID, $request->getId());
}
