/**
* Test unmarshalling / marshalling of XML with Extensions element
*/
public function testExtensionOrdering()
{
$document = new DOMDocument();
$document->loadXML(<<<AUTHNREQUEST
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_306f8ec5b618f361c70b6ffb1480eade"
Version="2.0"
IssueInstant="2004-12-05T09:21:59Z"
Destination="https://idp.example.org/SAML2/SSO/Artifact"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
AssertionConsumerServiceURL="https://sp.example.com/SAML2/SSO/Artifact">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
<samlp:Extensions>
<myns:AttributeList xmlns:myns="urn:mynamespace">
<myns:Attribute name="UserName" value=""/>
</myns:AttributeList>
</samlp:Extensions>
<samlp:NameIDPolicy
AllowCreate="true"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>
AUTHNREQUEST
);
$authnRequest = new SAML2_AuthnRequest($document->documentElement);
$this->assertXmlStringEqualsXmlString($document->C14N(), $authnRequest->toUnsignedXML()->C14N());
}
public function testMarshalling()
{
$fixtureRequestDom = new DOMDocument();
$fixtureRequestDom->loadXML(<<<XML
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_bec424fa5103428909a30ff1e31168327f79474984"
Version="2.0"
IssueInstant="2007-12-10T11:39:34Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://moodle.bridge.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php">
<saml:Issuer>urn:mace:feide.no:services:no.feide.moodle</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
SPNameQualifier="moodle.bridge.feide.no"
AllowCreate="true" />
<samlp:RequestedAuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
XML
, LIBXML_NOBLANKS);
$request = new SAML2_AuthnRequest($fixtureRequestDom->firstChild);
$context = $request->getRequestedAuthnContext();
$this->assertEquals('_bec424fa5103428909a30ff1e31168327f79474984', $request->getId());
$this->assertEquals('urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport', $context['AuthnContextClassRef'][0]);
$requestXml = $requestDocument = $request->toUnsignedXML()->ownerDocument->C14N();
$fixtureXml = $fixtureRequestDom->C14N();
$this->assertXmlStringEqualsXmlString($requestXml, $fixtureXml, 'Request after Unmarshalling and re-marshalling remains the same');
}
public function testUnmarshalling()
{
$authnRequest = new SAML2_AuthnRequest();
$authnRequest->setRequestedAuthnContext(array('AuthnContextClassRef' => array('accr1', 'accr2'), 'Comparison' => 'better'));
$authnRequestElement = $authnRequest->toUnsignedXML();
$requestedAuthnContextElements = SAML2_Utils::xpQuery($authnRequestElement, './saml_protocol:RequestedAuthnContext');
$this->assertCount(1, $requestedAuthnContextElements);
$requestedAuthnConextElement = $requestedAuthnContextElements[0];
$this->assertEquals('better', $requestedAuthnConextElement->getAttribute("Comparison"));
$authnContextClassRefElements = SAML2_Utils::xpQuery($requestedAuthnConextElement, './saml_assertion:AuthnContextClassRef');
$this->assertCount(2, $authnContextClassRefElements);
$this->assertEquals('accr1', $authnContextClassRefElements[0]->textContent);
$this->assertEquals('accr2', $authnContextClassRefElements[1]->textContent);
}
/**
* Due to the fact that the symmetric key is generated each time, we cannot test whether or not the resulting XML
* matches a specific XML, but we can test whether or not the resulting structure is actually correct, conveying
* all information required to decrypt the NameId.
*/
public function testThatAnEncryptedNameIdResultsInTheCorrectXmlStructure()
{
// the NameID we're going to encrypt
$nameId = array('Value' => md5('Arthur Dent'), 'Format' => SAML2_Const::NAMEID_ENCRYPTED);
// basic AuthnRequest
$request = new SAML2_AuthnRequest();
$request->setIssuer('https://gateway.stepup.org/saml20/sp/metadata');
$request->setDestination('https://tiqr.stepup.org/idp/profile/saml2/Redirect/SSO');
$request->setNameId($nameId);
// encrypt the NameID
$key = SAML2_CertificatesMock::getPublicKey();
$request->encryptNameId($key);
$expectedStructureDocument = new DOMDocument();
$expectedStructureDocument->loadXML(<<<AUTHNREQUEST
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID=""
Version=""
IssueInstant=""
Destination="">
<saml:Issuer></saml:Issuer>
<saml:Subject>
<saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<xenc:CipherData>
<xenc:CipherValue></xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</dsig:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue></xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml:EncryptedID>
</saml:Subject>
</samlp:AuthnRequest>
AUTHNREQUEST
);
$expectedStructure = $expectedStructureDocument->documentElement;
$requestStructure = $request->toUnsignedXML();
$this->assertEqualXMLStructure($expectedStructure, $requestStructure);
}
/**
* Test for setting IDPEntry values via setIDPList.
* Tests legacy support (single string), array of attributes, and skipping of unknown attributes.
*/
public function testIDPlistAttributes()
{
// basic AuthnRequest
$request = new SAML2_AuthnRequest();
$request->setIssuer('https://gateway.example.org/saml20/sp/metadata');
$request->setDestination('https://tiqr.example.org/idp/profile/saml2/Redirect/SSO');
$request->setIDPList(array('Legacy1', array('ProviderID' => 'http://example.org/AAP', 'Name' => 'N00T', 'Loc' => 'https://mies'), array('ProviderID' => 'urn:example:1', 'Name' => 'Voorbeeld', 'Something' => 'Else')));
$expectedStructureDocument = new DOMDocument();
$expectedStructureDocument->loadXML(<<<AUTHNREQUEST
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID=""
Version=""
IssueInstant=""
Destination="">
<saml:Issuer></saml:Issuer>
<samlp:Scoping><samlp:IDPList>
<samlp:IDPEntry ProviderID="Legacy1"/>
<samlp:IDPEntry ProviderID="http://example.org/AAP" Name="N00T" Loc="https://mies"/>
<samlp:IDPEntry ProviderID="urn:example:1" Name="Voorbeeld"/>
</samlp:IDPList></samlp:Scoping>
</samlp:AuthnRequest>
AUTHNREQUEST
);
$expectedStructure = $expectedStructureDocument->documentElement;
$requestStructure = $request->toUnsignedXML();
$this->assertEqualXMLStructure($expectedStructure, $requestStructure);
}
