/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @throws \InvalidArgumentException if cannot manage the Request
* @return \Symfony\Component\HttpFoundation\Response|SamlSpInfo
*/
public function manage(Request $request)
{
if (false == $this->supports($request)) {
throw new \InvalidArgumentException('Unsupported request');
}
$serviceInfo = $this->serviceInfoCollection->findByAS($request->query->get('as'));
if (!$serviceInfo) {
return new RedirectResponse($this->httpUtils->generateUri($request, $request->attributes->get('discovery_path')));
}
$serviceInfo->getSpProvider()->setRequest($request);
$spED = $serviceInfo->getSpProvider()->getEntityDescriptor();
$idpED = $serviceInfo->getIdpProvider()->getEntityDescriptor();
$spMeta = $serviceInfo->getSpMetaProvider()->getSpMeta();
$builder = new AuthnRequestBuilder($spED, $idpED, $spMeta);
$message = $builder->build();
if ($serviceInfo->getSpSigningProvider()->isEnabled()) {
$message->sign($serviceInfo->getSpSigningProvider()->getCertificate(), $serviceInfo->getSpSigningProvider()->getPrivateKey());
}
$binding = $this->bindingManager->instantiate($spMeta->getAuthnRequestBinding());
$bindingResponse = $binding->send($message);
if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\RedirectResponse) {
$result = new RedirectResponse($bindingResponse->getDestination());
} else {
if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\PostResponse) {
$result = new Response($bindingResponse->render());
} else {
throw new \RuntimeException('Unrecognized binding response ' . get_class($bindingResponse));
}
}
$state = new RequestState();
$state->setId($message->getID());
$state->setDestination($serviceInfo->getIdpProvider()->getEntityDescriptor()->getEntityID());
$this->requestStore->set($state);
return $result;
}
/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @throws \RuntimeException
* @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
* @throws \InvalidArgumentException if cannot manage the Request
* @return \Symfony\Component\HttpFoundation\RedirectResponse|SamlSpInfo
*/
public function manage(Request $request)
{
if (!$this->supports($request)) {
throw new \InvalidArgumentException();
}
$response = $this->getSamlResponse($request);
$serviceInfo = $this->serviceInfoCollection->findByIDPEntityID($response->getIssuer());
$serviceInfo->getSpProvider()->setRequest($request);
$this->validateResponse($serviceInfo, $response);
$assertion = $this->getSingleAssertion($response);
$this->createSSOState($serviceInfo, $assertion);
return new SamlSpInfo($serviceInfo->getAuthenticationService(), $assertion->getSubject()->getNameID(), $assertion->getAllAttributes(), $assertion->getAuthnStatement());
}
/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @throws \Symfony\Component\Process\Exception\RuntimeException
* @return \Symfony\Component\HttpFoundation\Response|SamlSpInfo
*/
function manage(Request $request)
{
$serviceInfo = $this->serviceInfoCollection->findByAS($request->query->get('as'));
if (!$serviceInfo) {
return $this->httpUtils->createRedirectResponse($request, $request->attributes->get('discovery_path') . '?type=metadata');
}
$serviceInfo->getSpProvider()->setRequest($request);
$ed = $serviceInfo->getSpProvider()->getEntityDescriptor();
$context = new SerializationContext();
$ed->getXml($context->getDocument(), $context);
$result = new Response($context->getDocument()->saveXML());
$result->headers->set('Content-Type', 'application/samlmetadata+xml');
return $result;
}
/**
* @param LogoutRequest $logoutRequest
* @return ServiceInfo|null
* @throws \RuntimeException
*/
protected function getServiceInfo(LogoutRequest $logoutRequest)
{
$serviceInfo = $this->serviceInfoCollection->findByIDPEntityID($logoutRequest->getIssuer());
if (!$serviceInfo) {
throw new \RuntimeException('Got logout request from unknown IDP: ' . $logoutRequest->getIssuer());
}
return $serviceInfo;
}
/**
* @param SamlSpInfo $samlInfo
* @param Request $request
* @return ServiceInfo
* @throws \RuntimeException
*/
protected function getServiceInfo(SamlSpInfo $samlInfo, Request $request)
{
$serviceInfo = $this->serviceInfoCollection->get($samlInfo->getAuthenticationServiceID());
if (!$serviceInfo) {
throw new \RuntimeException("redirect to discovery");
}
if (!$serviceInfo->getSpSigningProvider()->isEnabled()) {
throw new \RuntimeException('Signing is required for Logout');
}
$serviceInfo->getSpProvider()->setRequest($request);
return $serviceInfo;
}
/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @throws \RuntimeException
* @throws \InvalidArgumentException if cannot manage the Request
* @return \Symfony\Component\HttpFoundation\Response|SamlSpInfo
*/
public function manage(Request $request)
{
if (!$this->supports($request)) {
throw new \InvalidArgumentException('Unsupported request');
}
$path = $this->getPath($request);
$allProviders = $this->metaProviders->all();
if (count($allProviders) == 1) {
// there's only one idp... go straight to it
$names = array_keys($allProviders);
return new RedirectResponse($path . '?as=' . array_pop($names));
} else {
if (count($allProviders) == 0) {
// configuration validation should ensure this... but anyway just to be sure
throw new \RuntimeException('At least one authentication service required in configuration');
} else {
//$this->metaProviders->get('')->getIdpProvider()->getEntityDescriptor()->getEntityID()
// present user to choose which idp he wants to authenticate with
return new Response($this->twig->render('@AerialShipSamlSP/discovery.html.twig', array('providers' => $this->metaProviders->all(), 'path' => $path)));
}
}
}
protected function deleteSSOSession(LogoutResponse $logoutResponse)
{
$serviceInfo = $this->serviceInfoCollection->findByIDPEntityID($logoutResponse->getIssuer());
/** @var $token SamlSpToken */
$token = $this->securityContext->getToken();
if ($token && $token instanceof SamlSpToken) {
$samlInfo = $token->getSamlSpInfo();
if ($samlInfo) {
$arrStates = $this->getSSOState($serviceInfo, $samlInfo->getNameID()->getValue(), $samlInfo->getAuthnStatement()->getSessionIndex());
$this->deleteSSOState($arrStates);
}
}
}
/**
* @test
*/
public function shouldReturnNullWhenFindByIDPEntityIDIsCalledWithUnknownEntityID()
{
$col = new ServiceInfoCollection();
$this->assertNull($col->findByIDPEntityID('foo'));
}