/**
* @param ProfileContext $context
*/
protected function doExecute(ProfileContext $context)
{
if ($context->getEndpointContext()->getEndpoint()) {
$this->logger->debug(sprintf('Endpoint already set with location "%s" and binding "%s"', $context->getEndpoint()->getLocation(), $context->getEndpoint()->getBinding()), LogHelper::getActionContext($context, $this, array('endpointLocation' => $context->getEndpoint()->getLocation(), 'endpointBinding' => $context->getEndpoint()->getBinding())));
return;
}
$criteriaSet = $this->getCriteriaSet($context);
$message = $context->getInboundContext()->getMessage();
if ($message instanceof AuthnRequest) {
if (null !== $message->getAssertionConsumerServiceIndex()) {
$criteriaSet->add(new IndexCriteria($message->getAssertionConsumerServiceIndex()));
}
if (null !== $message->getAssertionConsumerServiceURL()) {
$criteriaSet->add(new LocationCriteria($message->getAssertionConsumerServiceURL()));
}
}
$candidates = $this->endpointResolver->resolve($criteriaSet, $context->getPartyEntityDescriptor()->getAllEndpoints());
/** @var EndpointReference $endpointReference */
$endpointReference = array_shift($candidates);
if (null == $endpointReference) {
$message = sprintf("Unable to determine endpoint for entity '%s'", $context->getPartyEntityDescriptor()->getEntityID());
$this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
$this->logger->debug(sprintf('Endpoint resolved to location "%s" and binding "%s"', $endpointReference->getEndpoint()->getLocation(), $endpointReference->getEndpoint()->getBinding()), LogHelper::getActionContext($context, $this, array('endpointLocation' => $endpointReference->getEndpoint()->getLocation(), 'endpointBinding' => $endpointReference->getEndpoint()->getBinding())));
$context->getEndpointContext()->setEndpoint($endpointReference->getEndpoint());
}
/**
* @param bool $shouldBeCalled
* @param callable $callback
*/
protected function setEndpointResolver($shouldBeCalled, $callback)
{
if ($shouldBeCalled) {
$this->endpointResolver->expects($this->once())->method('resolve')->willReturnCallback($callback);
} else {
$this->endpointResolver->expects($this->never())->method('resolve');
}
}
protected function doExecute(ProfileContext $context)
{
$ownEntityDescriptor = $context->getOwnEntityDescriptor();
$criteriaSet = new CriteriaSet([new DescriptorTypeCriteria(SpSsoDescriptor::class), new ServiceTypeCriteria(AssertionConsumerService::class), new BindingCriteria([SamlConstants::BINDING_SAML2_HTTP_POST])]);
$endpoints = $this->endpointResolver->resolve($criteriaSet, $ownEntityDescriptor->getAllEndpoints());
if (empty($endpoints)) {
$message = 'Missing ACS Service with HTTP POST binding in own SP SSO Descriptor';
$this->logger->error($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
MessageContextHelper::asAuthnRequest($context->getOutboundContext())->setAssertionConsumerServiceURL($endpoints[0]->getEndpoint()->getLocation());
}
/**
* @param ProfileContext $context
*
* @return void
*/
protected function doExecute(ProfileContext $context)
{
$message = MessageContextHelper::asSamlMessage($context->getInboundContext());
$destination = $message->getDestination();
if (null == $destination) {
return;
}
$criteriaSet = $this->getCriteriaSet($context, $destination);
$endpoints = $this->endpointResolver->resolve($criteriaSet, $context->getOwnEntityDescriptor()->getAllEndpoints());
if ($endpoints) {
return;
}
$message = sprintf('Invalid inbound message destination "%s"', $destination);
$this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
/**
* @param AssertionContext $context
* @param SubjectConfirmation $subjectConfirmation
*/
protected function validateSubjectConfirmation(AssertionContext $context, SubjectConfirmation $subjectConfirmation)
{
$recipient = $subjectConfirmation->getSubjectConfirmationData()->getRecipient();
if (null == $recipient) {
$message = 'Bearer SubjectConfirmation must contain Recipient attribute';
$this->logger->error($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
$criteriaSet = new CriteriaSet([new DescriptorTypeCriteria(SpSsoDescriptor::class), new ServiceTypeCriteria(AssertionConsumerService::class), new LocationCriteria($recipient)]);
$ownEntityDescriptor = $context->getProfileContext()->getOwnEntityDescriptor();
$arrEndpoints = $this->endpointResolver->resolve($criteriaSet, $ownEntityDescriptor->getAllEndpoints());
if (empty($arrEndpoints)) {
$message = sprintf("Recipient '%s' does not match SP descriptor", $recipient);
$this->logger->error($message, LogHelper::getActionErrorContext($context, $this, ['recipient' => $recipient]));
throw new LightSamlContextException($context, $message);
}
}
