public static function handleLoginRequest(IPerson $Person)
 {
     try {
         $binding = Binding::getCurrentBinding();
     } catch (Exception $e) {
         return static::throwUnauthorizedError('Cannot obtain SAML2 binding');
     }
     $request = $binding->receive();
     // build response
     $response = new Response();
     $response->setInResponseTo($request->getId());
     $response->setRelayState($request->getRelayState());
     $response->setDestination($request->getAssertionConsumerServiceURL());
     // build assertion
     $assertion = new Assertion();
     $assertion->setIssuer(static::$issuer);
     $assertion->setSessionIndex(ContainerSingleton::getInstance()->generateId());
     $assertion->setNotBefore(time() - 30);
     $assertion->setNotOnOrAfter(time() + 300);
     $assertion->setAuthnContext(SAML2_Constants::AC_PASSWORD);
     // build subject confirmation
     $sc = new SubjectConfirmation();
     $sc->Method = SAML2_Constants::CM_BEARER;
     $sc->SubjectConfirmationData = new SubjectConfirmationData();
     $sc->SubjectConfirmationData->NotOnOrAfter = $assertion->getNotOnOrAfter();
     $sc->SubjectConfirmationData->Recipient = $request->getAssertionConsumerServiceURL();
     $sc->SubjectConfirmationData->InResponseTo = $request->getId();
     $assertion->setSubjectConfirmation([$sc]);
     // set NameID
     $assertion->setNameId(['Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', 'Value' => $Person->Username . '@' . static::$issuer]);
     // set additional attributes
     $assertion->setAttributes(['User.Email' => [$Person->Email], 'User.Username' => [$Person->Username]]);
     // attach assertion to response
     $response->setAssertions([$assertion]);
     // create signature
     $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type' => 'private']);
     $privateKey->loadKey(static::$privateKey);
     $response->setSignatureKey($privateKey);
     $response->setCertificates([static::$certificate]);
     // prepare response
     $responseXML = $response->toSignedXML();
     $responseString = $responseXML->ownerDocument->saveXML($responseXML);
     // dump response and quit
     #        header('Content-Type: text/xml');
     #        die($responseString);
     // send response
     $responseBinding = new HTTPPost();
     $responseBinding->send($response);
 }
 /**
  * @test
  * @group signature
  */
 public function signed_message_with_valid_signature_is_validated_correctly()
 {
     $pattern = Certificate::CERTIFICATE_PATTERN;
     preg_match($pattern, CertificatesMock::PUBLIC_KEY_PEM, $matches);
     $config = new IdentityProvider(array('certificateData' => $matches[1]));
     $validator = new PublicKeyValidator(new SimpleTestLogger(), new KeyLoader());
     $doc = DOMDocumentFactory::fromFile(__DIR__ . '/response.xml');
     $response = new Response($doc->firstChild);
     $response->setSignatureKey(CertificatesMock::getPrivateKey());
     $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM));
     // convert to signed response
     $response = new Response($response->toSignedXML());
     $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element');
     $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid');
 }
 /**
  * @test
  * @group signature
  */
 public function signed_message_with_valid_signature_is_validated_correctly()
 {
     $pattern = Certificate::CERTIFICATE_PATTERN;
     preg_match($pattern, CertificatesMock::PUBLIC_KEY_PEM, $matches);
     $certdata = X509::createFromCertificateData($matches[1]);
     $fingerprint = $certdata->getFingerprint();
     $fingerprint_retry = $certdata->getFingerprint();
     $this->assertTrue($fingerprint->equals($fingerprint_retry), 'Cached fingerprint does not match original');
     $config = new IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw())));
     $validator = new FingerprintValidator(new SimpleTestLogger(), new FingerprintLoader());
     $doc = DOMDocumentFactory::fromFile(__DIR__ . '/response.xml');
     $response = new Response($doc->firstChild);
     $response->setSignatureKey(CertificatesMock::getPrivateKey());
     $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM));
     // convert to signed response
     $response = new Response($response->toSignedXML());
     $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element');
     $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid');
 }
 /**
  * @return \SAML2\Response
  */
 private function getSignedResponseWithSignedAssertion()
 {
     $doc = new \DOMDocument();
     $doc->load(__DIR__ . '/response.xml');
     $response = new Response($doc->firstChild);
     $response->setSignatureKey(CertificatesMock::getPrivateKey());
     $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM));
     $assertions = $response->getAssertions();
     $assertion = $assertions[0];
     $assertion->setSignatureKey(CertificatesMock::getPrivateKey());
     $assertion->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM));
     return new Response($response->toSignedXML());
 }