protected function doExecute(ProfileContext $context) { if ($context->getRelayState()) { $this->logger->debug(sprintf('RelayState from context set to outbound message: "%s"', $context->getRelayState()), LogHelper::getActionContext($context, $this)); MessageContextHelper::asSamlMessage($context->getOutboundContext())->setRelayState($context->getRelayState()); } }
/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { $partyContext = $context->getPartyEntityContext(); if ($partyContext->getEntityDescriptor() && $partyContext->getTrustOptions()) { $this->logger->debug(sprintf('Party EntityDescriptor and TrustOptions already set for "%s"', $partyContext->getEntityDescriptor()->getEntityID()), LogHelper::getActionContext($context, $this, array('partyEntityId' => $partyContext->getEntityDescriptor()->getEntityID()))); return; } $entityId = $partyContext->getEntityDescriptor() ? $partyContext->getEntityDescriptor()->getEntityID() : null; $entityId = $entityId ? $entityId : $partyContext->getEntityId(); if (null == $entityId) { $message = 'EntityID is not set in the party context'; $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } if (null == $partyContext->getEntityDescriptor()) { $partyEntityDescriptor = $this->getPartyEntityDescriptor($context, $context->getOwnRole() === ProfileContext::ROLE_IDP ? $this->spEntityDescriptorProvider : $this->idpEntityDescriptorProvider, $context->getPartyEntityContext()->getEntityId()); $partyContext->setEntityDescriptor($partyEntityDescriptor); $this->logger->debug(sprintf('Known issuer resolved: "%s"', $partyEntityDescriptor->getEntityID()), LogHelper::getActionContext($context, $this, array('partyEntityId' => $partyEntityDescriptor->getEntityID()))); } if (null == $partyContext->getTrustOptions()) { $trustOptions = $this->trustOptionsProvider->get($partyContext->getEntityDescriptor()->getEntityID()); if (null === $trustOptions) { $trustOptions = new TrustOptions(); } $partyContext->setTrustOptions($trustOptions); } }
/** * @param ProfileContext $context * * @return void */ public function doExecute(ProfileContext $context) { $binding = $this->bindingFactory->create($context->getEndpoint()->getBinding()); $outboundContext = $context->getOutboundContext(); $context->getHttpResponseContext()->setResponse($binding->send($outboundContext)); $this->logger->info('Sending message', LogHelper::getActionContext($context, $this, array('message' => $outboundContext->getSerializationContext()->getDocument()->saveXML()))); }
/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); if (count($response->getAllEncryptedAssertions()) === 0) { $this->logger->debug('Response has no encrypted assertions', LogHelper::getActionContext($context, $this)); return; } $ownEntityDescriptor = $context->getOwnEntityDescriptor(); $query = $this->credentialResolver->query(); $query->add(new EntityIdCriteria($ownEntityDescriptor->getEntityID()))->add(new MetadataCriteria(ProfileContext::ROLE_IDP === $context->getOwnRole() ? MetadataCriteria::TYPE_IDP : MetadataCriteria::TYPE_SP, SamlConstants::PROTOCOL_SAML2))->add(new UsageCriteria(UsageType::ENCRYPTION)); $query->resolve(); $privateKeys = $query->getPrivateKeys(); if (empty($privateKeys)) { $message = 'No credentials resolved for assertion decryption'; $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } $this->logger->info('Trusted decryption candidates', LogHelper::getActionContext($context, $this, array('credentials' => array_map(function (CredentialInterface $credential) { return sprintf("Entity: '%s'; PK X509 Thumb: '%s'", $credential->getEntityId(), $credential->getPublicKey() ? $credential->getPublicKey()->getX509Thumbprint() : ''); }, $privateKeys)))); foreach ($response->getAllEncryptedAssertions() as $index => $encryptedAssertion) { if ($encryptedAssertion instanceof EncryptedAssertionReader) { $name = sprintf('assertion_encrypted_%s', $index); /** @var DeserializationContext $deserializationContext */ $deserializationContext = $context->getInboundContext()->getSubContext($name, DeserializationContext::class); $assertion = $encryptedAssertion->decryptMultiAssertion($privateKeys, $deserializationContext); $response->addAssertion($assertion); $this->logger->info('Assertion decrypted', LogHelper::getActionContext($context, $this, array('assertion' => $deserializationContext->getDocument()->saveXML()))); } } }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $signature = $context->getAssertion()->getSignature(); if (null === $signature) { if ($this->requireSignature) { $message = 'Assertions must be signed'; $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } else { $this->logger->debug('Assertion is not signed', LogHelper::getActionContext($context, $this)); return; } } if ($signature instanceof AbstractSignatureReader) { $metadataType = ProfileContext::ROLE_IDP === $context->getProfileContext()->getOwnRole() ? MetadataCriteria::TYPE_SP : MetadataCriteria::TYPE_IDP; $credential = $this->signatureValidator->validate($signature, $context->getAssertion()->getIssuer()->getValue(), $metadataType); if ($credential) { $keyNames = $credential->getKeyNames(); $this->logger->debug(sprintf('Assertion signature validated with key "%s"', implode(', ', $keyNames)), LogHelper::getActionContext($context, $this, array('credential' => $credential))); } else { $this->logger->warning('Assertion signature verification was not performed', LogHelper::getActionContext($context, $this)); } } else { $message = 'Expected AbstractSignatureReader'; $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlModelException($message); } }
/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { if ($context->getEndpointContext()->getEndpoint()) { $this->logger->debug(sprintf('Endpoint already set with location "%s" and binding "%s"', $context->getEndpoint()->getLocation(), $context->getEndpoint()->getBinding()), LogHelper::getActionContext($context, $this, array('endpointLocation' => $context->getEndpoint()->getLocation(), 'endpointBinding' => $context->getEndpoint()->getBinding()))); return; } $criteriaSet = $this->getCriteriaSet($context); $message = $context->getInboundContext()->getMessage(); if ($message instanceof AuthnRequest) { if (null !== $message->getAssertionConsumerServiceIndex()) { $criteriaSet->add(new IndexCriteria($message->getAssertionConsumerServiceIndex())); } if (null !== $message->getAssertionConsumerServiceURL()) { $criteriaSet->add(new LocationCriteria($message->getAssertionConsumerServiceURL())); } } $candidates = $this->endpointResolver->resolve($criteriaSet, $context->getPartyEntityDescriptor()->getAllEndpoints()); /** @var EndpointReference $endpointReference */ $endpointReference = array_shift($candidates); if (null == $endpointReference) { $message = sprintf("Unable to determine endpoint for entity '%s'", $context->getPartyEntityDescriptor()->getEntityID()); $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } $this->logger->debug(sprintf('Endpoint resolved to location "%s" and binding "%s"', $endpointReference->getEndpoint()->getLocation(), $endpointReference->getEndpoint()->getBinding()), LogHelper::getActionContext($context, $this, array('endpointLocation' => $endpointReference->getEndpoint()->getLocation(), 'endpointBinding' => $endpointReference->getEndpoint()->getBinding()))); $context->getEndpointContext()->setEndpoint($endpointReference->getEndpoint()); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $ownEntityDescriptor = $context->getOwnEntityDescriptor(); $issuer = new Issuer($ownEntityDescriptor->getEntityID()); $issuer->setFormat(SamlConstants::NAME_ID_FORMAT_ENTITY); MessageContextHelper::asSamlMessage($context->getOutboundContext())->setIssuer($issuer); $this->logger->debug(sprintf('Issuer set to "%s"', $ownEntityDescriptor->getEntityID()), LogHelper::getActionContext($context, $this)); }
/** * @param ContextInterface|null $requestStateContext */ protected function flush($requestStateContext = null) { if ($requestStateContext instanceof RequestStateContext && $requestStateContext->getRequestState() && $requestStateContext->getRequestState()->getId()) { $existed = $this->requestStore->remove($requestStateContext->getRequestState()->getId()); if ($existed) { $this->logger->debug(sprintf('Removed request state "%s"', $requestStateContext->getRequestState()->getId()), LogHelper::getActionContext($requestStateContext, $this)); } else { $this->logger->debug(sprintf('Request state "%s" does not exist', $requestStateContext->getRequestState()->getId()), LogHelper::getActionContext($requestStateContext, $this)); } } }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { if (null === $context->getAssertion()->getIssuer()) { $message = 'Assertion element must have an issuer element'; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } if (false == $this->idpEntityDescriptorProvider->has($context->getAssertion()->getIssuer()->getValue())) { $message = sprintf("Unknown issuer '%s'", $context->getAssertion()->getIssuer()->getValue()); $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, ['messageIssuer' => $context->getAssertion()->getIssuer()->getValue()])); throw new LightSamlContextException($context, $message); } $this->logger->debug(sprintf('Known assertion issuer: "%s"', $context->getAssertion()->getIssuer()->getValue()), LogHelper::getActionContext($context, $this)); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $bindingType = $this->bindingFactory->detectBindingType($context->getHttpRequest()); if (null == $bindingType) { $message = 'Unable to resolve binding type, invalid or unsupported http request'; $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlBindingException($message); } $this->logger->debug(sprintf('Detected binding type: %s', $bindingType), LogHelper::getActionContext($context, $this)); $binding = $this->bindingFactory->create($bindingType); $binding->receive($context->getHttpRequest(), $context->getInboundContext()); $context->getInboundContext()->setBindingType($bindingType); $this->logger->info('Received message', LogHelper::getActionContext($context, $this, array('message' => $context->getInboundContext()->getDeserializationContext()->getDocument()->saveXML()))); }
protected function doExecute(ProfileContext $context) { $shouldSign = $this->shouldSignMessage($context); if ($shouldSign) { $signature = $this->signatureResolver->getSignature($context); if ($signature) { MessageContextHelper::asSamlMessage($context->getOutboundContext())->setSignature($signature); $this->logger->debug(sprintf('Message signed with fingerprint "%s"', $signature->getCertificate()->getFingerprint()), LogHelper::getActionContext($context, $this, array('certificate' => $signature->getCertificate()->getInfo()))); } else { $this->logger->critical('No signature resolved, although signing enabled', LogHelper::getActionErrorContext($context, $this, array())); } } else { $this->logger->debug('Signing disabled', LogHelper::getActionContext($context, $this)); } }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $profileContext = $context->getProfileContext(); $trustOptions = $profileContext->getTrustOptions(); if ($trustOptions->getSignAssertions()) { $signature = $this->signatureResolver->getSignature($profileContext); if ($signature) { $this->logger->debug(sprintf('Signing assertion with fingerprint %s', $signature->getCertificate()->getFingerprint()), LogHelper::getActionContext($context, $this, array('certificate' => $signature->getCertificate()->getInfo()))); $context->getAssertion()->setSignature($signature); } else { $this->logger->critical('Unable to resolve assertion signature, though signing enabled', LogHelper::getActionErrorContext($context, $this)); } } else { $this->logger->debug('Assertion signing disabled', LogHelper::getActionContext($context, $this)); } }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $authnRequest = MessageContextHelper::asAuthnRequest($context->getInboundContext()); if (false == $authnRequest->getAssertionConsumerServiceURL()) { return; } $spEntityDescriptor = $context->getPartyEntityDescriptor(); foreach ($spEntityDescriptor->getAllSpSsoDescriptors() as $sp) { if ($sp->getAllAssertionConsumerServicesByUrl($authnRequest->getAssertionConsumerServiceURL())) { $this->logger->debug(sprintf('AuthnRequest has assertion consumer url "%s" that belongs to entity "%s"', $authnRequest->getAssertionConsumerServiceURL(), $spEntityDescriptor->getEntityID()), LogHelper::getActionContext($context, $this)); return; } } $message = sprintf("Invalid ACS Url '%s' for '%s' entity", $authnRequest->getAssertionConsumerServiceURL(), $spEntityDescriptor->getEntityID()); $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlValidationException($message); }
protected function doExecute(ProfileContext $context) { $logoutResponse = MessageContextHelper::asLogoutResponse($context->getInboundContext()); $id = $logoutResponse->getInResponseTo(); $requestState = $this->requestStore->get($id); $partyEntityId = $requestState->getParameters()->get(RequestStateParameters::PARTY); if ($partyEntityId && $logoutResponse->getIssuer() && $partyEntityId != $logoutResponse->getIssuer()->getValue()) { $message = sprintf('LogoutRequest sent to %s but LogoutResponse for that request was issued by %s', $partyEntityId, $logoutResponse->getIssuer()->getValue()); $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, ['sent_to' => $partyEntityId, 'received_from' => $logoutResponse->getIssuer()->getValue()])); throw new LightSamlContextException($context, $message); } $nameId = $requestState->getParameters()->get(RequestStateParameters::NAME_ID); $nameIdFormat = $requestState->getParameters()->get(RequestStateParameters::NAME_ID_FORMAT); $sessionIndex = $requestState->getParameters()->get(RequestStateParameters::SESSION_INDEX); $numberOfTerminatedSessions = $this->logoutResolver->terminateSession($logoutResponse->getIssuer()->getValue(), $nameId, $nameIdFormat, $sessionIndex); $this->logger->debug(sprintf('Processing LogoutResponse from %s for %s in format %s and session index %s resulted in termination of %s sso session from the store', $partyEntityId, $nameId, $nameIdFormat, $sessionIndex, $numberOfTerminatedSessions), LogHelper::getActionContext($context, $this)); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getOutboundContext()); foreach ($this->assertionActions as $index => $action) { $name = sprintf('assertion_%s', $index); /** @var AssertionContext $assertionContext */ $assertionContext = $context->getSubContext($name, AssertionContext::class); $assertionContext->setId($index); $action->execute($assertionContext); if ($assertionContext->getEncryptedAssertion()) { $response->addEncryptedAssertion($assertionContext->getEncryptedAssertion()); } elseif ($assertionContext->getAssertion()) { $response->addAssertion($assertionContext->getAssertion()); } else { $this->logger->warning('No assertion was built', LogHelper::getActionContext($context, $this)); } } }
protected function doExecute(ProfileContext $context) { $id = Helper::generateID(); MessageContextHelper::asSamlMessage($context->getOutboundContext())->setId($id); $this->logger->info(sprintf('Message ID set to "%s"', $id), LogHelper::getActionContext($context, $this, array('message_id' => $id))); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $endpoint = $context->getEndpoint(); MessageContextHelper::asSamlMessage($context->getOutboundContext())->setDestination($endpoint->getLocation()); $this->logger->debug(sprintf('Destination set to "%s"', $endpoint->getLocation()), LogHelper::getActionContext($context, $this)); }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $context->getAssertion()->setVersion($this->version); $this->logger->debug(sprintf('Assertion Version set to "%s"', $this->version), LogHelper::getActionContext($context, $this)); }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $id = Helper::generateID(); $context->getAssertion()->setId($id); $this->logger->info(sprintf('Assertion ID set to "%s"', $id), LogHelper::getActionContext($context, $this, array('message_id' => $id))); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { MessageContextHelper::asSamlMessage($context->getOutboundContext())->setIssueInstant($this->timeProvider->getTimestamp()); $this->logger->info(sprintf('Message IssueInstant set to "%s"', MessageContextHelper::asSamlMessage($context->getOutboundContext())->getIssueInstantString()), LogHelper::getActionContext($context, $this)); }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $context->getAssertion()->setIssueInstant($this->timeProvider->getTimestamp()); $this->logger->info(sprintf('Assertion IssueInstant set to "%s"', $context->getAssertion()->getIssueInstantString()), LogHelper::getActionContext($context, $this)); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { MessageContextHelper::asSamlMessage($context->getOutboundContext())->setVersion($this->version); $this->logger->debug(sprintf('Message Version set to "%s"', $this->version), LogHelper::getActionContext($context, $this)); }