public function serve($serviceName) { if (!isset($_SESSION['consent'])) { throw new EngineBlock_Corto_Module_Services_SessionLostException('Session lost after consent'); } if (!isset($_SESSION['consent'][$_POST['ID']]['response'])) { throw new EngineBlock_Corto_Module_Services_SessionLostException("Stored response for ResponseID '{$_POST['ID']}' not found"); } /** @var SAML2_Response|EngineBlock_Saml2_ResponseAnnotationDecorator $response */ $response = $_SESSION['consent'][$_POST['ID']]['response']; $request = $this->_server->getReceivedRequestFromResponse($response); $serviceProvider = $this->_server->getRepository()->fetchServiceProviderByEntityId($request->getIssuer()); $destinationMetadata = EngineBlock_SamlHelper::getDestinationSpMetadata($serviceProvider, $request, $this->_server->getRepository()); if (!isset($_POST['consent']) || $_POST['consent'] !== 'yes') { throw new EngineBlock_Corto_Exception_NoConsentProvided('No consent given...'); } $attributes = $response->getAssertion()->getAttributes(); $consent = $this->_consentFactory->create($this->_server, $response, $attributes); $consent->storeConsent($destinationMetadata); if ($consent->countTotalConsent() === 1) { $this->_sendIntroductionMail($attributes); } $response->setConsent(SAML2_Const::CONSENT_OBTAINED); $response->setDestination($response->getReturn()); $response->setDeliverByBinding('INTERNAL'); $this->_server->getBindingsModule()->send($response, $serviceProvider); }
public function testConsentIsSkippedWhenDisabledPerSp() { $this->proxyServerMock->getRepository()->fetchIdentityProviderByEntityId('testIdP')->spsEntityIdsWithoutConsent[] = 'testSp'; $provideConsentService = $this->factoryService(); $provideConsentService->serve(null); Phake::verify($this->proxyServerMock->getBindingsModule())->send(Phake::capture($message), Phake::capture($metadata)); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:consent:inapplicable', $message->getConsent()); }
/** * Verify if a message has an issuer that is known to us. If not, it * throws a Corto_Module_Bindings_VerificationException. * @param string $messageIssuer * @param string $destination * @return AbstractRole Remote Entity that issued the message * @throws EngineBlock_Corto_Exception_UnknownIssuer */ protected function _verifyKnownMessageIssuer($messageIssuer, $destination = '') { $remoteEntity = $this->_server->getRepository()->findEntityByEntityId($messageIssuer); if (!$remoteEntity) { throw new EngineBlock_Corto_Exception_UnknownIssuer("Issuer '{$messageIssuer}' is not a known remote entity? (please add SP/IdP to Remote Entities)", $messageIssuer, $destination); } return $remoteEntity; }
public function serve($serviceName) { $response = $this->_server->getBindingsModule()->receiveResponse(); $_SESSION['consent'][$response->getId()]['response'] = $response; $request = $this->_server->getReceivedRequestFromResponse($response); $serviceProvider = $this->_server->getRepository()->fetchServiceProviderByEntityId($request->getIssuer()); $spMetadataChain = EngineBlock_SamlHelper::getSpRequesterChain($serviceProvider, $request, $this->_server->getRepository()); $identityProviderEntityId = $response->getOriginalIssuer(); $identityProvider = $this->_server->getRepository()->fetchIdentityProviderByEntityId($identityProviderEntityId); // Flush log if SP or IdP has additional logging enabled $requireAdditionalLogging = EngineBlock_SamlHelper::doRemoteEntitiesRequireAdditionalLogging(array_merge($spMetadataChain, array($identityProvider))); if ($requireAdditionalLogging) { $application = EngineBlock_ApplicationSingleton::getInstance(); $application->flushLog('Activated additional logging for one or more SPs in the SP requester chain, or the IdP'); $log = $application->getLogInstance(); $log->info('Raw HTTP request', array('http_request' => (string) $application->getHttpRequest())); } if ($this->isConsentDisabled($spMetadataChain, $identityProvider)) { $response->setConsent(SAML2_Const::CONSENT_INAPPLICABLE); $response->setDestination($response->getReturn()); $response->setDeliverByBinding('INTERNAL'); $this->_server->getBindingsModule()->send($response, $serviceProvider); return; } $consentDestinationEntityMetadata = $spMetadataChain[0]; $attributes = $response->getAssertion()->getAttributes(); $consent = $this->_consentFactory->create($this->_server, $response, $attributes); $priorConsent = $consent->hasStoredConsent($consentDestinationEntityMetadata); if ($priorConsent) { $response->setConsent(SAML2_Const::CONSENT_PRIOR); $response->setDestination($response->getReturn()); $response->setDeliverByBinding('INTERNAL'); $this->_server->getBindingsModule()->send($response, $serviceProvider); return; } $html = $this->_server->renderTemplate('consent', array('action' => $this->_server->getUrl('processConsentService'), 'ID' => $response->getId(), 'attributes' => $attributes, 'sp' => $consentDestinationEntityMetadata, 'idp' => $identityProvider)); $this->_server->sendOutput($html); }
/** * Gets workflow state for given entity id * * @param string $entityId * @return string $workflowState */ protected function _getEntityWorkFlowState($entityId) { return $this->_proxyServer->getRepository()->fetchEntityByEntityId($entityId)->workflowState; }