/** * @param string $email * @param string $message_id * @return string */ public function send($email, $message_id) { $message = $this->saml_data_manager->get($message_id); if (!$message) { if ($this->logger) { $this->logger->error("Saml message with id {$message_id} not found or expired"); } throw new RuntimeException('Authentication message does not exist'); } $this->saml_data_manager->delete($message_id); $response = new Response(); $assertion = new Assertion(); $response->addAssertion($assertion)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($message->getAssertionConsumerServiceURL())->setIssuer(new Issuer($message->getIssuer()->getValue())); $assertion->setId(Helper::generateID())->setIssueInstant(new DateTime())->setIssuer(new Issuer($message->getIssuer()->getValue()))->setSubject((new Subject())->setNameID(new NameID($email, SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo($message->getID())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->setRecipient($message->getAssertionConsumerServiceURL()))))->setConditions((new Conditions())->setNotBefore(new DateTime())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->addItem(new AudienceRestriction([$message->getAssertionConsumerServiceURL()])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, $email)))->addItem((new AuthnStatement())->setAuthnInstant(new DateTime('-10 MINUTE'))->setSessionIndex($message_id)->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT))); $certificate = X509Certificate::fromFile($this->saml_crt); $private_key = KeyHelper::createPrivateKey($this->saml_key, '', true); $response->setSignature(new SignatureWriter($certificate, $private_key)); $binding_factory = new BindingFactory(); $post_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_POST); $message_context = new MessageContext(); $message_context->setMessage($response); /** @var SymfonyResponse $http_response */ $http_response = $post_binding->send($message_context); return $http_response->getContent(); }