コード例 #1
0
 /**
  * Get the metadata for a requester, if allowed by the configuration.
  *
  * @param ServiceProvider $serviceProvider
  * @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request
  * @param MetadataRepositoryInterface $repository
  * @return null|ServiceProvider
  */
 public static function findRequesterServiceProvider(ServiceProvider $serviceProvider, EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, MetadataRepositoryInterface $repository)
 {
     if (!$serviceProvider->isTrustedProxy) {
         return null;
     }
     if (!$request->wasSigned()) {
         return null;
     }
     // Requester IDs are appended to as they pass through a proxy, so we always want the last RequesterID
     // Note that this is not specified in the spec, but this is what we do and what SSP does.
     $requesterIds = $request->getRequesterIds();
     $lastRequesterEntityId = end($requesterIds);
     if (!$lastRequesterEntityId) {
         return null;
     }
     $lastRequesterEntity = $repository->findServiceProviderByEntityId($lastRequesterEntityId);
     if (!$lastRequesterEntity) {
         throw new EngineBlock_Exception_DissimilarServiceProviderWorkflowStates($serviceProvider, $lastRequesterEntityId);
     }
     return $lastRequesterEntity;
 }
コード例 #2
0
 public function setRemoteIdpMd5($remoteIdPMd5)
 {
     $idpEntityIds = $this->_repository->findAllIdentityProviderEntityIds();
     foreach ($idpEntityIds as $idpEntityId) {
         if (md5($idpEntityId) !== $remoteIdPMd5) {
             continue;
         }
         $this->_configs['Idp'] = $idpEntityId;
         $this->_configs['TransparentProxy'] = true;
         $this->getSessionLog()->info("Detected pre-selection of {$idpEntityId} as IdP, switching to transparent mode");
         break;
     }
     if (!isset($this->_configs['Idp'])) {
         throw new EngineBlock_Corto_Exception_UnknownPreselectedIdp("Unable to map remote IdpMD5 '{$remoteIdPMd5}' to a remote entity!", $remoteIdPMd5);
     }
     return $this;
 }
コード例 #3
0
 /**
  * @param MetadataRepositoryInterface $metadataRepository
  * @param EngineBlock_X509_KeyPair $keyPair
  * @param EngineBlock_Corto_ProxyServer $proxyServer
  * @return ServiceProvider
  * @throws EngineBlock_Corto_ProxyServer_Exception
  * @throws EngineBlock_Exception
  */
 protected function getEngineSpRole(MetadataRepositoryInterface $metadataRepository, EngineBlock_X509_KeyPair $keyPair, EngineBlock_Corto_ProxyServer $proxyServer)
 {
     /**
      * Augment our own SP entry with stuff that can't be set via the Service Registry (yet)
      */
     $spEntityId = $proxyServer->getUrl('spMetadataService');
     $engineServiceProvider = $metadataRepository->findServiceProviderByEntityId($spEntityId);
     if (!$engineServiceProvider) {
         throw new EngineBlock_Exception("Unable to find EngineBlock configured as Service Provider. No '{$spEntityId}' in repository!");
     }
     $engineServiceProvider->certificates = array($keyPair->getCertificate());
     $engineServiceProvider->supportedNameIdFormats = array(SAML2_Const::NAMEID_PERSISTENT, SAML2_Const::NAMEID_TRANSIENT, SAML2_Const::NAMEID_UNSPECIFIED);
     $metadata = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getAttributeMetadata();
     $requestedAttributeIds = $metadata->findRequestedAttributeIds();
     $requiredAttributeIds = $metadata->findRequiredAttributeIds();
     $requestedAttributes = array();
     foreach ($requestedAttributeIds as $requestedAttributeId) {
         $requestedAttributes[] = new RequestedAttribute($requestedAttributeId);
     }
     foreach ($requiredAttributeIds as $requiredAttributeId) {
         $requestedAttributes[] = new RequestedAttribute($requiredAttributeId, true);
     }
     $engineServiceProvider->requestedAttributes = $requestedAttributes;
     // Allow all Identity Providers for EngineBlock.
     $engineServiceProvider->allowedIdpEntityIds = $metadataRepository->findAllIdentityProviderEntityIds();
     $engineServiceProvider->responseProcessingService = new Service($proxyServer->getUrl('provideConsentService'), 'INTERNAL');
     return $engineServiceProvider;
 }