/** * @param AbstractSamlModel $object * @param XMLSecurityKey $key * * @return SerializationContext */ public function encrypt(AbstractSamlModel $object, XMLSecurityKey $key) { $oldKey = $key; $key = new XMLSecurityKey($this->keyTransportEncryption, ['type' => 'public']); $key->loadKey($oldKey->key); $serializationContext = new SerializationContext(); $object->serialize($serializationContext->getDocument(), $serializationContext); $enc = new XMLSecEnc(); $enc->setNode($serializationContext->getDocument()->firstChild); $enc->type = XMLSecEnc::Element; switch ($key->type) { case XMLSecurityKey::TRIPLEDES_CBC: case XMLSecurityKey::AES128_CBC: case XMLSecurityKey::AES192_CBC: case XMLSecurityKey::AES256_CBC: $symmetricKey = $key; break; case XMLSecurityKey::RSA_1_5: case XMLSecurityKey::RSA_SHA1: case XMLSecurityKey::RSA_SHA256: case XMLSecurityKey::RSA_SHA384: case XMLSecurityKey::RSA_SHA512: case XMLSecurityKey::RSA_OAEP_MGF1P: $symmetricKey = new XMLSecurityKey($this->blockEncryptionAlgorithm); $symmetricKey->generateSessionKey(); $enc->encryptKey($key, $symmetricKey); break; default: throw new LightSamlException(sprintf('Unknown key type for encryption: "%s"', $key->type)); } $this->encryptedElement = $enc->encryptNode($symmetricKey); return $serializationContext; }
/** * BC compatible version of the signature check * * @param \SAML2\SignedElement $element * @param \SAML2\Certificate\X509[] $pemCandidates * * @throws \Exception * * @return bool */ protected function validateElementWithKeys(SignedElement $element, $pemCandidates) { $lastException = null; foreach ($pemCandidates as $index => $candidateKey) { $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public')); $key->loadKey($candidateKey->getCertificate()); try { /* * Make sure that we have a valid signature on either the response or the assertion. */ $result = $element->validate($key); if ($result) { $this->logger->debug(sprintf('Validation with key "#%d" succeeded', $index)); return true; } $this->logger->debug(sprintf('Validation with key "#%d" failed without exception.', $index)); } catch (\Exception $e) { $this->logger->debug(sprintf('Validation with key "#%d" failed with exception: %s', $index, $e->getMessage())); $lastException = $e; } } if ($lastException !== null) { throw $lastException; } else { return false; } }
function __doRequest($request, $location, $saction, $version) { $dom = new DOMDocument(); $dom->loadXML($request); $objWSA = new WSASoap($dom); $objWSA->addAction($saction); $objWSA->addTo($location); $objWSA->addMessageID(); $objWSA->addReplyTo(); $dom = $objWSA->getDoc(); $objWSSE = new WSSESoap($dom); /* Sign all headers to include signing the WS-Addressing headers */ $objWSSE->signAllHeaders = true; $objWSSE->addTimestamp(); /* create new XMLSec Key using RSA SHA-1 and type is private key */ $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private')); /* load the private key from file - last arg is bool if key in file (true) or is string (FALSE) */ $objKey->loadKey(PRIVATE_KEY, true); /* Sign the message - also signs appropraite WS-Security items */ $objWSSE->signSoapDoc($objKey); /* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */ $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE)); $objWSSE->attachTokentoSig($token); $request = $objWSSE->saveXML(); return parent::__doRequest($request, $location, $saction, $version); }
public function __doRequest($request, $location, $saction, $version) { $doc = new DOMDocument('1.0'); $doc->loadXML($request); $objWSSE = new WSSESoap($doc); /* add Timestamp with no expiration timestamp */ $objWSSE->addTimestamp(); /* create new XMLSec Key using AES256_CBC and type is private key */ $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private')); /* load the private key from file - last arg is bool if key in file (true) or is string (false) */ $objKey->loadKey(PRIVATE_KEY, true); /* Sign the message - also signs appropiate WS-Security items */ $options = array("insertBefore" => false); $objWSSE->signSoapDoc($objKey, $options); /* Add certificate (BinarySecurityToken) to the message */ $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE)); /* Attach pointer to Signature */ $objWSSE->attachTokentoSig($token); $objKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC); $objKey->generateSessionKey(); $siteKey = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public')); $siteKey->loadKey(SERVICE_CERT, true, true); $options = array("KeyInfo" => array("X509SubjectKeyIdentifier" => true)); $objWSSE->encryptSoapDoc($siteKey, $objKey, $options); $retVal = parent::__doRequest($objWSSE->saveXML(), $location, $saction, $version); $doc = new DOMDocument(); $doc->loadXML($retVal); $options = array("keys" => array("private" => array("key" => PRIVATE_KEY, "isFile" => true, "isCert" => false))); $objWSSE->decryptSoapDoc($doc, $options); return $doc->saveXML(); }
/** * @param \SAML2\Certificate\PrivateKey $privateKey * * @return XMLSecurityKey * @throws \Exception */ private function convertPrivateKeyToRsaKey(PrivateKey $privateKey) { $key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private')); $passphrase = $privateKey->getPassphrase(); if ($passphrase) { $key->passphrase = $passphrase; } $key->loadKey($privateKey->getKeyAsString()); return $key; }
public function getXML($request) { $doc = new \DOMDocument('1.0'); $doc->loadXML($request); $objWSSE = new WSSESoap($doc); $objWSSE->addTimestamp(); $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, ['type' => 'private']); $objKey->loadKey($this->key, TRUE); $objWSSE->signSoapDoc($objKey, ["algorithm" => XMLSecurityDSig::SHA256]); $token = $objWSSE->addBinaryToken(file_get_contents($this->cert)); $objWSSE->attachTokentoSig($token); return $objWSSE->saveXML(); }
public static function handleLoginRequest(IPerson $Person) { try { $binding = Binding::getCurrentBinding(); } catch (Exception $e) { return static::throwUnauthorizedError('Cannot obtain SAML2 binding'); } $request = $binding->receive(); // build response $response = new Response(); $response->setInResponseTo($request->getId()); $response->setRelayState($request->getRelayState()); $response->setDestination($request->getAssertionConsumerServiceURL()); // build assertion $assertion = new Assertion(); $assertion->setIssuer(static::$issuer); $assertion->setSessionIndex(ContainerSingleton::getInstance()->generateId()); $assertion->setNotBefore(time() - 30); $assertion->setNotOnOrAfter(time() + 300); $assertion->setAuthnContext(SAML2_Constants::AC_PASSWORD); // build subject confirmation $sc = new SubjectConfirmation(); $sc->Method = SAML2_Constants::CM_BEARER; $sc->SubjectConfirmationData = new SubjectConfirmationData(); $sc->SubjectConfirmationData->NotOnOrAfter = $assertion->getNotOnOrAfter(); $sc->SubjectConfirmationData->Recipient = $request->getAssertionConsumerServiceURL(); $sc->SubjectConfirmationData->InResponseTo = $request->getId(); $assertion->setSubjectConfirmation([$sc]); // set NameID $assertion->setNameId(['Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', 'Value' => $Person->Username . '@' . static::$issuer]); // set additional attributes $assertion->setAttributes(['User.Email' => [$Person->Email], 'User.Username' => [$Person->Username]]); // attach assertion to response $response->setAssertions([$assertion]); // create signature $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type' => 'private']); $privateKey->loadKey(static::$privateKey); $response->setSignatureKey($privateKey); $response->setCertificates([static::$certificate]); // prepare response $responseXML = $response->toSignedXML(); $responseString = $responseXML->ownerDocument->saveXML($responseXML); // dump response and quit # header('Content-Type: text/xml'); # die($responseString); // send response $responseBinding = new HTTPPost(); $responseBinding->send($response); }
public function __doRequest($request, $location, $saction, $version) { $doc = new DOMDocument('1.0'); $doc->loadXML($request); $objWSSE = new WSSESoap($doc); /* add Timestamp with no expiration timestamp */ $objWSSE->addTimestamp(); /* create new XMLSec Key using RSA SHA-1 and type is private key */ $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private')); /* load the private key from file - last arg is bool if key in file (true) or is string (FALSE) */ $objKey->loadKey(PRIVATE_KEY, true); /* Sign the message - also signs appropraite WS-Security items */ $objWSSE->signSoapDoc($objKey); /* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */ $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE)); $objWSSE->attachTokentoSig($token); return parent::__doRequest($objWSSE->saveXML(), $location, $saction, $version); }
/** * @param XMLSecurityKey $key * @param string $algorithm * * @throws \LightSaml\Error\LightSamlSecurityException * @throws \InvalidArgumentException * * @return XMLSecurityKey */ public static function castKey(XMLSecurityKey $key, $algorithm) { if (false == is_string($algorithm)) { throw new \InvalidArgumentException('Algorithm must be string'); } // do nothing if algorithm is already the type of the key if ($key->type === $algorithm) { return $key; } $keyInfo = openssl_pkey_get_details($key->key); if ($keyInfo === false) { throw new LightSamlSecurityException('Unable to get key details from XMLSecurityKey.'); } if (false == isset($keyInfo['key'])) { throw new LightSamlSecurityException('Missing key in public key details.'); } $newKey = new XMLSecurityKey($algorithm, array('type' => 'public')); $newKey->loadKey($keyInfo['key']); return $newKey; }
public function verify(DOMDocument $data) { $objKey = null; $objXMLSecDSig = new XMLSecurityDSig(); $objDSig = $objXMLSecDSig->locateSignature($data); if (!$objDSig) { throw new UnexpectedValueException('Signature DOM element not found.'); } $objXMLSecDSig->canonicalizeSignedInfo(); if (!$this->getPublicKey()) { // try to get the public key from the certificate $objKey = $objXMLSecDSig->locateKey(); if (!$objKey) { throw new RuntimeException('There is no set either private key or public key for signature verification.'); } XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig); $this->publicKey = $objKey->getX509Certificate(); $this->keyAlgorithm = $objKey->getAlgorith(); } if (!$objKey) { $objKey = new XMLSecurityKey($this->keyAlgorithm, ['type' => 'public']); $objKey->loadKey($this->getPublicKey()); } // Check signature if (1 !== $objXMLSecDSig->verify($objKey)) { return false; } // Check references (data) try { $objXMLSecDSig->validateReference(); } catch (\Exception $e) { return false; } return true; }
/** * @return XMLSecurityKey */ public static function getPublicKey2Sha1() { $publicKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public')); $publicKey->loadKey(self::PUBLIC_KEY_2_PEM); return $publicKey; }
/** * * @param \Ondrejnov\EET\Receipt $receipt * @return array */ public function getCheckCodes(Receipt $receipt) { $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, ['type' => 'private']); $objKey->loadKey($this->key, TRUE); $arr = [$receipt->dic_popl, $receipt->id_provoz, $receipt->id_pokl, $receipt->porad_cis, $receipt->dat_trzby->format('c'), Format::price($receipt->celk_trzba)]; $sign = $objKey->signData(join('|', $arr)); return ['pkp' => ['_' => $sign, 'digest' => 'SHA256', 'cipher' => 'RSA2048', 'encoding' => 'base64'], 'bkp' => ['_' => Format::BKB(sha1($sign)), 'digest' => 'SHA1', 'encoding' => 'base16']]; }
public function signDocument() { if (strlen($this->content2SignIdentifier) == 0) { return; } // get content to sign // get content to sign $doc = new DOMDocument('1.0', 'UTF-8'); $doc->loadXML($this->xmlMessage); $xpath = new DOMXPath($doc); $nodeset = $xpath->query("//{$this->content2SignIdentifier}")->item(0); // sign // sign $objXMLSecDSig = new XMLSecurityDSig(''); $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::C14N); $objXMLSecDSig->addReference($nodeset, XMLSecurityDSig::SHA256, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('id_name' => 'Id', 'uri' => $this->msgIdentifier, 'overwrite' => false)); openssl_pkcs12_read(file_get_contents($this->myCertificatePathP12), $raw, $this->myCertificatePassword); $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private')); $objKey->loadKey($raw['pkey']); $objXMLSecDSig->sign($objKey, $nodeset); $objXMLSecDSig->add509Cert($raw['cert'], true, false, array('issuerSerial' => true, 'subjectName' => true, 'issuerCertificate' => false)); $this->xmlMessage = $doc->saveXML(); }
/** * Retrieve certificates that sign this element. * * @return array Array with certificates. */ public function getValidatingCertificates() { $ret = array(); foreach ($this->certificates as $cert) { /* Construct a PEM formatted certificate */ $pemCert = "-----BEGIN CERTIFICATE-----\n" . chunk_split($cert, 64) . "-----END CERTIFICATE-----\n"; /* Extract the public key from the certificate for validation. */ $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public')); $key->loadKey($pemCert); try { /* Check the signature. */ if ($this->validate($key)) { $ret[] = $cert; } } catch (\Exception $e) { /* This certificate does not sign this element. */ } } return $ret; }
/** * Encrypt an assertion. * * This function takes in a \SAML2\Assertion and encrypts it if encryption of * assertions are enabled in the metadata. * * @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP. * @param SimpleSAML_Configuration $spMetadata The metadata of the SP. * @param \SAML2\Assertion $assertion The assertion we are encrypting. * * @return \SAML2\Assertion|\SAML2\EncryptedAssertion The assertion. * * @throws SimpleSAML_Error_Exception In case the encryption key type is not supported. */ private static function encryptAssertion(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, \SAML2\Assertion $assertion) { $encryptAssertion = $spMetadata->getBoolean('assertion.encryption', null); if ($encryptAssertion === null) { $encryptAssertion = $idpMetadata->getBoolean('assertion.encryption', false); } if (!$encryptAssertion) { // we are _not_ encrypting this assertion, and are therefore done return $assertion; } $sharedKey = $spMetadata->getString('sharedkey', null); if ($sharedKey !== null) { $key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); $key->loadKey($sharedKey); } else { $keys = $spMetadata->getPublicKeys('encryption', true); $key = $keys[0]; switch ($key['type']) { case 'X509Certificate': $pemKey = "-----BEGIN CERTIFICATE-----\n" . chunk_split($key['X509Certificate'], 64) . "-----END CERTIFICATE-----\n"; break; default: throw new SimpleSAML_Error_Exception('Unsupported encryption key type: ' . $key['type']); } // extract the public key from the certificate for encryption $key = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public')); $key->loadKey($pemKey); } $ea = new \SAML2\EncryptedAssertion(); $ea->setAssertion($assertion, $key); return $ea; }
/** * @param null|XMLSecurityKey $objBaseKey * @param null|DOMNode $node * @return null|XMLSecurityKey * @throws Exception */ public static function staticLocateKeyInfo($objBaseKey = null, $node = null) { if (empty($node) || !$node instanceof DOMNode) { return null; } $doc = $node->ownerDocument; if (!$doc) { return null; } $xpath = new DOMXPath($doc); $xpath->registerNamespace('xmlsecenc', self::XMLENCNS); $xpath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS); $query = "./xmlsecdsig:KeyInfo"; $nodeset = $xpath->query($query, $node); $encmeth = $nodeset->item(0); if (!$encmeth) { /* No KeyInfo in EncryptedData / EncryptedKey. */ return $objBaseKey; } foreach ($encmeth->childNodes as $child) { switch ($child->localName) { case 'KeyName': if (!empty($objBaseKey)) { $objBaseKey->name = $child->nodeValue; } break; case 'KeyValue': foreach ($child->childNodes as $keyval) { switch ($keyval->localName) { case 'DSAKeyValue': throw new Exception("DSAKeyValue currently not supported"); case 'RSAKeyValue': $modulus = null; $exponent = null; if ($modulusNode = $keyval->getElementsByTagName('Modulus')->item(0)) { $modulus = base64_decode($modulusNode->nodeValue); } if ($exponentNode = $keyval->getElementsByTagName('Exponent')->item(0)) { $exponent = base64_decode($exponentNode->nodeValue); } if (empty($modulus) || empty($exponent)) { throw new Exception("Missing Modulus or Exponent"); } $publicKey = XMLSecurityKey::convertRSA($modulus, $exponent); $objBaseKey->loadKey($publicKey); break; } } break; case 'RetrievalMethod': $type = $child->getAttribute('Type'); if ($type !== 'http://www.w3.org/2001/04/xmlenc#EncryptedKey') { /* Unsupported key type. */ break; } $uri = $child->getAttribute('URI'); if ($uri[0] !== '#') { /* URI not a reference - unsupported. */ break; } $id = substr($uri, 1); $query = "//xmlsecenc:EncryptedKey[@Id='{$id}']"; $keyElement = $xpath->query($query)->item(0); if (!$keyElement) { throw new Exception("Unable to locate EncryptedKey with @Id='{$id}'."); } return XMLSecurityKey::fromEncryptedKeyElement($keyElement); case 'EncryptedKey': return XMLSecurityKey::fromEncryptedKeyElement($child); case 'X509Data': if ($x509certNodes = $child->getElementsByTagName('X509Certificate')) { if ($x509certNodes->length > 0) { $x509cert = $x509certNodes->item(0)->textContent; $x509cert = str_replace(array("\r", "\n", " "), "", $x509cert); $x509cert = "-----BEGIN CERTIFICATE-----\n" . chunk_split($x509cert, 64, "\n") . "-----END CERTIFICATE-----\n"; $objBaseKey->loadKey($x509cert, false, true); } } break; } } return $objBaseKey; }
/** * Helper function to convert a XMLSecurityKey to the correct algorithm. * * @param XMLSecurityKey $key The key. * @param string $algorithm The desired algorithm. * @param string $type Public or private key, defaults to public. * @return XMLSecurityKey The new key. * @throws \Exception */ public static function castKey(XMLSecurityKey $key, $algorithm, $type = 'public') { assert('is_string($algorithm)'); assert('$type === "public" || $type === "private"'); // do nothing if algorithm is already the type of the key if ($key->type === $algorithm) { return $key; } $keyInfo = openssl_pkey_get_details($key->key); if ($keyInfo === false) { throw new \Exception('Unable to get key details from XMLSecurityKey.'); } if (!isset($keyInfo['key'])) { throw new \Exception('Missing key in public key details.'); } $newKey = new XMLSecurityKey($algorithm, array('type' => $type)); $newKey->loadKey($keyInfo['key']); return $newKey; }
public function decryptSoapDoc($doc, $options) { $privKey = null; $privKey_isFile = false; $privKey_isCert = false; if (is_array($options)) { $privKey = !empty($options['keys']['private']['key']) ? $options['keys']['private']['key'] : null; $privKey_isFile = !empty($options['keys']['private']['isFile']) ? true : false; $privKey_isCert = !empty($options['keys']['private']['isCert']) ? true : false; } $objenc = new XMLSecEnc(); $xpath = new DOMXPath($doc); $envns = $doc->documentElement->namespaceURI; $xpath->registerNamespace('soapns', $envns); $xpath->registerNamespace('soapenc', 'http://www.w3.org/2001/04/xmlenc#'); $nodes = $xpath->query('/soapns:Envelope/soapns:Header/*[local-name()="Security"]/soapenc:EncryptedKey'); $references = array(); if ($node = $nodes->item(0)) { $objenc = new XMLSecEnc(); $objenc->setNode($node); if (!($objKey = $objenc->locateKey())) { throw new Exception('Unable to locate algorithm for this Encrypted Key'); } $objKey->isEncrypted = true; $objKey->encryptedCtx = $objenc; XMLSecEnc::staticLocateKeyInfo($objKey, $node); if ($objKey && $objKey->isEncrypted) { $objencKey = $objKey->encryptedCtx; $objKey->loadKey($privKey, $privKey_isFile, $privKey_isCert); $key = $objencKey->decryptKey($objKey); $objKey->loadKey($key); } $refnodes = $xpath->query('./soapenc:ReferenceList/soapenc:DataReference/@URI', $node); foreach ($refnodes as $reference) { $references[] = $reference->nodeValue; } } foreach ($references as $reference) { $arUrl = parse_url($reference); $reference = $arUrl['fragment']; $query = '//*[@Id="' . $reference . '"]'; $nodes = $xpath->query($query); $encData = $nodes->item(0); if ($algo = $xpath->evaluate('string(./soapenc:EncryptionMethod/@Algorithm)', $encData)) { $objKey = new XMLSecurityKey($algo); $objKey->loadKey($key); } $objenc->setNode($encData); $objenc->type = $encData->getAttribute('Type'); $decrypt = $objenc->decryptNode($objKey, true); } return true; }
/** * @param string $returnTo Where to have IdP send user after login * @param \yii\web\Request|null $request * @return \Sil\IdpPw\Common\Auth\User * @throws \Sil\IdpPw\Common\Auth\InvalidLoginException * @throws RedirectException */ public function login($returnTo, Request $request = null) { $container = new SamlContainer(); ContainerSingleton::setContainer($container); $request = new AuthnRequest(); $request->setId($container->generateId()); $request->setIssuer($this->entityId); $request->setDestination($this->ssoUrl); $request->setRelayState($returnTo); /* * Sign request if spCertificate and spPrivateKey are provided */ if ($this->signRequest) { $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type' => 'private']); $key->loadKey($this->spPrivateKey, false); $request->setSignatureKey($key); } try { /* * Check for SAMLRequest or SAMLResponse to see if user is returning after login */ $binding = new HTTPPost(); /** @var \SAML2\Response $response */ $response = $binding->receive(); } catch (\Exception $e) { /* * User was not logged in, so redirect to IdP for login */ $binding = new HTTPRedirect(); $url = $binding->getRedirectURL($request); throw new RedirectException($url); } try { /* * If needed, check if response is signed */ if ($this->checkResponseSigning) { $idpKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type' => 'public']); $idpKey->loadKey($this->idpCertificate, false, true); if (!$response->validate($idpKey)) { throw new \Exception('SAML response was not signed properly', 1459884735); } } /** @var \SAML2\Assertion[]|\SAML2\EncryptedAssertion[] $assertions */ $assertions = $response->getAssertions(); /* * If requiring encrypted assertion, use key to decrypt it */ if ($this->requireEncryptedAssertion) { $decryptKey = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, ['type' => 'private']); $decryptKey->loadKey($this->spPrivateKey, false, false); if (!$assertions[0] instanceof EncryptedAssertion) { throw new \Exception('Response assertion is required to be encrypted but was not', 1459884392); } $assertion = $assertions[0]->getAssertion($decryptKey); } else { $assertion = $assertions[0]; } /* * Get attributes using mapping config, make sure expected fields * are present, and return as new User */ /** @var \SAML2\Assertion $assertion */ $samlAttrs = $assertion->getAttributes(); $normalizedAttrs = $this->extractSamlAttributes($samlAttrs, $this->attributeMap); $this->assertHasRequiredSamlAttributes($normalizedAttrs, $this->attributeMap); $authUser = new AuthUser(); $authUser->firstName = $normalizedAttrs['first_name']; $authUser->lastName = $normalizedAttrs['last_name']; $authUser->email = $normalizedAttrs['email']; $authUser->employeeId = $normalizedAttrs['employee_id']; $authUser->idpUsername = $normalizedAttrs['idp_username']; return $authUser; } catch (\Exception $e) { /* * An error occurred processing SAML data */ throw new InvalidLoginException($e->getMessage(), 1459803743); } }
/** * @return XMLSecurityKey */ public static function getPrivateKey() { $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private')); $privateKey->loadKey(self::PRIVATE_KEY_PEM); return $privateKey; }