/** * @param ServiceProvider $serviceProvider * @param IdentityProvider $identityProvider * @return AuthnRequest */ public static function createNewRequest(ServiceProvider $serviceProvider, IdentityProvider $identityProvider) { $request = new SAML2_AuthnRequest(); $request->setAssertionConsumerServiceURL($serviceProvider->getAssertionConsumerUrl()); $request->setDestination($identityProvider->getSsoUrl()); $request->setIssuer($serviceProvider->getEntityId()); $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST); $request->setSignatureKey(self::loadPrivateKey($serviceProvider->getPrivateKey(SAML2_Configuration_PrivateKey::NAME_DEFAULT))); return AuthnRequest::createNew($request); }
/** * @param AuthnRequest $request * @param ServiceProvider $serviceProvider * @return bool */ public function hasValidSignature(AuthnRequest $request, ServiceProvider $serviceProvider) { $this->logger->debug(sprintf('Extracting public keys for ServiceProvider "%s"', $serviceProvider->getEntityId())); $keys = $this->keyLoader->extractPublicKeys($serviceProvider); $this->logger->debug(sprintf('Found "%d" keys, filtering the keys to get X509 keys', $keys->count())); $x509Keys = $keys->filter(function (SAML2_Certificate_Key $key) { return $key instanceof SAML2_Certificate_X509; }); $this->logger->debug(sprintf('Found "%d" X509 keys, attempting to use each for signature verification', $x509Keys->count())); foreach ($x509Keys as $key) { if ($this->isSignedWith($request, $key)) { return true; } } $this->logger->debug('Signature could not be verified with any of the found X509 keys.'); return false; }