public function serve($serviceName) { if (!isset($_SESSION['consent'])) { throw new EngineBlock_Corto_Module_Services_SessionLostException('Session lost after consent'); } if (!isset($_SESSION['consent'][$_POST['ID']]['response'])) { throw new EngineBlock_Corto_Module_Services_SessionLostException("Stored response for ResponseID '{$_POST['ID']}' not found"); } /** @var SAML2_Response|EngineBlock_Saml2_ResponseAnnotationDecorator $response */ $response = $_SESSION['consent'][$_POST['ID']]['response']; $request = $this->_server->getReceivedRequestFromResponse($response); $serviceProvider = $this->_server->getRepository()->fetchServiceProviderByEntityId($request->getIssuer()); $destinationMetadata = EngineBlock_SamlHelper::getDestinationSpMetadata($serviceProvider, $request, $this->_server->getRepository()); if (!isset($_POST['consent']) || $_POST['consent'] !== 'yes') { throw new EngineBlock_Corto_Exception_NoConsentProvided('No consent given...'); } $attributes = $response->getAssertion()->getAttributes(); $consent = $this->_consentFactory->create($this->_server, $response, $attributes); $consent->storeConsent($destinationMetadata); if ($consent->countTotalConsent() === 1) { $this->_sendIntroductionMail($attributes); } $response->setConsent(SAML2_Const::CONSENT_OBTAINED); $response->setDestination($response->getReturn()); $response->setDeliverByBinding('INTERNAL'); $this->_server->getBindingsModule()->send($response, $serviceProvider); }
/** * Resolve the eduPersonTargetedId we should send. */ public function execute() { // Note that we try to service the final destination SP, if we know them and are allowed to do so. $destinationMetadata = EngineBlock_SamlHelper::getDestinationSpMetadata($this->_serviceProvider, $this->_request, $this->_server->getRepository()); // Resolve what NameID we should send the destination. $resolver = new EngineBlock_Saml2_NameIdResolver(); $nameId = $resolver->resolve($this->_request, $this->_response, $destinationMetadata, $this->_collabPersonId); // EPTID requires us to embed the <saml:NameID> element instead of just the value, so we generate that here. $document = new DOMDocument(); $document->loadXML('<base />'); SAML2_Utils::addNameId($document->documentElement, $nameId); // Add the eduPersonTargetedId attribute. $this->_responseAttributes['urn:mace:dir:attribute-def:eduPersonTargetedID'] = array($document->documentElement->childNodes); }