/**
  * @param string $destinationUrl
  * @param string $assertionConsumerServiceURL
  * @param string $issuerUrl
  * @return SAML2_AuthnRequest
  */
 public function create($destinationUrl, $assertionConsumerServiceURL, $issuerUrl)
 {
     $request = new SAML2_AuthnRequest();
     $request->setDestination($destinationUrl);
     $request->setAssertionConsumerServiceURL($assertionConsumerServiceURL);
     $request->setIssuer($issuerUrl);
     $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
     $request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_TRANSIENT, 'AllowCreate' => true));
     return $request;
 }
예제 #2
0
 /**
  * Build an authentication request based on information in the metadata.
  *
  * @param SimpleSAML_Configuration $spMetadata  The metadata of the service provider.
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the identity provider.
  */
 public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
 {
     $ar = new SAML2_AuthnRequest();
     if ($spMetadata->hasValue('NameIDPolicy')) {
         $nameIdPolicy = $spMetadata->getString('NameIDPolicy', NULL);
     } else {
         $nameIdPolicy = $spMetadata->getString('NameIDFormat', SAML2_Const::NAMEID_TRANSIENT);
     }
     if ($nameIdPolicy !== NULL) {
         $ar->setNameIdPolicy(array('Format' => $nameIdPolicy, 'AllowCreate' => TRUE));
     }
     $ar->setForceAuthn($spMetadata->getBoolean('ForceAuthn', FALSE));
     $ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE));
     $protbind = $spMetadata->getValueValidate('ProtocolBinding', array(SAML2_Const::BINDING_HTTP_POST, SAML2_Const::BINDING_HOK_SSO, SAML2_Const::BINDING_HTTP_ARTIFACT, SAML2_Const::BINDING_HTTP_REDIRECT), SAML2_Const::BINDING_HTTP_POST);
     /* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */
     $ar->setProtocolBinding($protbind);
     $ar->setIssuer($spMetadata->getString('entityid'));
     $ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', NULL));
     $ar->setAttributeConsumingServiceIndex($spMetadata->getInteger('AttributeConsumingServiceIndex', NULL));
     if ($spMetadata->hasValue('AuthnContextClassRef')) {
         $accr = $spMetadata->getArrayizeString('AuthnContextClassRef');
         $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr));
     }
     self::addRedirectSign($spMetadata, $idpMetadata, $ar);
     return $ar;
 }
 /**
  * Process unsolicited requests
  *
  * @return EngineBlock_Saml2_AuthnRequestAnnotationDecorator
  */
 protected function _createUnsolicitedRequest()
 {
     // Entity ID as requested in GET parameters
     $entityId = !empty($_GET['sp-entity-id']) ? $_GET['sp-entity-id'] : null;
     // Request optional  acs-* parameters
     $acsLocation = !empty($_GET['acs-location']) ? $_GET['acs-location'] : null;
     $acsIndex = !empty($_GET['acs-index']) ? $_GET['acs-index'] : null;
     $binding = !empty($_GET['acs-binding']) ? $_GET['acs-binding'] : null;
     // Requested relay state
     $relayState = !empty($_GET['RelayState']) ? $_GET['RelayState'] : null;
     $sspRequest = new SAML2_AuthnRequest();
     $sspRequest->setId($this->_server->getNewId(IdFrame::ID_USAGE_SAML2_REQUEST));
     $sspRequest->setIssuer($entityId);
     $sspRequest->setRelayState($relayState);
     if ($acsLocation) {
         $sspRequest->setAssertionConsumerServiceURL($acsLocation);
         $sspRequest->setProtocolBinding($binding);
     }
     if ($acsIndex) {
         $sspRequest->setAssertionConsumerServiceIndex($acsIndex);
     }
     $request = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($sspRequest);
     $request->setUnsolicited();
     return $request;
 }
 /**
  * launchkey_form - login form for wp-login.php
  *
  * @since 1.1.0
  *
  * @param string $class A space separated list of classes to set on the "class" attribute of a containing DIV for the login button
  * @param string $id The value to set on the "id" attribute of a containing DIV for the login button
  * @param string $style A string of HTML style code tto set on the "style" attribute of a containing DIV for the login button
  */
 public function launchkey_form($class = '', $id = '', $style = '')
 {
     if (isset($_GET['launchkey_error'])) {
         $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'The LaunchKey request was denied or an issue was detected during authentication. Please try again.')));
     } elseif (isset($_GET['launchkey_ssl_error'])) {
         $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was an error trying to request the LaunchKey servers. If this persists you may need to disable SSL verification.')));
     } elseif (isset($_GET['launchkey_security'])) {
         $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was a security issue detected and you have been logged out for your safety. Log back in to ensure a secure session.')));
     }
     $container = SAML2_Utils::getContainer();
     $request = new SAML2_AuthnRequest();
     $request->setId($container->generateId());
     //$request->setProviderName( parse_url( $this->wp_facade->home_url( '/' ), PHP_URL_HOST ) );
     $request->setDestination($this->login_url);
     $request->setIssuer($this->entity_id);
     $request->setRelayState($this->wp_facade->admin_url());
     $request->setAssertionConsumerServiceURL($this->wp_facade->wp_login_url());
     $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
     $request->setIsPassive(false);
     $request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true));
     // Send it off using the HTTP-Redirect binding
     $binding = new SAML2_HTTPRedirect();
     $binding->setDestination($this->login_url);
     $this->wp_facade->_echo($this->template->render_template('launchkey-form', array('class' => $class, 'id' => $id, 'style' => $style, 'login_url' => $binding->getRedirectURL($request), 'login_text' => 'Log in with', 'login_with_app_name' => 'LaunchKey', 'size' => in_array($this->wp_facade->get_locale(), array('fr_FR', 'es_ES')) ? 'small' : 'medium')));
 }
예제 #5
0
 /**
  * Build an authentication request based on information in the metadata.
  *
  * @param SimpleSAML_Configuration $spMetadata  The metadata of the service provider.
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the identity provider.
  */
 public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
 {
     $ar = new SAML2_AuthnRequest();
     // get the NameIDPolicy to apply. IdP metadata has precedence.
     $nameIdPolicy = array();
     if ($idpMetadata->hasValue('NameIDPolicy')) {
         $nameIdPolicy = $idpMetadata->getValue('NameIDPolicy');
     } elseif ($spMetadata->hasValue('NameIDPolicy')) {
         $nameIdPolicy = $spMetadata->getValue('NameIDPolicy');
     }
     if (!is_array($nameIdPolicy)) {
         // handle old configurations where 'NameIDPolicy' was used to specify just the format
         $nameIdPolicy = array('Format' => $nameIdPolicy);
     }
     $nameIdPolicy_cf = SimpleSAML_Configuration::loadFromArray($nameIdPolicy);
     $policy = array('Format' => $nameIdPolicy_cf->getString('Format', SAML2_Const::NAMEID_TRANSIENT), 'AllowCreate' => $nameIdPolicy_cf->getBoolean('AllowCreate', true));
     $spNameQualifier = $nameIdPolicy_cf->getString('SPNameQualifier', false);
     if ($spNameQualifier !== false) {
         $policy['SPNameQualifier'] = $spNameQualifier;
     }
     $ar->setNameIdPolicy($policy);
     $ar->setForceAuthn($spMetadata->getBoolean('ForceAuthn', FALSE));
     $ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE));
     $protbind = $spMetadata->getValueValidate('ProtocolBinding', array(SAML2_Const::BINDING_HTTP_POST, SAML2_Const::BINDING_HOK_SSO, SAML2_Const::BINDING_HTTP_ARTIFACT, SAML2_Const::BINDING_HTTP_REDIRECT), SAML2_Const::BINDING_HTTP_POST);
     /* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */
     $ar->setProtocolBinding($protbind);
     $ar->setIssuer($spMetadata->getString('entityid'));
     $ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', NULL));
     $ar->setAttributeConsumingServiceIndex($spMetadata->getInteger('AttributeConsumingServiceIndex', NULL));
     if ($spMetadata->hasValue('AuthnContextClassRef')) {
         $accr = $spMetadata->getArrayizeString('AuthnContextClassRef');
         $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr));
     }
     self::addRedirectSign($spMetadata, $idpMetadata, $ar);
     return $ar;
 }