예제 #1
0
 /**
  * Constructor for SAML 2 authentication request messages.
  *
  * @param DOMElement|NULL $xml The input message.
  * @throws Exception
  */
 public function __construct(DOMElement $xml = NULL)
 {
     parent::__construct('AuthnRequest', $xml);
     $this->nameIdPolicy = array();
     $this->forceAuthn = FALSE;
     $this->isPassive = FALSE;
     if ($xml === NULL) {
         return;
     }
     $this->forceAuthn = SAML2_Utils::parseBoolean($xml, 'ForceAuthn', FALSE);
     $this->isPassive = SAML2_Utils::parseBoolean($xml, 'IsPassive', FALSE);
     if ($xml->hasAttribute('AssertionConsumerServiceURL')) {
         $this->assertionConsumerServiceURL = $xml->getAttribute('AssertionConsumerServiceURL');
     }
     if ($xml->hasAttribute('ProtocolBinding')) {
         $this->protocolBinding = $xml->getAttribute('ProtocolBinding');
     }
     if ($xml->hasAttribute('AttributeConsumingServiceIndex')) {
         $this->attributeConsumingServiceIndex = (int) $xml->getAttribute('AttributeConsumingServiceIndex');
     }
     if ($xml->hasAttribute('AssertionConsumerServiceIndex')) {
         $this->assertionConsumerServiceIndex = (int) $xml->getAttribute('AssertionConsumerServiceIndex');
     }
     $nameIdPolicy = SAML2_Utils::xpQuery($xml, './saml_protocol:NameIDPolicy');
     if (!empty($nameIdPolicy)) {
         $nameIdPolicy = $nameIdPolicy[0];
         if ($nameIdPolicy->hasAttribute('Format')) {
             $this->nameIdPolicy['Format'] = $nameIdPolicy->getAttribute('Format');
         }
         if ($nameIdPolicy->hasAttribute('SPNameQualifier')) {
             $this->nameIdPolicy['SPNameQualifier'] = $nameIdPolicy->getAttribute('SPNameQualifier');
         }
         if ($nameIdPolicy->hasAttribute('AllowCreate')) {
             $this->nameIdPolicy['AllowCreate'] = SAML2_Utils::parseBoolean($nameIdPolicy, 'AllowCreate', FALSE);
         }
     }
     $requestedAuthnContext = SAML2_Utils::xpQuery($xml, './saml_protocol:RequestedAuthnContext');
     if (!empty($requestedAuthnContext)) {
         $requestedAuthnContext = $requestedAuthnContext[0];
         $rac = array('AuthnContextClassRef' => array(), 'Comparison' => 'exact');
         $accr = SAML2_Utils::xpQuery($requestedAuthnContext, './saml_assertion:AuthnContextClassRef');
         foreach ($accr as $i) {
             $rac['AuthnContextClassRef'][] = trim($i->textContent);
         }
         if ($requestedAuthnContext->hasAttribute('Comparison')) {
             $rac['Comparison'] = $requestedAuthnContext->getAttribute('Comparison');
         }
         $this->requestedAuthnContext = $rac;
     }
     $scoping = SAML2_Utils::xpQuery($xml, './saml_protocol:Scoping');
     if (!empty($scoping)) {
         $scoping = $scoping[0];
         if ($scoping->hasAttribute('ProxyCount')) {
             $this->ProxyCount = (int) $scoping->getAttribute('ProxyCount');
         }
         $idpEntries = SAML2_Utils::xpQuery($scoping, './saml_protocol:IDPList/saml_protocol:IDPEntry');
         foreach ($idpEntries as $idpEntry) {
             if (!$idpEntry->hasAttribute('ProviderID')) {
                 throw new Exception("Could not get ProviderID from Scoping/IDPEntry element in AuthnRequest object");
             }
             $this->IDPList[] = $idpEntry->getAttribute('ProviderID');
         }
         $requesterIDs = SAML2_Utils::xpQuery($scoping, './saml_protocol:RequesterID');
         foreach ($requesterIDs as $requesterID) {
             $this->RequesterID[] = trim($requesterID->textContent);
         }
     }
     $this->extensions = SAML2_XML_samlp_Extensions::getList($xml);
 }
예제 #2
0
 /**
  * Initialize a message.
  *
  * This constructor takes an optional parameter with a DOMElement. If this
  * parameter is given, the message will be initialized with data from that
  * XML element.
  *
  * If no XML element is given, the message is initialized with suitable
  * default values.
  *
  * @param string          $tagName The tag name of the root element.
  * @param DOMElement|NULL $xml     The input message.
  * @throws Exception
  */
 protected function __construct($tagName, DOMElement $xml = NULL)
 {
     assert('is_string($tagName)');
     $this->tagName = $tagName;
     $this->id = SAML2_Utils::getContainer()->generateId();
     $this->issueInstant = time();
     $this->certificates = array();
     $this->validators = array();
     if ($xml === NULL) {
         return;
     }
     if (!$xml->hasAttribute('ID')) {
         throw new Exception('Missing ID attribute on SAML message.');
     }
     $this->id = $xml->getAttribute('ID');
     if ($xml->getAttribute('Version') !== '2.0') {
         /* Currently a very strict check. */
         throw new Exception('Unsupported version: ' . $xml->getAttribute('Version'));
     }
     $this->issueInstant = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant'));
     if ($xml->hasAttribute('Destination')) {
         $this->destination = $xml->getAttribute('Destination');
     }
     if ($xml->hasAttribute('Consent')) {
         $this->consent = $xml->getAttribute('Consent');
     }
     $issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer');
     if (!empty($issuer)) {
         $this->issuer = trim($issuer[0]->textContent);
     }
     /* Validate the signature element of the message. */
     try {
         $sig = SAML2_Utils::validateElement($xml);
         if ($sig !== FALSE) {
             $this->certificates = $sig['Certificates'];
             $this->validators[] = array('Function' => array('SAML2_Utils', 'validateSignature'), 'Data' => $sig);
         }
     } catch (Exception $e) {
         /* Ignore signature validation errors. */
     }
     $this->extensions = SAML2_XML_samlp_Extensions::getList($xml);
 }