/** * @param \Symfony\Component\HttpFoundation\Request $request * @throws \InvalidArgumentException if cannot manage the Request * @return \Symfony\Component\HttpFoundation\Response|SamlSpInfo */ public function manage(Request $request) { if (false == $this->supports($request)) { throw new \InvalidArgumentException('Unsupported request'); } $serviceInfo = $this->serviceInfoCollection->findByAS($request->query->get('as')); if (!$serviceInfo) { return new RedirectResponse($this->httpUtils->generateUri($request, $request->attributes->get('discovery_path'))); } $serviceInfo->getSpProvider()->setRequest($request); $spED = $serviceInfo->getSpProvider()->getEntityDescriptor(); $idpED = $serviceInfo->getIdpProvider()->getEntityDescriptor(); $spMeta = $serviceInfo->getSpMetaProvider()->getSpMeta(); $builder = new AuthnRequestBuilder($spED, $idpED, $spMeta); $message = $builder->build(); if ($serviceInfo->getSpSigningProvider()->isEnabled()) { $message->sign($serviceInfo->getSpSigningProvider()->getCertificate(), $serviceInfo->getSpSigningProvider()->getPrivateKey()); } $binding = $this->bindingManager->instantiate($spMeta->getAuthnRequestBinding()); $bindingResponse = $binding->send($message); if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\RedirectResponse) { $result = new RedirectResponse($bindingResponse->getDestination()); } else { if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\PostResponse) { $result = new Response($bindingResponse->render()); } else { throw new \RuntimeException('Unrecognized binding response ' . get_class($bindingResponse)); } } $state = new RequestState(); $state->setId($message->getID()); $state->setDestination($serviceInfo->getIdpProvider()->getEntityDescriptor()->getEntityID()); $this->requestStore->set($state); return $result; }
/** * @dataProvider provider */ public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '') { if ($expectedException) { $this->setExpectedException($expectedException, $expectedExceptionMessage); } $idp = new IdpSsoDescriptor(); foreach ($idpData as $data) { $idp->addService(new SingleSignOnService($data['binding'], $data['url'])); } $edIDP = new EntityDescriptor('idp'); $edIDP->addItem($idp); $sp = new SpSsoDescriptor(); foreach ($spData as $data) { $sp->addService(new AssertionConsumerService($data['binding'], $data['url'])); } $edSP = new EntityDescriptor('sp'); $edSP->addItem($sp); $spMeta = new SpMeta(); foreach ($spMetaData as $name => $value) { $spMeta->{$name}($value); } $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); }
/** * @dataProvider provider */ public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '') { if ($expectedException) { $this->setExpectedException($expectedException, $expectedExceptionMessage); } $idp = new IdpSsoDescriptor(); foreach ($idpData as $data) { $idp->addService(new SingleSignOnService($data['binding'], $data['url'])); } $edIDP = new EntityDescriptor('idp'); $edIDP->addItem($idp); $sp = new SpSsoDescriptor(); foreach ($spData as $data) { $sp->addService(new AssertionConsumerService($data['binding'], $data['url'])); } $edSP = new EntityDescriptor('sp'); $edSP->addItem($sp); $spMeta = new SpMeta(); foreach ($spMetaData as $name => $value) { $spMeta->{$name}($value); } // without signing $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); // with signing $signature = new SignatureCreator(); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private')); $key->loadKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', true); $signature->setCertificate($certificate); $signature->setXmlSecurityKey($key); $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta, $signature); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); }
/** * @param string $sp * @param string $idp * @param SpMeta $spMeta * @return AuthnRequest * @throws \InvalidArgumentException */ public static function buildAuthnRequestFromEntityDescriptors($sp, $idp, SpMeta $spMeta = null) { if (is_string($sp)) { $sp = self::getEntityDescriptorFromXmlFile($sp); } else { if (!$sp instanceof EntityDescriptor) { throw new \InvalidArgumentException('SP parameter must be instance of EntityDescriptor or string'); } } if (is_string($idp)) { $idp = self::getEntityDescriptorFromXmlFile($idp); } else { if (!$idp instanceof EntityDescriptor) { throw new \InvalidArgumentException('IDP parameter must be instance of EntityDescriptor or string'); } } if (!$spMeta) { $spMeta = new SpMeta(); $spMeta->setNameIdFormat(NameIDPolicy::PERSISTENT); } $builder = new AuthnRequestBuilder($sp, $idp, $spMeta); $result = $builder->build(); return $result; }