/**
  * @param  Request|null $request
  * @return AuthnRequest
  */
 public function resolve(Request $request = null)
 {
     if (!$request) {
         $request = Request::createFromGlobals();
     }
     $binding_factory = new BindingFactory();
     $binding = $binding_factory->getBindingByRequest($request);
     $message_context = new MessageContext();
     $binding->receive($request, $message_context);
     $message = $message_context->asAuthnRequest();
     $this->validateSignature($message);
     return $message;
 }
예제 #2
0
 /**
  * Get saml authnRequest.
  *
  * @param  string $consumer_service_url
  * @param  string $idp_destination
  * @param  string $issuer
  * @param  string $saml_crt
  * @param  string $saml_key
  * @return string
  */
 public function getAuthnRequest($consumer_service_url, $idp_destination, $issuer, $saml_crt, $saml_key)
 {
     $authn_request = new AuthnRequest();
     $authn_request->setAssertionConsumerServiceURL($consumer_service_url)->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($idp_destination)->setIssuer(new Issuer($issuer));
     $certificate = new X509Certificate();
     $certificate->loadPem($saml_crt);
     $private_key = KeyHelper::createPrivateKey($saml_key, '', false);
     $authn_request->setSignature(new SignatureWriter($certificate, $private_key));
     $serialization_context = new SerializationContext();
     $authn_request->serialize($serialization_context->getDocument(), $serialization_context);
     $binding_factory = new BindingFactory();
     $redirect_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT);
     $message_context = new MessageContext();
     $message_context->setMessage($authn_request);
     /** @var \Symfony\Component\HttpFoundation\RedirectResponse $http_response */
     $http_response = $redirect_binding->send($message_context);
     return $http_response->getTargetUrl();
 }
예제 #3
0
 /**
  * @param  string $email
  * @param  string $message_id
  * @return string
  */
 public function send($email, $message_id)
 {
     $message = $this->saml_data_manager->get($message_id);
     if (!$message) {
         if ($this->logger) {
             $this->logger->error("Saml message with id {$message_id} not found or expired");
         }
         throw new RuntimeException('Authentication message does not exist');
     }
     $this->saml_data_manager->delete($message_id);
     $response = new Response();
     $assertion = new Assertion();
     $response->addAssertion($assertion)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($message->getAssertionConsumerServiceURL())->setIssuer(new Issuer($message->getIssuer()->getValue()));
     $assertion->setId(Helper::generateID())->setIssueInstant(new DateTime())->setIssuer(new Issuer($message->getIssuer()->getValue()))->setSubject((new Subject())->setNameID(new NameID($email, SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo($message->getID())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->setRecipient($message->getAssertionConsumerServiceURL()))))->setConditions((new Conditions())->setNotBefore(new DateTime())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->addItem(new AudienceRestriction([$message->getAssertionConsumerServiceURL()])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, $email)))->addItem((new AuthnStatement())->setAuthnInstant(new DateTime('-10 MINUTE'))->setSessionIndex($message_id)->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
     $certificate = X509Certificate::fromFile($this->saml_crt);
     $private_key = KeyHelper::createPrivateKey($this->saml_key, '', true);
     $response->setSignature(new SignatureWriter($certificate, $private_key));
     $binding_factory = new BindingFactory();
     $post_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_POST);
     $message_context = new MessageContext();
     $message_context->setMessage($response);
     /** @var SymfonyResponse $http_response */
     $http_response = $post_binding->send($message_context);
     return $http_response->getContent();
 }
예제 #4
0
 public function test__get_binding_by_request_http_post()
 {
     $request = $this->createHttpPostRequest();
     $factory = new BindingFactory();
     $this->assertInstanceOf('LightSaml\\Binding\\HttpPostBinding', $factory->getBindingByRequest($request));
 }