예제 #1
0
 public function test_send_destination()
 {
     $expectedDestination = 'https://destination.com/auth';
     $request = $this->getAuthnRequest();
     $biding = new HttpPostBinding();
     $messageContext = new MessageContext();
     $messageContext->setMessage($request);
     /** @var \LightSaml\Binding\SamlPostResponse $response */
     $response = $biding->send($messageContext, $expectedDestination);
     $this->assertInstanceOf('LightSaml\\Binding\\SamlPostResponse', $response);
     $this->assertEquals($expectedDestination, $response->getDestination());
 }
예제 #2
0
 /**
  * @dataProvider message_as_concrete_type_provider
  */
 public function test_message_as_concrete_type($method, $hasValue, SamlMessage $message = null)
 {
     $context = new MessageContext();
     if ($message) {
         $context->setMessage($message);
     }
     $actualValue = $context->{$method}();
     if ($hasValue) {
         $this->assertSame($message, $actualValue);
     } else {
         $this->assertNull($actualValue);
     }
 }
예제 #3
0
 public function test__send_destination()
 {
     $expectedDestination = 'https://destination.com/auth';
     $request = $this->getAuthnRequest();
     $biding = new HttpRedirectBinding();
     $messageContext = new MessageContext();
     $messageContext->setMessage($request);
     /** @var RedirectResponse $response */
     $response = $biding->send($messageContext, $expectedDestination);
     $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $response);
     $url = $response->getTargetUrl();
     $this->assertNotEmpty($url);
     $urlInfo = parse_url($url);
     $this->assertEquals($expectedDestination, $urlInfo['scheme'] . '://' . $urlInfo['host'] . $urlInfo['path']);
 }
예제 #4
0
 /**
  * Get saml authnRequest.
  *
  * @param  string $consumer_service_url
  * @param  string $idp_destination
  * @param  string $issuer
  * @param  string $saml_crt
  * @param  string $saml_key
  * @return string
  */
 public function getAuthnRequest($consumer_service_url, $idp_destination, $issuer, $saml_crt, $saml_key)
 {
     $authn_request = new AuthnRequest();
     $authn_request->setAssertionConsumerServiceURL($consumer_service_url)->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($idp_destination)->setIssuer(new Issuer($issuer));
     $certificate = new X509Certificate();
     $certificate->loadPem($saml_crt);
     $private_key = KeyHelper::createPrivateKey($saml_key, '', false);
     $authn_request->setSignature(new SignatureWriter($certificate, $private_key));
     $serialization_context = new SerializationContext();
     $authn_request->serialize($serialization_context->getDocument(), $serialization_context);
     $binding_factory = new BindingFactory();
     $redirect_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT);
     $message_context = new MessageContext();
     $message_context->setMessage($authn_request);
     /** @var \Symfony\Component\HttpFoundation\RedirectResponse $http_response */
     $http_response = $redirect_binding->send($message_context);
     return $http_response->getTargetUrl();
 }
예제 #5
0
 /**
  * @param Request        $request
  * @param MessageContext $context
  */
 public function receive(Request $request, MessageContext $context)
 {
     $post = $request->request->all();
     if (array_key_exists('SAMLRequest', $post)) {
         $msg = $post['SAMLRequest'];
     } elseif (array_key_exists('SAMLResponse', $post)) {
         $msg = $post['SAMLResponse'];
     } else {
         throw new LightSamlBindingException('Missing SAMLRequest or SAMLResponse parameter');
     }
     $msg = base64_decode($msg);
     $this->dispatchReceive($msg);
     $deserializationContext = $context->getDeserializationContext();
     $result = SamlMessage::fromXML($msg, $deserializationContext);
     if (array_key_exists('RelayState', $post)) {
         $result->setRelayState($post['RelayState']);
     }
     $context->setMessage($result);
 }
예제 #6
0
 /**
  * @param  string $email
  * @param  string $message_id
  * @return string
  */
 public function send($email, $message_id)
 {
     $message = $this->saml_data_manager->get($message_id);
     if (!$message) {
         if ($this->logger) {
             $this->logger->error("Saml message with id {$message_id} not found or expired");
         }
         throw new RuntimeException('Authentication message does not exist');
     }
     $this->saml_data_manager->delete($message_id);
     $response = new Response();
     $assertion = new Assertion();
     $response->addAssertion($assertion)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($message->getAssertionConsumerServiceURL())->setIssuer(new Issuer($message->getIssuer()->getValue()));
     $assertion->setId(Helper::generateID())->setIssueInstant(new DateTime())->setIssuer(new Issuer($message->getIssuer()->getValue()))->setSubject((new Subject())->setNameID(new NameID($email, SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo($message->getID())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->setRecipient($message->getAssertionConsumerServiceURL()))))->setConditions((new Conditions())->setNotBefore(new DateTime())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->addItem(new AudienceRestriction([$message->getAssertionConsumerServiceURL()])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, $email)))->addItem((new AuthnStatement())->setAuthnInstant(new DateTime('-10 MINUTE'))->setSessionIndex($message_id)->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
     $certificate = X509Certificate::fromFile($this->saml_crt);
     $private_key = KeyHelper::createPrivateKey($this->saml_key, '', true);
     $response->setSignature(new SignatureWriter($certificate, $private_key));
     $binding_factory = new BindingFactory();
     $post_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_POST);
     $message_context = new MessageContext();
     $message_context->setMessage($response);
     /** @var SymfonyResponse $http_response */
     $http_response = $post_binding->send($message_context);
     return $http_response->getContent();
 }
예제 #7
0
 public function test__as_saml_message_returns_message()
 {
     $context = new MessageContext();
     $context->setMessage($expectedMessage = $this->getMessageMock());
     $this->assertSame($expectedMessage, MessageContextHelper::asSamlMessage($context));
 }
예제 #8
0
 /**
  * @param SamlMessage    $message
  * @param MessageContext $context
  *
  * @return string
  */
 protected function getMessageEncodedXml(SamlMessage $message, MessageContext $context)
 {
     $message->setSignature(null);
     $serializationContext = $context->getSerializationContext();
     $message->serialize($serializationContext->getDocument(), $serializationContext);
     $xml = $serializationContext->getDocument()->saveXML();
     $this->dispatchSend($xml);
     $xml = gzdeflate($xml);
     $xml = base64_encode($xml);
     return $xml;
 }
예제 #9
0
 /**
  * @param MessageContext $context
  *
  * @return \LightSaml\Model\Protocol\LogoutResponse
  */
 public static function asLogoutResponse(MessageContext $context)
 {
     $message = $context->getMessage();
     if ($message instanceof LogoutResponse) {
         return $message;
     }
     throw new LightSamlContextException($context, 'Expected LogoutResponse');
 }