public function test_send_destination() { $expectedDestination = 'https://destination.com/auth'; $request = $this->getAuthnRequest(); $biding = new HttpPostBinding(); $messageContext = new MessageContext(); $messageContext->setMessage($request); /** @var \LightSaml\Binding\SamlPostResponse $response */ $response = $biding->send($messageContext, $expectedDestination); $this->assertInstanceOf('LightSaml\\Binding\\SamlPostResponse', $response); $this->assertEquals($expectedDestination, $response->getDestination()); }
/** * @dataProvider message_as_concrete_type_provider */ public function test_message_as_concrete_type($method, $hasValue, SamlMessage $message = null) { $context = new MessageContext(); if ($message) { $context->setMessage($message); } $actualValue = $context->{$method}(); if ($hasValue) { $this->assertSame($message, $actualValue); } else { $this->assertNull($actualValue); } }
public function test__send_destination() { $expectedDestination = 'https://destination.com/auth'; $request = $this->getAuthnRequest(); $biding = new HttpRedirectBinding(); $messageContext = new MessageContext(); $messageContext->setMessage($request); /** @var RedirectResponse $response */ $response = $biding->send($messageContext, $expectedDestination); $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $response); $url = $response->getTargetUrl(); $this->assertNotEmpty($url); $urlInfo = parse_url($url); $this->assertEquals($expectedDestination, $urlInfo['scheme'] . '://' . $urlInfo['host'] . $urlInfo['path']); }
/** * Get saml authnRequest. * * @param string $consumer_service_url * @param string $idp_destination * @param string $issuer * @param string $saml_crt * @param string $saml_key * @return string */ public function getAuthnRequest($consumer_service_url, $idp_destination, $issuer, $saml_crt, $saml_key) { $authn_request = new AuthnRequest(); $authn_request->setAssertionConsumerServiceURL($consumer_service_url)->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($idp_destination)->setIssuer(new Issuer($issuer)); $certificate = new X509Certificate(); $certificate->loadPem($saml_crt); $private_key = KeyHelper::createPrivateKey($saml_key, '', false); $authn_request->setSignature(new SignatureWriter($certificate, $private_key)); $serialization_context = new SerializationContext(); $authn_request->serialize($serialization_context->getDocument(), $serialization_context); $binding_factory = new BindingFactory(); $redirect_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT); $message_context = new MessageContext(); $message_context->setMessage($authn_request); /** @var \Symfony\Component\HttpFoundation\RedirectResponse $http_response */ $http_response = $redirect_binding->send($message_context); return $http_response->getTargetUrl(); }
/** * @param Request $request * @param MessageContext $context */ public function receive(Request $request, MessageContext $context) { $post = $request->request->all(); if (array_key_exists('SAMLRequest', $post)) { $msg = $post['SAMLRequest']; } elseif (array_key_exists('SAMLResponse', $post)) { $msg = $post['SAMLResponse']; } else { throw new LightSamlBindingException('Missing SAMLRequest or SAMLResponse parameter'); } $msg = base64_decode($msg); $this->dispatchReceive($msg); $deserializationContext = $context->getDeserializationContext(); $result = SamlMessage::fromXML($msg, $deserializationContext); if (array_key_exists('RelayState', $post)) { $result->setRelayState($post['RelayState']); } $context->setMessage($result); }
/** * @param string $email * @param string $message_id * @return string */ public function send($email, $message_id) { $message = $this->saml_data_manager->get($message_id); if (!$message) { if ($this->logger) { $this->logger->error("Saml message with id {$message_id} not found or expired"); } throw new RuntimeException('Authentication message does not exist'); } $this->saml_data_manager->delete($message_id); $response = new Response(); $assertion = new Assertion(); $response->addAssertion($assertion)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($message->getAssertionConsumerServiceURL())->setIssuer(new Issuer($message->getIssuer()->getValue())); $assertion->setId(Helper::generateID())->setIssueInstant(new DateTime())->setIssuer(new Issuer($message->getIssuer()->getValue()))->setSubject((new Subject())->setNameID(new NameID($email, SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo($message->getID())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->setRecipient($message->getAssertionConsumerServiceURL()))))->setConditions((new Conditions())->setNotBefore(new DateTime())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->addItem(new AudienceRestriction([$message->getAssertionConsumerServiceURL()])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, $email)))->addItem((new AuthnStatement())->setAuthnInstant(new DateTime('-10 MINUTE'))->setSessionIndex($message_id)->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT))); $certificate = X509Certificate::fromFile($this->saml_crt); $private_key = KeyHelper::createPrivateKey($this->saml_key, '', true); $response->setSignature(new SignatureWriter($certificate, $private_key)); $binding_factory = new BindingFactory(); $post_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_POST); $message_context = new MessageContext(); $message_context->setMessage($response); /** @var SymfonyResponse $http_response */ $http_response = $post_binding->send($message_context); return $http_response->getContent(); }
public function test__as_saml_message_returns_message() { $context = new MessageContext(); $context->setMessage($expectedMessage = $this->getMessageMock()); $this->assertSame($expectedMessage, MessageContextHelper::asSamlMessage($context)); }
/** * @param SamlMessage $message * @param MessageContext $context * * @return string */ protected function getMessageEncodedXml(SamlMessage $message, MessageContext $context) { $message->setSignature(null); $serializationContext = $context->getSerializationContext(); $message->serialize($serializationContext->getDocument(), $serializationContext); $xml = $serializationContext->getDocument()->saveXML(); $this->dispatchSend($xml); $xml = gzdeflate($xml); $xml = base64_encode($xml); return $xml; }
/** * @param MessageContext $context * * @return \LightSaml\Model\Protocol\LogoutResponse */ public static function asLogoutResponse(MessageContext $context) { $message = $context->getMessage(); if ($message instanceof LogoutResponse) { return $message; } throw new LightSamlContextException($context, 'Expected LogoutResponse'); }