/**
* Store a NameID to attribute.
*
* @param array &$state The request state.
*/
public function process(&$state)
{
assert('is_array($state)');
if (!isset($state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT])) {
SimpleSAML\Logger::warning('Unable to generate eduPersonTargetedID because no persistent NameID was available.');
return;
}
$nameID = $state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT];
if ($this->nameId) {
$doc = \SAML2\DOMDocumentFactory::create();
$root = $doc->createElement('root');
$doc->appendChild($root);
\SAML2\Utils::addNameId($root, $nameID);
$value = $doc->saveXML($root->firstChild);
} else {
$value = $nameID['Value'];
}
$state['Attributes'][$this->attribute] = array($value);
}
/**
* Add a Subject-node to the assertion.
*
* @param \DOMElement $root The assertion element we should add the subject to.
*/
private function addSubject(\DOMElement $root)
{
if ($this->nameId === null && $this->encryptedNameId === null) {
/* We don't have anything to create a Subject node for. */
return;
}
$subject = $root->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:Subject');
$root->appendChild($subject);
if ($this->encryptedNameId === null) {
Utils::addNameId($subject, $this->nameId);
} else {
$eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:' . 'EncryptedID');
$subject->appendChild($eid);
$eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, true));
}
foreach ($this->SubjectConfirmation as $sc) {
$sc->toXML($subject);
}
}
/**
* Add a Subject-node to the assertion.
*
* @param \DOMElement $root The assertion element we should add the subject to.
*/
private function addSubject(\DOMElement $root)
{
// If there is no nameId (encrypted or not) there is nothing to create a subject for
if ($this->nameId === null && $this->encryptedNameId === null) {
return;
}
$subject = $root->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:Subject');
$root->appendChild($subject);
if ($this->encryptedNameId === null) {
Utils::addNameId($subject, $this->nameId);
} else {
$eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:EncryptedID');
$eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, true));
$subject->appendChild($eid);
}
foreach ($this->subjectConfirmation as $sc) {
$sc->toXML($subject);
}
}
/**
* Convert this logout request message to an XML element.
*
* @return \DOMElement This logout request.
*/
public function toUnsignedXML()
{
$root = parent::toUnsignedXML();
if ($this->notOnOrAfter !== null) {
$root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\\TH:i:s\\Z', $this->notOnOrAfter));
}
if ($this->encryptedNameId === null) {
Utils::addNameId($root, $this->nameId);
} else {
$eid = $root->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:' . 'EncryptedID');
$root->appendChild($eid);
$eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, true));
}
foreach ($this->sessionIndexes as $sessionIndex) {
Utils::addString($root, Constants::NS_SAMLP, 'SessionIndex', $sessionIndex);
}
return $root;
}
/**
* Apply filter to add the targeted ID.
*
* @param array &$state The current state.
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Attributes", $state)');
if ($this->attribute === NULL) {
if (!array_key_exists('UserID', $state)) {
throw new Exception('core:TargetedID: Missing UserID for this user. Please' . ' check the \'userid.attribute\' option in the metadata against the' . ' attributes provided by the authentication source.');
}
$userID = $state['UserID'];
} else {
if (!array_key_exists($this->attribute, $state['Attributes'])) {
throw new Exception('core:TargetedID: Missing attribute \'' . $this->attribute . '\', which is needed to generate the targeted ID.');
}
$userID = $state['Attributes'][$this->attribute][0];
}
$secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
if (array_key_exists('Source', $state)) {
$srcID = self::getEntityId($state['Source']);
} else {
$srcID = '';
}
if (array_key_exists('Destination', $state)) {
$dstID = self::getEntityId($state['Destination']);
} else {
$dstID = '';
}
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($srcID) . ':' . $srcID;
$uidData .= strlen($dstID) . ':' . $dstID;
$uidData .= strlen($userID) . ':' . $userID;
$uidData .= $secretSalt;
$uid = hash('sha1', $uidData);
if ($this->generateNameId) {
// Convert the targeted ID to a SAML 2.0 name identifier element
$nameId = array('Format' => \SAML2\Constants::NAMEID_PERSISTENT, 'Value' => $uid);
if (isset($state['Source']['entityid'])) {
$nameId['NameQualifier'] = $state['Source']['entityid'];
}
if (isset($state['Destination']['entityid'])) {
$nameId['SPNameQualifier'] = $state['Destination']['entityid'];
}
$doc = \SAML2\DOMDocumentFactory::create();
$root = $doc->createElement('root');
$doc->appendChild($root);
\SAML2\Utils::addNameId($root, $nameId);
$uid = $doc->saveXML($root->firstChild);
}
$state['Attributes']['eduPersonTargetedID'] = array($uid);
}
