<?php require_once __DIR__ . '/../autoload.php'; $xml = <<<EOT <?xml version="1.0"?> <AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="_894da3368874d2dd637983b6812f66c444f100f205" Version="2.0" IssueInstant="2015-09-13T11:47:33Z" Destination="https://idp.testshib.org/idp/profile/SAML2/POST/SSO"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://mt.evo.loc/sp</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_894da3368874d2dd637983b6812f66c444f100f205"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>94dChUrRo35DfipIGNBVil4Qip8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>rjtDDEZN4T2L4Xw5W5ijALoambKl85HsBGy/pFlmk6b7JqSVq8wJJkrq6D5nxUPzNf7B+L2wju1M98stmUhvYCtU2cHRE6wjKwa7tsumYDxuOBQ4ufBt09TJtjogny5ikzCtb2csOoQjosExmVw3f2J+FkLl4rjY6Ngwlsnpn0AttqNdtykAdwuIE3BmXKhMTxelPhxMZ9bCOoODlgU568E+3KuOxmcf85e+uGIApuxnzTZX62MlnVtsveMQdb0VT4AKJhVbFIb7sW+UwMQWhznWhjdnhIz65CHTnBUMzLyOilugwE5Rvk79fPqeGDNrNyeh+3Fhko+GAj0lNluyWA==</ds:SignatureValue> <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJANZLMiMszO+tMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE4MzU0NloXDTI1MDkxMDE4MzU0NlowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJANZLMiMszO+tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAE0HxNZpi/gSVrkhQ756AgIC25l6A4C6xZ8iAZiBApJcVdUZytBgpzypFSd8yg7Yh5P3ftlDjYEMB/uIvBsKe6HQyUy90VrSi4aaGC/7ilj6DTCX3jeuuH1JnU6sBxhN9IiJRY3DbMzY5KAdtK/1fYlKa6PugXruJWrB3bC1VaFWLjMytnvaEQxjam4bsj1sF0+v6jL3RIQzdW9jJ7Udoul5fGR56A0Uhi0lqObPKI2lIK1psWXLwksdvO9NNt9Vm27QLlklvpYuIh086wLmbiVmO+VQxDYwPmL8NEiLSA4Po/q7n+qV7Vx/EtIKr7lwZ2Micv5Xm0sequAbt3dnqPI=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></AuthnRequest> EOT; $deserializationContext = new \LightSaml\Model\Context\DeserializationContext(); $deserializationContext->getDocument()->loadXML($xml); $authnRequest = new \LightSaml\Model\Protocol\AuthnRequest(); $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); $key = \LightSaml\Credential\KeyHelper::createPublicKey(\LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../web/sp/saml.crt')); /** @var \LightSaml\Model\XmlDSig\SignatureXmlReader $signatureReader */ $signatureReader = $authnRequest->getSignature(); try { $ok = $signatureReader->validate($key); if ($ok) { print "Signaure OK\n"; } else { print "Signature not validated"; } } catch (\Exception $ex) { print "Signature validation failed\n"; }
<?php require_once __DIR__ . '/../autoload.php'; $authnRequest = new \LightSaml\Model\Protocol\AuthnRequest(); $authnRequest->setAssertionConsumerServiceURL('https://my.site/acs')->setProtocolBinding(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST)->setID(\LightSaml\Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://idp.com/login')->setIssuer(new \LightSaml\Model\Assertion\Issuer('https://my.entity.id')); $expectedXmlOutput = <<<EOT <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7" Version="2.0" IssueInstant="2015-10-10T15:26:20Z" Destination="https://idp.com/login" AssertionConsumerServiceURL="https://my.site/acs" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > <saml:Issuer>https://my.entity.id</saml:Issuer> </samlp:AuthnRequest> EOT ;
<?php require_once __DIR__ . '/../autoload.php'; $deserializationContext = new \LightSaml\Model\Context\DeserializationContext(); $xml = <<<EOT <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7" Version="2.0" IssueInstant="2015-10-10T15:26:20Z" Destination="https://idp.com/login" AssertionConsumerServiceURL="https://my.site/acs" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > <saml:Issuer>https://my.entity.id</saml:Issuer> </samlp:AuthnRequest> EOT; $deserializationContext->getDocument()->loadXML($xml); $authnRequest = new \LightSaml\Model\Protocol\AuthnRequest(); $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); var_dump($authnRequest);
<?php require_once __DIR__ . '/../autoload.php'; $authnRequest = new \LightSaml\Model\Protocol\AuthnRequest(); $authnRequest->setDestination('http://destination.com'); $bindingFactory = new \LightSaml\Binding\BindingFactory(); // REDIRECT BINDING $redirectBinding = $bindingFactory->create(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_REDIRECT); $messageContext = new \LightSaml\Context\Profile\MessageContext(); $messageContext->setMessage($authnRequest); /** @var \Symfony\Component\HttpFoundation\RedirectResponse $httpResponse */ $httpResponse = $redirectBinding->send($messageContext); print $httpResponse->getTargetUrl() . "\n\n"; /* http://destination.com?SAMLRequest=s7GvyM1RKEstKs7Mz7NVMtQzULK347JxLC3JyAtKLSxNLS5RAKrIK7ZVKi3Ks8pPLM4stspLzE0ttipJtgp29PWxMtIzsCooyi%2FJT87PUVIIgxkFFFZScAHqz8xLLAGLZJSUFFjp66cgxPSS83OV9O24AA%3D%3D */ // POST BINDING $postBinding = $bindingFactory->create(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST); $messageContext = new \LightSaml\Context\Profile\MessageContext(); $messageContext->setMessage($authnRequest); /** @var \Symfony\Component\HttpFoundation\Response $httpResponse */ $httpResponse = $postBinding->send($messageContext); print $httpResponse->getContent() . "\n\n"; /* <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>POST data</title> </head>
<?php require_once __DIR__ . '/../autoload.php'; $authnRequest = new \LightSaml\Model\Protocol\AuthnRequest(); $authnRequest->setAssertionConsumerServiceURL('https://my.site/acs')->setProtocolBinding(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST)->setID(\LightSaml\Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://idp.com/login')->setIssuer(new \LightSaml\Model\Assertion\Issuer('https://my.entity.id')); $certificate = \LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../resources/sample/Certificate/lightsaml-idp.crt'); $privateKey = \LightSaml\Credential\KeyHelper::createPrivateKey(__DIR__ . '/../resources/sample/Certificate/lightsaml-idp.key', '', true); $authnRequest->setSignature(new \LightSaml\Model\XmlDSig\SignatureWriter($certificate, $privateKey)); $serializationContext = new \LightSaml\Model\Context\SerializationContext(); $authnRequest->serialize($serializationContext->getDocument(), $serializationContext); print $serializationContext->getDocument()->saveXML(); $expectedXmlOutput = <<<EOT <AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="_8d3d46271c2e234f6b0d79f6d2716c707746abf9ca" Version="2.0" IssueInstant="2016-07-27T13:33:50Z" Destination="https://idp.com/login" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://my.site/acs" > <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://my.entity.id</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_8d3d46271c2e234f6b0d79f6d2716c707746abf9ca"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>