/**
  * @param SAML2_AuthnRequest $authnRequest
  * @param SimpleSAML_Configuration $idpConfig
  * @param $nameId
  * @param $issuer
  * @param array $attributes
  * @return SAML2_Response
  */
 public function create(SAML2_AuthnRequest $authnRequest, SimpleSAML_Configuration $idpConfig, $nameId, $issuer, array $attributes)
 {
     /* $returnAttributes contains the attributes we should return. Send them. */
     $assertion = new SAML2_Assertion();
     $assertion->setIssuer($issuer);
     $assertion->setNameId(array('Value' => $nameId, 'Format' => SAML2_Const::NAMEID_UNSPECIFIED));
     $assertion->setNotBefore(time());
     $assertion->setNotOnOrAfter(time() + 5 * 60);
     // Valid audiences is not required so disabled for now
     // $assertion->setValidAudiences(array($authnRequest->getIssuer()));
     $assertion->setAttributes($attributes);
     $assertion->setAttributeNameFormat(SAML2_Const::NAMEFORMAT_UNSPECIFIED);
     $assertion->setAuthnContext(SAML2_Const::AC_PASSWORD);
     $subjectConfirmation = new SAML2_XML_saml_SubjectConfirmation();
     $subjectConfirmation->Method = SAML2_Const::CM_BEARER;
     $subjectConfirmation->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData();
     $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60;
     $subjectConfirmation->SubjectConfirmationData->Recipient = $authnRequest->getAssertionConsumerServiceURL();
     $subjectConfirmation->SubjectConfirmationData->InResponseTo = $authnRequest->getId();
     $assertion->setSubjectConfirmation(array($subjectConfirmation));
     $response = new SAML2_Response();
     $response->setRelayState($authnRequest->getRelayState());
     $response->setDestination($authnRequest->getAssertionConsumerServiceURL());
     $response->setIssuer($issuer);
     $response->setInResponseTo($authnRequest->getId());
     $response->setAssertions(array($assertion));
     $this->addSigns($response, $idpConfig);
     return $response;
 }
        }
        /* Filter which attribute values we should return. */
        $returnAttributes[$name] = array_intersect($values, $attributes[$name]);
    }
}
/* $returnAttributes contains the attributes we should return. Send them. */
$assertion = new SAML2_Assertion();
$assertion->setIssuer($idpEntityId);
$assertion->setNameId($query->getNameId());
$assertion->setNotBefore(time());
$assertion->setNotOnOrAfter(time() + 5 * 60);
$assertion->setValidAudiences(array($spEntityId));
$assertion->setAttributes($returnAttributes);
$assertion->setAttributeNameFormat($attributeNameFormat);
$sc = new SAML2_XML_saml_SubjectConfirmation();
$sc->Method = SAML2_Const::CM_BEARER;
$sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData();
$sc->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60;
$sc->SubjectConfirmationData->Recipient = $endpoint;
$sc->SubjectConfirmationData->InResponseTo = $query->getId();
$assertion->setSubjectConfirmation(array($sc));
sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $assertion);
$response = new SAML2_Response();
$response->setRelayState($query->getRelayState());
$response->setDestination($endpoint);
$response->setIssuer($idpEntityId);
$response->setInResponseTo($query->getId());
$response->setAssertions(array($assertion));
sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $response);
$binding = new SAML2_HTTPPost();
$binding->send($response);
Exemplo n.º 3
0
 private function buildResponse($returnAttributes)
 {
     /* SubjectConfirmation */
     $sc = new SAML2_XML_saml_SubjectConfirmation();
     $sc->Method = SAML2_Const::CM_BEARER;
     $sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData();
     $sc->SubjectConfirmationData->NotBefore = time();
     $sc->SubjectConfirmationData->NotOnOrAfter = time() + $this->config->getInteger('validFor');
     $sc->SubjectConfirmationData->InResponseTo = $this->query->getId();
     $assertion = new SAML2_Assertion();
     $assertion->setSubjectConfirmation(array($sc));
     $assertion->setIssuer($this->aaEntityId);
     $assertion->setNameId($this->query->getNameId());
     $assertion->setNotBefore(time());
     $assertion->setNotOnOrAfter(time() + $this->config->getInteger('validFor'));
     $assertion->setValidAudiences(array($this->spEntityId));
     $assertion->setAttributes($returnAttributes);
     $assertion->setAttributeNameFormat($this->attributeNameFormat);
     if ($this->signAssertion) {
         sspmod_saml_Message::addSign($this->aaMetadata, $this->spMetadata, $assertion);
     }
     /* The Response */
     $response = new SAML2_Response();
     $response->setRelayState($this->query->getRelayState());
     $response->setIssuer($this->aaEntityId);
     $response->setInResponseTo($this->query->getId());
     $response->setAssertions(array($assertion));
     if ($this->signResponse) {
         sspmod_saml_Message::addSign($this->aaMetadata, $this->spMetadata, $response);
     }
     return $response;
 }
 /**
  * @return EngineBlock_Corto_Module_Bindings
  */
 private function mockBindingsModule()
 {
     $spRequest = new SAML2_AuthnRequest();
     $spRequest->setId('SPREQUEST');
     $spRequest->setIssuer('testSp');
     $spRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($spRequest);
     $ebRequest = new SAML2_AuthnRequest();
     $ebRequest->setId('EBREQUEST');
     $ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($ebRequest);
     $dummyLog = new Psr\Log\NullLogger();
     $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($dummyLog);
     $authnRequestRepository->store($spRequest);
     $authnRequestRepository->store($ebRequest);
     $authnRequestRepository->link($ebRequest, $spRequest);
     $assertion = new SAML2_Assertion();
     $assertion->setAttributes(array('urn:org:openconext:corto:internal:sp-entity-id' => array('testSp'), 'urn:mace:dir:attribute-def:cn' => array(null)));
     $responseFixture = new SAML2_Response();
     $responseFixture->setInResponseTo('EBREQUEST');
     $responseFixture->setAssertions(array($assertion));
     $responseFixture = new EngineBlock_Saml2_ResponseAnnotationDecorator($responseFixture);
     $responseFixture->setOriginalIssuer('testIdP');
     // Mock bindings module
     /** @var EngineBlock_Corto_Module_Bindings $bindingsModuleMock */
     $bindingsModuleMock = Phake::mock('EngineBlock_Corto_Module_Bindings');
     Phake::when($bindingsModuleMock)->receiveResponse()->thenReturn($responseFixture);
     return $bindingsModuleMock;
 }
 private function mockGlobals()
 {
     $_POST['ID'] = 'test';
     $_POST['consent'] = 'yes';
     $assertion = new SAML2_Assertion();
     $assertion->setAttributes(array('urn:mace:dir:attribute-def:mail' => '*****@*****.**'));
     $spRequest = new SAML2_AuthnRequest();
     $spRequest->setId('SPREQUEST');
     $spRequest->setIssuer('https://sp.example.edu');
     $spRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($spRequest);
     $ebRequest = new SAML2_AuthnRequest();
     $ebRequest->setId('EBREQUEST');
     $ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($ebRequest);
     $dummySessionLog = new Psr\Log\NullLogger();
     $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($dummySessionLog);
     $authnRequestRepository->store($spRequest);
     $authnRequestRepository->store($ebRequest);
     $authnRequestRepository->link($ebRequest, $spRequest);
     $sspResponse = new SAML2_Response();
     $sspResponse->setInResponseTo('EBREQUEST');
     $sspResponse->setAssertions(array($assertion));
     $_SESSION['consent']['test']['response'] = new EngineBlock_Saml2_ResponseAnnotationDecorator($sspResponse);
 }
 protected function _createBaseResponse(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request)
 {
     if ($request->getVoContext() && $request->isVoContextExplicit()) {
         $this->setVirtualOrganisationContext($request->getVoContext());
     }
     if ($keyId = $request->getKeyId()) {
         $this->setKeyId($keyId);
     }
     $requestWasUnsolicited = $request->isUnsolicited();
     $response = new SAML2_Response();
     /** @var SAML2_AuthnRequest $request */
     $response->setRelayState($request->getRelayState());
     $response->setId($this->getNewId(IdFrame::ID_USAGE_SAML2_RESPONSE));
     $response->setIssueInstant(time());
     if (!$requestWasUnsolicited) {
         $response->setInResponseTo($request->getId());
     }
     $response->setDestination($request->getIssuer());
     $response->setIssuer($this->getUrl('idpMetadataService', $request->getIssuer(), $request));
     $acs = $this->getRequestAssertionConsumer($request);
     $response->setDestination($acs->location);
     $response->setStatus(array('Code' => SAML2_Const::STATUS_SUCCESS));
     $response = new EngineBlock_Saml2_ResponseAnnotationDecorator($response);
     $response->setDeliverByBinding($acs->binding);
     return $response;
 }
 private static function combine_response(array $values, \SAML2_Response $response = NULL)
 {
     if (!isset($response)) {
         $response = new \SAML2_Response();
     }
     $presented_assertions = $response->getAssertions();
     $assertion = empty($presented_assertions) ? new \SAML2_Assertion() : $presented_assertions[0];
     if (self::original_spid_isset($values)) {
         $response->setInResponseTo($values['InResponseTo']);
     }
     if (array_key_exists('ResponseID', $values)) {
         $response->setId($values['ResponseID']);
     }
     if (array_key_exists('AssertionID', $values)) {
         $assertion->setId($values['AssertionID']);
     }
     if (array_key_exists('Issuer', $values)) {
         $response->setIssuer($values['Issuer']);
         $assertion->setIssuer($values['Issuer']);
     }
     if (array_key_exists('NameID', $values)) {
         $assertion->setNameId(self::build_name_id($values['NameID']));
     }
     $not_on_or_after_time = time();
     if (array_key_exists('AllowedTimeDelta', $values)) {
         $not_on_or_after_time += $values['AllowedTimeDelta'];
         $assertion->setNotBefore(time() - $values['AllowedTimeDelta']);
         $assertion->setNotOnOrAfter($not_on_or_after_time);
     } else {
         $not_on_or_after_time += DEFAULT_RESPONSE_TIME_DELTA;
     }
     if (array_key_exists('Audience', $values)) {
         $assertion->setValidAudiences(array($values['Audience']));
     }
     if (array_key_exists('Attributes', $values)) {
         $assertion->setAttributes($values['Attributes']);
     }
     $assertion->setAuthnInstant(time());
     if (array_key_exists('AuthnContextClassRef', $values)) {
         $assertion->setAuthnContextClassRef($values['AuthnContextClassRef']);
     }
     if (array_key_exists('SessionIndex', $values)) {
         $assertion->setSessionIndex($values['SessionIndex']);
     }
     if (self::original_spid_isset($values) || array_key_exists('Destination', $values)) {
         $original_confirmations = $assertion->getSubjectConfirmation();
         $confirmation = NULL;
         if (empty($original_confirmations)) {
             $confirmation = new \SAML2_XML_saml_SubjectConfirmation();
             $confirmation->Method = SAML_CONFIGURATION_METHOD;
         } else {
             $confirmation = $original_confirmations[0];
         }
         $original_data = $confirmation->SubjectConfirmationData;
         $data = NULL;
         if (empty($original_data)) {
             $data = new \SAML2_XML_saml_SubjectConfirmationData();
             $data->NotOnOrAfter = $not_on_or_after_time;
         } else {
             $data = $original_data;
             if (empty($data->NotOnOrAfter)) {
                 $data->NotOnOrAfter = $not_on_or_after_time;
             }
         }
         if (array_key_exists('Destination', $values)) {
             $data->Recipient = $values['Destination'];
         }
         if (self::original_spid_isset($values)) {
             $data->InResponseTo = $values['InResponseTo'];
         }
         $confirmation->SubjectConfirmationData = $data;
         $assertion->setSubjectConfirmation(array($confirmation));
     }
     if (array_key_exists('Destination', $values)) {
         $response->setDestination($values['Destination']);
     }
     if (self::need_sign($values)) {
         if (array_key_exists('SHA256KeyFile', $values)) {
             $ekey = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA256, array('type' => 'private'));
             $ekey->loadKey($values['SHA256KeyFile'], true);
             if (self::need_sign_attributes($values)) {
                 $assertion->setSignatureKey($ekey);
             }
             if (self::need_sign_message($values)) {
                 $response->setSignatureKey($ekey);
             }
         }
         if (array_key_exists('SHA256CertFile', $values)) {
             $certifictaes = array(file_get_contents($values['SHA256CertFile']));
             if (self::need_sign_attributes($values)) {
                 $assertion->setCertificates($certifictaes);
             }
             if (self::need_sign_message($values)) {
                 $response->setCertificates($certifictaes);
             }
         }
     }
     $response->setAssertions(array($assertion));
     return $response;
 }