Exemplo n.º 1
0
 /**
  * Convert this message to an unsigned XML document.
  *
  * This method does not sign the resulting XML document.
  *
  * @return DOMElement The root element of the DOM tree.
  */
 public function toUnsignedXML()
 {
     $this->document = new DOMDocument();
     $root = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:' . $this->tagName);
     $this->document->appendChild($root);
     /* Ugly hack to add another namespace declaration to the root element. */
     $root->setAttributeNS(SAML2_Const::NS_SAML, 'saml:tmp', 'tmp');
     $root->removeAttributeNS(SAML2_Const::NS_SAML, 'tmp');
     $root->setAttribute('ID', $this->id);
     $root->setAttribute('Version', '2.0');
     $root->setAttribute('IssueInstant', gmdate('Y-m-d\\TH:i:s\\Z', $this->issueInstant));
     if ($this->destination !== NULL) {
         $root->setAttribute('Destination', $this->destination);
     }
     if ($this->consent !== NULL && $this->consent !== SAML2_Const::CONSENT_UNSPECIFIED) {
         $root->setAttribute('Consent', $this->consent);
     }
     if ($this->issuer !== NULL) {
         SAML2_Utils::addString($root, SAML2_Const::NS_SAML, 'saml:Issuer', $this->issuer);
     }
     if (!empty($this->extensions)) {
         SAML2_XML_samlp_Extensions::addList($root, $this->extensions);
     }
     return $root;
 }
Exemplo n.º 2
0
 /**
  * Convert this authentication request to an XML element.
  *
  * @return DOMElement This authentication request.
  */
 public function toUnsignedXML()
 {
     $root = parent::toUnsignedXML();
     if ($this->forceAuthn) {
         $root->setAttribute('ForceAuthn', 'true');
     }
     if ($this->isPassive) {
         $root->setAttribute('IsPassive', 'true');
     }
     if ($this->assertionConsumerServiceIndex !== NULL) {
         $root->setAttribute('AssertionConsumerServiceIndex', $this->assertionConsumerServiceIndex);
     } else {
         if ($this->assertionConsumerServiceURL !== NULL) {
             $root->setAttribute('AssertionConsumerServiceURL', $this->assertionConsumerServiceURL);
         }
         if ($this->protocolBinding !== NULL) {
             $root->setAttribute('ProtocolBinding', $this->protocolBinding);
         }
     }
     if ($this->attributeConsumingServiceIndex !== NULL) {
         $root->setAttribute('AttributeConsumingServiceIndex', $this->attributeConsumingServiceIndex);
     }
     if (!empty($this->nameIdPolicy)) {
         $nameIdPolicy = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'NameIDPolicy');
         if (array_key_exists('Format', $this->nameIdPolicy)) {
             $nameIdPolicy->setAttribute('Format', $this->nameIdPolicy['Format']);
         }
         if (array_key_exists('SPNameQualifier', $this->nameIdPolicy)) {
             $nameIdPolicy->setAttribute('SPNameQualifier', $this->nameIdPolicy['SPNameQualifier']);
         }
         if (array_key_exists('AllowCreate', $this->nameIdPolicy) && $this->nameIdPolicy['AllowCreate']) {
             $nameIdPolicy->setAttribute('AllowCreate', 'true');
         }
         $root->appendChild($nameIdPolicy);
     }
     $rac = $this->requestedAuthnContext;
     if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) {
         $e = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'RequestedAuthnContext');
         $root->appendChild($e);
         if (isset($rac['Comparison']) && $rac['Comparison'] !== 'exact') {
             $e->setAttribute('Comparison', $rac['Comparison']);
         }
         foreach ($rac['AuthnContextClassRef'] as $accr) {
             SAML2_Utils::addString($e, SAML2_Const::NS_SAML, 'AuthnContextClassRef', $accr);
         }
     }
     if (!empty($this->extensions)) {
         SAML2_XML_samlp_Extensions::addList($root, $this->extensions);
     }
     if ($this->ProxyCount !== NULL || count($this->IDPList) > 0 || count($this->RequesterID) > 0) {
         $scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping');
         $root->appendChild($scoping);
         if ($this->ProxyCount !== NULL) {
             $scoping->setAttribute('ProxyCount', $this->ProxyCount);
         }
         if (count($this->IDPList) > 0) {
             $idplist = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPList');
             foreach ($this->IDPList as $provider) {
                 $idpEntry = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPEntry');
                 $idpEntry->setAttribute('ProviderID', $provider);
                 $idplist->appendChild($idpEntry);
             }
             $scoping->appendChild($idplist);
         }
         if (count($this->RequesterID) > 0) {
             SAML2_Utils::addStrings($scoping, SAML2_Const::NS_SAMLP, 'RequesterID', FALSE, $this->RequesterID);
         }
     }
     return $root;
 }
 /**
  * Constructor for SAML 2 authentication request messages.
  *
  * @param DOMElement|NULL $xml  The input message.
  */
 public function __construct(DOMElement $xml = NULL)
 {
     parent::__construct('AuthnRequest', $xml);
     $this->nameIdPolicy = array();
     $this->forceAuthn = FALSE;
     $this->isPassive = FALSE;
     if ($xml === NULL) {
         return;
     }
     $this->forceAuthn = SAML2_Utils::parseBoolean($xml, 'ForceAuthn', FALSE);
     $this->isPassive = SAML2_Utils::parseBoolean($xml, 'IsPassive', FALSE);
     if ($xml->hasAttribute('AssertionConsumerServiceURL')) {
         $this->assertionConsumerServiceURL = $xml->getAttribute('AssertionConsumerServiceURL');
     }
     if ($xml->hasAttribute('ProtocolBinding')) {
         $this->protocolBinding = $xml->getAttribute('ProtocolBinding');
     }
     if ($xml->hasAttribute('AssertionConsumerServiceIndex')) {
         $this->assertionConsumerServiceIndex = (int) $xml->getAttribute('AssertionConsumerServiceIndex');
     }
     $nameIdPolicy = SAML2_Utils::xpQuery($xml, './saml_protocol:NameIDPolicy');
     if (!empty($nameIdPolicy)) {
         $nameIdPolicy = $nameIdPolicy[0];
         if ($nameIdPolicy->hasAttribute('Format')) {
             $this->nameIdPolicy['Format'] = $nameIdPolicy->getAttribute('Format');
         }
         if ($nameIdPolicy->hasAttribute('SPNameQualifier')) {
             $this->nameIdPolicy['SPNameQualifier'] = $nameIdPolicy->getAttribute('SPNameQualifier');
         }
         if ($nameIdPolicy->hasAttribute('AllowCreate')) {
             $this->nameIdPolicy['AllowCreate'] = SAML2_Utils::parseBoolean($nameIdPolicy, 'AllowCreate', FALSE);
         }
     }
     $requestedAuthnContext = SAML2_Utils::xpQuery($xml, './saml_protocol:RequestedAuthnContext');
     if (!empty($requestedAuthnContext)) {
         $requestedAuthnContext = $requestedAuthnContext[0];
         $rac = array('AuthnContextClassRef' => array(), 'Comparison' => 'exact');
         $accr = SAML2_Utils::xpQuery($requestedAuthnContext, './saml_assertion:AuthnContextClassRef');
         foreach ($accr as $i) {
             $rac['AuthnContextClassRef'][] = trim($i->textContent);
         }
         if ($requestedAuthnContext->hasAttribute('Comparison')) {
             $rac['Comparison'] = $requestedAuthnContext->getAttribute('Comparison');
         }
         $this->requestedAuthnContext = $rac;
     }
     $scoping = SAML2_Utils::xpQuery($xml, './saml_protocol:Scoping');
     if (!empty($scoping)) {
         $scoping = $scoping[0];
         if ($scoping->hasAttribute('ProxyCount')) {
             $this->ProxyCount = (int) $scoping->getAttribute('ProxyCount');
         }
         $idpEntries = SAML2_Utils::xpQuery($scoping, './saml_protocol:IDPList/saml_protocol:IDPEntry');
         foreach ($idpEntries as $idpEntry) {
             if (!$idpEntry->hasAttribute('ProviderID')) {
                 throw new Exception("Could not get ProviderID from Scoping/IDPEntry element in AuthnRequest object");
             }
             $this->IDPList[] = $idpEntry->getAttribute('ProviderID');
         }
         $requesterIDs = SAML2_Utils::xpQuery($scoping, './saml_protocol:RequesterID');
         foreach ($requesterIDs as $requesterID) {
             $this->RequesterID[] = trim($requesterID->textContent);
         }
     }
     $this->extensions = SAML2_XML_samlp_Extensions::getList($xml);
 }