Retrieve a configuration option set in config.php.
| public getValue ( string $name, mixed $default = null ) : mixed | ||
| $name | string | Name of the configuration option. |
| $default | mixed | Default value of the configuration option. This parameter will default to null if not specified. This can be set to SimpleSAML_Configuration::REQUIRED_OPTION, which will cause an exception to be thrown if the option isn't found. |
| return | mixed | The configuration option with name $name, or $default if the option was not found. |
/**
* instantiate the postman
*
* @since Method available since Release 1.2.0
*/
public function __construct()
{
$this->_config = SimpleSAML_Configuration::getConfig('module_janus.php');
// Send DB config to parent class
parent::__construct($this->_config->getValue('store'));
$this->_paginate = $this->_config->getValue('dashboard.inbox.paginate_by', 20);
}
/**
* Check that the user has access to the statistics.
*
* If the user doesn't have access, send the user to the login page.
*/
public static function checkAccess(SimpleSAML_Configuration $statconfig)
{
$protected = $statconfig->getBoolean('protected', FALSE);
$authsource = $statconfig->getString('auth', NULL);
$allowedusers = $statconfig->getValue('allowedUsers', NULL);
$useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
$acl = $statconfig->getValue('acl', NULL);
if ($acl !== NULL && !is_string($acl) && !is_array($acl)) {
throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
}
if (!$protected) {
return;
}
if (SimpleSAML\Utils\Auth::isAdmin()) {
// User logged in as admin. OK.
SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
return;
}
if (!isset($authsource)) {
// If authsource is not defined, init admin login.
SimpleSAML\Utils\Auth::requireAdmin();
}
/* We are using an authsource for login. */
$as = new SimpleSAML_Auth_Simple($authsource);
$as->requireAuth();
// User logged in with auth source.
SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
// Retrieving attributes
$attributes = $as->getAttributes();
if (!empty($allowedusers)) {
// Check if userid exists
if (!isset($attributes[$useridattr][0])) {
throw new Exception('User ID is missing');
}
// Check if userid is allowed access..
if (in_array($attributes[$useridattr][0], $allowedusers)) {
SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
return;
}
SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
} else {
SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.');
}
if (!is_null($acl)) {
$acl = new sspmod_core_ACL($acl);
if ($acl->allows($attributes)) {
SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.');
return;
}
SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.');
} else {
SimpleSAML_Logger::debug('Statistics auth - no ACL configured.');
}
throw new SimpleSAML_Error_Exception('Access denied to the current user.');
}
/**
* Handles a request to this discovery service.
*
* The IdP disco parameters should be set before calling this function.
*/
public function handleRequest()
{
$this->start();
// no choice made. Show discovery service page
$idpList = $this->getIdPList();
$idpList = $this->idplistStructured($this->filterList($idpList));
$preferredIdP = $this->getRecommendedIdP();
$faventry = NULL;
foreach ($idpList as $tab => $slist) {
if (!empty($preferredIdP) && array_key_exists($preferredIdP, $slist)) {
$faventry = $slist[$preferredIdP];
}
}
$t = new SimpleSAML_XHTML_Template($this->config, 'discopower:disco.tpl.php', 'disco');
$discoPowerTabs = array('denmark' => $t->noop('{discopower:tabs:denmark}'), 'edugain' => $t->noop('{discopower:tabs:edugain}'), 'finland' => $t->noop('{discopower:tabs:finland}'), 'greece' => $t->noop('{discopower:tabs:greece}'), 'iceland' => $t->noop('{discopower:tabs:iceland}'), 'incommon' => $t->noop('{discopower:tabs:incommon}'), 'kalmar' => $t->noop('{discopower:tabs:kalmar}'), 'misc' => $t->noop('{discopower:tabs:misc}'), 'norway' => $t->noop('{discopower:tabs:norway}'), 'sweden' => $t->noop('{discopower:tabs:sweden}'), 'switzerland' => $t->noop('{discopower:tabs:switzerland}'), 'ukacessfederation' => $t->noop('{discopower:tabs:ukacessfederation}'));
$t->data['faventry'] = $faventry;
$t->data['tabNames'] = $discoPowerTabs;
$t->data['idplist'] = $idpList;
$t->data['preferredidp'] = $preferredIdP;
$t->data['return'] = $this->returnURL;
$t->data['returnIDParam'] = $this->returnIdParam;
$t->data['entityID'] = $this->spEntityId;
$t->data['urlpattern'] = htmlspecialchars(\SimpleSAML\Utils\HTTP::getSelfURLNoQuery());
$t->data['rememberenabled'] = $this->config->getBoolean('idpdisco.enableremember', false);
$t->data['rememberchecked'] = $this->config->getBoolean('idpdisco.rememberchecked', false);
$t->data['defaulttab'] = $this->discoconfig->getValue('defaulttab', 0);
$t->data['score'] = $this->discoconfig->getValue('score', 'quicksilver');
$t->show();
}
public function __construct(\SimpleSAML_Configuration $config)
{
$this->configuredClients = array();
foreach ($config->getValue('clients', array()) as $clientId => $client) {
$scopes = array();
foreach (isset($client['scope']) ? $client['scope'] : array() as $scope) {
$scopes[$scope] = false;
}
foreach (isset($client['scopeRequired']) ? $client['scopeRequired'] : array() as $scope) {
$scopes[$scope] = true;
}
unset($client['scopeRequired']);
$client['scope'] = $scopes;
$this->configuredClients[$clientId] = $client;
}
$storeConfig = $config->getValue('store');
$storeClass = SimpleSAML_Module::resolveClass($storeConfig['class'], 'Store');
$this->store = new $storeClass($storeConfig);
$this->validScopes = array_keys($config->getValue('scopes', array()));
$this->registrationEnabled = $config->getValue('enable_client_registration', false);
}
/**
* Add metadata.
*
* Add a new matadata entry to the entity.
*
* @param string $key The metadata key
* @param string $value The metadata value
*
* @return sspmod_janus_Metadata The metadata.
* @todo Make independent of type (make generic, support for more types than
* sp and idp)
*/
public function addMetadata($key, $value)
{
assert('is_string($key);');
//assert('is_string($value);');
assert('$this->_entity instanceof Sspmod_Janus_Entity');
$allowedfields = array();
$mb = new sspmod_janus_MetadatafieldBuilder($this->_config->getArray('metadatafields.' . $this->_entity->getType()));
$allowedfields = $mb->getMetadatafields();
// Check if metadata is allowed
if (!array_key_exists($key, $allowedfields)) {
SimpleSAML_Logger::info('JANUS:EntityController:addMetadata - Metadata key \'' . $key . ' not allowed');
return false;
}
if (empty($this->_metadata)) {
if (!$this->loadEntity()) {
return false;
}
}
$st = $this->execute('SELECT count(*) AS count
FROM ' . self::$prefix . 'metadata
WHERE `eid` = ? AND `revisionid` = ? AND `key` = ?;', array($this->_entity->getEid(), $this->_entity->getRevisionid(), $key));
if ($st === false) {
SimpleSAML_Logger::error('JANUS:EntityController:addMetadata - Count check failed');
return false;
}
$row = $st->fetchAll(PDO::FETCH_ASSOC);
if ($row[0]['count'] > 0) {
SimpleSAML_Logger::error('JANUS:EntityController:addMetadata - Metadata already exists');
return false;
}
if ($allowedfields[$key]->type == 'select') {
$allowedselectvalues = $allowedfields[$key]->select_values;
if (!in_array($value, $allowedselectvalues)) {
SimpleSAML_Logger::error('JANUS:EntityController:addMetadata - Value: ' . $value . ' not allowed for field ' . $key);
return false;
}
}
$metadata = new sspmod_janus_Metadata($this->_config->getValue('store'));
$metadata->setEid($this->_entity->getEid());
// Revision id is not set, since it is not save to the db and hence it
// do not have a reversionid
$metadata->setKey($key);
$metadata->setValue($value);
$this->_metadata[] = $metadata;
$this->_modified = true;
// The metadata is not saved, since it is not part of the current
// entity with current revision id
return $metadata;
}
public function __construct(\SimpleSAML_Configuration $config)
{
$storeConfig = $config->getValue('ticketstore', array('directory' => 'ticketcache'));
if (!is_string($storeConfig['directory'])) {
throw new Exception('Invalid directory option in config.');
}
$path = $config->resolvePath($storeConfig['directory']);
if (!is_dir($path)) {
throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
}
if (!is_writable($path)) {
throw new Exception('Directory for CAS Server ticket storage [' . $path . '] is not writable. ');
}
$this->pathToTicketDirectory = preg_replace('/\\/$/', '', $path);
}
/**
* Add the specified users to the entity
*
* @param string $eid The entity
* @param string $uid The user to be added to the entity
*
* @return bool True on success and false on error
* @since Method available since Release 1.0.0
* @TODO Rename to addPermission or similar
*/
public function addUserToEntity($eid, $uid)
{
$st = self::execute('INSERT INTO `' . self::$prefix . 'hasEntity`
(`uid`, `eid`, `created`, `ip`)
VALUES
(?, ?, ?, ?);', array($uid, $eid, date('c'), $_SERVER['REMOTE_ADDR']));
if ($st === false) {
SimpleSAML_Logger::error('JANUS: Error fetching all entities');
return false;
}
$user = new sspmod_janus_User($this->_config->getValue('store'));
$user->setUid($uid);
$user->load();
$userid = $user->getUserid();
return $userid;
}
/**
* Loads deployable workflow states from config
*
* @return array $deployableStateList
*/
private function _loadDeployableWorkflowStates()
{
static $deployableStateList = array();
if (empty($deployableStateList)) {
$stateList = $this->_config->getValue('workflowstates');
foreach ($stateList as $stateName => $stateConfig) {
$isDeployable = array_key_exists('isDeployable', $stateConfig) && true === $stateConfig['isDeployable'];
if ($isDeployable) {
$deployableStateList[] = $stateName;
}
}
// Backwards compatibility, if no states are marked as deployable, all states are used
$noStatesMarkedAsDeployable = empty($deployableStateList);
if ($noStatesMarkedAsDeployable) {
$deployableStateList = array_keys($stateList);
}
}
return $deployableStateList;
}
/**
* Handles a request to this discovery service.
*
* The IdP disco parameters should be set before calling this function.
*/
public function handleRequest()
{
$this->start();
// no choice made. Show discovery service page
$idpList = $this->getIdPList();
$idpList = $this->idplistStructured($this->filterList($idpList));
$preferredIdP = $this->getRecommendedIdP();
$t = new SimpleSAML_XHTML_Template($this->config, 'discopower:disco-tpl.php', 'disco');
$t->data['idplist'] = $idpList;
$t->data['preferredidp'] = $preferredIdP;
$t->data['return'] = $this->returnURL;
$t->data['returnIDParam'] = $this->returnIdParam;
$t->data['entityID'] = $this->spEntityId;
$t->data['urlpattern'] = htmlspecialchars(\SimpleSAML\Utils\HTTP::getSelfURLNoQuery());
$t->data['rememberenabled'] = $this->config->getBoolean('idpdisco.enableremember', false);
$t->data['rememberchecked'] = $this->config->getBoolean('idpdisco.rememberchecked', false);
$t->data['defaulttab'] = $this->discoconfig->getValue('defaulttab', 0);
$t->data['score'] = $this->discoconfig->getValue('score', 'quicksilver');
$t->show();
}
/**
* Build an authentication request based on information in the metadata.
*
* @param SimpleSAML_Configuration $spMetadata The metadata of the service provider.
* @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider.
*/
public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
{
$ar = new \SAML2\AuthnRequest();
// get the NameIDPolicy to apply. IdP metadata has precedence.
$nameIdPolicy = array();
if ($idpMetadata->hasValue('NameIDPolicy')) {
$nameIdPolicy = $idpMetadata->getValue('NameIDPolicy');
} elseif ($spMetadata->hasValue('NameIDPolicy')) {
$nameIdPolicy = $spMetadata->getValue('NameIDPolicy');
}
if (!is_array($nameIdPolicy)) {
// handle old configurations where 'NameIDPolicy' was used to specify just the format
$nameIdPolicy = array('Format' => $nameIdPolicy);
}
$nameIdPolicy_cf = SimpleSAML_Configuration::loadFromArray($nameIdPolicy);
$policy = array('Format' => $nameIdPolicy_cf->getString('Format', \SAML2\Constants::NAMEID_TRANSIENT), 'AllowCreate' => $nameIdPolicy_cf->getBoolean('AllowCreate', true));
$spNameQualifier = $nameIdPolicy_cf->getString('SPNameQualifier', false);
if ($spNameQualifier !== false) {
$policy['SPNameQualifier'] = $spNameQualifier;
}
$ar->setNameIdPolicy($policy);
$ar->setForceAuthn($spMetadata->getBoolean('ForceAuthn', FALSE));
$ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE));
$protbind = $spMetadata->getValueValidate('ProtocolBinding', array(\SAML2\Constants::BINDING_HTTP_POST, \SAML2\Constants::BINDING_HOK_SSO, \SAML2\Constants::BINDING_HTTP_ARTIFACT, \SAML2\Constants::BINDING_HTTP_REDIRECT), \SAML2\Constants::BINDING_HTTP_POST);
/* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */
$ar->setProtocolBinding($protbind);
$ar->setIssuer($spMetadata->getString('entityid'));
$ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', NULL));
$ar->setAttributeConsumingServiceIndex($spMetadata->getInteger('AttributeConsumingServiceIndex', NULL));
if ($spMetadata->hasValue('AuthnContextClassRef')) {
$accr = $spMetadata->getArrayizeString('AuthnContextClassRef');
$comp = $spMetadata->getValueValidate('AuthnContextComparison', array(\SAML2\Constants::COMPARISON_EXACT, \SAML2\Constants::COMPARISON_MINIMUM, \SAML2\Constants::COMPARISON_MAXIMUM, \SAML2\Constants::COMPARISON_BETTER), \SAML2\Constants::COMPARISON_EXACT);
$ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr, 'Comparison' => $comp));
}
self::addRedirectSign($spMetadata, $idpMetadata, $ar);
return $ar;
}
/**
* This function sends the SOAP message to the service location and returns SOAP response
*
* @param SAML2_Message $msg The request that should be sent.
* @param SimpleSAML_Configuration $srcMetadata The metadata of the issuer of the message.
* @param SimpleSAML_Configuration $dstMetadata The metadata of the destination of the message.
* @return SAML2_Message The response we received.
* @throws Exception
*/
public function send(SAML2_Message $msg, SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata = NULL)
{
$issuer = $msg->getIssuer();
$ctxOpts = array('ssl' => array('capture_peer_cert' => TRUE));
// Determine if we are going to do a MutualSSL connection between the IdP and SP - Shoaib
if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
$cert = $srcMetadata->getValue('saml.SOAPClient.certificate');
if ($cert !== FALSE) {
$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
}
}
} else {
/* Use the SP certificate and privatekey if it is configured. */
$privateKey = SimpleSAML_Utilities::loadPrivateKey($srcMetadata);
$publicKey = SimpleSAML_Utilities::loadPublicKey($srcMetadata);
if ($privateKey !== NULL && $publicKey !== NULL && isset($publicKey['PEM'])) {
$keyCertData = $privateKey['PEM'] . $publicKey['PEM'];
$file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($keyCertData) . '.pem';
if (!file_exists($file)) {
SimpleSAML_Utilities::writeFile($file, $keyCertData);
}
$ctxOpts['ssl']['local_cert'] = $file;
if (isset($privateKey['password'])) {
$ctxOpts['ssl']['passphrase'] = $privateKey['password'];
}
}
}
// do peer certificate verification
if ($dstMetadata !== NULL) {
$peerPublicKeys = $dstMetadata->getPublicKeys('signing', TRUE);
$certData = '';
foreach ($peerPublicKeys as $key) {
if ($key['type'] !== 'X509Certificate') {
continue;
}
$certData .= "-----BEGIN CERTIFICATE-----\n" . chunk_split($key['X509Certificate'], 64) . "-----END CERTIFICATE-----\n";
}
$peerCertFile = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.pem';
if (!file_exists($peerCertFile)) {
SimpleSAML_Utilities::writeFile($peerCertFile, $certData);
}
// create ssl context
$ctxOpts['ssl']['verify_peer'] = TRUE;
$ctxOpts['ssl']['verify_depth'] = 1;
$ctxOpts['ssl']['cafile'] = $peerCertFile;
}
$context = stream_context_create($ctxOpts);
if ($context === NULL) {
throw new Exception('Unable to create SSL stream context');
}
$options = array('uri' => $issuer, 'location' => $msg->getDestination(), 'stream_context' => $context);
$x = new SoapClient(NULL, $options);
// Add soap-envelopes
$request = $msg->toSignedXML();
$request = self::START_SOAP_ENVELOPE . $request->ownerDocument->saveXML($request) . self::END_SOAP_ENVELOPE;
SAML2_Utils::getContainer()->debugMessage($request, 'out');
$action = 'http://www.oasis-open.org/committees/security';
$version = '1.1';
$destination = $msg->getDestination();
/* Perform SOAP Request over HTTP */
$soapresponsexml = $x->__doRequest($request, $destination, $action, $version);
if ($soapresponsexml === NULL || $soapresponsexml === "") {
throw new Exception('Empty SOAP response, check peer certificate.');
}
SAML2_Utils::getContainer()->debugMessage($soapresponsexml, 'in');
// Convert to SAML2_Message (DOMElement)
$dom = new DOMDocument();
if (!$dom->loadXML($soapresponsexml)) {
throw new Exception('Not a SOAP response.');
}
$soapfault = $this->getSOAPFault($dom);
if (isset($soapfault)) {
throw new Exception($soapfault);
}
//Extract the message from the response
$samlresponse = SAML2_Utils::xpQuery($dom->firstChild, '/soap-env:Envelope/soap-env:Body/*[1]');
$samlresponse = SAML2_Message::fromXML($samlresponse[0]);
/* Add validator to message which uses the SSL context. */
self::addSSLValidator($samlresponse, $context);
SAML2_Utils::getContainer()->getLogger()->debug("Valid ArtifactResponse received from IdP");
return $samlresponse;
}
public function __construct(\SimpleSAML_Configuration $config)
{
$this->serviceTicketExpireTime = $config->getValue('service_ticket_expire_time', 5);
$this->proxyGrantingTicketExpireTime = $config->getValue('proxy_granting_ticket_expire_time', 3600);
$this->proxyTicketExpireTime = $config->getValue('proxy_ticket_expire_time', 5);
}
/**
* This function sends the SOAP message to the service location and returns SOAP response
*
* @param SAML2_Message $msg The request that should be sent.
* @param SimpleSAML_Configuration $srcMetadata The metadata of the issuer of the message.
* @param SimpleSAML_Configuration $dstMetadata The metadata of the destination of the message.
* @return SAML2_Message The response we received.
* @throws Exception
*/
public function send(SAML2_Message $msg, SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata = NULL)
{
$issuer = $msg->getIssuer();
$ctxOpts = array('ssl' => array('capture_peer_cert' => TRUE));
/* Determine if we are going to do a MutualSSL connection between the IdP and SP - Shoaib */
if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
$cert = $srcMetadata->getValue('saml.SOAPClient.certificate');
if ($cert !== FALSE) {
$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
}
}
} else {
/* Use the SP certificate and privatekey if it is configured. */
$privateKey = SimpleSAML_Utilities::loadPrivateKey($srcMetadata);
$publicKey = SimpleSAML_Utilities::loadPublicKey($srcMetadata);
if ($privateKey !== NULL && $publicKey !== NULL && isset($publicKey['PEM'])) {
$keyCertData = $privateKey['PEM'] . $publicKey['PEM'];
$file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($keyCertData) . '.pem';
if (!file_exists($file)) {
SimpleSAML_Utilities::writeFile($file, $keyCertData);
}
$ctxOpts['ssl']['local_cert'] = $file;
if (isset($privateKey['password'])) {
$ctxOpts['ssl']['passphrase'] = $privateKey['password'];
}
}
}
/* Do peer certificate verification */
if ($dstMetadata !== NULL) {
$peerPublicKeys = $dstMetadata->getPublicKeys('signing', TRUE);
$certData = '';
foreach ($peerPublicKeys as $key) {
if ($key['type'] !== 'X509Certificate') {
continue;
}
$certData .= "-----BEGIN CERTIFICATE-----\n" . chunk_split($key['X509Certificate'], 64) . "-----END CERTIFICATE-----\n";
}
$peerCertFile = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.pem';
if (!file_exists($peerCertFile)) {
SimpleSAML_Utilities::writeFile($peerCertFile, $certData);
}
/* Create ssl context */
$ctxOpts['ssl']['verify_peer'] = TRUE;
$ctxOpts['ssl']['verify_depth'] = 1;
$ctxOpts['ssl']['cafile'] = $peerCertFile;
}
$ctxOpts['http']['header'] = 'SOAPAction: "http://www.oasis-open.org/committees/security"' . "\n";
if ($this->username !== NULL && $this->password !== NULL) {
/* Add HTTP Basic authentication header. */
$authData = $this->username . ':' . $this->password;
$authData = base64_encode($authData);
$ctxOpts['http']['header'] .= 'Authorization: Basic ' . $authData . "\n";
}
if ($srcMetadata->hasValue('saml.SOAPClient.proxyhost')) {
$options['proxy_host'] = $srcMetadata->getValue('saml.SOAPClient.proxyhost');
}
if ($srcMetadata->hasValue('saml.SOAPClient.proxyport')) {
$options['proxy_port'] = $srcMetadata->getValue('saml.SOAPClient.proxyport');
}
$x = new SoapClient(NULL, $options);
/* Add soap-envelopes */
$request = $msg->toSignedXML();
$request = self::START_SOAP_ENVELOPE . $request->ownerDocument->saveXML($request) . self::END_SOAP_ENVELOPE;
SAML2_Utils::getContainer()->debugMessage($request, 'out');
$ctxOpts['http']['content'] = $request;
$ctxOpts['http']['header'] .= 'Content-Type: text/xml; charset=utf-8' . "\n";
$ctxOpts['http']['method'] = 'POST';
$destination = $msg->getDestination();
/* Perform SOAP Request over HTTP */
$context = stream_context_create($ctxOpts);
if ($context === NULL) {
throw new Exception('Unable to create stream context');
}
$soapresponsexml = @file_get_contents($destination, FALSE, $context);
if ($soapresponsexml === FALSE) {
throw new Exception('Error processing SOAP call: ' . SimpleSAML_Utilities::getLastError());
}
SAML2_Utils::getContainer()->debugMessage($soapresponsexml, 'in');
/* Convert to SAML2_Message (DOMElement) */
try {
$dom = SAML2_DOMDocumentFactory::fromString($soapresponsexml);
} catch (SAML2_Exception_RuntimeException $e) {
throw new Exception('Not a SOAP response.', 0, $e);
}
$soapfault = $this->getSOAPFault($dom);
if (isset($soapfault)) {
throw new Exception($soapfault);
}
/* Extract the message from the response */
$samlresponse = SAML2_Utils::xpQuery($dom->firstChild, '/soap-env:Envelope/soap-env:Body/*[1]');
$samlresponse = SAML2_Message::fromXML($samlresponse[0]);
/* Add validator to message which uses the SSL context. */
self::addSSLValidator($samlresponse, $context);
SAML2_Utils::getContainer()->getLogger()->debug("Valid ArtifactResponse received from IdP");
return $samlresponse;
}
public function __construct(\SimpleSAML_Configuration $config)
{
$storeConfig = $config->getValue('store');
$storeClass = SimpleSAML_Module::resolveClass($storeConfig['class'], 'Store');
$this->store = new $storeClass($storeConfig);
}
