/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @throws \InvalidArgumentException if cannot manage the Request
* @return \Symfony\Component\HttpFoundation\Response|SamlSpInfo
*/
public function manage(Request $request)
{
if (false == $this->supports($request)) {
throw new \InvalidArgumentException('Unsupported request');
}
$serviceInfo = $this->serviceInfoCollection->findByAS($request->query->get('as'));
if (!$serviceInfo) {
return new RedirectResponse($this->httpUtils->generateUri($request, $request->attributes->get('discovery_path')));
}
$serviceInfo->getSpProvider()->setRequest($request);
$spED = $serviceInfo->getSpProvider()->getEntityDescriptor();
$idpED = $serviceInfo->getIdpProvider()->getEntityDescriptor();
$spMeta = $serviceInfo->getSpMetaProvider()->getSpMeta();
$builder = new AuthnRequestBuilder($spED, $idpED, $spMeta);
$message = $builder->build();
if ($serviceInfo->getSpSigningProvider()->isEnabled()) {
$message->sign($serviceInfo->getSpSigningProvider()->getCertificate(), $serviceInfo->getSpSigningProvider()->getPrivateKey());
}
$binding = $this->bindingManager->instantiate($spMeta->getAuthnRequestBinding());
$bindingResponse = $binding->send($message);
if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\RedirectResponse) {
$result = new RedirectResponse($bindingResponse->getDestination());
} else {
if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\PostResponse) {
$result = new Response($bindingResponse->render());
} else {
throw new \RuntimeException('Unrecognized binding response ' . get_class($bindingResponse));
}
}
$state = new RequestState();
$state->setId($message->getID());
$state->setDestination($serviceInfo->getIdpProvider()->getEntityDescriptor()->getEntityID());
$this->requestStore->set($state);
return $result;
}
/**
* @dataProvider provider
*/
public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '')
{
if ($expectedException) {
$this->setExpectedException($expectedException, $expectedExceptionMessage);
}
$idp = new IdpSsoDescriptor();
foreach ($idpData as $data) {
$idp->addService(new SingleSignOnService($data['binding'], $data['url']));
}
$edIDP = new EntityDescriptor('idp');
$edIDP->addItem($idp);
$sp = new SpSsoDescriptor();
foreach ($spData as $data) {
$sp->addService(new AssertionConsumerService($data['binding'], $data['url']));
}
$edSP = new EntityDescriptor('sp');
$edSP->addItem($sp);
$spMeta = new SpMeta();
foreach ($spMetaData as $name => $value) {
$spMeta->{$name}($value);
}
$builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta);
$message = $builder->build();
$response = $builder->send($message);
$this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
$this->assertInstanceOf($expectedResponseType, $response, $name);
$this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
$this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
}
/**
* @dataProvider provider
*/
public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '')
{
if ($expectedException) {
$this->setExpectedException($expectedException, $expectedExceptionMessage);
}
$idp = new IdpSsoDescriptor();
foreach ($idpData as $data) {
$idp->addService(new SingleSignOnService($data['binding'], $data['url']));
}
$edIDP = new EntityDescriptor('idp');
$edIDP->addItem($idp);
$sp = new SpSsoDescriptor();
foreach ($spData as $data) {
$sp->addService(new AssertionConsumerService($data['binding'], $data['url']));
}
$edSP = new EntityDescriptor('sp');
$edSP->addItem($sp);
$spMeta = new SpMeta();
foreach ($spMetaData as $name => $value) {
$spMeta->{$name}($value);
}
// without signing
$builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta);
$message = $builder->build();
$response = $builder->send($message);
$this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
$this->assertInstanceOf($expectedResponseType, $response, $name);
$this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
$this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
// with signing
$signature = new SignatureCreator();
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
$key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$key->loadKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', true);
$signature->setCertificate($certificate);
$signature->setXmlSecurityKey($key);
$builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta, $signature);
$message = $builder->build();
$response = $builder->send($message);
$this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
$this->assertInstanceOf($expectedResponseType, $response, $name);
$this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
$this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
}
/**
* @param string $sp
* @param string $idp
* @param SpMeta $spMeta
* @return AuthnRequest
* @throws \InvalidArgumentException
*/
public static function buildAuthnRequestFromEntityDescriptors($sp, $idp, SpMeta $spMeta = null)
{
if (is_string($sp)) {
$sp = self::getEntityDescriptorFromXmlFile($sp);
} else {
if (!$sp instanceof EntityDescriptor) {
throw new \InvalidArgumentException('SP parameter must be instance of EntityDescriptor or string');
}
}
if (is_string($idp)) {
$idp = self::getEntityDescriptorFromXmlFile($idp);
} else {
if (!$idp instanceof EntityDescriptor) {
throw new \InvalidArgumentException('IDP parameter must be instance of EntityDescriptor or string');
}
}
if (!$spMeta) {
$spMeta = new SpMeta();
$spMeta->setNameIdFormat(NameIDPolicy::PERSISTENT);
}
$builder = new AuthnRequestBuilder($sp, $idp, $spMeta);
$result = $builder->build();
return $result;
}