public function test__signed_serialize_deserialize()
 {
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
     $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true);
     $authnRequest = new AuthnRequest();
     $authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205');
     $authnRequest->setIssueInstant('2015-09-13T11:47:33Z');
     $authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO');
     $authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity'));
     $authnRequest->setSignature(new SignatureWriter($certificate, $privateKey));
     $serializationContext = new SerializationContext();
     $authnRequest->serialize($serializationContext->getDocument(), $serializationContext);
     $temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-');
     $serializationContext->getDocument()->save($temporaryFilename);
     $xml = file_get_contents($temporaryFilename);
     $deserializationContext = new DeserializationContext();
     $deserializationContext->getDocument()->loadXML($xml);
     $authnRequest = new AuthnRequest();
     $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
     $signatureReader = $authnRequest->getSignature();
     if ($signatureReader instanceof SignatureXmlReader) {
         $certificate = new X509Certificate();
         $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
         $key = KeyHelper::createPublicKey($certificate);
         $ok = $signatureReader->validate($key);
         $this->assertTrue($ok);
     } else {
         throw new \LogicException('Expected Signature Xml Reader');
     }
 }
Exemplo n.º 2
0
 /**
  * @param X509Certificate $certificate
  *
  * @return XMLSecurityKey
  */
 public static function createPublicKey(X509Certificate $certificate)
 {
     if (null == $certificate->getSignatureAlgorithm()) {
         throw new LightSamlSecurityException('Unrecognized certificate signature algorithm');
     }
     $key = new XMLSecurityKey($certificate->getSignatureAlgorithm(), array('type' => 'public'));
     $key->loadKey($certificate->toPem(), false, true);
     return $key;
 }
Exemplo n.º 3
0
 public function test_private_key()
 {
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
     $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', null, true);
     $credential = new X509Credential($certificate, $privateKey);
     $this->assertSame($certificate, $credential->getCertificate());
     $this->assertNotNull($credential->getPublicKey());
     $this->assertEquals($certificate->toPem(), $credential->getPublicKey()->getX509Certificate());
     $this->assertNotNull($credential->getPrivateKey());
 }
Exemplo n.º 4
0
 public function test_get_info()
 {
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
     $info = $certificate->getInfo();
     $this->assertArrayHasKey('name', $info);
     $this->assertArrayHasKey('subject', $info);
     $this->assertArrayHasKey('serialNumber', $info);
     $this->assertArrayHasKey('validFrom', $info);
     $this->assertArrayHasKey('validTo', $info);
     $this->assertArrayHasKey('validFrom_time_t', $info);
     $this->assertArrayHasKey('validTo_time_t', $info);
 }
Exemplo n.º 5
0
 /**
  * @param  string $email
  * @param  string $message_id
  * @return string
  */
 public function send($email, $message_id)
 {
     $message = $this->saml_data_manager->get($message_id);
     if (!$message) {
         if ($this->logger) {
             $this->logger->error("Saml message with id {$message_id} not found or expired");
         }
         throw new RuntimeException('Authentication message does not exist');
     }
     $this->saml_data_manager->delete($message_id);
     $response = new Response();
     $assertion = new Assertion();
     $response->addAssertion($assertion)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($message->getAssertionConsumerServiceURL())->setIssuer(new Issuer($message->getIssuer()->getValue()));
     $assertion->setId(Helper::generateID())->setIssueInstant(new DateTime())->setIssuer(new Issuer($message->getIssuer()->getValue()))->setSubject((new Subject())->setNameID(new NameID($email, SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo($message->getID())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->setRecipient($message->getAssertionConsumerServiceURL()))))->setConditions((new Conditions())->setNotBefore(new DateTime())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->addItem(new AudienceRestriction([$message->getAssertionConsumerServiceURL()])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, $email)))->addItem((new AuthnStatement())->setAuthnInstant(new DateTime('-10 MINUTE'))->setSessionIndex($message_id)->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
     $certificate = X509Certificate::fromFile($this->saml_crt);
     $private_key = KeyHelper::createPrivateKey($this->saml_key, '', true);
     $response->setSignature(new SignatureWriter($certificate, $private_key));
     $binding_factory = new BindingFactory();
     $post_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_POST);
     $message_context = new MessageContext();
     $message_context->setMessage($response);
     /** @var SymfonyResponse $http_response */
     $http_response = $post_binding->send($message_context);
     return $http_response->getContent();
 }
Exemplo n.º 6
0
 public function test_creates_composite_store()
 {
     $factory = new CredentialFactory();
     $idpStore = new FixedEntityDescriptorStore();
     $idpStore->add(EntityDescriptor::load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/idp-ed.xml'));
     $spStore = new FixedEntityDescriptorStore();
     $spStore->add(EntityDescriptor::load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/sp-ed2.xml'));
     $ownCredential = new X509Credential(X509Certificate::fromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.pem', '', true));
     $ownCredential->setEntityId('own');
     $extraCredential = new X509Credential(X509Certificate::fromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/lightsaml-idp.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/lightsaml-idp.key', '', true));
     $extraCredential->setEntityId('extra');
     $store = $factory->build($idpStore, $spStore, [$ownCredential], [$extraCredential]);
     /** @var X509Credential[] $credentials */
     $credentials = $store->getByEntityId('https://sts.windows.net/554fadfe-f04f-4975-90cb-ddc8b147aaa2/');
     $this->assertCount(1, $credentials);
     $this->assertEquals('https://sts.windows.net/554fadfe-f04f-4975-90cb-ddc8b147aaa2/', $credentials[0]->getEntityId());
     $this->assertEquals(['CN' => 'accounts.accesscontrol.windows.net'], $credentials[0]->getCertificate()->getSubject());
     $this->assertEquals(UsageType::SIGNING, $credentials[0]->getUsageType());
     $credentials = $store->getByEntityId('https://mt.evo.team/simplesaml/module.php/saml/sp/metadata.php/default-sp');
     $this->assertCount(2, $credentials);
     $this->assertEquals('https://mt.evo.team/simplesaml/module.php/saml/sp/metadata.php/default-sp', $credentials[0]->getEntityId());
     $subject = $credentials[0]->getCertificate()->getSubject();
     $this->assertEquals('mt.evo.team', $subject['CN']);
     $this->assertEquals(UsageType::SIGNING, $credentials[0]->getUsageType());
     $this->assertEquals(UsageType::ENCRYPTION, $credentials[1]->getUsageType());
     $credentials = $store->getByEntityId('own');
     $this->assertCount(1, $credentials);
     $credentials = $store->getByEntityId('extra');
     $this->assertCount(1, $credentials);
 }
    public function test_decrypt()
    {
        $xml = <<<EOT
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_973220eb0b94e0367859487a8135e7855742ae2431" InResponseTo="_981d6909d57a6131e98da42ac76720776bd2a59d25" Version="2.0" IssueInstant="2015-09-28T07:24:17Z" Destination="https://localhost/lightsaml/lightSAML/web/sp/acs.php"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://lightsaml.local/idp</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_973220eb0b94e0367859487a8135e7855742ae2431"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>FKXI2BoZn0ix6Yc5m3QM3PDV8dQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>o6redfiU43TO5s0RtHUj9R0PSZVJryAs1e39biVOm84Xrd/n9IKCui3vWd9bN/wBAD9/ZZ4b48fMKfLI0hRivNEi9yJZb91uavdU1StjgpckdZtWdt315zf1+p4+xqnFAtDMWcTP3V8XAGuGfBUT+VndsS7VHVjzSjCj6+qC123TBpJ7HvC9sFUbH+uXgJaK71so8b3z79VH3C26Qnly3bmmARLkNZL8bnwlHJA/BrG/kJN5Lgv6tKB6xRbYU0grSGsA1Vt/nk2bpIGYPZU3SOIVVLUoHTkA6gGceKyJNqPcfJQVNpljTxqZjsJy7mZF9coWBSbTr5DRiGjd9pFOUA==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJAJNOFuQd727cMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE5MDE0MFoXDTI1MDkxMDE5MDE0MFowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJAJNOFuQd727cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHkHtwJBoeOhvr06M0MikKc99ze6TqAGvf+QkgFoV1sWGAh3NKcAR+XSlfK+sQWrHGkiia5hWKgAPMMUbkLP9DFWkjbK241isCZZD/LvA1anbV+7Pidn+swZ5dR7ynX2vj0kFYb+VsGPkavNcj8RN/DduhN/Tmi5sQAlWhaw06UAeEqXtFeLbTgLffBaj7PmR0IYjvTZA0X2FdRu0GXRxn7zghjpvSq9nuWa3pGbfdVtL6GIkwYUPcDzjr4OeGXNmIZe/wMCnz6VGZY+LUgzi/4DAC6V3OjMuhdqS/2+o1+CXCwN08CIHQV6+AUBenEVawMsiadLBgx3kFe5iXrYRMA=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_973220eb0b94e0367859487a8135e7855742ae2431"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>yo6ajbd+5N4zfH1IK+Up21KDuQw=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>ETYMDZA7IzajOPOqxrLjQImiEhC92u3k3ICoeytaI2KtLRK76hsWtNGIABvSAERUaCpHq+Uzit3yxTTXnCz1lHNzhKL27i42YwbMUe5IWRUYCVk1fJVrAcjWYYsnFMeBq7KRP8a5fHeg9PcIAZoEVz48DOUyx+kSArv2eF8B07fayu2Xp6fVGlJHAOcFWh6mK9ahLhEO3u4cLlvzVH0djF3jsY/qcH6xSK+dXu3JIgo84iJCIVayjxHbYYWA85/gnanODQ+t6cQmVqUztTfgebORgJ+PCXi5FxLPgSJM/PzO/uQ5TavKNuG3rmjjc9nHEYTrdFQ2OOU/gkLi+y31Iw==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJAJNOFuQd727cMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE5MDE0MFoXDTI1MDkxMDE5MDE0MFowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJAJNOFuQd727cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHkHtwJBoeOhvr06M0MikKc99ze6TqAGvf+QkgFoV1sWGAh3NKcAR+XSlfK+sQWrHGkiia5hWKgAPMMUbkLP9DFWkjbK241isCZZD/LvA1anbV+7Pidn+swZ5dR7ynX2vj0kFYb+VsGPkavNcj8RN/DduhN/Tmi5sQAlWhaw06UAeEqXtFeLbTgLffBaj7PmR0IYjvTZA0X2FdRu0GXRxn7zghjpvSq9nuWa3pGbfdVtL6GIkwYUPcDzjr4OeGXNmIZe/wMCnz6VGZY+LUgzi/4DAC6V3OjMuhdqS/2+o1+CXCwN08CIHQV6+AUBenEVawMsiadLBgx3kFe5iXrYRMA=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><xenc:CipherData><xenc:CipherValue>eBXzY5t2TX8r2uNK3aO+4w4K26kGTMgYUaUL22CI4Ntb4Y2tPvenP0R/ncf0GLUXcfwtLLq9dXfV+PI0fucdu9lSZ2yqjj63aBMMZUlxtKA0WXAOI7JX0kj8TG8PFOau+ByLOlUT1oxibCcNT/Xae6YS2muvR3oM3ADn5EOEVKx5Ubzo8WoKxDBjEAluzruikc6gkyoWRexnUlYuhm0XaAnzDz8+9qYIriRoAk+wxmD8eJ6WwRcdahIpCotJ2LaJ/SGmp388x8l6C5G+ITxe5fJScQpUr1bb/UKL3r6mV9NMF0yAe2LfqlJLHQ3iYCcJKRsn59CmLPH1ku+8yd1low==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
   <xenc:CipherData>
      <xenc:CipherValue>qpFKqOP1rGCRandtetkweGv3rViuWNRaqPmwDyCln4cdMSNsA85umC0GLRzencZB2gMCedBgOf2suiuiorzUz1sAzYDwPD2+xDsKjZQ7aP76LKZDun6To81gp23ZvQHlV59u6QjgW6n2RJaoeBk3x1M9I82KqQ/pp6bqdyvlGkRUBBEJbSikPgpJYpLwF1XAENVDgQ2BX8tk/0iwIN3O/Epn6ZLTxE2UcyI9J0uCMMdmDoKQMnIFe46viEbuz/+idjK58NPdztJGKUJw2Mb62Om3WP0kd5DF8NCcPTVm6Bkyx+mIXKeY/CU58SqPYoCtF9LyaY9NtmhKAl0xVAIkDZgdSGo1nPCWwU+Ee3sBE8eiTVNuoCgwrVQy7gQ94pJ5AAlPF1e/UoIxar0rhPs7m0JpIAy8SEjwGtYpA+Mhgd4xtwC8ffl1H6oovohqT0hTaXxK4R3V0MsRw6a8fNsFskTEGOE7x/39pbvJ0P727YsWXMdzsVJ1pje5mWgtLEKLjePqeQtonZJValnzjSsDdwurmzxBVbDLa373352pEDc8eXCv48erYgCDqV6IOV2TUAIbB17cQbdyGj6lpUmnzjtG7qF5VSuiLQKQbzYU0WV+LbZV8SB8Gt3rSGXgWgB4qhzwMBNjLbKfK59ghcAryz9KN27cutLHIYipHSfkw3BOEg0BsZy0e8TqSI4CSSYHCKhDJzzrWXv8LfhbRd/n8MvmZD4LC9qxkTXnZPC+Vre5ROfv2z41rwpGhPc5iDNBz4pXZild93JuBj/DBJ8FEN/b4Xxxq3/+mnZrWLIR5kckLWMSZ4XQEM+SVIRhMZj9Fk7vuqSRYw9eCSByI5g/ZksaCB/4Cyyhzc34DiQnxxQPA22TXhd0hL3XoZc8LPwWjE6+JqyFYL7VLCRghM5p2vda7W/3/bGWoWlt76BgsJaWfPToY39u2kcLSbm8f+PU6HP6v4g4d6IWGk11o9Pp9UV/9VGdcyO39C+bhfOYQw5d/sxIFy9rVWgvdywbbv1XWv2hU+NU4i0RwTStlNR+JnAu/aYA6riH2GOjShYDgWvHJ7UbUtMUntmNWntY6Ja1lKpwBmJ0O+LotA/mG2jGPCVoXo56x3PXcOsBgdQ3OpOnp8+ckJdhj8qZsOlko8Ye6uK0DgCWLj71Q8BVtSY7btZC4lvFgrCJW5/5WM1biTMb7oub3PAxm6EfIGtdcYz4fN+5bwjdRvOzG4g9smd6vyEFZEhllKkgwbt2OHL6oOdVFMiRxfmO19y0RStcOlKVrG+3DoeZBAWY5qjvQDk/IipR1kVCWD0b+lcn4sJ8jK8+Qw/eneW2Zs3kRiji+hJDMGYtAvkWsRwOz5Yfeu1lZdE5khOykt3cWMjsdxA4nuMhXPEfvSdaHssI0AJfz11RxPCh8CJrxGGlo2X3KC1kRK3kTeIaomYSPwx4TKr7FUkKtuO/JHQbdYpTC4cJYDZbNq6Tz6sc/nburM19VYLR9EcV8WOkT13Ahw02crJHyUSH6eWMvk+QFxGYFuazHajxtCBUcL2aJK1TJ+bd3n7oTMmTLSuTRUt4M4y1+6tKithvw1W8aHlHewaEx9szwZ7xNGYagu44UQxE6uz5G3esZEzOkUPK+wc4AjOuBVIBZ0wqXIoSSMo6DVV70uv1bUHMcHEHj6d7+WmYfWX9fIXrhB41nPr3WZzwenv1aXFyUBW3uOvW3rZGQuMivKPRdHgjExxbPGdnMGXfagGsIYfGlP/KbyWJCKzajFGX7vhLpUl3MZUI9sKNBZ6Jbf3rXg5pZKCc9NcnxP3KzYGwkJRfdSqdXBUsfoeQestoQ0Y3IywFrFHJWgvvPOUf3WFHtE2rYZt8fXK0mPm/kioCfe+i4WnjsUrcwpsQhGXS93nkg0fHcK0Mz8c3Pqu8AyqEFD8OAMy76yuh6hujS1vC83YTQDW0vr+lZUZxJ61AklWcJPASl9pZeqrnV2gNQmIBtsZCcKrFv0QeSShppMyDAXCaqbFwIbsxhAnsVOsTXqpV+dXUeZgwKHnlFqgfTnhh9A0PGoGI8j7xq/fvOinRuigMd9c3F2+jde4btCCGe/llaCUZSNeA9hYw5YJATeCQfgGqzXgariEkSCVeXQju+4XDNtxT33GfhbksjwhdS+lTauFQDAsPgP7yHWBjsA+n3bVr9eaiqK/Yb0VyMGjJYBllcg46+uFazQdp2hgnDiv+xBuQZnod8GdiJbMXjADWm29o85VzIRnR3HESgg9NQdaGcYS89DYJ0jrjEEJEAii0bXYkjbJMqkNII9s/hTh3f1c+QIl42LDo73eh3EcPEc7JIq/ShyDV8WNDTD1zNDbV3RcjpqL4xQ/lZpOGAubRIc6NjIB83OscXkkBO+S1qLKFmeSvsmr2gx5J8nFsVHN2jagX7V0RSr+MpoGss7ncm4dton9bCvoxX0Sr0IYjxCqzKvmr6YCrliR6LKjiYtMbmcfan5yRYv9eIra32vug3MNQhOAVpjZ+395BQMtOHYANKsI+26UpqcZxUcEG+2Sk5Mx5NKIG5JURx+0wuwE9zIqDMVa04ccLZG69Kcv2wM83JS5WGyJHi/R6SgkyYOYpNAXh78ync4+pfb6sQSHNawEqHF1v5x1k39TwMke1OivUOaXew3cmREXwI6vm8vtbgyNHUZpnuzwhLlA6tE2g+hbPkX5i8cbJyiJz9zEwx7Osby27ZggYMqSyxq3cBN0//2U1WnhfkcHMa04Wx4F5oGSYu/2jw9/Ihx17QL/0Ycvxg3jhZia5+BIwtdmHAlF7vzs7eANnKkmpPdhiKT7KC4r840M2J+OZDFLMTASUU72Ws0iRpQjtrpmVAMFTgCeELBIIbp424IBW8aL77WAhhaLLys+WcPWTXuYWJu5/azYuQeFxwfqZiZdBVPSwlQ4LrGgP37qkyHv0RiAQxjLTwuOa9N2IHLQNP6SivwturEwKbs7JnlYWEDOTcKiHteFnAATEm0F8QwrlW/wD1iFMDEAY8j42ufoRdrXFbtwh718gfvJZSkSMTs6Cq2X0jvZreoV4Rq5LiNIjZlr07j8DjeiUQFIL1GJFOKWmSbF25lTiRcKuJ29MmsT9GvztsubjTKdjKhJhhUrqbCn8xRnJ2xfyVglb38csTSmBUs+GEppSMSbyUo5eA/ZoUoDnugKaSEPt8z6fvrStlpEGZSpuZx/HzyoB/78NtzA7WiMYZ12MNmEvsvaRZzQ1NId3aAWXS3vsQ1kIuBpkxQmk42NhmOd5pLNX+EJbujTTRU+3HrsloPVWHHVZ01f2a7XdXiVchcpp4sHx3lx49bnutOHw7LhzkuYRq/Ylips6B6El6O3IpeqCIwnui5BhJFpEdQ8dnT9KfVn27dr/P6/r07Z4PNw0RLaJTCcz/wAti1uZ8Gj6rgfzU3dDXFDB3sGI7iaPwjpku/5EAmPbImz9X/hB0NiRqXkRZlfl5OyRvP//YKdGXaQSC0gVsIU8nkLkEM18ecVEpIQU2rFEr69ruMijS2huhczvumyzFEQ+Rnohc5MUYmRwyWP8Qvvkr3U7WD1vDBJi7BhlEFyI4o+jOJbwOSHcs6z5Oj7JuZ3gGjfXkgKJOBhk9igBEt4sqkN3ZGIYD6g4ClHW0fttBZfR/my26vKtvjOSLeVNxYdDX6Rx0SOfKDV3wo8IA5qPKCOxIvKSmlJ2P2gqrQUR8iR4mnMUVAKYiBCd9hUsLy1GjCTglYngbHOS3BQn9RdHhWgdO8jYnM8ot5lhVzoH8Q9TA1F8UGeMtBFtWm/rCyzGMU0XR4v+BTCn+WvGuYgn1CJOVIAAfl3n/p0TmTZtIUu/dIkrEy7LDNN0Ov+Ov+fh4sjFv3E+1BIkJJhX2+6FkUr8fj54DQj8n8V+WRBOPYkE1n1SUW6iiKn0LVY+yzW0Y9AoDny3BehwljavYkaTgsI+iDs/LYLwYCDYKJ5LDfBk6C5PtoFTTBlqu0czeO7qEH9jP+RObd06M8NbnErZzpAxikA4BiDuMEf4SOchvdSQOdbsl4/oLoiHprLYQvs1Q3jLjdF7zMuMxjtjukzod6IXZbwAnMQJR9fKRpslQ5vkDL4vBRqWU+RDbnlwHqfAhNUjPjFleFM1HKpuzXG+D0TTCmUTt5VHItIDXrgkt4u/g3tqHnncwuC4V944kUV8ZWp6C5k17M9ZlvYWjH+wpjqSeL+PKL/zOL9gLlFFincsrbQravhteRh+iKjAIXIr+mQNwn+MmvjaaLci9HB4R/MHhBX2nw4S37btT/KVO1NgKzimwUEzLoE90Fwd/wzMzaJuey1Kv8MPlYpLaouCn+lr5LfGuK2Traq7BTCDX/RfuE0GkbWg4hica++nstm+xVWvy7WtQf1Jrs+r47VkKP3WJBFFS8RFcdOIxPEQ75CnAgd3fsDVYfQhrf/Z/O+XEdlbxwusDKB2k/Eer/FEZQ0h6p1zoMna0j2I6sQVhgmqlVOW3XW0xSi+L4DylQOGr/WuKmKtCGe/hYUrgD7hKICxo9ouifdLmO3WFkd49hOagXgsWyCGTxAM2JKPC1VGefJh1t5AsiDWx9sgO9WY2U8c3cafqp+X2TOF9d2enH64Vudu34c1WJBvtViv4FUHf69i+Nky8s6+GF273BiYIQ0J761SQvIufw0zOErMJWyGW4Ckr1K2CPO0RKLwDgSpWCHWSthXfwWNWTMYDiQWyxn6vMuxCEgcGufWa7rzizHztKCZZHr0jWtWufUNIT/m1pRH99pu0FRRevcRXSDQdT5piQcpx6x2Jwm7CFJ8PynXZCE9Ln6Zjgiknad7JKAdUcPc6FVw49ukWCjcExFRXbpWEzoKLN13A2HRgmEM2xRl9Jss/gZLRSR5wkALRCh64UJmSRo3/J07in/TDPNp+QDgx+feUFwYw0/eGx9RjiLJOK5JJh+fsZ1OgzvpyWhhaQ3+OspPjc4Cfq1cvdIQaagma52UW5j3LPhMPT7PpDNyiU3QQUh/21mGie1ZAQg10+cuO0AAyev+8e3ztlGCLaiy2gASiJhnO8Ou8J4NCbhXtakTPvfL5LXxPunxRZwE6xG1QHKEa0dKYmKD6tW0s2r14KNPl7OqfuKef+MxDF9nQ+Z3mZvQrb3RPzVh3853/YaRSPmr+XMb31sOvMwC+HCgC5ye/broZ4jTvBhjY0r3l7EgqlZi83avpDh7ZRLpBOrhkjEHVGEuRico5vxM5bR9tMJRmEDW1AdJYXOix4OB9j0MjRU/NBOb7idV1MMlaJWO8mdcLfob86LF2mMu/4LbZG3uTOz/KxnwBdmfDF5H+ZCZZMM8rTCFA80I53BcLQhq5TEWmWwCSiC3dg5DGK8Qzg0b3ruzpXPDfKpAV8C0gt28+02HO8ThhDh1i+LssR8/nUO+0E6bKDmFADnFb/ISx3L8fj1MCyrDrwo0P9WUhYd9a0UDg2ty8Slb+8FLjtwqxY6ADphwgtkfbTJbZgCkDu7+bOScTZ31+cSqEFqEDljrdKIljvH2vMMty3mnUm59IahghWy3UIgtmW3UjtUC/IRxCk63vgjOKVhs/RzCQzOCk5hUO/W4L0XNEYo7dpEauRDNCVkMJ70PRWognr5u6Yoq2zM=</xenc:CipherValue>
   </xenc:CipherData>
</xenc:EncryptedData></saml:EncryptedAssertion></samlp:Response>

EOT;
        $deserializationContext = new DeserializationContext();
        $deserializationContext->getDocument()->loadXML($xml);
        $response = new Response();
        $response->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
        $credential = new X509Credential(X509Certificate::fromFile(__DIR__ . '/../../../../../../resources/sample/Certificate/lightsaml-idp.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../resources/sample/Certificate/lightsaml-idp.key', '', true));
        $decryptDeserializeContext = new DeserializationContext();
        /** @var EncryptedAssertionReader $reader */
        $reader = $response->getFirstEncryptedAssertion();
        $assertion = $reader->decryptMultiAssertion([$credential], $decryptDeserializeContext);
        $this->assertEquals('_c9cbe081e1b1294c9ea31d98f4a473a081466502a0', $assertion->getId());
        $this->assertEquals('https://lightsaml.local/idp', $assertion->getIssuer()->getValue());
        $this->assertEquals('*****@*****.**', $assertion->getSubject()->getNameID()->getValue());
        $this->assertEquals('common-name', $assertion->getFirstAttributeStatement()->getFirstAttributeByName(ClaimTypes::COMMON_NAME)->getFirstAttributeValue());
        $this->assertEquals('*****@*****.**', $assertion->getFirstAttributeStatement()->getFirstAttributeByName(ClaimTypes::EMAIL_ADDRESS)->getFirstAttributeValue());
    }
 /**
  * @return X509Credential
  */
 public function get()
 {
     if (null == $this->credential) {
         $this->credential = new X509Credential(X509Certificate::fromFile($this->certificatePath), KeyHelper::createPrivateKey($this->privateKeyPath, $this->privateKeyPassword, true));
         $this->credential->setEntityId($this->entityId);
     }
     return $this->credential;
 }
Exemplo n.º 9
0
 /**
  * Get saml authnRequest.
  *
  * @param  string $consumer_service_url
  * @param  string $idp_destination
  * @param  string $issuer
  * @param  string $saml_crt
  * @param  string $saml_key
  * @return string
  */
 public function getAuthnRequest($consumer_service_url, $idp_destination, $issuer, $saml_crt, $saml_key)
 {
     $authn_request = new AuthnRequest();
     $authn_request->setAssertionConsumerServiceURL($consumer_service_url)->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($idp_destination)->setIssuer(new Issuer($issuer));
     $certificate = new X509Certificate();
     $certificate->loadPem($saml_crt);
     $private_key = KeyHelper::createPrivateKey($saml_key, '', false);
     $authn_request->setSignature(new SignatureWriter($certificate, $private_key));
     $serialization_context = new SerializationContext();
     $authn_request->serialize($serialization_context->getDocument(), $serialization_context);
     $binding_factory = new BindingFactory();
     $redirect_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT);
     $message_context = new MessageContext();
     $message_context->setMessage($authn_request);
     /** @var \Symfony\Component\HttpFoundation\RedirectResponse $http_response */
     $http_response = $redirect_binding->send($message_context);
     return $http_response->getTargetUrl();
 }
 public function test_validate_correct_signature()
 {
     $publicKey = KeyHelper::createPublicKey(X509Certificate::fromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'));
     $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true);
     $data = 'Some message data';
     $signature = base64_encode($privateKey->signData($data));
     $reader = new SignatureStringReader($signature, $publicKey->type, $data);
     $result = $reader->validate($publicKey);
     $this->assertTrue($result);
 }
Exemplo n.º 11
0
 /**
  * @param string $entityId
  *
  * @return CredentialInterface[]
  */
 public function getByEntityId($entityId)
 {
     if ($entityId != $this->entityId) {
         return [];
     }
     if (null == $this->credential) {
         $certificate = X509Certificate::fromFile($this->certificatePath);
         $this->credential = new X509Credential($certificate, KeyHelper::createPrivateKey($this->keyPath, $this->password, true, $certificate->getSignatureAlgorithm()));
         $this->credential->setEntityId($this->entityId);
     }
     return [$this->credential];
 }
Exemplo n.º 12
0
 /**
  * @param \DOMElement            $node
  * @param DeserializationContext $context
  *
  * @throws LightSamlXmlException
  *
  * @return void
  */
 public function deserialize(\DOMElement $node, DeserializationContext $context)
 {
     $this->checkXmlNodeName($node, 'KeyDescriptor', SamlConstants::NS_METADATA);
     $this->attributesFromXml($node, array('use'));
     $list = $context->getXpath()->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $node);
     if (1 != $list->length) {
         throw new LightSamlXmlException('Missing X509Certificate node');
     }
     /** @var $x509CertificateNode \DOMElement */
     $x509CertificateNode = $list->item(0);
     $certificateData = trim($x509CertificateNode->textContent);
     if (false == $certificateData) {
         throw new LightSamlXmlException('Missing certificate data');
     }
     $this->certificate = new X509Certificate();
     $this->certificate->setData($certificateData);
 }
 /**
  * @param  AuthnRequest $message
  * @throws Exception
  */
 private function validateSignature(AuthnRequest $message)
 {
     $key = KeyHelper::createPublicKey(X509Certificate::fromFile($this->saml_crt));
     /** @var SignatureStringReader $signature_reader */
     $signature_reader = $message->getSignature();
     try {
         if ($signature_reader->validate($key)) {
             return;
         }
         throw new Exception('Signature not validated');
     } catch (Exception $e) {
         if ($this->logger) {
             $this->logger->error("AuthnRequest validation failed with message {$e->getMessage()}.", ['exception' => $e]);
         }
         throw $e;
     }
 }
<?php

require_once __DIR__ . '/../autoload.php';
$authnRequest = new \LightSaml\Model\Protocol\AuthnRequest();
$authnRequest->setAssertionConsumerServiceURL('https://my.site/acs')->setProtocolBinding(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST)->setID(\LightSaml\Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://idp.com/login')->setIssuer(new \LightSaml\Model\Assertion\Issuer('https://my.entity.id'));
$certificate = \LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../resources/sample/Certificate/lightsaml-idp.crt');
$privateKey = \LightSaml\Credential\KeyHelper::createPrivateKey(__DIR__ . '/../resources/sample/Certificate/lightsaml-idp.key', '', true);
$authnRequest->setSignature(new \LightSaml\Model\XmlDSig\SignatureWriter($certificate, $privateKey));
$serializationContext = new \LightSaml\Model\Context\SerializationContext();
$authnRequest->serialize($serializationContext->getDocument(), $serializationContext);
print $serializationContext->getDocument()->saveXML();
$expectedXmlOutput = <<<EOT
<AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" 
    ID="_8d3d46271c2e234f6b0d79f6d2716c707746abf9ca" 
    Version="2.0" 
    IssueInstant="2016-07-27T13:33:50Z" 
    Destination="https://idp.com/login" 
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
    AssertionConsumerServiceURL="https://my.site/acs"
>
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://my.entity.id</saml:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_8d3d46271c2e234f6b0d79f6d2716c707746abf9ca">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
Exemplo n.º 15
0
 private function getBuildContainer($inResponseTo = null, TimeProviderInterface $timeProvider = null)
 {
     $buildContainer = new BuildContainer($pimple = new Container());
     // OWN
     $ownCredential = new \LightSaml\Credential\X509Credential(\LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'), \LightSaml\Credential\KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true));
     $ownCredential->setEntityId(self::OWN_ENTITY_ID);
     $ownEntityDescriptor = new \LightSaml\Builder\EntityDescriptor\SimpleEntityDescriptorBuilder(self::OWN_ENTITY_ID, 'https://localhost/lightsaml/lightSAML/web/sp/acs.php', null, $ownCredential->getCertificate());
     $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\OwnContainerProvider($ownEntityDescriptor, [$ownCredential]));
     // SYSTEM
     $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\SystemContainerProvider(true));
     if ($timeProvider) {
         $pimple[SystemContainer::TIME_PROVIDER] = function () use($timeProvider) {
             return $timeProvider;
         };
     }
     // PARTY
     $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\PartyContainerProvider());
     $pimple[PartyContainer::IDP_ENTITY_DESCRIPTOR] = function () {
         $idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore();
         $idpProvider->add(\LightSaml\Model\Metadata\EntitiesDescriptor::load(__DIR__ . '/../../../../../../web/sp/testshib-providers.xml'));
         $idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/localhost-lightsaml-lightsaml-idp.xml'));
         $idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/openidp.feide.no.xml'));
         return $idpProvider;
     };
     // STORE
     $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\StoreContainerProvider($buildContainer->getSystemContainer()));
     if ($inResponseTo) {
         $pimple[StoreContainer::REQUEST_STATE_STORE] = function () use($inResponseTo) {
             $store = new RequestStateArrayStore();
             $store->set(new RequestState($inResponseTo));
             return $store;
         };
     }
     // PROVIDER
     $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ProviderContainerProvider());
     // CREDENTIAL
     $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\CredentialContainerProvider($buildContainer->getPartyContainer(), $buildContainer->getOwnContainer()));
     // SERVICE
     $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ServiceContainerProvider($buildContainer->getCredentialContainer(), $buildContainer->getStoreContainer(), $buildContainer->getSystemContainer()));
     return $buildContainer;
 }
Exemplo n.º 16
0
 /**
  * @return \LightSaml\Resolver\Credential\CredentialResolverInterface
  */
 private function getResolver()
 {
     $provider = new FixedEntityDescriptorStore();
     $provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp2-ed.xml'));
     $provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp-ed.xml'));
     $provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/ed01-formatted-certificate.xml'));
     $provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/sp-ed2.xml'));
     $metadataStore = new MetadataCredentialStore($provider);
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../../resources/sample/Certificate/saml.crt');
     $credential = new X509Credential($certificate, KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../resources/sample/Certificate/saml.pem', '', true));
     $credential->setUsageType(UsageType::ENCRYPTION)->setEntityId('https://mt.evo.loc/sp');
     $staticStore = new StaticCredentialStore();
     $staticStore->add($credential);
     $compositeStore = new CompositeCredentialStore();
     $compositeStore->add($metadataStore)->add($staticStore);
     $resolverFactory = new CredentialResolverFactory($compositeStore);
     $resolver = $resolverFactory->build();
     return $resolver;
 }
Exemplo n.º 17
0
 /**
  * @expectedException \LightSaml\Error\LightSamlException
  * @expectedExceptionMessage Certificate data not set
  */
 public function test_error_when_parse_called_with_out_data_set()
 {
     $certificate = new X509Certificate();
     $certificate->parse();
 }
 /**
  * @return X509Certificate
  */
 protected function getX509Certificate()
 {
     return X509Certificate::fromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
 }
Exemplo n.º 19
0
require_once __DIR__ . '/../autoload.php';
$xml = <<<EOT
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_973220eb0b94e0367859487a8135e7855742ae2431" InResponseTo="_981d6909d57a6131e98da42ac76720776bd2a59d25" Version="2.0" IssueInstant="2015-09-28T07:24:17Z" Destination="https://localhost/lightsaml/lightSAML/web/sp/acs.php"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://lightsaml.local/idp</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_973220eb0b94e0367859487a8135e7855742ae2431"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>FKXI2BoZn0ix6Yc5m3QM3PDV8dQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>o6redfiU43TO5s0RtHUj9R0PSZVJryAs1e39biVOm84Xrd/n9IKCui3vWd9bN/wBAD9/ZZ4b48fMKfLI0hRivNEi9yJZb91uavdU1StjgpckdZtWdt315zf1+p4+xqnFAtDMWcTP3V8XAGuGfBUT+VndsS7VHVjzSjCj6+qC123TBpJ7HvC9sFUbH+uXgJaK71so8b3z79VH3C26Qnly3bmmARLkNZL8bnwlHJA/BrG/kJN5Lgv6tKB6xRbYU0grSGsA1Vt/nk2bpIGYPZU3SOIVVLUoHTkA6gGceKyJNqPcfJQVNpljTxqZjsJy7mZF9coWBSbTr5DRiGjd9pFOUA==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJAJNOFuQd727cMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE5MDE0MFoXDTI1MDkxMDE5MDE0MFowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJAJNOFuQd727cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHkHtwJBoeOhvr06M0MikKc99ze6TqAGvf+QkgFoV1sWGAh3NKcAR+XSlfK+sQWrHGkiia5hWKgAPMMUbkLP9DFWkjbK241isCZZD/LvA1anbV+7Pidn+swZ5dR7ynX2vj0kFYb+VsGPkavNcj8RN/DduhN/Tmi5sQAlWhaw06UAeEqXtFeLbTgLffBaj7PmR0IYjvTZA0X2FdRu0GXRxn7zghjpvSq9nuWa3pGbfdVtL6GIkwYUPcDzjr4OeGXNmIZe/wMCnz6VGZY+LUgzi/4DAC6V3OjMuhdqS/2+o1+CXCwN08CIHQV6+AUBenEVawMsiadLBgx3kFe5iXrYRMA=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_973220eb0b94e0367859487a8135e7855742ae2431"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>yo6ajbd+5N4zfH1IK+Up21KDuQw=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>ETYMDZA7IzajOPOqxrLjQImiEhC92u3k3ICoeytaI2KtLRK76hsWtNGIABvSAERUaCpHq+Uzit3yxTTXnCz1lHNzhKL27i42YwbMUe5IWRUYCVk1fJVrAcjWYYsnFMeBq7KRP8a5fHeg9PcIAZoEVz48DOUyx+kSArv2eF8B07fayu2Xp6fVGlJHAOcFWh6mK9ahLhEO3u4cLlvzVH0djF3jsY/qcH6xSK+dXu3JIgo84iJCIVayjxHbYYWA85/gnanODQ+t6cQmVqUztTfgebORgJ+PCXi5FxLPgSJM/PzO/uQ5TavKNuG3rmjjc9nHEYTrdFQ2OOU/gkLi+y31Iw==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJAJNOFuQd727cMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE5MDE0MFoXDTI1MDkxMDE5MDE0MFowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJAJNOFuQd727cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHkHtwJBoeOhvr06M0MikKc99ze6TqAGvf+QkgFoV1sWGAh3NKcAR+XSlfK+sQWrHGkiia5hWKgAPMMUbkLP9DFWkjbK241isCZZD/LvA1anbV+7Pidn+swZ5dR7ynX2vj0kFYb+VsGPkavNcj8RN/DduhN/Tmi5sQAlWhaw06UAeEqXtFeLbTgLffBaj7PmR0IYjvTZA0X2FdRu0GXRxn7zghjpvSq9nuWa3pGbfdVtL6GIkwYUPcDzjr4OeGXNmIZe/wMCnz6VGZY+LUgzi/4DAC6V3OjMuhdqS/2+o1+CXCwN08CIHQV6+AUBenEVawMsiadLBgx3kFe5iXrYRMA=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><xenc:CipherData><xenc:CipherValue>eBXzY5t2TX8r2uNK3aO+4w4K26kGTMgYUaUL22CI4Ntb4Y2tPvenP0R/ncf0GLUXcfwtLLq9dXfV+PI0fucdu9lSZ2yqjj63aBMMZUlxtKA0WXAOI7JX0kj8TG8PFOau+ByLOlUT1oxibCcNT/Xae6YS2muvR3oM3ADn5EOEVKx5Ubzo8WoKxDBjEAluzruikc6gkyoWRexnUlYuhm0XaAnzDz8+9qYIriRoAk+wxmD8eJ6WwRcdahIpCotJ2LaJ/SGmp388x8l6C5G+ITxe5fJScQpUr1bb/UKL3r6mV9NMF0yAe2LfqlJLHQ3iYCcJKRsn59CmLPH1ku+8yd1low==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
   <xenc:CipherData>
      <xenc:CipherValue>qpFKqOP1rGCRandtetkweGv3rViuWNRaqPmwDyCln4cdMSNsA85umC0GLRzencZB2gMCedBgOf2suiuiorzUz1sAzYDwPD2+xDsKjZQ7aP76LKZDun6To81gp23ZvQHlV59u6QjgW6n2RJaoeBk3x1M9I82KqQ/pp6bqdyvlGkRUBBEJbSikPgpJYpLwF1XAENVDgQ2BX8tk/0iwIN3O/Epn6ZLTxE2UcyI9J0uCMMdmDoKQMnIFe46viEbuz/+idjK58NPdztJGKUJw2Mb62Om3WP0kd5DF8NCcPTVm6Bkyx+mIXKeY/CU58SqPYoCtF9LyaY9NtmhKAl0xVAIkDZgdSGo1nPCWwU+Ee3sBE8eiTVNuoCgwrVQy7gQ94pJ5AAlPF1e/UoIxar0rhPs7m0JpIAy8SEjwGtYpA+Mhgd4xtwC8ffl1H6oovohqT0hTaXxK4R3V0MsRw6a8fNsFskTEGOE7x/39pbvJ0P727YsWXMdzsVJ1pje5mWgtLEKLjePqeQtonZJValnzjSsDdwurmzxBVbDLa373352pEDc8eXCv48erYgCDqV6IOV2TUAIbB17cQbdyGj6lpUmnzjtG7qF5VSuiLQKQbzYU0WV+LbZV8SB8Gt3rSGXgWgB4qhzwMBNjLbKfK59ghcAryz9KN27cutLHIYipHSfkw3BOEg0BsZy0e8TqSI4CSSYHCKhDJzzrWXv8LfhbRd/n8MvmZD4LC9qxkTXnZPC+Vre5ROfv2z41rwpGhPc5iDNBz4pXZild93JuBj/DBJ8FEN/b4Xxxq3/+mnZrWLIR5kckLWMSZ4XQEM+SVIRhMZj9Fk7vuqSRYw9eCSByI5g/ZksaCB/4Cyyhzc34DiQnxxQPA22TXhd0hL3XoZc8LPwWjE6+JqyFYL7VLCRghM5p2vda7W/3/bGWoWlt76BgsJaWfPToY39u2kcLSbm8f+PU6HP6v4g4d6IWGk11o9Pp9UV/9VGdcyO39C+bhfOYQw5d/sxIFy9rVWgvdywbbv1XWv2hU+NU4i0RwTStlNR+JnAu/aYA6riH2GOjShYDgWvHJ7UbUtMUntmNWntY6Ja1lKpwBmJ0O+LotA/mG2jGPCVoXo56x3PXcOsBgdQ3OpOnp8+ckJdhj8qZsOlko8Ye6uK0DgCWLj71Q8BVtSY7btZC4lvFgrCJW5/5WM1biTMb7oub3PAxm6EfIGtdcYz4fN+5bwjdRvOzG4g9smd6vyEFZEhllKkgwbt2OHL6oOdVFMiRxfmO19y0RStcOlKVrG+3DoeZBAWY5qjvQDk/IipR1kVCWD0b+lcn4sJ8jK8+Qw/eneW2Zs3kRiji+hJDMGYtAvkWsRwOz5Yfeu1lZdE5khOykt3cWMjsdxA4nuMhXPEfvSdaHssI0AJfz11RxPCh8CJrxGGlo2X3KC1kRK3kTeIaomYSPwx4TKr7FUkKtuO/JHQbdYpTC4cJYDZbNq6Tz6sc/nburM19VYLR9EcV8WOkT13Ahw02crJHyUSH6eWMvk+QFxGYFuazHajxtCBUcL2aJK1TJ+bd3n7oTMmTLSuTRUt4M4y1+6tKithvw1W8aHlHewaEx9szwZ7xNGYagu44UQxE6uz5G3esZEzOkUPK+wc4AjOuBVIBZ0wqXIoSSMo6DVV70uv1bUHMcHEHj6d7+WmYfWX9fIXrhB41nPr3WZzwenv1aXFyUBW3uOvW3rZGQuMivKPRdHgjExxbPGdnMGXfagGsIYfGlP/KbyWJCKzajFGX7vhLpUl3MZUI9sKNBZ6Jbf3rXg5pZKCc9NcnxP3KzYGwkJRfdSqdXBUsfoeQestoQ0Y3IywFrFHJWgvvPOUf3WFHtE2rYZt8fXK0mPm/kioCfe+i4WnjsUrcwpsQhGXS93nkg0fHcK0Mz8c3Pqu8AyqEFD8OAMy76yuh6hujS1vC83YTQDW0vr+lZUZxJ61AklWcJPASl9pZeqrnV2gNQmIBtsZCcKrFv0QeSShppMyDAXCaqbFwIbsxhAnsVOsTXqpV+dXUeZgwKHnlFqgfTnhh9A0PGoGI8j7xq/fvOinRuigMd9c3F2+jde4btCCGe/llaCUZSNeA9hYw5YJATeCQfgGqzXgariEkSCVeXQju+4XDNtxT33GfhbksjwhdS+lTauFQDAsPgP7yHWBjsA+n3bVr9eaiqK/Yb0VyMGjJYBllcg46+uFazQdp2hgnDiv+xBuQZnod8GdiJbMXjADWm29o85VzIRnR3HESgg9NQdaGcYS89DYJ0jrjEEJEAii0bXYkjbJMqkNII9s/hTh3f1c+QIl42LDo73eh3EcPEc7JIq/ShyDV8WNDTD1zNDbV3RcjpqL4xQ/lZpOGAubRIc6NjIB83OscXkkBO+S1qLKFmeSvsmr2gx5J8nFsVHN2jagX7V0RSr+MpoGss7ncm4dton9bCvoxX0Sr0IYjxCqzKvmr6YCrliR6LKjiYtMbmcfan5yRYv9eIra32vug3MNQhOAVpjZ+395BQMtOHYANKsI+26UpqcZxUcEG+2Sk5Mx5NKIG5JURx+0wuwE9zIqDMVa04ccLZG69Kcv2wM83JS5WGyJHi/R6SgkyYOYpNAXh78ync4+pfb6sQSHNawEqHF1v5x1k39TwMke1OivUOaXew3cmREXwI6vm8vtbgyNHUZpnuzwhLlA6tE2g+hbPkX5i8cbJyiJz9zEwx7Osby27ZggYMqSyxq3cBN0//2U1WnhfkcHMa04Wx4F5oGSYu/2jw9/Ihx17QL/0Ycvxg3jhZia5+BIwtdmHAlF7vzs7eANnKkmpPdhiKT7KC4r840M2J+OZDFLMTASUU72Ws0iRpQjtrpmVAMFTgCeELBIIbp424IBW8aL77WAhhaLLys+WcPWTXuYWJu5/azYuQeFxwfqZiZdBVPSwlQ4LrGgP37qkyHv0RiAQxjLTwuOa9N2IHLQNP6SivwturEwKbs7JnlYWEDOTcKiHteFnAATEm0F8QwrlW/wD1iFMDEAY8j42ufoRdrXFbtwh718gfvJZSkSMTs6Cq2X0jvZreoV4Rq5LiNIjZlr07j8DjeiUQFIL1GJFOKWmSbF25lTiRcKuJ29MmsT9GvztsubjTKdjKhJhhUrqbCn8xRnJ2xfyVglb38csTSmBUs+GEppSMSbyUo5eA/ZoUoDnugKaSEPt8z6fvrStlpEGZSpuZx/HzyoB/78NtzA7WiMYZ12MNmEvsvaRZzQ1NId3aAWXS3vsQ1kIuBpkxQmk42NhmOd5pLNX+EJbujTTRU+3HrsloPVWHHVZ01f2a7XdXiVchcpp4sHx3lx49bnutOHw7LhzkuYRq/Ylips6B6El6O3IpeqCIwnui5BhJFpEdQ8dnT9KfVn27dr/P6/r07Z4PNw0RLaJTCcz/wAti1uZ8Gj6rgfzU3dDXFDB3sGI7iaPwjpku/5EAmPbImz9X/hB0NiRqXkRZlfl5OyRvP//YKdGXaQSC0gVsIU8nkLkEM18ecVEpIQU2rFEr69ruMijS2huhczvumyzFEQ+Rnohc5MUYmRwyWP8Qvvkr3U7WD1vDBJi7BhlEFyI4o+jOJbwOSHcs6z5Oj7JuZ3gGjfXkgKJOBhk9igBEt4sqkN3ZGIYD6g4ClHW0fttBZfR/my26vKtvjOSLeVNxYdDX6Rx0SOfKDV3wo8IA5qPKCOxIvKSmlJ2P2gqrQUR8iR4mnMUVAKYiBCd9hUsLy1GjCTglYngbHOS3BQn9RdHhWgdO8jYnM8ot5lhVzoH8Q9TA1F8UGeMtBFtWm/rCyzGMU0XR4v+BTCn+WvGuYgn1CJOVIAAfl3n/p0TmTZtIUu/dIkrEy7LDNN0Ov+Ov+fh4sjFv3E+1BIkJJhX2+6FkUr8fj54DQj8n8V+WRBOPYkE1n1SUW6iiKn0LVY+yzW0Y9AoDny3BehwljavYkaTgsI+iDs/LYLwYCDYKJ5LDfBk6C5PtoFTTBlqu0czeO7qEH9jP+RObd06M8NbnErZzpAxikA4BiDuMEf4SOchvdSQOdbsl4/oLoiHprLYQvs1Q3jLjdF7zMuMxjtjukzod6IXZbwAnMQJR9fKRpslQ5vkDL4vBRqWU+RDbnlwHqfAhNUjPjFleFM1HKpuzXG+D0TTCmUTt5VHItIDXrgkt4u/g3tqHnncwuC4V944kUV8ZWp6C5k17M9ZlvYWjH+wpjqSeL+PKL/zOL9gLlFFincsrbQravhteRh+iKjAIXIr+mQNwn+MmvjaaLci9HB4R/MHhBX2nw4S37btT/KVO1NgKzimwUEzLoE90Fwd/wzMzaJuey1Kv8MPlYpLaouCn+lr5LfGuK2Traq7BTCDX/RfuE0GkbWg4hica++nstm+xVWvy7WtQf1Jrs+r47VkKP3WJBFFS8RFcdOIxPEQ75CnAgd3fsDVYfQhrf/Z/O+XEdlbxwusDKB2k/Eer/FEZQ0h6p1zoMna0j2I6sQVhgmqlVOW3XW0xSi+L4DylQOGr/WuKmKtCGe/hYUrgD7hKICxo9ouifdLmO3WFkd49hOagXgsWyCGTxAM2JKPC1VGefJh1t5AsiDWx9sgO9WY2U8c3cafqp+X2TOF9d2enH64Vudu34c1WJBvtViv4FUHf69i+Nky8s6+GF273BiYIQ0J761SQvIufw0zOErMJWyGW4Ckr1K2CPO0RKLwDgSpWCHWSthXfwWNWTMYDiQWyxn6vMuxCEgcGufWa7rzizHztKCZZHr0jWtWufUNIT/m1pRH99pu0FRRevcRXSDQdT5piQcpx6x2Jwm7CFJ8PynXZCE9Ln6Zjgiknad7JKAdUcPc6FVw49ukWCjcExFRXbpWEzoKLN13A2HRgmEM2xRl9Jss/gZLRSR5wkALRCh64UJmSRo3/J07in/TDPNp+QDgx+feUFwYw0/eGx9RjiLJOK5JJh+fsZ1OgzvpyWhhaQ3+OspPjc4Cfq1cvdIQaagma52UW5j3LPhMPT7PpDNyiU3QQUh/21mGie1ZAQg10+cuO0AAyev+8e3ztlGCLaiy2gASiJhnO8Ou8J4NCbhXtakTPvfL5LXxPunxRZwE6xG1QHKEa0dKYmKD6tW0s2r14KNPl7OqfuKef+MxDF9nQ+Z3mZvQrb3RPzVh3853/YaRSPmr+XMb31sOvMwC+HCgC5ye/broZ4jTvBhjY0r3l7EgqlZi83avpDh7ZRLpBOrhkjEHVGEuRico5vxM5bR9tMJRmEDW1AdJYXOix4OB9j0MjRU/NBOb7idV1MMlaJWO8mdcLfob86LF2mMu/4LbZG3uTOz/KxnwBdmfDF5H+ZCZZMM8rTCFA80I53BcLQhq5TEWmWwCSiC3dg5DGK8Qzg0b3ruzpXPDfKpAV8C0gt28+02HO8ThhDh1i+LssR8/nUO+0E6bKDmFADnFb/ISx3L8fj1MCyrDrwo0P9WUhYd9a0UDg2ty8Slb+8FLjtwqxY6ADphwgtkfbTJbZgCkDu7+bOScTZ31+cSqEFqEDljrdKIljvH2vMMty3mnUm59IahghWy3UIgtmW3UjtUC/IRxCk63vgjOKVhs/RzCQzOCk5hUO/W4L0XNEYo7dpEauRDNCVkMJ70PRWognr5u6Yoq2zM=</xenc:CipherValue>
   </xenc:CipherData>
</xenc:EncryptedData></saml:EncryptedAssertion></samlp:Response>

EOT;
$deserializationContext = new \LightSaml\Model\Context\DeserializationContext();
$deserializationContext->getDocument()->loadXML($xml);
$response = new \LightSaml\Model\Protocol\Response();
$response->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
$credential = new \LightSaml\Credential\X509Credential(\LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../resources/sample/Certificate/lightsaml-idp.crt'), \LightSaml\Credential\KeyHelper::createPrivateKey(__DIR__ . '/../resources/sample/Certificate/lightsaml-idp.key', '', true));
$decryptDeserializeContext = new \LightSaml\Model\Context\DeserializationContext();
/** @var \LightSaml\Model\Assertion\EncryptedAssertionReader $reader */
$reader = $response->getFirstEncryptedAssertion();
$assertion = $reader->decryptMultiAssertion([$credential], $decryptDeserializeContext);
foreach ($assertion->getFirstAttributeStatement()->getAllAttributes() as $attribute) {
    print sprintf("%s: %s\n", $attribute->getName(), $attribute->getFirstAttributeValue());
}
 /**
  * @return X509Certificate
  */
 private function getCertificate()
 {
     return X509Certificate::fromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
 }
<?php

require_once __DIR__ . '/../autoload.php';
$xml = <<<EOT
<?xml version="1.0"?>
<AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="_894da3368874d2dd637983b6812f66c444f100f205" Version="2.0" IssueInstant="2015-09-13T11:47:33Z" Destination="https://idp.testshib.org/idp/profile/SAML2/POST/SSO"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://mt.evo.loc/sp</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_894da3368874d2dd637983b6812f66c444f100f205"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>94dChUrRo35DfipIGNBVil4Qip8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>rjtDDEZN4T2L4Xw5W5ijALoambKl85HsBGy/pFlmk6b7JqSVq8wJJkrq6D5nxUPzNf7B+L2wju1M98stmUhvYCtU2cHRE6wjKwa7tsumYDxuOBQ4ufBt09TJtjogny5ikzCtb2csOoQjosExmVw3f2J+FkLl4rjY6Ngwlsnpn0AttqNdtykAdwuIE3BmXKhMTxelPhxMZ9bCOoODlgU568E+3KuOxmcf85e+uGIApuxnzTZX62MlnVtsveMQdb0VT4AKJhVbFIb7sW+UwMQWhznWhjdnhIz65CHTnBUMzLyOilugwE5Rvk79fPqeGDNrNyeh+3Fhko+GAj0lNluyWA==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJANZLMiMszO+tMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE4MzU0NloXDTI1MDkxMDE4MzU0NlowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJANZLMiMszO+tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAE0HxNZpi/gSVrkhQ756AgIC25l6A4C6xZ8iAZiBApJcVdUZytBgpzypFSd8yg7Yh5P3ftlDjYEMB/uIvBsKe6HQyUy90VrSi4aaGC/7ilj6DTCX3jeuuH1JnU6sBxhN9IiJRY3DbMzY5KAdtK/1fYlKa6PugXruJWrB3bC1VaFWLjMytnvaEQxjam4bsj1sF0+v6jL3RIQzdW9jJ7Udoul5fGR56A0Uhi0lqObPKI2lIK1psWXLwksdvO9NNt9Vm27QLlklvpYuIh086wLmbiVmO+VQxDYwPmL8NEiLSA4Po/q7n+qV7Vx/EtIKr7lwZ2Micv5Xm0sequAbt3dnqPI=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></AuthnRequest>
EOT;
$deserializationContext = new \LightSaml\Model\Context\DeserializationContext();
$deserializationContext->getDocument()->loadXML($xml);
$authnRequest = new \LightSaml\Model\Protocol\AuthnRequest();
$authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
$key = \LightSaml\Credential\KeyHelper::createPublicKey(\LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../web/sp/saml.crt'));
/** @var \LightSaml\Model\XmlDSig\SignatureXmlReader $signatureReader */
$signatureReader = $authnRequest->getSignature();
try {
    $ok = $signatureReader->validate($key);
    if ($ok) {
        print "Signaure OK\n";
    } else {
        print "Signature not validated";
    }
} catch (\Exception $ex) {
    print "Signature validation failed\n";
}
<?php

require_once __DIR__ . '/../autoload.php';
$entityDescriptor = new \LightSaml\Model\Metadata\EntityDescriptor();
$entityDescriptor->setID(\LightSaml\Helper::generateID())->setEntityID('http://some.entity.id');
$entityDescriptor->addItem($spSsoDescriptor = (new \LightSaml\Model\Metadata\SpSsoDescriptor())->setWantAssertionsSigned(true));
$spSsoDescriptor->addKeyDescriptor($keyDescriptor = (new \LightSaml\Model\Metadata\KeyDescriptor())->setUse(\LightSaml\Model\Metadata\KeyDescriptor::USE_SIGNING)->setCertificate(\LightSaml\Credential\X509Certificate::fromFile('/path/to/file.crt')));
$spSsoDescriptor->addAssertionConsumerService($acs = (new \LightSaml\Model\Metadata\AssertionConsumerService())->setBinding(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST)->setLocation('https://my.site/saml/acs'));
$expectedSerializaedXml = <<<EOT
<EntityDescriptor ID="_2240bd9c-30c4-4d2a-ab3e-87a94ea334fd" entityID="http://some.entity.id" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
    <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <KeyDescriptor use="signing">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
                    <X509Certificate>
                        MIIC0jCCAbqgAwIBAgIQGFT6omLmWbhAD65bM40rGzANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDExpBREZTIFNpZ25pbmcgLSBCMS5iZWFkLmxvYzAeFw0xMzEwMDkxNDUyMDVaFw0xNDEwMDkxNDUyMDVaMCUxIzAhBgNVBAMTGkFERlMgU2lnbmluZyAtIEIxLmJlYWQubG9jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGKV64+63lpqdPmCTZ0kt/yKr8xukR1Y071SlmRVV5sSFhTe8cjylPqqxdyEBrfPhpL6vwFQyKfDhuM8T9E+BW5fUdoXO4WmIHrLOxV/BzKv2rDGidlCFzDSQPDxPH2RdQkMBksiauIMSHIYXB92rO4fkcsTgQ6cc+PZp4M3Z/jR1mcxQzz9RQk3I9w2OtI9xcv+uDC5mQU0ZWVHc99VSFQt+zshduwIqxQdHvMdTRslso+oCLEQom42pGCD8TksQTGw4sB7Ctb0mgXdfy0PDIznfi2oDBGtPY2Hkms6/n9xoyCynQea0YYXcpEe7lAvs+t6Lq+ZaKp2kUaa2x8d+QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfwlmaN1iPg0gNiqdVphJjWnzpV4h6/Mz3L0xYzNQeglWCDKCKuajQfmo/AQBErtOWZJsP8avzK79gNRqFHXF6CirjGnL6WO+S6Ug1hvy3xouOxOkIYgZsbmcNL2XO1hIxP4z/QWPthotp3FSUTae2hFBHuy4Gtb+9d9a60GDtgrHnfgVeCTE7CSiaI/D/51JNbtpg2tCpcEzMQgPkQqb8E+V79xc0dnEcI5cBaS6eYgkJgS5gKIMbwaJ/VxzCVGIKwFjFnJedJ5N7zH7OVwor56Q7nuKD7X4yFY9XR3isjGnwXveh9E4d9wD4CMl52AHJpsYsToXsi3eRvApDV/PE
                    </X509Certificate>
                </X509Data>
            </KeyInfo>
        </KeyDescriptor>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://my.site/saml/acs"/>
    </SPSSODescriptor>
</EntityDescriptor>
EOT
;
Exemplo n.º 23
0
 /**
  * @return Response
  */
 private function getResponseObject()
 {
     $response = new Response();
     $response->setId('response-id')->setIssueInstant('2013-10-27T11:55:37Z')->setDestination('http://destination.com')->setConsent(SamlConstants::CONSENT_UNSPECIFIED)->setInResponseTo('in-reponse-to')->addAssertion((new Assertion())->setId('assertion-id')->setIssueInstant('2013-10-27T11:55:37Z')->setIssuer((new Issuer())->setValue('assertion-issuer'))->setSubject((new Subject())->setNameID((new NameID())->setValue('assertion-name-id')->setFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo('assertion-in-response-to')->setNotOnOrAfter('2013-10-27T12:00:37Z')->setRecipient('http://recipient.com'))))->setConditions((new Conditions())->setNotBefore('2013-10-27T11:55:37Z')->setNotOnOrAfter('2013-10-27T12:55:37Z')->addItem((new AudienceRestriction())->addAudience('http://audience.com')))->addItem((new AttributeStatement())->addAttribute((new Attribute())->setName(ClaimTypes::COMMON_NAME)->setFriendlyName('Common Name')->addAttributeValue('cn value'))->addAttribute((new Attribute())->setName(ClaimTypes::GROUP)->setFriendlyName('Group')->addAttributeValue('group one')->addAttributeValue('group two')))->addItem((new AuthnStatement())->setAuthnInstant('2013-10-27T11:55:36Z')->setSessionIndex('session-index')->setAuthnContext((new AuthnContext())->setAuthnContextClassRef('authn-context-class-ref')))->setSignature(new SignatureWriter(X509Certificate::fromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true))))->setIssuer((new Issuer())->setValue('the-issuer'));
     return $response;
 }
 /**
  * @return AuthnRequest
  */
 private function getAuthnRequest()
 {
     $authnRequest = new AuthnRequest();
     $authnRequest->setIssueInstant('2014-01-01T12:00:00Z');
     $authnRequest->setID('_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7');
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
     $key = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true);
     $authnRequest->setSignature(new SignatureWriter($certificate, $key));
     return $authnRequest;
 }