Exemplo n.º 1
0
 /**
  * @param AuthnRequest           $request
  * @param SAML2_Certificate_X509 $publicKey
  * @return bool
  * @throws \Exception
  */
 public function isSignedWith(AuthnRequest $request, SAML2_Certificate_X509 $publicKey)
 {
     $this->logger->debug(sprintf('Attempting to verify signature with certificate "%s"', $publicKey->getCertificate()));
     $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'public'));
     $key->loadKey($publicKey->getCertificate());
     if ($key->verifySignature($request->getSignedRequestQuery(), $request->getSignature())) {
         $this->logger->debug('Signature VERIFIED');
         return true;
     }
     $this->logger->debug('Signature NOT VERIFIED');
     return false;
 }
Exemplo n.º 2
0
 /**
  * @param ServiceProvider  $serviceProvider
  * @param IdentityProvider $identityProvider
  * @return AuthnRequest
  */
 public static function createNewRequest(ServiceProvider $serviceProvider, IdentityProvider $identityProvider)
 {
     $request = new SAML2_AuthnRequest();
     $request->setAssertionConsumerServiceURL($serviceProvider->getAssertionConsumerUrl());
     $request->setDestination($identityProvider->getSsoUrl());
     $request->setIssuer($serviceProvider->getEntityId());
     $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
     $request->setSignatureKey(self::loadPrivateKey($serviceProvider->getPrivateKey(SAML2_Configuration_PrivateKey::NAME_DEFAULT)));
     return AuthnRequest::createNew($request);
 }
Exemplo n.º 3
0
 /**
  * @test
  * @group saml2
  * @dataProvider provideIsPassiveAndForceAuthnCombinations
  *
  * @param string $xml
  * @param bool   $isPassive
  * @param bool   $forceAuthn
  */
 public function is_passive_and_force_authn_can_be_retrieved_from_the_authnrequest($xml, $isPassive, $forceAuthn)
 {
     $domDocument = SAML2_DOMDocumentFactory::fromString($xml);
     $request = new SAML2_AuthnRequest($domDocument->documentElement);
     $authnRequest = AuthnRequest::createNew($request);
     $this->assertEquals($isPassive, $authnRequest->isPassive());
     $this->assertEquals($forceAuthn, $authnRequest->isForceAuthn());
 }
Exemplo n.º 4
0
 /**
  * @test
  * @group saml2
  */
 public function the_nameid_and_format_can_be_retrieved_from_the_authnrequest()
 {
     $domDocument = SAML2_DOMDocumentFactory::fromString($this->authRequestWithSubject);
     $request = new SAML2_AuthnRequest($domDocument->documentElement);
     $authnRequest = AuthnRequest::createNew($request);
     $this->assertEquals($this->nameId, $authnRequest->getNameId());
     $this->assertEquals($this->format, $authnRequest->getNameIdFormat());
 }
Exemplo n.º 5
0
 public function createRedirectResponseFor(AuthnRequest $request)
 {
     return new RedirectResponse($request->getDestination() . '?' . $request->buildRequestQuery());
 }