/** * Tests the OneLogin_Saml_Metadata Constructor and the getXml method. * Prepare the object to generate SAML Metadata (initialize settings) * and then generate the Metadata with the getXML method. * * @covers OneLogin_Saml_Metadata * @covers OneLogin_Saml_Metadata::getXml */ public function testMetadata() { $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; $metadata = new OneLogin_Saml_Metadata($settingsInfo); $xmlMetadata = $metadata->getXML(); $this->assertNotEmpty($xmlMetadata); $dom = new DOMDocument(); $dom->loadXML($xmlMetadata); $entityDescriptor = $dom->firstChild; $this->assertEquals('md:EntityDescriptor', $entityDescriptor->tagName); $this->assertTrue($entityDescriptor->hasAttribute('entityID')); $this->assertEquals('http://stuff.com/endpoints/metadata.php', $entityDescriptor->getAttribute('entityID')); $this->assertTrue($entityDescriptor->hasAttribute('validUntil')); $this->assertTrue($entityDescriptor->hasAttribute('cacheDuration')); $this->assertTrue(time() < strtotime($entityDescriptor->getAttribute('validUntil'))); $sspSSONodes = $entityDescriptor->getElementsByTagName('SPSSODescriptor'); $this->assertEquals(1, $sspSSONodes->length); $spSSODescriptor = $sspSSONodes->item(0); $this->assertTrue($spSSODescriptor->hasAttribute('AuthnRequestsSigned')); $this->assertEquals("false", $spSSODescriptor->getAttribute('AuthnRequestsSigned')); $this->assertTrue($spSSODescriptor->hasAttribute('WantAssertionsSigned')); $this->assertEquals("false", $spSSODescriptor->getAttribute('WantAssertionsSigned')); $this->assertTrue($spSSODescriptor->hasAttribute('protocolSupportEnumeration')); $this->assertEquals("urn:oasis:names:tc:SAML:2.0:protocol", $spSSODescriptor->getAttribute('protocolSupportEnumeration')); $nameIdNodes = $entityDescriptor->getElementsByTagName('NameIDFormat'); $this->assertEquals(1, $nameIdNodes->length); $nameID = $nameIdNodes->item(0); $nameIdNodes = $entityDescriptor->getElementsByTagName('NameIDFormat'); $this->assertEquals(1, $nameIdNodes->length); $nameID = $nameIdNodes->item(0); $this->assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified", $nameID->nodeValue); $assertionConsumerServiceNodes = $entityDescriptor->getElementsByTagName('AssertionConsumerService'); $this->assertEquals(1, $assertionConsumerServiceNodes->length); $acs = $assertionConsumerServiceNodes->item(0); $this->assertTrue($acs->hasAttribute('Binding')); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', $acs->getAttribute('Binding')); $this->assertTrue($acs->hasAttribute('Location')); $this->assertEquals('http://stuff.com/endpoints/endpoints/acs.php', $acs->getAttribute('Location')); $this->assertTrue($acs->hasAttribute('index')); $this->assertEquals('1', $acs->getAttribute('index')); $singleLogoutServiceNodes = $entityDescriptor->getElementsByTagName('SingleLogoutService'); $this->assertEquals(1, $singleLogoutServiceNodes->length); $sls = $singleLogoutServiceNodes->item(0); $this->assertTrue($sls->hasAttribute('Binding')); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', $sls->getAttribute('Binding')); $this->assertTrue($sls->hasAttribute('Location')); $this->assertEquals('http://stuff.com/endpoints/endpoints/sls.php', $sls->getAttribute('Location')); }
<?php /** * SAMPLE Code to demonstrate how to handle a SAML assertion response. * * Your IdP will usually want your metadata, you can use this code to generate it once, * or expose it on a URL so your IdP can check it periodically. */ error_reporting(E_ALL); $settings = null; require 'settings.php'; header('Content-Type: text/xml'); $samlMetadata = new OneLogin_Saml_Metadata($settings); echo $samlMetadata->getXml();