/** * Test unmarshalling / marshalling of XML with Extensions element */ public function testExtensionOrdering() { $document = new DOMDocument(); $document->loadXML(<<<AUTHNREQUEST <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_306f8ec5b618f361c70b6ffb1480eade" Version="2.0" IssueInstant="2004-12-05T09:21:59Z" Destination="https://idp.example.org/SAML2/SSO/Artifact" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" AssertionConsumerServiceURL="https://sp.example.com/SAML2/SSO/Artifact"> <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer> <samlp:Extensions> <myns:AttributeList xmlns:myns="urn:mynamespace"> <myns:Attribute name="UserName" value=""/> </myns:AttributeList> </samlp:Extensions> <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/> </samlp:AuthnRequest> AUTHNREQUEST ); $authnRequest = new SAML2_AuthnRequest($document->documentElement); $this->assertXmlStringEqualsXmlString($document->C14N(), $authnRequest->toUnsignedXML()->C14N()); }
public function testMarshalling() { $fixtureRequestDom = new DOMDocument(); $fixtureRequestDom->loadXML(<<<XML <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_bec424fa5103428909a30ff1e31168327f79474984" Version="2.0" IssueInstant="2007-12-10T11:39:34Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://moodle.bridge.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php"> <saml:Issuer>urn:mace:feide.no:services:no.feide.moodle</saml:Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" SPNameQualifier="moodle.bridge.feide.no" AllowCreate="true" /> <samlp:RequestedAuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest> XML , LIBXML_NOBLANKS); $request = new SAML2_AuthnRequest($fixtureRequestDom->firstChild); $context = $request->getRequestedAuthnContext(); $this->assertEquals('_bec424fa5103428909a30ff1e31168327f79474984', $request->getId()); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport', $context['AuthnContextClassRef'][0]); $requestXml = $requestDocument = $request->toUnsignedXML()->ownerDocument->C14N(); $fixtureXml = $fixtureRequestDom->C14N(); $this->assertXmlStringEqualsXmlString($requestXml, $fixtureXml, 'Request after Unmarshalling and re-marshalling remains the same'); }
/** * @return EngineBlock_Corto_Module_Bindings */ private function mockBindingsModule() { $spRequest = new SAML2_AuthnRequest(); $spRequest->setId('SPREQUEST'); $spRequest->setIssuer('testSp'); $spRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($spRequest); $ebRequest = new SAML2_AuthnRequest(); $ebRequest->setId('EBREQUEST'); $ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($ebRequest); $dummyLog = new Psr\Log\NullLogger(); $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($dummyLog); $authnRequestRepository->store($spRequest); $authnRequestRepository->store($ebRequest); $authnRequestRepository->link($ebRequest, $spRequest); $assertion = new SAML2_Assertion(); $assertion->setAttributes(array('urn:org:openconext:corto:internal:sp-entity-id' => array('testSp'), 'urn:mace:dir:attribute-def:cn' => array(null))); $responseFixture = new SAML2_Response(); $responseFixture->setInResponseTo('EBREQUEST'); $responseFixture->setAssertions(array($assertion)); $responseFixture = new EngineBlock_Saml2_ResponseAnnotationDecorator($responseFixture); $responseFixture->setOriginalIssuer('testIdP'); // Mock bindings module /** @var EngineBlock_Corto_Module_Bindings $bindingsModuleMock */ $bindingsModuleMock = Phake::mock('EngineBlock_Corto_Module_Bindings'); Phake::when($bindingsModuleMock)->receiveResponse()->thenReturn($responseFixture); return $bindingsModuleMock; }
public function testToString() { $request = new SAML2_AuthnRequest(); $request->setId('TEST123'); $request->setIssueInstant(0); $annotatedRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($request); $annotatedRequest->setDebug(); $this->assertEquals('{"sspMessage":"<?xml version=\\"1.0\\"?>\\n<samlp:AuthnRequest xmlns:samlp=\\"urn:oasis:names:tc:SAML:2.0:protocol\\" xmlns:saml=\\"urn:oasis:names:tc:SAML:2.0:assertion\\" ID=\\"TEST123\\" Version=\\"2.0\\" IssueInstant=\\"1970-01-01T00:00:00Z\\"\\/>\\n","voContext":null,"keyId":null,"explicitVoContext":true,"wasSigned":false,"debug":true,"unsolicited":false,"transparent":false,"deliverByBinding":null}', $annotatedRequest->__toString()); }
public function testUnmarshalling() { $authnRequest = new SAML2_AuthnRequest(); $authnRequest->setRequestedAuthnContext(array('AuthnContextClassRef' => array('accr1', 'accr2'), 'Comparison' => 'better')); $authnRequestElement = $authnRequest->toUnsignedXML(); $requestedAuthnContextElements = SAML2_Utils::xpQuery($authnRequestElement, './saml_protocol:RequestedAuthnContext'); $this->assertCount(1, $requestedAuthnContextElements); $requestedAuthnConextElement = $requestedAuthnContextElements[0]; $this->assertEquals('better', $requestedAuthnConextElement->getAttribute("Comparison")); $authnContextClassRefElements = SAML2_Utils::xpQuery($requestedAuthnConextElement, './saml_assertion:AuthnContextClassRef'); $this->assertCount(2, $authnContextClassRefElements); $this->assertEquals('accr1', $authnContextClassRefElements[0]->textContent); $this->assertEquals('accr2', $authnContextClassRefElements[1]->textContent); }
/** * @param string $destinationUrl * @param string $assertionConsumerServiceURL * @param string $issuerUrl * @return SAML2_AuthnRequest */ public function create($destinationUrl, $assertionConsumerServiceURL, $issuerUrl) { $request = new SAML2_AuthnRequest(); $request->setDestination($destinationUrl); $request->setAssertionConsumerServiceURL($assertionConsumerServiceURL); $request->setIssuer($issuerUrl); $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST); $request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_TRANSIENT, 'AllowCreate' => true)); return $request; }
/** * @param SAML2_AuthnRequest $authnRequest * @param SimpleSAML_Configuration $idpConfig * @param $nameId * @param $issuer * @param array $attributes * @return SAML2_Response */ public function create(SAML2_AuthnRequest $authnRequest, SimpleSAML_Configuration $idpConfig, $nameId, $issuer, array $attributes) { /* $returnAttributes contains the attributes we should return. Send them. */ $assertion = new SAML2_Assertion(); $assertion->setIssuer($issuer); $assertion->setNameId(array('Value' => $nameId, 'Format' => SAML2_Const::NAMEID_UNSPECIFIED)); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + 5 * 60); // Valid audiences is not required so disabled for now // $assertion->setValidAudiences(array($authnRequest->getIssuer())); $assertion->setAttributes($attributes); $assertion->setAttributeNameFormat(SAML2_Const::NAMEFORMAT_UNSPECIFIED); $assertion->setAuthnContext(SAML2_Const::AC_PASSWORD); $subjectConfirmation = new SAML2_XML_saml_SubjectConfirmation(); $subjectConfirmation->Method = SAML2_Const::CM_BEARER; $subjectConfirmation->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60; $subjectConfirmation->SubjectConfirmationData->Recipient = $authnRequest->getAssertionConsumerServiceURL(); $subjectConfirmation->SubjectConfirmationData->InResponseTo = $authnRequest->getId(); $assertion->setSubjectConfirmation(array($subjectConfirmation)); $response = new SAML2_Response(); $response->setRelayState($authnRequest->getRelayState()); $response->setDestination($authnRequest->getAssertionConsumerServiceURL()); $response->setIssuer($issuer); $response->setInResponseTo($authnRequest->getId()); $response->setAssertions(array($assertion)); $this->addSigns($response, $idpConfig); return $response; }
/** * @param string $samlMessageXml * @param string $class * @return SAML_Message */ public function deserialize($samlMessageXml, $class) { $elementName = $this->getElementForClass($class); $document = new DOMDocument(); $document->loadXML($samlMessageXml); $messageDomElement = $document->getElementsByTagNameNs('urn:oasis:names:tc:SAML:2.0:protocol', $elementName)->item(0); if ($class === 'SAML2_AuthnRequest') { return SAML2_AuthnRequest::fromXML($messageDomElement); } else { if ($class === 'SAML2_Response') { return SAML2_Response::fromXML($messageDomElement); } } throw new EngineBlock_Exception('Unknown message type for deserialization?'); }
/** * @return EngineBlock_Saml2_AuthnRequestAnnotationDecorator */ protected function _createDebugRequest() { $sspRequest = new SAML2_AuthnRequest(); $sspRequest->setId($this->_server->getNewId(\OpenConext\Component\EngineBlockFixtures\IdFrame::ID_USAGE_SAML2_REQUEST)); $sspRequest->setIssuer($this->_server->getUrl('spMetadataService')); $request = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($sspRequest); $request->setDebug(); return $request; }
/** * Build an authentication request based on information in the metadata. * * @param SimpleSAML_Configuration $spMetadata The metadata of the service provider. * @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider. */ public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata) { $ar = new SAML2_AuthnRequest(); if ($spMetadata->hasValue('NameIDPolicy')) { $nameIdPolicy = $spMetadata->getString('NameIDPolicy', NULL); } else { $nameIdPolicy = $spMetadata->getString('NameIDFormat', SAML2_Const::NAMEID_TRANSIENT); } if ($nameIdPolicy !== NULL) { $ar->setNameIdPolicy(array('Format' => $nameIdPolicy, 'AllowCreate' => TRUE)); } $ar->setIssuer($spMetadata->getString('entityid')); $ar->setDestination($idpMetadata->getString('SingleSignOnService')); $ar->setForceAuthn($spMetadata->getBoolean('ForceAuthn', FALSE)); $ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE)); if ($spMetadata->hasValue('AuthnContextClassRef')) { $accr = $spMetadata->getArrayizeString('AuthnContextClassRef'); $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr)); } self::addRedirectSign($spMetadata, $idpMetadata, $ar); return $ar; }
/** * launchkey_form - login form for wp-login.php * * @since 1.1.0 * * @param string $class A space separated list of classes to set on the "class" attribute of a containing DIV for the login button * @param string $id The value to set on the "id" attribute of a containing DIV for the login button * @param string $style A string of HTML style code tto set on the "style" attribute of a containing DIV for the login button */ public function launchkey_form($class = '', $id = '', $style = '') { if (isset($_GET['launchkey_error'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'The LaunchKey request was denied or an issue was detected during authentication. Please try again.'))); } elseif (isset($_GET['launchkey_ssl_error'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was an error trying to request the LaunchKey servers. If this persists you may need to disable SSL verification.'))); } elseif (isset($_GET['launchkey_security'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was a security issue detected and you have been logged out for your safety. Log back in to ensure a secure session.'))); } $container = SAML2_Utils::getContainer(); $request = new SAML2_AuthnRequest(); $request->setId($container->generateId()); //$request->setProviderName( parse_url( $this->wp_facade->home_url( '/' ), PHP_URL_HOST ) ); $request->setDestination($this->login_url); $request->setIssuer($this->entity_id); $request->setRelayState($this->wp_facade->admin_url()); $request->setAssertionConsumerServiceURL($this->wp_facade->wp_login_url()); $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST); $request->setIsPassive(false); $request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true)); // Send it off using the HTTP-Redirect binding $binding = new SAML2_HTTPRedirect(); $binding->setDestination($this->login_url); $this->wp_facade->_echo($this->template->render_template('launchkey-form', array('class' => $class, 'id' => $id, 'style' => $style, 'login_url' => $binding->getRedirectURL($request), 'login_text' => 'Log in with', 'login_with_app_name' => 'LaunchKey', 'size' => in_array($this->wp_facade->get_locale(), array('fr_FR', 'es_ES')) ? 'small' : 'medium'))); }
/** * Build an authentication request based on information in the metadata. * * @param SimpleSAML_Configuration $spMetadata The metadata of the service provider. * @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider. */ public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata) { $ar = new SAML2_AuthnRequest(); // get the NameIDPolicy to apply. IdP metadata has precedence. $nameIdPolicy = array(); if ($idpMetadata->hasValue('NameIDPolicy')) { $nameIdPolicy = $idpMetadata->getValue('NameIDPolicy'); } elseif ($spMetadata->hasValue('NameIDPolicy')) { $nameIdPolicy = $spMetadata->getValue('NameIDPolicy'); } if (!is_array($nameIdPolicy)) { // handle old configurations where 'NameIDPolicy' was used to specify just the format $nameIdPolicy = array('Format' => $nameIdPolicy); } $nameIdPolicy_cf = SimpleSAML_Configuration::loadFromArray($nameIdPolicy); $policy = array('Format' => $nameIdPolicy_cf->getString('Format', SAML2_Const::NAMEID_TRANSIENT), 'AllowCreate' => $nameIdPolicy_cf->getBoolean('AllowCreate', true)); $spNameQualifier = $nameIdPolicy_cf->getString('SPNameQualifier', false); if ($spNameQualifier !== false) { $policy['SPNameQualifier'] = $spNameQualifier; } $ar->setNameIdPolicy($policy); $ar->setForceAuthn($spMetadata->getBoolean('ForceAuthn', FALSE)); $ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE)); $protbind = $spMetadata->getValueValidate('ProtocolBinding', array(SAML2_Const::BINDING_HTTP_POST, SAML2_Const::BINDING_HOK_SSO, SAML2_Const::BINDING_HTTP_ARTIFACT, SAML2_Const::BINDING_HTTP_REDIRECT), SAML2_Const::BINDING_HTTP_POST); /* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */ $ar->setProtocolBinding($protbind); $ar->setIssuer($spMetadata->getString('entityid')); $ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', NULL)); $ar->setAttributeConsumingServiceIndex($spMetadata->getInteger('AttributeConsumingServiceIndex', NULL)); if ($spMetadata->hasValue('AuthnContextClassRef')) { $accr = $spMetadata->getArrayizeString('AuthnContextClassRef'); $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr)); } self::addRedirectSign($spMetadata, $idpMetadata, $ar); return $ar; }
/** * Test for setting IDPEntry values via setIDPList. * Tests legacy support (single string), array of attributes, and skipping of unknown attributes. */ public function testIDPlistAttributes() { // basic AuthnRequest $request = new SAML2_AuthnRequest(); $request->setIssuer('https://gateway.example.org/saml20/sp/metadata'); $request->setDestination('https://tiqr.example.org/idp/profile/saml2/Redirect/SSO'); $request->setIDPList(array('Legacy1', array('ProviderID' => 'http://example.org/AAP', 'Name' => 'N00T', 'Loc' => 'https://mies'), array('ProviderID' => 'urn:example:1', 'Name' => 'Voorbeeld', 'Something' => 'Else'))); $expectedStructureDocument = new DOMDocument(); $expectedStructureDocument->loadXML(<<<AUTHNREQUEST <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="" Version="" IssueInstant="" Destination=""> <saml:Issuer></saml:Issuer> <samlp:Scoping><samlp:IDPList> <samlp:IDPEntry ProviderID="Legacy1"/> <samlp:IDPEntry ProviderID="http://example.org/AAP" Name="N00T" Loc="https://mies"/> <samlp:IDPEntry ProviderID="urn:example:1" Name="Voorbeeld"/> </samlp:IDPList></samlp:Scoping> </samlp:AuthnRequest> AUTHNREQUEST ); $expectedStructure = $expectedStructureDocument->documentElement; $requestStructure = $request->toUnsignedXML(); $this->assertEqualXMLStructure($expectedStructure, $requestStructure); }
private function mockGlobals() { $_POST['ID'] = 'test'; $_POST['consent'] = 'yes'; $assertion = new SAML2_Assertion(); $assertion->setAttributes(array('urn:mace:dir:attribute-def:mail' => '*****@*****.**')); $spRequest = new SAML2_AuthnRequest(); $spRequest->setId('SPREQUEST'); $spRequest->setIssuer('https://sp.example.edu'); $spRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($spRequest); $ebRequest = new SAML2_AuthnRequest(); $ebRequest->setId('EBREQUEST'); $ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($ebRequest); $dummySessionLog = new Psr\Log\NullLogger(); $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($dummySessionLog); $authnRequestRepository->store($spRequest); $authnRequestRepository->store($ebRequest); $authnRequestRepository->link($ebRequest, $spRequest); $sspResponse = new SAML2_Response(); $sspResponse->setInResponseTo('EBREQUEST'); $sspResponse->setAssertions(array($assertion)); $_SESSION['consent']['test']['response'] = new EngineBlock_Saml2_ResponseAnnotationDecorator($sspResponse); }
/** * @return string[] EntityIds in Scoping > RequesterID element. */ public function getRequesterIds() { return $this->sspMessage->getRequesterID(); }
/** * Build an authentication request based on information in the metadata. * * @param SimpleSAML_Configuration $spMetadata The metadata of the service provider. * @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider. */ public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata) { $ar = new SAML2_AuthnRequest(); if ($spMetadata->hasValue('NameIDPolicy')) { $nameIdPolicy = $spMetadata->getString('NameIDPolicy', NULL); } else { $nameIdPolicy = $spMetadata->getString('NameIDFormat', SAML2_Const::NAMEID_TRANSIENT); } if ($nameIdPolicy !== NULL) { $ar->setNameIdPolicy(array('Format' => $nameIdPolicy, 'AllowCreate' => TRUE)); } $ar->setForceAuthn($spMetadata->getBoolean('ForceAuthn', FALSE)); $ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE)); $protbind = $spMetadata->getValueValidate('ProtocolBinding', array(SAML2_Const::BINDING_HTTP_POST, SAML2_Const::BINDING_HOK_SSO, SAML2_Const::BINDING_HTTP_ARTIFACT, SAML2_Const::BINDING_HTTP_REDIRECT), SAML2_Const::BINDING_HTTP_POST); /* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */ $ar->setProtocolBinding($protbind); $ar->setIssuer($spMetadata->getString('entityid')); $ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', NULL)); $ar->setAttributeConsumingServiceIndex($spMetadata->getInteger('AttributeConsumingServiceIndex', NULL)); if ($spMetadata->hasValue('AuthnContextClassRef')) { $accr = $spMetadata->getArrayizeString('AuthnContextClassRef'); $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr)); } self::addRedirectSign($spMetadata, $idpMetadata, $ar); return $ar; }
/** * Due to the fact that the symmetric key is generated each time, we cannot test whether or not the resulting XML * matches a specific XML, but we can test whether or not the resulting structure is actually correct, conveying * all information required to decrypt the NameId. */ public function testThatAnEncryptedNameIdResultsInTheCorrectXmlStructure() { // the NameID we're going to encrypt $nameId = array('Value' => md5('Arthur Dent'), 'Format' => SAML2_Const::NAMEID_ENCRYPTED); // basic AuthnRequest $request = new SAML2_AuthnRequest(); $request->setIssuer('https://gateway.stepup.org/saml20/sp/metadata'); $request->setDestination('https://tiqr.stepup.org/idp/profile/saml2/Redirect/SSO'); $request->setNameId($nameId); // encrypt the NameID $key = SAML2_CertificatesMock::getPublicKey(); $request->encryptNameId($key); $expectedStructureDocument = new DOMDocument(); $expectedStructureDocument->loadXML(<<<AUTHNREQUEST <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="" Version="" IssueInstant="" Destination=""> <saml:Issuer></saml:Issuer> <saml:Subject> <saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <xenc:CipherData> <xenc:CipherValue></xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue></xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </saml:EncryptedID> </saml:Subject> </samlp:AuthnRequest> AUTHNREQUEST ); $expectedStructure = $expectedStructureDocument->documentElement; $requestStructure = $request->toUnsignedXML(); $this->assertEqualXMLStructure($expectedStructure, $requestStructure); }
/** * @depends test_login_url_has_valid_auth_request * @param SAML2_AuthnRequest $request */ public function test_login_url_request_name_id_policy_format_as_persistent_and_allow_create_as_true(SAML2_AuthnRequest $request) { $this->assertEquals(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true), $request->getNameIdPolicy()); }