/** * Send an authenticationResponse using HTTP-POST. * * @param string $response The response which should be sent. * @param array $idpmd The metadata of the IdP which is sending the response. * @param array $spmd The metadata of the SP which is receiving the response. * @param string|NULL $relayState The relaystate for the SP. * @param string $shire The shire which should receive the response. */ public function sendResponse($response, $idpmd, $spmd, $relayState, $shire) { SimpleSAML_Utilities::validateXMLDocument($response, 'saml11'); $privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd, TRUE); $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE); $responsedom = new DOMDocument(); $responsedom->loadXML(str_replace("\r", "", $response)); $responseroot = $responsedom->getElementsByTagName('Response')->item(0); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); /* Determine what we should sign - either the Response element or the Assertion. The default * is to sign the Assertion, but that can be overridden by the 'signresponse' option in the * SP metadata or 'saml20.signresponse' in the global configuration. */ $signResponse = FALSE; if (array_key_exists('signresponse', $spmd) && $spmd['signresponse'] !== NULL) { $signResponse = $spmd['signresponse']; if (!is_bool($signResponse)) { throw new Exception('Expected the \'signresponse\' option in the metadata of the' . ' SP \'' . $spmd['entityid'] . '\' to be a boolean value.'); } } else { $signResponse = $this->configuration->getBoolean('shib13.signresponse', TRUE); } /* Check if we have an assertion to sign. Force to sign the response if not. */ if ($firstassertionroot === NULL) { $signResponse = TRUE; } $signer = new SimpleSAML_XML_Signer(array('privatekey_array' => $privatekey, 'publickey_array' => $publickey, 'id' => $signResponse ? 'ResponseID' : 'AssertionID')); if (array_key_exists('certificatechain', $idpmd)) { $signer->addCertificate($idpmd['certificatechain']); } if ($signResponse) { /* Sign the response - this must be done after encrypting the assertion. */ /* We insert the signature before the saml2p:Status element. */ $statusElements = SimpleSAML_Utilities::getDOMChildren($responseroot, 'Status', '@saml1p'); assert('count($statusElements) === 1'); $signer->sign($responseroot, $responseroot, $statusElements[0]); } else { /* Sign the assertion */ $signer->sign($firstassertionroot, $firstassertionroot); } $response = $responsedom->saveXML(); if ($this->configuration->getBoolean('debug', FALSE)) { $p = new SimpleSAML_XHTML_Template($this->configuration, 'post-debug.php'); $p->data['header'] = 'SAML (Shibboleth 1.3) Response Debug-mode'; $p->data['RelayStateName'] = 'TARGET'; $p->data['RelayState'] = $relayState; $p->data['destination'] = $shire; $p->data['response'] = str_replace("\n", "", base64_encode($response)); $p->data['responseHTML'] = htmlspecialchars(SimpleSAML_Utilities::formatXMLString($response)); $p->show(); } else { SimpleSAML_Utilities::postRedirect($shire, array('TARGET' => $relayState, 'SAMLResponse' => base64_encode($response))); } }
/** * Send an authenticationResponse using HTTP-POST. * * @param string $response The response which should be sent. * @param SimpleSAML_Configuration $idpmd The metadata of the IdP which is sending the response. * @param SimpleSAML_Configuration $spmd The metadata of the SP which is receiving the response. * @param string|NULL $relayState The relaystate for the SP. * @param string $shire The shire which should receive the response. */ public function sendResponse($response, SimpleSAML_Configuration $idpmd, SimpleSAML_Configuration $spmd, $relayState, $shire) { SimpleSAML_Utilities::validateXMLDocument($response, 'saml11'); $privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd, TRUE); $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE); $responsedom = new DOMDocument(); $responsedom->loadXML(str_replace("\r", "", $response)); $responseroot = $responsedom->getElementsByTagName('Response')->item(0); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); /* Determine what we should sign - either the Response element or the Assertion. The default * is to sign the Assertion, but that can be overridden by the 'signresponse' option in the * SP metadata or 'saml20.signresponse' in the global configuration. */ $signResponse = FALSE; if ($spmd->hasValue('signresponse')) { $signResponse = $spmd->getBoolean['signresponse']; } else { $signResponse = $this->configuration->getBoolean('shib13.signresponse', TRUE); } /* Check if we have an assertion to sign. Force to sign the response if not. */ if ($firstassertionroot === NULL) { $signResponse = TRUE; } $signer = new SimpleSAML_XML_Signer(array('privatekey_array' => $privatekey, 'publickey_array' => $publickey, 'id' => $signResponse ? 'ResponseID' : 'AssertionID')); if ($idpmd->hasValue('certificatechain')) { $signer->addCertificate($idpmd->getString('certificatechain')); } if ($signResponse) { /* Sign the response - this must be done after encrypting the assertion. */ /* We insert the signature before the saml2p:Status element. */ $statusElements = SimpleSAML_Utilities::getDOMChildren($responseroot, 'Status', '@saml1p'); assert('count($statusElements) === 1'); $signer->sign($responseroot, $responseroot, $statusElements[0]); } else { /* Sign the assertion */ $signer->sign($firstassertionroot, $firstassertionroot); } $response = $responsedom->saveXML(); SimpleSAML_Utilities::debugMessage($response, 'out'); SimpleSAML_Utilities::postRedirect($shire, array('TARGET' => $relayState, 'SAMLResponse' => base64_encode($response))); }
/** * Send a SAML 2 message using the HTTP-POST binding. * * Note: This function never returns. * * @param SAML2_Message $message The message we should send. */ public function send(SAML2_Message $message) { if ($this->destination === NULL) { $destination = $message->getDestination(); } else { $destination = $this->destination; } $relayState = $message->getRelayState(); $msgStr = $message->toSignedXML(); $msgStr = $msgStr->ownerDocument->saveXML($msgStr); SimpleSAML_Utilities::debugMessage($msgStr, 'out'); $msgStr = base64_encode($msgStr); if ($message instanceof SAML2_Request) { $msgType = 'SAMLRequest'; } else { $msgType = 'SAMLResponse'; } $post = array(); $post[$msgType] = $msgStr; if ($relayState !== NULL) { $post['RelayState'] = $relayState; } SimpleSAML_Utilities::postRedirect($destination, $post); }
/** * Helper function for sending CDC messages. * * @param string $to The URL the message should be delivered to. * @param string $parameter The query parameter the message should be sent in. * @param array $message The CDC message. */ private function send($to, $parameter, array $message) { assert('is_string($to)'); assert('is_string($parameter)'); $message['timestamp'] = time(); $message = json_encode($message); $message = base64_encode($message); $signature = $this->calcSignature($message); $params = array($parameter => $message, 'Signature' => $signature); $url = SimpleSAML_Utilities::addURLparameter($to, $params); if (strlen($url) < 2048) { SimpleSAML_Utilities::redirectTrustedURL($url); } else { SimpleSAML_Utilities::postRedirect($to, $params); } }
public function postRedirect($url, $data = array()) { SimpleSAML_Utilities::postRedirect($url, $data); }
<?php /** * This page provides a way to create a redirect to a POST request. * * @package simpleSAMLphp * @version $Id$ */ if (!array_key_exists('RedirId', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing RedirId parameter.'); } $id = $_REQUEST['RedirId']; $session = SimpleSAML_Session::getInstance(); $postData = $session->getData('core_postdatalink', $id); if ($postData === NULL) { /* The post data is missing, probably because it timed out. */ throw new Exception('The POST data we should restore was lost.'); } assert('is_array($postData)'); assert('array_key_exists("url", $postData)'); assert('array_key_exists("post", $postData)'); $url = $postData['url']; $post = $postData['post']; SimpleSAML_Utilities::postRedirect($url, $post);