Пример #1
0
 public function test_logout_response_with_xsd()
 {
     $logoutResponse = new LogoutResponse();
     $logoutResponse->setInResponseTo(Helper::generateID())->setStatus(new Status(new StatusCode(SamlConstants::STATUS_SUCCESS), 'Successfully logged out from service'))->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://destination.com')->setIssuer(new Issuer('https://issuer.com'));
     $this->sign($logoutResponse);
     $this->validateProtocol($logoutResponse);
 }
Пример #2
0
 /**
  * @param  string $email
  * @param  string $message_id
  * @return string
  */
 public function send($email, $message_id)
 {
     $message = $this->saml_data_manager->get($message_id);
     if (!$message) {
         if ($this->logger) {
             $this->logger->error("Saml message with id {$message_id} not found or expired");
         }
         throw new RuntimeException('Authentication message does not exist');
     }
     $this->saml_data_manager->delete($message_id);
     $response = new Response();
     $assertion = new Assertion();
     $response->addAssertion($assertion)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($message->getAssertionConsumerServiceURL())->setIssuer(new Issuer($message->getIssuer()->getValue()));
     $assertion->setId(Helper::generateID())->setIssueInstant(new DateTime())->setIssuer(new Issuer($message->getIssuer()->getValue()))->setSubject((new Subject())->setNameID(new NameID($email, SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo($message->getID())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->setRecipient($message->getAssertionConsumerServiceURL()))))->setConditions((new Conditions())->setNotBefore(new DateTime())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->addItem(new AudienceRestriction([$message->getAssertionConsumerServiceURL()])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, $email)))->addItem((new AuthnStatement())->setAuthnInstant(new DateTime('-10 MINUTE'))->setSessionIndex($message_id)->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
     $certificate = X509Certificate::fromFile($this->saml_crt);
     $private_key = KeyHelper::createPrivateKey($this->saml_key, '', true);
     $response->setSignature(new SignatureWriter($certificate, $private_key));
     $binding_factory = new BindingFactory();
     $post_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_POST);
     $message_context = new MessageContext();
     $message_context->setMessage($response);
     /** @var SymfonyResponse $http_response */
     $http_response = $post_binding->send($message_context);
     return $http_response->getContent();
 }
Пример #3
0
 /**
  * @return string|null
  */
 public function getNotOnOrAfterString()
 {
     if ($this->notOnOrAfter) {
         return Helper::time2string($this->notOnOrAfter);
     }
     return null;
 }
Пример #4
0
 public function test_authn_request_with_xsd()
 {
     $authnRequest = new AuthnRequest();
     $authnRequest->setAssertionConsumerServiceURL('https://sp.com/acs')->setNameIDPolicy(new NameIDPolicy(SamlConstants::NAME_ID_FORMAT_EMAIL, true))->setProtocolBinding(SamlConstants::PROTOCOL_SAML2)->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://idp.com/destination')->setIssuer(new Issuer('https://sp.com'));
     $this->sign($authnRequest);
     $this->validateProtocol($authnRequest);
 }
Пример #5
0
 public function test_logout_request_with_xsd()
 {
     $logoutRequest = new LogoutRequest();
     $logoutRequest->setNameID(new NameID('*****@*****.**', SamlConstants::NAME_ID_FORMAT_EMAIL))->setSessionIndex(Helper::generateID())->setNotOnOrAfter(new \DateTime('+2 minute'))->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://destination.com')->setIssuer(new Issuer('https://issuer.com'));
     $this->sign($logoutRequest);
     $this->validateProtocol($logoutRequest);
 }
Пример #6
0
 public function test_success_response_with_xsd()
 {
     $response = new Response();
     $response->setStatus(new Status(new StatusCode(SamlConstants::STATUS_SUCCESS)))->setInResponseTo(Helper::generateID())->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://idp.com'));
     $response->addAssertion($assertion = new Assertion());
     $assertion->setId(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://idp.com'))->setSubject((new Subject())->setNameID(new NameID('*****@*****.**', SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo(Helper::generateID())->setNotOnOrAfter(new \DateTime('+1 hour'))->setRecipient('https://sp.com/acs'))))->setConditions((new Conditions())->setNotBefore(new \DateTime())->setNotOnOrAfter(new \DateTime('+1 hour'))->addItem(new AudienceRestriction(['https://sp.com/acs'])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, '*****@*****.**')))->addItem((new AuthnStatement())->setAuthnInstant(new \DateTime('-1 hour'))->setSessionIndex(Helper::generateID())->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
     $this->sign($assertion);
     $this->sign($response);
     $this->validateProtocol($response);
 }
Пример #7
0
 protected function validateSubjectConfirmationData(SubjectConfirmationData $subjectConfirmationData)
 {
     if ($subjectConfirmationData->getRecipient()) {
         if (false == Helper::validateWellFormedUriString($subjectConfirmationData->getRecipient())) {
             throw new LightSamlValidationException('Recipient of SubjectConfirmationData must be a wellformed absolute URI.');
         }
     }
     if ($subjectConfirmationData->getNotBeforeTimestamp() && $subjectConfirmationData->getNotOnOrAfterTimestamp() && $subjectConfirmationData->getNotBeforeTimestamp() >= $subjectConfirmationData->getNotOnOrAfterTimestamp()) {
         throw new LightSamlValidationException('SubjectConfirmationData NotBefore MUST be less than NotOnOrAfter');
     }
 }
 public function test_entity_descriptor_with_xsd()
 {
     $entityDescriptor = new EntityDescriptor();
     $entityDescriptor->setID(Helper::generateID())->setEntityID('https://idp.com');
     $entityDescriptor->addItem($idpSsoDescriptor = new IdpSsoDescriptor());
     $idpSsoDescriptor->addAttribute((new Attribute(ClaimTypes::EMAIL_ADDRESS))->setNameFormat('urn:oasis:names:tc:SAML:2.0:attrname-format:uri')->setFriendlyName('Email address'))->addSingleSignOnService(new SingleSignOnService('https://idp.com/login', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleSignOnService(new SingleSignOnService('https://idp.com/login', SamlConstants::BINDING_SAML2_HTTP_REDIRECT))->addSingleLogoutService(new SingleLogoutService('https://idp.com/logout', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleLogoutService(new SingleLogoutService('https://idp.com/logout', SamlConstants::BINDING_SAML2_HTTP_REDIRECT))->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_EMAIL)->setProtocolSupportEnumeration(SamlConstants::PROTOCOL_SAML2)->addKeyDescriptor(new KeyDescriptor(UsageType::SIGNING, $this->getX509Certificate()))->addKeyDescriptor(new KeyDescriptor(UsageType::ENCRYPTION, $this->getX509Certificate()));
     $entityDescriptor->addItem($spSsoDescriptor = new SpSsoDescriptor());
     $spSsoDescriptor->addAssertionConsumerService(new AssertionConsumerService('https://sp.com/acs', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleLogoutService(new SingleLogoutService('https://sp.com/logout', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleLogoutService(new SingleLogoutService('https://sp.com/logout', SamlConstants::BINDING_SAML2_HTTP_REDIRECT))->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_EMAIL)->setProtocolSupportEnumeration(SamlConstants::PROTOCOL_SAML2)->addKeyDescriptor(new KeyDescriptor(UsageType::SIGNING, $this->getX509Certificate()))->addKeyDescriptor(new KeyDescriptor(UsageType::ENCRYPTION, $this->getX509Certificate()));
     $entityDescriptor->addContactPerson((new ContactPerson())->setContactType(ContactPerson::TYPE_SUPPORT)->setEmailAddress('*****@*****.**'))->addOrganization((new Organization())->setOrganizationName('Org name')->setOrganizationDisplayName('Org display name')->setOrganizationURL('https://idp.com'));
     $this->sign($entityDescriptor);
     $this->validateMetadata($entityDescriptor);
 }
Пример #9
0
 public function test_receive_response_profile()
 {
     $buildContainer = $this->getBuildContainer('_1db06e4f91d3997b7ed3285a59f77028071db2dc5f', new TimeProviderMock(new \DateTime('@' . Helper::parseSAMLTime('2015-11-22T15:37:14Z'), new \DateTimeZone('UTC'))));
     $builder = new \LightSaml\Builder\Profile\WebBrowserSso\Sp\SsoSpReceiveResponseProfileBuilder($buildContainer);
     $context = $builder->buildContext();
     $action = $builder->buildAction();
     $request = Request::create('https://localhost/lightsaml/lightSAML/web/sp/acs.php', 'POST', ['SAMLResponse' => $this->getSamlResponseCode()]);
     $context->getHttpRequestContext()->setRequest($request);
     $action->execute($context);
     /** @var Response $response */
     $response = $context->getInboundMessage();
     $this->assertInstanceOf(Response::class, $response);
     $this->assertCount(1, $response->getAllAssertions());
     $this->assertEquals('*****@*****.**', $response->getFirstAssertion()->getFirstAttributeStatement()->getFirstAttributeByName(ClaimTypes::EMAIL_ADDRESS)->getFirstAttributeValue());
 }
Пример #10
0
 /**
  * @param Assertion $assertion
  * @param int       $now
  * @param int       $allowedSecondsSkew
  */
 protected function validateSubject(Assertion $assertion, $now, $allowedSecondsSkew)
 {
     if (false == $assertion->getSubject()) {
         return;
     }
     foreach ($assertion->getSubject()->getAllSubjectConfirmations() as $subjectConfirmation) {
         if ($subjectConfirmation->getSubjectConfirmationData()) {
             if (false == Helper::validateNotBefore($subjectConfirmation->getSubjectConfirmationData()->getNotBeforeTimestamp(), $now, $allowedSecondsSkew)) {
                 throw new LightSamlValidationException('SubjectConfirmationData.NotBefore must not be in the future');
             }
             if (false == Helper::validateNotOnOrAfter($subjectConfirmation->getSubjectConfirmationData()->getNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) {
                 throw new LightSamlValidationException('SubjectConfirmationData.NotOnOrAfter must not be in the past');
             }
         }
     }
 }
Пример #11
0
 /**
  * Get saml authnRequest.
  *
  * @param  string $consumer_service_url
  * @param  string $idp_destination
  * @param  string $issuer
  * @param  string $saml_crt
  * @param  string $saml_key
  * @return string
  */
 public function getAuthnRequest($consumer_service_url, $idp_destination, $issuer, $saml_crt, $saml_key)
 {
     $authn_request = new AuthnRequest();
     $authn_request->setAssertionConsumerServiceURL($consumer_service_url)->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($idp_destination)->setIssuer(new Issuer($issuer));
     $certificate = new X509Certificate();
     $certificate->loadPem($saml_crt);
     $private_key = KeyHelper::createPrivateKey($saml_key, '', false);
     $authn_request->setSignature(new SignatureWriter($certificate, $private_key));
     $serialization_context = new SerializationContext();
     $authn_request->serialize($serialization_context->getDocument(), $serialization_context);
     $binding_factory = new BindingFactory();
     $redirect_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT);
     $message_context = new MessageContext();
     $message_context->setMessage($authn_request);
     /** @var \Symfony\Component\HttpFoundation\RedirectResponse $http_response */
     $http_response = $redirect_binding->send($message_context);
     return $http_response->getTargetUrl();
 }
Пример #12
0
 /**
  * @dataProvider notOnOrAfterProvider
  */
 public function test__validate_not_on_or_after($notOnOrAfter, $now, $allowedSecondsSkew, $expected)
 {
     $this->assertEquals($expected, Helper::validateNotOnOrAfter($notOnOrAfter, $now, $allowedSecondsSkew));
 }
<?php

require_once __DIR__ . '/../autoload.php';
$authnRequest = new \LightSaml\Model\Protocol\AuthnRequest();
$authnRequest->setAssertionConsumerServiceURL('https://my.site/acs')->setProtocolBinding(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST)->setID(\LightSaml\Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://idp.com/login')->setIssuer(new \LightSaml\Model\Assertion\Issuer('https://my.entity.id'));
$expectedXmlOutput = <<<EOT
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7"
    Version="2.0"
    IssueInstant="2015-10-10T15:26:20Z"
    Destination="https://idp.com/login"
    AssertionConsumerServiceURL="https://my.site/acs"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>
    <saml:Issuer>https://my.entity.id</saml:Issuer>
</samlp:AuthnRequest>
EOT
;
Пример #14
0
 /**
  * @param AudienceRestriction $item
  *
  * @throws LightSamlValidationException
  */
 protected function validateAudienceRestriction(AudienceRestriction $item)
 {
     if (false == $item->getAllAudience()) {
         return;
     }
     foreach ($item->getAllAudience() as $audience) {
         if (false == Helper::validateWellFormedUriString($audience)) {
             throw new LightSamlValidationException('AudienceRestriction MUST BE a wellformed uri');
         }
     }
 }
Пример #15
0
 /**
  * @param Attribute $attribute
  *
  * @throws LightSamlValidationException
  *
  * @return void
  */
 private function validateAttribute(Attribute $attribute)
 {
     if (false == Helper::validateRequiredString($attribute->getName())) {
         throw new LightSamlValidationException('Name attribute of Attribute element MUST contain at least one non-whitespace character');
     }
 }
Пример #16
0
 /**
  * @return string|null
  */
 public function getIssueInstantString()
 {
     if ($this->issueInstant) {
         return Helper::time2string($this->issueInstant);
     }
     return null;
 }
 /**
  * @param SamlMessage $message
  */
 private function verify(SamlMessage $message)
 {
     $message->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://mydomain.com'));
     $xml = $this->signAndSerialize($message);
     $this->deserializeAndVerify($xml, get_class($message));
 }
<?php

require_once __DIR__ . '/../autoload.php';
$entityDescriptor = new \LightSaml\Model\Metadata\EntityDescriptor();
$entityDescriptor->setID(\LightSaml\Helper::generateID())->setEntityID('http://some.entity.id');
$entityDescriptor->addItem($spSsoDescriptor = (new \LightSaml\Model\Metadata\SpSsoDescriptor())->setWantAssertionsSigned(true));
$spSsoDescriptor->addKeyDescriptor($keyDescriptor = (new \LightSaml\Model\Metadata\KeyDescriptor())->setUse(\LightSaml\Model\Metadata\KeyDescriptor::USE_SIGNING)->setCertificate(\LightSaml\Credential\X509Certificate::fromFile('/path/to/file.crt')));
$spSsoDescriptor->addAssertionConsumerService($acs = (new \LightSaml\Model\Metadata\AssertionConsumerService())->setBinding(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST)->setLocation('https://my.site/saml/acs'));
$expectedSerializaedXml = <<<EOT
<EntityDescriptor ID="_2240bd9c-30c4-4d2a-ab3e-87a94ea334fd" entityID="http://some.entity.id" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
    <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <KeyDescriptor use="signing">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
                    <X509Certificate>
                        MIIC0jCCAbqgAwIBAgIQGFT6omLmWbhAD65bM40rGzANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDExpBREZTIFNpZ25pbmcgLSBCMS5iZWFkLmxvYzAeFw0xMzEwMDkxNDUyMDVaFw0xNDEwMDkxNDUyMDVaMCUxIzAhBgNVBAMTGkFERlMgU2lnbmluZyAtIEIxLmJlYWQubG9jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGKV64+63lpqdPmCTZ0kt/yKr8xukR1Y071SlmRVV5sSFhTe8cjylPqqxdyEBrfPhpL6vwFQyKfDhuM8T9E+BW5fUdoXO4WmIHrLOxV/BzKv2rDGidlCFzDSQPDxPH2RdQkMBksiauIMSHIYXB92rO4fkcsTgQ6cc+PZp4M3Z/jR1mcxQzz9RQk3I9w2OtI9xcv+uDC5mQU0ZWVHc99VSFQt+zshduwIqxQdHvMdTRslso+oCLEQom42pGCD8TksQTGw4sB7Ctb0mgXdfy0PDIznfi2oDBGtPY2Hkms6/n9xoyCynQea0YYXcpEe7lAvs+t6Lq+ZaKp2kUaa2x8d+QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfwlmaN1iPg0gNiqdVphJjWnzpV4h6/Mz3L0xYzNQeglWCDKCKuajQfmo/AQBErtOWZJsP8avzK79gNRqFHXF6CirjGnL6WO+S6Ug1hvy3xouOxOkIYgZsbmcNL2XO1hIxP4z/QWPthotp3FSUTae2hFBHuy4Gtb+9d9a60GDtgrHnfgVeCTE7CSiaI/D/51JNbtpg2tCpcEzMQgPkQqb8E+V79xc0dnEcI5cBaS6eYgkJgS5gKIMbwaJ/VxzCVGIKwFjFnJedJ5N7zH7OVwor56Q7nuKD7X4yFY9XR3isjGnwXveh9E4d9wD4CMl52AHJpsYsToXsi3eRvApDV/PE
                    </X509Certificate>
                </X509Data>
            </KeyInfo>
        </KeyDescriptor>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://my.site/saml/acs"/>
    </SPSSODescriptor>
</EntityDescriptor>
EOT
;
Пример #19
0
 protected function prepareForXml()
 {
     if (false == $this->getId()) {
         $this->setId(Helper::generateID());
     }
     if (false == $this->getIssueInstantTimestamp()) {
         $this->setIssueInstant(time());
     }
 }
Пример #20
0
<?php

require_once __DIR__ . '/../autoload.php';
$response = new \LightSaml\Model\Protocol\Response();
$response->addAssertion($assertion = new \LightSaml\Model\Assertion\Assertion())->setStatus(new \LightSaml\Model\Protocol\Status(new \LightSaml\Model\Protocol\StatusCode(\LightSaml\SamlConstants::STATUS_SUCCESS)))->setID(\LightSaml\Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://sp.com/acs')->setIssuer(new \LightSaml\Model\Assertion\Issuer('https://idp.com'));
$assertion->setId(\LightSaml\Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new \LightSaml\Model\Assertion\Issuer('https://idp.com'))->setSubject((new \LightSaml\Model\Assertion\Subject())->setNameID(new \LightSaml\Model\Assertion\NameID('email.domain.com', \LightSaml\SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new \LightSaml\Model\Assertion\SubjectConfirmation())->setMethod(\LightSaml\SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new \LightSaml\Model\Assertion\SubjectConfirmationData())->setInResponseTo('id_of_the_authn_request')->setNotOnOrAfter(new \DateTime('+1 MINUTE'))->setRecipient('https://sp.com/acs'))))->setConditions((new \LightSaml\Model\Assertion\Conditions())->setNotBefore(new \DateTime())->setNotOnOrAfter(new \DateTime('+1 MINUTE'))->addItem(new \LightSaml\Model\Assertion\AudienceRestriction(['https://sp.com/acs'])))->addItem((new \LightSaml\Model\Assertion\AttributeStatement())->addAttribute(new \LightSaml\Model\Assertion\Attribute(\LightSaml\ClaimTypes::EMAIL_ADDRESS, '*****@*****.**'))->addAttribute(new \LightSaml\Model\Assertion\Attribute(\LightSaml\ClaimTypes::COMMON_NAME, 'x123')))->addItem((new \LightSaml\Model\Assertion\AuthnStatement())->setAuthnInstant(new \DateTime('-10 MINUTE'))->setSessionIndex('_some_session_index')->setAuthnContext((new \LightSaml\Model\Assertion\AuthnContext())->setAuthnContextClassRef(\LightSaml\SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
$expectedXmlOutput = <<<EOT
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_8a3904146809db7b19d4eaaba9876baed805c216e5" Version="2.0"
IssueInstant="2015-10-18T20:02:55Z" Destination="https://sp.com/acs">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.com</saml:Issuer>
  <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_4a9400f18f507a46339c622929c6795c6195bd2b1d" Version="2.0" IssueInstant="2015-10-18T20:02:55Z">
    <Issuer>https://idp.com</Issuer>
    <Subject>
      <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">email.domain.com</NameID>
      <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <SubjectConfirmationData InResponseTo="id_of_the_authn_request" NotOnOrAfter="2015-10-18T20:03:55Z" Recipient="https://sp.com/acs"/>
      </SubjectConfirmation>
    </Subject>
    <Conditions NotBefore="2015-10-18T20:02:55Z" NotOnOrAfter="2015-10-18T20:03:55Z">
      <AudienceRestriction>
        <Audience>https://sp.com/acs</Audience>
      </AudienceRestriction>
    </Conditions>
    <AttributeStatement>
      <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
        <AttributeValue>email@domain.com</AttributeValue>
      </Attribute>
      <Attribute Name="http://schemas.xmlsoap.org/claims/CommonName">
        <AttributeValue>x123</AttributeValue>
      </Attribute>
    </AttributeStatement>
Пример #21
0
 /**
  * @param AbstractNameID $nameId
  */
 protected function validateTransientFormat(AbstractNameID $nameId)
 {
     if (false == Helper::validateRequiredString($nameId->getValue())) {
         throw new LightSamlValidationException('NameID with Transient Format attribute MUST contain a Value that contains more than whitespace characters');
     }
     if (strlen($nameId->getValue()) > 256) {
         throw new LightSamlValidationException('NameID with Transient Format attribute MUST have a Value that contains no more than 256 characters');
     }
     if (false == Helper::validateIdString($nameId->getValue())) {
         throw new LightSamlValidationException(sprintf("NameID '%s' with Transient Format attribute MUST have a Value with at least 16 characters (the equivalent of 128 bits)", $nameId->getValue()));
     }
 }
Пример #22
0
 /**
  * @param AssertionContext $context
  *
  * @return void
  */
 protected function doExecute(AssertionContext $context)
 {
     $id = Helper::generateID();
     $context->getAssertion()->setId($id);
     $this->logger->info(sprintf('Assertion ID set to "%s"', $id), LogHelper::getActionContext($context, $this, array('message_id' => $id)));
 }
Пример #23
0
 /**
  * @return string
  */
 public function getValidUntilString()
 {
     if ($this->validUntil) {
         return Helper::time2string($this->validUntil);
     }
     return;
 }
Пример #24
0
 protected function doExecute(ProfileContext $context)
 {
     $id = Helper::generateID();
     MessageContextHelper::asSamlMessage($context->getOutboundContext())->setId($id);
     $this->logger->info(sprintf('Message ID set to "%s"', $id), LogHelper::getActionContext($context, $this, array('message_id' => $id)));
 }