/** * Construct an authnresponse and send it. * Also test setting a relaystate and destination for the response. */ public function testSendAuthnResponse() { $response = new Response(); $response->setIssuer('testIssuer'); $response->setRelayState('http://example.org'); $response->setDestination('http://example.org/login?success=yes'); $response->setSignatureKey(CertificatesMock::getPrivateKey()); $hr = new HTTPPost(); $hr->send($response); }
public static function handleLoginRequest(IPerson $Person) { try { $binding = Binding::getCurrentBinding(); } catch (Exception $e) { return static::throwUnauthorizedError('Cannot obtain SAML2 binding'); } $request = $binding->receive(); // build response $response = new Response(); $response->setInResponseTo($request->getId()); $response->setRelayState($request->getRelayState()); $response->setDestination($request->getAssertionConsumerServiceURL()); // build assertion $assertion = new Assertion(); $assertion->setIssuer(static::$issuer); $assertion->setSessionIndex(ContainerSingleton::getInstance()->generateId()); $assertion->setNotBefore(time() - 30); $assertion->setNotOnOrAfter(time() + 300); $assertion->setAuthnContext(SAML2_Constants::AC_PASSWORD); // build subject confirmation $sc = new SubjectConfirmation(); $sc->Method = SAML2_Constants::CM_BEARER; $sc->SubjectConfirmationData = new SubjectConfirmationData(); $sc->SubjectConfirmationData->NotOnOrAfter = $assertion->getNotOnOrAfter(); $sc->SubjectConfirmationData->Recipient = $request->getAssertionConsumerServiceURL(); $sc->SubjectConfirmationData->InResponseTo = $request->getId(); $assertion->setSubjectConfirmation([$sc]); // set NameID $assertion->setNameId(['Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', 'Value' => $Person->Username . '@' . static::$issuer]); // set additional attributes $assertion->setAttributes(['User.Email' => [$Person->Email], 'User.Username' => [$Person->Username]]); // attach assertion to response $response->setAssertions([$assertion]); // create signature $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type' => 'private']); $privateKey->loadKey(static::$privateKey); $response->setSignatureKey($privateKey); $response->setCertificates([static::$certificate]); // prepare response $responseXML = $response->toSignedXML(); $responseString = $responseXML->ownerDocument->saveXML($responseXML); // dump response and quit # header('Content-Type: text/xml'); # die($responseString); // send response $responseBinding = new HTTPPost(); $responseBinding->send($response); }
/** * @test * @group signature */ public function signed_message_with_valid_signature_is_validated_correctly() { $pattern = Certificate::CERTIFICATE_PATTERN; preg_match($pattern, CertificatesMock::PUBLIC_KEY_PEM, $matches); $config = new IdentityProvider(array('certificateData' => $matches[1])); $validator = new PublicKeyValidator(new SimpleTestLogger(), new KeyLoader()); $doc = DOMDocumentFactory::fromFile(__DIR__ . '/response.xml'); $response = new Response($doc->firstChild); $response->setSignatureKey(CertificatesMock::getPrivateKey()); $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM)); // convert to signed response $response = new Response($response->toSignedXML()); $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element'); $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid'); }
/** * @test * @group signature */ public function signed_message_with_valid_signature_is_validated_correctly() { $pattern = Certificate::CERTIFICATE_PATTERN; preg_match($pattern, CertificatesMock::PUBLIC_KEY_PEM, $matches); $certdata = X509::createFromCertificateData($matches[1]); $fingerprint = $certdata->getFingerprint(); $fingerprint_retry = $certdata->getFingerprint(); $this->assertTrue($fingerprint->equals($fingerprint_retry), 'Cached fingerprint does not match original'); $config = new IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw()))); $validator = new FingerprintValidator(new SimpleTestLogger(), new FingerprintLoader()); $doc = DOMDocumentFactory::fromFile(__DIR__ . '/response.xml'); $response = new Response($doc->firstChild); $response->setSignatureKey(CertificatesMock::getPrivateKey()); $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM)); // convert to signed response $response = new Response($response->toSignedXML()); $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element'); $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid'); }
/** * @return \SAML2\Response */ private function getSignedResponseWithSignedAssertion() { $doc = new \DOMDocument(); $doc->load(__DIR__ . '/response.xml'); $response = new Response($doc->firstChild); $response->setSignatureKey(CertificatesMock::getPrivateKey()); $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM)); $assertions = $response->getAssertions(); $assertion = $assertions[0]; $assertion->setSignatureKey(CertificatesMock::getPrivateKey()); $assertion->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM)); return new Response($response->toSignedXML()); }