/** * Filter the response. * * @param EngineBlock_Saml2_ResponseAnnotationDecorator $response * @param array $responseAttributes * @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request * @param ServiceProvider $serviceProvider * @param IdentityProvider $identityProvider * @throws EngineBlock_Exception * @throws Exception */ public function filter(EngineBlock_Saml2_ResponseAnnotationDecorator $response, array &$responseAttributes, EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, ServiceProvider $serviceProvider, IdentityProvider $identityProvider) { /** @var SAML2_AuthnRequest $request */ // Note that IDs are only unique per SP... we hope... $responseNameId = $response->getAssertion()->getNameId(); $sessionKey = $serviceProvider->entityId . '>' . $request->getId(); if (isset($_SESSION[$sessionKey]['collabPersonId'])) { $collabPersonId = $_SESSION[$sessionKey]['collabPersonId']; } else { if ($response->getCollabPersonId()) { $collabPersonId = $response->getCollabPersonId(); } else { if (isset($responseAttributes['urn:oid:1.3.6.1.4.1.1076.20.40.40.1'][0])) { $collabPersonId = $responseAttributes['urn:oid:1.3.6.1.4.1.1076.20.40.40.1'][0]; } else { if (!empty($responseNameId['Value'])) { $collabPersonId = $responseNameId['Value']; } else { $collabPersonId = null; } } } } $commands = $this->_getCommands(); /** @var EngineBlock_Corto_Filter_Command_Abstract $command */ foreach ($commands as $command) { // Inject everything we have into the adapter $command->setProxyServer($this->_server); $command->setIdentityProvider($identityProvider); $command->setServiceProvider($serviceProvider); $command->setRequest($request); $command->setResponse($response); $command->setResponseAttributes($responseAttributes); $command->setCollabPersonId($collabPersonId); // Execute the command try { $command->execute(); } catch (EngineBlock_Exception $e) { $e->idpEntityId = $identityProvider->entityId; $e->spEntityId = $serviceProvider->entityId; $e->userId = $collabPersonId; throw $e; } if (method_exists($command, 'getResponse')) { $response = $command->getResponse(); } if (method_exists($command, 'getResponseAttributes')) { $responseAttributes = $command->getResponseAttributes(); } if (method_exists($command, 'getCollabPersonId')) { $collabPersonId = $command->getCollabPersonId(); } // Give the command a chance to stop filtering if (!$command->mustContinueFiltering()) { break; } } $_SESSION[$sessionKey]['collabPersonId'] = $collabPersonId; }
protected function _showWayf(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, array $candidateIdpEntityIds) { // Post to the 'continueToIdp' service $action = $this->_server->getUrl('continueToIdP'); $serviceProvider = $this->_server->getRepository()->fetchServiceProviderByEntityId($request->getIssuer()); $idpList = $this->_transformIdpsForWAYF($candidateIdpEntityIds, $request->isDebugRequest()); $output = $this->_server->renderTemplate('discover', array('preselectedIdp' => $this->_server->getCookie('selectedIdp'), 'action' => $action, 'ID' => $request->getId(), 'idpList' => $idpList, 'metaDataSP' => $serviceProvider)); $this->_server->sendOutput($output); }
/** * @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $fromRequest * @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $toRequest * @return $this */ public function link(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $fromRequest, EngineBlock_Saml2_AuthnRequestAnnotationDecorator $toRequest) { // Store the mapping from the new request ID to the original request ID $this->linkStorage[$fromRequest->getId()] = $toRequest->getId(); return $this; }
protected function _createBaseResponse(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request) { if ($request->getVoContext() && $request->isVoContextExplicit()) { $this->setVirtualOrganisationContext($request->getVoContext()); } if ($keyId = $request->getKeyId()) { $this->setKeyId($keyId); } $requestWasUnsolicited = $request->isUnsolicited(); $response = new SAML2_Response(); /** @var SAML2_AuthnRequest $request */ $response->setRelayState($request->getRelayState()); $response->setId($this->getNewId(IdFrame::ID_USAGE_SAML2_RESPONSE)); $response->setIssueInstant(time()); if (!$requestWasUnsolicited) { $response->setInResponseTo($request->getId()); } $response->setDestination($request->getIssuer()); $response->setIssuer($this->getUrl('idpMetadataService', $request->getIssuer(), $request)); $acs = $this->getRequestAssertionConsumer($request); $response->setDestination($acs->location); $response->setStatus(array('Code' => SAML2_Const::STATUS_SUCCESS)); $response = new EngineBlock_Saml2_ResponseAnnotationDecorator($response); $response->setDeliverByBinding($acs->binding); return $response; }