/** * Filter the response. * * @param EngineBlock_Saml2_ResponseAnnotationDecorator $response * @param array $responseAttributes * @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request * @param ServiceProvider $serviceProvider * @param IdentityProvider $identityProvider * @throws EngineBlock_Exception * @throws Exception */ public function filter(EngineBlock_Saml2_ResponseAnnotationDecorator $response, array &$responseAttributes, EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, ServiceProvider $serviceProvider, IdentityProvider $identityProvider) { /** @var SAML2_AuthnRequest $request */ // Note that IDs are only unique per SP... we hope... $responseNameId = $response->getAssertion()->getNameId(); $sessionKey = $serviceProvider->entityId . '>' . $request->getId(); if (isset($_SESSION[$sessionKey]['collabPersonId'])) { $collabPersonId = $_SESSION[$sessionKey]['collabPersonId']; } else { if ($response->getCollabPersonId()) { $collabPersonId = $response->getCollabPersonId(); } else { if (isset($responseAttributes['urn:oid:1.3.6.1.4.1.1076.20.40.40.1'][0])) { $collabPersonId = $responseAttributes['urn:oid:1.3.6.1.4.1.1076.20.40.40.1'][0]; } else { if (!empty($responseNameId['Value'])) { $collabPersonId = $responseNameId['Value']; } else { $collabPersonId = null; } } } } $commands = $this->_getCommands(); /** @var EngineBlock_Corto_Filter_Command_Abstract $command */ foreach ($commands as $command) { // Inject everything we have into the adapter $command->setProxyServer($this->_server); $command->setIdentityProvider($identityProvider); $command->setServiceProvider($serviceProvider); $command->setRequest($request); $command->setResponse($response); $command->setResponseAttributes($responseAttributes); $command->setCollabPersonId($collabPersonId); // Execute the command try { $command->execute(); } catch (EngineBlock_Exception $e) { $e->idpEntityId = $identityProvider->entityId; $e->spEntityId = $serviceProvider->entityId; $e->userId = $collabPersonId; throw $e; } if (method_exists($command, 'getResponse')) { $response = $command->getResponse(); } if (method_exists($command, 'getResponseAttributes')) { $responseAttributes = $command->getResponseAttributes(); } if (method_exists($command, 'getCollabPersonId')) { $collabPersonId = $command->getCollabPersonId(); } // Give the command a chance to stop filtering if (!$command->mustContinueFiltering()) { break; } } $_SESSION[$sessionKey]['collabPersonId'] = $collabPersonId; }
/** * @param SAML2_Response|EngineBlock_Saml2_ResponseAnnotationDecorator $response */ protected function _sendDebugMail(EngineBlock_Saml2_ResponseAnnotationDecorator $response) { $layout = EngineBlock_ApplicationSingleton::getInstance()->getLayout(); $oldLayout = $layout->getLayout(); $layout->setLayout('empty'); $wasEnabled = $layout->isEnabled(); if ($wasEnabled) { $layout->disableLayout(); } $identityProvider = $this->_server->getRepository()->fetchIdentityProviderByEntityId($response->getIssuer()); $attributes = $response->getAssertion()->getAttributes(); $output = $this->_server->renderTemplate('debugidpmail', array('idp' => $identityProvider, 'response' => $response, 'attributes' => $attributes)); $emailConfiguration = EngineBlock_ApplicationSingleton::getInstance()->getConfigurationValue('email')->idpDebugging; $mailer = new Zend_Mail('UTF-8'); $mailer->setFrom($emailConfiguration->from->address, $emailConfiguration->from->name); $mailer->addTo($emailConfiguration->to->address, $emailConfiguration->to->name); $mailer->setSubject(sprintf($emailConfiguration->subject, $identityProvider->nameEn)); $mailer->setBodyText($output); $mailer->send(); $layout->setLayout($oldLayout); }
protected function callAttributeFilter($callback, EngineBlock_Saml2_ResponseAnnotationDecorator &$response, EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, ServiceProvider $spEntityMetadata, IdentityProvider $idpEntityMetadata) { // Take em out $responseAttributes = $response->getAssertion()->getAttributes(); // Call the filter call_user_func_array($callback, array(&$response, &$responseAttributes, $request, $spEntityMetadata, $idpEntityMetadata)); // Put em back where they belong $response->getAssertion()->setAttributes($responseAttributes); }