Generates a nameID.
public static generateNameId ( string $value, string $spnq, string $format, string | null $cert = null ) : string | ||
$value | string | fingerprint |
$spnq | string | SP Name Qualifier |
$format | string | SP Format |
$cert | string | null | IdP Public cert to encrypt the nameID |
return | string | $nameIDElement DOMElement | XMLSec nameID |
/** * Constructs the Logout Request object. * * @param OneLogin_Saml2_Settings $settings Settings */ public function __construct(OneLogin_Saml2_Settings $settings) { $this->_settings = $settings; $spData = $this->_settings->getSPData(); $idpData = $this->_settings->getIdPData(); $security = $this->_settings->getSecurityData(); $id = OneLogin_Saml2_Utils::generateUniqueID(); $nameIdValue = OneLogin_Saml2_Utils::generateUniqueID(); $issueInstant = OneLogin_Saml2_Utils::parseTime2SAML(time()); $key = null; if (isset($security['nameIdEncrypted']) && $security['nameIdEncrypted']) { $key = $idpData['x509cert']; } $nameId = OneLogin_Saml2_Utils::generateNameId($nameIdValue, $spData['entityId'], $spData['NameIDFormat'], $key); $logoutRequest = <<<LOGOUTREQUEST <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{$id}" Version="2.0" IssueInstant="{$issueInstant}" Destination="{$idpData['singleLogoutService']['url']}"> <saml:Issuer>{$spData['entityId']}</saml:Issuer> {$nameId} </samlp:LogoutRequest> LOGOUTREQUEST; $this->_logoutRequest = $logoutRequest; }
/** * Constructs the Logout Request object. * * @param OneLogin_Saml2_Settings $settings Settings * @param string|null $request A UUEncoded Logout Request. * @param string|null $nameId The NameID that will be set in the LogoutRequest. * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest. */ public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null) { $this->_settings = $settings; $baseURL = $this->_settings->getBaseURL(); if (!empty($baseURL)) { OneLogin_Saml2_Utils::setBaseURL($baseURL); } if (!isset($request) || empty($request)) { $spData = $this->_settings->getSPData(); $idpData = $this->_settings->getIdPData(); $security = $this->_settings->getSecurityData(); $id = OneLogin_Saml2_Utils::generateUniqueID(); $this->id = $id; $nameIdValue = OneLogin_Saml2_Utils::generateUniqueID(); $issueInstant = OneLogin_Saml2_Utils::parseTime2SAML(time()); $cert = null; if (isset($security['nameIdEncrypted']) && $security['nameIdEncrypted']) { $cert = $idpData['x509cert']; } if (!empty($nameId)) { if (empty($nameIdFormat)) { $nameIdFormat = $spData['NameIDFormat']; } $spNameQualifier = null; } else { $nameId = $idpData['entityId']; $nameIdFormat = OneLogin_Saml2_Constants::NAMEID_ENTITY; $spNameQualifier = $spData['entityId']; } $nameIdObj = OneLogin_Saml2_Utils::generateNameId($nameId, $spNameQualifier, $nameIdFormat, $cert); $sessionIndexStr = isset($sessionIndex) ? "<samlp:SessionIndex>{$sessionIndex}</samlp:SessionIndex>" : ""; $logoutRequest = <<<LOGOUTREQUEST <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{$id}" Version="2.0" IssueInstant="{$issueInstant}" Destination="{$idpData['singleLogoutService']['url']}"> <saml:Issuer>{$spData['entityId']}</saml:Issuer> {$nameIdObj} {$sessionIndexStr} </samlp:LogoutRequest> LOGOUTREQUEST; } else { $decoded = base64_decode($request); // We try to inflate $inflated = @gzinflate($decoded); if ($inflated != false) { $logoutRequest = $inflated; } else { $logoutRequest = $decoded; } $this->id = self::getID($logoutRequest); } $this->_logoutRequest = $logoutRequest; }
/** * Tests the generateNameId method of the OneLogin_Saml2_Utils * * @covers OneLogin_Saml2_Utils::generateNameId */ public function testGenerateNameId() { //$xml = '<root xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'.$decrypted.'</root>'; //$newDoc = new DOMDocument(); $nameIdValue = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde'; $entityId = 'http://stuff.com/endpoints/metadata.php'; $nameIDFormat = 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified'; $nameId = OneLogin_Saml2_Utils::generateNameId($nameIdValue, $entityId, $nameIDFormat); $expectedNameId = '<saml:NameID SPNameQualifier="http://stuff.com/endpoints/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde</saml:NameID>'; $this->assertEquals($nameId, $expectedNameId); $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; $x509cert = $settingsInfo['idp']['x509cert']; $key = OneLogin_Saml2_Utils::formatCert($x509cert); $nameIdEnc = OneLogin_Saml2_Utils::generateNameId($nameIdValue, $entityId, $nameIDFormat, $key); $nameidExpectedEnc = '<saml:EncryptedID><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>'; $this->assertContains($nameidExpectedEnc, $nameIdEnc); }