/** * @param SAML2_AuthnRequest $authnRequest * @param SimpleSAML_Configuration $idpConfig * @param $nameId * @param $issuer * @param array $attributes * @return SAML2_Response */ public function create(SAML2_AuthnRequest $authnRequest, SimpleSAML_Configuration $idpConfig, $nameId, $issuer, array $attributes) { /* $returnAttributes contains the attributes we should return. Send them. */ $assertion = new SAML2_Assertion(); $assertion->setIssuer($issuer); $assertion->setNameId(array('Value' => $nameId, 'Format' => SAML2_Const::NAMEID_UNSPECIFIED)); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + 5 * 60); // Valid audiences is not required so disabled for now // $assertion->setValidAudiences(array($authnRequest->getIssuer())); $assertion->setAttributes($attributes); $assertion->setAttributeNameFormat(SAML2_Const::NAMEFORMAT_UNSPECIFIED); $assertion->setAuthnContext(SAML2_Const::AC_PASSWORD); $subjectConfirmation = new SAML2_XML_saml_SubjectConfirmation(); $subjectConfirmation->Method = SAML2_Const::CM_BEARER; $subjectConfirmation->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60; $subjectConfirmation->SubjectConfirmationData->Recipient = $authnRequest->getAssertionConsumerServiceURL(); $subjectConfirmation->SubjectConfirmationData->InResponseTo = $authnRequest->getId(); $assertion->setSubjectConfirmation(array($subjectConfirmation)); $response = new SAML2_Response(); $response->setRelayState($authnRequest->getRelayState()); $response->setDestination($authnRequest->getAssertionConsumerServiceURL()); $response->setIssuer($issuer); $response->setInResponseTo($authnRequest->getId()); $response->setAssertions(array($assertion)); $this->addSigns($response, $idpConfig); return $response; }
public function setUp() { $this->request = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator(new SAML2_AuthnRequest()); $assertion = new SAML2_Assertion(); $assertion->setAttributes(array()); $response = new SAML2_Response(); $response->setAssertions(array($assertion)); $response = new EngineBlock_Saml2_ResponseAnnotationDecorator($response); $response->setIntendedNameId('urn:collab:person:example.edu:mock1'); $this->response = $response; $this->serviceProvider = new ServiceProvider('http://sp.example.edu'); $this->collabPersonId = 'urn:collab:person:example.edu:mock1'; $this->resolver = new EngineBlock_Test_Saml2_NameIdResolverMock(); }
} /* Filter which attribute values we should return. */ $returnAttributes[$name] = array_intersect($values, $attributes[$name]); } } /* $returnAttributes contains the attributes we should return. Send them. */ $assertion = new SAML2_Assertion(); $assertion->setIssuer($idpEntityId); $assertion->setNameId($query->getNameId()); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + 5 * 60); $assertion->setValidAudiences(array($spEntityId)); $assertion->setAttributes($returnAttributes); $assertion->setAttributeNameFormat($attributeNameFormat); $sc = new SAML2_XML_saml_SubjectConfirmation(); $sc->Method = SAML2_Const::CM_BEARER; $sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); $sc->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60; $sc->SubjectConfirmationData->Recipient = $endpoint; $sc->SubjectConfirmationData->InResponseTo = $query->getId(); $assertion->setSubjectConfirmation(array($sc)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $assertion); $response = new SAML2_Response(); $response->setRelayState($query->getRelayState()); $response->setDestination($endpoint); $response->setIssuer($idpEntityId); $response->setInResponseTo($query->getId()); $response->setAssertions(array($assertion)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $response); $binding = new SAML2_HTTPPost(); $binding->send($response);
private function buildResponse($returnAttributes) { /* SubjectConfirmation */ $sc = new SAML2_XML_saml_SubjectConfirmation(); $sc->Method = SAML2_Const::CM_BEARER; $sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); $sc->SubjectConfirmationData->NotBefore = time(); $sc->SubjectConfirmationData->NotOnOrAfter = time() + $this->config->getInteger('validFor'); $sc->SubjectConfirmationData->InResponseTo = $this->query->getId(); $assertion = new SAML2_Assertion(); $assertion->setSubjectConfirmation(array($sc)); $assertion->setIssuer($this->aaEntityId); $assertion->setNameId($this->query->getNameId()); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + $this->config->getInteger('validFor')); $assertion->setValidAudiences(array($this->spEntityId)); $assertion->setAttributes($returnAttributes); $assertion->setAttributeNameFormat($this->attributeNameFormat); if ($this->signAssertion) { sspmod_saml_Message::addSign($this->aaMetadata, $this->spMetadata, $assertion); } /* The Response */ $response = new SAML2_Response(); $response->setRelayState($this->query->getRelayState()); $response->setIssuer($this->aaEntityId); $response->setInResponseTo($this->query->getId()); $response->setAssertions(array($assertion)); if ($this->signResponse) { sspmod_saml_Message::addSign($this->aaMetadata, $this->spMetadata, $response); } return $response; }
/** * @return SAML2_Response */ private function getUnsignedResponseWithSignedAssertion() { $doc = new DOMDocument(); $doc->load(__DIR__ . '/response.xml'); $response = new SAML2_Response($doc->firstChild); $assertions = $response->getAssertions(); $assertion = $assertions[0]; $assertion->setSignatureKey(SAML2_CertificatesMock::getPrivateKey()); $assertion->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM)); $signedAssertion = new SAML2_Assertion($assertion->toXML()); $response->setAssertions(array($signedAssertion)); return $response; }
/** * @return EngineBlock_Corto_Module_Bindings */ private function mockBindingsModule() { $spRequest = new SAML2_AuthnRequest(); $spRequest->setId('SPREQUEST'); $spRequest->setIssuer('testSp'); $spRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($spRequest); $ebRequest = new SAML2_AuthnRequest(); $ebRequest->setId('EBREQUEST'); $ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($ebRequest); $dummyLog = new Psr\Log\NullLogger(); $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($dummyLog); $authnRequestRepository->store($spRequest); $authnRequestRepository->store($ebRequest); $authnRequestRepository->link($ebRequest, $spRequest); $assertion = new SAML2_Assertion(); $assertion->setAttributes(array('urn:org:openconext:corto:internal:sp-entity-id' => array('testSp'), 'urn:mace:dir:attribute-def:cn' => array(null))); $responseFixture = new SAML2_Response(); $responseFixture->setInResponseTo('EBREQUEST'); $responseFixture->setAssertions(array($assertion)); $responseFixture = new EngineBlock_Saml2_ResponseAnnotationDecorator($responseFixture); $responseFixture->setOriginalIssuer('testIdP'); // Mock bindings module /** @var EngineBlock_Corto_Module_Bindings $bindingsModuleMock */ $bindingsModuleMock = Phake::mock('EngineBlock_Corto_Module_Bindings'); Phake::when($bindingsModuleMock)->receiveResponse()->thenReturn($responseFixture); return $bindingsModuleMock; }
private function mockGlobals() { $_POST['ID'] = 'test'; $_POST['consent'] = 'yes'; $assertion = new SAML2_Assertion(); $assertion->setAttributes(array('urn:mace:dir:attribute-def:mail' => '*****@*****.**')); $spRequest = new SAML2_AuthnRequest(); $spRequest->setId('SPREQUEST'); $spRequest->setIssuer('https://sp.example.edu'); $spRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($spRequest); $ebRequest = new SAML2_AuthnRequest(); $ebRequest->setId('EBREQUEST'); $ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($ebRequest); $dummySessionLog = new Psr\Log\NullLogger(); $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($dummySessionLog); $authnRequestRepository->store($spRequest); $authnRequestRepository->store($ebRequest); $authnRequestRepository->link($ebRequest, $spRequest); $sspResponse = new SAML2_Response(); $sspResponse->setInResponseTo('EBREQUEST'); $sspResponse->setAssertions(array($assertion)); $_SESSION['consent']['test']['response'] = new EngineBlock_Saml2_ResponseAnnotationDecorator($sspResponse); }
private static function combine_response(array $values, \SAML2_Response $response = NULL) { if (!isset($response)) { $response = new \SAML2_Response(); } $presented_assertions = $response->getAssertions(); $assertion = empty($presented_assertions) ? new \SAML2_Assertion() : $presented_assertions[0]; if (self::original_spid_isset($values)) { $response->setInResponseTo($values['InResponseTo']); } if (array_key_exists('ResponseID', $values)) { $response->setId($values['ResponseID']); } if (array_key_exists('AssertionID', $values)) { $assertion->setId($values['AssertionID']); } if (array_key_exists('Issuer', $values)) { $response->setIssuer($values['Issuer']); $assertion->setIssuer($values['Issuer']); } if (array_key_exists('NameID', $values)) { $assertion->setNameId(self::build_name_id($values['NameID'])); } $not_on_or_after_time = time(); if (array_key_exists('AllowedTimeDelta', $values)) { $not_on_or_after_time += $values['AllowedTimeDelta']; $assertion->setNotBefore(time() - $values['AllowedTimeDelta']); $assertion->setNotOnOrAfter($not_on_or_after_time); } else { $not_on_or_after_time += DEFAULT_RESPONSE_TIME_DELTA; } if (array_key_exists('Audience', $values)) { $assertion->setValidAudiences(array($values['Audience'])); } if (array_key_exists('Attributes', $values)) { $assertion->setAttributes($values['Attributes']); } $assertion->setAuthnInstant(time()); if (array_key_exists('AuthnContextClassRef', $values)) { $assertion->setAuthnContextClassRef($values['AuthnContextClassRef']); } if (array_key_exists('SessionIndex', $values)) { $assertion->setSessionIndex($values['SessionIndex']); } if (self::original_spid_isset($values) || array_key_exists('Destination', $values)) { $original_confirmations = $assertion->getSubjectConfirmation(); $confirmation = NULL; if (empty($original_confirmations)) { $confirmation = new \SAML2_XML_saml_SubjectConfirmation(); $confirmation->Method = SAML_CONFIGURATION_METHOD; } else { $confirmation = $original_confirmations[0]; } $original_data = $confirmation->SubjectConfirmationData; $data = NULL; if (empty($original_data)) { $data = new \SAML2_XML_saml_SubjectConfirmationData(); $data->NotOnOrAfter = $not_on_or_after_time; } else { $data = $original_data; if (empty($data->NotOnOrAfter)) { $data->NotOnOrAfter = $not_on_or_after_time; } } if (array_key_exists('Destination', $values)) { $data->Recipient = $values['Destination']; } if (self::original_spid_isset($values)) { $data->InResponseTo = $values['InResponseTo']; } $confirmation->SubjectConfirmationData = $data; $assertion->setSubjectConfirmation(array($confirmation)); } if (array_key_exists('Destination', $values)) { $response->setDestination($values['Destination']); } if (self::need_sign($values)) { if (array_key_exists('SHA256KeyFile', $values)) { $ekey = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA256, array('type' => 'private')); $ekey->loadKey($values['SHA256KeyFile'], true); if (self::need_sign_attributes($values)) { $assertion->setSignatureKey($ekey); } if (self::need_sign_message($values)) { $response->setSignatureKey($ekey); } } if (array_key_exists('SHA256CertFile', $values)) { $certifictaes = array(file_get_contents($values['SHA256CertFile'])); if (self::need_sign_attributes($values)) { $assertion->setCertificates($certifictaes); } if (self::need_sign_message($values)) { $response->setCertificates($certifictaes); } } } $response->setAssertions(array($assertion)); return $response; }