/** * @param SAML2_AuthnRequest $authnRequest * @param SimpleSAML_Configuration $idpConfig * @param $nameId * @param $issuer * @param array $attributes * @return SAML2_Response */ public function create(SAML2_AuthnRequest $authnRequest, SimpleSAML_Configuration $idpConfig, $nameId, $issuer, array $attributes) { /* $returnAttributes contains the attributes we should return. Send them. */ $assertion = new SAML2_Assertion(); $assertion->setIssuer($issuer); $assertion->setNameId(array('Value' => $nameId, 'Format' => SAML2_Const::NAMEID_UNSPECIFIED)); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + 5 * 60); // Valid audiences is not required so disabled for now // $assertion->setValidAudiences(array($authnRequest->getIssuer())); $assertion->setAttributes($attributes); $assertion->setAttributeNameFormat(SAML2_Const::NAMEFORMAT_UNSPECIFIED); $assertion->setAuthnContext(SAML2_Const::AC_PASSWORD); $subjectConfirmation = new SAML2_XML_saml_SubjectConfirmation(); $subjectConfirmation->Method = SAML2_Const::CM_BEARER; $subjectConfirmation->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60; $subjectConfirmation->SubjectConfirmationData->Recipient = $authnRequest->getAssertionConsumerServiceURL(); $subjectConfirmation->SubjectConfirmationData->InResponseTo = $authnRequest->getId(); $assertion->setSubjectConfirmation(array($subjectConfirmation)); $response = new SAML2_Response(); $response->setRelayState($authnRequest->getRelayState()); $response->setDestination($authnRequest->getAssertionConsumerServiceURL()); $response->setIssuer($issuer); $response->setInResponseTo($authnRequest->getId()); $response->setAssertions(array($assertion)); $this->addSigns($response, $idpConfig); return $response; }
} /* Filter which attribute values we should return. */ $returnAttributes[$name] = array_intersect($values, $attributes[$name]); } } /* $returnAttributes contains the attributes we should return. Send them. */ $assertion = new SAML2_Assertion(); $assertion->setIssuer($idpEntityId); $assertion->setNameId($query->getNameId()); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + 5 * 60); $assertion->setValidAudiences(array($spEntityId)); $assertion->setAttributes($returnAttributes); $assertion->setAttributeNameFormat($attributeNameFormat); $sc = new SAML2_XML_saml_SubjectConfirmation(); $sc->Method = SAML2_Const::CM_BEARER; $sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); $sc->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60; $sc->SubjectConfirmationData->Recipient = $endpoint; $sc->SubjectConfirmationData->InResponseTo = $query->getId(); $assertion->setSubjectConfirmation(array($sc)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $assertion); $response = new SAML2_Response(); $response->setRelayState($query->getRelayState()); $response->setDestination($endpoint); $response->setIssuer($idpEntityId); $response->setInResponseTo($query->getId()); $response->setAssertions(array($assertion)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $response); $binding = new SAML2_HTTPPost(); $binding->send($response);
private function buildResponse($returnAttributes) { /* SubjectConfirmation */ $sc = new SAML2_XML_saml_SubjectConfirmation(); $sc->Method = SAML2_Const::CM_BEARER; $sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); $sc->SubjectConfirmationData->NotBefore = time(); $sc->SubjectConfirmationData->NotOnOrAfter = time() + $this->config->getInteger('validFor'); $sc->SubjectConfirmationData->InResponseTo = $this->query->getId(); $assertion = new SAML2_Assertion(); $assertion->setSubjectConfirmation(array($sc)); $assertion->setIssuer($this->aaEntityId); $assertion->setNameId($this->query->getNameId()); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + $this->config->getInteger('validFor')); $assertion->setValidAudiences(array($this->spEntityId)); $assertion->setAttributes($returnAttributes); $assertion->setAttributeNameFormat($this->attributeNameFormat); if ($this->signAssertion) { sspmod_saml_Message::addSign($this->aaMetadata, $this->spMetadata, $assertion); } /* The Response */ $response = new SAML2_Response(); $response->setRelayState($this->query->getRelayState()); $response->setIssuer($this->aaEntityId); $response->setInResponseTo($this->query->getId()); $response->setAssertions(array($assertion)); if ($this->signResponse) { sspmod_saml_Message::addSign($this->aaMetadata, $this->spMetadata, $response); } return $response; }
protected function _createBaseResponse(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request) { if ($request->getVoContext() && $request->isVoContextExplicit()) { $this->setVirtualOrganisationContext($request->getVoContext()); } if ($keyId = $request->getKeyId()) { $this->setKeyId($keyId); } $requestWasUnsolicited = $request->isUnsolicited(); $response = new SAML2_Response(); /** @var SAML2_AuthnRequest $request */ $response->setRelayState($request->getRelayState()); $response->setId($this->getNewId(IdFrame::ID_USAGE_SAML2_RESPONSE)); $response->setIssueInstant(time()); if (!$requestWasUnsolicited) { $response->setInResponseTo($request->getId()); } $response->setDestination($request->getIssuer()); $response->setIssuer($this->getUrl('idpMetadataService', $request->getIssuer(), $request)); $acs = $this->getRequestAssertionConsumer($request); $response->setDestination($acs->location); $response->setStatus(array('Code' => SAML2_Const::STATUS_SUCCESS)); $response = new EngineBlock_Saml2_ResponseAnnotationDecorator($response); $response->setDeliverByBinding($acs->binding); return $response; }