/** * Convert this message to an unsigned XML document. * * This method does not sign the resulting XML document. * * @return DOMElement The root element of the DOM tree. */ public function toUnsignedXML() { $this->document = new DOMDocument(); $root = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:' . $this->tagName); $this->document->appendChild($root); /* Ugly hack to add another namespace declaration to the root element. */ $root->setAttributeNS(SAML2_Const::NS_SAML, 'saml:tmp', 'tmp'); $root->removeAttributeNS(SAML2_Const::NS_SAML, 'tmp'); $root->setAttribute('ID', $this->id); $root->setAttribute('Version', '2.0'); $root->setAttribute('IssueInstant', gmdate('Y-m-d\\TH:i:s\\Z', $this->issueInstant)); if ($this->destination !== NULL) { $root->setAttribute('Destination', $this->destination); } if ($this->consent !== NULL && $this->consent !== SAML2_Const::CONSENT_UNSPECIFIED) { $root->setAttribute('Consent', $this->consent); } if ($this->issuer !== NULL) { SAML2_Utils::addString($root, SAML2_Const::NS_SAML, 'saml:Issuer', $this->issuer); } if (!empty($this->extensions)) { SAML2_XML_samlp_Extensions::addList($root, $this->extensions); } return $root; }
/** * Convert this authentication request to an XML element. * * @return DOMElement This authentication request. */ public function toUnsignedXML() { $root = parent::toUnsignedXML(); if ($this->forceAuthn) { $root->setAttribute('ForceAuthn', 'true'); } if ($this->isPassive) { $root->setAttribute('IsPassive', 'true'); } if ($this->assertionConsumerServiceIndex !== NULL) { $root->setAttribute('AssertionConsumerServiceIndex', $this->assertionConsumerServiceIndex); } else { if ($this->assertionConsumerServiceURL !== NULL) { $root->setAttribute('AssertionConsumerServiceURL', $this->assertionConsumerServiceURL); } if ($this->protocolBinding !== NULL) { $root->setAttribute('ProtocolBinding', $this->protocolBinding); } } if ($this->attributeConsumingServiceIndex !== NULL) { $root->setAttribute('AttributeConsumingServiceIndex', $this->attributeConsumingServiceIndex); } if (!empty($this->nameIdPolicy)) { $nameIdPolicy = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'NameIDPolicy'); if (array_key_exists('Format', $this->nameIdPolicy)) { $nameIdPolicy->setAttribute('Format', $this->nameIdPolicy['Format']); } if (array_key_exists('SPNameQualifier', $this->nameIdPolicy)) { $nameIdPolicy->setAttribute('SPNameQualifier', $this->nameIdPolicy['SPNameQualifier']); } if (array_key_exists('AllowCreate', $this->nameIdPolicy) && $this->nameIdPolicy['AllowCreate']) { $nameIdPolicy->setAttribute('AllowCreate', 'true'); } $root->appendChild($nameIdPolicy); } $rac = $this->requestedAuthnContext; if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) { $e = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'RequestedAuthnContext'); $root->appendChild($e); if (isset($rac['Comparison']) && $rac['Comparison'] !== 'exact') { $e->setAttribute('Comparison', $rac['Comparison']); } foreach ($rac['AuthnContextClassRef'] as $accr) { SAML2_Utils::addString($e, SAML2_Const::NS_SAML, 'AuthnContextClassRef', $accr); } } if (!empty($this->extensions)) { SAML2_XML_samlp_Extensions::addList($root, $this->extensions); } if ($this->ProxyCount !== NULL || count($this->IDPList) > 0 || count($this->RequesterID) > 0) { $scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping'); $root->appendChild($scoping); if ($this->ProxyCount !== NULL) { $scoping->setAttribute('ProxyCount', $this->ProxyCount); } if (count($this->IDPList) > 0) { $idplist = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPList'); foreach ($this->IDPList as $provider) { $idpEntry = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPEntry'); $idpEntry->setAttribute('ProviderID', $provider); $idplist->appendChild($idpEntry); } $scoping->appendChild($idplist); } if (count($this->RequesterID) > 0) { SAML2_Utils::addStrings($scoping, SAML2_Const::NS_SAMLP, 'RequesterID', FALSE, $this->RequesterID); } } return $root; }
/** * Constructor for SAML 2 authentication request messages. * * @param DOMElement|NULL $xml The input message. */ public function __construct(DOMElement $xml = NULL) { parent::__construct('AuthnRequest', $xml); $this->nameIdPolicy = array(); $this->forceAuthn = FALSE; $this->isPassive = FALSE; if ($xml === NULL) { return; } $this->forceAuthn = SAML2_Utils::parseBoolean($xml, 'ForceAuthn', FALSE); $this->isPassive = SAML2_Utils::parseBoolean($xml, 'IsPassive', FALSE); if ($xml->hasAttribute('AssertionConsumerServiceURL')) { $this->assertionConsumerServiceURL = $xml->getAttribute('AssertionConsumerServiceURL'); } if ($xml->hasAttribute('ProtocolBinding')) { $this->protocolBinding = $xml->getAttribute('ProtocolBinding'); } if ($xml->hasAttribute('AssertionConsumerServiceIndex')) { $this->assertionConsumerServiceIndex = (int) $xml->getAttribute('AssertionConsumerServiceIndex'); } $nameIdPolicy = SAML2_Utils::xpQuery($xml, './saml_protocol:NameIDPolicy'); if (!empty($nameIdPolicy)) { $nameIdPolicy = $nameIdPolicy[0]; if ($nameIdPolicy->hasAttribute('Format')) { $this->nameIdPolicy['Format'] = $nameIdPolicy->getAttribute('Format'); } if ($nameIdPolicy->hasAttribute('SPNameQualifier')) { $this->nameIdPolicy['SPNameQualifier'] = $nameIdPolicy->getAttribute('SPNameQualifier'); } if ($nameIdPolicy->hasAttribute('AllowCreate')) { $this->nameIdPolicy['AllowCreate'] = SAML2_Utils::parseBoolean($nameIdPolicy, 'AllowCreate', FALSE); } } $requestedAuthnContext = SAML2_Utils::xpQuery($xml, './saml_protocol:RequestedAuthnContext'); if (!empty($requestedAuthnContext)) { $requestedAuthnContext = $requestedAuthnContext[0]; $rac = array('AuthnContextClassRef' => array(), 'Comparison' => 'exact'); $accr = SAML2_Utils::xpQuery($requestedAuthnContext, './saml_assertion:AuthnContextClassRef'); foreach ($accr as $i) { $rac['AuthnContextClassRef'][] = trim($i->textContent); } if ($requestedAuthnContext->hasAttribute('Comparison')) { $rac['Comparison'] = $requestedAuthnContext->getAttribute('Comparison'); } $this->requestedAuthnContext = $rac; } $scoping = SAML2_Utils::xpQuery($xml, './saml_protocol:Scoping'); if (!empty($scoping)) { $scoping = $scoping[0]; if ($scoping->hasAttribute('ProxyCount')) { $this->ProxyCount = (int) $scoping->getAttribute('ProxyCount'); } $idpEntries = SAML2_Utils::xpQuery($scoping, './saml_protocol:IDPList/saml_protocol:IDPEntry'); foreach ($idpEntries as $idpEntry) { if (!$idpEntry->hasAttribute('ProviderID')) { throw new Exception("Could not get ProviderID from Scoping/IDPEntry element in AuthnRequest object"); } $this->IDPList[] = $idpEntry->getAttribute('ProviderID'); } $requesterIDs = SAML2_Utils::xpQuery($scoping, './saml_protocol:RequesterID'); foreach ($requesterIDs as $requesterID) { $this->RequesterID[] = trim($requesterID->textContent); } } $this->extensions = SAML2_XML_samlp_Extensions::getList($xml); }