protected function getDebugOutput($testrun, $body, $request, $relaystate, $response)
{
$sb = 'NA';
if (preg_match('|<body.*?>(.*?)</body>|is', $body, $matches)) {
$sb = strip_tags($matches[1], '<p><span><div><table><tr><td><ul><li><ol><dd><dt><dl><code><pre>');
}
$html = '<div class="debugoutput">
<p>AuthnRequest:</p>
<div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($request)) . '</code></pre></div>
<p>RelayState:</p>
<div><pre class="debugbox"><code>' . var_export($relaystate, TRUE) . '</div>
<p>Response:</p>
<div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($response)) . '</code></pre></div>
<p>Resulting output from web page:</p>
<div class="htmlout">' . $sb . '</div>
</div>
';
#echo '<div>' . $html . '</div>'; exit;
return $html;
}
/**
* Send an authenticationResponse using HTTP-POST.
*
* @param string $response The response which should be sent.
* @param array $idpmd The metadata of the IdP which is sending the response.
* @param array $spmd The metadata of the SP which is receiving the response.
* @param string|NULL $relayState The relaystate for the SP.
* @param string $shire The shire which should receive the response.
*/
public function sendResponse($response, $idpmd, $spmd, $relayState, $shire)
{
SimpleSAML_Utilities::validateXMLDocument($response, 'saml11');
$privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd, TRUE);
$publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE);
$responsedom = new DOMDocument();
$responsedom->loadXML(str_replace("\r", "", $response));
$responseroot = $responsedom->getElementsByTagName('Response')->item(0);
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
/* Determine what we should sign - either the Response element or the Assertion. The default
* is to sign the Assertion, but that can be overridden by the 'signresponse' option in the
* SP metadata or 'saml20.signresponse' in the global configuration.
*/
$signResponse = FALSE;
if (array_key_exists('signresponse', $spmd) && $spmd['signresponse'] !== NULL) {
$signResponse = $spmd['signresponse'];
if (!is_bool($signResponse)) {
throw new Exception('Expected the \'signresponse\' option in the metadata of the' . ' SP \'' . $spmd['entityid'] . '\' to be a boolean value.');
}
} else {
$signResponse = $this->configuration->getBoolean('shib13.signresponse', TRUE);
}
/* Check if we have an assertion to sign. Force to sign the response if not. */
if ($firstassertionroot === NULL) {
$signResponse = TRUE;
}
$signer = new SimpleSAML_XML_Signer(array('privatekey_array' => $privatekey, 'publickey_array' => $publickey, 'id' => $signResponse ? 'ResponseID' : 'AssertionID'));
if (array_key_exists('certificatechain', $idpmd)) {
$signer->addCertificate($idpmd['certificatechain']);
}
if ($signResponse) {
/* Sign the response - this must be done after encrypting the assertion. */
/* We insert the signature before the saml2p:Status element. */
$statusElements = SimpleSAML_Utilities::getDOMChildren($responseroot, 'Status', '@saml1p');
assert('count($statusElements) === 1');
$signer->sign($responseroot, $responseroot, $statusElements[0]);
} else {
/* Sign the assertion */
$signer->sign($firstassertionroot, $firstassertionroot);
}
$response = $responsedom->saveXML();
if ($this->configuration->getBoolean('debug', FALSE)) {
$p = new SimpleSAML_XHTML_Template($this->configuration, 'post-debug.php');
$p->data['header'] = 'SAML (Shibboleth 1.3) Response Debug-mode';
$p->data['RelayStateName'] = 'TARGET';
$p->data['RelayState'] = $relayState;
$p->data['destination'] = $shire;
$p->data['response'] = str_replace("\n", "", base64_encode($response));
$p->data['responseHTML'] = htmlspecialchars(SimpleSAML_Utilities::formatXMLString($response));
$p->show();
} else {
SimpleSAML_Utilities::postRedirect($shire, array('TARGET' => $relayState, 'SAMLResponse' => base64_encode($response)));
}
}
protected function getDebugOutputExtended($testrun, $body, $request, $relaystate, $response, $logoutRequest, $logoutRelayState, $LogoutResponse, $result2)
{
$sb = 'NA';
if (preg_match('|<body.*?>(.*?)</body>|is', $body, $matches)) {
$sb = strip_tags($matches[1], '<p><span><div><table><tr><td><ul><li><ol><dd><dt><dl><code><pre>');
}
$sb2 = 'NA';
if (preg_match('|<body.*?>(.*?)</body>|is', $result2, $matches)) {
$sb2 = strip_tags($matches[1], '<p><span><div><table><tr><td><ul><li><ol><dd><dt><dl><code><pre>');
}
$html = '<div class="debugoutput">
<p>AuthnRequest:</p>
<div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($request)) . '</code></pre></div>
<p>RelayState:</p>
<div><pre class="debugbox"><code>' . var_export($relaystate, TRUE) . '</div>
<p>Response:</p>
<div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($response)) . '</code></pre></div>
<p>LogoutRequest:</p>
<div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($logoutRequest)) . '</code></pre></div>
<p>LogoutRequest RelayState:</p>
<div><pre class="debugbox"><code>' . var_export($logoutRelayState, TRUE) . '</div>
<p>LogoutResponse:</p>
<div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($LogoutResponse)) . '</code></pre></div>
<p>Resulting output from web page after logout:</p>
<div class="htmlout">' . $sb . '</div>
<p>Resulting output from web page after trying to access the attribute viewer again after being logged out (should not be logged in then):</p>
<div class="htmlout">' . $sb2 . '</div>
</div>
';
#echo '<div>' . $html . '</div>'; exit;
return $html;
}
$crawler = new sspmod_fedlab_SAMLCrawler();
$requestRaw = sspmod_fedlab_SAMLCrawler::getHTTPRedirectMessage();
echo '<h2>Request</h2>' . "\n";
echo '<textarea style="width: 90%; height: 300px">';
echo htmlspecialchars(SimpleSAML_Utilities::formatXMLString($requestRaw));
echo '</textarea>';
# print_r($request);
$relaystate = NULL;
if (isset($_REQUEST['RelayState'])) {
$relaystate = $_REQUEST['RelayState'];
}
# createResponse($testrun, $request, $relayState = NULL) {
$samlResponse = $test->createResponseP('idp', $request, $relaystate);
echo '<h2>Prepared Response</h2>' . "\n";
echo '<textarea style="width: 90%; height: 300px">';
echo htmlspecialchars(SimpleSAML_Utilities::formatXMLString($samlResponse['Response']));
echo '</textarea>';
echo '<pre>';
print_r($samlResponse);
echo '</pre>';
echo '<form method="post" action="' . $samlResponse['url'] . '">';
echo ' <input type="hidden" name="SAMLResponse" value="' . base64_encode($samlResponse['Response']) . '" />';
if (!empty($relaystate)) {
echo ' <input type="hidden" name="RelayState" value="' . htmlspecialchars($relaystate) . '" />';
}
echo ' <input type="submit" name="submit" value="Send SAML Response" />';
echo '</form>';
exit;
$result = $this->crawler->sendResponse($samlResponse['url'], $samlResponse['Response'], $samlResponse['RelayState']);
$result2 = $this->crawler->getURLraw($this->initurl);
if (strstr($result2['body'], '*****@*****.**')) {
throw new SimpleSAML_Error_BadRequest('Missing required parameter "id".');
}
$id = (string) $_REQUEST['id'];
$set = null;
if (isset($_REQUEST['set'])) {
$set = explode(',', $_REQUEST['set']);
}
$excluded_entities = null;
if (isset($_REQUEST['exclude'])) {
$excluded_entities = explode(',', $_REQUEST['exclude']);
}
$aggregator = sspmod_aggregator2_Aggregator::getAggregator($id);
$aggregator->setFilters($set);
$aggregator->excludeEntities($excluded_entities);
$xml = $aggregator->getMetadata();
$mimetype = 'application/samlmetadata+xml';
$allowedmimetypes = array('text/plain', 'application/samlmetadata-xml', 'application/xml');
if (isset($_GET['mimetype']) && in_array($_GET['mimetype'], $allowedmimetypes)) {
$mimetype = $_GET['mimetype'];
}
if ($mimetype === 'text/plain') {
$xml = SimpleSAML_Utilities::formatXMLString($xml);
}
header('Content-Type: ' . $mimetype);
header('Content-Length: ' . strlen($xml));
/*
* At this point, if the ID was forged, getMetadata() would
* have failed to find a valid metadata set, so we can trust it.
*/
header('Content-Disposition: filename=' . $id . '.xml');
echo $xml;
