protected function getDebugOutput($testrun, $body, $request, $relaystate, $response) { $sb = 'NA'; if (preg_match('|<body.*?>(.*?)</body>|is', $body, $matches)) { $sb = strip_tags($matches[1], '<p><span><div><table><tr><td><ul><li><ol><dd><dt><dl><code><pre>'); } $html = '<div class="debugoutput"> <p>AuthnRequest:</p> <div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($request)) . '</code></pre></div> <p>RelayState:</p> <div><pre class="debugbox"><code>' . var_export($relaystate, TRUE) . '</div> <p>Response:</p> <div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($response)) . '</code></pre></div> <p>Resulting output from web page:</p> <div class="htmlout">' . $sb . '</div> </div> '; #echo '<div>' . $html . '</div>'; exit; return $html; }
/** * Send an authenticationResponse using HTTP-POST. * * @param string $response The response which should be sent. * @param array $idpmd The metadata of the IdP which is sending the response. * @param array $spmd The metadata of the SP which is receiving the response. * @param string|NULL $relayState The relaystate for the SP. * @param string $shire The shire which should receive the response. */ public function sendResponse($response, $idpmd, $spmd, $relayState, $shire) { SimpleSAML_Utilities::validateXMLDocument($response, 'saml11'); $privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd, TRUE); $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE); $responsedom = new DOMDocument(); $responsedom->loadXML(str_replace("\r", "", $response)); $responseroot = $responsedom->getElementsByTagName('Response')->item(0); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); /* Determine what we should sign - either the Response element or the Assertion. The default * is to sign the Assertion, but that can be overridden by the 'signresponse' option in the * SP metadata or 'saml20.signresponse' in the global configuration. */ $signResponse = FALSE; if (array_key_exists('signresponse', $spmd) && $spmd['signresponse'] !== NULL) { $signResponse = $spmd['signresponse']; if (!is_bool($signResponse)) { throw new Exception('Expected the \'signresponse\' option in the metadata of the' . ' SP \'' . $spmd['entityid'] . '\' to be a boolean value.'); } } else { $signResponse = $this->configuration->getBoolean('shib13.signresponse', TRUE); } /* Check if we have an assertion to sign. Force to sign the response if not. */ if ($firstassertionroot === NULL) { $signResponse = TRUE; } $signer = new SimpleSAML_XML_Signer(array('privatekey_array' => $privatekey, 'publickey_array' => $publickey, 'id' => $signResponse ? 'ResponseID' : 'AssertionID')); if (array_key_exists('certificatechain', $idpmd)) { $signer->addCertificate($idpmd['certificatechain']); } if ($signResponse) { /* Sign the response - this must be done after encrypting the assertion. */ /* We insert the signature before the saml2p:Status element. */ $statusElements = SimpleSAML_Utilities::getDOMChildren($responseroot, 'Status', '@saml1p'); assert('count($statusElements) === 1'); $signer->sign($responseroot, $responseroot, $statusElements[0]); } else { /* Sign the assertion */ $signer->sign($firstassertionroot, $firstassertionroot); } $response = $responsedom->saveXML(); if ($this->configuration->getBoolean('debug', FALSE)) { $p = new SimpleSAML_XHTML_Template($this->configuration, 'post-debug.php'); $p->data['header'] = 'SAML (Shibboleth 1.3) Response Debug-mode'; $p->data['RelayStateName'] = 'TARGET'; $p->data['RelayState'] = $relayState; $p->data['destination'] = $shire; $p->data['response'] = str_replace("\n", "", base64_encode($response)); $p->data['responseHTML'] = htmlspecialchars(SimpleSAML_Utilities::formatXMLString($response)); $p->show(); } else { SimpleSAML_Utilities::postRedirect($shire, array('TARGET' => $relayState, 'SAMLResponse' => base64_encode($response))); } }
protected function getDebugOutputExtended($testrun, $body, $request, $relaystate, $response, $logoutRequest, $logoutRelayState, $LogoutResponse, $result2) { $sb = 'NA'; if (preg_match('|<body.*?>(.*?)</body>|is', $body, $matches)) { $sb = strip_tags($matches[1], '<p><span><div><table><tr><td><ul><li><ol><dd><dt><dl><code><pre>'); } $sb2 = 'NA'; if (preg_match('|<body.*?>(.*?)</body>|is', $result2, $matches)) { $sb2 = strip_tags($matches[1], '<p><span><div><table><tr><td><ul><li><ol><dd><dt><dl><code><pre>'); } $html = '<div class="debugoutput"> <p>AuthnRequest:</p> <div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($request)) . '</code></pre></div> <p>RelayState:</p> <div><pre class="debugbox"><code>' . var_export($relaystate, TRUE) . '</div> <p>Response:</p> <div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($response)) . '</code></pre></div> <p>LogoutRequest:</p> <div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($logoutRequest)) . '</code></pre></div> <p>LogoutRequest RelayState:</p> <div><pre class="debugbox"><code>' . var_export($logoutRelayState, TRUE) . '</div> <p>LogoutResponse:</p> <div><pre class="debugbox"><code>' . htmlspecialchars(SimpleSAML_Utilities::formatXMLString($LogoutResponse)) . '</code></pre></div> <p>Resulting output from web page after logout:</p> <div class="htmlout">' . $sb . '</div> <p>Resulting output from web page after trying to access the attribute viewer again after being logged out (should not be logged in then):</p> <div class="htmlout">' . $sb2 . '</div> </div> '; #echo '<div>' . $html . '</div>'; exit; return $html; }
$crawler = new sspmod_fedlab_SAMLCrawler(); $requestRaw = sspmod_fedlab_SAMLCrawler::getHTTPRedirectMessage(); echo '<h2>Request</h2>' . "\n"; echo '<textarea style="width: 90%; height: 300px">'; echo htmlspecialchars(SimpleSAML_Utilities::formatXMLString($requestRaw)); echo '</textarea>'; # print_r($request); $relaystate = NULL; if (isset($_REQUEST['RelayState'])) { $relaystate = $_REQUEST['RelayState']; } # createResponse($testrun, $request, $relayState = NULL) { $samlResponse = $test->createResponseP('idp', $request, $relaystate); echo '<h2>Prepared Response</h2>' . "\n"; echo '<textarea style="width: 90%; height: 300px">'; echo htmlspecialchars(SimpleSAML_Utilities::formatXMLString($samlResponse['Response'])); echo '</textarea>'; echo '<pre>'; print_r($samlResponse); echo '</pre>'; echo '<form method="post" action="' . $samlResponse['url'] . '">'; echo ' <input type="hidden" name="SAMLResponse" value="' . base64_encode($samlResponse['Response']) . '" />'; if (!empty($relaystate)) { echo ' <input type="hidden" name="RelayState" value="' . htmlspecialchars($relaystate) . '" />'; } echo ' <input type="submit" name="submit" value="Send SAML Response" />'; echo '</form>'; exit; $result = $this->crawler->sendResponse($samlResponse['url'], $samlResponse['Response'], $samlResponse['RelayState']); $result2 = $this->crawler->getURLraw($this->initurl); if (strstr($result2['body'], '*****@*****.**')) {
throw new SimpleSAML_Error_BadRequest('Missing required parameter "id".'); } $id = (string) $_REQUEST['id']; $set = null; if (isset($_REQUEST['set'])) { $set = explode(',', $_REQUEST['set']); } $excluded_entities = null; if (isset($_REQUEST['exclude'])) { $excluded_entities = explode(',', $_REQUEST['exclude']); } $aggregator = sspmod_aggregator2_Aggregator::getAggregator($id); $aggregator->setFilters($set); $aggregator->excludeEntities($excluded_entities); $xml = $aggregator->getMetadata(); $mimetype = 'application/samlmetadata+xml'; $allowedmimetypes = array('text/plain', 'application/samlmetadata-xml', 'application/xml'); if (isset($_GET['mimetype']) && in_array($_GET['mimetype'], $allowedmimetypes)) { $mimetype = $_GET['mimetype']; } if ($mimetype === 'text/plain') { $xml = SimpleSAML_Utilities::formatXMLString($xml); } header('Content-Type: ' . $mimetype); header('Content-Length: ' . strlen($xml)); /* * At this point, if the ID was forged, getMetadata() would * have failed to find a valid metadata set, so we can trust it. */ header('Content-Disposition: filename=' . $id . '.xml'); echo $xml;