private function checkRequestXml(\DOMDocument $doc, LogoutRequest $request) { $xpath = new \DOMXPath($doc); $xpath->registerNamespace('samlp', Protocol::SAML2); $xpath->registerNamespace('saml', Protocol::NS_ASSERTION); $list = $xpath->query('/samlp:LogoutRequest'); $this->assertEquals(1, $list->length); /** @var $node \DOMElement */ $node = $list->item(0); $this->assertEquals($request->getReason(), $node->getAttribute('Reason')); $this->assertEquals($request->getID(), $node->getAttribute('ID')); $this->assertEquals('2.0', $node->getAttribute('Version')); $this->assertEquals($this->destination, $node->getAttribute('Destination')); $list = $xpath->query('/samlp:LogoutRequest/saml:Issuer'); $this->assertEquals(1, $list->length); $node = $list->item(0); $this->assertEquals($this->issuer, $node->textContent); $list = $xpath->query('/samlp:LogoutRequest/saml:NameID'); $this->assertEquals(1, $list->length); $node = $list->item(0); $this->assertEquals($request->getNameID()->getFormat(), $node->getAttribute('Format')); $this->assertEquals($request->getNameID()->getValue(), $node->textContent); }
/** * @param string $nameIDValue * @param string|null $nameIDFormat * @param string|null $sessionIndex * @param string|null $reason * @return LogoutRequest */ public function build($nameIDValue, $nameIDFormat = null, $sessionIndex = null, $reason = null) { $result = new LogoutRequest(); $edSP = $this->getEdSP(); $result->setID(Helper::generateID()); $result->setDestination($this->getDestination()); $result->setIssueInstant(time()); if ($reason) { $result->setReason($reason); } if ($sessionIndex) { $result->setSessionIndex($sessionIndex); } $nameID = new NameID(); $nameID->setValue($nameIDValue); if ($nameIDFormat) { $nameID->setFormat($nameIDFormat); } $result->setNameID($nameID); $result->setIssuer($edSP->getEntityID()); return $result; }
/** * @param LogoutRequest $request * @param ServiceInfo $serviceInfo * @return RequestState */ protected function createRequestState(LogoutRequest $request, ServiceInfo $serviceInfo) { $state = new RequestState(); $state->setId($request->getID()); $state->setDestination($serviceInfo->getIdpProvider()->getEntityDescriptor()->getEntityID()); $this->requestStateStore->set($state); return $state; }
/** * @param \AerialShip\SamlSPBundle\Config\ServiceInfo $serviceInfo * @param LogoutRequest $logoutRequest * @throws \RuntimeException */ protected function validateLogoutRequest(ServiceInfo $serviceInfo, LogoutRequest $logoutRequest) { $idp = $serviceInfo->getIdpProvider()->getEntityDescriptor(); $keyDescriptors = $idp->getFirstIdpSsoDescriptor()->getKeyDescriptors(); if (empty($keyDescriptors)) { throw new \RuntimeException('IDP must support signing for logout requests'); } /** @var $signature SignatureValidatorInterface */ $signature = $logoutRequest->getSignature(); if (!$signature) { throw new \RuntimeException('Logout request must be signed'); } $keys = array(); foreach ($keyDescriptors as $keyDescriptor) { $key = KeyHelper::createPublicKey($keyDescriptor->getCertificate()); $keys[] = $key; } $signature->validateMulti($keys); }