public function test_calls_session_processor() { $action = new SpSsoStateAction(TestHelper::getLoggerMock($this), $sessionProcessorMock = $this->getSessionProcessorMock()); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = new Response()); $response->addAssertion($assertion1 = new Assertion()); $response->addAssertion($assertion2 = new Assertion()); $context->getOwnEntityContext()->setEntityDescriptor(new EntityDescriptor($ownEntityId = 'http://own.entity.id')); $context->getPartyEntityContext()->setEntityDescriptor(new EntityDescriptor($partyEntityId = 'http://party.id')); $sessionProcessorMock->expects($this->once())->method('processAssertions')->with($this->isType('array'), $ownEntityId, $partyEntityId)->willReturnCallback(function (array $assertions, $ownId, $partyId) use($assertion1, $assertion2) { $this->assertSame($assertion1, $assertions[0]); $this->assertSame($assertion2, $assertions[1]); }); $action->execute($context); }
public function test_response() { $response = new Response(); $response->addAssertion($assertion = new Assertion())->setStatus(new Status(new StatusCode(SamlConstants::STATUS_SUCCESS))); $assertion->setId(Helper::generateID())->setIssuer(new Issuer('https://issuer.com')); $this->verify($response); }
/** * @param string $email * @param string $message_id * @return string */ public function send($email, $message_id) { $message = $this->saml_data_manager->get($message_id); if (!$message) { if ($this->logger) { $this->logger->error("Saml message with id {$message_id} not found or expired"); } throw new RuntimeException('Authentication message does not exist'); } $this->saml_data_manager->delete($message_id); $response = new Response(); $assertion = new Assertion(); $response->addAssertion($assertion)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($message->getAssertionConsumerServiceURL())->setIssuer(new Issuer($message->getIssuer()->getValue())); $assertion->setId(Helper::generateID())->setIssueInstant(new DateTime())->setIssuer(new Issuer($message->getIssuer()->getValue()))->setSubject((new Subject())->setNameID(new NameID($email, SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo($message->getID())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->setRecipient($message->getAssertionConsumerServiceURL()))))->setConditions((new Conditions())->setNotBefore(new DateTime())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->addItem(new AudienceRestriction([$message->getAssertionConsumerServiceURL()])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, $email)))->addItem((new AuthnStatement())->setAuthnInstant(new DateTime('-10 MINUTE'))->setSessionIndex($message_id)->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT))); $certificate = X509Certificate::fromFile($this->saml_crt); $private_key = KeyHelper::createPrivateKey($this->saml_key, '', true); $response->setSignature(new SignatureWriter($certificate, $private_key)); $binding_factory = new BindingFactory(); $post_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_POST); $message_context = new MessageContext(); $message_context->setMessage($response); /** @var SymfonyResponse $http_response */ $http_response = $post_binding->send($message_context); return $http_response->getContent(); }
public function test_does_nothing_if_response_has_at_least_one_assertion() { $action = new HasAssertionsValidatorAction(TestHelper::getLoggerMock($this)); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = new Response()); $response->addAssertion(new Assertion()); $action->execute($context); }
public function test_success_response_with_xsd() { $response = new Response(); $response->setStatus(new Status(new StatusCode(SamlConstants::STATUS_SUCCESS)))->setInResponseTo(Helper::generateID())->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://idp.com')); $response->addAssertion($assertion = new Assertion()); $assertion->setId(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://idp.com'))->setSubject((new Subject())->setNameID(new NameID('*****@*****.**', SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo(Helper::generateID())->setNotOnOrAfter(new \DateTime('+1 hour'))->setRecipient('https://sp.com/acs'))))->setConditions((new Conditions())->setNotBefore(new \DateTime())->setNotOnOrAfter(new \DateTime('+1 hour'))->addItem(new AudienceRestriction(['https://sp.com/acs'])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, '*****@*****.**')))->addItem((new AuthnStatement())->setAuthnInstant(new \DateTime('-1 hour'))->setSessionIndex(Helper::generateID())->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT))); $this->sign($assertion); $this->sign($response); $this->validateProtocol($response); }
public function test_does_nothing_if_there_is_bearer_assertion() { $action = new HasBearerAssertionsValidatorAction(TestHelper::getLoggerMock($this)); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = new Response()); $response->addAssertion($assertion = new Assertion()); $assertion->addItem(new AuthnStatement()); $assertion->setSubject($subject = new Subject()); $subject->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation()); $subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER); $action->execute($context); }
public function test_creates_context_for_each_assertion() { $action = new AssertionAction(TestHelper::getLoggerMock($this), $assertionActionMock = $this->getActionMock()); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = new Response()); $response->addAssertion($assertion1 = new Assertion())->addAssertion($assertion2 = new Assertion()); $action->execute($context); /** @var AssertionContext $assertionContext */ $assertionContext = $context->getSubContext('assertion_0'); $this->assertInstanceOf(AssertionContext::class, $assertionContext); $this->assertSame($assertion1, $assertionContext->getAssertion()); $assertionContext = $context->getSubContext('assertion_1'); $this->assertInstanceOf(AssertionContext::class, $assertionContext); $this->assertSame($assertion2, $assertionContext->getAssertion()); }