/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { if ($context->getEndpointContext()->getEndpoint()) { $this->logger->debug(sprintf('Endpoint already set with location "%s" and binding "%s"', $context->getEndpoint()->getLocation(), $context->getEndpoint()->getBinding()), LogHelper::getActionContext($context, $this, array('endpointLocation' => $context->getEndpoint()->getLocation(), 'endpointBinding' => $context->getEndpoint()->getBinding()))); return; } $criteriaSet = $this->getCriteriaSet($context); $message = $context->getInboundContext()->getMessage(); if ($message instanceof AuthnRequest) { if (null !== $message->getAssertionConsumerServiceIndex()) { $criteriaSet->add(new IndexCriteria($message->getAssertionConsumerServiceIndex())); } if (null !== $message->getAssertionConsumerServiceURL()) { $criteriaSet->add(new LocationCriteria($message->getAssertionConsumerServiceURL())); } } $candidates = $this->endpointResolver->resolve($criteriaSet, $context->getPartyEntityDescriptor()->getAllEndpoints()); /** @var EndpointReference $endpointReference */ $endpointReference = array_shift($candidates); if (null == $endpointReference) { $message = sprintf("Unable to determine endpoint for entity '%s'", $context->getPartyEntityDescriptor()->getEntityID()); $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } $this->logger->debug(sprintf('Endpoint resolved to location "%s" and binding "%s"', $endpointReference->getEndpoint()->getLocation(), $endpointReference->getEndpoint()->getBinding()), LogHelper::getActionContext($context, $this, array('endpointLocation' => $endpointReference->getEndpoint()->getLocation(), 'endpointBinding' => $endpointReference->getEndpoint()->getBinding()))); $context->getEndpointContext()->setEndpoint($endpointReference->getEndpoint()); }
/** * @param bool $shouldBeCalled * @param callable $callback */ protected function setEndpointResolver($shouldBeCalled, $callback) { if ($shouldBeCalled) { $this->endpointResolver->expects($this->once())->method('resolve')->willReturnCallback($callback); } else { $this->endpointResolver->expects($this->never())->method('resolve'); } }
protected function doExecute(ProfileContext $context) { $ownEntityDescriptor = $context->getOwnEntityDescriptor(); $criteriaSet = new CriteriaSet([new DescriptorTypeCriteria(SpSsoDescriptor::class), new ServiceTypeCriteria(AssertionConsumerService::class), new BindingCriteria([SamlConstants::BINDING_SAML2_HTTP_POST])]); $endpoints = $this->endpointResolver->resolve($criteriaSet, $ownEntityDescriptor->getAllEndpoints()); if (empty($endpoints)) { $message = 'Missing ACS Service with HTTP POST binding in own SP SSO Descriptor'; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } MessageContextHelper::asAuthnRequest($context->getOutboundContext())->setAssertionConsumerServiceURL($endpoints[0]->getEndpoint()->getLocation()); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $message = MessageContextHelper::asSamlMessage($context->getInboundContext()); $destination = $message->getDestination(); if (null == $destination) { return; } $criteriaSet = $this->getCriteriaSet($context, $destination); $endpoints = $this->endpointResolver->resolve($criteriaSet, $context->getOwnEntityDescriptor()->getAllEndpoints()); if ($endpoints) { return; } $message = sprintf('Invalid inbound message destination "%s"', $destination); $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); }
/** * @param AssertionContext $context * @param SubjectConfirmation $subjectConfirmation */ protected function validateSubjectConfirmation(AssertionContext $context, SubjectConfirmation $subjectConfirmation) { $recipient = $subjectConfirmation->getSubjectConfirmationData()->getRecipient(); if (null == $recipient) { $message = 'Bearer SubjectConfirmation must contain Recipient attribute'; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } $criteriaSet = new CriteriaSet([new DescriptorTypeCriteria(SpSsoDescriptor::class), new ServiceTypeCriteria(AssertionConsumerService::class), new LocationCriteria($recipient)]); $ownEntityDescriptor = $context->getProfileContext()->getOwnEntityDescriptor(); $arrEndpoints = $this->endpointResolver->resolve($criteriaSet, $ownEntityDescriptor->getAllEndpoints()); if (empty($arrEndpoints)) { $message = sprintf("Recipient '%s' does not match SP descriptor", $recipient); $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, ['recipient' => $recipient])); throw new LightSamlContextException($context, $message); } }