/**
* Prepare a basic DOMelement to test against
*/
public function setUp()
{
$document = DOMDocumentFactory::fromString(<<<XML
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="s2a0da3504aff978b0f8c80f6a62c713c4a2f64c5b"
InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"
Version="2.0"
IssueInstant="2007-12-10T11:39:48Z"
Destination="http://moodle.bridge.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php">
<saml:Issuer>max.feide.no</saml:Issuer>
<samlp:Extensions>
<myns:AttributeList xmlns:myns="urn:mynamespace">
<myns:Attribute name="UserName" value=""/>
</myns:AttributeList>
<ExampleElement name="AnotherExtension" />
</samlp:Extensions>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
</samlp:Response>
XML
);
$this->testElement = $document->documentElement;
}
/**
* Verifies that we can create an AttributeValue from a DOMElement.
*/
public function testCreateAttributeFromDOMElement()
{
$attribute = new Attribute();
$attribute->Name = 'TheName';
$attribute->NameFormat = 'TheNameFormat';
$attribute->FriendlyName = 'TheFriendlyName';
$element = new \DOMDocument();
$element->loadXML(<<<ATTRIBUTEVALUE
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">urn:collab:person:surftest.nl:example</NameID>
ATTRIBUTEVALUE
);
$attribute->AttributeValue = array(new AttributeValue($element->documentElement));
$document = DOMDocumentFactory::fromString('<root />');
$returnedStructure = $attribute->toXML($document->firstChild);
$expectedStructureDocument = new \DOMDocument();
$expectedStructureDocument->loadXML(<<<ATTRIBUTEXML
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Name="TheName" NameFormat="TheNameFormat" FriendlyName="TheFriendlyName">
<saml:AttributeValue>
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">urn:collab:person:surftest.nl:example</NameID>
</saml:AttributeValue>
</saml:Attribute>
ATTRIBUTEXML
);
$expectedStructure = $expectedStructureDocument->documentElement;
$this->assertEqualXMLStructure($expectedStructure, $returnedStructure);
$this->assertEquals("urn:collab:person:surftest.nl:example", $attribute->AttributeValue[0]->getString());
}
public function testUnmarshalling()
{
$mdNamespace = Constants::NS_MD;
$document = DOMDocumentFactory::fromString(<<<XML
<md:Test xmlns:md="{$mdNamespace}" Binding="urn:something" Location="https://whatever/" xmlns:test="urn:test" test:attr="value" />
XML
);
$endpointType = new EndpointType($document->firstChild);
$this->assertEquals(true, $endpointType->hasAttributeNS('urn:test', 'attr'));
$this->assertEquals('value', $endpointType->getAttributeNS('urn:test', 'attr'));
$this->assertEquals(false, $endpointType->hasAttributeNS('urn:test', 'invalid'));
$this->assertEquals('', $endpointType->getAttributeNS('urn:test', 'invalid'));
$endpointType->removeAttributeNS('urn:test', 'attr');
$this->assertEquals(false, $endpointType->hasAttributeNS('urn:test', 'attr'));
$this->assertEquals('', $endpointType->getAttributeNS('urn:test', 'attr'));
$endpointType->setAttributeNS('urn:test2', 'test2:attr2', 'value2');
$this->assertEquals('value2', $endpointType->getAttributeNS('urn:test2', 'attr2'));
$document->loadXML('<root />');
$endpointTypeElement = $endpointType->toXML($document->firstChild, 'md:Test');
$endpointTypeElements = Utils::xpQuery($endpointTypeElement, '/root/saml_metadata:Test');
$this->assertCount(1, $endpointTypeElements);
$endpointTypeElement = $endpointTypeElements[0];
$this->assertEquals('value2', $endpointTypeElement->getAttributeNS('urn:test2', 'attr2'));
$this->assertEquals(false, $endpointTypeElement->hasAttributeNS('urn:test', 'attr'));
}
/**
* Test unmarshalling / marshalling of XML with Extensions element
*/
public function testExtensionOrdering()
{
$xml = <<<AUTHNREQUEST
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_306f8ec5b618f361c70b6ffb1480eade"
Version="2.0"
IssueInstant="2004-12-05T09:21:59Z"
Destination="https://idp.example.org/SAML2/SSO/Artifact"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
AssertionConsumerServiceURL="https://sp.example.com/SAML2/SSO/Artifact">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
<samlp:Extensions>
<myns:AttributeList xmlns:myns="urn:mynamespace">
<myns:Attribute name="UserName" value=""/>
</myns:AttributeList>
</samlp:Extensions>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">user@example.org</saml:NameID>
</saml:Subject>
<samlp:NameIDPolicy
AllowCreate="true"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>
AUTHNREQUEST;
$document = DOMDocumentFactory::fromString($xml);
$authnRequest = new AuthnRequest($document->documentElement);
$this->assertXmlStringEqualsXmlString($document->C14N(), $authnRequest->toUnsignedXML()->C14N());
}
/**
* Extract the response element from the SOAP response.
*
* @param string $soapResponse The SOAP response.
* @return string The <saml1p:Response> element, as a string.
*/
private static function extractResponse($soapResponse)
{
assert('is_string($soapResponse)');
try {
$doc = \SAML2\DOMDocumentFactory::fromString($soapResponse);
} catch (\Exception $e) {
throw new SimpleSAML_Error_Exception('Error parsing SAML 1 artifact response.');
}
$soapEnvelope = $doc->firstChild;
if (!SimpleSAML\Utils\XML::isDOMElementOfType($soapEnvelope, 'Envelope', 'http://schemas.xmlsoap.org/soap/envelope/')) {
throw new SimpleSAML_Error_Exception('Expected artifact response to contain a <soap:Envelope> element.');
}
$soapBody = SimpleSAML\Utils\XML::getDOMChildren($soapEnvelope, 'Body', 'http://schemas.xmlsoap.org/soap/envelope/');
if (count($soapBody) === 0) {
throw new SimpleSAML_Error_Exception('Couldn\'t find <soap:Body> in <soap:Envelope>.');
}
$soapBody = $soapBody[0];
$responseElement = SimpleSAML\Utils\XML::getDOMChildren($soapBody, 'Response', 'urn:oasis:names:tc:SAML:1.0:protocol');
if (count($responseElement) === 0) {
throw new SimpleSAML_Error_Exception('Couldn\'t find <saml1p:Response> in <soap:Body>.');
}
$responseElement = $responseElement[0];
/*
* Save the <saml1p:Response> element. Note that we need to import it
* into a new document, in order to preserve namespace declarations.
*/
$newDoc = \SAML2\DOMDocumentFactory::create();
$newDoc->appendChild($newDoc->importNode($responseElement, TRUE));
$responseXML = $newDoc->saveXML();
return $responseXML;
}
public function testMarshalling()
{
$indexedEndpointType = new IndexedEndpointType();
$indexedEndpointType->Binding = 'TestBinding';
$indexedEndpointType->Location = 'TestLocation';
$indexedEndpointType->index = 42;
$indexedEndpointType->isDefault = false;
$document = DOMDocumentFactory::fromString('<root />');
$indexedEndpointTypeElement = $indexedEndpointType->toXML($document->firstChild, 'md:Test');
$indexedEndpointElements = Utils::xpQuery($indexedEndpointTypeElement, '/root/saml_metadata:Test');
$this->assertCount(1, $indexedEndpointElements);
$indexedEndpointElement = $indexedEndpointElements[0];
$this->assertEquals('TestBinding', $indexedEndpointElement->getAttribute('Binding'));
$this->assertEquals('TestLocation', $indexedEndpointElement->getAttribute('Location'));
$this->assertEquals('42', $indexedEndpointElement->getAttribute('index'));
$this->assertEquals('false', $indexedEndpointElement->getAttribute('isDefault'));
$indexedEndpointType->isDefault = true;
$document->loadXML('<root />');
$indexedEndpointTypeElement = $indexedEndpointType->toXML($document->firstChild, 'md:Test');
$indexedEndpointTypeElement = Utils::xpQuery($indexedEndpointTypeElement, '/root/saml_metadata:Test');
$this->assertCount(1, $indexedEndpointTypeElement);
$this->assertEquals('true', $indexedEndpointTypeElement[0]->getAttribute('isDefault'));
$indexedEndpointType->isDefault = null;
$document->loadXML('<root />');
$indexedEndpointTypeElement = $indexedEndpointType->toXML($document->firstChild, 'md:Test');
$indexedEndpointTypeElement = Utils::xpQuery($indexedEndpointTypeElement, '/root/saml_metadata:Test');
$this->assertCount(1, $indexedEndpointTypeElement);
$this->assertTrue(!$indexedEndpointTypeElement[0]->hasAttribute('isDefault'));
}
/**
* Un-serialize this XML chunk.
*
* @param string $serialized The serialized chunk.
* @return \SAML2\XML\Chunk The chunk object represented by the serialized string.
*/
public function unserialize($serialized)
{
$doc = DOMDocumentFactory::fromString(unserialize($serialized));
$this->xml = $doc->documentElement;
$this->localName = $this->xml->localName;
$this->namespaceURI = $this->xml->namespaceURI;
}
/**
* Test serialization and unserialization
*/
public function testChunkSerializationLoop()
{
$ser = $this->chunk->serialize();
$document = DOMDocumentFactory::fromString('<root />');
$newchunk = new Chunk($document->firstChild);
$newchunk->unserialize($ser);
$this->assertEqualXMLStructure($this->chunk->getXML(), $newchunk->getXML());
}
public function testEmptyRegistrationAuthorityOutboundThrowsException()
{
$registrationInfo = new RegistrationInfo();
$registrationInfo->registrationAuthority = '';
$document = DOMDocumentFactory::fromString('<root />');
$this->setExpectedException('Exception', 'Missing required registration authority.');
$xml = $registrationInfo->toXML($document->firstChild);
}
/**
* Unmarshalling fails if attribute is empty
*/
public function testUnmarshallingFailsMissingKeywords()
{
$document = DOMDocumentFactory::fromString(<<<XML
<mdui:Keywords xml:lang="nl"></mdui:Keywords>
XML
);
$this->setExpectedException('Exception', 'Missing value for Keywords');
$keywords = new Keywords($document->firstChild);
}
public function setXML($xml)
{
assert('is_string($xml)');
try {
$this->dom = \SAML2\DOMDocumentFactory::fromString(str_replace("\r", "", $xml));
} catch (\Exception $e) {
throw new Exception('Unable to parse AuthnResponse XML.');
}
}
/**
* Unmarshalling fails if height attribute not present
*/
public function testUnmarshallingFailsMissingHeight()
{
$document = DOMDocumentFactory::fromString(<<<XML
<mdui:Logo width="300" xml:lang="nl">https://static.example.org/images/logos/logo300x200.png</mdui:Logo>
XML
);
$this->setExpectedException('Exception', 'Missing height of Logo');
$logo = new Logo($document->firstChild);
}
public function testUnmarshalling()
{
$document = DOMDocumentFactory::fromString('<md:AdditionalMetadataLocation xmlns:md="' . Constants::NS_MD . '"' . ' namespace="TheNamespaceAttribute">LocationText</md:AdditionalMetadataLocation>');
$additionalMetadataLocation = new AdditionalMetadataLocation($document->firstChild);
$this->assertEquals('TheNamespaceAttribute', $additionalMetadataLocation->namespace);
$this->assertEquals('LocationText', $additionalMetadataLocation->location);
$document->loadXML('<md:AdditionalMetadataLocation xmlns:md="' . Constants::NS_MD . '"' . '>LocationText</md:AdditionalMetadataLocation>');
$this->setExpectedException('Exception', 'Missing namespace attribute on AdditionalMetadataLocation element.');
new AdditionalMetadataLocation($document->firstChild);
}
public function testMissingPublisherThrowsException()
{
$document = DOMDocumentFactory::fromString(<<<XML
<mdrpi:PublicationInfo xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
creationInstant="2011-01-01T00:00:00Z"
publicationId="SomePublicationId">
</mdrpi:PublicationInfo>
XML
);
$this->setExpectedException('Exception', 'Missing required attribute "publisher"');
$publicationInfo = new PublicationInfo($document->firstChild);
}
public function testUnmarshallingFailure()
{
$samlNamespace = Constants::NS_SAML;
$document = DOMDocumentFactory::fromString(<<<XML
<saml:Attribute xmlns:saml="{$samlNamespace}" NameFormat="TheNameFormat" FriendlyName="TheFriendlyName">
<saml:AttributeValue>FirstValue</saml:AttributeValue>
<saml:AttributeValue>SecondValue</saml:AttributeValue>
</saml:Attribute>
XML
);
$this->setExpectedException('Exception', 'Missing Name on Attribute.');
new Attribute($document->firstChild);
}
public function testUnmarshallingWithoutOwner()
{
$mdNamespace = Constants::NS_MD;
$document = DOMDocumentFactory::fromString(<<<XML
<md:AffiliationDescriptor xmlns:md="{$mdNamespace}" ID="TheID" validUntil="2009-02-13T23:31:30Z" cacheDuration="PT5000S">
<md:AffiliateMember>Member</md:AffiliateMember>
<md:AffiliateMember>OtherMember</md:AffiliateMember>
</md:AffiliationDescriptor>
XML
);
$this->setExpectedException('Exception', 'Missing affiliationOwnerID on AffiliationDescriptor.');
new AffiliationDescriptor($document->firstChild);
}
function __construct($metaxml)
{
$template = '';
if (strpos("\n", $metaxml) === FALSE) {
foreach (explode("\n", self::template) as $line) {
$template .= trim($line);
}
} else {
$template = self::template;
}
$sigdoc = \SAML2\DOMDocumentFactory::fromString($template);
$this->sigNode = $sigdoc->documentElement;
}
public function testUnmarshalling()
{
$samlNamespace = Constants::NS_SAML;
$document = DOMDocumentFactory::fromString(<<<XML
<saml:NameID xmlns:saml="{$samlNamespace}" NameQualifier="TheNameQualifier" SPNameQualifier="TheSPNameQualifier" Format="TheFormat" SPProvidedID="TheSPProvidedID">TheNameIDValue</saml:NameID>
XML
);
$nameId = new NameID($document->firstChild);
$this->assertEquals('TheNameQualifier', $nameId->NameQualifier);
$this->assertEquals('TheSPNameQualifier', $nameId->SPNameQualifier);
$this->assertEquals('TheFormat', $nameId->Format);
$this->assertEquals('TheSPProvidedID', $nameId->SPProvidedID);
$this->assertEquals('TheNameIDValue', $nameId->value);
}
public function testManySubjectConfirmationDataThrowsException()
{
$samlNamespace = Constants::NS_SAML;
$document = DOMDocumentFactory::fromString(<<<XML
<saml:SubjectConfirmation xmlns:saml="{$samlNamespace}" Method="SomeMethod">
<saml:NameID>SomeNameIDValue</saml:NameID>
<saml:SubjectConfirmationData Recipient="Me" />
<saml:SubjectConfirmationData Recipient="Someone Else" />
</saml:SubjectConfirmation>
XML
);
$this->setExpectedException('Exception', 'More than one SubjectConfirmationData child in a SubjectConfirmation element');
$subjectConfirmation = new SubjectConfirmation($document->firstChild);
}
public function testUnmarshalling()
{
$samlNamespace = Constants::NS_SAML;
$document = DOMDocumentFactory::fromString(<<<XML
<saml:SubjectConfirmation xmlns:saml="{$samlNamespace}" Method="SomeMethod">
<saml:NameID>SomeNameIDValue</saml:NameID>
<saml:SubjectConfirmationData/>
</saml:SubjectConfirmation>
XML
);
$subjectConfirmation = new SubjectConfirmation($document->firstChild);
$this->assertEquals('SomeMethod', $subjectConfirmation->Method);
$this->assertTrue($subjectConfirmation->NameID instanceof NameID);
$this->assertEquals('SomeNameIDValue', $subjectConfirmation->NameID->value);
$this->assertTrue($subjectConfirmation->SubjectConfirmationData instanceof SubjectConfirmationData);
}
public function testMarshalling()
{
$roleDescriptor = new RoleDescriptorMock();
$roleDescriptor->ID = 'SomeID';
$roleDescriptor->validUntil = 1234567890;
$roleDescriptor->cacheDuration = 'PT5000S';
$roleDescriptor->protocolSupportEnumeration = array('protocol1', 'protocol2');
$roleDescriptor->errorURL = 'https://example.org/error';
$document = DOMDocumentFactory::fromString('<root />');
$roleDescriptorElement = $roleDescriptor->toXML($document->firstChild);
$roleDescriptorElement = Utils::xpQuery($roleDescriptorElement, '/root/md:RoleDescriptor');
$this->assertCount(1, $roleDescriptorElement);
$roleDescriptorElement = $roleDescriptorElement[0];
$this->assertEquals('SomeID', $roleDescriptorElement->getAttribute("ID"));
$this->assertEquals('2009-02-13T23:31:30Z', $roleDescriptorElement->getAttribute("validUntil"));
$this->assertEquals('PT5000S', $roleDescriptorElement->getAttribute("cacheDuration"));
$this->assertEquals('protocol1 protocol2', $roleDescriptorElement->getAttribute("protocolSupportEnumeration"));
$this->assertEquals('myns:MyElement', $roleDescriptorElement->getAttributeNS(Constants::NS_XSI, "type"));
$this->assertEquals('http://example.org/mynsdefinition', $roleDescriptorElement->lookupNamespaceURI("myns"));
}
public function testUnmarshalling()
{
$document = DOMDocumentFactory::fromString(<<<XML
<mdrpi:PublicationInfo xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
publisher="SomePublisher"
creationInstant="2011-01-01T00:00:00Z"
publicationId="SomePublicationId">
<mdrpi:UsagePolicy xml:lang="en">http://TheEnglishUsagePolicy</mdrpi:UsagePolicy>
<mdrpi:UsagePolicy xml:lang="no">http://TheNorwegianUsagePolicy</mdrpi:UsagePolicy>
</mdrpi:PublicationInfo>
XML
);
$publicationInfo = new PublicationInfo($document->firstChild);
$this->assertEquals('SomePublisher', $publicationInfo->publisher);
$this->assertEquals(1293840000, $publicationInfo->creationInstant);
$this->assertEquals('SomePublicationId', $publicationInfo->publicationId);
$this->assertCount(2, $publicationInfo->UsagePolicy);
$this->assertEquals('http://TheEnglishUsagePolicy', $publicationInfo->UsagePolicy["en"]);
$this->assertEquals('http://TheNorwegianUsagePolicy', $publicationInfo->UsagePolicy["no"]);
}
/**
* Send an authenticationResponse using HTTP-POST.
*
* @param string $response The response which should be sent.
* @param SimpleSAML_Configuration $idpmd The metadata of the IdP which is sending the response.
* @param SimpleSAML_Configuration $spmd The metadata of the SP which is receiving the response.
* @param string|null $relayState The relaystate for the SP.
* @param string $shire The shire which should receive the response.
*/
public function sendResponse($response, SimpleSAML_Configuration $idpmd, SimpleSAML_Configuration $spmd, $relayState, $shire)
{
\SimpleSAML\Utils\XML::checkSAMLMessage($response, 'saml11');
$privatekey = SimpleSAML\Utils\Crypto::loadPrivateKey($idpmd, true);
$publickey = SimpleSAML\Utils\Crypto::loadPublicKey($idpmd, true);
$responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace("\r", "", $response));
$responseroot = $responsedom->getElementsByTagName('Response')->item(0);
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
/* Determine what we should sign - either the Response element or the Assertion. The default is to sign the
* Assertion, but that can be overridden by the 'signresponse' option in the SP metadata or
* 'saml20.signresponse' in the global configuration.
*
* TODO: neither 'signresponse' nor 'shib13.signresponse' are valid options any longer. Remove!
*/
if ($spmd->hasValue('signresponse')) {
$signResponse = $spmd->getBoolean('signresponse');
} else {
$signResponse = $this->configuration->getBoolean('shib13.signresponse', true);
}
// check if we have an assertion to sign. Force to sign the response if not
if ($firstassertionroot === null) {
$signResponse = true;
}
$signer = new SimpleSAML_XML_Signer(array('privatekey_array' => $privatekey, 'publickey_array' => $publickey, 'id' => $signResponse ? 'ResponseID' : 'AssertionID'));
if ($idpmd->hasValue('certificatechain')) {
$signer->addCertificate($idpmd->getString('certificatechain'));
}
if ($signResponse) {
// sign the response - this must be done after encrypting the assertion
// we insert the signature before the saml2p:Status element
$statusElements = SimpleSAML\Utils\XML::getDOMChildren($responseroot, 'Status', '@saml1p');
assert('count($statusElements) === 1');
$signer->sign($responseroot, $responseroot, $statusElements[0]);
} else {
// Sign the assertion
$signer->sign($firstassertionroot, $firstassertionroot);
}
$response = $responsedom->saveXML();
\SimpleSAML\Utils\XML::debugSAMLMessage($response, 'out');
\SimpleSAML\Utils\HTTP::submitPOSTData($shire, array('TARGET' => $relayState, 'SAMLResponse' => base64_encode($response)));
}
public function testUnmarshalling()
{
$samlNamespace = Constants::NS_SAML;
$document = DOMDocumentFactory::fromString(<<<XML
<saml:SubjectConfirmationData
xmlns:saml="{$samlNamespace}"
NotBefore="2001-04-19T04:25:21Z"
NotOnOrAfter="2009-02-13T23:31:30Z"
Recipient="https://sp.example.org/asdf"
InResponseTo="SomeRequestID"
Address="127.0.0.1"
/>
XML
);
$subjectConfirmationData = new SubjectConfirmationData($document->firstChild);
$this->assertEquals(987654321, $subjectConfirmationData->NotBefore);
$this->assertEquals(1234567890, $subjectConfirmationData->NotOnOrAfter);
$this->assertEquals('https://sp.example.org/asdf', $subjectConfirmationData->Recipient);
$this->assertEquals('SomeRequestID', $subjectConfirmationData->InResponseTo);
$this->assertEquals('127.0.0.1', $subjectConfirmationData->Address);
}
public function testUnmarshallingAttributes()
{
$document = DOMDocumentFactory::fromString(<<<XML
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:simplesamlphp:v1:simplesamlphp" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">is</saml:AttributeValue>
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">really</saml:AttributeValue>
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">cool</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="foo" NameFormat="urn:simplesamlphp:v1">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">bar</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
XML
);
$entityAttributes = new EntityAttributes($document->firstChild);
$this->assertCount(2, $entityAttributes->children);
$this->assertEquals('urn:simplesamlphp:v1:simplesamlphp', $entityAttributes->children[0]->Name);
$this->assertEquals('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', $entityAttributes->children[0]->NameFormat);
$this->assertCount(3, $entityAttributes->children[0]->AttributeValue);
$this->assertEquals('foo', $entityAttributes->children[1]->Name);
$this->assertEquals('urn:simplesamlphp:v1', $entityAttributes->children[1]->NameFormat);
$this->assertCount(1, $entityAttributes->children[1]->AttributeValue);
}
/**
* Umarshal a DiscoHints attribute with extra children
*/
public function testUnmarshallingChildren()
{
$document = DOMDocumentFactory::fromString(<<<XML
<mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:GeolocationHint>geo:47.37328,8.531126</mdui:GeolocationHint>
<child1>content of tag</child1>
</mdui:DiscoHints>
XML
);
$disco = new DiscoHints($document->firstChild);
$this->assertCount(1, $disco->GeolocationHint);
$this->assertEquals('geo:47.37328,8.531126', $disco->GeolocationHint[0]);
$this->assertCount(1, $disco->children);
$this->assertEquals('content of tag', $disco->children[0]->xml->textContent);
}
public function testUnmarshalling2()
{
$document = DOMDocumentFactory::fromString(<<<XML
<EntityDescriptor entityID="theEntityID" ID="theID" validUntil="2010-01-01T12:34:56Z" cacheDuration="PT5000S" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.org/AttributeService" />
</AttributeAuthorityDescriptor>
<Organization>
<OrganizationName xml:lang="no">orgNameTest (no)</OrganizationName>
<OrganizationName xml:lang="en">orgNameTest (en)</OrganizationName>
<OrganizationDisplayName xml:lang="no">orgDispNameTest (no)</OrganizationDisplayName>
<OrganizationDisplayName xml:lang="en">orgDispNameTest (en)</OrganizationDisplayName>
<OrganizationURL xml:lang="no">orgURL (no)</OrganizationURL>
<OrganizationURL xml:lang="en">orgURL (en)</OrganizationURL>
</Organization>
</EntityDescriptor>
XML
);
$entityDescriptor = new EntityDescriptor($document->firstChild);
$this->assertTrue($entityDescriptor instanceof EntityDescriptor);
$this->assertEquals('theEntityID', $entityDescriptor->entityID);
$this->assertEquals('theID', $entityDescriptor->ID);
$this->assertEquals(1262349296, $entityDescriptor->validUntil);
$this->assertEquals('PT5000S', $entityDescriptor->cacheDuration);
$this->assertCount(1, $entityDescriptor->RoleDescriptor);
$this->assertTrue($entityDescriptor->RoleDescriptor[0] instanceof AttributeAuthorityDescriptor);
$o = $entityDescriptor->Organization;
$this->assertTrue($o instanceof Organization);
$this->assertCount(2, $o->OrganizationName);
$this->assertEquals('orgNameTest (no)', $o->OrganizationName["no"]);
$this->assertEquals('orgNameTest (en)', $o->OrganizationName["en"]);
$this->assertCount(2, $o->OrganizationDisplayName);
$this->assertEquals('orgDispNameTest (no)', $o->OrganizationDisplayName["no"]);
$this->assertEquals('orgDispNameTest (en)', $o->OrganizationDisplayName["en"]);
$this->assertCount(2, $o->OrganizationURL);
$this->assertEquals('orgURL (no)', $o->OrganizationURL["no"]);
$this->assertEquals('orgURL (en)', $o->OrganizationURL["en"]);
}
/**
* This function parses a string with XML data. The root node of the XML data is expected to be either an
* EntityDescriptor element or an EntitiesDescriptor element. It will return an associative array of
* SAMLParser instances.
*
* @param string $string The string with XML data.
*
* @return SimpleSAML_Metadata_SAMLParser[] An associative array of SAMLParser instances. The key of the array will
* be the entity id.
* @throws Exception If the string does not parse as XML.
*/
public static function parseDescriptorsString($string)
{
try {
$doc = \SAML2\DOMDocumentFactory::fromString($string);
} catch (\Exception $e) {
throw new Exception('Failed to parse XML string.');
}
return self::parseDescriptorsElement($doc->documentElement);
}
// TODO: look for a specific exception
// This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw
// an specific exception when the binding is unknown, and we should capture that here. Also note that the exception
// message here is bogus!
if ($e->getMessage() === 'Invalid message received to AssertionConsumerService endpoint.') {
throw new SimpleSAML_Error_Error('ARSPARAMS', $e, 400);
} else {
throw $e;
// do not ignore other exceptions!
}
}
if (!$request instanceof \SAML2\ArtifactResolve) {
throw new Exception('Message received on ArtifactResolutionService wasn\'t a ArtifactResolve request.');
}
$issuer = $request->getIssuer();
$spMetadata = $metadata->getMetadataConfig($issuer, 'saml20-sp-remote');
$artifact = $request->getArtifact();
$responseData = $store->get('artifact', $artifact);
$store->delete('artifact', $artifact);
if ($responseData !== null) {
$document = \SAML2\DOMDocumentFactory::fromString($responseData);
$responseXML = $document->firstChild;
} else {
$responseXML = null;
}
$artifactResponse = new \SAML2\ArtifactResponse();
$artifactResponse->setIssuer($idpEntityId);
$artifactResponse->setInResponseTo($request->getId());
$artifactResponse->setAny($responseXML);
sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $artifactResponse);
$binding->send($artifactResponse);
/**
* Un-serialize this AttributeValue.
*
* @param string $serialized The serialized AttributeValue.
*/
public function unserialize($serialized)
{
$doc = DOMDocumentFactory::fromString(unserialize($serialized));
$this->element = $doc->documentElement;
}
