/** * @param AuthnRequest $request * @param SAML2_Certificate_X509 $publicKey * @return bool * @throws \Exception */ public function isSignedWith(AuthnRequest $request, SAML2_Certificate_X509 $publicKey) { $this->logger->debug(sprintf('Attempting to verify signature with certificate "%s"', $publicKey->getCertificate())); $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'public')); $key->loadKey($publicKey->getCertificate()); if ($key->verifySignature($request->getSignedRequestQuery(), $request->getSignature())) { $this->logger->debug('Signature VERIFIED'); return true; } $this->logger->debug('Signature NOT VERIFIED'); return false; }
/** * @param ServiceProvider $serviceProvider * @param IdentityProvider $identityProvider * @return AuthnRequest */ public static function createNewRequest(ServiceProvider $serviceProvider, IdentityProvider $identityProvider) { $request = new SAML2_AuthnRequest(); $request->setAssertionConsumerServiceURL($serviceProvider->getAssertionConsumerUrl()); $request->setDestination($identityProvider->getSsoUrl()); $request->setIssuer($serviceProvider->getEntityId()); $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST); $request->setSignatureKey(self::loadPrivateKey($serviceProvider->getPrivateKey(SAML2_Configuration_PrivateKey::NAME_DEFAULT))); return AuthnRequest::createNew($request); }
/** * @test * @group saml2 * @dataProvider provideIsPassiveAndForceAuthnCombinations * * @param string $xml * @param bool $isPassive * @param bool $forceAuthn */ public function is_passive_and_force_authn_can_be_retrieved_from_the_authnrequest($xml, $isPassive, $forceAuthn) { $domDocument = SAML2_DOMDocumentFactory::fromString($xml); $request = new SAML2_AuthnRequest($domDocument->documentElement); $authnRequest = AuthnRequest::createNew($request); $this->assertEquals($isPassive, $authnRequest->isPassive()); $this->assertEquals($forceAuthn, $authnRequest->isForceAuthn()); }
/** * @test * @group saml2 */ public function the_nameid_and_format_can_be_retrieved_from_the_authnrequest() { $domDocument = SAML2_DOMDocumentFactory::fromString($this->authRequestWithSubject); $request = new SAML2_AuthnRequest($domDocument->documentElement); $authnRequest = AuthnRequest::createNew($request); $this->assertEquals($this->nameId, $authnRequest->getNameId()); $this->assertEquals($this->format, $authnRequest->getNameIdFormat()); }
public function createRedirectResponseFor(AuthnRequest $request) { return new RedirectResponse($request->getDestination() . '?' . $request->buildRequestQuery()); }