Skip to content
Snippets Groups Projects
Unverified Commit 282ad11d authored by Jaime Pérez Crespo's avatar Jaime Pérez Crespo
Browse files

Fix more issues with the creation of Issuer and SubjectConfirmationData.

parent 94ffeee4
No related branches found
No related tags found
No related merge requests found
...@@ -4,6 +4,7 @@ namespace SimpleSAML\Module\saml\IdP; ...@@ -4,6 +4,7 @@ namespace SimpleSAML\Module\saml\IdP;
use RobRichards\XMLSecLibs\XMLSecurityKey; use RobRichards\XMLSecLibs\XMLSecurityKey;
use SAML2\Constants; use SAML2\Constants;
use SAML2\XML\saml\Issuer;
use SimpleSAML\Configuration; use SimpleSAML\Configuration;
use SimpleSAML\Logger; use SimpleSAML\Logger;
use SAML2\SOAP; use SAML2\SOAP;
...@@ -1085,7 +1086,10 @@ class SAML2 ...@@ -1085,7 +1086,10 @@ class SAML2
\SimpleSAML\Module\saml\Message::addSign($idpMetadata, $spMetadata, $a); \SimpleSAML\Module\saml\Message::addSign($idpMetadata, $spMetadata, $a);
} }
$a->setIssuer($idpMetadata->getString('entityid')); $issuer = new Issuer();
$issuer->setValue($idpMetadata->getString('entityid'));
$issuer->setFormat(Constants::NAMEID_ENTITY);
$a->setIssuer($issuer);
$a->setValidAudiences([$spMetadata->getString('entityid')]); $a->setValidAudiences([$spMetadata->getString('entityid')]);
$a->setNotBefore($now - 30); $a->setNotBefore($now - 30);
...@@ -1116,10 +1120,11 @@ class SAML2 ...@@ -1116,10 +1120,11 @@ class SAML2
$a->setSessionIndex(\SimpleSAML\Utils\Random::generateID()); $a->setSessionIndex(\SimpleSAML\Utils\Random::generateID());
$sc = new \SAML2\XML\saml\SubjectConfirmation(); $sc = new \SAML2\XML\saml\SubjectConfirmation();
$sc->SubjectConfirmationData = new \SAML2\XML\saml\SubjectConfirmationData(); $scd = new \SAML2\XML\saml\SubjectConfirmationData();
$sc->SubjectConfirmationData->setNotOnOrAfter($now + $assertionLifetime); $scd->setNotOnOrAfter($now + $assertionLifetime);
$sc->SubjectConfirmationData->setRecipient($state['saml:ConsumerURL']); $scd->setRecipient($state['saml:ConsumerURL']);
$sc->SubjectConfirmationData->setInResponseTo($state['saml:RequestId']); $scd->setInResponseTo($state['saml:RequestId']);
$sc->setSubjectConfirmationData($scd);
// ProtcolBinding of SP's <AuthnRequest> overwrites IdP hosted metadata configuration // ProtcolBinding of SP's <AuthnRequest> overwrites IdP hosted metadata configuration
$hokAssertion = null; $hokAssertion = null;
...@@ -1149,7 +1154,7 @@ class SAML2 ...@@ -1149,7 +1154,7 @@ class SAML2
$keyInfo = new \SAML2\XML\ds\KeyInfo(); $keyInfo = new \SAML2\XML\ds\KeyInfo();
$keyInfo->addInfo($x509Data); $keyInfo->addInfo($x509Data);
$sc->SubjectConfirmationData->addInfo($keyInfo); $scd->addInfo($keyInfo);
} else { } else {
throw new \SimpleSAML\Error\Exception( throw new \SimpleSAML\Error\Exception(
'Error creating HoK assertion: No valid client certificate provided during TLS handshake '. 'Error creating HoK assertion: No valid client certificate provided during TLS handshake '.
...@@ -1170,6 +1175,7 @@ class SAML2 ...@@ -1170,6 +1175,7 @@ class SAML2
// Bearer // Bearer
$sc->setMethod(\SAML2\Constants::CM_BEARER); $sc->setMethod(\SAML2\Constants::CM_BEARER);
} }
$sc->setSubjectConfirmationData($scd);
$a->setSubjectConfirmation([$sc]); $a->setSubjectConfirmation([$sc]);
// add attributes // add attributes
...@@ -1364,8 +1370,10 @@ class SAML2 ...@@ -1364,8 +1370,10 @@ class SAML2
} }
$r = new \SAML2\Response(); $r = new \SAML2\Response();
$issuer = new Issuer();
$r->setIssuer($idpMetadata->getString('entityid')); $issuer->setValue($idpMetadata->getString('entityid'));
$issuer->setFormat(Constants::NAMEID_ENTITY);
$r->setIssuer($issuer);
$r->setDestination($consumerURL); $r->setDestination($consumerURL);
if ($signResponse) { if ($signResponse) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment