diff --git a/composer.json b/composer.json
index f6271ee1dc6fe138990110996679fe4509c2eb04..af68fe77321539322ef49bf8388f21dab7b41371 100644
--- a/composer.json
+++ b/composer.json
@@ -36,7 +36,7 @@
"ext-hash": "*",
"ext-json": "*",
"ext-mbstring": "*",
- "simplesamlphp/saml2": "^3.2",
+ "simplesamlphp/saml2": "^3.3",
"robrichards/xmlseclibs": "^3.0",
"whitehat101/apr1-md5": "~1.0",
"twig/twig": "~1.0 || ~2.0",
diff --git a/composer.lock b/composer.lock
index 278ba283129938fec5dcc6c9802e16d57dae8b96..654b713c80522e1c9a37e0d5acd8311cfdda51b4 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "120214b5da440ae2e37efecc739fbc3b",
+ "content-hash": "bb48ceb41b05f94e7a7f0243d21138fa",
"packages": [
{
"name": "gettext/gettext",
@@ -358,16 +358,16 @@
},
{
"name": "simplesamlphp/saml2",
- "version": "v3.2.6",
+ "version": "v3.3.2",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/saml2.git",
- "reference": "a56e46ef8e0c5245a4ca7facc3d308b493215751"
+ "reference": "89f9ce38d614843b1115c91e2f0a6974ca2e71c1"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/a56e46ef8e0c5245a4ca7facc3d308b493215751",
- "reference": "a56e46ef8e0c5245a4ca7facc3d308b493215751",
+ "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/89f9ce38d614843b1115c91e2f0a6974ca2e71c1",
+ "reference": "89f9ce38d614843b1115c91e2f0a6974ca2e71c1",
"shasum": ""
},
"require": {
@@ -411,7 +411,7 @@
}
],
"description": "SAML2 PHP library from SimpleSAMLphp",
- "time": "2018-11-20T11:11:28+00:00"
+ "time": "2018-12-04T21:15:52+00:00"
},
{
"name": "symfony/config",
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index 2e56c1bfde365f323287d41531753a6456ba74d7..ca7a419e1054c17bafb3c135b433759d1f697626 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -52,7 +52,7 @@ class SAMLBuilder
$this->maxDuration = $maxDuration;
$this->entityDescriptor = new \SAML2\XML\md\EntityDescriptor();
- $this->entityDescriptor->entityID = $entityId;
+ $this->entityDescriptor->setEntityID($entityId);
}
@@ -65,10 +65,10 @@ class SAMLBuilder
}
if ($this->maxCache !== null) {
- $this->entityDescriptor->cacheDuration = 'PT'.$this->maxCache.'S';
+ $this->entityDescriptor->setCacheDuration('PT'.$this->maxCache.'S');
}
if ($this->maxDuration !== null) {
- $this->entityDescriptor->validUntil = time() + $this->maxDuration;
+ $this->entityDescriptor->setValidUntil(time() + $this->maxDuration);
}
}
@@ -123,11 +123,11 @@ class SAMLBuilder
$metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
$defaultEndpoint = $metadata->getDefaultEndpoint('SingleSignOnService');
$e = new \SimpleSAML\Module\adfs\SAML2\XML\fed\SecurityTokenServiceType();
- $e->Location = $defaultEndpoint['Location'];
+ $e->setLocation($defaultEndpoint['Location']);
$this->addCertificate($e, $metadata);
- $this->entityDescriptor->RoleDescriptor[] = $e;
+ $this->entityDescriptor->addRoleDescriptor($e);
}
@@ -141,33 +141,33 @@ class SAMLBuilder
{
if ($metadata->hasValue('tags')) {
$a = new \SAML2\XML\saml\Attribute();
- $a->Name = 'tags';
+ $a->setName('tags');
foreach ($metadata->getArray('tags') as $tag) {
- $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($tag);
+ $a->addAttributeValue(new \SAML2\XML\saml\AttributeValue($tag));
}
- $e->Extensions[] = $a;
+ $e->setExtensions(array_merge($e->getExtensions(), [$a]));
}
if ($metadata->hasValue('hint.cidr')) {
$a = new \SAML2\XML\saml\Attribute();
- $a->Name = 'hint.cidr';
+ $a->setName('hint.cidr');
foreach ($metadata->getArray('hint.cidr') as $hint) {
- $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($hint);
+ $a->addAttributeValue(new \SAML2\XML\saml\AttributeValue($hint));
}
- $e->Extensions[] = $a;
+ $e->setExtensions(array_merge($e->getExtensions(), [$a]));
}
if ($metadata->hasValue('scope')) {
foreach ($metadata->getArray('scope') as $scopetext) {
$s = new \SAML2\XML\shibmd\Scope();
- $s->scope = $scopetext;
+ $s->setScope($scopetext);
// Check whether $ ^ ( ) * | \ are in a scope -> assume regex.
if (1 === preg_match('/[\$\^\)\(\*\|\\\\]/', $scopetext)) {
- $s->regexp = true;
+ $s->setIsRegexpScope(true);
} else {
- $s->regexp = false;
+ $s->setIsRegexpScope(false);
}
- $e->Extensions[] = $s;
+ $e->setExtensions(array_merge($e->getExtensions(), [$s]));
}
}
@@ -175,23 +175,25 @@ class SAMLBuilder
$ea = new \SAML2\XML\mdattr\EntityAttributes();
foreach ($metadata->getArray('EntityAttributes') as $attributeName => $attributeValues) {
$a = new \SAML2\XML\saml\Attribute();
- $a->Name = $attributeName;
- $a->NameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri';
+ $a->setName($attributeName);
+ $a->setNameFormat('urn:oasis:names:tc:SAML:2.0:attrname-format:uri');
// Attribute names that is not URI is prefixed as this: '{nameformat}name'
if (preg_match('/^\{(.*?)\}(.*)$/', $attributeName, $matches)) {
- $a->Name = $matches[2];
+ $a->setName($matches[2]);
$nameFormat = $matches[1];
if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) {
- $a->NameFormat = $nameFormat;
+ $a->setNameFormat($nameFormat);
}
}
foreach ($attributeValues as $attributeValue) {
- $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($attributeValue);
+ $a->addAttributeValue(new \SAML2\XML\saml\AttributeValue($attributeValue));
}
- $ea->children[] = $a;
+ $ea->addChildren($a);
}
- $this->entityDescriptor->Extensions[] = $ea;
+ $this->entityDescriptor->setExtensions(
+ array_merge($this->entityDescriptor(), [$ea])
+ );
}
if ($metadata->hasValue('RegistrationInfo')) {
@@ -199,17 +201,19 @@ class SAMLBuilder
foreach ($metadata->getArray('RegistrationInfo') as $riName => $riValues) {
switch ($riName) {
case 'authority':
- $ri->registrationAuthority = $riValues;
+ $ri->setRegistrationAuthority($riValues);
break;
case 'instant':
- $ri->registrationInstant = \SAML2\Utils::xsDateTimeToTimestamp($riValues);
+ $ri->setRegistrationInstant(\SAML2\Utils::xsDateTimeToTimestamp($riValues));
break;
case 'policies':
- $ri->RegistrationPolicy = $riValues;
+ $ri->setRegistrationPolicy($riValues);
break;
}
}
- $this->entityDescriptor->Extensions[] = $ri;
+ $this->entityDescriptor->setExtensions(
+ array_merge($this->entityDescriptor->getExtensions(), [$ri])
+ );
}
if ($metadata->hasValue('UIInfo')) {
@@ -217,40 +221,40 @@ class SAMLBuilder
foreach ($metadata->getArray('UIInfo') as $uiName => $uiValues) {
switch ($uiName) {
case 'DisplayName':
- $ui->DisplayName = $uiValues;
+ $ui->setDisplayName($uiValues);
break;
case 'Description':
- $ui->Description = $uiValues;
+ $ui->setDescription($uiValues);
break;
case 'InformationURL':
- $ui->InformationURL = $uiValues;
+ $ui->setInformationURL($uiValues);
break;
case 'PrivacyStatementURL':
- $ui->PrivacyStatementURL = $uiValues;
+ $ui->setPrivacyStatementURL($uiValues);
break;
case 'Keywords':
foreach ($uiValues as $lang => $keywords) {
$uiItem = new \SAML2\XML\mdui\Keywords();
- $uiItem->lang = $lang;
- $uiItem->Keywords = $keywords;
- $ui->Keywords[] = $uiItem;
+ $uiItem->setLanguage($lang);
+ $uiItem->setKeywords($keywords);
+ $ui->addKeyword($uiItem);
}
break;
case 'Logo':
foreach ($uiValues as $logo) {
$uiItem = new \SAML2\XML\mdui\Logo();
- $uiItem->url = $logo['url'];
- $uiItem->width = $logo['width'];
- $uiItem->height = $logo['height'];
+ $uiItem->setUrl($logo['url']);
+ $uiItem->setWidth($logo['width']);
+ $uiItem->setHeight($logo['height']);
if (isset($logo['lang'])) {
- $uiItem->lang = $logo['lang'];
+ $uiItem->setLanguage($logo['lang']);
}
- $ui->Logo[] = $uiItem;
+ $ui->addLogo($uiItem);
}
break;
}
}
- $e->Extensions[] = $ui;
+ $e->setExtensions(array_merge($e->getExtensions(), [$ui]));
}
if ($metadata->hasValue('DiscoHints')) {
@@ -258,17 +262,17 @@ class SAMLBuilder
foreach ($metadata->getArray('DiscoHints') as $dhName => $dhValues) {
switch ($dhName) {
case 'IPHint':
- $dh->IPHint = $dhValues;
+ $dh->setIPHint($dhValues);
break;
case 'DomainHint':
- $dh->DomainHint = $dhValues;
+ $dh->setDomainHint($dhValues);
break;
case 'GeolocationHint':
- $dh->GeolocationHint = $dhValues;
+ $dh->setGeolocationHint($dhValues);
break;
}
}
- $e->Extensions[] = $dh;
+ $e->setExtensions(array_merge($e->getExtensions(), [$dh]));
}
}
@@ -284,11 +288,11 @@ class SAMLBuilder
{
$org = new \SAML2\XML\md\Organization();
- $org->OrganizationName = $orgName;
- $org->OrganizationDisplayName = $orgDisplayName;
- $org->OrganizationURL = $orgURL;
+ $org->setOrganizationName($orgName);
+ $org->setOrganizationDisplayName($orgDisplayName);
+ $org->setOrganizationURL($orgURL);
- $this->entityDescriptor->Organization = $org;
+ $this->entityDescriptor->setOrganization($org);
}
@@ -337,10 +341,10 @@ class SAMLBuilder
$t = new \SAML2\XML\md\EndpointType();
}
- $t->Binding = $ep['Binding'];
- $t->Location = $ep['Location'];
+ $t->setBinding($ep['Binding']);
+ $t->setLocation($ep['Location']);
if (isset($ep['ResponseLocation'])) {
- $t->ResponseLocation = $ep['ResponseLocation'];
+ $t->setResponseLocation($ep['ResponseLocation']);
}
if (isset($ep['hoksso:ProtocolBinding'])) {
$t->setAttributeNS(
@@ -367,7 +371,7 @@ class SAMLBuilder
$ep['index'] = $maxIndex + 1;
}
- $t->index = $ep['index'];
+ $t->setIndex($ep['index']);
}
$ret[] = $t;
@@ -403,32 +407,32 @@ class SAMLBuilder
*/
$attributeconsumer = new \SAML2\XML\md\AttributeConsumingService();
- $attributeconsumer->index = $metadata->getInteger('attributes.index', 0);
+ $attributeconsumer->setIndex($metadata->getInteger('attributes.index', 0));
if ($metadata->hasValue('attributes.isDefault')) {
- $attributeconsumer->isDefault = $metadata->getBoolean('attributes.isDefault', false);
+ $attributeconsumer->setIsDefault($metadata->getBoolean('attributes.isDefault', false));
}
- $attributeconsumer->ServiceName = $name;
- $attributeconsumer->ServiceDescription = $metadata->getLocalizedString('description', []);
+ $attributeconsumer->setServiceName($name);
+ $attributeconsumer->setServiceDescription($metadata->getLocalizedString('description', []));
$nameFormat = $metadata->getString('attributes.NameFormat', \SAML2\Constants::NAMEFORMAT_UNSPECIFIED);
foreach ($attributes as $friendlyName => $attribute) {
$t = new \SAML2\XML\md\RequestedAttribute();
- $t->Name = $attribute;
+ $t->setName($attribute);
if (!is_int($friendlyName)) {
- $t->FriendlyName = $friendlyName;
+ $t->setFriendlyName($friendlyName);
}
if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) {
- $t->NameFormat = $nameFormat;
+ $t->setNameFormat($nameFormat);
}
if (in_array($attribute, $attributesrequired, true)) {
- $t->isRequired = true;
+ $t->setIsRequired(true);
}
- $attributeconsumer->RequestedAttribute[] = $t;
+ $attributeconsumer->addRequestedAttribute($t);
}
- $spDesc->AttributeConsumingService[] = $attributeconsumer;
+ $spDesc->addAttributeConsumingService($attributeconsumer);
}
@@ -483,25 +487,25 @@ class SAMLBuilder
$metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
$e = new \SAML2\XML\md\SPSSODescriptor();
- $e->protocolSupportEnumeration = $protocols;
+ $e->setProtocolSupportEnumeration($protocols);
if ($metadata->hasValue('saml20.sign.assertion')) {
- $e->WantAssertionsSigned = $metadata->getBoolean('saml20.sign.assertion');
+ $e->setWantAssertionsSigned($metadata->getBoolean('saml20.sign.assertion'));
}
if ($metadata->hasValue('redirect.validate')) {
- $e->AuthnRequestsSigned = $metadata->getBoolean('redirect.validate');
+ $e->setAuthnRequestsSigned($metadata->getBoolean('redirect.validate'));
} elseif ($metadata->hasValue('validate.authnrequest')) {
- $e->AuthnRequestsSigned = $metadata->getBoolean('validate.authnrequest');
+ $e->setAuthnRequestsSigned($metadata->getBoolean('validate.authnrequest'));
}
$this->addExtensions($metadata, $e);
$this->addCertificate($e, $metadata);
- $e->SingleLogoutService = self::createEndpoints($metadata->getEndpoints('SingleLogoutService'), false);
+ $e->setSingleLogoutService(self::createEndpoints($metadata->getEndpoints('SingleLogoutService'), false));
- $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', []);
+ $e->setNameIDFormat($metadata->getArrayizeString('NameIDFormat', []));
$endpoints = $metadata->getEndpoints('AssertionConsumerService');
foreach ($metadata->getArrayizeString('AssertionConsumerService.artifact', []) as $acs) {
@@ -510,11 +514,11 @@ class SAMLBuilder
'Location' => $acs,
];
}
- $e->AssertionConsumerService = self::createEndpoints($endpoints, true);
+ $e->setAssertionConsumerService(self::createEndpoints($endpoints, true));
$this->addAttributeConsumingService($e, $metadata);
- $this->entityDescriptor->RoleDescriptor[] = $e;
+ $this->entityDescriptor->addRoleDescriptor($e);
foreach ($metadata->getArray('contacts', []) as $contact) {
if (array_key_exists('contactType', $contact) && array_key_exists('emailAddress', $contact)) {
@@ -538,12 +542,12 @@ class SAMLBuilder
$metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
$e = new \SAML2\XML\md\IDPSSODescriptor();
- $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:2.0:protocol';
+ $e->setProtocolSupportEnumeration(array_merge($e->getProtocolSupportEnumeration(), ['urn:oasis:names:tc:SAML:2.0:protocol']));
if ($metadata->hasValue('sign.authnrequest')) {
- $e->WantAuthnRequestsSigned = $metadata->getBoolean('sign.authnrequest');
+ $e->setWantAuthnRequestsSigned($metadata->getBoolean('sign.authnrequest'));
} elseif ($metadata->hasValue('redirect.sign')) {
- $e->WantAuthnRequestsSigned = $metadata->getBoolean('redirect.sign');
+ $e->setWantAuthnRequestsSigned($metadata->getBoolean('redirect.sign'));
}
$this->addExtensions($metadata, $e);
@@ -551,19 +555,19 @@ class SAMLBuilder
$this->addCertificate($e, $metadata);
if ($metadata->hasValue('ArtifactResolutionService')) {
- $e->ArtifactResolutionService = self::createEndpoints(
+ $e->setArtifactResolutionService(self::createEndpoints(
$metadata->getEndpoints('ArtifactResolutionService'),
true
- );
+ ));
}
- $e->SingleLogoutService = self::createEndpoints($metadata->getEndpoints('SingleLogoutService'), false);
+ $e->setSingleLogoutService(self::createEndpoints($metadata->getEndpoints('SingleLogoutService'), false));
- $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', []);
+ $e->setNameIDFormat($metadata->getArrayizeString('NameIDFormat', []));
- $e->SingleSignOnService = self::createEndpoints($metadata->getEndpoints('SingleSignOnService'), false);
+ $e->setSingleSignOnService(self::createEndpoints($metadata->getEndpoints('SingleSignOnService'), false));
- $this->entityDescriptor->RoleDescriptor[] = $e;
+ $this->entityDescriptor->addRoleDescriptor($e);
foreach ($metadata->getArray('contacts', []) as $contact) {
if (array_key_exists('contactType', $contact) && array_key_exists('emailAddress', $contact)) {
@@ -587,11 +591,14 @@ class SAMLBuilder
$metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
$e = new \SAML2\XML\md\SPSSODescriptor();
- $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:1.1:protocol';
+ $e->setProtocolSupportEnumeration(array_merge(
+ $e->getProtocolSupportEnumeration(),
+ ['urn:oasis:names:tc:SAML:1.1:protocol']
+ ));
$this->addCertificate($e, $metadata);
- $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', []);
+ $e->setNameIDFormat($metadata->getArrayizeString('NameIDFormat', []));
$endpoints = $metadata->getEndpoints('AssertionConsumerService');
foreach ($metadata->getArrayizeString('AssertionConsumerService.artifact', []) as $acs) {
@@ -600,11 +607,11 @@ class SAMLBuilder
'Location' => $acs,
];
}
- $e->AssertionConsumerService = self::createEndpoints($endpoints, true);
+ $e->setAssertionConsumerService(self::createEndpoints($endpoints, true));
$this->addAttributeConsumingService($e, $metadata);
- $this->entityDescriptor->RoleDescriptor[] = $e;
+ $this->entityDescriptor->addRoleDescriptor($e);
}
@@ -622,16 +629,20 @@ class SAMLBuilder
$metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
$e = new \SAML2\XML\md\IDPSSODescriptor();
- $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:1.1:protocol';
- $e->protocolSupportEnumeration[] = 'urn:mace:shibboleth:1.0';
+ $e->setProtocolSupportEnumeration(
+ array_merge($e->getProtocolSupportEnumeration, [
+ 'urn:oasis:names:tc:SAML:1.1:protocol',
+ 'urn:mace:shibboleth:1.0'
+ ])
+ );
$this->addCertificate($e, $metadata);
- $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', []);
+ $e->setNameIDFormat($metadata->getArrayizeString('NameIDFormat', []));
- $e->SingleSignOnService = self::createEndpoints($metadata->getEndpoints('SingleSignOnService'), false);
+ $e->setSingleSignOnService(self::createEndpoints($metadata->getEndpoints('SingleSignOnService'), false));
- $this->entityDescriptor->RoleDescriptor[] = $e;
+ $this->entityDescriptor->addRoleDescriptor($e);
}
@@ -650,20 +661,20 @@ class SAMLBuilder
$metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
$e = new \SAML2\XML\md\AttributeAuthorityDescriptor();
- $e->protocolSupportEnumeration = $metadata->getArray('protocols', [\SAML2\Constants::NS_SAMLP]);
+ $e->setProtocolSupportEnumeration($metadata->getArray('protocols', [\SAML2\Constants::NS_SAMLP]));
$this->addExtensions($metadata, $e);
$this->addCertificate($e, $metadata);
- $e->AttributeService = self::createEndpoints($metadata->getEndpoints('AttributeService'), false);
- $e->AssertionIDRequestService = self::createEndpoints(
+ $e->setAttributeService(self::createEndpoints($metadata->getEndpoints('AttributeService'), false));
+ $e->setAssertionIDRequestService(self::createEndpoints(
$metadata->getEndpoints('AssertionIDRequestService'),
false
- );
+ ));
- $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', []);
+ $e->setNameIDFormat($metadata->getArrayizeString('NameIDFormat', []));
- $this->entityDescriptor->RoleDescriptor[] = $e;
+ $this->entityDescriptor->addRoleDescriptor($e);
}
@@ -690,20 +701,20 @@ class SAMLBuilder
$details = \SimpleSAML\Utils\Config\Metadata::getContact($details);
$e = new \SAML2\XML\md\ContactPerson();
- $e->contactType = $type;
+ $e->setContactType($type);
if (!empty($details['attributes'])) {
- $e->ContactPersonAttributes = $details['attributes'];
+ $e->setContactPersonAttributes($details['attributes']);
}
if (isset($details['company'])) {
- $e->Company = $details['company'];
+ $e->setCompany($details['company']);
}
if (isset($details['givenName'])) {
- $e->GivenName = $details['givenName'];
+ $e->setGivenName($details['givenName']);
}
if (isset($details['surName'])) {
- $e->SurName = $details['surName'];
+ $e->setSurName($details['surName']);
}
if (isset($details['emailAddress'])) {
@@ -712,7 +723,7 @@ class SAMLBuilder
$eas = [$eas];
}
foreach ($eas as $ea) {
- $e->EmailAddress[] = $ea;
+ $e->addEmailAddress($ea);
}
}
@@ -722,11 +733,11 @@ class SAMLBuilder
$tlfNrs = [$tlfNrs];
}
foreach ($tlfNrs as $tlfNr) {
- $e->TelephoneNumber[] = $tlfNr;
+ $e->addTelephoneNumber($tlfNr);
}
}
- $this->entityDescriptor->ContactPerson[] = $e;
+ $this->entityDescriptor->addContactPerson($e);
}
@@ -743,8 +754,8 @@ class SAMLBuilder
assert(is_string($x509data));
$keyDescriptor = \SAML2\Utils::createKeyDescriptor($x509data);
- $keyDescriptor->use = $use;
- $rd->KeyDescriptor[] = $keyDescriptor;
+ $keyDescriptor->setUse($use);
+ $rd->addKeyDescriptor($keyDescriptor);
}
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index bd8725198b1d6388ef626c915bee42aca96212a0..4ed78b0514775bae4856562f3bcdf64f380e5c55 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -164,7 +164,7 @@ class SAMLParser
$e = $entityElement->toXML();
$e = $e->ownerDocument->saveXML($e);
$this->entityDescriptor = base64_encode($e);
- $this->entityId = $entityElement->entityID;
+ $this->entityId = $entityElement->getEntityID();
$expireTime = self::getExpireTime($entityElement, $maxExpireTime);
@@ -179,7 +179,7 @@ class SAMLParser
$this->registrationInfo = $ext['RegistrationInfo'];
// look over the RoleDescriptors
- foreach ($entityElement->RoleDescriptor as $child) {
+ foreach ($entityElement->getRoleDescriptor() as $child) {
if ($child instanceof \SAML2\XML\md\SPSSODescriptor) {
$this->processSPSSODescriptor($child, $expireTime);
} elseif ($child instanceof \SAML2\XML\md\IDPSSODescriptor) {
@@ -189,12 +189,12 @@ class SAMLParser
}
}
- if ($entityElement->Organization) {
- $this->processOrganization($entityElement->Organization);
+ if ($entityElement->getOrganization() !== null) {
+ $this->processOrganization($entityElement->getOrganization());
}
- if (!empty($entityElement->ContactPerson)) {
- foreach ($entityElement->ContactPerson as $contact) {
+ if ($entityElement->getContactPerson() !== []) {
+ foreach ($entityElement->getContactPerson() as $contact) {
$this->processContactPerson($contact);
}
}
@@ -353,7 +353,7 @@ class SAMLParser
} elseif (\SimpleSAML\Utils\XML::isDOMNodeOfType($element, 'EntitiesDescriptor', '@md') === true) {
return self::processDescriptorsElement(new \SAML2\XML\md\EntitiesDescriptor($element));
} else {
- throw new \Exception('Unexpected root node: ['.$element->namespaceURI.']:'.$element->localName);
+ throw new \Exception('Unexpected root node: ['.$element->getNamespaceURI().']:'.$element->getLocalName());
}
}
@@ -393,7 +393,7 @@ class SAMLParser
$validators[] = $element;
$ret = [];
- foreach ($element->children as $child) {
+ foreach ($element->getChildren() as $child) {
$ret += self::processDescriptorsElement($child, $expTime, $validators, $extensions);
}
@@ -416,7 +416,7 @@ class SAMLParser
private static function getExpireTime($element, $maxExpireTime)
{
// validUntil may be null
- $expire = $element->validUntil;
+ $expire = $element->getValidUntil();
if ($maxExpireTime !== null && ($expire === null || $maxExpireTime < $expire)) {
$expire = $maxExpireTime;
@@ -845,11 +845,11 @@ class SAMLParser
$ret['expire'] = $expireTime;
}
- $ret['protocols'] = $element->protocolSupportEnumeration;
+ $ret['protocols'] = $element->getProtocolSupportEnumeration();
// process KeyDescriptor elements
$ret['keys'] = [];
- foreach ($element->KeyDescriptor as $kd) {
+ foreach ($element->getKeyDescriptor() as $kd) {
$key = self::parseKeyDescriptor($kd);
if ($key !== null) {
$ret['keys'][] = $key;
@@ -890,14 +890,14 @@ class SAMLParser
$sd = self::parseRoleDescriptorType($element, $expireTime);
// find all SingleLogoutService elements
- $sd['SingleLogoutService'] = self::extractEndpoints($element->SingleLogoutService);
+ $sd['SingleLogoutService'] = self::extractEndpoints($element->getSingleLogoutService());
// find all ArtifactResolutionService elements
- $sd['ArtifactResolutionService'] = self::extractEndpoints($element->ArtifactResolutionService);
+ $sd['ArtifactResolutionService'] = self::extractEndpoints($element->getArtifactResolutionService());
// process NameIDFormat elements
- $sd['nameIDFormats'] = $element->NameIDFormat;
+ $sd['nameIDFormats'] = $element->getNameIDFormat();
return $sd;
}
@@ -917,22 +917,22 @@ class SAMLParser
$sp = self::parseSSODescriptor($element, $expireTime);
// find all AssertionConsumerService elements
- $sp['AssertionConsumerService'] = self::extractEndpoints($element->AssertionConsumerService);
+ $sp['AssertionConsumerService'] = self::extractEndpoints($element->getAssertionConsumerService());
// find all the attributes and SP name...
- $attcs = $element->AttributeConsumingService;
+ $attcs = $element->getAttributeConsumingService();
if (count($attcs) > 0) {
self::parseAttributeConsumerService($attcs[0], $sp);
}
// check AuthnRequestsSigned
- if ($element->AuthnRequestsSigned !== null) {
- $sp['AuthnRequestsSigned'] = $element->AuthnRequestsSigned;
+ if ($element->getAuthnRequestsSigned() !== null) {
+ $sp['AuthnRequestsSigned'] = $element->getAuthnRequestsSigned();
}
// check WantAssertionsSigned
- if ($element->WantAssertionsSigned !== null) {
- $sp['WantAssertionsSigned'] = $element->WantAssertionsSigned;
+ if ($element->wantAssertionsSigned() !== null) {
+ $sp['WantAssertionsSigned'] = $element->wantAssertionsSigned();
}
$this->spDescriptors[] = $sp;
@@ -953,9 +953,9 @@ class SAMLParser
$idp = self::parseSSODescriptor($element, $expireTime);
// find all SingleSignOnService elements
- $idp['SingleSignOnService'] = self::extractEndpoints($element->SingleSignOnService);
+ $idp['SingleSignOnService'] = self::extractEndpoints($element->getSingleSignOnService());
- if ($element->WantAuthnRequestsSigned) {
+ if ($element->wantAuthnRequestsSigned()) {
$idp['WantAuthnRequestsSigned'] = true;
} else {
$idp['WantAuthnRequestsSigned'] = false;
@@ -979,12 +979,12 @@ class SAMLParser
assert($expireTime === null || is_int($expireTime));
$aad = self::parseRoleDescriptorType($element, $expireTime);
- $aad['entityid'] = $this->entityId;
+ $aad['entityid'] = $this->getEntityId();
$aad['metadata-set'] = 'attributeauthority-remote';
- $aad['AttributeService'] = self::extractEndpoints($element->AttributeService);
- $aad['AssertionIDRequestService'] = self::extractEndpoints($element->AssertionIDRequestService);
- $aad['NameIDFormat'] = $element->NameIDFormat;
+ $aad['AttributeService'] = self::extractEndpoints($element->getAttributeService());
+ $aad['AssertionIDRequestService'] = self::extractEndpoints($element->getAssertionIDRequestService());
+ $aad['NameIDFormat'] = $element->getNameIDFormat();
$this->attributeAuthorityDescriptors[] = $aad;
}
@@ -1016,9 +1016,9 @@ class SAMLParser
$ret['RegistrationInfo'] = $parentExtensions['RegistrationInfo'];
}
- foreach ($element->Extensions as $e) {
+ foreach ($element->getExtensions() as $e) {
if ($e instanceof \SAML2\XML\shibmd\Scope) {
- $ret['scope'][] = $e->scope;
+ $ret['scope'][] = $e->getScope();
continue;
}
@@ -1028,33 +1028,37 @@ class SAMLParser
if ($e instanceof \SAML2\XML\mdrpi\RegistrationInfo) {
// Registration Authority cannot be overridden (warn only if override attempts to change the value)
if (isset($ret['RegistrationInfo']['registrationAuthority'])
- && $ret['RegistrationInfo']['registrationAuthority'] !== $e->registrationAuthority) {
+ && $ret['RegistrationInfo']['registrationAuthority'] !== $e->getRegistrationAuthority()) {
\SimpleSAML\Logger::warning('Invalid attempt to override registrationAuthority \''.
- $ret['RegistrationInfo']['registrationAuthority']."' with '{$e->registrationAuthority}'");
+ $ret['RegistrationInfo']['registrationAuthority']."' with '{$e->getRegistrationAuthority()}'");
} else {
- $ret['RegistrationInfo']['registrationAuthority'] = $e->registrationAuthority;
+ $ret['RegistrationInfo']['registrationAuthority'] = $e->getRegistrationAuthority();
}
}
- if ($e instanceof \SAML2\XML\mdattr\EntityAttributes && !empty($e->children)) {
- foreach ($e->children as $attr) {
+ if ($e instanceof \SAML2\XML\mdattr\EntityAttributes && !empty($e->getChildren())) {
+ foreach ($e->getChildren() as $attr) {
// only saml:Attribute are currently supported here. The specifications also allows
// saml:Assertions, which more complex processing
if ($attr instanceof \SAML2\XML\saml\Attribute) {
- if (empty($attr->Name) || empty($attr->AttributeValue)) {
+ $attrName = $attr->getName();
+ $attrNameFormat = $attr->getNameFormat();
+ $attrValue = $attr->getAttributeValue();
+
+ if ($attrName() === null || $attrValue === []) {
continue;
}
// attribute names that is not URI is prefixed as this: '{nameformat}name'
- $name = $attr->Name;
- if (empty($attr->NameFormat)) {
- $name = '{'.\SAML2\Constants::NAMEFORMAT_UNSPECIFIED.'}'.$attr->Name;
- } elseif ($attr->NameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri') {
- $name = '{'.$attr->NameFormat.'}'.$attr->Name;
+ $name = $attrName;
+ if ($attrNameFormat === null) {
+ $name = '{'.\SAML2\Constants::NAMEFORMAT_UNSPECIFIED.'}'.$attr->getName();
+ } elseif ($attrNameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri') {
+ $name = '{'.$attrNameFormat.'}'.$attrName;
}
$values = [];
- foreach ($attr->AttributeValue as $attrvalue) {
- $values[] = $attrvalue->getString();
+ foreach ($attrValue as $attrval) {
+ $values[] = $attrval->getString();
}
$ret['EntityAttributes'][$name] = $values;
@@ -1066,35 +1070,35 @@ class SAMLParser
// UIInfo elements are only allowed at RoleDescriptor level extensions
if ($element instanceof \SAML2\XML\md\RoleDescriptor) {
if ($e instanceof \SAML2\XML\mdui\UIInfo) {
- $ret['UIInfo']['DisplayName'] = $e->DisplayName;
- $ret['UIInfo']['Description'] = $e->Description;
- $ret['UIInfo']['InformationURL'] = $e->InformationURL;
- $ret['UIInfo']['PrivacyStatementURL'] = $e->PrivacyStatementURL;
+ $ret['UIInfo']['DisplayName'] = $e->getDisplayName();
+ $ret['UIInfo']['Description'] = $e->getDescription();
+ $ret['UIInfo']['InformationURL'] = $e->getInformationURL();
+ $ret['UIInfo']['PrivacyStatementURL'] = $e->getPrivacyStatementURL();
- foreach ($e->Keywords as $uiItem) {
+ foreach ($e->getKeywords() as $uiItem) {
if (!($uiItem instanceof \SAML2\XML\mdui\Keywords)
- || empty($uiItem->Keywords)
- || empty($uiItem->lang)
+ || ($uiItem->getKeywords() !== [])
+ || ($uiItem->getLanguage() !== null)
) {
continue;
}
- $ret['UIInfo']['Keywords'][$uiItem->lang] = $uiItem->Keywords;
+ $ret['UIInfo']['Keywords'][$uiItem->getLanguage()] = $uiItem->getKeywords();
}
- foreach ($e->Logo as $uiItem) {
+ foreach ($e->getLogo() as $uiItem) {
if (!($uiItem instanceof \SAML2\XML\mdui\Logo)
- || empty($uiItem->url)
- || empty($uiItem->height)
- || empty($uiItem->width)
+ || ($uiItem->getUrl() !== null)
+ || ($uiItem->getHeight() !== null)
+ || ($uiItem->getWidth() !== null)
) {
continue;
}
$logo = [
- 'url' => $uiItem->url,
- 'height' => $uiItem->height,
- 'width' => $uiItem->width,
+ 'url' => $uiItem->getUrl(),
+ 'height' => $uiItem->getHeight(),
+ 'width' => $uiItem->getWidth(),
];
- if (!empty($uiItem->lang)) {
- $logo['lang'] = $uiItem->lang;
+ if ($uiItem->getLanguage() !== null) {
+ $logo['lang'] = $uiItem->getLanguage();
}
$ret['UIInfo']['Logo'][] = $logo;
}
@@ -1104,9 +1108,9 @@ class SAMLParser
// DiscoHints elements are only allowed at IDPSSODescriptor level extensions
if ($element instanceof \SAML2\XML\md\IDPSSODescriptor) {
if ($e instanceof \SAML2\XML\mdui\DiscoHints) {
- $ret['DiscoHints']['IPHint'] = $e->IPHint;
- $ret['DiscoHints']['DomainHint'] = $e->DomainHint;
- $ret['DiscoHints']['GeolocationHint'] = $e->GeolocationHint;
+ $ret['DiscoHints']['IPHint'] = $e->getIPHint();
+ $ret['DiscoHints']['DomainHint'] = $e->getDomainHint();
+ $ret['DiscoHints']['GeolocationHint'] = $e->getGeolocationHint();
}
}
@@ -1114,8 +1118,8 @@ class SAMLParser
continue;
}
- if ($e->localName === 'Attribute' && $e->namespaceURI === \SAML2\Constants::NS_SAML) {
- $attribute = $e->xml;
+ if ($e->getLocalName() === 'Attribute' && $e->getNamespaceURI() === \SAML2\Constants::NS_SAML) {
+ $attribute = $e->getXML();
$name = $attribute->getAttribute('Name');
$values = array_map(
@@ -1143,9 +1147,9 @@ class SAMLParser
*/
private function processOrganization(\SAML2\XML\md\Organization $element)
{
- $this->organizationName = $element->OrganizationName;
- $this->organizationDisplayName = $element->OrganizationDisplayName;
- $this->organizationURL = $element->OrganizationURL;
+ $this->organizationName = $element->getOrganizationName();
+ $this->organizationDisplayName = $element->getOrganizationDisplayName();
+ $this->organizationURL = $element->getOrganizationURL();
}
@@ -1158,23 +1162,23 @@ class SAMLParser
private function processContactPerson(\SAML2\XML\md\ContactPerson $element)
{
$contactPerson = [];
- if (!empty($element->contactType)) {
- $contactPerson['contactType'] = $element->contactType;
+ if ($element->getContactType() !== '') {
+ $contactPerson['contactType'] = $element->getContactType();
}
- if (!empty($element->Company)) {
- $contactPerson['company'] = $element->Company;
+ if ($element->getCompany() !== null) {
+ $contactPerson['company'] = $element->getCompany();
}
- if (!empty($element->GivenName)) {
- $contactPerson['givenName'] = $element->GivenName;
+ if ($element->getGivenName() !== null) {
+ $contactPerson['givenName'] = $element->getGivenName();
}
- if (!empty($element->SurName)) {
+ if ($element->getSurName() !== null) {
$contactPerson['surName'] = $element->SurName;
}
- if (!empty($element->EmailAddress)) {
- $contactPerson['emailAddress'] = $element->EmailAddress;
+ if ($element->getEmailAddress() !== []) {
+ $contactPerson['emailAddress'] = $element->getEmailAddress();
}
- if (!empty($element->TelephoneNumber)) {
- $contactPerson['telephoneNumber'] = $element->TelephoneNumber;
+ if ($element->getTelephoneNumber() !== []) {
+ $contactPerson['telephoneNumber'] = $element->getTelephoneNumber();
}
if (!empty($contactPerson)) {
$this->contacts[] = $contactPerson;
@@ -1192,22 +1196,22 @@ class SAMLParser
{
assert(is_array($sp));
- $sp['name'] = $element->ServiceName;
- $sp['description'] = $element->ServiceDescription;
+ $sp['name'] = $element->getServiceName();
+ $sp['description'] = $element->getServiceDescription();
$format = null;
$sp['attributes'] = [];
$sp['attributes.required'] = [];
- foreach ($element->RequestedAttribute as $child) {
- $attrname = $child->Name;
+ foreach ($element->getRequestedAttribute() as $child) {
+ $attrname = $child->getName();
$sp['attributes'][] = $attrname;
- if ($child->isRequired !== null && $child->isRequired === true) {
+ if ($child->getIsRequired() === true) {
$sp['attributes.required'][] = $attrname;
}
- if ($child->NameFormat !== null) {
- $attrformat = $child->NameFormat;
+ if ($child->getNameFormat() !== null) {
+ $attrformat = $child->getNameFormat();
} else {
$attrformat = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
}
@@ -1251,18 +1255,18 @@ class SAMLParser
{
$ep = [];
- $ep['Binding'] = $element->Binding;
- $ep['Location'] = $element->Location;
+ $ep['Binding'] = $element->getBinding();
+ $ep['Location'] = $element->getLocation();
- if ($element->ResponseLocation !== null) {
- $ep['ResponseLocation'] = $element->ResponseLocation;
+ if ($element->getResponseLocation() !== null) {
+ $ep['ResponseLocation'] = $element->getResponseLocation();
}
if ($element instanceof \SAML2\XML\md\IndexedEndpointType) {
- $ep['index'] = $element->index;
+ $ep['index'] = $element->getIndex();
- if ($element->isDefault !== null) {
- $ep['isDefault'] = $element->isDefault;
+ if ($element->getIsDefault() !== null) {
+ $ep['isDefault'] = $element->getIsDefault();
}
}
@@ -1279,12 +1283,7 @@ class SAMLParser
*/
private static function extractEndpoints(array $endpoints)
{
- $ret = [];
- foreach ($endpoints as $ep) {
- $ret[] = self::parseGenericEndpoint($ep);
- }
-
- return $ret;
+ return array_map(['self', 'parseGenericEndpoint'], $endpoints);
}
@@ -1306,10 +1305,10 @@ class SAMLParser
{
$r = [];
- if ($kd->use === 'encryption') {
+ if ($kd->getUse() === 'encryption') {
$r['encryption'] = true;
$r['signing'] = false;
- } elseif ($kd->use === 'signing') {
+ } elseif ($kd->getUse() === 'signing') {
$r['encryption'] = false;
$r['signing'] = true;
} else {
@@ -1317,14 +1316,14 @@ class SAMLParser
$r['signing'] = true;
}
- $keyInfo = $kd->KeyInfo;
+ $keyInfo = $kd->getKeyInfo();
- foreach ($keyInfo->info as $i) {
+ foreach ($keyInfo->getInfo() as $i) {
if ($i instanceof \SAML2\XML\ds\X509Data) {
- foreach ($i->data as $d) {
+ foreach ($i->getData() as $d) {
if ($d instanceof \SAML2\XML\ds\X509Certificate) {
$r['type'] = 'X509Certificate';
- $r['X509Certificate'] = $d->certificate;
+ $r['X509Certificate'] = $d->getCertificate();
return $r;
}
}
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index 5ea29bec74a42d27d769e0c8c412f99b240761c8..710fa7f648861b7b515f5807775e19a9b5ba6699 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -126,14 +126,14 @@ class TargetedID extends \SimpleSAML\Auth\ProcessingFilter
if ($this->generateNameId) {
// Convert the targeted ID to a SAML 2.0 name identifier element
$nameId = new \SAML2\XML\saml\NameID();
- $nameId->value = $uid;
- $nameId->Format = \SAML2\Constants::NAMEID_PERSISTENT;
+ $nameId->setValue($uid);
+ $nameId->setFormat(\SAML2\Constants::NAMEID_PERSISTENT);
if (isset($state['Source']['entityid'])) {
- $nameId->NameQualifier = $state['Source']['entityid'];
+ $nameId->setNameQualifier($state['Source']['entityid']);
}
if (isset($state['Destination']['entityid'])) {
- $nameId->SPNameQualifier = $state['Destination']['entityid'];
+ $nameId->setSPNameQualifier($state['Destination']['entityid']);
}
} else {
$nameId = $uid;
diff --git a/modules/exampleattributeserver/www/attributeserver.php b/modules/exampleattributeserver/www/attributeserver.php
index 5664e415c640326369489746774d8fde36c44504..9bdbe415a1ff0a52d2c7fe64701b1bc08550da5b 100644
--- a/modules/exampleattributeserver/www/attributeserver.php
+++ b/modules/exampleattributeserver/www/attributeserver.php
@@ -70,9 +70,9 @@ $assertion->setAttributeNameFormat($attributeNameFormat);
$sc = new \SAML2\XML\saml\SubjectConfirmation();
$sc->Method = \SAML2\Constants::CM_BEARER;
$sc->SubjectConfirmationData = new \SAML2\XML\saml\SubjectConfirmationData();
-$sc->SubjectConfirmationData->NotOnOrAfter = time() + 300; // 60*5 = 5min
-$sc->SubjectConfirmationData->Recipient = $endpoint;
-$sc->SubjectConfirmationData->InResponseTo = $query->getId();
+$sc->SubjectConfirmationData->setNotOnOrAfter(time() + 300); // 60*5 = 5min
+$sc->SubjectConfirmationData->setRecipient($endpoint);
+$sc->SubjectConfirmationData->setInResponseTo($query->getId());
$assertion->setSubjectConfirmation([$sc]);
\SimpleSAML\Module\saml\Message::addSign($idpMetadata, $spMetadata, $assertion);
diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php
index e1455b214d4e6bd3604b762eef6868362f39f3b6..e8c27dba78416342ff436bb0b6e73b64b6cb33a5 100644
--- a/modules/saml/lib/Auth/Process/NameIDAttribute.php
+++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php
@@ -82,7 +82,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter
$ret[] = 'SPNameQualifier';
break;
case 'V':
- $ret[] = 'value';
+ $ret[] = 'Value';
break;
case '%':
$ret[] = '%';
@@ -115,17 +115,16 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter
}
$rep = $state['saml:sp:NameID'];
- assert(isset($rep->value));
-
+ assert(!is_null($rep->getValue()));
$rep->{'%'} = '%';
- if (!isset($rep->Format)) {
- $rep->Format = \SAML2\Constants::NAMEID_UNSPECIFIED;
+ if ($rep->getFormat() !== null) {
+ $rep->setFormat(\SAML2\Constants::NAMEID_UNSPECIFIED);
}
- if (!isset($rep->NameQualifier)) {
- $rep->NameQualifier = $state['Source']['entityid'];
+ if ($rep->getNameQualifier() !== null) {
+ $rep->setNameQualifier($state['Source']['entityid']);
}
- if (!isset($rep->SPNameQualifier)) {
- $rep->SPNameQualifier = $state['Destination']['entityid'];
+ if ($rep->getSPNameQualifier() !== null) {
+ $rep->setSPNameQualifier($state['Destination']['entityid']);
}
$value = '';
@@ -134,7 +133,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter
if ($isString) {
$value .= $element;
} else {
- $value .= $rep->$element;
+ $value .= call_user_func([$rep, 'get'.$element]);
}
$isString = !$isString;
}
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
index d07d8ee0a0245a76582ccf08589ca8e944526ba8..f627f164e777314b908164d3081e6510cba26a75 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
@@ -70,6 +70,6 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
/** @var \SAML2\XML\saml\NameID $nameID */
$nameID = $state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT];
- $state['Attributes'][$this->attribute] = [(!$this->nameId) ? $nameID->value : $nameID];
+ $state['Attributes'][$this->attribute] = [(!$this->nameId) ? $nameID->getValue() : $nameID];
}
}
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index d2cab6d8c3d01bbb6146d6dce0780ddae96368d5..72afde1d9ea2eda890a2d57bf04849318bd26d23 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -232,7 +232,28 @@ class SP extends Source
if (!is_array($state['saml:NameID']) && !is_a($state['saml:NameID'], '\SAML2\XML\saml\NameID')) {
throw new \SimpleSAML\Error\Exception('Invalid value of $state[\'saml:NameID\'].');
}
- $ar->setNameId($state['saml:NameID']);
+
+ $nameId = $state['saml:NameID'];
+ $nid = new \SAML2\XML\saml\NameID();
+ if (!array_key_exists('Value', $nameId)) {
+ throw new \InvalidArgumentException('Missing "Value" in array, cannot create NameID from it.');
+ }
+
+ $nid->setValue($nameId['Value']);
+ if (array_key_exists('NameQualifier', $nameId) && $nameId['NameQualifier'] !== null) {
+ $nid->setNameQualifier($nameId['NameQualifier']);
+ }
+ if (array_key_exists('SPNameQualifier', $nameId) && $nameId['SPNameQualifier'] !== null) {
+ $nid->setSPNameQualifier($nameId['SPNameQualifier']);
+ }
+ if (array_key_exists('SPProvidedID', $nameId) && $nameId['SPProvidedId'] !== null) {
+ $nid->setSPProvidedID($nameId['SPProvidedID']);
+ }
+ if (array_key_exists('Format', $nameId) && $nameId['Format'] !== null) {
+ $nid->setFormat($nameId['Format']);
+ }
+
+ $ar->setNameId($nid);
}
if (isset($state['saml:NameIDPolicy'])) {
diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php
index c5360854e7904bb1ba721eafd5d5937093f0080b..39a4a3f00e61969ad8a7a264806554829ca1c98b 100644
--- a/modules/saml/lib/BaseNameIDGenerator.php
+++ b/modules/saml/lib/BaseNameIDGenerator.php
@@ -93,26 +93,26 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
}
$nameId = new \SAML2\XML\saml\NameID();
- $nameId->value = $value;
+ $nameId->setValue($value);
if ($this->nameQualifier === true) {
if (isset($state['IdPMetadata']['entityid'])) {
- $nameId->NameQualifier = $state['IdPMetadata']['entityid'];
+ $nameId->setNameQualifier($state['IdPMetadata']['entityid']);
} else {
\SimpleSAML\Logger::warning('No IdP entity ID, unable to set NameQualifier.');
}
} elseif (is_string($this->nameQualifier)) {
- $nameId->NameQualifier = $this->nameQualifier;
+ $nameId->setNameQualifier($this->nameQualifier);
}
if ($this->spNameQualifier === true) {
if (isset($state['SPMetadata']['entityid'])) {
- $nameId->SPNameQualifier = $state['SPMetadata']['entityid'];
+ $nameId->setSPNameQualifier($state['SPMetadata']['entityid']);
} else {
\SimpleSAML\Logger::warning('No SP entity ID, unable to set SPNameQualifier.');
}
} elseif (is_string($this->spNameQualifier)) {
- $nameId->SPNameQualifier = $this->spNameQualifier;
+ $nameId->setSPNameQualifier($this->spNameQualifier);
}
$state['saml:NameID'][$this->format] = $nameId;
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 104cdfcd3be2a057c7b46ed4887bb7dce4422979..f65cdaf4f93f69d44214c7d31e5473b8f588d944 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -932,9 +932,9 @@ class SAML2
$sc = new \SAML2\XML\saml\SubjectConfirmation();
$sc->SubjectConfirmationData = new \SAML2\XML\saml\SubjectConfirmationData();
- $sc->SubjectConfirmationData->NotOnOrAfter = $now + $assertionLifetime;
- $sc->SubjectConfirmationData->Recipient = $state['saml:ConsumerURL'];
- $sc->SubjectConfirmationData->InResponseTo = $state['saml:RequestId'];
+ $sc->SubjectConfirmationData->setNotOnOrAfter($now + $assertionLifetime);
+ $sc->SubjectConfirmationData->setRecipient($state['saml:ConsumerURL']);
+ $sc->SubjectConfirmationData->setInResponseTo($state['saml:RequestId']);
// ProtcolBinding of SP's <AuthnRequest> overwrites IdP hosted metadata configuration
$hokAssertion = null;
@@ -947,7 +947,7 @@ class SAML2
if ($hokAssertion) {
// Holder-of-Key
- $sc->Method = \SAML2\Constants::CM_HOK;
+ $sc->setMethod(\SAML2\Constants::CM_HOK);
if (\SimpleSAML\Utils\HTTP::isHTTPS()) {
if (isset($_SERVER['SSL_CLIENT_CERT']) && !empty($_SERVER['SSL_CLIENT_CERT'])) {
// extract certificate data (if this is a certificate)
@@ -956,15 +956,15 @@ class SAML2
if (preg_match($pattern, $clientCert, $matches)) {
// we have a client certificate from the browser which we add to the HoK assertion
$x509Certificate = new \SAML2\XML\ds\X509Certificate();
- $x509Certificate->certificate = str_replace(["\r", "\n", " "], '', $matches[1]);
+ $x509Certificate->setCertificate(str_replace(["\r", "\n", " "], '', $matches[1]));
$x509Data = new \SAML2\XML\ds\X509Data();
- $x509Data->data[] = $x509Certificate;
+ $x509Data->addData($x509Certificate);
$keyInfo = new \SAML2\XML\ds\KeyInfo();
- $keyInfo->info[] = $x509Data;
+ $keyInfo->addInfo($x509Data);
- $sc->SubjectConfirmationData->info[] = $keyInfo;
+ $sc->SubjectConfirmationData->addInfo($keyInfo);
} else {
throw new \SimpleSAML\Error\Exception(
'Error creating HoK assertion: No valid client certificate provided during TLS handshake '.
@@ -983,7 +983,7 @@ class SAML2
}
} else {
// Bearer
- $sc->Method = \SAML2\Constants::CM_BEARER;
+ $sc->setMethod(\SAML2\Constants::CM_BEARER);
}
$a->setSubjectConfirmation([$sc]);
@@ -1012,7 +1012,7 @@ class SAML2
if (isset($state['saml:NameID'][$nameIdFormat])) {
$nameId = $state['saml:NameID'][$nameIdFormat];
- $nameId->Format = $nameIdFormat;
+ $nameId->setFormat($nameIdFormat);
} else {
$spNameQualifier = $spMetadata->getString('SPNameQualifier', null);
if ($spNameQualifier === null) {
@@ -1034,9 +1034,9 @@ class SAML2
}
$nameId = new \SAML2\XML\saml\NameID();
- $nameId->Format = $nameIdFormat;
- $nameId->value = $nameIdValue;
- $nameId->SPNameQualifier = $spNameQualifier;
+ $nameId->setFormat($nameIdFormat);
+ $nameId->setValue($nameIdValue);
+ $nameId->setSPNameQualifier($spNameQualifier);
}
$state['saml:idp:NameID'] = $nameId;
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index 986a1e105205c3c90743cafd4e839c7cddba28e1..3bd6100b47781b504e3c2b1c0f5c88b082e650ad 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -496,7 +496,9 @@ class Message
// Shoaib: setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST
$ar->setProtocolBinding($protbind);
- $ar->setIssuer($spMetadata->getString('entityid'));
+ $issuer = new \SAML2\XML\saml\Issuer();
+ $issuer->setValue($spMetadata->getString('entityid'));
+ $ar->setIssuer($issuer);
$ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', null));
$ar->setAttributeConsumingServiceIndex($spMetadata->getInteger('AttributeConsumingServiceIndex', null));
diff --git a/templates/includes/attributes.php b/templates/includes/attributes.php
index 78b862f48aa582c928b4079b55661307950c28ab..8894feb268a1004b9fce6fb51f4fbacee3279945 100644
--- a/templates/includes/attributes.php
+++ b/templates/includes/attributes.php
@@ -34,19 +34,19 @@ function present_assoc($attr)
function present_eptid(\SimpleSAML\Locale\Translate $t, \SAML2\XML\saml\NameID $nameID)
{
$eptid = [
- 'NameID' => [$nameID->value],
+ 'NameID' => [$nameID->getValue()],
];
- if (!empty($nameID->Format)) {
- $eptid[$t->t('{status:subject_format}')] = [$nameID->Format];
+ if ($nameID->getFormat() !== null) {
+ $eptid[$t->t('{status:subject_format}')] = [$nameID->getFormat()];
}
- if (!empty($nameID->NameQualifier)) {
- $eptid['NameQualifier'] = [$nameID->NameQualifier];
+ if ($nameID->getNameQualifier() !== null) {
+ $eptid['NameQualifier'] = [$nameID->getNameQualifier()];
}
- if (!empty($nameID->SPNameQualifier)) {
- $eptid['SPNameQualifier'] = [$nameID->SPNameQualifier];
+ if ($nameID->getSPNameQualifier() !== null) {
+ $eptid['SPNameQualifier'] = [$nameID->getSPNameQualifier()];
}
- if (!empty($nameID->SPProvidedID)) {
- $eptid['SPProvidedID'] = [$nameID->SPProvidedID];
+ if ($nameID->getSPProvidedID() !== null) {
+ $eptid['SPProvidedID'] = [$nameID->getSPProvidedID()];
}
return '<td class="attrvalue">'.present_assoc($eptid);
}
diff --git a/templates/status.php b/templates/status.php
index 6ddc5191123c188d1f7c33b8cbbd4e1d37bde1af..be24c273d2207dd435eef93199e0197bff428dd4 100644
--- a/templates/status.php
+++ b/templates/status.php
@@ -34,24 +34,24 @@ $nameid = $this->data['nameid'];
if ($nameid !== false) {
/** @var \SAML2\XML\saml\NameID $nameid */
echo "<h2>".$this->t('{status:subject_header}')."</h2>";
- if (is_null($nameid->value)) {
+ if ($nameid->getValue() === null) {
$list = ["NameID" => [$this->t('{status:subject_notset}')]];
echo "<p>NameID: <span class=\"notset\">".$this->t('{status:subject_notset}')."</span></p>";
} else {
$list = [
- "NameId" => [$nameid->value],
+ "NameId" => [$nameid->getValue()],
];
- if (!is_null($nameid->Format)) {
- $list[$this->t('{status:subject_format}')] = [$nameid->Format];
+ if ($nameid->getFormat() !== null) {
+ $list[$this->t('{status:subject_format}')] = [$nameid->getFormat()];
}
- if (!is_null($nameid->NameQualifier)) {
- $list['NameQualifier'] = [$nameid->NameQualifier];
+ if ($nameid->getNameQualifier() !== null) {
+ $list['NameQualifier'] = [$nameid->getNameQualifier()];
}
- if (!is_null($nameid->SPNameQualifier)) {
- $list['SPNameQualifier'] = [$nameid->SPNameQualifier];
+ if ($nameid->getSPNameQualifier() !== null) {
+ $list['SPNameQualifier'] = [$nameid->getSPNameQualifier()];
}
- if (!is_null($nameid->SPProvidedID)) {
- $list['SPProvidedID'] = [$nameid->SPProvidedID];
+ if ($nameid->getSPProvidedID() !== null) {
+ $list['SPProvidedID'] = [$nameid->getSPProvidedID()];
}
}
echo present_attributes($this, $list, '');
diff --git a/tests/modules/saml/lib/Auth/Process/NameIDAttributeTest.php b/tests/modules/saml/lib/Auth/Process/NameIDAttributeTest.php
index f20ee5b377935f3d9e204be8fd949d5f1b84a41f..333523302a8fa76679ff1c272c4da86ad34c1a99 100644
--- a/tests/modules/saml/lib/Auth/Process/NameIDAttributeTest.php
+++ b/tests/modules/saml/lib/Auth/Process/NameIDAttributeTest.php
@@ -11,6 +11,10 @@ namespace SimpleSAML\Test\Module\saml\Auth\Process;
use PHPUnit\Framework\TestCase;
+use SimpleSAML\Module\saml\Auth\Process\NameIDAttribute;
+use SAML2\XML\saml\NameID;
+use SAML2\Constants;
+
class NameIDAttributeTest extends TestCase
{
@@ -23,7 +27,7 @@ class NameIDAttributeTest extends TestCase
*/
private function processFilter(array $config, array $request)
{
- $filter = new \SimpleSAML\Module\saml\Auth\Process\NameIDAttribute($config, null);
+ $filter = new NameIDAttribute($config, null);
$filter->process($request);
return $request;
}
@@ -35,14 +39,16 @@ class NameIDAttributeTest extends TestCase
public function testMinimalConfig()
{
$config = [];
-
- $nameId = new \SAML2\XML\saml\NameID();
- $nameId->value = 'eugene@oombaas';
- $nameId->Format = \SAML2\Constants::NAMEID_PERSISTENT;
-
$spId = 'eugeneSP';
$idpId = 'eugeneIdP';
+
+ $nameId = new NameID();
+ $nameId->setValue('eugene@oombaas');
+ $nameId->setFormat(Constants::NAMEID_PERSISTENT);
+ $nameId->setNameQualifier($idpId);
+ $nameId->setSPNameQualifier($spId);
+
$request = [
'Source' => [
'entityid' => $spId,
@@ -53,7 +59,7 @@ class NameIDAttributeTest extends TestCase
'saml:sp:NameID' => $nameId,
];
$result = $this->processFilter($config, $request);
- $this->assertEquals("{$spId}!{$idpId}!{$nameId->value}", $result['Attributes']['nameid'][0]);
+ $this->assertEquals("{$spId}!{$idpId}!{$nameId->getValue()}", $result['Attributes']['nameid'][0]);
}
/**
@@ -63,14 +69,15 @@ class NameIDAttributeTest extends TestCase
{
$attributeName = 'eugeneNameIDAttribute';
$config = ['attribute' => $attributeName];
-
- $nameId = new \SAML2\XML\saml\NameID();
- $nameId->value = 'eugene@oombaas';
- $nameId->Format = \SAML2\Constants::NAMEID_PERSISTENT;
-
$spId = 'eugeneSP';
$idpId = 'eugeneIdP';
+ $nameId = new NameID();
+ $nameId->setValue('eugene@oombaas');
+ $nameId->setFormat(Constants::NAMEID_PERSISTENT);
+ $nameId->setNameQualifier($idpId);
+ $nameId->setSPNameQualifier($spId);
+
$request = [
'Source' => [
'entityid' => $spId,
@@ -82,7 +89,7 @@ class NameIDAttributeTest extends TestCase
];
$result = $this->processFilter($config, $request);
$this->assertTrue(isset($result['Attributes'][$attributeName]));
- $this->assertEquals("{$spId}!{$idpId}!{$nameId->value}", $result['Attributes'][$attributeName][0]);
+ $this->assertEquals("{$spId}!{$idpId}!{$nameId->getValue()}", $result['Attributes'][$attributeName][0]);
}
/**
@@ -91,14 +98,15 @@ class NameIDAttributeTest extends TestCase
public function testFormat()
{
$config = ['format' => '%V'];
-
- $nameId = new \SAML2\XML\saml\NameID();
- $nameId->value = 'eugene@oombaas';
- $nameId->Format = \SAML2\Constants::NAMEID_PERSISTENT;
-
$spId = 'eugeneSP';
$idpId = 'eugeneIdP';
+ $nameId = new NameID();
+ $nameId->setValue('eugene@oombaas');
+ $nameId->setFormat(Constants::NAMEID_PERSISTENT);
+ $nameId->setNameQualifier($idpId);
+ $nameId->setSPNameQualifier($spId);
+
$request = [
'Source' => [
'entityid' => $spId,
@@ -109,7 +117,7 @@ class NameIDAttributeTest extends TestCase
'saml:sp:NameID' => $nameId,
];
$result = $this->processFilter($config, $request);
- $this->assertEquals("{$nameId->value}", $result['Attributes']['nameid'][0]);
+ $this->assertEquals("{$nameId->getValue()}", $result['Attributes']['nameid'][0]);
}
@@ -120,14 +128,15 @@ class NameIDAttributeTest extends TestCase
{
$attributeName = 'eugeneNameIDAttribute';
$config = ['attribute' => $attributeName, 'format' => '%V'];
-
- $nameId = new \SAML2\XML\saml\NameID();
- $nameId->value = 'eugene@oombaas';
- $nameId->Format = \SAML2\Constants::NAMEID_PERSISTENT;
-
$spId = 'eugeneSP';
$idpId = 'eugeneIdP';
+ $nameId = new NameID();
+ $nameId->setValue('eugene@oombaas');
+ $nameId->setFormat(Constants::NAMEID_PERSISTENT);
+ $nameId->setNameQualifier($idpId);
+ $nameId->setSPNameQualifier($spId);
+
$request = [
'Source' => [
'entityid' => $spId,
@@ -139,6 +148,6 @@ class NameIDAttributeTest extends TestCase
];
$result = $this->processFilter($config, $request);
$this->assertTrue(isset($result['Attributes'][$attributeName]));
- $this->assertEquals("{$nameId->value}", $result['Attributes'][$attributeName][0]);
+ $this->assertEquals("{$nameId->getValue()}", $result['Attributes'][$attributeName][0]);
}
}
diff --git a/tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php b/tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php
index c1310986c847bbca8c195bfdd4fab7e6e2de8367..53da3c2e9822342be8c4173b57e316db126a62fa 100644
--- a/tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php
+++ b/tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php
@@ -195,8 +195,8 @@ class SPTest extends TestCase
$ar = $this->createAuthnRequest($state);
$nameID = $ar->getNameId();
- $this->assertEquals($state['saml:NameID']['Value'], $nameID->value);
- $this->assertEquals($state['saml:NameID']['Format'], $nameID->Format);
+ $this->assertEquals($state['saml:NameID']['Value'], $nameID->getValue());
+ $this->assertEquals($state['saml:NameID']['Format'], $nameID->getFormat());
/** @var $xml \DOMElement */
$xml = $ar->toSignedXML();
diff --git a/tests/modules/saml/lib/IdP/SAML2Test.php b/tests/modules/saml/lib/IdP/SAML2Test.php
index ef94baf9a28b7bf2510cfba38ba5d95d1820dcce..dbd026097c9268508c734ee8a5ca467fd7fe9738 100644
--- a/tests/modules/saml/lib/IdP/SAML2Test.php
+++ b/tests/modules/saml/lib/IdP/SAML2Test.php
@@ -84,8 +84,8 @@ class SAML2Test extends ClearStateTestCase
unset($state['\SimpleSAML\Auth\State.restartURL']); // url contains a cookie time which varies by test
$expectedState = $this->defaultExpectedAuthState;
- $expectedState[ 'saml:ConsumerURL'] = 'https://example.com/Shibboleth.sso/SAML2/POST';
- $expectedState[ 'saml:Binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST';
+ $expectedState['saml:ConsumerURL'] = 'https://example.com/Shibboleth.sso/SAML2/POST';
+ $expectedState['saml:Binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST';
$this->assertEquals($expectedState, $state);
}
@@ -142,8 +142,8 @@ class SAML2Test extends ClearStateTestCase
unset($state['\SimpleSAML\Auth\State.restartURL']); // url contains a cookie time which varies by test
$expectedState = $this->defaultExpectedAuthState;
- $expectedState[ 'saml:ConsumerURL'] = 'https://example.com/Shibboleth.sso/SAML2/POST';
- $expectedState[ 'saml:Binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST';
+ $expectedState['saml:ConsumerURL'] = 'https://example.com/Shibboleth.sso/SAML2/POST';
+ $expectedState['saml:Binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST';
$this->assertEquals($expectedState, $state);
}
@@ -221,7 +221,7 @@ EOT;
// won't line up perfectly
$_REQUEST = $_REQUEST + $queryParams;
$_SERVER['HTTP_HOST'] = 'idp.examlple.com';
- $_SERVER['REQUEST_URI'] = '/saml2/idp/SSOService.php?' . http_build_query($queryParams);
+ $_SERVER['REQUEST_URI'] = '/saml2/idp/SSOService.php?'.http_build_query($queryParams);
$state = [];