From 3707ceabbae18b3a6d4d9cc48e1b643948fc56be Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 5 Jan 2011 12:17:59 +0000
Subject: [PATCH] saml:IdP: Extract extensions from authentication request.
Thanks to Andjelko Horvat for implementing this!
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2701 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SAML2/AuthnRequest.php | 30 +++++++++++++++++++
lib/SAML2/XML/samlp/Extensions.php | 48 ++++++++++++++++++++++++++++++
modules/saml/lib/IdP/SAML2.php | 3 ++
3 files changed, 81 insertions(+)
create mode 100644 lib/SAML2/XML/samlp/Extensions.php
diff --git a/lib/SAML2/AuthnRequest.php b/lib/SAML2/AuthnRequest.php
index dc1c26dc9..44fa85c1d 100644
--- a/lib/SAML2/AuthnRequest.php
+++ b/lib/SAML2/AuthnRequest.php
@@ -79,6 +79,12 @@ class SAML2_AuthnRequest extends SAML2_Request {
*/
private $requestedAuthnContext;
+ /**
+ * Request extensions.
+ *
+ * @var array
+ */
+ private $extensions;
/**
* Constructor for SAML 2 authentication request messages.
@@ -165,6 +171,8 @@ class SAML2_AuthnRequest extends SAML2_Request {
}
}
+
+ $this->extensions = SAML2_XML_samlp_Extensions::getList($xml);
}
@@ -346,6 +354,28 @@ class SAML2_AuthnRequest extends SAML2_Request {
}
+ /**
+ * Retrieve the Extensions.
+ *
+ * @return SAML2_XML_samlp_Extensions.
+ */
+ public function getExtensions() {
+ return $this->extensions;
+ }
+
+
+ /**
+ * Set the Extensions.
+ *
+ * @param array|NULL $extensions The Extensions.
+ */
+ public function setExtensions($extensions) {
+ assert('is_array($extensions) || is_null($extensions)');
+
+ $this->extensions = $extensions;
+ }
+
+
/**
* Convert this authentication request to an XML element.
*
diff --git a/lib/SAML2/XML/samlp/Extensions.php b/lib/SAML2/XML/samlp/Extensions.php
new file mode 100644
index 000000000..ad86c3f58
--- /dev/null
+++ b/lib/SAML2/XML/samlp/Extensions.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * Class for handling SAML2 extensions.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class SAML2_XML_samlp_Extensions {
+
+ /**
+ * Get a list of Extensions in the given element.
+ *
+ * @param DOMElement $parent The element that may contain the samlp:Extensions element.
+ * @return array Array of extensions.
+ */
+ public static function getList(DOMElement $parent) {
+
+ $ret = array();
+ foreach (SAML2_Utils::xpQuery($parent, './saml_protocol:Extensions/*') as $node) {
+ $ret[] = new SAML2_XML_Chunk($node);
+ }
+
+ return $ret;
+ }
+
+
+ /**
+ * Add a list of Extensions to the given element.
+ *
+ * @param DOMElement $parent The element we should add the extensions to.
+ * @param array $extensions List of extension objects.
+ */
+ public static function addList(DOMElement $parent, array $extensions) {
+
+ if (empty($extensions)) {
+ return;
+ }
+
+ $extElement = $parent->ownerDocument->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:Extensions');
+ $parent->appendChild($extElement);
+
+ foreach ($extensions as $ext) {
+ $ext->toXML($extElement);
+ }
+ }
+
+}
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 85050b4b4..589b343ef 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -173,6 +173,7 @@ class sspmod_saml_IdP_SAML2 {
$forceAuthn = FALSE;
$isPassive = FALSE;
$consumerURL = NULL;
+ $extensions = NULL;
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: '. var_export($spEntityId, TRUE));
@@ -204,6 +205,7 @@ class sspmod_saml_IdP_SAML2 {
$isPassive = $request->getIsPassive();
$consumerURL = $request->getAssertionConsumerServiceURL();
$protocolBinding = $request->getProtocolBinding();
+ $extensions = $request->getExtensions();
$nameIdPolicy = $request->getNameIdPolicy();
if (isset($nameIdPolicy['Format'])) {
@@ -283,6 +285,7 @@ class sspmod_saml_IdP_SAML2 {
'saml:ConsumerURL' => $consumerURL,
'saml:Binding' => $protocolBinding,
'saml:NameIDFormat' => $nameIDFormat,
+ 'saml:Extensions' => $extensions,
);
$idp->handleAuthenticationRequest($state);
--
GitLab