From c29d45cb340d5f3bd6ad05fa2025fda738b4071e Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 19 Aug 2008 13:49:38 +0000
Subject: [PATCH] SAML2-SP: Moved session creating from AuthnResponse class to
 AssertionConsumerService.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@815 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/XML/SAML20/AuthnResponse.php | 78 +++++++++++++++++----
 www/saml2/sp/AssertionConsumerService.php   | 17 +++--
 2 files changed, 77 insertions(+), 18 deletions(-)

diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index 5ec634aeb..32ebfb432 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -70,9 +70,6 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 	 */
 	public function validate() { throw new Exception('TODO!'); }
 	public function createSession() { throw new Exception('TODO!'); }
-	public function getAttributes() { throw new Exception('TODO!'); }
-	public function getIssuer() { throw new Exception('TODO!'); }
-	public function getNameID() { throw new Exception('TODO!'); }
 
 
 	/**
@@ -533,15 +530,6 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 				throw new Exception('No nameID found in AuthnResponse.');
 			}
 	
-			/* Update the session information */
-			$session = SimpleSAML_Session::getInstance();
-			$session->doLogin('saml2');
-	
-			$session->setAttributes($this->attributes);
-			$session->setNameID($this->nameid);
-			$session->setSessionIndex($this->sessionIndex);
-			$session->setIdP($this->issuer);
-
 			return TRUE;
 		} else {
 			/* A different status code. */
@@ -577,7 +565,71 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 
 		return $result;
 	}		
-			
+
+
+	/**
+	 * Retrieve the attributes.
+	 *
+	 * This function should only be called after a successful call to the process-function.
+	 *
+	 * @return array  The attributes.
+	 */
+	public function getAttributes() {
+		return $this->attributes;
+	}
+
+
+	/**
+	 * Retrieve the NameID.
+	 *
+	 * The NameID will be returned as an associative array with two elements:
+	 * - 'Format'  The format of the NameID.
+	 * - 'value'   The valud of the NameID.
+	 *
+	 * This function should only be called after a successful call to the process-function.
+	 *
+	 * @return array  The NameID.
+	 */
+	public function getNameID() {
+		assert('is_array($this->nameid)');
+		assert('array_key_exists("Format", $this->nameid)');
+		assert('array_key_exists("value", $this->nameid)');
+
+		return $this->nameid;
+	}
+
+
+	/**
+	 * Retrieve the session index.
+	 *
+	 * This function retrieves the SessionIndex of this authentication response.
+	 *
+	 * This function should only be called after a successful call to the process-function.
+	 *
+	 * @return string  The SessionIndex of this response.
+	 */
+	public function getSessionIndex() {
+		assert('is_string($this->sessionIndex)');
+
+		return $this->sessionIndex;
+	}
+
+
+	/**
+	 * Retrieve the issuer.
+	 *
+	 * This function retrieves the Issuer of this authentication response.
+	 *
+	 * This function should only be called after a successful call to the process-function.
+	 *
+	 * @return string  The entity id of the issuer of this response.
+	 */
+	public function getIssuer() {
+		assert('is_string($this->issuer)');
+
+		return $this->issuer;
+	}
+
 
 	/**
 	 * This function generates an AuthenticationResponse
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 9e24a9c90..aeaa2ac7d 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -66,10 +66,10 @@ try {
 
 	/* Successful authentication. */
 
-	SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+	SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Successful response from IdP');
 
 	/* The response should include the entity id of the IdP. */
-	$idpentityid = $authnResponse->findIssuer();
+	$idpentityid = $authnResponse->getIssuer();
 	
 	$idpmetadata = $metadata->getMetaData($idpentityid, 'saml20-idp-remote');
 	$spmetadata = $metadata->getMetaDataCurrent();
@@ -78,14 +78,14 @@ try {
 	/*
 	 * Attribute handling
 	 */
-	$attributes = $session->getAttributes();
+	$attributes = $authnResponse->getAttributes();
 	$afilter = new SimpleSAML_XML_AttributeFilter($config, $attributes);
 	$afilter->process($idpmetadata, $spmetadata);
 	
 	/**
 	 * Make a log entry in the statistics for this SSO login.
 	 */
-	$tempattr = $session->getAttributes();
+	$tempattr = $authnResponse->getAttributes();
 	$realmattr = $config->getValue('statistics.realmattr', null);
 	$realmstr = 'NA';
 	if (!empty($realmattr)) {
@@ -100,10 +100,17 @@ try {
 	
 	$afilter->processFilter($idpmetadata, $spmetadata);
 			
-	$session->setAttributes($afilter->getAttributes());
+	$attributes = $afilter->getAttributes();
+
 	SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Completed attribute handling');
 	
 	
+
+	/* Update the session information */
+	$session->doLogin('saml2');
+	$session->setAttributes($attributes);
+	$session->setNameID($authnResponse->getNameID());
+	$session->setSessionIndex($authnResponse->getSessionIndex());
 	$session->setIdP($idpentityid);
 		
 		
-- 
GitLab