SAML2-SP: Moved session creating from AuthnResponse class to AssertionConsumerService.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@815 44740490-163a-0410-bde0-09ae8108e29a

SAML2-SP: Moved session creating from AuthnResponse class to AssertionConsumerService.
c29d45cb · Olav Morken · 7e872417 · c29d45cb · c29d45cb
Commit c29d45cb authored 16 years ago by Olav Morken
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -70,9 +70,6 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 	 */
 	public function validate() { throw new Exception('TODO!'); }
 	public function createSession() { throw new Exception('TODO!'); }
-	public function getAttributes() { throw new Exception('TODO!'); }
-	public function getIssuer() { throw new Exception('TODO!'); }
-	public function getNameID() { throw new Exception('TODO!'); }
 	/**
@@ -533,15 +530,6 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 				throw new Exception('No nameID found in AuthnResponse.');
 			}
-			/* Update the session information */
-			$session = SimpleSAML_Session::getInstance();
-			$session->doLogin('saml2');
-			$session->setAttributes($this->attributes);
-			$session->setNameID($this->nameid);
-			$session->setSessionIndex($this->sessionIndex);
-			$session->setIdP($this->issuer);
 			return TRUE;
 		} else {
 			/* A different status code. */
@@ -577,7 +565,71 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		return $result;
 	}		
+	/**
+	 * Retrieve the attributes.
+	 *
+	 * This function should only be called after a successful call to the process-function.
+	 *
+	 * @return array  The attributes.
+	 */
+	public function getAttributes() {
+		return $this->attributes;
+	}
+	/**
+	 * Retrieve the NameID.
+	 *
+	 * The NameID will be returned as an associative array with two elements:
+	 * - 'Format'  The format of the NameID.
+	 * - 'value'   The valud of the NameID.
+	 *
+	 * This function should only be called after a successful call to the process-function.
+	 *
+	 * @return array  The NameID.
+	 */
+	public function getNameID() {
+		assert('is_array($this->nameid)');
+		assert('array_key_exists("Format", $this->nameid)');
+		assert('array_key_exists("value", $this->nameid)');
+		return $this->nameid;
+	}
+	/**
+	 * Retrieve the session index.
+	 *
+	 * This function retrieves the SessionIndex of this authentication response.
+	 *
+	 * This function should only be called after a successful call to the process-function.
+	 *
+	 * @return string  The SessionIndex of this response.
+	 */
+	public function getSessionIndex() {
+		assert('is_string($this->sessionIndex)');
+		return $this->sessionIndex;
+	}
+	/**
+	 * Retrieve the issuer.
+	 *
+	 * This function retrieves the Issuer of this authentication response.
+	 *
+	 * This function should only be called after a successful call to the process-function.
+	 *
+	 * @return string  The entity id of the issuer of this response.
+	 */
+	public function getIssuer() {
+		assert('is_string($this->issuer)');
+		return $this->issuer;
+	}
 	/**
 	 * This function generates an AuthenticationResponse

--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -66,10 +66,10 @@ try {
 	/* Successful authentication. */
-	SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+	SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Successful response from IdP');
 	/* The response should include the entity id of the IdP. */
-	$idpentityid = $authnResponse->findIssuer();
+	$idpentityid = $authnResponse->getIssuer();
 	$idpmetadata = $metadata->getMetaData($idpentityid, 'saml20-idp-remote');
 	$spmetadata = $metadata->getMetaDataCurrent();
@@ -78,14 +78,14 @@ try {
 	/*
 	 * Attribute handling
 	 */
-	$attributes = $session->getAttributes();
+	$attributes = $authnResponse->getAttributes();
 	$afilter = new SimpleSAML_XML_AttributeFilter($config, $attributes);
 	$afilter->process($idpmetadata, $spmetadata);
 	/**
 	 * Make a log entry in the statistics for this SSO login.
 	 */
-	$tempattr = $session->getAttributes();
+	$tempattr = $authnResponse->getAttributes();
 	$realmattr = $config->getValue('statistics.realmattr', null);
 	$realmstr = 'NA';
 	if (!empty($realmattr)) {
@@ -100,10 +100,17 @@ try {
 	$afilter->processFilter($idpmetadata, $spmetadata);
-	$session->setAttributes($afilter->getAttributes());
+	$attributes = $afilter->getAttributes();
 	SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Completed attribute handling');
+	/* Update the session information */
+	$session->doLogin('saml2');
+	$session->setAttributes($attributes);
+	$session->setNameID($authnResponse->getNameID());
+	$session->setSessionIndex($authnResponse->getSessionIndex());
 	$session->setIdP($idpentityid);