diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
index 8d68c99f71007de1d05db650ba2a7b7fbace671e..6845a0e6de9a913d8035a8f82da9ea706120f9d3 100644
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
@@ -76,10 +76,11 @@ class SimpleSAML_Bindings_SAML20_HTTPPost {
/*
$privatekey = "/home/as/erlang/feide2/cert/edugain/server1Key.pem";
$publiccert = "/home/as/erlang/feide2/cert/edugain/server2chain.pem";
- */
+
$privatekey = "/home/as/erlang/feide2/cert/server.pem";
$publiccert = "/home/as/erlang/feide2/cert/server.crt";
+ */
$privatekey = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['privatekey'];
$publiccert = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['certificate'];
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index cbe2a19a3d0f026f39f70b7c74017d72cb25d619..21409b26d24d7b392d5cec34fa6bf3421b7bf97d 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -68,18 +68,14 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
public function sendResponse($response, $idpentityid, $spentityid, $relayState = null) {
- $idpmd = $this->metadata->getMetaData($idpentityid, 'saml20-idp-hosted');
- $spmd = $this->metadata->getMetaData($spentityid, 'saml20-sp-remote');
+ $idpmd = $this->metadata->getMetaData($idpentityid, 'shib13-idp-hosted');
+ $spmd = $this->metadata->getMetaData($spentityid, 'shib13-sp-remote');
- $destination = $spmd['assertionConsumerServiceURL'];
+ $destination = $spmd['shire'];
- /*
- $privatekey = "/home/as/erlang/feide2/cert/edugain/server1Key.pem";
- $publiccert = "/home/as/erlang/feide2/cert/edugain/server2chain.pem";
- */
+ $privatekey = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['privatekey'];
+ $publiccert = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['certificate'];
- $privatekey = "/home/as/erlang/feide2/cert/server.pem";
- $publiccert = "/home/as/erlang/feide2/cert/server.crt";
/*
@@ -87,7 +83,8 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
*/
$objXMLSecDSig = new XMLSecurityDSig();
//$objXMLSecDSig->idKeys[] = 'ResponseID';
- #$objXMLSecDSig->idKeys = array('ResponseID');
+
+ $objXMLSecDSig->idKeys = array('ResponseID');
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
@@ -99,9 +96,9 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
//$assertionroot = $responsedom->getElementsByTagName('Assertion')->item(1);
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
- #$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
- $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature',
- 'http://www.w3.org/2001/10/xml-exc-c14n#'));
+ $objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID');
+ #$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature',
+ # 'http://www.w3.org/2001/10/xml-exc-c14n#'));
#$objXMLSecDSig->addRefInternal($responseroot, $responseroot, XMLSecurityDSig::SHA1);
@@ -128,7 +125,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
*/
- $objXMLSecDSig->appendSignature($firstassertionroot, true);
+ $objXMLSecDSig->appendSignature($responseroot, false);
$response = $responsedom->saveXML();
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 03befb7c6c8787e8c63bacb84e5c5584f7f512f4..db523b01931796bdf63c02fbefbb0a1b5dba27df 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -34,6 +34,8 @@ class SimpleSAML_Session {
private $configuration = null;
private $authnrequests = array();
+ private $shibauthreq = null;
+
private $authnresponse = null;
private $logoutrequest = null;
@@ -61,6 +63,7 @@ class SimpleSAML_Session {
$this->protocol = $protocol;
$this->authnresponse = $message;
+
$this->authenticated = $authenticated;
if ($authenticated) {
$this->sessionstarted = time();
@@ -119,6 +122,14 @@ class SimpleSAML_Session {
$_SESSION['SimpleSAMLphp_SESSION'] = self::$instance;
}
}
+
+ public function setShibAuthnRequest(SimpleSAML_XML_Shib13_AuthnRequest $req) {
+ $this->shibauthreq = $req;
+ }
+
+ public function getShibAuthnRequest() {
+ return $this->shibauthreq;
+ }
public function setAuthnRequest($requestid, SimpleSAML_XML_SAML20_AuthnRequest $xml) {
$this->authnrequests[$requestid] = $xml;
@@ -218,6 +229,10 @@ class SimpleSAML_Session {
$this->attributes = $attributes;
}
+ public function setAttribute($name, $value) {
+ $this->attributes[$name] = $value;
+ }
+
}
?>
\ No newline at end of file
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php
index ef7c0c9aa034b0af09f749899da580df8e7c7a3b..6d12ae978634bf514ad6ac38ee19b4ebab10be35 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php
@@ -34,6 +34,8 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
function __construct(SimpleSAML_Configuration $configuration, SimpleSAML_XML_MetaDataStore $metadatastore) {
$this->configuration = $configuration;
$this->metadata = $metadatastore;
+
+ $this->requestid = $this->generateID();
}
public function setRelayState($relayState) {
@@ -54,7 +56,13 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
public function parseGet($get) {
- return null;
+ if (!isset($get['shire'])) throw new Exception('Could not read shire parameter from HTTP GET request');
+ if (!isset($get['providerId'])) throw new Exception('Could not read providerId parameter from HTTP GET request');
+ if (!isset($get['target'])) throw new Exception('Could not read target parameter from HTTP GET request');
+
+ $this->setIssuer($get['providerId']);
+ $this->setRelayState($get['target']);
+
}
public function setNewRequestID() {
@@ -70,11 +78,11 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
$session = SimpleSAML_Session::getInstance();
if (!isset($session)) {
- SimpleSAML_Session::init(self::PROTOCOL);
+ SimpleSAML_Session::init(self::PROTOCOL, null, false);
$session = SimpleSAML_Session::getInstance();
}
- $session->setAuthnRequest($this->getRequestID(), $this);
+ $session->setShibAuthnRequest($this);
/*
if (isset($this->relayState)) {
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 22412500c8d8432a5520edbc4447ddfc637b6ad4..98a029550c5ca6b3dc4867d367c01a34cfd9b11e 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -319,15 +319,15 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
//echo 'idp:' . $idpentityid . ' sp:' . $spentityid .' inresponseto:' . $inresponseto . ' namid:' . $nameid;
- $idpmd = $this->metadata->getMetaData($idpentityid, 'saml20-idp-hosted');
- $spmd = $this->metadata->getMetaData($spentityid, 'saml20-sp-remote');
+ $idpmd = $this->metadata->getMetaData($idpentityid, 'shib13-idp-hosted');
+ $spmd = $this->metadata->getMetaData($spentityid, 'shib13-sp-remote');
$id = self::generateID();
$issueInstant = self::generateIssueInstant();
$assertionExpire = self::generateIssueInstant(60 * 5); # 5 minutes
$assertionid = self::generateID();
- $sessionindex = self::generateID();
+
if (is_null($nameid)) {
$nameid = self::generateID();
@@ -335,63 +335,82 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$issuer = $idpentityid;
- $assertionConsumerServiceURL = $spmd['assertionConsumerServiceURL'];
- $spNameQualifier = $spmd['spNameQualifier'];
-
- $destination = $spmd['assertionConsumerServiceURL'];
+ $shire = $spmd['shire'];
+ $audience = $spmd['audience'];
+ $spnamequalifier = $spmd['spnamequalifier'];
+ $base64 = $idpmd['base64'];
$encodedattributes = '';
- foreach ($attributes AS $name => $value) {
- $encodedattributes .= $this->enc_attribute($name, $value[0], true);
+
+ if (is_array($attributes)) {
+
+ $encodedattributes .= '<AttributeStatement>
+ <Subject>
+ <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="' . $spnamequalifier . '"
+ >' . $nameid . '</NameIdentifier>
+ </Subject>';
+
+ foreach ($attributes AS $name => $value) {
+ $encodedattributes .= $this->enc_attribute($name, $value[0], $base64);
+ }
+
+ $encodedattributes .= '</AttributeStatement>';
}
- $authnResponse = '<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
- ID="' . $id . '"
- InResponseTo="' . $inresponseto. '" Version="2.0"
- IssueInstant="' . $issueInstant . '"
- Destination="' . $destination . '">
- <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . $issuer . '</saml:Issuer>
- <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
- <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
- Value="urn:oasis:names:tc:SAML:2.0:status:Success"> </samlp:StatusCode>
- </samlp:Status>
- <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0"
- ID="' . $assertionid . '" IssueInstant="' . $issueInstant . '">
- <saml:Issuer>' . $issuer . '</saml:Issuer>
- <saml:Subject>
- <saml:NameID NameQualifier="' . $issuer . '" SPNameQualifier="'. $spentityid. '"
- Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
- >' . $nameid. '</saml:NameID>
- <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml:SubjectConfirmationData NotOnOrAfter="' . $assertionExpire . '"
- InResponseTo="' . $inresponseto. '"
- Recipient="' . $destination . '"/>
- </saml:SubjectConfirmation>
- </saml:Subject>
- <saml:Conditions NotBefore="' . $issueInstant. '" NotOnOrAfter="' . $assertionExpire. '">
- <saml:AudienceRestriction>
- <saml:Audience>' . $spentityid . '</saml:Audience>
- </saml:AudienceRestriction>
- </saml:Conditions>
- <saml:AuthnStatement AuthnInstant="' . $issueInstant . '"
- SessionIndex="' . $sessionindex . '">
- <saml:AuthnContext>
- <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
- </saml:AuthnContext>
- </saml:AuthnStatement>
- <saml:AttributeStatement>
- ' . $encodedattributes . '
- </saml:AttributeStatement>
- </saml:Assertion>
-</samlp:Response>
-';
+
+
+ /*
+ * The SAML 1.1 response message
+ */
+ $response = '<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
+ xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+ xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="' . $issueInstant. '"
+ MajorVersion="1" MinorVersion="1"
+ Recipient="' . $shire . '"
+ ResponseID="' . $id . '">
+
+<Status>
+ <StatusCode Value="samlp:Success">
+ <StatusCode xmlns:code="urn:geant2:edugain:protocol" Value="code:Accepted"/>
+ </StatusCode>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
+ AssertionID="' . $assertionid . '" IssueInstant="' . $issueInstant. '"
+ Issuer="' . $issuer . '" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="' . $issueInstant. '" NotOnOrAfter="'. $assertionExpire . '">
+ <AudienceRestrictionCondition>
+ <Audience>' . $audience . '</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="' . $issueInstant. '"
+ AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
+ <Subject>
+ <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="' . $spnamequalifier . '"
+ >' . $nameid . '</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ </AuthenticationStatement>
+
+ ' . $encodedattributes . '
+ </Assertion>
+</Response>';
- return $authnResponse;
+ return $response;
}
+
+ private function enc_attribute($name, $value, $base64 = false) {
+ return '<Attribute AttributeName="' . $name . '"
+ AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+ <AttributeValue>' . ($base64 ? base64_encode($value) : htmlspecialchars($value) ) . '</AttributeValue>
+ </Attribute>';
+ }
}
diff --git a/lib/xmlseclibs.php b/lib/xmlseclibs.php
index f441eafd9040959ed0bb4aaa72a5bb00fe513911..18807ca2e8b17d9ab00da8bbc5fc8e1b2516ce43 100644
--- a/lib/xmlseclibs.php
+++ b/lib/xmlseclibs.php
@@ -811,10 +811,10 @@ class XMLSecurityDSig {
return TRUE;
}
- private function addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=NULL, $options=NULL) {
+ private function addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=NULL, $options=NULL, $id_name = 'ID') {
$prefix = NULL;
$prefix_ns = NULL;
- $id_name = 'ID';
+
if (is_array($options)) {
$prefix = empty($options['prefix'])?NULL:$options['prefix'];
@@ -868,23 +868,23 @@ class XMLSecurityDSig {
$refNode->appendChild($digestValue);
}
- public function addReference($node, $algorithm, $arTransforms=NULL, $options=NULL) {
+ public function addReference($node, $algorithm, $arTransforms=NULL, $options=NULL, $idname = 'ID') {
if ($xpath = $this->getXPathObj()) {
$query = "./secdsig:SignedInfo";
$nodeset = $xpath->query($query, $this->sigNode);
if ($sInfo = $nodeset->item(0)) {
- $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options);
+ $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options, $idname);
}
}
}
- public function addReferenceList($arNodes, $algorithm, $arTransforms=NULL, $options=NULL) {
+ public function addReferenceList($arNodes, $algorithm, $arTransforms=NULL, $options=NULL, $idname = 'ID') {
if ($xpath = $this->getXPathObj()) {
$query = "./secdsig:SignedInfo";
$nodeset = $xpath->query($query, $this->sigNode);
if ($sInfo = $nodeset->item(0)) {
foreach ($arNodes AS $node) {
- $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options);
+ $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options, $idname);
}
}
}
@@ -979,7 +979,50 @@ class XMLSecurityDSig {
$objKey->serializeKey($parent);
}
- public function appendSignature($parentNode, $insertBefore = FALSE, $assertion = false) {
+
+ public function appendSignatureShib($parentNode, $insertBefore = FALSE, $assertion = false) {
+ $baseDoc = ($parentNode instanceof DOMDocument)?$parentNode:$parentNode->ownerDocument;
+ $newSig = $baseDoc->importNode($this->sigNode, TRUE);
+
+
+
+ $xnode = null;
+
+ $xpath = new DOMXPath($baseDoc);
+ $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
+ $xpath->registerNamespace('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
+ $xpath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
+
+
+ if ($insertBefore && !$assertion) {
+
+ $query = "//samlp:Status";
+ $nodeset = $xpath->query($query, $parentNode);
+
+ $xnode = $nodeset->item(0);
+ if (!$xnode)
+ throw new Exception("Could not find node to sign before (Root signing mode)");
+
+ $parentNode->insertBefore($newSig, $xnode);
+
+ } elseif ($insertBefore) {
+
+ $query = "//saml:Assertion/saml:Subject";
+ $nodeset = $xpath->query($query, $parentNode);
+
+ $xnode = $nodeset->item(0);
+ if (!$xnode)
+ throw new Exception("Could not find node to sign before (Assertion signing mode)");
+
+ $parentNode->insertBefore($newSig, $xnode);
+ } else {
+ $parentNode->appendChild($newSig);
+ }
+ }
+
+
+
+ public function appendSignature($parentNode, $insertBefore = false, $assertion = false) {
$baseDoc = ($parentNode instanceof DOMDocument)?$parentNode:$parentNode->ownerDocument;
$newSig = $baseDoc->importNode($this->sigNode, TRUE);
diff --git a/metadata-templates/shib13-idp-hosted.php b/metadata-templates/shib13-idp-hosted.php
index ce175ddb88481d08e3581d3fac35b9a398a466d6..80c1c6b91b4428b4e95ad692d5c82819e600995d 100644
--- a/metadata-templates/shib13-idp-hosted.php
+++ b/metadata-templates/shib13-idp-hosted.php
@@ -1,15 +1,26 @@
<?php
/*
- * SAML 2.0 Meta data for simpleSAMLphp
+ * Shibboleth 1.3 IdP Meta data for simpleSAMLphp
+ *
+ *
*
*/
$metadata = array(
- 'feide.erlang.no-shib13' => array(
- 'issuer' => 'feide.erlang.no',
- 'assertionDurationMinutes' => 10,
- 'audience' => 'urn:mace:feide:shiblab'
+ 'dev3.andreas.feide.no' => array(
+ 'issuer' => 'dev3.andreas.feide.no',
+ 'host' => 'dev3.andreas.feide.no',
+ 'audience' => 'urn:mace:feide:shiblab',
+
+ 'base64' => false,
+
+ // X.509 key and certificate. Relative to the cert directory.
+ 'privatekey' => 'server.pem',
+ 'certificate' => 'server.crt',
+
+ // Authentication plugin to use. login.php is the default one that uses LDAP.
+ 'auth' => 'auth/login.php'
)
);
diff --git a/metadata-templates/shib13-sp-remote.php b/metadata-templates/shib13-sp-remote.php
index f79d904bf87f75deadd7b170b4190bbdbcc09dec..e44d5b0002c07a949d001b8a5813acfb222b6181 100644
--- a/metadata-templates/shib13-sp-remote.php
+++ b/metadata-templates/shib13-sp-remote.php
@@ -1,6 +1,9 @@
<?php
/*
- * SAML 2.0 Meta data for simpleSAMLphp
+ * Shibboleth 1.3 Meta data for simpleSAMLphp
+ *
+ *
+ *
*
*/
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
new file mode 100644
index 0000000000000000000000000000000000000000..5a8d2ae46cd80fe90d3fdfc5d2eea30a9706bf92
--- /dev/null
+++ b/www/shib13/idp/SSOService.php
@@ -0,0 +1,150 @@
+<?php
+
+
+require_once('../../../www/_include.php');
+
+
+require_once('SimpleSAML/Utilities.php');
+require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/XML/MetaDataStore.php');
+require_once('SimpleSAML/XML/Shib13/AuthnRequest.php');
+require_once('SimpleSAML/XML/Shib13/AuthnResponse.php');
+require_once('SimpleSAML/Bindings/Shib13/HTTPPost.php');
+
+//require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
+//require_once('SimpleSAML/XML/SAML20/AuthnResponse.php');
+//require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
+//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
+
+require_once('SimpleSAML/XHTML/Template.php');
+
+
+session_start();
+
+$config = SimpleSAML_Configuration::getInstance();
+$metadata = new SimpleSAML_XML_MetaDataStore($config);
+
+$idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
+$idpmeta = $metadata->getMetaDataCurrent('shib13-idp-hosted');
+
+$requestid = null;
+$session = null;
+
+
+if (isset($_GET['shire'])) {
+
+
+ try {
+ $authnrequest = new SimpleSAML_XML_Shib13_AuthnRequest($config, $metadata);
+ $authnrequest->parseGet($_GET);
+
+ $session = $authnrequest->createSession();
+
+ $requestid = $authnrequest->getRequestID();
+
+ //$session->setShibAuthnRequest($authnrequest);
+
+
+
+
+ } catch(Exception $exception) {
+
+ $et = new SimpleSAML_XHTML_Template($config, 'error.php');
+
+ $et->data['header'] = 'Error getting incomming request';
+ $et->data['message'] = 'Something bad happened when simpleSAML got the incomming authentication request';
+ $et->data['e'] = $exception;
+
+ $et->show();
+
+ }
+
+} elseif(isset($_GET['RequestID'])) {
+
+
+
+ try {
+
+ $requestid = $_GET['RequestID'];
+ $session = SimpleSAML_Session::getInstance();
+ $authnrequest = $session->getShibAuthnRequest();
+
+ if (!$authnrequest) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
+
+ } catch(Exception $exception) {
+
+ $et = new SimpleSAML_XHTML_Template($config, 'error.php');
+
+ $et->data['header'] = 'Error retrieving authnrequest cache';
+ $et->data['message'] = 'simpleSAML cannot find the authnrequest that it earlier stored.';
+ $et->data['e'] = $exception;
+
+ $et->show();
+
+ }
+
+
+ /*
+ $authnrequest = new SimpleSAML_XML_SAML20_AuthnRequest($config, $metadata);
+ $authnrequest->setXML($authnrequestXML);
+ */
+
+
+
+} else {
+
+ echo 'You must either provide a SAML Request message or a RequestID on this interface.';
+ exit(0);
+
+}
+
+
+
+
+if (!$session->isAuthenticated() ) {
+
+ $relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid);
+ $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'],
+ 'RelayState=' . urlencode($relaystate));
+ header('Location: ' . $authurl);
+ exit(0);
+} else {
+
+ try {
+
+ //$session->add_sp_session($authnrequest->getIssuer());
+
+
+ //$session->setAttribute('eduPersonAffiliation', array('student'));
+
+ $ar = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata);
+ $authnResponseXML = $ar->generate($idpentityid, $authnrequest->getIssuer(),
+ $requestid, null, $session->getAttributes());
+
+ #echo $authnResponseXML;
+ #print_r($authnResponseXML);
+
+ //sendResponse($response, $idpentityid, $spentityid, $relayState = null) {
+ $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
+
+ //echo 'Relaystate[' . $authnrequest->getRelayState() . ']';
+
+ $httppost->sendResponse($authnResponseXML,
+ $idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState());
+
+ } catch(Exception $exception) {
+
+ $et = new SimpleSAML_XHTML_Template($config, 'error.php');
+
+ $et->data['header'] = 'Error sending response to service';
+ $et->data['message'] = 'Some error occured when trying to issue the authentication response, and send it back to the SP.';
+ $et->data['e'] = $exception;
+
+ $et->show();
+
+ }
+
+}
+
+
+?>
\ No newline at end of file