diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php index 8d68c99f71007de1d05db650ba2a7b7fbace671e..6845a0e6de9a913d8035a8f82da9ea706120f9d3 100644 --- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php @@ -76,10 +76,11 @@ class SimpleSAML_Bindings_SAML20_HTTPPost { /* $privatekey = "/home/as/erlang/feide2/cert/edugain/server1Key.pem"; $publiccert = "/home/as/erlang/feide2/cert/edugain/server2chain.pem"; - */ + $privatekey = "/home/as/erlang/feide2/cert/server.pem"; $publiccert = "/home/as/erlang/feide2/cert/server.crt"; + */ $privatekey = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['privatekey']; $publiccert = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['certificate']; diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php index cbe2a19a3d0f026f39f70b7c74017d72cb25d619..21409b26d24d7b392d5cec34fa6bf3421b7bf97d 100644 --- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php @@ -68,18 +68,14 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { public function sendResponse($response, $idpentityid, $spentityid, $relayState = null) { - $idpmd = $this->metadata->getMetaData($idpentityid, 'saml20-idp-hosted'); - $spmd = $this->metadata->getMetaData($spentityid, 'saml20-sp-remote'); + $idpmd = $this->metadata->getMetaData($idpentityid, 'shib13-idp-hosted'); + $spmd = $this->metadata->getMetaData($spentityid, 'shib13-sp-remote'); - $destination = $spmd['assertionConsumerServiceURL']; + $destination = $spmd['shire']; - /* - $privatekey = "/home/as/erlang/feide2/cert/edugain/server1Key.pem"; - $publiccert = "/home/as/erlang/feide2/cert/edugain/server2chain.pem"; - */ + $privatekey = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['privatekey']; + $publiccert = $this->configuration->getValue('basedir') . '/cert/' . $idpmd['certificate']; - $privatekey = "/home/as/erlang/feide2/cert/server.pem"; - $publiccert = "/home/as/erlang/feide2/cert/server.crt"; /* @@ -87,7 +83,8 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { */ $objXMLSecDSig = new XMLSecurityDSig(); //$objXMLSecDSig->idKeys[] = 'ResponseID'; - #$objXMLSecDSig->idKeys = array('ResponseID'); + + $objXMLSecDSig->idKeys = array('ResponseID'); $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); @@ -99,9 +96,9 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { //$assertionroot = $responsedom->getElementsByTagName('Assertion')->item(1); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); - #$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')); - $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', - 'http://www.w3.org/2001/10/xml-exc-c14n#')); + $objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID'); + #$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', + # 'http://www.w3.org/2001/10/xml-exc-c14n#')); #$objXMLSecDSig->addRefInternal($responseroot, $responseroot, XMLSecurityDSig::SHA1); @@ -128,7 +125,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { */ - $objXMLSecDSig->appendSignature($firstassertionroot, true); + $objXMLSecDSig->appendSignature($responseroot, false); $response = $responsedom->saveXML(); diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 03befb7c6c8787e8c63bacb84e5c5584f7f512f4..db523b01931796bdf63c02fbefbb0a1b5dba27df 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -34,6 +34,8 @@ class SimpleSAML_Session { private $configuration = null; private $authnrequests = array(); + private $shibauthreq = null; + private $authnresponse = null; private $logoutrequest = null; @@ -61,6 +63,7 @@ class SimpleSAML_Session { $this->protocol = $protocol; $this->authnresponse = $message; + $this->authenticated = $authenticated; if ($authenticated) { $this->sessionstarted = time(); @@ -119,6 +122,14 @@ class SimpleSAML_Session { $_SESSION['SimpleSAMLphp_SESSION'] = self::$instance; } } + + public function setShibAuthnRequest(SimpleSAML_XML_Shib13_AuthnRequest $req) { + $this->shibauthreq = $req; + } + + public function getShibAuthnRequest() { + return $this->shibauthreq; + } public function setAuthnRequest($requestid, SimpleSAML_XML_SAML20_AuthnRequest $xml) { $this->authnrequests[$requestid] = $xml; @@ -218,6 +229,10 @@ class SimpleSAML_Session { $this->attributes = $attributes; } + public function setAttribute($name, $value) { + $this->attributes[$name] = $value; + } + } ?> \ No newline at end of file diff --git a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php index ef7c0c9aa034b0af09f749899da580df8e7c7a3b..6d12ae978634bf514ad6ac38ee19b4ebab10be35 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php @@ -34,6 +34,8 @@ class SimpleSAML_XML_Shib13_AuthnRequest { function __construct(SimpleSAML_Configuration $configuration, SimpleSAML_XML_MetaDataStore $metadatastore) { $this->configuration = $configuration; $this->metadata = $metadatastore; + + $this->requestid = $this->generateID(); } public function setRelayState($relayState) { @@ -54,7 +56,13 @@ class SimpleSAML_XML_Shib13_AuthnRequest { public function parseGet($get) { - return null; + if (!isset($get['shire'])) throw new Exception('Could not read shire parameter from HTTP GET request'); + if (!isset($get['providerId'])) throw new Exception('Could not read providerId parameter from HTTP GET request'); + if (!isset($get['target'])) throw new Exception('Could not read target parameter from HTTP GET request'); + + $this->setIssuer($get['providerId']); + $this->setRelayState($get['target']); + } public function setNewRequestID() { @@ -70,11 +78,11 @@ class SimpleSAML_XML_Shib13_AuthnRequest { $session = SimpleSAML_Session::getInstance(); if (!isset($session)) { - SimpleSAML_Session::init(self::PROTOCOL); + SimpleSAML_Session::init(self::PROTOCOL, null, false); $session = SimpleSAML_Session::getInstance(); } - $session->setAuthnRequest($this->getRequestID(), $this); + $session->setShibAuthnRequest($this); /* if (isset($this->relayState)) { diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php index 22412500c8d8432a5520edbc4447ddfc637b6ad4..98a029550c5ca6b3dc4867d367c01a34cfd9b11e 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php @@ -319,15 +319,15 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse { //echo 'idp:' . $idpentityid . ' sp:' . $spentityid .' inresponseto:' . $inresponseto . ' namid:' . $nameid; - $idpmd = $this->metadata->getMetaData($idpentityid, 'saml20-idp-hosted'); - $spmd = $this->metadata->getMetaData($spentityid, 'saml20-sp-remote'); + $idpmd = $this->metadata->getMetaData($idpentityid, 'shib13-idp-hosted'); + $spmd = $this->metadata->getMetaData($spentityid, 'shib13-sp-remote'); $id = self::generateID(); $issueInstant = self::generateIssueInstant(); $assertionExpire = self::generateIssueInstant(60 * 5); # 5 minutes $assertionid = self::generateID(); - $sessionindex = self::generateID(); + if (is_null($nameid)) { $nameid = self::generateID(); @@ -335,63 +335,82 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse { $issuer = $idpentityid; - $assertionConsumerServiceURL = $spmd['assertionConsumerServiceURL']; - $spNameQualifier = $spmd['spNameQualifier']; - - $destination = $spmd['assertionConsumerServiceURL']; + $shire = $spmd['shire']; + $audience = $spmd['audience']; + $spnamequalifier = $spmd['spnamequalifier']; + $base64 = $idpmd['base64']; $encodedattributes = ''; - foreach ($attributes AS $name => $value) { - $encodedattributes .= $this->enc_attribute($name, $value[0], true); + + if (is_array($attributes)) { + + $encodedattributes .= '<AttributeStatement> + <Subject> + <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="' . $spnamequalifier . '" + >' . $nameid . '</NameIdentifier> + </Subject>'; + + foreach ($attributes AS $name => $value) { + $encodedattributes .= $this->enc_attribute($name, $value[0], $base64); + } + + $encodedattributes .= '</AttributeStatement>'; } - $authnResponse = '<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" - ID="' . $id . '" - InResponseTo="' . $inresponseto. '" Version="2.0" - IssueInstant="' . $issueInstant . '" - Destination="' . $destination . '"> - <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . $issuer . '</saml:Issuer> - <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> - <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" - Value="urn:oasis:names:tc:SAML:2.0:status:Success"> </samlp:StatusCode> - </samlp:Status> - <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" - ID="' . $assertionid . '" IssueInstant="' . $issueInstant . '"> - <saml:Issuer>' . $issuer . '</saml:Issuer> - <saml:Subject> - <saml:NameID NameQualifier="' . $issuer . '" SPNameQualifier="'. $spentityid. '" - Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" - >' . $nameid. '</saml:NameID> - <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> - <saml:SubjectConfirmationData NotOnOrAfter="' . $assertionExpire . '" - InResponseTo="' . $inresponseto. '" - Recipient="' . $destination . '"/> - </saml:SubjectConfirmation> - </saml:Subject> - <saml:Conditions NotBefore="' . $issueInstant. '" NotOnOrAfter="' . $assertionExpire. '"> - <saml:AudienceRestriction> - <saml:Audience>' . $spentityid . '</saml:Audience> - </saml:AudienceRestriction> - </saml:Conditions> - <saml:AuthnStatement AuthnInstant="' . $issueInstant . '" - SessionIndex="' . $sessionindex . '"> - <saml:AuthnContext> - <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef> - </saml:AuthnContext> - </saml:AuthnStatement> - <saml:AttributeStatement> - ' . $encodedattributes . ' - </saml:AttributeStatement> - </saml:Assertion> -</samlp:Response> -'; + + + /* + * The SAML 1.1 response message + */ + $response = '<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" + xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" + xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="' . $issueInstant. '" + MajorVersion="1" MinorVersion="1" + Recipient="' . $shire . '" + ResponseID="' . $id . '"> + +<Status> + <StatusCode Value="samlp:Success"> + <StatusCode xmlns:code="urn:geant2:edugain:protocol" Value="code:Accepted"/> + </StatusCode> + </Status> + <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" + AssertionID="' . $assertionid . '" IssueInstant="' . $issueInstant. '" + Issuer="' . $issuer . '" MajorVersion="1" MinorVersion="1"> + <Conditions NotBefore="' . $issueInstant. '" NotOnOrAfter="'. $assertionExpire . '"> + <AudienceRestrictionCondition> + <Audience>' . $audience . '</Audience> + </AudienceRestrictionCondition> + </Conditions> + <AuthenticationStatement AuthenticationInstant="' . $issueInstant. '" + AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"> + <Subject> + <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="' . $spnamequalifier . '" + >' . $nameid . '</NameIdentifier> + <SubjectConfirmation> + <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod> + </SubjectConfirmation> + </Subject> + </AuthenticationStatement> + + ' . $encodedattributes . ' + </Assertion> +</Response>'; - return $authnResponse; + return $response; } + + private function enc_attribute($name, $value, $base64 = false) { + return '<Attribute AttributeName="' . $name . '" + AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"> + <AttributeValue>' . ($base64 ? base64_encode($value) : htmlspecialchars($value) ) . '</AttributeValue> + </Attribute>'; + } } diff --git a/lib/xmlseclibs.php b/lib/xmlseclibs.php index f441eafd9040959ed0bb4aaa72a5bb00fe513911..18807ca2e8b17d9ab00da8bbc5fc8e1b2516ce43 100644 --- a/lib/xmlseclibs.php +++ b/lib/xmlseclibs.php @@ -811,10 +811,10 @@ class XMLSecurityDSig { return TRUE; } - private function addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=NULL, $options=NULL) { + private function addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=NULL, $options=NULL, $id_name = 'ID') { $prefix = NULL; $prefix_ns = NULL; - $id_name = 'ID'; + if (is_array($options)) { $prefix = empty($options['prefix'])?NULL:$options['prefix']; @@ -868,23 +868,23 @@ class XMLSecurityDSig { $refNode->appendChild($digestValue); } - public function addReference($node, $algorithm, $arTransforms=NULL, $options=NULL) { + public function addReference($node, $algorithm, $arTransforms=NULL, $options=NULL, $idname = 'ID') { if ($xpath = $this->getXPathObj()) { $query = "./secdsig:SignedInfo"; $nodeset = $xpath->query($query, $this->sigNode); if ($sInfo = $nodeset->item(0)) { - $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options, $idname); } } } - public function addReferenceList($arNodes, $algorithm, $arTransforms=NULL, $options=NULL) { + public function addReferenceList($arNodes, $algorithm, $arTransforms=NULL, $options=NULL, $idname = 'ID') { if ($xpath = $this->getXPathObj()) { $query = "./secdsig:SignedInfo"; $nodeset = $xpath->query($query, $this->sigNode); if ($sInfo = $nodeset->item(0)) { foreach ($arNodes AS $node) { - $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options); + $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options, $idname); } } } @@ -979,7 +979,50 @@ class XMLSecurityDSig { $objKey->serializeKey($parent); } - public function appendSignature($parentNode, $insertBefore = FALSE, $assertion = false) { + + public function appendSignatureShib($parentNode, $insertBefore = FALSE, $assertion = false) { + $baseDoc = ($parentNode instanceof DOMDocument)?$parentNode:$parentNode->ownerDocument; + $newSig = $baseDoc->importNode($this->sigNode, TRUE); + + + + $xnode = null; + + $xpath = new DOMXPath($baseDoc); + $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS); + $xpath->registerNamespace('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); + $xpath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); + + + if ($insertBefore && !$assertion) { + + $query = "//samlp:Status"; + $nodeset = $xpath->query($query, $parentNode); + + $xnode = $nodeset->item(0); + if (!$xnode) + throw new Exception("Could not find node to sign before (Root signing mode)"); + + $parentNode->insertBefore($newSig, $xnode); + + } elseif ($insertBefore) { + + $query = "//saml:Assertion/saml:Subject"; + $nodeset = $xpath->query($query, $parentNode); + + $xnode = $nodeset->item(0); + if (!$xnode) + throw new Exception("Could not find node to sign before (Assertion signing mode)"); + + $parentNode->insertBefore($newSig, $xnode); + } else { + $parentNode->appendChild($newSig); + } + } + + + + public function appendSignature($parentNode, $insertBefore = false, $assertion = false) { $baseDoc = ($parentNode instanceof DOMDocument)?$parentNode:$parentNode->ownerDocument; $newSig = $baseDoc->importNode($this->sigNode, TRUE); diff --git a/metadata-templates/shib13-idp-hosted.php b/metadata-templates/shib13-idp-hosted.php index ce175ddb88481d08e3581d3fac35b9a398a466d6..80c1c6b91b4428b4e95ad692d5c82819e600995d 100644 --- a/metadata-templates/shib13-idp-hosted.php +++ b/metadata-templates/shib13-idp-hosted.php @@ -1,15 +1,26 @@ <?php /* - * SAML 2.0 Meta data for simpleSAMLphp + * Shibboleth 1.3 IdP Meta data for simpleSAMLphp + * + * * */ $metadata = array( - 'feide.erlang.no-shib13' => array( - 'issuer' => 'feide.erlang.no', - 'assertionDurationMinutes' => 10, - 'audience' => 'urn:mace:feide:shiblab' + 'dev3.andreas.feide.no' => array( + 'issuer' => 'dev3.andreas.feide.no', + 'host' => 'dev3.andreas.feide.no', + 'audience' => 'urn:mace:feide:shiblab', + + 'base64' => false, + + // X.509 key and certificate. Relative to the cert directory. + 'privatekey' => 'server.pem', + 'certificate' => 'server.crt', + + // Authentication plugin to use. login.php is the default one that uses LDAP. + 'auth' => 'auth/login.php' ) ); diff --git a/metadata-templates/shib13-sp-remote.php b/metadata-templates/shib13-sp-remote.php index f79d904bf87f75deadd7b170b4190bbdbcc09dec..e44d5b0002c07a949d001b8a5813acfb222b6181 100644 --- a/metadata-templates/shib13-sp-remote.php +++ b/metadata-templates/shib13-sp-remote.php @@ -1,6 +1,9 @@ <?php /* - * SAML 2.0 Meta data for simpleSAMLphp + * Shibboleth 1.3 Meta data for simpleSAMLphp + * + * + * * */ diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php new file mode 100644 index 0000000000000000000000000000000000000000..5a8d2ae46cd80fe90d3fdfc5d2eea30a9706bf92 --- /dev/null +++ b/www/shib13/idp/SSOService.php @@ -0,0 +1,150 @@ +<?php + + +require_once('../../../www/_include.php'); + + +require_once('SimpleSAML/Utilities.php'); +require_once('SimpleSAML/Session.php'); +require_once('SimpleSAML/XML/MetaDataStore.php'); +require_once('SimpleSAML/XML/Shib13/AuthnRequest.php'); +require_once('SimpleSAML/XML/Shib13/AuthnResponse.php'); +require_once('SimpleSAML/Bindings/Shib13/HTTPPost.php'); + +//require_once('SimpleSAML/XML/SAML20/AuthnRequest.php'); +//require_once('SimpleSAML/XML/SAML20/AuthnResponse.php'); +//require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php'); +//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php'); + +require_once('SimpleSAML/XHTML/Template.php'); + + +session_start(); + +$config = SimpleSAML_Configuration::getInstance(); +$metadata = new SimpleSAML_XML_MetaDataStore($config); + +$idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted'); +$idpmeta = $metadata->getMetaDataCurrent('shib13-idp-hosted'); + +$requestid = null; +$session = null; + + +if (isset($_GET['shire'])) { + + + try { + $authnrequest = new SimpleSAML_XML_Shib13_AuthnRequest($config, $metadata); + $authnrequest->parseGet($_GET); + + $session = $authnrequest->createSession(); + + $requestid = $authnrequest->getRequestID(); + + //$session->setShibAuthnRequest($authnrequest); + + + + + } catch(Exception $exception) { + + $et = new SimpleSAML_XHTML_Template($config, 'error.php'); + + $et->data['header'] = 'Error getting incomming request'; + $et->data['message'] = 'Something bad happened when simpleSAML got the incomming authentication request'; + $et->data['e'] = $exception; + + $et->show(); + + } + +} elseif(isset($_GET['RequestID'])) { + + + + try { + + $requestid = $_GET['RequestID']; + $session = SimpleSAML_Session::getInstance(); + $authnrequest = $session->getShibAuthnRequest(); + + if (!$authnrequest) throw new Exception('Could not retrieve cached RequestID = ' . $requestid); + + } catch(Exception $exception) { + + $et = new SimpleSAML_XHTML_Template($config, 'error.php'); + + $et->data['header'] = 'Error retrieving authnrequest cache'; + $et->data['message'] = 'simpleSAML cannot find the authnrequest that it earlier stored.'; + $et->data['e'] = $exception; + + $et->show(); + + } + + + /* + $authnrequest = new SimpleSAML_XML_SAML20_AuthnRequest($config, $metadata); + $authnrequest->setXML($authnrequestXML); + */ + + + +} else { + + echo 'You must either provide a SAML Request message or a RequestID on this interface.'; + exit(0); + +} + + + + +if (!$session->isAuthenticated() ) { + + $relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid); + $authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'], + 'RelayState=' . urlencode($relaystate)); + header('Location: ' . $authurl); + exit(0); +} else { + + try { + + //$session->add_sp_session($authnrequest->getIssuer()); + + + //$session->setAttribute('eduPersonAffiliation', array('student')); + + $ar = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata); + $authnResponseXML = $ar->generate($idpentityid, $authnrequest->getIssuer(), + $requestid, null, $session->getAttributes()); + + #echo $authnResponseXML; + #print_r($authnResponseXML); + + //sendResponse($response, $idpentityid, $spentityid, $relayState = null) { + $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata); + + //echo 'Relaystate[' . $authnrequest->getRelayState() . ']'; + + $httppost->sendResponse($authnResponseXML, + $idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState()); + + } catch(Exception $exception) { + + $et = new SimpleSAML_XHTML_Template($config, 'error.php'); + + $et->data['header'] = 'Error sending response to service'; + $et->data['message'] = 'Some error occured when trying to issue the authentication response, and send it back to the SP.'; + $et->data['e'] = $exception; + + $et->show(); + + } + +} + + +?> \ No newline at end of file