From d7854824eaf0e67ca438369be4d9d70d6d830aab Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 12 Nov 2009 14:43:03 +0000
Subject: [PATCH] SAML2_AuthnRequest: Support for RequestedAuthnContext.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1983 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SAML2/AuthnRequest.php | 71 +++++++++++++++++++++++++++++++++++++-
1 file changed, 70 insertions(+), 1 deletion(-)
diff --git a/lib/SAML2/AuthnRequest.php b/lib/SAML2/AuthnRequest.php
index a442dd640..094a0e4bd 100644
--- a/lib/SAML2/AuthnRequest.php
+++ b/lib/SAML2/AuthnRequest.php
@@ -53,6 +53,18 @@ class SAML2_AuthnRequest extends SAML2_Request {
private $protocolBinding;
+ /**
+ * What authentication context was requested.
+ *
+ * Array with the following elements.
+ * - AuthnContextClassRef (required)
+ * - Comparison (optinal)
+ *
+ * @var array
+ */
+ private $requestedAuthnContext;
+
+
/**
* Constructor for SAML 2 authentication request messages.
*
@@ -94,7 +106,28 @@ class SAML2_AuthnRequest extends SAML2_Request {
$this->nameIdPolicy['AllowCreate'] = SAML2_Utils::parseBoolean($nameIdPolicy, 'AllowCreate', FALSE);
}
}
-
+
+ $requestedAuthnContext = SAML2_Utils::xpQuery($xml, './saml_protocol:RequestedAuthnContext');
+ if (!empty($requestedAuthnContext)) {
+ $requestedAuthnContext = $requestedAuthnContext[0];
+
+ $rac = array(
+ 'AuthnContextClassRef' => array(),
+ 'Comparison' => 'exact',
+ );
+
+ $accr = SAML2_Utils::xpQuery($requestedAuthnContext, './saml_assertion:AuthnContextClassRef');
+ foreach ($accr as $i) {
+ $rac['AuthnContextClassRef'][] = trim($i->textContent);
+ }
+
+ if ($requestedAuthnContext->hasAttribute('Comparison')) {
+ $rac['Comparison'] = $requestedAuthnContext->getAttribute('Comparison');
+ }
+
+ $this->requestedAuthnContext = $rac;
+ }
+
$idpEntries = SAML2_Utils::xpQuery($xml, './saml_protocol:Scoping/saml_protocol:IDPList/saml_protocol:IDPEntry');
foreach($idpEntries as $idpEntry) {
@@ -246,6 +279,28 @@ class SAML2_AuthnRequest extends SAML2_Request {
}
+ /**
+ * Retrieve the RequestedAuthnContext.
+ *
+ * @return array|NULL The RequestedAuthnContext.
+ */
+ public function getRequestedAuthnContext() {
+ return $this->requestedAuthnContext;
+ }
+
+
+ /**
+ * Set the RequestedAuthnContext.
+ *
+ * @param array|NULL $requestedAuthnContext The RequestedAuthnContext.
+ */
+ public function setRequestedAuthnContext($requestedAuthnContext) {
+ assert('is_array($requestedAuthnContext) || is_null($requestedAuthnContext)');
+
+ $this->requestedAuthnContext = $requestedAuthnContext;
+ }
+
+
/**
* Convert this authentication request to an XML element.
*
@@ -285,6 +340,20 @@ class SAML2_AuthnRequest extends SAML2_Request {
$root->appendChild($nameIdPolicy);
}
+ $rac = $this->requestedAuthnContext;
+ if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) {
+ $e = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'RequestedAuthnContext');
+ $root->appendChild($e);
+ if (isset($rac['Comparison']) && $rac['Comparison'] !== 'exact') {
+ $e->setAttribute('Comparison', $rac['Comparison']);
+ }
+ foreach ($rac['AuthnContextClassRef'] as $accr) {
+ $i = $this->document->createElementNS(SAML2_Const::NS_SAML, 'AuthnContextClassRef');
+ $i->appendChild($this->document->createTextNode($accr));
+ $e->appendChild($i);
+ }
+ }
+
if (count($this->IDPList) > 0) {
$scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping');
$idplist = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPList');
--
GitLab