Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
simplesamlphp
Manage
Activity
Members
Labels
Plan
Jira
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
This is an archived project. Repository and other project resources are read-only.
Show more breadcrumbs
Perun
Perun ProxyIdP
v1
simplesamlphp
Commits
f1a4a2f0
Commit
f1a4a2f0
authored
9 years ago
by
Jaime Perez Crespo
Browse files
Options
Downloads
Patches
Plain Diff
Reformat SimpleSAML_Bindings_Shib13_HTTPPost.
parent
ca77216e
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+139
-114
139 additions, 114 deletions
lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
with
139 additions
and
114 deletions
lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+
139
−
114
View file @
f1a4a2f0
<?php
/**
* Implementation of the Shibboleth 1.3 HTTP-POST binding.
*
* @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
class
SimpleSAML_Bindings_Shib13_HTTPPost
{
private
$configuration
=
null
;
private
$metadata
=
null
;
function
__construct
(
SimpleSAML_Configuration
$configuration
,
SimpleSAML_Metadata_MetaDataStorageHandler
$metadatastore
)
{
$this
->
configuration
=
$configuration
;
$this
->
metadata
=
$metadatastore
;
}
/**
* Send an authenticationResponse using HTTP-POST.
*
* @param string $response The response which should be sent.
* @param SimpleSAML_Configuration $idpmd The metadata of the IdP which is sending the response.
* @param SimpleSAML_Configuration $spmd The metadata of the SP which is receiving the response.
* @param string|null $relayState The relaystate for the SP.
* @param string $shire The shire which should receive the response.
*/
public
function
sendResponse
(
$response
,
SimpleSAML_Configuration
$idpmd
,
SimpleSAML_Configuration
$spmd
,
$relayState
,
$shire
)
{
\SimpleSAML\Utils\XML
::
checkSAMLMessage
(
$response
,
'saml11'
);
$privatekey
=
SimpleSAML\Utils\Crypto
::
loadPrivateKey
(
$idpmd
,
TRUE
);
$publickey
=
SimpleSAML\Utils\Crypto
::
loadPublicKey
(
$idpmd
,
TRUE
);
$responsedom
=
new
DOMDocument
();
$responsedom
->
loadXML
(
str_replace
(
"
\r
"
,
""
,
$response
));
$responseroot
=
$responsedom
->
getElementsByTagName
(
'Response'
)
->
item
(
0
);
$firstassertionroot
=
$responsedom
->
getElementsByTagName
(
'Assertion'
)
->
item
(
0
);
/* Determine what we should sign - either the Response element or the Assertion. The default
* is to sign the Assertion, but that can be overridden by the 'signresponse' option in the
* SP metadata or 'saml20.signresponse' in the global configuration.
*
* TODO: neither 'signresponse' nor 'shib13.signresponse' are valid options any longer. Remove!
*/
$signResponse
=
FALSE
;
if
(
$spmd
->
hasValue
(
'signresponse'
))
{
$signResponse
=
$spmd
->
getBoolean
(
'signresponse'
);
}
else
{
$signResponse
=
$this
->
configuration
->
getBoolean
(
'shib13.signresponse'
,
TRUE
);
}
/* Check if we have an assertion to sign. Force to sign the response if not. */
if
(
$firstassertionroot
===
NULL
)
{
$signResponse
=
TRUE
;
}
$signer
=
new
SimpleSAML_XML_Signer
(
array
(
'privatekey_array'
=>
$privatekey
,
'publickey_array'
=>
$publickey
,
'id'
=>
(
$signResponse
?
'ResponseID'
:
'AssertionID'
)
,
));
if
(
$idpmd
->
hasValue
(
'certificatechain'
))
{
$signer
->
addCertificate
(
$idpmd
->
getString
(
'certificatechain'
));
}
if
(
$signResponse
)
{
/* Sign the response - this must be done after encrypting the assertion. */
/* We insert the signature before the saml2p:Status element. */
$statusElements
=
SimpleSAML\Utils\XML
::
getDOMChildren
(
$responseroot
,
'Status'
,
'@saml1p'
);
assert
(
'count($statusElements) === 1'
);
$signer
->
sign
(
$responseroot
,
$responseroot
,
$statusElements
[
0
]);
}
else
{
/* Sign the assertion */
$signer
->
sign
(
$firstassertionroot
,
$firstassertionroot
);
}
$response
=
$responsedom
->
saveXML
();
\SimpleSAML\Utils\XML
::
debugSAMLMessage
(
$response
,
'out'
);
\SimpleSAML\Utils\HTTP
::
submitPOSTData
(
$shire
,
array
(
'TARGET'
=>
$relayState
,
'SAMLResponse'
=>
base64_encode
(
$response
),
));
}
/**
* Decode a received response.
*
* @param array $post POST data received.
* @return SimpleSAML_XML_Shib13_AuthnResponse The response decoded into an object.
*/
public
function
decodeResponse
(
$post
)
{
assert
(
'is_array($post)'
);
if
(
!
array_key_exists
(
'SAMLResponse'
,
$post
))
{
throw
new
Exception
(
'Missing required SAMLResponse parameter.'
);
}
$rawResponse
=
$post
[
'SAMLResponse'
];
$samlResponseXML
=
base64_decode
(
$rawResponse
);
\SimpleSAML\Utils\XML
::
debugSAMLMessage
(
$samlResponseXML
,
'in'
);
\SimpleSAML\Utils\XML
::
checkSAMLMessage
(
$samlResponseXML
,
'saml11'
);
$samlResponse
=
new
SimpleSAML_XML_Shib13_AuthnResponse
();
$samlResponse
->
setXML
(
$samlResponseXML
);
if
(
array_key_exists
(
'TARGET'
,
$post
))
{
$samlResponse
->
setRelayState
(
$post
[
'TARGET'
]);
}
return
$samlResponse
;
}
class
SimpleSAML_Bindings_Shib13_HTTPPost
{
/**
* @var SimpleSAML_Configuration
*/
private
$configuration
=
null
;
/**
* @var SimpleSAML_Metadata_MetaDataStorageHandler
*/
private
$metadata
=
null
;
/**
* Constructor for the SimpleSAML_Bindings_Shib13_HTTPPost class.
*
* @param SimpleSAML_Configuration $configuration The configuration to use.
* @param SimpleSAML_Metadata_MetaDataStorageHandler $metadatastore A store where to find metadata.
*/
public
function
__construct
(
SimpleSAML_Configuration
$configuration
,
SimpleSAML_Metadata_MetaDataStorageHandler
$metadatastore
)
{
$this
->
configuration
=
$configuration
;
$this
->
metadata
=
$metadatastore
;
}
/**
* Send an authenticationResponse using HTTP-POST.
*
* @param string $response The response which should be sent.
* @param SimpleSAML_Configuration $idpmd The metadata of the IdP which is sending the response.
* @param SimpleSAML_Configuration $spmd The metadata of the SP which is receiving the response.
* @param string|null $relayState The relaystate for the SP.
* @param string $shire The shire which should receive the response.
*/
public
function
sendResponse
(
$response
,
SimpleSAML_Configuration
$idpmd
,
SimpleSAML_Configuration
$spmd
,
$relayState
,
$shire
)
{
\SimpleSAML\Utils\XML
::
checkSAMLMessage
(
$response
,
'saml11'
);
$privatekey
=
SimpleSAML\Utils\Crypto
::
loadPrivateKey
(
$idpmd
,
true
);
$publickey
=
SimpleSAML\Utils\Crypto
::
loadPublicKey
(
$idpmd
,
true
);
$responsedom
=
new
DOMDocument
();
$responsedom
->
loadXML
(
str_replace
(
"
\r
"
,
""
,
$response
));
$responseroot
=
$responsedom
->
getElementsByTagName
(
'Response'
)
->
item
(
0
);
$firstassertionroot
=
$responsedom
->
getElementsByTagName
(
'Assertion'
)
->
item
(
0
);
/* Determine what we should sign - either the Response element or the Assertion. The default is to sign the
* Assertion, but that can be overridden by the 'signresponse' option in the SP metadata or
* 'saml20.signresponse' in the global configuration.
*
* TODO: neither 'signresponse' nor 'shib13.signresponse' are valid options any longer. Remove!
*/
if
(
$spmd
->
hasValue
(
'signresponse'
))
{
$signResponse
=
$spmd
->
getBoolean
(
'signresponse'
);
}
else
{
$signResponse
=
$this
->
configuration
->
getBoolean
(
'shib13.signresponse'
,
true
);
}
// check if we have an assertion to sign. Force to sign the response if not
if
(
$firstassertionroot
===
null
)
{
$signResponse
=
true
;
}
$signer
=
new
SimpleSAML_XML_Signer
(
array
(
'privatekey_array'
=>
$privatekey
,
'publickey_array'
=>
$publickey
,
'id'
=>
(
$signResponse
?
'ResponseID'
:
'AssertionID'
),
));
if
(
$idpmd
->
hasValue
(
'certificatechain'
))
{
$signer
->
addCertificate
(
$idpmd
->
getString
(
'certificatechain'
));
}
if
(
$signResponse
)
{
// sign the response - this must be done after encrypting the assertion
// we insert the signature before the saml2p:Status element
$statusElements
=
SimpleSAML\Utils\XML
::
getDOMChildren
(
$responseroot
,
'Status'
,
'@saml1p'
);
assert
(
'count($statusElements) === 1'
);
$signer
->
sign
(
$responseroot
,
$responseroot
,
$statusElements
[
0
]);
}
else
{
/* Sign the assertion */
$signer
->
sign
(
$firstassertionroot
,
$firstassertionroot
);
}
$response
=
$responsedom
->
saveXML
();
\SimpleSAML\Utils\XML
::
debugSAMLMessage
(
$response
,
'out'
);
\SimpleSAML\Utils\HTTP
::
submitPOSTData
(
$shire
,
array
(
'TARGET'
=>
$relayState
,
'SAMLResponse'
=>
base64_encode
(
$response
),
));
}
/**
* Decode a received response.
*
* @param array $post POST data received.
*
* @return SimpleSAML_XML_Shib13_AuthnResponse The response decoded into an object.
*
* @throws Exception If there is no SAMLResponse parameter.
*/
public
function
decodeResponse
(
$post
)
{
assert
(
'is_array($post)'
);
if
(
!
array_key_exists
(
'SAMLResponse'
,
$post
))
{
throw
new
Exception
(
'Missing required SAMLResponse parameter.'
);
}
$rawResponse
=
$post
[
'SAMLResponse'
];
$samlResponseXML
=
base64_decode
(
$rawResponse
);
\SimpleSAML\Utils\XML
::
debugSAMLMessage
(
$samlResponseXML
,
'in'
);
\SimpleSAML\Utils\XML
::
checkSAMLMessage
(
$samlResponseXML
,
'saml11'
);
$samlResponse
=
new
SimpleSAML_XML_Shib13_AuthnResponse
();
$samlResponse
->
setXML
(
$samlResponseXML
);
if
(
array_key_exists
(
'TARGET'
,
$post
))
{
$samlResponse
->
setRelayState
(
$post
[
'TARGET'
]);
}
return
$samlResponse
;
}
}
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment