ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
SimpleSAML_Metadata_SAMLBuilder Class Reference
+ Collaboration diagram for SimpleSAML_Metadata_SAMLBuilder:

Public Member Functions

 __construct ($entityId, $maxCache=null, $maxDuration=null)
 Initialize the SAML builder. More...
 
 getEntityDescriptor ()
 Retrieve the EntityDescriptor element which is generated for this entity. More...
 
 getEntityDescriptorText ($formatted=true)
 Retrieve the EntityDescriptor as text. More...
 
 addSecurityTokenServiceType ($metadata)
 Add a SecurityTokenServiceType for ADFS metadata. More...
 
 addOrganization (array $orgName, array $orgDisplayName, array $orgURL)
 Add an Organization element based on data passed as parameters. More...
 
 addOrganizationInfo (array $metadata)
 Add an Organization element based on metadata array. More...
 
 addMetadata ($set, $metadata)
 Add a specific type of metadata to an entity. More...
 
 addMetadataSP20 ($metadata, $protocols=array(\SAML2\Constants::NS_SAMLP))
 Add SAML 2.0 SP metadata. More...
 
 addMetadataIdP20 ($metadata)
 Add metadata of a SAML 2.0 identity provider. More...
 
 addMetadataSP11 ($metadata)
 Add metadata of a SAML 1.1 service provider. More...
 
 addMetadataIdP11 ($metadata)
 Add metadata of a SAML 1.1 identity provider. More...
 
 addAttributeAuthority (array $metadata)
 Add metadata of a SAML attribute authority. More...
 
 addContact ($type, $details)
 Add contact information. More...
 

Private Member Functions

 setExpiration ($metadata)
 
 addExtensions (SimpleSAML_Configuration $metadata, \SAML2\XML\md\RoleDescriptor $e)
 Add extensions to the metadata. More...
 
 addAttributeConsumingService (\SAML2\XML\md\SPSSODescriptor $spDesc, SimpleSAML_Configuration $metadata)
 Add an AttributeConsumingService element to the metadata. More...
 
 addX509KeyDescriptor (\SAML2\XML\md\RoleDescriptor $rd, $use, $x509data)
 Add a KeyDescriptor with an X509 certificate. More...
 
 addCertificate (\SAML2\XML\md\RoleDescriptor $rd, SimpleSAML_Configuration $metadata)
 Add a certificate. More...
 

Static Private Member Functions

static createEndpoints (array $endpoints, $indexed)
 Add a list of endpoints to metadata. More...
 

Private Attributes

 $entityDescriptor
 
 $maxCache = null
 
 $maxDuration = null
 

Detailed Description

Definition at line 11 of file SAMLBuilder.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Metadata_SAMLBuilder::__construct (   $entityId,
  $maxCache = null,
  $maxDuration = null 
)

Initialize the SAML builder.

Parameters
string$entityIdThe entity id of the entity.
double | null$maxCacheThe maximum time in seconds the metadata should be cached. Defaults to null
double | null$maxDurationThe maximum time in seconds this metadata should be considered valid. Defaults to null.

Definition at line 47 of file SAMLBuilder.php.

48 {
49 assert('is_string($entityId)');
50
51 $this->maxCache = $maxCache;
52 $this->maxDuration = $maxDuration;
53
54 $this->entityDescriptor = new \SAML2\XML\md\EntityDescriptor();
55 $this->entityDescriptor->entityID = $entityId;
56 }
if( $source===null) if(!($source instanceof sspmod_saml_Auth_Source_SP)) $entityId
Definition: metadata.php:22

References $entityId, $maxCache, and $maxDuration.

Member Function Documentation

◆ addAttributeAuthority()

SimpleSAML_Metadata_SAMLBuilder::addAttributeAuthority ( array  $metadata)

Add metadata of a SAML attribute authority.

Parameters
array$metadataThe AttributeAuthorityDescriptor, in the format returned by SimpleSAML_Metadata_SAMLParser.

Definition at line 640 of file SAMLBuilder.php.

641 {
642 assert('is_array($metadata)');
643 assert('isset($metadata["entityid"])');
644 assert('isset($metadata["metadata-set"])');
645
647
648 $e = new \SAML2\XML\md\AttributeAuthorityDescriptor();
649 $e->protocolSupportEnumeration = $metadata->getArray('protocols', array(\SAML2\Constants::NS_SAMLP));
650
651 $this->addExtensions($metadata, $e);
652 $this->addCertificate($e, $metadata);
653
654 $e->AttributeService = self::createEndpoints($metadata->getEndpoints('AttributeService'), false);
655 $e->AssertionIDRequestService = self::createEndpoints(
656 $metadata->getEndpoints('AssertionIDRequestService'),
657 false
658 );
659
660 $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', array());
661
662 $this->entityDescriptor->RoleDescriptor[] = $e;
663 }
$metadata['__DYNAMIC:1__']
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
addExtensions(SimpleSAML_Configuration $metadata, \SAML2\XML\md\RoleDescriptor $e)
Add extensions to the metadata.
addCertificate(\SAML2\XML\md\RoleDescriptor $rd, SimpleSAML_Configuration $metadata)
Add a certificate.
static createEndpoints(array $endpoints, $indexed)
Add a list of endpoints to metadata.

Referenced by addMetadata().

+ Here is the caller graph for this function:

◆ addAttributeConsumingService()

SimpleSAML_Metadata_SAMLBuilder::addAttributeConsumingService ( \SAML2\XML\md\SPSSODescriptor  $spDesc,
SimpleSAML_Configuration  $metadata 
)
private

Add an AttributeConsumingService element to the metadata.

Parameters
\SAML2\XML\md\SPSSODescriptor$spDescThe SPSSODescriptor element.
SimpleSAML_Configuration$metadataThe metadata.

Definition at line 386 of file SAMLBuilder.php.

389 {
390 $attributes = $metadata->getArray('attributes', array());
391 $name = $metadata->getLocalizedString('name', null);
392
393 if ($name === null || count($attributes) == 0) {
394 // we cannot add an AttributeConsumingService without name and attributes
395 return;
396 }
397
398 $attributesrequired = $metadata->getArray('attributes.required', array());
399
400 /*
401 * Add an AttributeConsumingService element with information as name and description and list
402 * of requested attributes
403 */
404 $attributeconsumer = new \SAML2\XML\md\AttributeConsumingService();
405
406 $attributeconsumer->index = 0;
407
408 $attributeconsumer->ServiceName = $name;
409 $attributeconsumer->ServiceDescription = $metadata->getLocalizedString('description', array());
410
411 $nameFormat = $metadata->getString('attributes.NameFormat', \SAML2\Constants::NAMEFORMAT_UNSPECIFIED);
412 foreach ($attributes as $friendlyName => $attribute) {
413 $t = new \SAML2\XML\md\RequestedAttribute();
414 $t->Name = $attribute;
415 if (!is_int($friendlyName)) {
416 $t->FriendlyName = $friendlyName;
417 }
418 if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) {
419 $t->NameFormat = $nameFormat;
420 }
421 if (in_array($attribute, $attributesrequired, true)) {
422 $t->isRequired = true;
423 }
424 $attributeconsumer->RequestedAttribute[] = $t;
425 }
426
427 $spDesc->AttributeConsumingService[] = $attributeconsumer;
428 }
if($format !==null) $name
Definition: metadata.php:146
$attributes

References $attributes, $metadata, $name, and $t.

◆ addCertificate()

SimpleSAML_Metadata_SAMLBuilder::addCertificate ( \SAML2\XML\md\RoleDescriptor  $rd,
SimpleSAML_Configuration  $metadata 
)
private

Add a certificate.

Helper function for adding a certificate to the metadata.

Parameters
\SAML2\XML\md\RoleDescriptor$rdThe RoleDescriptor the certificate should be added to.
SimpleSAML_Configuration$metadataThe metadata of the entity.

Definition at line 755 of file SAMLBuilder.php.

756 {
757 $keys = $metadata->getPublicKeys();
758 if ($keys !== null) {
759 foreach ($keys as $key) {
760 if ($key['type'] !== 'X509Certificate') {
761 continue;
762 }
763 if (!isset($key['signing']) || $key['signing'] === true) {
764 $this->addX509KeyDescriptor($rd, 'signing', $key['X509Certificate']);
765 }
766 if (!isset($key['encryption']) || $key['encryption'] === true) {
767 $this->addX509KeyDescriptor($rd, 'encryption', $key['X509Certificate']);
768 }
769 }
770 }
771
772 if ($metadata->hasValue('https.certData')) {
773 $this->addX509KeyDescriptor($rd, 'signing', $metadata->getString('https.certData'));
774 }
775 }
addX509KeyDescriptor(\SAML2\XML\md\RoleDescriptor $rd, $use, $x509data)
Add a KeyDescriptor with an X509 certificate.
$key
Definition: croninfo.php:18
$keys

Referenced by addSecurityTokenServiceType().

+ Here is the caller graph for this function:

◆ addContact()

SimpleSAML_Metadata_SAMLBuilder::addContact (   $type,
  $details 
)

Add contact information.

Accepts a contact type, and a contact array that must be previously sanitized.

WARNING: This function will change its signature and no longer parse a 'name' element.

Parameters
string$typeThe type of contact. Deprecated.
array$detailsThe details about the contact.
Todo:

Change the signature to remove $type.

Remove the capability to pass a name and parse it inside the method.

Definition at line 679 of file SAMLBuilder.php.

680 {
681 assert('is_string($type)');
682 assert('is_array($details)');
683 assert('in_array($type, array("technical", "support", "administrative", "billing", "other"), TRUE)');
684
685 // TODO: remove this check as soon as getContact() is called always before calling this function
687
688 $e = new \SAML2\XML\md\ContactPerson();
689 $e->contactType = $type;
690
691 if (!empty($details['attributes'])) {
692 $e->ContactPersonAttributes = $details['attributes'];
693 }
694
695 if (isset($details['company'])) {
696 $e->Company = $details['company'];
697 }
698 if (isset($details['givenName'])) {
699 $e->GivenName = $details['givenName'];
700 }
701 if (isset($details['surName'])) {
702 $e->SurName = $details['surName'];
703 }
704
705 if (isset($details['emailAddress'])) {
706 $eas = $details['emailAddress'];
707 if (!is_array($eas)) {
708 $eas = array($eas);
709 }
710 foreach ($eas as $ea) {
711 $e->EmailAddress[] = $ea;
712 }
713 }
714
715 if (isset($details['telephoneNumber'])) {
716 $tlfNrs = $details['telephoneNumber'];
717 if (!is_array($tlfNrs)) {
718 $tlfNrs = array($tlfNrs);
719 }
720 foreach ($tlfNrs as $tlfNr) {
721 $e->TelephoneNumber[] = $tlfNr;
722 }
723 }
724
725 $this->entityDescriptor->ContactPerson[] = $e;
726 }
static getContact($contact)
Parse and sanitize a contact from an array.
Definition: Metadata.php:101
$type

◆ addExtensions()

SimpleSAML_Metadata_SAMLBuilder::addExtensions ( SimpleSAML_Configuration  $metadata,
\SAML2\XML\md\RoleDescriptor  $e 
)
private

Add extensions to the metadata.

Parameters
SimpleSAML_Configuration$metadataThe metadata to get extensions from.
\SAML2\XML\md\RoleDescriptor$eReference to the element where the Extensions element should be included.

Definition at line 140 of file SAMLBuilder.php.

141 {
142 if ($metadata->hasValue('tags')) {
143 $a = new \SAML2\XML\saml\Attribute();
144 $a->Name = 'tags';
145 foreach ($metadata->getArray('tags') as $tag) {
146 $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($tag);
147 }
148 $e->Extensions[] = $a;
149 }
150
151 if ($metadata->hasValue('hint.cidr')) {
152 $a = new \SAML2\XML\saml\Attribute();
153 $a->Name = 'hint.cidr';
154 foreach ($metadata->getArray('hint.cidr') as $hint) {
155 $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($hint);
156 }
157 $e->Extensions[] = $a;
158 }
159
160 if ($metadata->hasValue('scope')) {
161 foreach ($metadata->getArray('scope') as $scopetext) {
162 $s = new \SAML2\XML\shibmd\Scope();
163 $s->scope = $scopetext;
164 // Check whether $ ^ ( ) * | \ are in a scope -> assume regex.
165 if (1 === preg_match('/[\$\^\‍)\‍(\*\|\\\\]/', $scopetext)) {
166 $s->regexp = true;
167 } else {
168 $s->regexp = false;
169 }
170 $e->Extensions[] = $s;
171 }
172 }
173
174 if ($metadata->hasValue('EntityAttributes')) {
175 $ea = new \SAML2\XML\mdattr\EntityAttributes();
176 foreach ($metadata->getArray('EntityAttributes') as $attributeName => $attributeValues) {
177 $a = new \SAML2\XML\saml\Attribute();
178 $a->Name = $attributeName;
179 $a->NameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri';
180
181 // Attribute names that is not URI is prefixed as this: '{nameformat}name'
182 if (preg_match('/^\{(.*?)\}(.*)$/', $attributeName, $matches)) {
183 $a->Name = $matches[2];
184 $nameFormat = $matches[1];
185 if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) {
186 $a->NameFormat = $nameFormat;
187 }
188 }
189 foreach ($attributeValues as $attributeValue) {
190 $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($attributeValue);
191 }
192 $ea->children[] = $a;
193 }
194 $this->entityDescriptor->Extensions[] = $ea;
195 }
196
197 if ($metadata->hasValue('RegistrationInfo')) {
198 $ri = new \SAML2\XML\mdrpi\RegistrationInfo();
199 foreach ($metadata->getArray('RegistrationInfo') as $riName => $riValues) {
200 switch ($riName) {
201 case 'authority':
202 $ri->registrationAuthority = $riValues;
203 break;
204 case 'instant':
205 $ri->registrationInstant = \SAML2\Utils::xsDateTimeToTimestamp($riValues);
206 break;
207 case 'policies':
208 $ri->RegistrationPolicy = $riValues;
209 break;
210 }
211 }
212 $this->entityDescriptor->Extensions[] = $ri;
213 }
214
215 if ($metadata->hasValue('UIInfo')) {
216 $ui = new \SAML2\XML\mdui\UIInfo();
217 foreach ($metadata->getArray('UIInfo') as $uiName => $uiValues) {
218 switch ($uiName) {
219 case 'DisplayName':
220 $ui->DisplayName = $uiValues;
221 break;
222 case 'Description':
223 $ui->Description = $uiValues;
224 break;
225 case 'InformationURL':
226 $ui->InformationURL = $uiValues;
227 break;
228 case 'PrivacyStatementURL':
229 $ui->PrivacyStatementURL = $uiValues;
230 break;
231 case 'Keywords':
232 foreach ($uiValues as $lang => $keywords) {
233 $uiItem = new \SAML2\XML\mdui\Keywords();
234 $uiItem->lang = $lang;
235 $uiItem->Keywords = $keywords;
236 $ui->Keywords[] = $uiItem;
237 }
238 break;
239 case 'Logo':
240 foreach ($uiValues as $logo) {
241 $uiItem = new \SAML2\XML\mdui\Logo();
242 $uiItem->url = $logo['url'];
243 $uiItem->width = $logo['width'];
244 $uiItem->height = $logo['height'];
245 if (isset($logo['lang'])) {
246 $uiItem->lang = $logo['lang'];
247 }
248 $ui->Logo[] = $uiItem;
249 }
250 break;
251 }
252 }
253 $e->Extensions[] = $ui;
254 }
255
256 if ($metadata->hasValue('DiscoHints')) {
257 $dh = new \SAML2\XML\mdui\DiscoHints();
258 foreach ($metadata->getArray('DiscoHints') as $dhName => $dhValues) {
259 switch ($dhName) {
260 case 'IPHint':
261 $dh->IPHint = $dhValues;
262 break;
263 case 'DomainHint':
264 $dh->DomainHint = $dhValues;
265 break;
266 case 'GeolocationHint':
267 $dh->GeolocationHint = $dhValues;
268 break;
269 }
270 }
271 $e->Extensions[] = $dh;
272 }
273 }
static xsDateTimeToTimestamp($time)
This function converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp.
Definition: Utils.php:721
$lang
Definition: consent.php:3
if(function_exists( 'posix_getuid') &&posix_getuid()===0) if(!array_key_exists('t', $options)) $tag
Definition: cron.php:35
$s
Definition: pwgen.php:45

References $lang, $metadata, $s, $tag, and SAML2\Utils\xsDateTimeToTimestamp().

+ Here is the call graph for this function:

◆ addMetadata()

SimpleSAML_Metadata_SAMLBuilder::addMetadata (   $set,
  $metadata 
)

Add a specific type of metadata to an entity.

Parameters
string$setThe metadata set this metadata comes from.
array$metadataThe metadata.

Definition at line 437 of file SAMLBuilder.php.

438 {
439 assert('is_string($set)');
440 assert('is_array($metadata)');
441
442 $this->setExpiration($metadata);
443
444 switch ($set) {
445 case 'saml20-sp-remote':
447 break;
448 case 'saml20-idp-remote':
450 break;
451 case 'shib13-sp-remote':
453 break;
454 case 'shib13-idp-remote':
456 break;
457 case 'attributeauthority-remote':
459 break;
460 default:
461 SimpleSAML\Logger::warning('Unable to generate metadata for unknown type \''.$set.'\'.');
462 }
463 }
static warning($string)
Definition: Logger.php:179
addMetadataSP11($metadata)
Add metadata of a SAML 1.1 service provider.
addAttributeAuthority(array $metadata)
Add metadata of a SAML attribute authority.
addMetadataIdP11($metadata)
Add metadata of a SAML 1.1 identity provider.
addMetadataSP20($metadata, $protocols=array(\SAML2\Constants::NS_SAMLP))
Add SAML 2.0 SP metadata.
addMetadataIdP20($metadata)
Add metadata of a SAML 2.0 identity provider.

References $metadata, addAttributeAuthority(), addMetadataIdP11(), addMetadataIdP20(), addMetadataSP11(), addMetadataSP20(), setExpiration(), and SimpleSAML\Logger\warning().

+ Here is the call graph for this function:

◆ addMetadataIdP11()

SimpleSAML_Metadata_SAMLBuilder::addMetadataIdP11 (   $metadata)

Add metadata of a SAML 1.1 identity provider.

Parameters
array$metadataThe metadata.

Definition at line 612 of file SAMLBuilder.php.

613 {
614 assert('is_array($metadata)');
615 assert('isset($metadata["entityid"])');
616 assert('isset($metadata["metadata-set"])');
617
619
620 $e = new \SAML2\XML\md\IDPSSODescriptor();
621 $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:1.1:protocol';
622 $e->protocolSupportEnumeration[] = 'urn:mace:shibboleth:1.0';
623
624 $this->addCertificate($e, $metadata);
625
626 $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', array());
627
628 $e->SingleSignOnService = self::createEndpoints($metadata->getEndpoints('SingleSignOnService'), false);
629
630 $this->entityDescriptor->RoleDescriptor[] = $e;
631 }

Referenced by addMetadata().

+ Here is the caller graph for this function:

◆ addMetadataIdP20()

SimpleSAML_Metadata_SAMLBuilder::addMetadataIdP20 (   $metadata)

Add metadata of a SAML 2.0 identity provider.

Parameters
array$metadataThe metadata.

Definition at line 528 of file SAMLBuilder.php.

529 {
530 assert('is_array($metadata)');
531 assert('isset($metadata["entityid"])');
532 assert('isset($metadata["metadata-set"])');
533
535
536 $e = new \SAML2\XML\md\IDPSSODescriptor();
537 $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:2.0:protocol';
538
539 if ($metadata->hasValue('sign.authnrequest')) {
540 $e->WantAuthnRequestsSigned = $metadata->getBoolean('sign.authnrequest');
541 } elseif ($metadata->hasValue('redirect.sign')) {
542 $e->WantAuthnRequestsSigned = $metadata->getBoolean('redirect.sign');
543 }
544
545 $this->addExtensions($metadata, $e);
546
547 $this->addCertificate($e, $metadata);
548
549 if ($metadata->hasValue('ArtifactResolutionService')) {
550 $e->ArtifactResolutionService = self::createEndpoints(
551 $metadata->getEndpoints('ArtifactResolutionService'),
552 true
553 );
554 }
555
556 $e->SingleLogoutService = self::createEndpoints($metadata->getEndpoints('SingleLogoutService'), false);
557
558 $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', array());
559
560 $e->SingleSignOnService = self::createEndpoints($metadata->getEndpoints('SingleSignOnService'), false);
561
562 $this->entityDescriptor->RoleDescriptor[] = $e;
563
564 foreach ($metadata->getArray('contacts', array()) as $contact) {
565 if (array_key_exists('contactType', $contact) && array_key_exists('emailAddress', $contact)) {
566 $this->addContact($contact['contactType'], \SimpleSAML\Utils\Config\Metadata::getContact($contact));
567 }
568 }
569 }
addContact($type, $details)
Add contact information.
Attribute-related utility methods.

Referenced by addMetadata().

+ Here is the caller graph for this function:

◆ addMetadataSP11()

SimpleSAML_Metadata_SAMLBuilder::addMetadataSP11 (   $metadata)

Add metadata of a SAML 1.1 service provider.

Parameters
array$metadataThe metadata.

Definition at line 577 of file SAMLBuilder.php.

578 {
579 assert('is_array($metadata)');
580 assert('isset($metadata["entityid"])');
581 assert('isset($metadata["metadata-set"])');
582
584
585 $e = new \SAML2\XML\md\SPSSODescriptor();
586 $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:1.1:protocol';
587
588 $this->addCertificate($e, $metadata);
589
590 $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', array());
591
592 $endpoints = $metadata->getEndpoints('AssertionConsumerService');
593 foreach ($metadata->getArrayizeString('AssertionConsumerService.artifact', array()) as $acs) {
594 $endpoints[] = array(
595 'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
596 'Location' => $acs,
597 );
598 }
599 $e->AssertionConsumerService = self::createEndpoints($endpoints, true);
600
602
603 $this->entityDescriptor->RoleDescriptor[] = $e;
604 }
addAttributeConsumingService(\SAML2\XML\md\SPSSODescriptor $spDesc, SimpleSAML_Configuration $metadata)
Add an AttributeConsumingService element to the metadata.

Referenced by addMetadata().

+ Here is the caller graph for this function:

◆ addMetadataSP20()

SimpleSAML_Metadata_SAMLBuilder::addMetadataSP20 (   $metadata,
  $protocols = array(\SAML2\Constants::NS_SAMLP) 
)

Add SAML 2.0 SP metadata.

Parameters
array$metadataThe metadata.
array$protocolsThe protocols supported. Defaults to \SAML2\Constants::NS_SAMLP.

Definition at line 472 of file SAMLBuilder.php.

473 {
474 assert('is_array($metadata)');
475 assert('is_array($protocols)');
476 assert('isset($metadata["entityid"])');
477 assert('isset($metadata["metadata-set"])');
478
480
481 $e = new \SAML2\XML\md\SPSSODescriptor();
482 $e->protocolSupportEnumeration = $protocols;
483
484 if ($metadata->hasValue('saml20.sign.assertion')) {
485 $e->WantAssertionsSigned = $metadata->getBoolean('saml20.sign.assertion');
486 }
487
488 if ($metadata->hasValue('redirect.validate')) {
489 $e->AuthnRequestsSigned = $metadata->getBoolean('redirect.validate');
490 } elseif ($metadata->hasValue('validate.authnrequest')) {
491 $e->AuthnRequestsSigned = $metadata->getBoolean('validate.authnrequest');
492 }
493
494 $this->addExtensions($metadata, $e);
495
496 $this->addCertificate($e, $metadata);
497
498 $e->SingleLogoutService = self::createEndpoints($metadata->getEndpoints('SingleLogoutService'), false);
499
500 $e->NameIDFormat = $metadata->getArrayizeString('NameIDFormat', array());
501
502 $endpoints = $metadata->getEndpoints('AssertionConsumerService');
503 foreach ($metadata->getArrayizeString('AssertionConsumerService.artifact', array()) as $acs) {
504 $endpoints[] = array(
505 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
506 'Location' => $acs,
507 );
508 }
509 $e->AssertionConsumerService = self::createEndpoints($endpoints, true);
510
512
513 $this->entityDescriptor->RoleDescriptor[] = $e;
514
515 foreach ($metadata->getArray('contacts', array()) as $contact) {
516 if (array_key_exists('contactType', $contact) && array_key_exists('emailAddress', $contact)) {
517 $this->addContact($contact['contactType'], \SimpleSAML\Utils\Config\Metadata::getContact($contact));
518 }
519 }
520 }

Referenced by addMetadata().

+ Here is the caller graph for this function:

◆ addOrganization()

SimpleSAML_Metadata_SAMLBuilder::addOrganization ( array  $orgName,
array  $orgDisplayName,
array  $orgURL 
)

Add an Organization element based on data passed as parameters.

Parameters
array$orgNameAn array with the localized OrganizationName.
array$orgDisplayNameAn array with the localized OrganizationDisplayName.
array$orgURLAn array with the localized OrganizationURL.

Definition at line 283 of file SAMLBuilder.php.

284 {
285 $org = new \SAML2\XML\md\Organization();
286
287 $org->OrganizationName = $orgName;
288 $org->OrganizationDisplayName = $orgDisplayName;
289 $org->OrganizationURL = $orgURL;
290
291 $this->entityDescriptor->Organization = $org;
292 }
if($name !==null &&!empty($attributes)) $orgName
Definition: metadata.php:170

References $orgName.

Referenced by addOrganizationInfo().

+ Here is the caller graph for this function:

◆ addOrganizationInfo()

SimpleSAML_Metadata_SAMLBuilder::addOrganizationInfo ( array  $metadata)

Add an Organization element based on metadata array.

Parameters
array$metadataThe metadata we should extract the organization information from.

Definition at line 300 of file SAMLBuilder.php.

301 {
302 if (
303 empty($metadata['OrganizationName']) ||
304 empty($metadata['OrganizationDisplayName']) ||
305 empty($metadata['OrganizationURL'])
306 ) {
307 // empty or incomplete organization information
308 return;
309 }
310
311 $orgName = SimpleSAML\Utils\Arrays::arrayize($metadata['OrganizationName'], 'en');
312 $orgDisplayName = SimpleSAML\Utils\Arrays::arrayize($metadata['OrganizationDisplayName'], 'en');
313 $orgURL = SimpleSAML\Utils\Arrays::arrayize($metadata['OrganizationURL'], 'en');
314
315 $this->addOrganization($orgName, $orgDisplayName, $orgURL);
316 }
static arrayize($data, $index=0)
Put a non-array variable into an array.
Definition: Arrays.php:24
addOrganization(array $orgName, array $orgDisplayName, array $orgURL)
Add an Organization element based on data passed as parameters.

References $metadata, $orgName, addOrganization(), and SimpleSAML\Utils\Arrays\arrayize().

+ Here is the call graph for this function:

◆ addSecurityTokenServiceType()

SimpleSAML_Metadata_SAMLBuilder::addSecurityTokenServiceType (   $metadata)

Add a SecurityTokenServiceType for ADFS metadata.

Parameters
array$metadataThe metadata with the information about the SecurityTokenServiceType.

Definition at line 117 of file SAMLBuilder.php.

118 {
119 assert('is_array($metadata)');
120 assert('isset($metadata["entityid"])');
121 assert('isset($metadata["metadata-set"])');
122
124 $defaultEndpoint = $metadata->getDefaultEndpoint('SingleSignOnService');
126 $e->Location = $defaultEndpoint['Location'];
127
128 $this->addCertificate($e, $metadata);
129
130 $this->entityDescriptor->RoleDescriptor[] = $e;
131 }

References $metadata, addCertificate(), and SimpleSAML_Configuration\loadFromArray().

+ Here is the call graph for this function:

◆ addX509KeyDescriptor()

SimpleSAML_Metadata_SAMLBuilder::addX509KeyDescriptor ( \SAML2\XML\md\RoleDescriptor  $rd,
  $use,
  $x509data 
)
private

Add a KeyDescriptor with an X509 certificate.

Parameters
\SAML2\XML\md\RoleDescriptor$rdThe RoleDescriptor the certificate should be added to.
string$useThe value of the 'use' attribute.
string$x509dataThe certificate data.

Definition at line 736 of file SAMLBuilder.php.

737 {
738 assert('in_array($use, array("encryption", "signing"), TRUE)');
739 assert('is_string($x509data)');
740
741 $keyDescriptor = \SAML2\Utils::createKeyDescriptor($x509data);
742 $keyDescriptor->use = $use;
743 $rd->KeyDescriptor[] = $keyDescriptor;
744 }
static createKeyDescriptor($x509Data)
Create a KeyDescriptor with the given certificate.
Definition: Utils.php:683

◆ createEndpoints()

static SimpleSAML_Metadata_SAMLBuilder::createEndpoints ( array  $endpoints,
  $indexed 
)
staticprivate

Add a list of endpoints to metadata.

Parameters
array$endpointsThe endpoints.
bool$indexedWhether the endpoints should be indexed.
Returns
array An array of endpoint objects, either \SAML2\XML\md\EndpointType or \SAML2\XML\md\IndexedEndpointType.

Definition at line 327 of file SAMLBuilder.php.

328 {
329 assert('is_bool($indexed)');
330
331 $ret = array();
332
333 foreach ($endpoints as &$ep) {
334 if ($indexed) {
335 $t = new \SAML2\XML\md\IndexedEndpointType();
336 } else {
337 $t = new \SAML2\XML\md\EndpointType();
338 }
339
340 $t->Binding = $ep['Binding'];
341 $t->Location = $ep['Location'];
342 if (isset($ep['ResponseLocation'])) {
343 $t->ResponseLocation = $ep['ResponseLocation'];
344 }
345 if (isset($ep['hoksso:ProtocolBinding'])) {
346 $t->setAttributeNS(
347 \SAML2\Constants::NS_HOK,
348 'hoksso:ProtocolBinding',
349 \SAML2\Constants::BINDING_HTTP_REDIRECT
350 );
351 }
352
353 if ($indexed) {
354 if (!isset($ep['index'])) {
355 // Find the maximum index
356 $maxIndex = -1;
357 foreach ($endpoints as $ep) {
358 if (!isset($ep['index'])) {
359 continue;
360 }
361
362 if ($ep['index'] > $maxIndex) {
363 $maxIndex = $ep['index'];
364 }
365 }
366
367 $ep['index'] = $maxIndex + 1;
368 }
369
370 $t->index = $ep['index'];
371 }
372
373 $ret[] = $t;
374 }
375
376 return $ret;
377 }
$ret
Definition: parser.php:6

References $ret, and $t.

◆ getEntityDescriptor()

SimpleSAML_Metadata_SAMLBuilder::getEntityDescriptor ( )

Retrieve the EntityDescriptor element which is generated for this entity.

Returns
DOMElement The EntityDescriptor element of this entity.

Definition at line 81 of file SAMLBuilder.php.

82 {
83 $xml = $this->entityDescriptor->toXML();
84 $xml->ownerDocument->appendChild($xml);
85
86 return $xml;
87 }
$xml
Definition: metadata.php:240

References $xml.

Referenced by getEntityDescriptorText().

+ Here is the caller graph for this function:

◆ getEntityDescriptorText()

SimpleSAML_Metadata_SAMLBuilder::getEntityDescriptorText (   $formatted = true)

Retrieve the EntityDescriptor as text.

This function serializes this EntityDescriptor, and returns it as text.

Parameters
bool$formattedWhether the returned EntityDescriptor should be formatted first.
Returns
string The serialized EntityDescriptor.

Definition at line 99 of file SAMLBuilder.php.

100 {
101 assert('is_bool($formatted)');
102
103 $xml = $this->getEntityDescriptor();
104 if ($formatted) {
105 SimpleSAML\Utils\XML::formatDOMElement($xml);
106 }
107
108 return $xml->ownerDocument->saveXML();
109 }
getEntityDescriptor()
Retrieve the EntityDescriptor element which is generated for this entity.
Definition: SAMLBuilder.php:81

References $xml, and getEntityDescriptor().

+ Here is the call graph for this function:

◆ setExpiration()

SimpleSAML_Metadata_SAMLBuilder::setExpiration (   $metadata)
private

Definition at line 59 of file SAMLBuilder.php.

60 {
61 if (array_key_exists('expire', $metadata)) {
62 if ($metadata['expire'] - time() < $this->maxDuration) {
63 $this->maxDuration = $metadata['expire'] - time();
64 }
65 }
66
67 if ($this->maxCache !== null) {
68 $this->entityDescriptor->cacheDuration = 'PT'.$this->maxCache.'S';
69 }
70 if ($this->maxDuration !== null) {
71 $this->entityDescriptor->validUntil = time() + $this->maxDuration;
72 }
73 }

References $maxDuration, and $metadata.

Referenced by addMetadata().

+ Here is the caller graph for this function:

Field Documentation

◆ $entityDescriptor

SimpleSAML_Metadata_SAMLBuilder::$entityDescriptor
private

Definition at line 20 of file SAMLBuilder.php.

◆ $maxCache

SimpleSAML_Metadata_SAMLBuilder::$maxCache = null
private

Definition at line 28 of file SAMLBuilder.php.

Referenced by __construct().

◆ $maxDuration

SimpleSAML_Metadata_SAMLBuilder::$maxDuration = null
private

Definition at line 36 of file SAMLBuilder.php.

Referenced by __construct(), and setExpiration().


The documentation for this class was generated from the following file: