SimpleSAML_Metadata_SAMLParser Class Reference

This is class for parsing of SAML 1.x and SAML 2.0 metadata. More...

Collaboration diagram for SimpleSAML_Metadata_SAMLParser:

Public Member Functions
	getEntityId ()
	This function returns the entity id of this parsed entity. More...
	getMetadata1xSP ()
	This function returns the metadata for SAML 1.x SPs in the format SimpleSAMLphp expects. More...
	getMetadata1xIdP ()
	This function returns the metadata for SAML 1.x IdPs in the format SimpleSAMLphp expects. More...
	getMetadata20SP ()
	This function returns the metadata for SAML 2.0 SPs in the format SimpleSAMLphp expects. More...
	getMetadata20IdP ()
	This function returns the metadata for SAML 2.0 IdPs in the format SimpleSAMLphp expects. More...
	getAttributeAuthorities ()
	Retrieve AttributeAuthorities from the metadata. More...
	validateSignature ($certificates)
	If this EntityDescriptor was signed this function use the public key to check the signature. More...
	validateFingerprint ($fingerprint)
	This function checks if this EntityDescriptor was signed with a certificate with the given fingerprint. More...

Static Public Member Functions
static	parseFile ($file)
	This function parses a file which contains XML encoded metadata. More...
static	parseString ($metadata)
	This function parses a string which contains XML encoded metadata. More...
static	parseDocument ($document)
	This function parses a DOMDocument which is assumed to contain a single EntityDescriptor element. More...
static	parseElement ($entityElement)
	This function parses a \SAML2\XML\md\EntityDescriptor object which represents a EntityDescriptor element. More...
static	parseDescriptorsFile ($file)
	This function parses a file where the root node is either an EntityDescriptor element or an EntitiesDescriptor element. More...
static	parseDescriptorsString ($string)
	This function parses a string with XML data. More...
static	parseDescriptorsElement (DOMElement $element=null)
	This function parses a DOMElement which represents either an EntityDescriptor element or an EntitiesDescriptor element. More...

Private Member Functions
	__construct (\SAML2\XML\md\EntityDescriptor $entityElement, $maxExpireTime, array $validators=array(), array $parentExtensions=null)
	This is the constructor for the SAMLParser class. More...
	getMetadataCommon ()
	addExtensions (array &$metadata, array $roleDescriptor)
	Add data parsed from extensions to metadata. More...
	processSPSSODescriptor (\SAML2\XML\md\SPSSODescriptor $element, $expireTime)
	This function extracts metadata from a SPSSODescriptor element. More...
	processIDPSSODescriptor (\SAML2\XML\md\IDPSSODescriptor $element, $expireTime)
	This function extracts metadata from a IDPSSODescriptor element. More...
	processAttributeAuthorityDescriptor (\SAML2\XML\md\AttributeAuthorityDescriptor $element, $expireTime)
	This function extracts metadata from a AttributeAuthorityDescriptor element. More...
	processOrganization (\SAML2\XML\md\Organization $element)
	Parse and process a Organization element. More...
	processContactPerson (\SAML2\XML\md\ContactPerson $element)
	Parse and process a ContactPerson element. More...
	getSPDescriptors ($protocols)
	This function finds SP descriptors which supports one of the given protocols. More...
	getIdPDescriptors ($protocols)
	This function finds IdP descriptors which supports one of the given protocols. More...

Static Private Member Functions
static	getExpireTime ($element, $maxExpireTime)
	Determine how long a given element can be cached. More...
static	parseRoleDescriptorType (\SAML2\XML\md\RoleDescriptor $element, $expireTime)
	Parse a RoleDescriptorType element. More...
static	parseSSODescriptor (\SAML2\XML\md\SSODescriptorType $element, $expireTime)
	This function extracts metadata from a SSODescriptor element. More...
static	processExtensions ($element, $parentExtensions=array())
	Parse an Extensions element. More...
static	parseAttributeConsumerService (\SAML2\XML\md\AttributeConsumingService $element, &$sp)
	This function parses AttributeConsumerService elements. More...
static	parseGenericEndpoint (\SAML2\XML\md\EndpointType $element)
	This function is a generic endpoint element parser. More...
static	extractEndpoints (array $endpoints)
	Extract generic endpoints. More...
static	parseKeyDescriptor (\SAML2\XML\md\KeyDescriptor $kd)
	This function parses a KeyDescriptor element. More...
static	findEntityDescriptor ($doc)
	This function locates the EntityDescriptor node in a DOMDocument. More...

Private Attributes
	$entityId
	$spDescriptors
	$idpDescriptors
	$attributeAuthorityDescriptors = array()
	$organizationName = array()
	$organizationDisplayName = array()
	$organizationURL = array()
	$contacts = array()
	$scopes
	$entityAttributes
	$registrationInfo
	$tags
	$validators = array()
	$entityDescriptor

Static Private Attributes
static	$SAML1xProtocols
static	$SAML20Protocols

Detailed Description

This is class for parsing of SAML 1.x and SAML 2.0 metadata.

Metadata is loaded by calling the static methods parseFile, parseString or parseElement. These functions returns an instance of SimpleSAML_Metadata_SAMLParser. To get metadata from this object, use the methods getMetadata1xSP or getMetadata20SP.

To parse a file which can contain a collection of EntityDescriptor or EntitiesDescriptor elements, use the parseDescriptorsFile, parseDescriptorsString or parseDescriptorsElement methods. These functions will return an array of SAMLParser elements where each element represents an EntityDescriptor-element.

Definition at line 15 of file SAMLParser.php.

Constructor & Destructor Documentation

__construct()

SimpleSAML_Metadata_SAMLParser::__construct ( \SAML2\XML\md\EntityDescriptor  $entityElement,   $maxExpireTime, array  $validators = array(), array  $parentExtensions = null  )

private

This is the constructor for the SAMLParser class.

Parameters

\SAML2\XML\md\EntityDescriptor	$entityElement	The EntityDescriptor.
int | NULL	$maxExpireTime	The unix timestamp for when this entity should expire, or NULL if unknown.
array	$validators	An array of parent elements that may validate this element.
array	$parentExtensions	An optional array of extensions from the parent element.

Definition at line 164 of file SAMLParser.php.

      {
        assert('is_null($maxExpireTime) || is_int($maxExpireTime)');
 
        $this->spDescriptors = array();
        $this->idpDescriptors = array();
 
        $e = $entityElement->toXML();
        $e = $e->ownerDocument->saveXML($e);
        $this->entityDescriptor = base64_encode($e);
        $this->entityId = $entityElement->entityID;
 
        $expireTime = self::getExpireTime($entityElement, $maxExpireTime);
 
        $this->validators = $validators;
        $this->validators[] = $entityElement;
 
        // process Extensions element, if it exists
        $ext = self::processExtensions($entityElement, $parentExtensions);
        $this->scopes = $ext['scope'];
        $this->tags = $ext['tags'];
        $this->entityAttributes = $ext['EntityAttributes'];
        $this->registrationInfo = $ext['RegistrationInfo'];
 
        // look over the RoleDescriptors
        foreach ($entityElement->RoleDescriptor as $child) {
 
            if ($child instanceof \SAML2\XML\md\SPSSODescriptor) {
                $this->processSPSSODescriptor($child, $expireTime);
            } elseif ($child instanceof \SAML2\XML\md\IDPSSODescriptor) {
                $this->processIDPSSODescriptor($child, $expireTime);
            } elseif ($child instanceof \SAML2\XML\md\AttributeAuthorityDescriptor) {
                $this->processAttributeAuthorityDescriptor($child, $expireTime);
            }
        }
 
        if ($entityElement->Organization) {
            $this->processOrganization($entityElement->Organization);
        }
 
        if (!empty($entityElement->ContactPerson)) {
            foreach ($entityElement->ContactPerson as $contact) {
                $this->processContactPerson($contact);
            }
        }
    }

References $validators, getExpireTime(), processAttributeAuthorityDescriptor(), processContactPerson(), processExtensions(), processIDPSSODescriptor(), processOrganization(), and processSPSSODescriptor().

Here is the call graph for this function:

Member Function Documentation

addExtensions()

SimpleSAML_Metadata_SAMLParser::addExtensions ( array &  $metadata, array  $roleDescriptor  )

private

Add data parsed from extensions to metadata.

Parameters

array	&$metadata	The metadata that should be updated.
array	$roleDescriptor	The parsed role descriptor.

Definition at line 487 of file SAMLParser.php.

    {
        assert('array_key_exists("scope", $roleDescriptor)');
        assert('array_key_exists("tags", $roleDescriptor)');
 
        $scopes = array_merge($this->scopes, array_diff($roleDescriptor['scope'], $this->scopes));
        if (!empty($scopes)) {
            $metadata['scope'] = $scopes;
        }
 
        $tags = array_merge($this->tags, array_diff($roleDescriptor['tags'], $this->tags));
        if (!empty($tags)) {
            $metadata['tags'] = $tags;
        }
 
 
        if (!empty($this->registrationInfo)) {
            $metadata['RegistrationInfo'] = $this->registrationInfo;
        }
 
        if (!empty($this->entityAttributes)) {
            $metadata['EntityAttributes'] = $this->entityAttributes;
 
            // check for entity categories
            if (SimpleSAML\Utils\Config\Metadata::isHiddenFromDiscovery($metadata)) {
                $metadata['hide.from.discovery'] = true;
            }
        }
 
        if (!empty($roleDescriptor['UIInfo'])) {
            $metadata['UIInfo'] = $roleDescriptor['UIInfo'];
        }
 
        if (!empty($roleDescriptor['DiscoHints'])) {
            $metadata['DiscoHints'] = $roleDescriptor['DiscoHints'];
        }
    }

References $entityAttributes, $metadata, $registrationInfo, $scopes, and $tags.

Referenced by getMetadata1xIdP(), getMetadata1xSP(), getMetadata20IdP(), and getMetadata20SP().

Here is the caller graph for this function:

extractEndpoints()

static SimpleSAML_Metadata_SAMLParser::extractEndpoints ( array  $endpoints )

staticprivate

Extract generic endpoints.

Parameters

array

$endpoints

The endpoints we should parse.

Returns

array Array of parsed endpoints.

Definition at line 1293 of file SAMLParser.php.

    {
        $ret = array();
        foreach ($endpoints as $ep) {
            $ret[] = self::parseGenericEndpoint($ep);
        }
 
        return $ret;
    }

References $ret, and parseGenericEndpoint().

Referenced by parseSSODescriptor(), processAttributeAuthorityDescriptor(), processIDPSSODescriptor(), and processSPSSODescriptor().

Here is the call graph for this function:

Here is the caller graph for this function:

findEntityDescriptor()

static SimpleSAML_Metadata_SAMLParser::findEntityDescriptor (   $doc )

staticprivate

This function locates the EntityDescriptor node in a DOMDocument.

This node should be the first (and only) node in the document.

This function will throw an exception if it is unable to locate the node.

Parameters

DOMDocument

$doc

The DOMDocument where we should find the EntityDescriptor node.

Returns

\SAML2\XML\md\EntityDescriptor The DOMEntity which represents the EntityDescriptor.

Exceptions

Exception

If the document is empty or the first element is not an EntityDescriptor element.

Definition at line 1410 of file SAMLParser.php.

    {
        assert('$doc instanceof DOMDocument');
 
        // find the EntityDescriptor DOMElement. This should be the first (and only) child of the DOMDocument
        $ed = $doc->documentElement;
 
        if ($ed === null) {
            throw new Exception('Failed to load SAML metadata from empty XML document.');
        }
 
        if (SimpleSAML\Utils\XML::isDOMNodeOfType($ed, 'EntityDescriptor', '@md') === false) {
            throw new Exception('Expected first element in the metadata document to be an EntityDescriptor element.');
        }
 
        return new \SAML2\XML\md\EntityDescriptor($ed);
    }

Referenced by parseDocument().

Here is the caller graph for this function:

getAttributeAuthorities()

SimpleSAML_Metadata_SAMLParser::getAttributeAuthorities

(

)

Retrieve AttributeAuthorities from the metadata.

Returns

array Array of AttributeAuthorityDescriptor entries.

Definition at line 823 of file SAMLParser.php.

    {
        return $this->attributeAuthorityDescriptors;
    }

References $attributeAuthorityDescriptors.

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

Here is the caller graph for this function:

getEntityId()

SimpleSAML_Metadata_SAMLParser::getEntityId

(

)

This function returns the entity id of this parsed entity.

Returns

string The entity id of this parsed entity.

Definition at line 448 of file SAMLParser.php.

    {
        return $this->entityId;
    }

References $entityId.

getExpireTime()

static SimpleSAML_Metadata_SAMLParser::getExpireTime (   $element,   $maxExpireTime  )

staticprivate

Determine how long a given element can be cached.

This function looks for the 'validUntil' attribute to determine how long a given XML-element is valid. It returns this as a unix timestamp.

Parameters

mixed	$element	The element we should determine the expiry time of.
int | NULL	$maxExpireTime	The maximum expiration time.

Returns

int The unix timestamp for when the element should expire. Will be NULL if no limit is set for the element.

Definition at line 430 of file SAMLParser.php.

    {
        // validUntil may be null
        $expire = $element->validUntil;
 
        if ($maxExpireTime !== null && ($expire === null || $maxExpireTime < $expire)) {
            $expire = $maxExpireTime;
        }
 
        return $expire;
    }

References $expire.

Referenced by __construct(), and parseRoleDescriptorType().

Here is the caller graph for this function:

getIdPDescriptors()

SimpleSAML_Metadata_SAMLParser::getIdPDescriptors (   $protocols )

private

This function finds IdP descriptors which supports one of the given protocols.

Parameters

$protocols

Array with the protocols we accept.

Returns

Array with IdP descriptors which supports one of the given protocols.

Definition at line 1382 of file SAMLParser.php.

    {
        assert('is_array($protocols)');
 
        $ret = array();
 
        foreach ($this->idpDescriptors as $idpd) {
            $sharedProtocols = array_intersect($protocols, $idpd['protocols']);
            if (count($sharedProtocols) > 0) {
                $ret[] = $idpd;
            }
        }
 
        return $ret;
    }

References $ret.

Referenced by getMetadata1xIdP(), and getMetadata20IdP().

Here is the caller graph for this function:

getMetadata1xIdP()

SimpleSAML_Metadata_SAMLParser::getMetadata1xIdP

(

)

This function returns the metadata for SAML 1.x IdPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

• 'entityid': The entity id of the entity described in the metadata.
• 'name': Auto generated name for this entity. Currently set to the entity id.
• 'SingleSignOnService': String with the URL of the SSO service which supports the redirect binding.
• 'SingleLogoutService': String with the URL where we should send logout requests/responses.
• 'certData': X509Certificate for entity (if present).
• 'certFingerprint': Fingerprint of the X509Certificate from the metadata. (deprecated)

Metadata must be loaded with one of the parse functions before this function can be called.

Returns

array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 1.x IdP.

Definition at line 612 of file SAMLParser.php.

    {
        $ret = $this->getMetadataCommon();
        $ret['metadata-set'] = 'shib13-idp-remote';
 
        // find IdP information which supports the SAML 1.x protocol
        $idp = $this->getIdPDescriptors(self::$SAML1xProtocols);
        if (count($idp) === 0) {
            return null;
        }
 
        // we currently only look at the first IDP descriptor which supports SAML 1.x
        $idp = $idp[0];
 
        // fdd expire time to metadata
        if (array_key_exists('expire', $idp)) {
            $ret['expire'] = $idp['expire'];
        }
 
        // find the SSO service endpoints
        $ret['SingleSignOnService'] = $idp['SingleSignOnService'];
 
        // find the ArtifactResolutionService endpoint
        $ret['ArtifactResolutionService'] = $idp['ArtifactResolutionService'];
 
        // add public keys
        if (!empty($idp['keys'])) {
            $ret['keys'] = $idp['keys'];
        }
 
        // add extensions
        $this->addExtensions($ret, $idp);
 
        // prioritize mdui:DisplayName as the name if available
        if (!empty($ret['UIInfo']['DisplayName'])) {
            $ret['name'] = $ret['UIInfo']['DisplayName'];
        }
 
        return $ret;
    }

References $idp, $ret, addExtensions(), getIdPDescriptors(), and getMetadataCommon().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

Here is the call graph for this function:

Here is the caller graph for this function:

getMetadata1xSP()

SimpleSAML_Metadata_SAMLParser::getMetadata1xSP

(

)

This function returns the metadata for SAML 1.x SPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

• 'entityid': The entity id of the entity described in the metadata.
• 'AssertionConsumerService': String with the URL of the assertion consumer service which supports the browser-post binding.
• 'certData': X509Certificate for entity (if present).

Metadata must be loaded with one of the parse functions before this function can be called.

Returns

array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 1.x SP.

Definition at line 538 of file SAMLParser.php.

    {
        $ret = $this->getMetadataCommon();
        $ret['metadata-set'] = 'shib13-sp-remote';
 
 
        // find SP information which supports one of the SAML 1.x protocols
        $spd = $this->getSPDescriptors(self::$SAML1xProtocols);
        if (count($spd) === 0) {
            return null;
        }
 
        // we currently only look at the first SPDescriptor which supports SAML 1.x
        $spd = $spd[0];
 
        // add expire time to metadata
        if (array_key_exists('expire', $spd)) {
            $ret['expire'] = $spd['expire'];
        }
 
        // find the assertion consumer service endpoints
        $ret['AssertionConsumerService'] = $spd['AssertionConsumerService'];
 
        // add the list of attributes the SP should receive
        if (array_key_exists('attributes', $spd)) {
            $ret['attributes'] = $spd['attributes'];
        }
        if (array_key_exists('attributes.required', $spd)) {
            $ret['attributes.required'] = $spd['attributes.required'];
        }
        if (array_key_exists('attributes.NameFormat', $spd)) {
            $ret['attributes.NameFormat'] = $spd['attributes.NameFormat'];
        }
 
        // add name & description
        if (array_key_exists('name', $spd)) {
            $ret['name'] = $spd['name'];
        }
        if (array_key_exists('description', $spd)) {
            $ret['description'] = $spd['description'];
        }
 
        // add public keys
        if (!empty($spd['keys'])) {
            $ret['keys'] = $spd['keys'];
        }
 
        // add extensions
        $this->addExtensions($ret, $spd);
 
        // prioritize mdui:DisplayName as the name if available
        if (!empty($ret['UIInfo']['DisplayName'])) {
            $ret['name'] = $ret['UIInfo']['DisplayName'];
        }
 
        return $ret;
    }

References $ret, addExtensions(), getMetadataCommon(), and getSPDescriptors().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

Here is the call graph for this function:

Here is the caller graph for this function:

getMetadata20IdP()

SimpleSAML_Metadata_SAMLParser::getMetadata20IdP

(

)

This function returns the metadata for SAML 2.0 IdPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

• 'entityid': The entity id of the entity described in the metadata.
• 'name': Auto generated name for this entity. Currently set to the entity id.
• 'SingleSignOnService': String with the URL of the SSO service which supports the redirect binding.
• 'SingleLogoutService': String with the URL where we should send logout requests(/responses).
• 'SingleLogoutServiceResponse': String where we should send logout responses (if this is different from the 'SingleLogoutService' endpoint.
• 'NameIDFormats': The name ID formats this IdP supports.
• 'certData': X509Certificate for entity (if present).
• 'certFingerprint': Fingerprint of the X509Certificate from the metadata. (deprecated)

Metadata must be loaded with one of the parse functions before this function can be called.

Returns

array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 2.0 IdP.

Definition at line 765 of file SAMLParser.php.

    {
        $ret = $this->getMetadataCommon();
        $ret['metadata-set'] = 'saml20-idp-remote';
 
        // find IdP information which supports the SAML 2.0 protocol
        $idp = $this->getIdPDescriptors(self::$SAML20Protocols);
        if (count($idp) === 0) {
            return null;
        }
 
        // we currently only look at the first IDP descriptor which supports SAML 2.0
        $idp = $idp[0];
 
        // add expire time to metadata
        if (array_key_exists('expire', $idp)) {
            $ret['expire'] = $idp['expire'];
        }
 
        // enable redirect.sign if WantAuthnRequestsSigned is enabled
        if ($idp['WantAuthnRequestsSigned']) {
            $ret['sign.authnrequest'] = true;
        }
 
        // find the SSO service endpoint
        $ret['SingleSignOnService'] = $idp['SingleSignOnService'];
 
        // find the single logout service endpoint
        $ret['SingleLogoutService'] = $idp['SingleLogoutService'];
 
        // find the ArtifactResolutionService endpoint
        $ret['ArtifactResolutionService'] = $idp['ArtifactResolutionService'];
 
        // add supported nameIDFormats
        $ret['NameIDFormats'] = $idp['nameIDFormats'];
 
        // add public keys
        if (!empty($idp['keys'])) {
            $ret['keys'] = $idp['keys'];
        }
 
        // add extensions
        $this->addExtensions($ret, $idp);
 
        // prioritize mdui:DisplayName as the name if available
        if (!empty($ret['UIInfo']['DisplayName'])) {
            $ret['name'] = $ret['UIInfo']['DisplayName'];
        }
 
        return $ret;
    }

References $idp, $ret, addExtensions(), getIdPDescriptors(), and getMetadataCommon().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

Here is the call graph for this function:

Here is the caller graph for this function:

getMetadata20SP()

SimpleSAML_Metadata_SAMLParser::getMetadata20SP

(

)

This function returns the metadata for SAML 2.0 SPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

• 'entityid': The entity id of the entity described in the metadata.
• 'AssertionConsumerService': String with the URL of the assertion consumer service which supports the browser-post binding.
• 'SingleLogoutService': String with the URL where we should send logout requests/responses.
• 'NameIDFormat': The name ID format this SP expects. This may be unset.
• 'certData': X509Certificate for entity (if present).

Metadata must be loaded with one of the parse functions before this function can be called.

Returns

array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 2.x SP.

Definition at line 668 of file SAMLParser.php.

    {
        $ret = $this->getMetadataCommon();
        $ret['metadata-set'] = 'saml20-sp-remote';
 
        // find SP information which supports the SAML 2.0 protocol
        $spd = $this->getSPDescriptors(self::$SAML20Protocols);
        if (count($spd) === 0) {
            return null;
        }
 
        // we currently only look at the first SPDescriptor which supports SAML 2.0
        $spd = $spd[0];
 
        // add expire time to metadata
        if (array_key_exists('expire', $spd)) {
            $ret['expire'] = $spd['expire'];
        }
 
        // find the assertion consumer service endpoints
        $ret['AssertionConsumerService'] = $spd['AssertionConsumerService'];
 
 
        // find the single logout service endpoint
        $ret['SingleLogoutService'] = $spd['SingleLogoutService'];
 
 
        // find the NameIDFormat. This may not exist
        if (count($spd['nameIDFormats']) > 0) {
            // SimpleSAMLphp currently only supports a single NameIDFormat pr. SP. We use the first one
            $ret['NameIDFormat'] = $spd['nameIDFormats'][0];
        }
 
        // add the list of attributes the SP should receive
        if (array_key_exists('attributes', $spd)) {
            $ret['attributes'] = $spd['attributes'];
        }
        if (array_key_exists('attributes.required', $spd)) {
            $ret['attributes.required'] = $spd['attributes.required'];
        }
        if (array_key_exists('attributes.NameFormat', $spd)) {
            $ret['attributes.NameFormat'] = $spd['attributes.NameFormat'];
        }
 
        // add name & description
        if (array_key_exists('name', $spd)) {
            $ret['name'] = $spd['name'];
        }
        if (array_key_exists('description', $spd)) {
            $ret['description'] = $spd['description'];
        }
 
        // add public keys
        if (!empty($spd['keys'])) {
            $ret['keys'] = $spd['keys'];
        }
 
        // add validate.authnrequest
        if (array_key_exists('AuthnRequestsSigned', $spd)) {
            $ret['validate.authnrequest'] = $spd['AuthnRequestsSigned'];
        }
 
        // add saml20.sign.assertion
        if (array_key_exists('WantAssertionsSigned', $spd)) {
            $ret['saml20.sign.assertion'] = $spd['WantAssertionsSigned'];
        }
 
        // add extensions
        $this->addExtensions($ret, $spd);
 
        // prioritize mdui:DisplayName as the name if available
        if (!empty($ret['UIInfo']['DisplayName'])) {
            $ret['name'] = $ret['UIInfo']['DisplayName'];
        }
 
        return $ret;
    }

References $ret, addExtensions(), getMetadataCommon(), and getSPDescriptors().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

Here is the call graph for this function:

Here is the caller graph for this function:

getMetadataCommon()

SimpleSAML_Metadata_SAMLParser::getMetadataCommon ( )

private

Definition at line 454 of file SAMLParser.php.

    {
        $ret = array();
        $ret['entityid'] = $this->entityId;
        $ret['entityDescriptor'] = $this->entityDescriptor;
 
        // add organizational metadata
        if (!empty($this->organizationName)) {
            $ret['description'] = $this->organizationName;
            $ret['OrganizationName'] = $this->organizationName;
        }
        if (!empty($this->organizationDisplayName)) {
            $ret['name'] = $this->organizationDisplayName;
            $ret['OrganizationDisplayName'] = $this->organizationDisplayName;
        }
        if (!empty($this->organizationURL)) {
            $ret['url'] = $this->organizationURL;
            $ret['OrganizationURL'] = $this->organizationURL;
        }
 
        //add contact metadata
        $ret['contacts'] = $this->contacts;
 
        return $ret;
    }

References $contacts, $entityDescriptor, $entityId, $organizationDisplayName, $organizationName, $organizationURL, and $ret.

Referenced by getMetadata1xIdP(), getMetadata1xSP(), getMetadata20IdP(), and getMetadata20SP().

Here is the caller graph for this function:

getSPDescriptors()

SimpleSAML_Metadata_SAMLParser::getSPDescriptors (   $protocols )

private

This function finds SP descriptors which supports one of the given protocols.

Parameters

$protocols

Array with the protocols we accept.

Returns

Array with SP descriptors which supports one of the given protocols.

Definition at line 1358 of file SAMLParser.php.

    {
        assert('is_array($protocols)');
 
        $ret = array();
 
        foreach ($this->spDescriptors as $spd) {
            $sharedProtocols = array_intersect($protocols, $spd['protocols']);
            if (count($sharedProtocols) > 0) {
                $ret[] = $spd;
            }
        }
 
        return $ret;
    }

References $ret.

Referenced by getMetadata1xSP(), and getMetadata20SP().

Here is the caller graph for this function:

parseAttributeConsumerService()

static SimpleSAML_Metadata_SAMLParser::parseAttributeConsumerService ( \SAML2\XML\md\AttributeConsumingService  $element, &  $sp  )

staticprivate

This function parses AttributeConsumerService elements.

Parameters

\SAML2\XML\md\AttributeConsumingService	$element	The AttributeConsumingService to parse.
array	$sp	The array with the SP's metadata.

Definition at line 1204 of file SAMLParser.php.

    {
        assert('is_array($sp)');
 
        $sp['name'] = $element->ServiceName;
        $sp['description'] = $element->ServiceDescription;
 
        $format = null;
        $sp['attributes'] = array();
        $sp['attributes.required'] = array();
        foreach ($element->RequestedAttribute as $child) {
            $attrname = $child->Name;
            $sp['attributes'][] = $attrname;
 
            if ($child->isRequired !== null && $child->isRequired === true) {
                $sp['attributes.required'][] = $attrname;
            }
 
            if ($child->NameFormat !== null) {
                $attrformat = $child->NameFormat;
            } else {
                $attrformat = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
            }
 
            if ($format === null) {
                $format = $attrformat;
            } elseif ($format !== $attrformat) {
                $format = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
            }
        }
 
        if (empty($sp['attributes'])) {
            // a really invalid configuration: all AttributeConsumingServices should have one or more attributes
            unset($sp['attributes']);
        }
        if (empty($sp['attributes.required'])) {
            unset($sp['attributes.required']);
        }
 
        if ($format !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED && $format !== null) {
            $sp['attributes.NameFormat'] = $format;
        }
    }

References $format, and SAML2\Constants\NAMEFORMAT_UNSPECIFIED.

Referenced by processSPSSODescriptor().

Here is the caller graph for this function:

parseDescriptorsElement()

static SimpleSAML_Metadata_SAMLParser::parseDescriptorsElement ( DOMElement  $element = null )

static

This function parses a DOMElement which represents either an EntityDescriptor element or an EntitiesDescriptor element.

It will return an associative array of SAMLParser instances in both cases.

Parameters

DOMElement | NULL

$element

The DOMElement which contains the EntityDescriptor element or the EntitiesDescriptor element.

Returns

SimpleSAML_Metadata_SAMLParser[] An associative array of SAMLParser instances. The key of the array will be the entity id.

Exceptions

Exception

if the document is empty or the root is an unexpected node.

Definition at line 359 of file SAMLParser.php.

    {
        if ($element === null) {
            throw new Exception('Document was empty.');
        }
 
        if (SimpleSAML\Utils\XML::isDOMNodeOfType($element, 'EntityDescriptor', '@md') === true) {
            return self::processDescriptorsElement(new \SAML2\XML\md\EntityDescriptor($element));
        } elseif (SimpleSAML\Utils\XML::isDOMNodeOfType($element, 'EntitiesDescriptor', '@md') === true) {
            return self::processDescriptorsElement(new \SAML2\XML\md\EntitiesDescriptor($element));
        } else {
            throw new Exception('Unexpected root node: ['.$element->namespaceURI.']:'.$element->localName);
        }
    }

Referenced by sspmod_metarefresh_MetaLoader\loadXML(), parseDescriptorsFile(), and parseDescriptorsString().

Here is the caller graph for this function:

parseDescriptorsFile()

static SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile (   $file )

static

This function parses a file where the root node is either an EntityDescriptor element or an EntitiesDescriptor element.

In both cases it will return an associative array of SAMLParser instances. If the file contains a single EntityDescriptorElement, then the array will contain a single SAMLParser instance.

Parameters

string

$file

The path to the file which contains the EntityDescriptor or EntitiesDescriptor element.

Returns

SimpleSAML_Metadata_SAMLParser[] An array of SAMLParser instances.

Exceptions

Exception

If the file does not parse as XML.

Definition at line 302 of file SAMLParser.php.

    {
 
        if ($file === null) {
            throw new Exception('Cannot open file NULL. File name not specified.');
        }
 
        $data = \SimpleSAML\Utils\HTTP::fetch($file);
 
        try {
            $doc = \SAML2\DOMDocumentFactory::fromString($data);
        } catch(\Exception $e) {
            throw new Exception('Failed to read XML from file: '.$file);
        }
 
        if ($doc->documentElement === null) {
            throw new Exception('Opened file is not an XML document: '.$file);
        }
 
        return self::parseDescriptorsElement($doc->documentElement);
    }

References $data, $file, SimpleSAML\Utils\HTTP\fetch(), SAML2\DOMDocumentFactory\fromString(), and parseDescriptorsElement().

Referenced by SimpleSAML_Metadata_MetaDataStorageHandlerXML\__construct().

Here is the call graph for this function:

Here is the caller graph for this function:

parseDescriptorsString()

static SimpleSAML_Metadata_SAMLParser::parseDescriptorsString (   $string )

static

This function parses a string with XML data.

The root node of the XML data is expected to be either an EntityDescriptor element or an EntitiesDescriptor element. It will return an associative array of SAMLParser instances.

Parameters

string

$string

The string with XML data.

Returns

SimpleSAML_Metadata_SAMLParser[] An associative array of SAMLParser instances. The key of the array will be the entity id.

Exceptions

Exception

If the string does not parse as XML.

Definition at line 336 of file SAMLParser.php.

    {
        try {
            $doc = \SAML2\DOMDocumentFactory::fromString($string);
        } catch(\Exception $e) {
            throw new Exception('Failed to parse XML string.');
        }
 
        return self::parseDescriptorsElement($doc->documentElement);
    }

References SAML2\DOMDocumentFactory\fromString(), and parseDescriptorsElement().

Here is the call graph for this function:

parseDocument()

static SimpleSAML_Metadata_SAMLParser::parseDocument (   $document )

static

This function parses a DOMDocument which is assumed to contain a single EntityDescriptor element.

Parameters

DOMDocument

$document

The DOMDocument which contains the EntityDescriptor element.

Returns

SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.

Definition at line 265 of file SAMLParser.php.

    {
        assert('$document instanceof DOMDocument');
 
        $entityElement = self::findEntityDescriptor($document);
 
        return self::parseElement($entityElement);
    }

References findEntityDescriptor(), and parseElement().

Referenced by parseFile(), and parseString().

Here is the call graph for this function:

Here is the caller graph for this function:

parseElement()

static SimpleSAML_Metadata_SAMLParser::parseElement (   $entityElement )

static

This function parses a \SAML2\XML\md\EntityDescriptor object which represents a EntityDescriptor element.

Parameters

\SAML2\XML\md\EntityDescriptor

$entityElement

A \SAML2\XML\md\EntityDescriptor object which represents a EntityDescriptor element.

Returns

SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.

Definition at line 283 of file SAMLParser.php.

    {
        assert('$entityElement instanceof \SAML2\XML\md\EntityDescriptor');
 
        return new SimpleSAML_Metadata_SAMLParser($entityElement, null);
    }

Referenced by parseDocument().

Here is the caller graph for this function:

parseFile()

static SimpleSAML_Metadata_SAMLParser::parseFile (   $file )

static

This function parses a file which contains XML encoded metadata.

Parameters

string

$file

The path to the file which contains the metadata.

Returns

SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.

Exceptions

Exception

If the file does not parse as XML.

Definition at line 224 of file SAMLParser.php.

    {
        $data = \SimpleSAML\Utils\HTTP::fetch($file);
 
        try {
            $doc = \SAML2\DOMDocumentFactory::fromString($data);
        } catch(\Exception $e) {
            throw new Exception('Failed to read XML from file: '.$file);
        }
 
        return self::parseDocument($doc);
    }

References $data, $file, SimpleSAML\Utils\HTTP\fetch(), SAML2\DOMDocumentFactory\fromString(), and parseDocument().

Here is the call graph for this function:

parseGenericEndpoint()

static SimpleSAML_Metadata_SAMLParser::parseGenericEndpoint ( \SAML2\XML\md\EndpointType  $element )

staticprivate

This function is a generic endpoint element parser.

The returned associative array has the following elements:

• 'Binding': The binding this endpoint uses.
• 'Location': The URL to this endpoint.
• 'ResponseLocation': The URL where responses should be sent. This may not exist.
• 'index': The index of this endpoint. This attribute is only for indexed endpoints.
• 'isDefault': Whether this endpoint is the default endpoint for this type. This attribute may not exist.

Parameters

\SAML2\XML\md\EndpointType

$element

The element which should be parsed.

Returns

array An associative array with the data we have extracted from the element.

Definition at line 1263 of file SAMLParser.php.

    {
        $ep = array();
 
        $ep['Binding'] = $element->Binding;
        $ep['Location'] = $element->Location;
 
        if ($element->ResponseLocation !== null) {
            $ep['ResponseLocation'] = $element->ResponseLocation;
        }
 
        if ($element instanceof \SAML2\XML\md\IndexedEndpointType) {
            $ep['index'] = $element->index;
 
            if ($element->isDefault !== null) {
                $ep['isDefault'] = $element->isDefault;
            }
        }
 
        return $ep;
    }

Referenced by extractEndpoints().

Here is the caller graph for this function:

parseKeyDescriptor()

static SimpleSAML_Metadata_SAMLParser::parseKeyDescriptor ( \SAML2\XML\md\KeyDescriptor  $kd )

staticprivate

This function parses a KeyDescriptor element.

It currently only supports keys with a single X509 certificate.

The associative array for a key can contain:

• 'encryption': Indicates whether this key can be used for encryption.
• 'signing': Indicates whether this key can be used for signing.
• 'type: The type of the key. 'X509Certificate' is the only key type we support.
• 'X509Certificate': The contents of the first X509Certificate element (if the type is 'X509Certificate ').

Parameters

\SAML2\XML\md\KeyDescriptor

$kd

The KeyDescriptor element.

Returns

array|null An associative array describing the key, or null if this is an unsupported key.

Definition at line 1318 of file SAMLParser.php.

    {
        $r = array();
 
        if ($kd->use === 'encryption') {
            $r['encryption'] = true;
            $r['signing'] = false;
        } elseif ($kd->use === 'signing') {
            $r['encryption'] = false;
            $r['signing'] = true;
        } else {
            $r['encryption'] = true;
            $r['signing'] = true;
        }
 
        $keyInfo = $kd->KeyInfo;
 
        foreach ($keyInfo->info as $i) {
            if ($i instanceof \SAML2\XML\ds\X509Data) {
                foreach ($i->data as $d) {
                    if ($d instanceof \SAML2\XML\ds\X509Certificate) {
                        $r['type'] = 'X509Certificate';
                        $r['X509Certificate'] = $d->certificate;
                        return $r;
                    }
                }
            }
        }
 
        return null;
    }

References $d, $i, and $r.

Referenced by parseRoleDescriptorType().

Here is the caller graph for this function:

parseRoleDescriptorType()

static SimpleSAML_Metadata_SAMLParser::parseRoleDescriptorType ( \SAML2\XML\md\RoleDescriptor  $element,   $expireTime  )

staticprivate

Parse a RoleDescriptorType element.

The returned associative array has the following elements:

• 'protocols': Array with the protocols supported.
• 'expire': Timestamp for when this descriptor expires.
• 'keys': Array of associative arrays with the elements from parseKeyDescriptor.

Parameters

\SAML2\XML\md\RoleDescriptor	$element	The element we should extract metadata from.
int | NULL	$expireTime	The unix timestamp for when this element should expire, or NULL if unknown.

Returns

array An associative array with metadata we have extracted from this element.

Definition at line 843 of file SAMLParser.php.

    {
        assert('is_null($expireTime) || is_int($expireTime)');
 
        $ret = array();
 
        $expireTime = self::getExpireTime($element, $expireTime);
 
        if ($expireTime !== null) {
            // we got an expired timestamp, either from this element or one of the parent elements
            $ret['expire'] = $expireTime;
        }
 
        $ret['protocols'] = $element->protocolSupportEnumeration;
 
        // process KeyDescriptor elements
        $ret['keys'] = array();
        foreach ($element->KeyDescriptor as $kd) {
            $key = self::parseKeyDescriptor($kd);
            if ($key !== null) {
                $ret['keys'][] = $key;
            }
        }
 
        $ext = self::processExtensions($element);
        $ret['scope'] = $ext['scope'];
        $ret['tags'] = $ext['tags'];
        $ret['EntityAttributes'] = $ext['EntityAttributes'];
        $ret['UIInfo'] = $ext['UIInfo'];
        $ret['DiscoHints'] = $ext['DiscoHints'];
 
        return $ret;
    }

References $key, $ret, getExpireTime(), parseKeyDescriptor(), and processExtensions().

Referenced by parseSSODescriptor(), and processAttributeAuthorityDescriptor().

Here is the call graph for this function:

Here is the caller graph for this function:

parseSSODescriptor()

static SimpleSAML_Metadata_SAMLParser::parseSSODescriptor ( \SAML2\XML\md\SSODescriptorType  $element,   $expireTime  )

staticprivate

This function extracts metadata from a SSODescriptor element.

The returned associative array has the following elements:

• 'protocols': Array with the protocols this SSODescriptor supports.
• 'SingleLogoutService': Array with the single logout service endpoints. Each endpoint is stored as an associative array with the elements that parseGenericEndpoint returns.
• 'nameIDFormats': The NameIDFormats supported by this SSODescriptor. This may be an empty array.
• 'keys': Array of associative arrays with the elements from parseKeyDescriptor:

Parameters

\SAML2\XML\md\SSODescriptorType	$element	The element we should extract metadata from.
int | NULL	$expireTime	The unix timestamp for when this element should expire, or NULL if unknown.

Returns

array An associative array with metadata we have extracted from this element.

Definition at line 894 of file SAMLParser.php.

    {
        assert('is_null($expireTime) || is_int($expireTime)');
 
        $sd = self::parseRoleDescriptorType($element, $expireTime);
 
        // find all SingleLogoutService elements
        $sd['SingleLogoutService'] = self::extractEndpoints($element->SingleLogoutService);
 
        // find all ArtifactResolutionService elements
        $sd['ArtifactResolutionService'] = self::extractEndpoints($element->ArtifactResolutionService);
 
 
        // process NameIDFormat elements
        $sd['nameIDFormats'] = $element->NameIDFormat;
 
        return $sd;
    }

References extractEndpoints(), and parseRoleDescriptorType().

Referenced by processIDPSSODescriptor(), and processSPSSODescriptor().

Here is the call graph for this function:

Here is the caller graph for this function:

parseString()

static SimpleSAML_Metadata_SAMLParser::parseString (   $metadata )

static

This function parses a string which contains XML encoded metadata.

Parameters

string

$metadata

A string which contains XML encoded metadata.

Returns

SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.

Exceptions

Exception

If the string does not parse as XML.

Definition at line 246 of file SAMLParser.php.

    {
        try {
            $doc = \SAML2\DOMDocumentFactory::fromString($metadata);
        } catch(\Exception $e) {
            throw new Exception('Failed to parse XML string.');
        }
 
        return self::parseDocument($doc);
    }

References $metadata, SAML2\DOMDocumentFactory\fromString(), and parseDocument().

Here is the call graph for this function:

processAttributeAuthorityDescriptor()

SimpleSAML_Metadata_SAMLParser::processAttributeAuthorityDescriptor ( \SAML2\XML\md\AttributeAuthorityDescriptor  $element,   $expireTime  )

private

This function extracts metadata from a AttributeAuthorityDescriptor element.

Parameters

\SAML2\XML\md\AttributeAuthorityDescriptor	$element	The element which should be parsed.
int | NULL	$expireTime	The unix timestamp for when this element should expire, or NULL if unknown.

Definition at line 983 of file SAMLParser.php.

      {
        assert('is_null($expireTime) || is_int($expireTime)');
 
        $aad = self::parseRoleDescriptorType($element, $expireTime);
        $aad['entityid'] = $this->entityId;
        $aad['metadata-set'] = 'attributeauthority-remote';
 
        $aad['AttributeService'] = self::extractEndpoints($element->AttributeService);
        $aad['AssertionIDRequestService'] = self::extractEndpoints($element->AssertionIDRequestService);
        $aad['NameIDFormat'] = $element->NameIDFormat;
 
        $this->attributeAuthorityDescriptors[] = $aad;
    }

References $entityId, extractEndpoints(), and parseRoleDescriptorType().

Referenced by __construct().

Here is the call graph for this function:

Here is the caller graph for this function:

processContactPerson()

SimpleSAML_Metadata_SAMLParser::processContactPerson ( \SAML2\XML\md\ContactPerson  $element )

private

Parse and process a ContactPerson element.

Parameters

\SAML2\XML\md\ContactPerson

$element

The ContactPerson element.

Definition at line 1171 of file SAMLParser.php.

    {
        $contactPerson = array();
        if (!empty($element->contactType)) {
            $contactPerson['contactType'] = $element->contactType;
        }
        if (!empty($element->Company)) {
            $contactPerson['company'] = $element->Company;
        }
        if (!empty($element->GivenName)) {
            $contactPerson['givenName'] = $element->GivenName;
        }
        if (!empty($element->SurName)) {
            $contactPerson['surName'] = $element->SurName;
        }
        if (!empty($element->EmailAddress)) {
            $contactPerson['emailAddress'] = $element->EmailAddress;
        }
        if (!empty($element->TelephoneNumber)) {
            $contactPerson['telephoneNumber'] = $element->TelephoneNumber;
        }
        if (!empty($contactPerson)) {
            $this->contacts[] = $contactPerson;
        }
    }

Referenced by __construct().

Here is the caller graph for this function:

processExtensions()

static SimpleSAML_Metadata_SAMLParser::processExtensions (   $element,   $parentExtensions = array()  )

staticprivate

Parse an Extensions element.

Extensions may appear in multiple elements and certain extension may get inherited from a parent element.

Parameters

mixed	$element	The element which contains the Extensions element.
array	$parentExtensions	An optional array of extensions from the parent element.

Returns

array An associative array with the extensions parsed.

Definition at line 1010 of file SAMLParser.php.

    {
        $ret = array(
            'scope'            => array(),
            'tags'             => array(),
            'EntityAttributes' => array(),
            'RegistrationInfo' => array(),
            'UIInfo'           => array(),
            'DiscoHints'       => array(),
        );
 
        // Some extensions may get inherited from a parent element
        if (($element instanceof \SAML2\XML\md\EntityDescriptor || $element instanceof \SAML2\XML\md\EntitiesDescriptor)
                && !empty($parentExtensions['RegistrationInfo'])) {
            $ret['RegistrationInfo'] = $parentExtensions['RegistrationInfo'];
        }
 
        foreach ($element->Extensions as $e) {
 
            if ($e instanceof \SAML2\XML\shibmd\Scope) {
                $ret['scope'][] = $e->scope;
                continue;
            }
 
            // Entity Attributes are only allowed at entity level extensions and not at RoleDescriptor level
            if ($element instanceof \SAML2\XML\md\EntityDescriptor ||
                $element instanceof \SAML2\XML\md\EntitiesDescriptor) {
 
 
                if ($e instanceof \SAML2\XML\mdrpi\RegistrationInfo) {
                    // Registration Authority cannot be overridden (warn only if override attempts to change the value)
                    if (isset($ret['RegistrationInfo']['registrationAuthority'])
                        && $ret['RegistrationInfo']['registrationAuthority'] !== $e->registrationAuthority) {
                        SimpleSAML\Logger::warning('Invalid attempt to override registrationAuthority \''
                          . $ret['RegistrationInfo']['registrationAuthority'] . "' with '{$e->registrationAuthority}'");
                    } else {
                        $ret['RegistrationInfo']['registrationAuthority'] = $e->registrationAuthority;
                    }
                }
                if ($e instanceof \SAML2\XML\mdattr\EntityAttributes && !empty($e->children)) {
                    foreach ($e->children as $attr) {
                        // only saml:Attribute are currently supported here. The specifications also allows
                        // saml:Assertions, which more complex processing
                        if ($attr instanceof \SAML2\XML\saml\Attribute) {
                            if (empty($attr->Name) || empty($attr->AttributeValue)) {
                                continue;
                            }
 
                            // attribute names that is not URI is prefixed as this: '{nameformat}name'
                            $name = $attr->Name;
                            if (empty($attr->NameFormat)) {
                                $name = '{'.\SAML2\Constants::NAMEFORMAT_UNSPECIFIED.'}'.$attr->Name;
                            } elseif ($attr->NameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri') {
                                $name = '{'.$attr->NameFormat.'}'.$attr->Name;
                            }
 
                            $values = array();
                            foreach ($attr->AttributeValue as $attrvalue) {
                                $values[] = $attrvalue->getString();
                            }
 
                            $ret['EntityAttributes'][$name] = $values;
                        }
                    }
                }
            }
 
            // UIInfo elements are only allowed at RoleDescriptor level extensions
            if ($element instanceof \SAML2\XML\md\RoleDescriptor) {
                if ($e instanceof \SAML2\XML\mdui\UIInfo) {
 
                    $ret['UIInfo']['DisplayName'] = $e->DisplayName;
                    $ret['UIInfo']['Description'] = $e->Description;
                    $ret['UIInfo']['InformationURL'] = $e->InformationURL;
                    $ret['UIInfo']['PrivacyStatementURL'] = $e->PrivacyStatementURL;
 
                    foreach ($e->Keywords as $uiItem) {
                        if (!($uiItem instanceof \SAML2\XML\mdui\Keywords)
                            || empty($uiItem->Keywords)
                            || empty($uiItem->lang)
                        ) {
                            continue;
                        }
                        $ret['UIInfo']['Keywords'][$uiItem->lang] = $uiItem->Keywords;
                    }
                    foreach ($e->Logo as $uiItem) {
                        if (!($uiItem instanceof \SAML2\XML\mdui\Logo)
                            || empty($uiItem->url)
                            || empty($uiItem->height)
                            || empty($uiItem->width)
                        ) {
                            continue;
                        }
                        $logo = array(
                            'url'    => $uiItem->url,
                            'height' => $uiItem->height,
                            'width'  => $uiItem->width,
                        );
                        if (!empty($uiItem->lang)) {
                            $logo['lang'] = $uiItem->lang;
                        }
                        $ret['UIInfo']['Logo'][] = $logo;
                    }
                }
            }
 
            // DiscoHints elements are only allowed at IDPSSODescriptor level extensions
            if ($element instanceof \SAML2\XML\md\IDPSSODescriptor) {
 
                if ($e instanceof \SAML2\XML\mdui\DiscoHints) {
                    $ret['DiscoHints']['IPHint'] = $e->IPHint;
                    $ret['DiscoHints']['DomainHint'] = $e->DomainHint;
                    $ret['DiscoHints']['GeolocationHint'] = $e->GeolocationHint;
                }
            }
 
            if (!($e instanceof \SAML2\XML\Chunk)) {
                continue;
            }
 
            if ($e->localName === 'Attribute' && $e->namespaceURI === \SAML2\Constants::NS_SAML) {
                $attribute = $e->getXML();
 
                $name = $attribute->getAttribute('Name');
                $values = array_map(
                    array('SimpleSAML\Utils\XML', 'getDOMText'),
                    SimpleSAML\Utils\XML::getDOMChildren($attribute, 'AttributeValue', '@saml2')
                );
 
                if ($name === 'tags') {
                    foreach ($values as $tagname) {
                        if (!empty($tagname)) {
                            $ret['tags'][] = $tagname;
                        }
                    }
                }
            }
        }
        return $ret;
    }

References $name, $ret, and SimpleSAML\Logger\warning().

Referenced by __construct(), and parseRoleDescriptorType().

Here is the call graph for this function:

Here is the caller graph for this function:

processIDPSSODescriptor()

SimpleSAML_Metadata_SAMLParser::processIDPSSODescriptor ( \SAML2\XML\md\IDPSSODescriptor  $element,   $expireTime  )

private

This function extracts metadata from a IDPSSODescriptor element.

Parameters

\SAML2\XML\md\IDPSSODescriptor	$element	The element which should be parsed.
int | NULL	$expireTime	The unix timestamp for when this element should expire, or NULL if unknown.

Definition at line 957 of file SAMLParser.php.

    {
        assert('is_null($expireTime) || is_int($expireTime)');
 
        $idp = self::parseSSODescriptor($element, $expireTime);
 
        // find all SingleSignOnService elements
        $idp['SingleSignOnService'] = self::extractEndpoints($element->SingleSignOnService);
 
        if ($element->WantAuthnRequestsSigned) {
            $idp['WantAuthnRequestsSigned'] = true;
        } else {
            $idp['WantAuthnRequestsSigned'] = false;
        }
 
        $this->idpDescriptors[] = $idp;
    }

References $idp, extractEndpoints(), and parseSSODescriptor().

Referenced by __construct().

Here is the call graph for this function:

Here is the caller graph for this function:

processOrganization()

SimpleSAML_Metadata_SAMLParser::processOrganization ( \SAML2\XML\md\Organization  $element )

private

Parse and process a Organization element.

Parameters

\SAML2\XML\md\Organization

$element

The Organization element.

Definition at line 1157 of file SAMLParser.php.

    {
        $this->organizationName = $element->OrganizationName;
        $this->organizationDisplayName = $element->OrganizationDisplayName;
        $this->organizationURL = $element->OrganizationURL;
    }

Referenced by __construct().

Here is the caller graph for this function:

processSPSSODescriptor()

SimpleSAML_Metadata_SAMLParser::processSPSSODescriptor ( \SAML2\XML\md\SPSSODescriptor  $element,   $expireTime  )

private

This function extracts metadata from a SPSSODescriptor element.

Parameters

\SAML2\XML\md\SPSSODescriptor	$element	The element which should be parsed.
int | NULL	$expireTime	The unix timestamp for when this element should expire, or NULL if unknown.

Definition at line 921 of file SAMLParser.php.

    {
        assert('is_null($expireTime) || is_int($expireTime)');
 
        $sp = self::parseSSODescriptor($element, $expireTime);
 
        // find all AssertionConsumerService elements
        $sp['AssertionConsumerService'] = self::extractEndpoints($element->AssertionConsumerService);
 
        // find all the attributes and SP name...
        $attcs = $element->AttributeConsumingService;
        if (count($attcs) > 0) {
            self::parseAttributeConsumerService($attcs[0], $sp);
        }
 
        // check AuthnRequestsSigned
        if ($element->AuthnRequestsSigned !== null) {
            $sp['AuthnRequestsSigned'] = $element->AuthnRequestsSigned;
        }
 
        // check WantAssertionsSigned
        if ($element->WantAssertionsSigned !== null) {
            $sp['WantAssertionsSigned'] = $element->WantAssertionsSigned;
        }
 
        $this->spDescriptors[] = $sp;
    }

References extractEndpoints(), parseAttributeConsumerService(), and parseSSODescriptor().

Referenced by __construct().

Here is the call graph for this function:

Here is the caller graph for this function:

validateFingerprint()

SimpleSAML_Metadata_SAMLParser::validateFingerprint

(

$fingerprint

)

This function checks if this EntityDescriptor was signed with a certificate with the given fingerprint.

Parameters

string

$fingerprint

Fingerprint of the certificate which should have been used to sign this EntityDescriptor.

Returns

boolean True if it was signed with the certificate with the given fingerprint, false otherwise.

Definition at line 1476 of file SAMLParser.php.

    {
        assert('is_string($fingerprint)');
 
        $fingerprint = strtolower(str_replace(":", "", $fingerprint));
 
        $candidates = array();
        foreach ($this->validators as $validator) {
            foreach ($validator->getValidatingCertificates() as $cert) {
 
                $fp = strtolower(sha1(base64_decode($cert)));
                $candidates[] = $fp;
                if ($fp === $fingerprint) {
                    return true;
                }
            }
        }
        SimpleSAML\Logger::debug('Fingerprint was ['.$fingerprint.'] not one of ['.join(', ', $candidates).']');
        return false;
    }

References SimpleSAML\Logger\debug().

Here is the call graph for this function:

validateSignature()

SimpleSAML_Metadata_SAMLParser::validateSignature

(

$certificates

)

If this EntityDescriptor was signed this function use the public key to check the signature.

Parameters

array

$certificates

One ore more certificates with the public key. This makes it possible to do a key rollover.

Returns

boolean True if it is possible to check the signature with the certificate, false otherwise.

Exceptions

Exception

If the certificate file cannot be found.

Definition at line 1438 of file SAMLParser.php.

    {
        foreach ($certificates as $cert) {
            assert('is_string($cert)');
            $certFile = \SimpleSAML\Utils\Config::getCertPath($cert);
            if (!file_exists($certFile)) {
                throw new Exception(
                    'Could not find certificate file ['.$certFile.'], which is needed to validate signature'
                );
            }
            $certData = file_get_contents($certFile);
 
            foreach ($this->validators as $validator) {
                $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
                $key->loadKey($certData);
                try {
                    if ($validator->validate($key)) {
                        return true;
                    }
                } catch (Exception $e) {
                    // this certificate did not sign this element, skip
                }
            }
        }
        SimpleSAML\Logger::debug('Could not validate signature');
        return false;
    }

References $certificates, $key, SimpleSAML\Logger\debug(), and SimpleSAML\Utils\Config\getCertPath().

Here is the call graph for this function:

Field Documentation

$attributeAuthorityDescriptors

SimpleSAML_Metadata_SAMLParser::$attributeAuthorityDescriptors = array()

private

Definition at line 76 of file SAMLParser.php.

Referenced by getAttributeAuthorities().

$contacts

SimpleSAML_Metadata_SAMLParser::$contacts = array()

private

Definition at line 113 of file SAMLParser.php.

Referenced by getMetadataCommon().

$entityAttributes

SimpleSAML_Metadata_SAMLParser::$entityAttributes

private

Definition at line 125 of file SAMLParser.php.

Referenced by addExtensions().

$entityDescriptor

SimpleSAML_Metadata_SAMLParser::$entityDescriptor

private

Definition at line 152 of file SAMLParser.php.

Referenced by getMetadataCommon().

$entityId

SimpleSAML_Metadata_SAMLParser::$entityId

private

Definition at line 44 of file SAMLParser.php.

Referenced by getEntityId(), getMetadataCommon(), and processAttributeAuthorityDescriptor().

$idpDescriptors

SimpleSAML_Metadata_SAMLParser::$idpDescriptors

private

Definition at line 68 of file SAMLParser.php.

$organizationDisplayName

SimpleSAML_Metadata_SAMLParser::$organizationDisplayName = array()

private

Definition at line 96 of file SAMLParser.php.

Referenced by getMetadataCommon().

$organizationName

SimpleSAML_Metadata_SAMLParser::$organizationName = array()

private

Definition at line 86 of file SAMLParser.php.

Referenced by getMetadataCommon().

$organizationURL

SimpleSAML_Metadata_SAMLParser::$organizationURL = array()

private

Definition at line 105 of file SAMLParser.php.

Referenced by getMetadataCommon().

$registrationInfo

SimpleSAML_Metadata_SAMLParser::$registrationInfo

private

Definition at line 131 of file SAMLParser.php.

Referenced by addExtensions().

$SAML1xProtocols

SimpleSAML_Metadata_SAMLParser::$SAML1xProtocols

staticprivate

Initial value:

= array(
        'urn:oasis:names:tc:SAML:1.0:protocol',
        'urn:oasis:names:tc:SAML:1.1:protocol',
    )

Definition at line 23 of file SAMLParser.php.

$SAML20Protocols

SimpleSAML_Metadata_SAMLParser::$SAML20Protocols

staticprivate

Initial value:

= array(
        'urn:oasis:names:tc:SAML:2.0:protocol',
    )

Definition at line 34 of file SAMLParser.php.

$scopes

SimpleSAML_Metadata_SAMLParser::$scopes

private

Definition at line 119 of file SAMLParser.php.

Referenced by addExtensions().

$spDescriptors

SimpleSAML_Metadata_SAMLParser::$spDescriptors

private

Definition at line 57 of file SAMLParser.php.

$tags

SimpleSAML_Metadata_SAMLParser::$tags

private

Definition at line 136 of file SAMLParser.php.

Referenced by addExtensions().

$validators

SimpleSAML_Metadata_SAMLParser::$validators = array()

private

Definition at line 144 of file SAMLParser.php.

Referenced by __construct().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Metadata/SAMLParser.php