ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes
SimpleSAML_Metadata_SAMLParser Class Reference

This is class for parsing of SAML 1.x and SAML 2.0 metadata. More...

+ Collaboration diagram for SimpleSAML_Metadata_SAMLParser:

Public Member Functions

 getEntityId ()
 This function returns the entity id of this parsed entity. More...
 
 getMetadata1xSP ()
 This function returns the metadata for SAML 1.x SPs in the format SimpleSAMLphp expects. More...
 
 getMetadata1xIdP ()
 This function returns the metadata for SAML 1.x IdPs in the format SimpleSAMLphp expects. More...
 
 getMetadata20SP ()
 This function returns the metadata for SAML 2.0 SPs in the format SimpleSAMLphp expects. More...
 
 getMetadata20IdP ()
 This function returns the metadata for SAML 2.0 IdPs in the format SimpleSAMLphp expects. More...
 
 getAttributeAuthorities ()
 Retrieve AttributeAuthorities from the metadata. More...
 
 validateSignature ($certificates)
 If this EntityDescriptor was signed this function use the public key to check the signature. More...
 
 validateFingerprint ($fingerprint)
 This function checks if this EntityDescriptor was signed with a certificate with the given fingerprint. More...
 

Static Public Member Functions

static parseFile ($file)
 This function parses a file which contains XML encoded metadata. More...
 
static parseString ($metadata)
 This function parses a string which contains XML encoded metadata. More...
 
static parseDocument ($document)
 This function parses a DOMDocument which is assumed to contain a single EntityDescriptor element. More...
 
static parseElement ($entityElement)
 This function parses a object which represents a EntityDescriptor element. More...
 
static parseDescriptorsFile ($file)
 This function parses a file where the root node is either an EntityDescriptor element or an EntitiesDescriptor element. More...
 
static parseDescriptorsString ($string)
 This function parses a string with XML data. More...
 
static parseDescriptorsElement (DOMElement $element=null)
 This function parses a DOMElement which represents either an EntityDescriptor element or an EntitiesDescriptor element. More...
 

Private Member Functions

 __construct (\SAML2\XML\md\EntityDescriptor $entityElement, $maxExpireTime, array $validators=array(), array $parentExtensions=null)
 This is the constructor for the SAMLParser class. More...
 
 getMetadataCommon ()
 
 addExtensions (array &$metadata, array $roleDescriptor)
 Add data parsed from extensions to metadata. More...
 
 processSPSSODescriptor (\SAML2\XML\md\SPSSODescriptor $element, $expireTime)
 This function extracts metadata from a SPSSODescriptor element. More...
 
 processIDPSSODescriptor (\SAML2\XML\md\IDPSSODescriptor $element, $expireTime)
 This function extracts metadata from a IDPSSODescriptor element. More...
 
 processAttributeAuthorityDescriptor (\SAML2\XML\md\AttributeAuthorityDescriptor $element, $expireTime)
 This function extracts metadata from a AttributeAuthorityDescriptor element. More...
 
 processOrganization (\SAML2\XML\md\Organization $element)
 Parse and process a Organization element. More...
 
 processContactPerson (\SAML2\XML\md\ContactPerson $element)
 Parse and process a ContactPerson element. More...
 
 getSPDescriptors ($protocols)
 This function finds SP descriptors which supports one of the given protocols. More...
 
 getIdPDescriptors ($protocols)
 This function finds IdP descriptors which supports one of the given protocols. More...
 

Static Private Member Functions

static getExpireTime ($element, $maxExpireTime)
 Determine how long a given element can be cached. More...
 
static parseRoleDescriptorType (\SAML2\XML\md\RoleDescriptor $element, $expireTime)
 Parse a RoleDescriptorType element. More...
 
static parseSSODescriptor (\SAML2\XML\md\SSODescriptorType $element, $expireTime)
 This function extracts metadata from a SSODescriptor element. More...
 
static processExtensions ($element, $parentExtensions=array())
 Parse an Extensions element. More...
 
static parseAttributeConsumerService (\SAML2\XML\md\AttributeConsumingService $element, &$sp)
 This function parses AttributeConsumerService elements. More...
 
static parseGenericEndpoint (\SAML2\XML\md\EndpointType $element)
 This function is a generic endpoint element parser. More...
 
static extractEndpoints (array $endpoints)
 Extract generic endpoints. More...
 
static parseKeyDescriptor (\SAML2\XML\md\KeyDescriptor $kd)
 This function parses a KeyDescriptor element. More...
 
static findEntityDescriptor ($doc)
 This function locates the EntityDescriptor node in a DOMDocument. More...
 

Private Attributes

 $entityId
 
 $spDescriptors
 
 $idpDescriptors
 
 $attributeAuthorityDescriptors = array()
 
 $organizationName = array()
 
 $organizationDisplayName = array()
 
 $organizationURL = array()
 
 $contacts = array()
 
 $scopes
 
 $entityAttributes
 
 $registrationInfo
 
 $tags
 
 $validators = array()
 
 $entityDescriptor
 

Static Private Attributes

static $SAML1xProtocols
 
static $SAML20Protocols
 

Detailed Description

This is class for parsing of SAML 1.x and SAML 2.0 metadata.

Metadata is loaded by calling the static methods parseFile, parseString or parseElement. These functions returns an instance of SimpleSAML_Metadata_SAMLParser. To get metadata from this object, use the methods getMetadata1xSP or getMetadata20SP.

To parse a file which can contain a collection of EntityDescriptor or EntitiesDescriptor elements, use the parseDescriptorsFile, parseDescriptorsString or parseDescriptorsElement methods. These functions will return an array of SAMLParser elements where each element represents an EntityDescriptor-element.

Definition at line 15 of file SAMLParser.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Metadata_SAMLParser::__construct ( \SAML2\XML\md\EntityDescriptor  $entityElement,
  $maxExpireTime,
array  $validators = array(),
array  $parentExtensions = null 
)
private

This is the constructor for the SAMLParser class.

Parameters
\SAML2\XML\md\EntityDescriptor$entityElementThe EntityDescriptor.
int | NULL$maxExpireTimeThe unix timestamp for when this entity should expire, or NULL if unknown.
array$validatorsAn array of parent elements that may validate this element.
array$parentExtensionsAn optional array of extensions from the parent element.

Definition at line 164 of file SAMLParser.php.

References $validators, array, processAttributeAuthorityDescriptor(), processContactPerson(), processIDPSSODescriptor(), processOrganization(), and processSPSSODescriptor().

169  {
170  assert('is_null($maxExpireTime) || is_int($maxExpireTime)');
171 
172  $this->spDescriptors = array();
173  $this->idpDescriptors = array();
174 
175  $e = $entityElement->toXML();
176  $e = $e->ownerDocument->saveXML($e);
177  $this->entityDescriptor = base64_encode($e);
178  $this->entityId = $entityElement->entityID;
179 
180  $expireTime = self::getExpireTime($entityElement, $maxExpireTime);
181 
182  $this->validators = $validators;
183  $this->validators[] = $entityElement;
184 
185  // process Extensions element, if it exists
186  $ext = self::processExtensions($entityElement, $parentExtensions);
187  $this->scopes = $ext['scope'];
188  $this->tags = $ext['tags'];
189  $this->entityAttributes = $ext['EntityAttributes'];
190  $this->registrationInfo = $ext['RegistrationInfo'];
191 
192  // look over the RoleDescriptors
193  foreach ($entityElement->RoleDescriptor as $child) {
194 
195  if ($child instanceof \SAML2\XML\md\SPSSODescriptor) {
196  $this->processSPSSODescriptor($child, $expireTime);
197  } elseif ($child instanceof \SAML2\XML\md\IDPSSODescriptor) {
198  $this->processIDPSSODescriptor($child, $expireTime);
199  } elseif ($child instanceof \SAML2\XML\md\AttributeAuthorityDescriptor) {
200  $this->processAttributeAuthorityDescriptor($child, $expireTime);
201  }
202  }
203 
204  if ($entityElement->Organization) {
205  $this->processOrganization($entityElement->Organization);
206  }
207 
208  if (!empty($entityElement->ContactPerson)) {
209  foreach ($entityElement->ContactPerson as $contact) {
210  $this->processContactPerson($contact);
211  }
212  }
213  }
SimpleSAML_Metadata_SAMLParser\processAttributeAuthorityDescriptor
processAttributeAuthorityDescriptor(\SAML2\XML\md\AttributeAuthorityDescriptor $element, $expireTime)
This function extracts metadata from a AttributeAuthorityDescriptor element.
Definition: SAMLParser.php:983
SimpleSAML_Metadata_SAMLParser\processContactPerson
processContactPerson(\SAML2\XML\md\ContactPerson $element)
Parse and process a ContactPerson element.
Definition: SAMLParser.php:1171
SimpleSAML_Metadata_SAMLParser\processOrganization
processOrganization(\SAML2\XML\md\Organization $element)
Parse and process a Organization element.
Definition: SAMLParser.php:1157
SimpleSAML_Metadata_SAMLParser\processIDPSSODescriptor
processIDPSSODescriptor(\SAML2\XML\md\IDPSSODescriptor $element, $expireTime)
This function extracts metadata from a IDPSSODescriptor element.
Definition: SAMLParser.php:957
SimpleSAML_Metadata_SAMLParser\$validators
$validators
Definition: SAMLParser.php:144
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SimpleSAML_Metadata_SAMLParser\processSPSSODescriptor
processSPSSODescriptor(\SAML2\XML\md\SPSSODescriptor $element, $expireTime)
This function extracts metadata from a SPSSODescriptor element.
Definition: SAMLParser.php:921
+ Here is the call graph for this function:

Member Function Documentation

◆ addExtensions()

SimpleSAML_Metadata_SAMLParser::addExtensions ( array $metadata,
array  $roleDescriptor 
)
private

Add data parsed from extensions to metadata.

Parameters
array&$metadataThe metadata that should be updated.
array$roleDescriptorThe parsed role descriptor.

Definition at line 487 of file SAMLParser.php.

References $entityAttributes, $registrationInfo, $scopes, and $tags.

Referenced by getMetadata1xIdP(), getMetadata1xSP(), getMetadata20IdP(), and getMetadata20SP().

488  {
489  assert('array_key_exists("scope", $roleDescriptor)');
490  assert('array_key_exists("tags", $roleDescriptor)');
491 
492  $scopes = array_merge($this->scopes, array_diff($roleDescriptor['scope'], $this->scopes));
493  if (!empty($scopes)) {
494  $metadata['scope'] = $scopes;
495  }
496 
497  $tags = array_merge($this->tags, array_diff($roleDescriptor['tags'], $this->tags));
498  if (!empty($tags)) {
499  $metadata['tags'] = $tags;
500  }
501 
502 
503  if (!empty($this->registrationInfo)) {
504  $metadata['RegistrationInfo'] = $this->registrationInfo;
505  }
506 
507  if (!empty($this->entityAttributes)) {
508  $metadata['EntityAttributes'] = $this->entityAttributes;
509 
510  // check for entity categories
511  if (SimpleSAML\Utils\Config\Metadata::isHiddenFromDiscovery($metadata)) {
512  $metadata['hide.from.discovery'] = true;
513  }
514  }
515 
516  if (!empty($roleDescriptor['UIInfo'])) {
517  $metadata['UIInfo'] = $roleDescriptor['UIInfo'];
518  }
519 
520  if (!empty($roleDescriptor['DiscoHints'])) {
521  $metadata['DiscoHints'] = $roleDescriptor['DiscoHints'];
522  }
523  }
SimpleSAML_Metadata_SAMLParser\$registrationInfo
$registrationInfo
Definition: SAMLParser.php:131
SimpleSAML_Metadata_SAMLParser\$tags
$tags
Definition: SAMLParser.php:136
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
SimpleSAML
Attribute-related utility methods.
SimpleSAML_Metadata_SAMLParser\$scopes
$scopes
Definition: SAMLParser.php:119
SimpleSAML_Metadata_SAMLParser\$entityAttributes
$entityAttributes
Definition: SAMLParser.php:125
+ Here is the caller graph for this function:

◆ extractEndpoints()

static SimpleSAML_Metadata_SAMLParser::extractEndpoints ( array  $endpoints)
staticprivate

Extract generic endpoints.

Parameters
array$endpointsThe endpoints we should parse.
Returns
array Array of parsed endpoints.

Definition at line 1293 of file SAMLParser.php.

References $ret, and array.

1294  {
1295  $ret = array();
1296  foreach ($endpoints as $ep) {
1297  $ret[] = self::parseGenericEndpoint($ep);
1298  }
1299 
1300  return $ret;
1301  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ret
$ret
Definition: parser.php:6

◆ findEntityDescriptor()

static SimpleSAML_Metadata_SAMLParser::findEntityDescriptor (   $doc)
staticprivate

This function locates the EntityDescriptor node in a DOMDocument.

This node should be the first (and only) node in the document.

This function will throw an exception if it is unable to locate the node.

Parameters
DOMDocument$docThe DOMDocument where we should find the EntityDescriptor node.
Returns
The DOMEntity which represents the EntityDescriptor.
Exceptions
ExceptionIf the document is empty or the first element is not an EntityDescriptor element.

Definition at line 1410 of file SAMLParser.php.

1411  {
1412  assert('$doc instanceof DOMDocument');
1413 
1414  // find the EntityDescriptor DOMElement. This should be the first (and only) child of the DOMDocument
1415  $ed = $doc->documentElement;
1416 
1417  if ($ed === null) {
1418  throw new Exception('Failed to load SAML metadata from empty XML document.');
1419  }
1420 
1421  if (SimpleSAML\Utils\XML::isDOMNodeOfType($ed, 'EntityDescriptor', '@md') === false) {
1422  throw new Exception('Expected first element in the metadata document to be an EntityDescriptor element.');
1423  }
1424 
1425  return new \SAML2\XML\md\EntityDescriptor($ed);
1426  }
SimpleSAML
Attribute-related utility methods.

◆ getAttributeAuthorities()

SimpleSAML_Metadata_SAMLParser::getAttributeAuthorities ( )

Retrieve AttributeAuthorities from the metadata.

Returns
array Array of AttributeAuthorityDescriptor entries.

Definition at line 823 of file SAMLParser.php.

References $attributeAuthorityDescriptors.

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

824  {
825  return $this->attributeAuthorityDescriptors;
826  }
SimpleSAML_Metadata_SAMLParser\$attributeAuthorityDescriptors
$attributeAuthorityDescriptors
Definition: SAMLParser.php:76
+ Here is the caller graph for this function:

◆ getEntityId()

SimpleSAML_Metadata_SAMLParser::getEntityId ( )

This function returns the entity id of this parsed entity.

Returns
string The entity id of this parsed entity.

Definition at line 448 of file SAMLParser.php.

References $entityId.

449  {
450  return $this->entityId;
451  }
SimpleSAML_Metadata_SAMLParser\$entityId
$entityId
Definition: SAMLParser.php:44

◆ getExpireTime()

static SimpleSAML_Metadata_SAMLParser::getExpireTime (   $element,
  $maxExpireTime 
)
staticprivate

Determine how long a given element can be cached.

This function looks for the 'validUntil' attribute to determine how long a given XML-element is valid. It returns this as a unix timestamp.

Parameters
mixed$elementThe element we should determine the expiry time of.
int | NULL$maxExpireTimeThe maximum expiration time.
Returns
int The unix timestamp for when the element should expire. Will be NULL if no limit is set for the element.

Definition at line 430 of file SAMLParser.php.

References $expire.

431  {
432  // validUntil may be null
433  $expire = $element->validUntil;
434 
435  if ($maxExpireTime !== null && ($expire === null || $maxExpireTime < $expire)) {
436  $expire = $maxExpireTime;
437  }
438 
439  return $expire;
440  }
$expire
$expire
Definition: saml2-acs.php:140

◆ getIdPDescriptors()

SimpleSAML_Metadata_SAMLParser::getIdPDescriptors (   $protocols)
private

This function finds IdP descriptors which supports one of the given protocols.

Parameters
$protocolsArray with the protocols we accept.
Returns
Array with IdP descriptors which supports one of the given protocols.

Definition at line 1382 of file SAMLParser.php.

References $ret, and array.

Referenced by getMetadata1xIdP(), and getMetadata20IdP().

1383  {
1384  assert('is_array($protocols)');
1385 
1386  $ret = array();
1387 
1388  foreach ($this->idpDescriptors as $idpd) {
1389  $sharedProtocols = array_intersect($protocols, $idpd['protocols']);
1390  if (count($sharedProtocols) > 0) {
1391  $ret[] = $idpd;
1392  }
1393  }
1394 
1395  return $ret;
1396  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ret
$ret
Definition: parser.php:6
+ Here is the caller graph for this function:

◆ getMetadata1xIdP()

SimpleSAML_Metadata_SAMLParser::getMetadata1xIdP ( )

This function returns the metadata for SAML 1.x IdPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

  • 'entityid': The entity id of the entity described in the metadata.
  • 'name': Auto generated name for this entity. Currently set to the entity id.
  • 'SingleSignOnService': String with the URL of the SSO service which supports the redirect binding.
  • 'SingleLogoutService': String with the URL where we should send logout requests/responses.
  • 'certData': X509Certificate for entity (if present).
  • 'certFingerprint': Fingerprint of the X509Certificate from the metadata. (deprecated)

Metadata must be loaded with one of the parse functions before this function can be called.

Returns
array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 1.x IdP.

Definition at line 612 of file SAMLParser.php.

References $idp, $ret, addExtensions(), getIdPDescriptors(), and getMetadataCommon().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

613  {
614  $ret = $this->getMetadataCommon();
615  $ret['metadata-set'] = 'shib13-idp-remote';
616 
617  // find IdP information which supports the SAML 1.x protocol
618  $idp = $this->getIdPDescriptors(self::$SAML1xProtocols);
619  if (count($idp) === 0) {
620  return null;
621  }
622 
623  // we currently only look at the first IDP descriptor which supports SAML 1.x
624  $idp = $idp[0];
625 
626  // fdd expire time to metadata
627  if (array_key_exists('expire', $idp)) {
628  $ret['expire'] = $idp['expire'];
629  }
630 
631  // find the SSO service endpoints
632  $ret['SingleSignOnService'] = $idp['SingleSignOnService'];
633 
634  // find the ArtifactResolutionService endpoint
635  $ret['ArtifactResolutionService'] = $idp['ArtifactResolutionService'];
636 
637  // add public keys
638  if (!empty($idp['keys'])) {
639  $ret['keys'] = $idp['keys'];
640  }
641 
642  // add extensions
643  $this->addExtensions($ret, $idp);
644 
645  // prioritize mdui:DisplayName as the name if available
646  if (!empty($ret['UIInfo']['DisplayName'])) {
647  $ret['name'] = $ret['UIInfo']['DisplayName'];
648  }
649 
650  return $ret;
651  }
SimpleSAML_Metadata_SAMLParser\getIdPDescriptors
getIdPDescriptors($protocols)
This function finds IdP descriptors which supports one of the given protocols.
Definition: SAMLParser.php:1382
SimpleSAML_Metadata_SAMLParser\getMetadataCommon
getMetadataCommon()
Definition: SAMLParser.php:454
SimpleSAML_Metadata_SAMLParser\addExtensions
addExtensions(array &$metadata, array $roleDescriptor)
Add data parsed from extensions to metadata.
Definition: SAMLParser.php:487
$idp
$idp
Definition: prp.php:13
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadata1xSP()

SimpleSAML_Metadata_SAMLParser::getMetadata1xSP ( )

This function returns the metadata for SAML 1.x SPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

  • 'entityid': The entity id of the entity described in the metadata.
  • 'AssertionConsumerService': String with the URL of the assertion consumer service which supports the browser-post binding.
  • 'certData': X509Certificate for entity (if present).

Metadata must be loaded with one of the parse functions before this function can be called.

Returns
array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 1.x SP.

Definition at line 538 of file SAMLParser.php.

References $ret, addExtensions(), getMetadataCommon(), and getSPDescriptors().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

539  {
540  $ret = $this->getMetadataCommon();
541  $ret['metadata-set'] = 'shib13-sp-remote';
542 
543 
544  // find SP information which supports one of the SAML 1.x protocols
545  $spd = $this->getSPDescriptors(self::$SAML1xProtocols);
546  if (count($spd) === 0) {
547  return null;
548  }
549 
550  // we currently only look at the first SPDescriptor which supports SAML 1.x
551  $spd = $spd[0];
552 
553  // add expire time to metadata
554  if (array_key_exists('expire', $spd)) {
555  $ret['expire'] = $spd['expire'];
556  }
557 
558  // find the assertion consumer service endpoints
559  $ret['AssertionConsumerService'] = $spd['AssertionConsumerService'];
560 
561  // add the list of attributes the SP should receive
562  if (array_key_exists('attributes', $spd)) {
563  $ret['attributes'] = $spd['attributes'];
564  }
565  if (array_key_exists('attributes.required', $spd)) {
566  $ret['attributes.required'] = $spd['attributes.required'];
567  }
568  if (array_key_exists('attributes.NameFormat', $spd)) {
569  $ret['attributes.NameFormat'] = $spd['attributes.NameFormat'];
570  }
571 
572  // add name & description
573  if (array_key_exists('name', $spd)) {
574  $ret['name'] = $spd['name'];
575  }
576  if (array_key_exists('description', $spd)) {
577  $ret['description'] = $spd['description'];
578  }
579 
580  // add public keys
581  if (!empty($spd['keys'])) {
582  $ret['keys'] = $spd['keys'];
583  }
584 
585  // add extensions
586  $this->addExtensions($ret, $spd);
587 
588  // prioritize mdui:DisplayName as the name if available
589  if (!empty($ret['UIInfo']['DisplayName'])) {
590  $ret['name'] = $ret['UIInfo']['DisplayName'];
591  }
592 
593  return $ret;
594  }
SimpleSAML_Metadata_SAMLParser\getMetadataCommon
getMetadataCommon()
Definition: SAMLParser.php:454
SimpleSAML_Metadata_SAMLParser\getSPDescriptors
getSPDescriptors($protocols)
This function finds SP descriptors which supports one of the given protocols.
Definition: SAMLParser.php:1358
SimpleSAML_Metadata_SAMLParser\addExtensions
addExtensions(array &$metadata, array $roleDescriptor)
Add data parsed from extensions to metadata.
Definition: SAMLParser.php:487
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadata20IdP()

SimpleSAML_Metadata_SAMLParser::getMetadata20IdP ( )

This function returns the metadata for SAML 2.0 IdPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

  • 'entityid': The entity id of the entity described in the metadata.
  • 'name': Auto generated name for this entity. Currently set to the entity id.
  • 'SingleSignOnService': String with the URL of the SSO service which supports the redirect binding.
  • 'SingleLogoutService': String with the URL where we should send logout requests(/responses).
  • 'SingleLogoutServiceResponse': String where we should send logout responses (if this is different from the 'SingleLogoutService' endpoint.
  • 'NameIDFormats': The name ID formats this IdP supports.
  • 'certData': X509Certificate for entity (if present).
  • 'certFingerprint': Fingerprint of the X509Certificate from the metadata. (deprecated)

Metadata must be loaded with one of the parse functions before this function can be called.

Returns
array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 2.0 IdP.

Definition at line 765 of file SAMLParser.php.

References $idp, $ret, addExtensions(), getIdPDescriptors(), and getMetadataCommon().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

766  {
767  $ret = $this->getMetadataCommon();
768  $ret['metadata-set'] = 'saml20-idp-remote';
769 
770  // find IdP information which supports the SAML 2.0 protocol
771  $idp = $this->getIdPDescriptors(self::$SAML20Protocols);
772  if (count($idp) === 0) {
773  return null;
774  }
775 
776  // we currently only look at the first IDP descriptor which supports SAML 2.0
777  $idp = $idp[0];
778 
779  // add expire time to metadata
780  if (array_key_exists('expire', $idp)) {
781  $ret['expire'] = $idp['expire'];
782  }
783 
784  // enable redirect.sign if WantAuthnRequestsSigned is enabled
785  if ($idp['WantAuthnRequestsSigned']) {
786  $ret['sign.authnrequest'] = true;
787  }
788 
789  // find the SSO service endpoint
790  $ret['SingleSignOnService'] = $idp['SingleSignOnService'];
791 
792  // find the single logout service endpoint
793  $ret['SingleLogoutService'] = $idp['SingleLogoutService'];
794 
795  // find the ArtifactResolutionService endpoint
796  $ret['ArtifactResolutionService'] = $idp['ArtifactResolutionService'];
797 
798  // add supported nameIDFormats
799  $ret['NameIDFormats'] = $idp['nameIDFormats'];
800 
801  // add public keys
802  if (!empty($idp['keys'])) {
803  $ret['keys'] = $idp['keys'];
804  }
805 
806  // add extensions
807  $this->addExtensions($ret, $idp);
808 
809  // prioritize mdui:DisplayName as the name if available
810  if (!empty($ret['UIInfo']['DisplayName'])) {
811  $ret['name'] = $ret['UIInfo']['DisplayName'];
812  }
813 
814  return $ret;
815  }
SimpleSAML_Metadata_SAMLParser\getIdPDescriptors
getIdPDescriptors($protocols)
This function finds IdP descriptors which supports one of the given protocols.
Definition: SAMLParser.php:1382
SimpleSAML_Metadata_SAMLParser\getMetadataCommon
getMetadataCommon()
Definition: SAMLParser.php:454
SimpleSAML_Metadata_SAMLParser\addExtensions
addExtensions(array &$metadata, array $roleDescriptor)
Add data parsed from extensions to metadata.
Definition: SAMLParser.php:487
$idp
$idp
Definition: prp.php:13
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadata20SP()

SimpleSAML_Metadata_SAMLParser::getMetadata20SP ( )

This function returns the metadata for SAML 2.0 SPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

  • 'entityid': The entity id of the entity described in the metadata.
  • 'AssertionConsumerService': String with the URL of the assertion consumer service which supports the browser-post binding.
  • 'SingleLogoutService': String with the URL where we should send logout requests/responses.
  • 'NameIDFormat': The name ID format this SP expects. This may be unset.
  • 'certData': X509Certificate for entity (if present).

Metadata must be loaded with one of the parse functions before this function can be called.

Returns
array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 2.x SP.

Definition at line 668 of file SAMLParser.php.

References $ret, addExtensions(), getMetadataCommon(), and getSPDescriptors().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

669  {
670  $ret = $this->getMetadataCommon();
671  $ret['metadata-set'] = 'saml20-sp-remote';
672 
673  // find SP information which supports the SAML 2.0 protocol
674  $spd = $this->getSPDescriptors(self::$SAML20Protocols);
675  if (count($spd) === 0) {
676  return null;
677  }
678 
679  // we currently only look at the first SPDescriptor which supports SAML 2.0
680  $spd = $spd[0];
681 
682  // add expire time to metadata
683  if (array_key_exists('expire', $spd)) {
684  $ret['expire'] = $spd['expire'];
685  }
686 
687  // find the assertion consumer service endpoints
688  $ret['AssertionConsumerService'] = $spd['AssertionConsumerService'];
689 
690 
691  // find the single logout service endpoint
692  $ret['SingleLogoutService'] = $spd['SingleLogoutService'];
693 
694 
695  // find the NameIDFormat. This may not exist
696  if (count($spd['nameIDFormats']) > 0) {
697  // SimpleSAMLphp currently only supports a single NameIDFormat pr. SP. We use the first one
698  $ret['NameIDFormat'] = $spd['nameIDFormats'][0];
699  }
700 
701  // add the list of attributes the SP should receive
702  if (array_key_exists('attributes', $spd)) {
703  $ret['attributes'] = $spd['attributes'];
704  }
705  if (array_key_exists('attributes.required', $spd)) {
706  $ret['attributes.required'] = $spd['attributes.required'];
707  }
708  if (array_key_exists('attributes.NameFormat', $spd)) {
709  $ret['attributes.NameFormat'] = $spd['attributes.NameFormat'];
710  }
711 
712  // add name & description
713  if (array_key_exists('name', $spd)) {
714  $ret['name'] = $spd['name'];
715  }
716  if (array_key_exists('description', $spd)) {
717  $ret['description'] = $spd['description'];
718  }
719 
720  // add public keys
721  if (!empty($spd['keys'])) {
722  $ret['keys'] = $spd['keys'];
723  }
724 
725  // add validate.authnrequest
726  if (array_key_exists('AuthnRequestsSigned', $spd)) {
727  $ret['validate.authnrequest'] = $spd['AuthnRequestsSigned'];
728  }
729 
730  // add saml20.sign.assertion
731  if (array_key_exists('WantAssertionsSigned', $spd)) {
732  $ret['saml20.sign.assertion'] = $spd['WantAssertionsSigned'];
733  }
734 
735  // add extensions
736  $this->addExtensions($ret, $spd);
737 
738  // prioritize mdui:DisplayName as the name if available
739  if (!empty($ret['UIInfo']['DisplayName'])) {
740  $ret['name'] = $ret['UIInfo']['DisplayName'];
741  }
742 
743  return $ret;
744  }
SimpleSAML_Metadata_SAMLParser\getMetadataCommon
getMetadataCommon()
Definition: SAMLParser.php:454
SimpleSAML_Metadata_SAMLParser\getSPDescriptors
getSPDescriptors($protocols)
This function finds SP descriptors which supports one of the given protocols.
Definition: SAMLParser.php:1358
SimpleSAML_Metadata_SAMLParser\addExtensions
addExtensions(array &$metadata, array $roleDescriptor)
Add data parsed from extensions to metadata.
Definition: SAMLParser.php:487
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadataCommon()

SimpleSAML_Metadata_SAMLParser::getMetadataCommon ( )
private

Definition at line 454 of file SAMLParser.php.

References $contacts, $entityDescriptor, $entityId, $organizationDisplayName, $organizationName, $organizationURL, $ret, and array.

Referenced by getMetadata1xIdP(), getMetadata1xSP(), getMetadata20IdP(), and getMetadata20SP().

455  {
456  $ret = array();
457  $ret['entityid'] = $this->entityId;
458  $ret['entityDescriptor'] = $this->entityDescriptor;
459 
460  // add organizational metadata
461  if (!empty($this->organizationName)) {
462  $ret['description'] = $this->organizationName;
463  $ret['OrganizationName'] = $this->organizationName;
464  }
465  if (!empty($this->organizationDisplayName)) {
466  $ret['name'] = $this->organizationDisplayName;
467  $ret['OrganizationDisplayName'] = $this->organizationDisplayName;
468  }
469  if (!empty($this->organizationURL)) {
470  $ret['url'] = $this->organizationURL;
471  $ret['OrganizationURL'] = $this->organizationURL;
472  }
473 
474  //add contact metadata
475  $ret['contacts'] = $this->contacts;
476 
477  return $ret;
478  }
SimpleSAML_Metadata_SAMLParser\$contacts
$contacts
Definition: SAMLParser.php:113
SimpleSAML_Metadata_SAMLParser\$entityId
$entityId
Definition: SAMLParser.php:44
SimpleSAML_Metadata_SAMLParser\$organizationURL
$organizationURL
Definition: SAMLParser.php:105
SimpleSAML_Metadata_SAMLParser\$entityDescriptor
$entityDescriptor
Definition: SAMLParser.php:152
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ret
$ret
Definition: parser.php:6
SimpleSAML_Metadata_SAMLParser\$organizationName
$organizationName
Definition: SAMLParser.php:86
SimpleSAML_Metadata_SAMLParser\$organizationDisplayName
$organizationDisplayName
Definition: SAMLParser.php:96
+ Here is the caller graph for this function:

◆ getSPDescriptors()

SimpleSAML_Metadata_SAMLParser::getSPDescriptors (   $protocols)
private

This function finds SP descriptors which supports one of the given protocols.

Parameters
$protocolsArray with the protocols we accept.
Returns
Array with SP descriptors which supports one of the given protocols.

Definition at line 1358 of file SAMLParser.php.

References $ret, and array.

Referenced by getMetadata1xSP(), and getMetadata20SP().

1359  {
1360  assert('is_array($protocols)');
1361 
1362  $ret = array();
1363 
1364  foreach ($this->spDescriptors as $spd) {
1365  $sharedProtocols = array_intersect($protocols, $spd['protocols']);
1366  if (count($sharedProtocols) > 0) {
1367  $ret[] = $spd;
1368  }
1369  }
1370 
1371  return $ret;
1372  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ret
$ret
Definition: parser.php:6
+ Here is the caller graph for this function:

◆ parseAttributeConsumerService()

static SimpleSAML_Metadata_SAMLParser::parseAttributeConsumerService ( \SAML2\XML\md\AttributeConsumingService  $element,
$sp 
)
staticprivate

This function parses AttributeConsumerService elements.

Parameters
\SAML2\XML\md\AttributeConsumingService$elementThe AttributeConsumingService to parse.
array$spThe array with the SP's metadata.

Definition at line 1204 of file SAMLParser.php.

References $format, array, and SAML2\Constants\NAMEFORMAT_UNSPECIFIED.

1205  {
1206  assert('is_array($sp)');
1207 
1208  $sp['name'] = $element->ServiceName;
1209  $sp['description'] = $element->ServiceDescription;
1210 
1211  $format = null;
1212  $sp['attributes'] = array();
1213  $sp['attributes.required'] = array();
1214  foreach ($element->RequestedAttribute as $child) {
1215  $attrname = $child->Name;
1216  $sp['attributes'][] = $attrname;
1217 
1218  if ($child->isRequired !== null && $child->isRequired === true) {
1219  $sp['attributes.required'][] = $attrname;
1220  }
1221 
1222  if ($child->NameFormat !== null) {
1223  $attrformat = $child->NameFormat;
1224  } else {
1225  $attrformat = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
1226  }
1227 
1228  if ($format === null) {
1229  $format = $attrformat;
1230  } elseif ($format !== $attrformat) {
1231  $format = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
1232  }
1233  }
1234 
1235  if (empty($sp['attributes'])) {
1236  // a really invalid configuration: all AttributeConsumingServices should have one or more attributes
1237  unset($sp['attributes']);
1238  }
1239  if (empty($sp['attributes.required'])) {
1240  unset($sp['attributes.required']);
1241  }
1242 
1243  if ($format !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED && $format !== null) {
1244  $sp['attributes.NameFormat'] = $format;
1245  }
1246  }
$format
$format
Definition: metadata.php:141
SAML2\Constants\NAMEFORMAT_UNSPECIFIED
const NAMEFORMAT_UNSPECIFIED
The interpretation of the attribute name is left to individual implementations.
Definition: Constants.php:141
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ parseDescriptorsElement()

static SimpleSAML_Metadata_SAMLParser::parseDescriptorsElement ( DOMElement  $element = null)
static

This function parses a DOMElement which represents either an EntityDescriptor element or an EntitiesDescriptor element.

It will return an associative array of SAMLParser instances in both cases.

Parameters
DOMElement | NULL$elementThe DOMElement which contains the EntityDescriptor element or the EntitiesDescriptor element.
Returns
SimpleSAML_Metadata_SAMLParser[] An associative array of SAMLParser instances. The key of the array will be the entity id.
Exceptions
Exceptionif the document is empty or the root is an unexpected node.

Definition at line 359 of file SAMLParser.php.

References $ret, $validators, and array.

Referenced by sspmod_metarefresh_MetaLoader\loadXML().

360  {
361  if ($element === null) {
362  throw new Exception('Document was empty.');
363  }
364 
365  if (SimpleSAML\Utils\XML::isDOMNodeOfType($element, 'EntityDescriptor', '@md') === true) {
366  return self::processDescriptorsElement(new \SAML2\XML\md\EntityDescriptor($element));
367  } elseif (SimpleSAML\Utils\XML::isDOMNodeOfType($element, 'EntitiesDescriptor', '@md') === true) {
368  return self::processDescriptorsElement(new \SAML2\XML\md\EntitiesDescriptor($element));
369  } else {
370  throw new Exception('Unexpected root node: ['.$element->namespaceURI.']:'.$element->localName);
371  }
372  }
SimpleSAML
Attribute-related utility methods.
+ Here is the caller graph for this function:

◆ parseDescriptorsFile()

static SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile (   $file)
static

This function parses a file where the root node is either an EntityDescriptor element or an EntitiesDescriptor element.

In both cases it will return an associative array of SAMLParser instances. If the file contains a single EntityDescriptorElement, then the array will contain a single SAMLParser instance.

Parameters
string$fileThe path to the file which contains the EntityDescriptor or EntitiesDescriptor element.
Returns
SimpleSAML_Metadata_SAMLParser[] An array of SAMLParser instances.
Exceptions
ExceptionIf the file does not parse as XML.

Definition at line 302 of file SAMLParser.php.

References $data, $file, SimpleSAML\Utils\HTTP\fetch(), and SAML2\DOMDocumentFactory\fromString().

Referenced by SimpleSAML_Metadata_MetaDataStorageHandlerXML\__construct().

303  {
304 
305  if ($file === null) {
306  throw new Exception('Cannot open file NULL. File name not specified.');
307  }
308 
309  $data = \SimpleSAML\Utils\HTTP::fetch($file);
310 
311  try {
312  $doc = \SAML2\DOMDocumentFactory::fromString($data);
313  } catch(\Exception $e) {
314  throw new Exception('Failed to read XML from file: '.$file);
315  }
316 
317  if ($doc->documentElement === null) {
318  throw new Exception('Opened file is not an XML document: '.$file);
319  }
320 
321  return self::parseDescriptorsElement($doc->documentElement);
322  }
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:409
$file
if(!file_exists("$old.txt")) if($old===$new) if(file_exists("$new.txt")) $file
Definition: rename-config.php:43
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseDescriptorsString()

static SimpleSAML_Metadata_SAMLParser::parseDescriptorsString (   $string)
static

This function parses a string with XML data.

The root node of the XML data is expected to be either an EntityDescriptor element or an EntitiesDescriptor element. It will return an associative array of SAMLParser instances.

Parameters
string$stringThe string with XML data.
Returns
SimpleSAML_Metadata_SAMLParser[] An associative array of SAMLParser instances. The key of the array will be the entity id.
Exceptions
ExceptionIf the string does not parse as XML.

Definition at line 336 of file SAMLParser.php.

References SAML2\DOMDocumentFactory\fromString().

337  {
338  try {
339  $doc = \SAML2\DOMDocumentFactory::fromString($string);
340  } catch(\Exception $e) {
341  throw new Exception('Failed to parse XML string.');
342  }
343 
344  return self::parseDescriptorsElement($doc->documentElement);
345  }
+ Here is the call graph for this function:

◆ parseDocument()

static SimpleSAML_Metadata_SAMLParser::parseDocument (   $document)
static

This function parses a DOMDocument which is assumed to contain a single EntityDescriptor element.

Parameters
DOMDocument$documentThe DOMDocument which contains the EntityDescriptor element.
Returns
SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.

Definition at line 265 of file SAMLParser.php.

266  {
267  assert('$document instanceof DOMDocument');
268 
269  $entityElement = self::findEntityDescriptor($document);
270 
271  return self::parseElement($entityElement);
272  }

◆ parseElement()

static SimpleSAML_Metadata_SAMLParser::parseElement (   $entityElement)
static

This function parses a object which represents a EntityDescriptor element.

Parameters
\SAML2\XML\md\EntityDescriptor$entityElementA object which represents a EntityDescriptor element.
Returns
SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.

Definition at line 283 of file SAMLParser.php.

284  {
285  assert('$entityElement instanceof \SAML2\XML\md\EntityDescriptor');
286 
287  return new SimpleSAML_Metadata_SAMLParser($entityElement, null);
288  }
SimpleSAML_Metadata_SAMLParser
This is class for parsing of SAML 1.x and SAML 2.0 metadata.
Definition: SAMLParser.php:15

◆ parseFile()

static SimpleSAML_Metadata_SAMLParser::parseFile (   $file)
static

This function parses a file which contains XML encoded metadata.

Parameters
string$fileThe path to the file which contains the metadata.
Returns
SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.
Exceptions
ExceptionIf the file does not parse as XML.

Definition at line 224 of file SAMLParser.php.

References $data, $file, SimpleSAML\Utils\HTTP\fetch(), and SAML2\DOMDocumentFactory\fromString().

225  {
226  $data = \SimpleSAML\Utils\HTTP::fetch($file);
227 
228  try {
229  $doc = \SAML2\DOMDocumentFactory::fromString($data);
230  } catch(\Exception $e) {
231  throw new Exception('Failed to read XML from file: '.$file);
232  }
233 
234  return self::parseDocument($doc);
235  }
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:409
$file
if(!file_exists("$old.txt")) if($old===$new) if(file_exists("$new.txt")) $file
Definition: rename-config.php:43
+ Here is the call graph for this function:

◆ parseGenericEndpoint()

static SimpleSAML_Metadata_SAMLParser::parseGenericEndpoint ( \SAML2\XML\md\EndpointType  $element)
staticprivate

This function is a generic endpoint element parser.

The returned associative array has the following elements:

  • 'Binding': The binding this endpoint uses.
  • 'Location': The URL to this endpoint.
  • 'ResponseLocation': The URL where responses should be sent. This may not exist.
  • 'index': The index of this endpoint. This attribute is only for indexed endpoints.
  • 'isDefault': Whether this endpoint is the default endpoint for this type. This attribute may not exist.
Parameters
\SAML2\XML\md\EndpointType$elementThe element which should be parsed.
Returns
array An associative array with the data we have extracted from the element.

Definition at line 1263 of file SAMLParser.php.

References array.

1264  {
1265  $ep = array();
1266 
1267  $ep['Binding'] = $element->Binding;
1268  $ep['Location'] = $element->Location;
1269 
1270  if ($element->ResponseLocation !== null) {
1271  $ep['ResponseLocation'] = $element->ResponseLocation;
1272  }
1273 
1274  if ($element instanceof \SAML2\XML\md\IndexedEndpointType) {
1275  $ep['index'] = $element->index;
1276 
1277  if ($element->isDefault !== null) {
1278  $ep['isDefault'] = $element->isDefault;
1279  }
1280  }
1281 
1282  return $ep;
1283  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ parseKeyDescriptor()

static SimpleSAML_Metadata_SAMLParser::parseKeyDescriptor ( \SAML2\XML\md\KeyDescriptor  $kd)
staticprivate

This function parses a KeyDescriptor element.

It currently only supports keys with a single X509 certificate.

The associative array for a key can contain:

  • 'encryption': Indicates whether this key can be used for encryption.
  • 'signing': Indicates whether this key can be used for signing.
  • 'type: The type of the key. 'X509Certificate' is the only key type we support.
  • 'X509Certificate': The contents of the first X509Certificate element (if the type is 'X509Certificate ').
Parameters
\SAML2\XML\md\KeyDescriptor$kdThe KeyDescriptor element.
Returns
array|null An associative array describing the key, or null if this is an unsupported key.

Definition at line 1318 of file SAMLParser.php.

References $d, $i, $r, and array.

1319  {
1320  $r = array();
1321 
1322  if ($kd->use === 'encryption') {
1323  $r['encryption'] = true;
1324  $r['signing'] = false;
1325  } elseif ($kd->use === 'signing') {
1326  $r['encryption'] = false;
1327  $r['signing'] = true;
1328  } else {
1329  $r['encryption'] = true;
1330  $r['signing'] = true;
1331  }
1332 
1333  $keyInfo = $kd->KeyInfo;
1334 
1335  foreach ($keyInfo->info as $i) {
1336  if ($i instanceof \SAML2\XML\ds\X509Data) {
1337  foreach ($i->data as $d) {
1338  if ($d instanceof \SAML2\XML\ds\X509Certificate) {
1339  $r['type'] = 'X509Certificate';
1340  $r['X509Certificate'] = $d->certificate;
1341  return $r;
1342  }
1343  }
1344  }
1345  }
1346 
1347  return null;
1348  }
$r
$r
Definition: example_031.php:79
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$i
$i
Definition: disco.tpl.php:19
$d
for($i=6; $i< 13; $i++) for($i=1; $i< 13; $i++) $d
Definition: date.php:296

◆ parseRoleDescriptorType()

static SimpleSAML_Metadata_SAMLParser::parseRoleDescriptorType ( \SAML2\XML\md\RoleDescriptor  $element,
  $expireTime 
)
staticprivate

Parse a RoleDescriptorType element.

The returned associative array has the following elements:

  • 'protocols': Array with the protocols supported.
  • 'expire': Timestamp for when this descriptor expires.
  • 'keys': Array of associative arrays with the elements from parseKeyDescriptor.
Parameters
\SAML2\XML\md\RoleDescriptor$elementThe element we should extract metadata from.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.
Returns
array An associative array with metadata we have extracted from this element.

Definition at line 843 of file SAMLParser.php.

References $key, $ret, and array.

844  {
845  assert('is_null($expireTime) || is_int($expireTime)');
846 
847  $ret = array();
848 
849  $expireTime = self::getExpireTime($element, $expireTime);
850 
851  if ($expireTime !== null) {
852  // we got an expired timestamp, either from this element or one of the parent elements
853  $ret['expire'] = $expireTime;
854  }
855 
856  $ret['protocols'] = $element->protocolSupportEnumeration;
857 
858  // process KeyDescriptor elements
859  $ret['keys'] = array();
860  foreach ($element->KeyDescriptor as $kd) {
861  $key = self::parseKeyDescriptor($kd);
862  if ($key !== null) {
863  $ret['keys'][] = $key;
864  }
865  }
866 
867  $ext = self::processExtensions($element);
868  $ret['scope'] = $ext['scope'];
869  $ret['tags'] = $ext['tags'];
870  $ret['EntityAttributes'] = $ext['EntityAttributes'];
871  $ret['UIInfo'] = $ext['UIInfo'];
872  $ret['DiscoHints'] = $ext['DiscoHints'];
873 
874  return $ret;
875  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ret
$ret
Definition: parser.php:6
$key
$key
Definition: croninfo.php:18

◆ parseSSODescriptor()

static SimpleSAML_Metadata_SAMLParser::parseSSODescriptor ( \SAML2\XML\md\SSODescriptorType  $element,
  $expireTime 
)
staticprivate

This function extracts metadata from a SSODescriptor element.

The returned associative array has the following elements:

  • 'protocols': Array with the protocols this SSODescriptor supports.
  • 'SingleLogoutService': Array with the single logout service endpoints. Each endpoint is stored as an associative array with the elements that parseGenericEndpoint returns.
  • 'nameIDFormats': The NameIDFormats supported by this SSODescriptor. This may be an empty array.
  • 'keys': Array of associative arrays with the elements from parseKeyDescriptor:
Parameters
\SAML2\XML\md\SSODescriptorType$elementThe element we should extract metadata from.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.
Returns
array An associative array with metadata we have extracted from this element.

Definition at line 894 of file SAMLParser.php.

895  {
896  assert('is_null($expireTime) || is_int($expireTime)');
897 
898  $sd = self::parseRoleDescriptorType($element, $expireTime);
899 
900  // find all SingleLogoutService elements
901  $sd['SingleLogoutService'] = self::extractEndpoints($element->SingleLogoutService);
902 
903  // find all ArtifactResolutionService elements
904  $sd['ArtifactResolutionService'] = self::extractEndpoints($element->ArtifactResolutionService);
905 
906 
907  // process NameIDFormat elements
908  $sd['nameIDFormats'] = $element->NameIDFormat;
909 
910  return $sd;
911  }

◆ parseString()

static SimpleSAML_Metadata_SAMLParser::parseString (   $metadata)
static

This function parses a string which contains XML encoded metadata.

Parameters
string$metadataA string which contains XML encoded metadata.
Returns
SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.
Exceptions
ExceptionIf the string does not parse as XML.

Definition at line 246 of file SAMLParser.php.

References $metadata, and SAML2\DOMDocumentFactory\fromString().

247  {
248  try {
249  $doc = \SAML2\DOMDocumentFactory::fromString($metadata);
250  } catch(\Exception $e) {
251  throw new Exception('Failed to parse XML string.');
252  }
253 
254  return self::parseDocument($doc);
255  }
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
+ Here is the call graph for this function:

◆ processAttributeAuthorityDescriptor()

SimpleSAML_Metadata_SAMLParser::processAttributeAuthorityDescriptor ( \SAML2\XML\md\AttributeAuthorityDescriptor  $element,
  $expireTime 
)
private

This function extracts metadata from a AttributeAuthorityDescriptor element.

Parameters
\SAML2\XML\md\AttributeAuthorityDescriptor$elementThe element which should be parsed.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.

Definition at line 983 of file SAMLParser.php.

References $entityId.

Referenced by __construct().

986  {
987  assert('is_null($expireTime) || is_int($expireTime)');
988 
989  $aad = self::parseRoleDescriptorType($element, $expireTime);
990  $aad['entityid'] = $this->entityId;
991  $aad['metadata-set'] = 'attributeauthority-remote';
992 
993  $aad['AttributeService'] = self::extractEndpoints($element->AttributeService);
994  $aad['AssertionIDRequestService'] = self::extractEndpoints($element->AssertionIDRequestService);
995  $aad['NameIDFormat'] = $element->NameIDFormat;
996 
997  $this->attributeAuthorityDescriptors[] = $aad;
998  }
SimpleSAML_Metadata_SAMLParser\$entityId
$entityId
Definition: SAMLParser.php:44
+ Here is the caller graph for this function:

◆ processContactPerson()

SimpleSAML_Metadata_SAMLParser::processContactPerson ( \SAML2\XML\md\ContactPerson  $element)
private

Parse and process a ContactPerson element.

Parameters
\SAML2\XML\md\ContactPerson$elementThe ContactPerson element.

Definition at line 1171 of file SAMLParser.php.

References array.

Referenced by __construct().

1172  {
1173  $contactPerson = array();
1174  if (!empty($element->contactType)) {
1175  $contactPerson['contactType'] = $element->contactType;
1176  }
1177  if (!empty($element->Company)) {
1178  $contactPerson['company'] = $element->Company;
1179  }
1180  if (!empty($element->GivenName)) {
1181  $contactPerson['givenName'] = $element->GivenName;
1182  }
1183  if (!empty($element->SurName)) {
1184  $contactPerson['surName'] = $element->SurName;
1185  }
1186  if (!empty($element->EmailAddress)) {
1187  $contactPerson['emailAddress'] = $element->EmailAddress;
1188  }
1189  if (!empty($element->TelephoneNumber)) {
1190  $contactPerson['telephoneNumber'] = $element->TelephoneNumber;
1191  }
1192  if (!empty($contactPerson)) {
1193  $this->contacts[] = $contactPerson;
1194  }
1195  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the caller graph for this function:

◆ processExtensions()

static SimpleSAML_Metadata_SAMLParser::processExtensions (   $element,
  $parentExtensions = array() 
)
staticprivate

Parse an Extensions element.

Extensions may appear in multiple elements and certain extension may get inherited from a parent element.

Parameters
mixed$elementThe element which contains the Extensions element.
array$parentExtensionsAn optional array of extensions from the parent element.
Returns
array An associative array with the extensions parsed.

Definition at line 1010 of file SAMLParser.php.

References $name, $ret, array, and SimpleSAML\Logger\warning().

1011  {
1012  $ret = array(
1013  'scope' => array(),
1014  'tags' => array(),
1015  'EntityAttributes' => array(),
1016  'RegistrationInfo' => array(),
1017  'UIInfo' => array(),
1018  'DiscoHints' => array(),
1019  );
1020 
1021  // Some extensions may get inherited from a parent element
1022  if (($element instanceof \SAML2\XML\md\EntityDescriptor || $element instanceof \SAML2\XML\md\EntitiesDescriptor)
1023  && !empty($parentExtensions['RegistrationInfo'])) {
1024  $ret['RegistrationInfo'] = $parentExtensions['RegistrationInfo'];
1025  }
1026 
1027  foreach ($element->Extensions as $e) {
1028 
1029  if ($e instanceof \SAML2\XML\shibmd\Scope) {
1030  $ret['scope'][] = $e->scope;
1031  continue;
1032  }
1033 
1034  // Entity Attributes are only allowed at entity level extensions and not at RoleDescriptor level
1035  if ($element instanceof \SAML2\XML\md\EntityDescriptor ||
1036  $element instanceof \SAML2\XML\md\EntitiesDescriptor) {
1037 
1038 
1039  if ($e instanceof \SAML2\XML\mdrpi\RegistrationInfo) {
1040  // Registration Authority cannot be overridden (warn only if override attempts to change the value)
1041  if (isset($ret['RegistrationInfo']['registrationAuthority'])
1042  && $ret['RegistrationInfo']['registrationAuthority'] !== $e->registrationAuthority) {
1043  SimpleSAML\Logger::warning('Invalid attempt to override registrationAuthority \''
1044  . $ret['RegistrationInfo']['registrationAuthority'] . "' with '{$e->registrationAuthority}'");
1045  } else {
1046  $ret['RegistrationInfo']['registrationAuthority'] = $e->registrationAuthority;
1047  }
1048  }
1049  if ($e instanceof \SAML2\XML\mdattr\EntityAttributes && !empty($e->children)) {
1050  foreach ($e->children as $attr) {
1051  // only saml:Attribute are currently supported here. The specifications also allows
1052  // saml:Assertions, which more complex processing
1053  if ($attr instanceof \SAML2\XML\saml\Attribute) {
1054  if (empty($attr->Name) || empty($attr->AttributeValue)) {
1055  continue;
1056  }
1057 
1058  // attribute names that is not URI is prefixed as this: '{nameformat}name'
1059  $name = $attr->Name;
1060  if (empty($attr->NameFormat)) {
1061  $name = '{'.\SAML2\Constants::NAMEFORMAT_UNSPECIFIED.'}'.$attr->Name;
1062  } elseif ($attr->NameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri') {
1063  $name = '{'.$attr->NameFormat.'}'.$attr->Name;
1064  }
1065 
1066  $values = array();
1067  foreach ($attr->AttributeValue as $attrvalue) {
1068  $values[] = $attrvalue->getString();
1069  }
1070 
1071  $ret['EntityAttributes'][$name] = $values;
1072  }
1073  }
1074  }
1075  }
1076 
1077  // UIInfo elements are only allowed at RoleDescriptor level extensions
1078  if ($element instanceof \SAML2\XML\md\RoleDescriptor) {
1079  if ($e instanceof \SAML2\XML\mdui\UIInfo) {
1080 
1081  $ret['UIInfo']['DisplayName'] = $e->DisplayName;
1082  $ret['UIInfo']['Description'] = $e->Description;
1083  $ret['UIInfo']['InformationURL'] = $e->InformationURL;
1084  $ret['UIInfo']['PrivacyStatementURL'] = $e->PrivacyStatementURL;
1085 
1086  foreach ($e->Keywords as $uiItem) {
1087  if (!($uiItem instanceof \SAML2\XML\mdui\Keywords)
1088  || empty($uiItem->Keywords)
1089  || empty($uiItem->lang)
1090  ) {
1091  continue;
1092  }
1093  $ret['UIInfo']['Keywords'][$uiItem->lang] = $uiItem->Keywords;
1094  }
1095  foreach ($e->Logo as $uiItem) {
1096  if (!($uiItem instanceof \SAML2\XML\mdui\Logo)
1097  || empty($uiItem->url)
1098  || empty($uiItem->height)
1099  || empty($uiItem->width)
1100  ) {
1101  continue;
1102  }
1103  $logo = array(
1104  'url' => $uiItem->url,
1105  'height' => $uiItem->height,
1106  'width' => $uiItem->width,
1107  );
1108  if (!empty($uiItem->lang)) {
1109  $logo['lang'] = $uiItem->lang;
1110  }
1111  $ret['UIInfo']['Logo'][] = $logo;
1112  }
1113  }
1114  }
1115 
1116  // DiscoHints elements are only allowed at IDPSSODescriptor level extensions
1117  if ($element instanceof \SAML2\XML\md\IDPSSODescriptor) {
1118 
1119  if ($e instanceof \SAML2\XML\mdui\DiscoHints) {
1120  $ret['DiscoHints']['IPHint'] = $e->IPHint;
1121  $ret['DiscoHints']['DomainHint'] = $e->DomainHint;
1122  $ret['DiscoHints']['GeolocationHint'] = $e->GeolocationHint;
1123  }
1124  }
1125 
1126  if (!($e instanceof \SAML2\XML\Chunk)) {
1127  continue;
1128  }
1129 
1130  if ($e->localName === 'Attribute' && $e->namespaceURI === \SAML2\Constants::NS_SAML) {
1131  $attribute = $e->getXML();
1132 
1133  $name = $attribute->getAttribute('Name');
1134  $values = array_map(
1135  array('SimpleSAML\Utils\XML', 'getDOMText'),
1136  SimpleSAML\Utils\XML::getDOMChildren($attribute, 'AttributeValue', '@saml2')
1137  );
1138 
1139  if ($name === 'tags') {
1140  foreach ($values as $tagname) {
1141  if (!empty($tagname)) {
1142  $ret['tags'][] = $tagname;
1143  }
1144  }
1145  }
1146  }
1147  }
1148  return $ret;
1149  }
SimpleSAML
Attribute-related utility methods.
$name
if($format !==null) $name
Definition: metadata.php:146
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:

◆ processIDPSSODescriptor()

SimpleSAML_Metadata_SAMLParser::processIDPSSODescriptor ( \SAML2\XML\md\IDPSSODescriptor  $element,
  $expireTime 
)
private

This function extracts metadata from a IDPSSODescriptor element.

Parameters
\SAML2\XML\md\IDPSSODescriptor$elementThe element which should be parsed.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.

Definition at line 957 of file SAMLParser.php.

References $idp.

Referenced by __construct().

958  {
959  assert('is_null($expireTime) || is_int($expireTime)');
960 
961  $idp = self::parseSSODescriptor($element, $expireTime);
962 
963  // find all SingleSignOnService elements
964  $idp['SingleSignOnService'] = self::extractEndpoints($element->SingleSignOnService);
965 
966  if ($element->WantAuthnRequestsSigned) {
967  $idp['WantAuthnRequestsSigned'] = true;
968  } else {
969  $idp['WantAuthnRequestsSigned'] = false;
970  }
971 
972  $this->idpDescriptors[] = $idp;
973  }
$idp
$idp
Definition: prp.php:13
+ Here is the caller graph for this function:

◆ processOrganization()

SimpleSAML_Metadata_SAMLParser::processOrganization ( \SAML2\XML\md\Organization  $element)
private

Parse and process a Organization element.

Parameters
\SAML2\XML\md\Organization$elementThe Organization element.

Definition at line 1157 of file SAMLParser.php.

Referenced by __construct().

1158  {
1159  $this->organizationName = $element->OrganizationName;
1160  $this->organizationDisplayName = $element->OrganizationDisplayName;
1161  $this->organizationURL = $element->OrganizationURL;
1162  }
+ Here is the caller graph for this function:

◆ processSPSSODescriptor()

SimpleSAML_Metadata_SAMLParser::processSPSSODescriptor ( \SAML2\XML\md\SPSSODescriptor  $element,
  $expireTime 
)
private

This function extracts metadata from a SPSSODescriptor element.

Parameters
\SAML2\XML\md\SPSSODescriptor$elementThe element which should be parsed.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.

Definition at line 921 of file SAMLParser.php.

Referenced by __construct().

922  {
923  assert('is_null($expireTime) || is_int($expireTime)');
924 
925  $sp = self::parseSSODescriptor($element, $expireTime);
926 
927  // find all AssertionConsumerService elements
928  $sp['AssertionConsumerService'] = self::extractEndpoints($element->AssertionConsumerService);
929 
930  // find all the attributes and SP name...
931  $attcs = $element->AttributeConsumingService;
932  if (count($attcs) > 0) {
933  self::parseAttributeConsumerService($attcs[0], $sp);
934  }
935 
936  // check AuthnRequestsSigned
937  if ($element->AuthnRequestsSigned !== null) {
938  $sp['AuthnRequestsSigned'] = $element->AuthnRequestsSigned;
939  }
940 
941  // check WantAssertionsSigned
942  if ($element->WantAssertionsSigned !== null) {
943  $sp['WantAssertionsSigned'] = $element->WantAssertionsSigned;
944  }
945 
946  $this->spDescriptors[] = $sp;
947  }
+ Here is the caller graph for this function:

◆ validateFingerprint()

SimpleSAML_Metadata_SAMLParser::validateFingerprint (   $fingerprint)

This function checks if this EntityDescriptor was signed with a certificate with the given fingerprint.

Parameters
string$fingerprintFingerprint of the certificate which should have been used to sign this EntityDescriptor.
Returns
boolean True if it was signed with the certificate with the given fingerprint, false otherwise.

Definition at line 1476 of file SAMLParser.php.

References array, and SimpleSAML\Logger\debug().

1477  {
1478  assert('is_string($fingerprint)');
1479 
1480  $fingerprint = strtolower(str_replace(":", "", $fingerprint));
1481 
1482  $candidates = array();
1483  foreach ($this->validators as $validator) {
1484  foreach ($validator->getValidatingCertificates() as $cert) {
1485 
1486  $fp = strtolower(sha1(base64_decode($cert)));
1487  $candidates[] = $fp;
1488  if ($fp === $fingerprint) {
1489  return true;
1490  }
1491  }
1492  }
1493  SimpleSAML\Logger::debug('Fingerprint was ['.$fingerprint.'] not one of ['.join(', ', $candidates).']');
1494  return false;
1495  }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the call graph for this function:

◆ validateSignature()

SimpleSAML_Metadata_SAMLParser::validateSignature (   $certificates)

If this EntityDescriptor was signed this function use the public key to check the signature.

Parameters
array$certificatesOne ore more certificates with the public key. This makes it possible to do a key rollover.
Returns
boolean True if it is possible to check the signature with the certificate, false otherwise.
Exceptions
ExceptionIf the certificate file cannot be found.

Definition at line 1438 of file SAMLParser.php.

References $certificates, $key, array, SimpleSAML\Logger\debug(), and SimpleSAML\Utils\Config\getCertPath().

1439  {
1440  foreach ($certificates as $cert) {
1441  assert('is_string($cert)');
1442  $certFile = \SimpleSAML\Utils\Config::getCertPath($cert);
1443  if (!file_exists($certFile)) {
1444  throw new Exception(
1445  'Could not find certificate file ['.$certFile.'], which is needed to validate signature'
1446  );
1447  }
1448  $certData = file_get_contents($certFile);
1449 
1450  foreach ($this->validators as $validator) {
1451  $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
1452  $key->loadKey($certData);
1453  try {
1454  if ($validator->validate($key)) {
1455  return true;
1456  }
1457  } catch (Exception $e) {
1458  // this certificate did not sign this element, skip
1459  }
1460  }
1461  }
1462  SimpleSAML\Logger::debug('Could not validate signature');
1463  return false;
1464  }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
$certificates
$certificates
Definition: metarefresh.php:39
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SimpleSAML\Utils\Config\getCertPath
static getCertPath($path)
Resolves a path that may be relative to the cert-directory.
Definition: Config.php:22
$key
$key
Definition: croninfo.php:18
+ Here is the call graph for this function:

Field Documentation

◆ $attributeAuthorityDescriptors

SimpleSAML_Metadata_SAMLParser::$attributeAuthorityDescriptors = array()
private

Definition at line 76 of file SAMLParser.php.

Referenced by getAttributeAuthorities().

◆ $contacts

SimpleSAML_Metadata_SAMLParser::$contacts = array()
private

Definition at line 113 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $entityAttributes

SimpleSAML_Metadata_SAMLParser::$entityAttributes
private

Definition at line 125 of file SAMLParser.php.

Referenced by addExtensions().

◆ $entityDescriptor

SimpleSAML_Metadata_SAMLParser::$entityDescriptor
private

Definition at line 152 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $entityId

SimpleSAML_Metadata_SAMLParser::$entityId
private

Definition at line 44 of file SAMLParser.php.

Referenced by getEntityId(), getMetadataCommon(), and processAttributeAuthorityDescriptor().

◆ $idpDescriptors

SimpleSAML_Metadata_SAMLParser::$idpDescriptors
private

Definition at line 68 of file SAMLParser.php.

◆ $organizationDisplayName

SimpleSAML_Metadata_SAMLParser::$organizationDisplayName = array()
private

Definition at line 96 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $organizationName

SimpleSAML_Metadata_SAMLParser::$organizationName = array()
private

Definition at line 86 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $organizationURL

SimpleSAML_Metadata_SAMLParser::$organizationURL = array()
private

Definition at line 105 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $registrationInfo

SimpleSAML_Metadata_SAMLParser::$registrationInfo
private

Definition at line 131 of file SAMLParser.php.

Referenced by addExtensions().

◆ $SAML1xProtocols

SimpleSAML_Metadata_SAMLParser::$SAML1xProtocols
staticprivate
Initial value:
= array(
'urn:oasis:names:tc:SAML:1.0:protocol',
'urn:oasis:names:tc:SAML:1.1:protocol',
)

Definition at line 23 of file SAMLParser.php.

◆ $SAML20Protocols

SimpleSAML_Metadata_SAMLParser::$SAML20Protocols
staticprivate
Initial value:
= array(
'urn:oasis:names:tc:SAML:2.0:protocol',
)

Definition at line 34 of file SAMLParser.php.

◆ $scopes

SimpleSAML_Metadata_SAMLParser::$scopes
private

Definition at line 119 of file SAMLParser.php.

Referenced by addExtensions().

◆ $spDescriptors

SimpleSAML_Metadata_SAMLParser::$spDescriptors
private

Definition at line 57 of file SAMLParser.php.

◆ $tags

SimpleSAML_Metadata_SAMLParser::$tags
private

Definition at line 136 of file SAMLParser.php.

Referenced by addExtensions().

◆ $validators

SimpleSAML_Metadata_SAMLParser::$validators = array()
private

Definition at line 144 of file SAMLParser.php.

Referenced by __construct(), and parseDescriptorsElement().

The documentation for this class was generated from the following file: