Inheritance diagram for SAML2\HTTPRedirect:

Collaboration diagram for SAML2\HTTPRedirect:

Public Member Functions
	getRedirectURL (Message $message)
	Create the redirect URL for a message. More...

	send (Message $message)
	Send a SAML 2 message using the HTTP-Redirect binding. More...

	receive ()
	Receive a SAML 2 message sent using the HTTP-Redirect binding. More...

Public Member Functions inherited from SAML2\Binding
	getDestination ()
	Retrieve the destination of a message. More...

	setDestination ($destination)
	Override the destination of a message. More...

	send (Message $message)
	Send a SAML 2 message. More...

	receive ()
	Receive a SAML 2 message. More...

Static Public Member Functions
static	validateSignature (array $data, XMLSecurityKey $key)
	Validate the signature on a HTTP-Redirect message. More...

Static Public Member Functions inherited from SAML2\Binding
static	getBinding ($urn)
	Retrieve a binding with the given URN. More...

static	getCurrentBinding ()
	Guess the current binding. More...

Data Fields
const	DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'

Static Private Member Functions
static	parseQuery ()
	Helper function to parse query data. More...

Additional Inherited Members
Protected Attributes inherited from SAML2\Binding
	$destination
	The destination of messages. More...

Detailed Description

Definition at line 12 of file HTTPRedirect.php.

Member Function Documentation

◆ getRedirectURL()

SAML2\HTTPRedirect::getRedirectURL ( Message $message )

Create the redirect URL for a message.

Parameters

\SAML2\Message $message The message.

Returns: string The URL the user should be redirected to in order to send a message.

Definition at line 22 of file HTTPRedirect.php.

References $destination, $key, $relayState, SAML2\Message\getDestination(), SAML2\Message\getRelayState(), SAML2\Message\getSignatureKey(), and SAML2\Message\toUnsignedXML().

     {
         if ($this->destination === null) {
             $destination = $message->getDestination();
         } else {
             $destination = $this->destination;
         }
 
         $relayState = $message->getRelayState();
 
         $key = $message->getSignatureKey();
 
         $msgStr = $message->toUnsignedXML();
         $msgStr = $msgStr->ownerDocument->saveXML($msgStr);
 
         Utils::getContainer()->debugMessage($msgStr, 'out');
 
         $msgStr = gzdeflate($msgStr);
         $msgStr = base64_encode($msgStr);
 
         /* Build the query string. */
 
         if ($message instanceof Request) {
             $msg = 'SAMLRequest=';
         } else {
             $msg = 'SAMLResponse=';
         }
         $msg .= urlencode($msgStr);
 
         if ($relayState !== null) {
             $msg .= '&RelayState=' . urlencode($relayState);
         }
 
         if ($key !== null) {
             /* Add the signature. */
             $msg .= '&SigAlg=' . urlencode($key->type);
 
             $signature = $key->signData($msg);
             $msg .= '&Signature=' . urlencode(base64_encode($signature));
         }
 
         if (strpos($destination, '?') === false) {
             $destination .= '?' . $msg;
         } else {
             $destination .= '&' . $msg;
         }
 
         return $destination;
     }

Here is the call graph for this function:

◆ parseQuery()

static SAML2\HTTPRedirect::parseQuery ( )

staticprivate

Helper function to parse query data.

This function returns the query string split into key=>value pairs. It also adds a new parameter, SignedQuery, which contains the data that is signed.

Returns: string The query data that is signed.

Definition at line 159 of file HTTPRedirect.php.

References $_SERVER, $data, $name, $relayState, and array.

     {
         /*
          * Parse the query string. We need to do this ourself, so that we get access
          * to the raw (urlencoded) values. This is required because different software
          * can urlencode to different values.
          */
         $data = array();
         $relayState = '';
         $sigAlg = '';
         $sigQuery = '';
         foreach (explode('&', $_SERVER['QUERY_STRING']) as $e) {
             $tmp = explode('=', $e, 2);
             $name = $tmp[0];
             if (count($tmp) === 2) {
                 $value = $tmp[1];
             } else {
                 /* No value for this parameter. */
                 $value = '';
             }
             $name = urldecode($name);
             $data[$name] = urldecode($value);
 
             switch ($name) {
                 case 'SAMLRequest':
                 case 'SAMLResponse':
                     $sigQuery = $name . '=' . $value;
                     break;
                 case 'RelayState':
                     $relayState = '&RelayState=' . $value;
                     break;
                 case 'SigAlg':
                     $sigAlg = '&SigAlg=' . $value;
                     break;
             }
         }
 
         $data['SignedQuery'] = $sigQuery . $relayState . $sigAlg;
 
         return $data;
     }

◆ receive()

SAML2\HTTPRedirect::receive ( )

Receive a SAML 2 message sent using the HTTP-Redirect binding.

Throws an exception if it is unable receive the message.

Returns: The received message.

Exceptions

Definition at line 97 of file HTTPRedirect.php.

References $data, $message, $xml, and array.

     {
         $data = self::parseQuery();
         if (array_key_exists('SAMLRequest', $data)) {
             $message = $data['SAMLRequest'];
         } elseif (array_key_exists('SAMLResponse', $data)) {
             $message = $data['SAMLResponse'];
         } else {
             throw new \Exception('Missing SAMLRequest or SAMLResponse parameter.');
         }
 
         if (isset($data['SAMLEncoding']) && $data['SAMLEncoding'] !== self::DEFLATE) {
             throw new \Exception('Unknown SAMLEncoding: ' . var_export($data['SAMLEncoding'], true));
         }
 
         $message = base64_decode($message);
         if ($message === false) {
             throw new \Exception('Error while base64 decoding SAML message.');
         }
 
         $message = gzinflate($message);
         if ($message === false) {
             throw new \Exception('Error while inflating SAML message.');
         }
 
         Utils::getContainer()->debugMessage($message, 'in');
         $document = DOMDocumentFactory::fromString($message);
         $xml      = $document->firstChild;
         $message  = Message::fromXML($xml);
 
         if (array_key_exists('RelayState', $data)) {
             $message->setRelayState($data['RelayState']);
         }
 
         if (!array_key_exists('Signature', $data)) {
             return $message;
         }
 
         if (!array_key_exists('SigAlg', $data)) {
             throw new \Exception('Missing signature algorithm.');
         }
 
         $signData = array(
             'Signature' => $data['Signature'],
             'SigAlg'    => $data['SigAlg'],
             'Query'     => $data['SignedQuery'],
         );
 
         $message->addValidator(array(get_class($this), 'validateSignature'), $signData);
 
         return $message;
     }

◆ send()

SAML2\HTTPRedirect::send ( Message $message )

Send a SAML 2 message using the HTTP-Redirect binding.

Note: This function never returns.

Parameters

\SAML2\Message $message The message we should send.

Definition at line 79 of file HTTPRedirect.php.

References $destination.

     {
         $destination = $this->getRedirectURL($message);
         Utils::getContainer()->getLogger()->debug('Redirect to ' . strlen($destination) . ' byte URL: ' . $destination);
         Utils::getContainer()->redirect($destination);
     }

◆ validateSignature()

static SAML2\HTTPRedirect::validateSignature	(	array	$data,
		XMLSecurityKey	$key
	)

static

Validate the signature on a HTTP-Redirect message.

Throws an exception if we are unable to validate the signature.

Parameters

array	$data	The data we need to validate the query string.
XMLSecurityKey	$key	The key we should validate the query against.

Exceptions

Definition at line 210 of file HTTPRedirect.php.

References $query, and RobRichards\XMLSecLibs\XMLSecurityKey\verifySignature().

     {
         assert(array_key_exists("Query", $data));
         assert(array_key_exists("SigAlg", $data));
         assert(array_key_exists("Signature", $data));
 
         $query = $data['Query'];
         $sigAlg = $data['SigAlg'];
         $signature = $data['Signature'];
 
         $signature = base64_decode($signature);
 
         if ($key->type !== XMLSecurityKey::RSA_SHA1) {
             throw new \Exception('Invalid key type for validating signature on query string.');
         }
         if ($key->type !== $sigAlg) {
             $key = Utils::castKey($key, $sigAlg);
         }
 
         if ($key->verifySignature($query, $signature) !== 1) {
             throw new \Exception('Unable to validate signature on query string.');
         }
     }

Here is the call graph for this function:

Field Documentation

◆ DEFLATE

const SAML2\HTTPRedirect::DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'

Definition at line 14 of file HTTPRedirect.php.

The documentation for this class was generated from the following file:

libs/composer/vendor/simplesamlphp/saml2/src/SAML2/HTTPRedirect.php

Public Member Functions

Static Public Member Functions

Data Fields

Static Private Member Functions

Additional Inherited Members

Detailed Description

Member Function Documentation

◆ getRedirectURL()

◆ parseQuery()

◆ receive()

◆ send()

◆ validateSignature()

Field Documentation

◆ DEFLATE