sspmod_saml_IdP_SAML1 Class Reference

Collaboration diagram for sspmod_saml_IdP_SAML1:

Static Public Member Functions
static	sendResponse (array $state)
	Send a response to the SP. More...
static	receiveAuthnRequest (SimpleSAML_IdP $idp)
	Receive an authentication request. More...

Detailed Description

Definition at line 9 of file SAML1.php.

Member Function Documentation

receiveAuthnRequest()

static sspmod_saml_IdP_SAML1::receiveAuthnRequest ( SimpleSAML_IdP  $idp )

static

Receive an authentication request.

Parameters

SimpleSAML_IdP

$idp

The IdP we are receiving it for.

Definition at line 64 of file SAML1.php.

References $metadata, $spEntityId, $spMetadata, $state, $target, array, SimpleSAML\Utils\HTTP\checkSessionCookie(), SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler(), SimpleSAML_IdP\handleAuthenticationRequest(), SimpleSAML\Logger\info(), SimpleSAML_Stats\log(), SimpleSAML_Auth_State\RESTART, string, and time.

                                                                        {

                if (isset($_REQUEST['cookieTime'])) {
                        $cookieTime = (int)$_REQUEST['cookieTime'];
                        if ($cookieTime + 5 > time()) {
                                /*
                                 * Less than five seconds has passed since we were
                                 * here the last time. Cookies are probably disabled.
                                 */
                                \SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL());
                        }
                }

                if (!isset($_REQUEST['providerId'])) {
                        throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');
                }
                $spEntityId = (string)$_REQUEST['providerId'];

                if (!isset($_REQUEST['shire'])) {
                        throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');
                }
                $shire = (string)$_REQUEST['shire'];

                if (isset($_REQUEST['target'])) {
                        $target = $_REQUEST['target'];
                } else {
                        $target = NULL;
                }

                SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.');

                $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
                $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');

                $found = FALSE;
                foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
                        if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {
                                continue;
                        }
                        if ($ep['Location'] !== $shire) {
                                continue;
                        }
                        $found = TRUE;
                        break;
                }
                if (!$found) {
                        throw new Exception('Invalid AssertionConsumerService for SP ' .
                                var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));
                }

                SimpleSAML_Stats::log('saml:idp:AuthnRequest', array(
                        'spEntityID' => $spEntityId,
                        'protocol' => 'saml1',
                ));

                $sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(
            \SimpleSAML\Utils\HTTP::getSelfURL(),
                        array('cookieTime' => time()));

                $state = array(
                        'Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'),
                        'SPMetadata' => $spMetadata->toArray(),
                        SimpleSAML_Auth_State::RESTART => $sessionLostURL,
                        'saml:shire' => $shire,
                        'saml:target' => $target,
                        'saml:AuthnRequestReceivedAt' => microtime(TRUE),
                );

                $idp->handleAuthenticationRequest($state);
        }

Here is the call graph for this function:

sendResponse()

static sspmod_saml_IdP_SAML1::sendResponse ( array  $state )

static

Send a response to the SP.

Parameters

array

$state

The authentication state.

Definition at line 16 of file SAML1.php.

References $attributes, $config, $idp, $idpMetadata, $metadata, $spEntityId, $spMetadata, $target, array, SimpleSAML_IdP\getByState(), SimpleSAML_Configuration\getInstance(), SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler(), SimpleSAML\Logger\info(), SimpleSAML_Configuration\loadFromArray(), and SimpleSAML_Stats\log().

                                                          {
                assert('isset($state["Attributes"])');
                assert('isset($state["SPMetadata"])');
                assert('isset($state["saml:shire"])');
                assert('array_key_exists("saml:target", $state)'); // Can be NULL

                $spMetadata = $state["SPMetadata"];
                $spEntityId = $spMetadata['entityid'];
                $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata,
                        '$metadata[' . var_export($spEntityId, TRUE) . ']');

                SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE));

                $attributes = $state['Attributes'];
                $shire = $state['saml:shire'];
                $target = $state['saml:target'];

                $idp = SimpleSAML_IdP::getByState($state);

                $idpMetadata = $idp->getConfig();

                $config = SimpleSAML_Configuration::getInstance();
                $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();

                $statsData = array(
                        'spEntityID' => $spEntityId,
                        'idpEntityID' => $idpMetadata->getString('entityid'),
                        'protocol' => 'saml1',
                );
                if (isset($state['saml:AuthnRequestReceivedAt'])) {
                        $statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt'];
                }
                SimpleSAML_Stats::log('saml:idp:Response', $statsData);

                // Generate and send response.
                $ar = new \SimpleSAML\XML\Shib13\AuthnResponse();
                $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);

                $httppost = new HTTPPost($config, $metadata);
                $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire);
        }

Here is the call graph for this function:

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/IdP/SAML1.php