ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Private Attributes
SimpleSAML\Bindings\Shib13\HTTPPost Class Reference
+ Collaboration diagram for SimpleSAML\Bindings\Shib13\HTTPPost:

Public Member Functions

 __construct (\SimpleSAML_Configuration $configuration, \SimpleSAML_Metadata_MetaDataStorageHandler $metadatastore)
 Constructor for the class. More...
 
 sendResponse ( $response, \SimpleSAML_Configuration $idpmd, \SimpleSAML_Configuration $spmd, $relayState, $shire)
 Send an authenticationResponse using HTTP-POST. More...
 
 decodeResponse ($post)
 Decode a received response. More...
 

Private Attributes

 $configuration = null
 
 $metadata = null
 

Detailed Description

Definition at line 20 of file HTTPPost.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML\Bindings\Shib13\HTTPPost::__construct ( \SimpleSAML_Configuration  $configuration,
\SimpleSAML_Metadata_MetaDataStorageHandler  $metadatastore 
)

Constructor for the class.

Parameters
\SimpleSAML_Configuration$configurationThe configuration to use.
\SimpleSAML_Metadata_MetaDataStorageHandler$metadatastoreA store where to find metadata.

Definition at line 40 of file HTTPPost.php.

References SimpleSAML\Bindings\Shib13\HTTPPost\$configuration.

43  {
44  $this->configuration = $configuration;
45  $this->metadata = $metadatastore;
46  }

Member Function Documentation

◆ decodeResponse()

SimpleSAML\Bindings\Shib13\HTTPPost::decodeResponse (   $post)

Decode a received response.

Parameters
array$postPOST data received.
Returns
The response decoded into an object.
Exceptions

Definition at line 131 of file HTTPPost.php.

References $post, SimpleSAML\Utils\XML\checkSAMLMessage(), and SimpleSAML\Utils\XML\debugSAMLMessage().

132  {
133  assert('is_array($post)');
134 
135  if (!array_key_exists('SAMLResponse', $post)) {
136  throw new \Exception('Missing required SAMLResponse parameter.');
137  }
138  $rawResponse = $post['SAMLResponse'];
139  $samlResponseXML = base64_decode($rawResponse);
140 
141  XML::debugSAMLMessage($samlResponseXML, 'in');
142 
143  XML::checkSAMLMessage($samlResponseXML, 'saml11');
144 
145  $samlResponse = new AuthnResponse();
146  $samlResponse->setXML($samlResponseXML);
147 
148  if (array_key_exists('TARGET', $post)) {
149  $samlResponse->setRelayState($post['TARGET']);
150  }
151 
152  return $samlResponse;
153  }
SimpleSAML\Utils\XML\checkSAMLMessage
static checkSAMLMessage($message, $type)
This function performs some sanity checks on XML documents, and optionally validates them against the...
Definition: XML.php:35
SimpleSAML\Utils\XML\debugSAMLMessage
static debugSAMLMessage($message, $type)
Helper function to log SAML messages that we send or receive.
Definition: XML.php:94
$post
$post
Definition: post.php:34
+ Here is the call graph for this function:

◆ sendResponse()

SimpleSAML\Bindings\Shib13\HTTPPost::sendResponse (   $response,
\SimpleSAML_Configuration  $idpmd,
\SimpleSAML_Configuration  $spmd,
  $relayState,
  $shire 
)

Send an authenticationResponse using HTTP-POST.

Parameters
string$responseThe response which should be sent.
\SimpleSAML_Configuration$idpmdThe metadata of the IdP which is sending the response.
\SimpleSAML_Configuration$spmdThe metadata of the SP which is receiving the response.
string | null$relayStateThe relaystate for the SP.
string$shireThe shire which should receive the response.

Definition at line 58 of file HTTPPost.php.

References $relayState, $response, array, SimpleSAML\Utils\XML\checkSAMLMessage(), SimpleSAML\Utils\XML\debugSAMLMessage(), SAML2\DOMDocumentFactory\fromString(), SimpleSAML_Configuration\getBoolean(), SimpleSAML_Configuration\getString(), SimpleSAML_Configuration\hasValue(), SimpleSAML\Utils\Crypto\loadPrivateKey(), SimpleSAML\Utils\Crypto\loadPublicKey(), and SimpleSAML\Utils\HTTP\submitPOSTData().

64  {
65  XML::checkSAMLMessage($response, 'saml11');
66 
67  $privatekey = Crypto::loadPrivateKey($idpmd, true);
68  $publickey = Crypto::loadPublicKey($idpmd, true);
69 
70  $responsedom = DOMDocumentFactory::fromString(str_replace("\r", "", $response));
71 
72  $responseroot = $responsedom->getElementsByTagName('Response')->item(0);
73  $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
74 
75  /* Determine what we should sign - either the Response element or the Assertion. The default is to sign the
76  * Assertion, but that can be overridden by the 'signresponse' option in the SP metadata or
77  * 'saml20.signresponse' in the global configuration.
78  *
79  * TODO: neither 'signresponse' nor 'shib13.signresponse' are valid options any longer. Remove!
80  */
81  if ($spmd->hasValue('signresponse')) {
82  $signResponse = $spmd->getBoolean('signresponse');
83  } else {
84  $signResponse = $this->configuration->getBoolean('shib13.signresponse', true);
85  }
86 
87  // check if we have an assertion to sign. Force to sign the response if not
88  if ($firstassertionroot === null) {
89  $signResponse = true;
90  }
91 
92  $signer = new Signer(array(
93  'privatekey_array' => $privatekey,
94  'publickey_array' => $publickey,
95  'id' => ($signResponse ? 'ResponseID' : 'AssertionID'),
96  ));
97 
98  if ($idpmd->hasValue('certificatechain')) {
99  $signer->addCertificate($idpmd->getString('certificatechain'));
100  }
101 
102  if ($signResponse) {
103  // sign the response - this must be done after encrypting the assertion
104  // we insert the signature before the saml2p:Status element
105  $statusElements = XML::getDOMChildren($responseroot, 'Status', '@saml1p');
106  assert('count($statusElements) === 1');
107  $signer->sign($responseroot, $responseroot, $statusElements[0]);
108  } else {
109  // Sign the assertion
110  $signer->sign($firstassertionroot, $firstassertionroot);
111  }
112 
113  $response = $responsedom->saveXML();
114 
115  XML::debugSAMLMessage($response, 'out');
116 
117  HTTP::submitPOSTData($shire, array(
118  'TARGET' => $relayState,
119  'SAMLResponse' => base64_encode($response),
120  ));
121  }
SimpleSAML\Utils\XML\checkSAMLMessage
static checkSAMLMessage($message, $type)
This function performs some sanity checks on XML documents, and optionally validates them against the...
Definition: XML.php:35
SimpleSAML\Utils\Crypto\loadPrivateKey
static loadPrivateKey(\SimpleSAML_Configuration $metadata, $required=false, $prefix='', $full_path=false)
Load a private key from metadata.
Definition: Crypto.php:195
SimpleSAML\Utils\XML\debugSAMLMessage
static debugSAMLMessage($message, $type)
Helper function to log SAML messages that we send or receive.
Definition: XML.php:94
$relayState
$relayState
Definition: logout-iframe-post.php:14
SimpleSAML\Utils\Crypto\loadPublicKey
static loadPublicKey(\SimpleSAML_Configuration $metadata, $required=false, $prefix='')
Get public key or certificate from metadata.
Definition: Crypto.php:265
SimpleSAML\Utils\HTTP\submitPOSTData
static submitPOSTData($destination, $data)
Submit a POST form to a specific destination.
Definition: HTTP.php:1205
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$spmd
$spmd
Definition: invalid_session.php:65
$response
$response
Definition: proxy_ylocal.php:39
$idpmd
$idpmd
Definition: invalid_session.php:55
+ Here is the call graph for this function:

Field Documentation

◆ $configuration

SimpleSAML\Bindings\Shib13\HTTPPost::$configuration = null
private

Definition at line 26 of file HTTPPost.php.

Referenced by SimpleSAML\Bindings\Shib13\HTTPPost\__construct().

◆ $metadata

SimpleSAML\Bindings\Shib13\HTTPPost::$metadata = null
private

Definition at line 31 of file HTTPPost.php.

The documentation for this class was generated from the following file: