ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Private Attributes
SimpleSAML\Bindings\Shib13\HTTPPost Class Reference
+ Collaboration diagram for SimpleSAML\Bindings\Shib13\HTTPPost:

Public Member Functions

 __construct (\SimpleSAML_Configuration $configuration, \SimpleSAML_Metadata_MetaDataStorageHandler $metadatastore)
 Constructor for the \SimpleSAML\Bindings\Shib13\HTTPPost class. More...
 
 sendResponse ( $response, \SimpleSAML_Configuration $idpmd, \SimpleSAML_Configuration $spmd, $relayState, $shire)
 Send an authenticationResponse using HTTP-POST. More...
 
 decodeResponse ($post)
 Decode a received response. More...
 

Private Attributes

 $configuration = null
 
 $metadata = null
 

Detailed Description

Definition at line 20 of file HTTPPost.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML\Bindings\Shib13\HTTPPost::__construct ( \SimpleSAML_Configuration  $configuration,
\SimpleSAML_Metadata_MetaDataStorageHandler  $metadatastore 
)

Constructor for the \SimpleSAML\Bindings\Shib13\HTTPPost class.

Parameters
\SimpleSAML_Configuration$configurationThe configuration to use.
\SimpleSAML_Metadata_MetaDataStorageHandler$metadatastoreA store where to find metadata.

Definition at line 40 of file HTTPPost.php.

43 {
44 $this->configuration = $configuration;
45 $this->metadata = $metadatastore;
46 }

References SimpleSAML\Bindings\Shib13\HTTPPost\$configuration.

Member Function Documentation

◆ decodeResponse()

SimpleSAML\Bindings\Shib13\HTTPPost::decodeResponse (   $post)

Decode a received response.

Parameters
array$postPOST data received.
Returns
\SimpleSAML\XML\Shib13\AuthnResponse The response decoded into an object.
Exceptions

Exception If there is no SAMLResponse parameter.

Definition at line 131 of file HTTPPost.php.

132 {
133 assert('is_array($post)');
134
135 if (!array_key_exists('SAMLResponse', $post)) {
136 throw new \Exception('Missing required SAMLResponse parameter.');
137 }
138 $rawResponse = $post['SAMLResponse'];
139 $samlResponseXML = base64_decode($rawResponse);
140
141 XML::debugSAMLMessage($samlResponseXML, 'in');
142
143 XML::checkSAMLMessage($samlResponseXML, 'saml11');
144
145 $samlResponse = new AuthnResponse();
146 $samlResponse->setXML($samlResponseXML);
147
148 if (array_key_exists('TARGET', $post)) {
149 $samlResponse->setRelayState($post['TARGET']);
150 }
151
152 return $samlResponse;
153 }
SimpleSAML\Utils\XML\checkSAMLMessage
static checkSAMLMessage($message, $type)
This function performs some sanity checks on XML documents, and optionally validates them against the...
Definition: XML.php:35
SimpleSAML\Utils\XML\debugSAMLMessage
static debugSAMLMessage($message, $type)
Helper function to log SAML messages that we send or receive.
Definition: XML.php:94
$post
$post
Definition: post.php:34

References $post, SimpleSAML\Utils\XML\checkSAMLMessage(), and SimpleSAML\Utils\XML\debugSAMLMessage().

+ Here is the call graph for this function:

◆ sendResponse()

SimpleSAML\Bindings\Shib13\HTTPPost::sendResponse (   $response,
\SimpleSAML_Configuration  $idpmd,
\SimpleSAML_Configuration  $spmd,
  $relayState,
  $shire 
)

Send an authenticationResponse using HTTP-POST.

Parameters
string$responseThe response which should be sent.
\SimpleSAML_Configuration$idpmdThe metadata of the IdP which is sending the response.
\SimpleSAML_Configuration$spmdThe metadata of the SP which is receiving the response.
string | null$relayStateThe relaystate for the SP.
string$shireThe shire which should receive the response.

Definition at line 58 of file HTTPPost.php.

64 {
65 XML::checkSAMLMessage($response, 'saml11');
66
67 $privatekey = Crypto::loadPrivateKey($idpmd, true);
68 $publickey = Crypto::loadPublicKey($idpmd, true);
69
70 $responsedom = DOMDocumentFactory::fromString(str_replace("\r", "", $response));
71
72 $responseroot = $responsedom->getElementsByTagName('Response')->item(0);
73 $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
74
75 /* Determine what we should sign - either the Response element or the Assertion. The default is to sign the
76 * Assertion, but that can be overridden by the 'signresponse' option in the SP metadata or
77 * 'saml20.signresponse' in the global configuration.
78 *
79 * TODO: neither 'signresponse' nor 'shib13.signresponse' are valid options any longer. Remove!
80 */
81 if ($spmd->hasValue('signresponse')) {
82 $signResponse = $spmd->getBoolean('signresponse');
83 } else {
84 $signResponse = $this->configuration->getBoolean('shib13.signresponse', true);
85 }
86
87 // check if we have an assertion to sign. Force to sign the response if not
88 if ($firstassertionroot === null) {
89 $signResponse = true;
90 }
91
92 $signer = new Signer(array(
93 'privatekey_array' => $privatekey,
94 'publickey_array' => $publickey,
95 'id' => ($signResponse ? 'ResponseID' : 'AssertionID'),
96 ));
97
98 if ($idpmd->hasValue('certificatechain')) {
99 $signer->addCertificate($idpmd->getString('certificatechain'));
100 }
101
102 if ($signResponse) {
103 // sign the response - this must be done after encrypting the assertion
104 // we insert the signature before the saml2p:Status element
105 $statusElements = XML::getDOMChildren($responseroot, 'Status', '@saml1p');
106 assert('count($statusElements) === 1');
107 $signer->sign($responseroot, $responseroot, $statusElements[0]);
108 } else {
109 // Sign the assertion
110 $signer->sign($firstassertionroot, $firstassertionroot);
111 }
112
113 $response = $responsedom->saveXML();
114
115 XML::debugSAMLMessage($response, 'out');
116
117 HTTP::submitPOSTData($shire, array(
118 'TARGET' => $relayState,
119 'SAMLResponse' => base64_encode($response),
120 ));
121 }
SimpleSAML\Utils\Crypto\loadPublicKey
static loadPublicKey(\SimpleSAML_Configuration $metadata, $required=false, $prefix='')
Get public key or certificate from metadata.
Definition: Crypto.php:265
SimpleSAML\Utils\Crypto\loadPrivateKey
static loadPrivateKey(\SimpleSAML_Configuration $metadata, $required=false, $prefix='', $full_path=false)
Load a private key from metadata.
Definition: Crypto.php:195
SimpleSAML\Utils\HTTP\submitPOSTData
static submitPOSTData($destination, $data)
Submit a POST form to a specific destination.
Definition: HTTP.php:1205
$relayState
$relayState
Definition: logout-iframe-post.php:14
$response
$response
Definition: proxy_ylocal.php:39
$idpmd
$idpmd
Definition: invalid_session.php:55
$spmd
$spmd
Definition: invalid_session.php:65

References $idpmd, $relayState, $response, $spmd, SimpleSAML\Utils\XML\checkSAMLMessage(), SimpleSAML\Utils\XML\debugSAMLMessage(), SAML2\DOMDocumentFactory\fromString(), SimpleSAML\Utils\Crypto\loadPrivateKey(), SimpleSAML\Utils\Crypto\loadPublicKey(), and SimpleSAML\Utils\HTTP\submitPOSTData().

+ Here is the call graph for this function:

Field Documentation

◆ $configuration

SimpleSAML\Bindings\Shib13\HTTPPost::$configuration = null
private

Definition at line 26 of file HTTPPost.php.

Referenced by SimpleSAML\Bindings\Shib13\HTTPPost\__construct().

◆ $metadata

SimpleSAML\Bindings\Shib13\HTTPPost::$metadata = null
private

Definition at line 31 of file HTTPPost.php.

The documentation for this class was generated from the following file: