dc/d8e/SAML1_8php_source.html

<?php

use SimpleSAML\Bindings\Shib13\HTTPPost;


class sspmod_saml_IdP_SAML1 {


        public static function sendResponse(array $state) {

                assert('isset($state["Attributes"])');

                assert('isset($state["SPMetadata"])');

                assert('isset($state["saml:shire"])');

                assert('array_key_exists("saml:target", $state)'); // Can be NULL


                $spMetadata = $state["SPMetadata"];

                $spEntityId = $spMetadata['entityid'];

                $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata,

                        '$metadata[' . var_export($spEntityId, TRUE) . ']');


                SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE));


                $attributes = $state['Attributes'];

                $shire = $state['saml:shire'];

                $target = $state['saml:target'];


                $idp = SimpleSAML_IdP::getByState($state);


                $idpMetadata = $idp->getConfig();


                $config = SimpleSAML_Configuration::getInstance();

                $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();


                $statsData = array(

                        'spEntityID' => $spEntityId,

                        'idpEntityID' => $idpMetadata->getString('entityid'),

                        'protocol' => 'saml1',

                );

                if (isset($state['saml:AuthnRequestReceivedAt'])) {

                        $statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt'];

                }

                SimpleSAML_Stats::log('saml:idp:Response', $statsData);


                // Generate and send response.

                $ar = new \SimpleSAML\XML\Shib13\AuthnResponse();

                $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);


                $httppost = new HTTPPost($config, $metadata);

                $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire);

        }


        public static function receiveAuthnRequest(SimpleSAML_IdP $idp) {


                if (isset($_REQUEST['cookieTime'])) {

                        $cookieTime = (int)$_REQUEST['cookieTime'];

                        if ($cookieTime + 5 > time()) {

                                /*

                                 * Less than five seconds has passed since we were

                                 * here the last time. Cookies are probably disabled.

                                 */

                                \SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL());

                        }

                }


                if (!isset($_REQUEST['providerId'])) {

                        throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');

                }

                $spEntityId = (string)$_REQUEST['providerId'];


                if (!isset($_REQUEST['shire'])) {

                        throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');

                }

                $shire = (string)$_REQUEST['shire'];


                if (isset($_REQUEST['target'])) {

                        $target = $_REQUEST['target'];

                } else {

                        $target = NULL;

                }


                SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.');


                $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();

                $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');


                $found = FALSE;

                foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {

                        if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {

                                continue;

                        }

                        if ($ep['Location'] !== $shire) {

                                continue;

                        }

                        $found = TRUE;

                        break;

                }

                if (!$found) {

                        throw new Exception('Invalid AssertionConsumerService for SP ' .

                                var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));

                }


                SimpleSAML_Stats::log('saml:idp:AuthnRequest', array(

                        'spEntityID' => $spEntityId,

                        'protocol' => 'saml1',

                ));


                $sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(

            \SimpleSAML\Utils\HTTP::getSelfURL(),

                        array('cookieTime' => time()));


                $state = array(

                        'Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'),

                        'SPMetadata' => $spMetadata->toArray(),

                        SimpleSAML_Auth_State::RESTART => $sessionLostURL,

                        'saml:shire' => $shire,

                        'saml:target' => $target,

                        'saml:AuthnRequestReceivedAt' => microtime(TRUE),

                );


                $idp->handleAuthenticationRequest($state);

        }


}

$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3

$spEntityId
$spEntityId
Definition: attributeserver.php:14

$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10

php
An exception for terminatinating execution or to throw for unit testing.

SimpleSAML\Bindings\Shib13\HTTPPost
Definition: HTTPPost.php:21

SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201

SimpleSAML\Utils\HTTP\checkSessionCookie
static checkSessionCookie($retryURL=null)
Check for session cookie, and show missing-cookie page if it is missing.
Definition: HTTP.php:287

SimpleSAML_Auth_State\RESTART
const RESTART
The index in the state array which contains the restart URL.
Definition: State.php:57

SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:297

SimpleSAML_Configuration\loadFromArray
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
Definition: Configuration.php:269

SimpleSAML_Error_BadRequest
Definition: BadRequest.php:12

SimpleSAML_IdP
Definition: IdP.php:12

SimpleSAML_IdP\getByState
static getByState(array &$state)
Retrieve the IdP "owning" the state.
Definition: IdP.php:152

SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40

SimpleSAML_Stats\log
static log($event, array $data=array())
Notify about an event.
Definition: Stats.php:71

sspmod_saml_IdP_SAML1
Definition: SAML1.php:9

sspmod_saml_IdP_SAML1\receiveAuthnRequest
static receiveAuthnRequest(SimpleSAML_IdP $idp)
Receive an authentication request.
Definition: SAML1.php:64

sspmod_saml_IdP_SAML1\sendResponse
static sendResponse(array $state)
Send a response to the SP.
Definition: SAML1.php:16

$config
$config
Definition: flush-definition-cache.php:23

$target
$target
Definition: generate-schema-cache.php:22

$idpMetadata
$idpMetadata
Definition: logout-iframe-post.php:26

$spMetadata
$spMetadata
Definition: logout-iframe-post.php:27

SimpleSAML
Attribute-related utility methods.

$idp
$idp
Definition: prp.php:13

$attributes
$attributes
Definition: serviceValidate.php:33