d1/d98/HTTPArtifact_8php_source.html

<?php


namespace SAML2;


use RobRichards\XMLSecLibs\XMLSecurityKey;

use SAML2\Utilities\Temporal;

use SimpleSAML_Configuration;

use SimpleSAML_Metadata_MetaDataStorageHandler;

use SimpleSAML_Store;

use SimpleSAML_Utilities;


class HTTPArtifact extends Binding

{

    private $spMetadata;


    public function getRedirectURL(Message $message)

    {

        $store = SimpleSAML_Store::getInstance();

        if ($store === false) {

            throw new \Exception('Unable to send artifact without a datastore configured.');

        }


        $generatedId = pack('H*', ((string) SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(20))));

        $artifact = base64_encode("\x00\x04\x00\x00" . sha1($message->getIssuer(), true) . $generatedId) ;

        $artifactData = $message->toUnsignedXML();

        $artifactDataString = $artifactData->ownerDocument->saveXML($artifactData);


        $store->set('artifact', $artifact, $artifactDataString, Temporal::getTime() + 15*60);


        $params = array(

            'SAMLart' => $artifact,

        );

        $relayState = $message->getRelayState();

        if ($relayState !== null) {

            $params['RelayState'] = $relayState;

        }


        return SimpleSAML_Utilities::addURLparameter($message->getDestination(), $params);

    }


    public function send(Message $message)

    {

        $destination = $this->getRedirectURL($message);

        Utils::getContainer()->redirect($destination);

    }


    public function receive()

    {

        if (array_key_exists('SAMLart', $_REQUEST)) {

            $artifact = base64_decode($_REQUEST['SAMLart']);

            $endpointIndex =  bin2hex(substr($artifact, 2, 2));

            $sourceId = bin2hex(substr($artifact, 4, 20));

        } else {

            throw new \Exception('Missing SAMLart parameter.');

        }


        $metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();


        $idpMetadata = $metadataHandler->getMetaDataConfigForSha1($sourceId, 'saml20-idp-remote');


        if ($idpMetadata === null) {

            throw new \Exception('No metadata found for remote provider with SHA1 ID: ' . var_export($sourceId, true));

        }


        $endpoint = null;

        foreach ($idpMetadata->getEndpoints('ArtifactResolutionService') as $ep) {

            if ($ep['index'] ===  hexdec($endpointIndex)) {

                $endpoint = $ep;

                break;

            }

        }


        if ($endpoint === null) {

            throw new \Exception('No ArtifactResolutionService with the correct index.');

        }


        Utils::getContainer()->getLogger()->debug("ArtifactResolutionService endpoint being used is := " . $endpoint['Location']);


        //Construct the ArtifactResolve Request

        $ar = new ArtifactResolve();


        /* Set the request attributes */


        $ar->setIssuer($this->spMetadata->getString('entityid'));

        $ar->setArtifact($_REQUEST['SAMLart']);

        $ar->setDestination($endpoint['Location']);


        /* Sign the request */

        \sspmod_saml_Message::addSign($this->spMetadata, $idpMetadata, $ar); // Shoaib - moved from the SOAPClient.


        $soap = new SOAPClient();


        // Send message through SoapClient

        $artifactResponse = $soap->send($ar, $this->spMetadata);


        if (!$artifactResponse->isSuccess()) {

            throw new \Exception('Received error from ArtifactResolutionService.');

        }


        $xml = $artifactResponse->getAny();

        if ($xml === null) {

            /* Empty ArtifactResponse - possibly because of Artifact replay? */


            return null;

        }


        $samlResponse = Message::fromXML($xml);

        $samlResponse->addValidator(array(get_class($this), 'validateSignature'), $artifactResponse);


        if (isset($_REQUEST['RelayState'])) {

            $samlResponse->setRelayState($_REQUEST['RelayState']);

        }


        return $samlResponse;

    }


    public function setSPMetadata(SimpleSAML_Configuration $sp)

    {

        $this->spMetadata = $sp;

    }


    public static function validateSignature(ArtifactResponse $message, XMLSecurityKey $key)

    {

        return $message->validate($key);

    }

}

$artifact
$artifact
Definition: ArtifactResolutionService.php:51

$artifactResponse
$artifactResponse
Definition: ArtifactResolutionService.php:63

getTime
getTime()
Definition: MetaLoader.php:492

$endpoint
$endpoint
Definition: attributeserver.php:23

$sourceId
if(!array_key_exists(sspmod_authfacebook_Auth_Source_Facebook::AUTHID, $state)) $sourceId
Definition: linkback.php:20

php
An exception for terminatinating execution or to throw for unit testing.

RobRichards\XMLSecLibs\XMLSecurityKey
xmlseclibs.php
Definition: XMLSecurityKey.php:48

SAML2\ArtifactResponse
Definition: ArtifactResponse.php:12

SAML2\Binding
Definition: Binding.php:11

SAML2\HTTPArtifact
Definition: HTTPArtifact.php:21

SAML2\HTTPArtifact\$spMetadata
$spMetadata
Definition: HTTPArtifact.php:25

SAML2\HTTPArtifact\getRedirectURL
getRedirectURL(Message $message)
Create the redirect URL for a message.
Definition: HTTPArtifact.php:34

SAML2\HTTPArtifact\validateSignature
static validateSignature(ArtifactResponse $message, XMLSecurityKey $key)
A validator which returns true if the ArtifactResponse was signed with the given key.
Definition: HTTPArtifact.php:166

SAML2\HTTPArtifact\setSPMetadata
setSPMetadata(SimpleSAML_Configuration $sp)
Definition: HTTPArtifact.php:154

SAML2\HTTPArtifact\send
send(Message $message)
Send a SAML 2 message using the HTTP-Redirect binding.
Definition: HTTPArtifact.php:66

SAML2\Message
Base class for all SAML 2 messages.
Definition: Message.php:19

SAML2\Utilities\Temporal
Definition: Temporal.php:6

SimpleSAML_Configuration
Definition: Configuration.php:12

SimpleSAML_Metadata_MetaDataStorageHandler
Definition: MetaDataStorageHandler.php:11

SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40

SimpleSAML_Utilities
Definition: Utilities.php:13

SimpleSAML_Utilities\stringToHex
static stringToHex($bytes)
Definition: Utilities.php:370

SimpleSAML_Utilities\addURLparameter
static addURLparameter($url, $parameters)
Definition: Utilities.php:99

SimpleSAML_Utilities\generateRandomBytes
static generateRandomBytes($length)
Definition: Utilities.php:359

sspmod_saml_Message\addSign
static addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, \SAML2\SignedElement $element)
Add signature key and sender certificate to an element (Message or Assertion).
Definition: Message.php:20

$key
$key
Definition: croninfo.php:18

$xml
$xml
Definition: fetch_windows_zones.php:11

$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11

$message
catch(Exception $e) $message
Definition: saml2-logout.php:34

$destination
$destination
Definition: saml2-logout.php:50

$relayState
$relayState
Definition: logout-iframe-post.php:14

$idpMetadata
$idpMetadata
Definition: logout-iframe-post.php:26

PHPMailer\PHPMailer\$params
$params
Definition: get_oauth_token.php:84

SAML2
Definition: ArtifactResolve.php:3