ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes
SimpleSAML_Metadata_SAMLParser Class Reference

This is class for parsing of SAML 1.x and SAML 2.0 metadata. More...

+ Collaboration diagram for SimpleSAML_Metadata_SAMLParser:

Public Member Functions

 getEntityId ()
 This function returns the entity id of this parsed entity. More...
 
 getMetadata1xSP ()
 This function returns the metadata for SAML 1.x SPs in the format SimpleSAMLphp expects. More...
 
 getMetadata1xIdP ()
 This function returns the metadata for SAML 1.x IdPs in the format SimpleSAMLphp expects. More...
 
 getMetadata20SP ()
 This function returns the metadata for SAML 2.0 SPs in the format SimpleSAMLphp expects. More...
 
 getMetadata20IdP ()
 This function returns the metadata for SAML 2.0 IdPs in the format SimpleSAMLphp expects. More...
 
 getAttributeAuthorities ()
 Retrieve AttributeAuthorities from the metadata. More...
 
 validateSignature ($certificates)
 If this EntityDescriptor was signed this function use the public key to check the signature. More...
 
 validateFingerprint ($fingerprint)
 This function checks if this EntityDescriptor was signed with a certificate with the given fingerprint. More...
 

Static Public Member Functions

static parseFile ($file)
 This function parses a file which contains XML encoded metadata. More...
 
static parseString ($metadata)
 This function parses a string which contains XML encoded metadata. More...
 
static parseDocument ($document)
 This function parses a DOMDocument which is assumed to contain a single EntityDescriptor element. More...
 
static parseElement ($entityElement)
 This function parses a object which represents a EntityDescriptor element. More...
 
static parseDescriptorsFile ($file)
 This function parses a file where the root node is either an EntityDescriptor element or an EntitiesDescriptor element. More...
 
static parseDescriptorsString ($string)
 This function parses a string with XML data. More...
 
static parseDescriptorsElement (DOMElement $element=null)
 This function parses a DOMElement which represents either an EntityDescriptor element or an EntitiesDescriptor element. More...
 

Private Member Functions

 __construct (\SAML2\XML\md\EntityDescriptor $entityElement, $maxExpireTime, array $validators=array(), array $parentExtensions=array())
 This is the constructor for the SAMLParser class. More...
 
 getMetadataCommon ()
 
 addExtensions (array &$metadata, array $roleDescriptor)
 Add data parsed from extensions to metadata. More...
 
 processSPSSODescriptor (\SAML2\XML\md\SPSSODescriptor $element, $expireTime)
 This function extracts metadata from a SPSSODescriptor element. More...
 
 processIDPSSODescriptor (\SAML2\XML\md\IDPSSODescriptor $element, $expireTime)
 This function extracts metadata from a IDPSSODescriptor element. More...
 
 processAttributeAuthorityDescriptor (\SAML2\XML\md\AttributeAuthorityDescriptor $element, $expireTime)
 This function extracts metadata from a AttributeAuthorityDescriptor element. More...
 
 processOrganization (\SAML2\XML\md\Organization $element)
 Parse and process a Organization element. More...
 
 processContactPerson (\SAML2\XML\md\ContactPerson $element)
 Parse and process a ContactPerson element. More...
 
 getSPDescriptors ($protocols)
 This function finds SP descriptors which supports one of the given protocols. More...
 
 getIdPDescriptors ($protocols)
 This function finds IdP descriptors which supports one of the given protocols. More...
 

Static Private Member Functions

static getExpireTime ($element, $maxExpireTime)
 Determine how long a given element can be cached. More...
 
static parseRoleDescriptorType (\SAML2\XML\md\RoleDescriptor $element, $expireTime)
 Parse a RoleDescriptorType element. More...
 
static parseSSODescriptor (\SAML2\XML\md\SSODescriptorType $element, $expireTime)
 This function extracts metadata from a SSODescriptor element. More...
 
static processExtensions ($element, $parentExtensions=array())
 Parse an Extensions element. More...
 
static parseAttributeConsumerService (\SAML2\XML\md\AttributeConsumingService $element, &$sp)
 This function parses AttributeConsumerService elements. More...
 
static parseGenericEndpoint (\SAML2\XML\md\EndpointType $element)
 This function is a generic endpoint element parser. More...
 
static extractEndpoints (array $endpoints)
 Extract generic endpoints. More...
 
static parseKeyDescriptor (\SAML2\XML\md\KeyDescriptor $kd)
 This function parses a KeyDescriptor element. More...
 
static findEntityDescriptor ($doc)
 This function locates the EntityDescriptor node in a DOMDocument. More...
 

Private Attributes

 $entityId
 
 $spDescriptors
 
 $idpDescriptors
 
 $attributeAuthorityDescriptors = array()
 
 $organizationName = array()
 
 $organizationDisplayName = array()
 
 $organizationURL = array()
 
 $contacts = array()
 
 $scopes
 
 $entityAttributes
 
 $registrationInfo
 
 $tags
 
 $validators = array()
 
 $entityDescriptor
 

Static Private Attributes

static $SAML1xProtocols
 
static $SAML20Protocols
 

Detailed Description

This is class for parsing of SAML 1.x and SAML 2.0 metadata.

Metadata is loaded by calling the static methods parseFile, parseString or parseElement. These functions returns an instance of SimpleSAML_Metadata_SAMLParser. To get metadata from this object, use the methods getMetadata1xSP or getMetadata20SP.

To parse a file which can contain a collection of EntityDescriptor or EntitiesDescriptor elements, use the parseDescriptorsFile, parseDescriptorsString or parseDescriptorsElement methods. These functions will return an array of SAMLParser elements where each element represents an EntityDescriptor-element.

Definition at line 15 of file SAMLParser.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Metadata_SAMLParser::__construct ( \SAML2\XML\md\EntityDescriptor  $entityElement,
  $maxExpireTime,
array  $validators = array(),
array  $parentExtensions = array() 
)
private

This is the constructor for the SAMLParser class.

Parameters
\SAML2\XML\md\EntityDescriptor$entityElementThe EntityDescriptor.
int | null$maxExpireTimeThe unix timestamp for when this entity should expire, or NULL if unknown.
array$validatorsAn array of parent elements that may validate this element.
array$parentExtensionsAn optional array of extensions from the parent element.

Definition at line 149 of file SAMLParser.php.

References $validators, processAttributeAuthorityDescriptor(), processContactPerson(), processIDPSSODescriptor(), processOrganization(), and processSPSSODescriptor().

154  {
155  assert($maxExpireTime === null || is_int($maxExpireTime));
156 
157  $this->spDescriptors = array();
158  $this->idpDescriptors = array();
159 
160  $e = $entityElement->toXML();
161  $e = $e->ownerDocument->saveXML($e);
162  $this->entityDescriptor = base64_encode($e);
163  $this->entityId = $entityElement->entityID;
164 
165  $expireTime = self::getExpireTime($entityElement, $maxExpireTime);
166 
167  $this->validators = $validators;
168  $this->validators[] = $entityElement;
169 
170  // process Extensions element, if it exists
171  $ext = self::processExtensions($entityElement, $parentExtensions);
172  $this->scopes = $ext['scope'];
173  $this->tags = $ext['tags'];
174  $this->entityAttributes = $ext['EntityAttributes'];
175  $this->registrationInfo = $ext['RegistrationInfo'];
176 
177  // look over the RoleDescriptors
178  foreach ($entityElement->RoleDescriptor as $child) {
179  if ($child instanceof \SAML2\XML\md\SPSSODescriptor) {
180  $this->processSPSSODescriptor($child, $expireTime);
181  } elseif ($child instanceof \SAML2\XML\md\IDPSSODescriptor) {
182  $this->processIDPSSODescriptor($child, $expireTime);
183  } elseif ($child instanceof \SAML2\XML\md\AttributeAuthorityDescriptor) {
184  $this->processAttributeAuthorityDescriptor($child, $expireTime);
185  }
186  }
187 
188  if ($entityElement->Organization) {
189  $this->processOrganization($entityElement->Organization);
190  }
191 
192  if (!empty($entityElement->ContactPerson)) {
193  foreach ($entityElement->ContactPerson as $contact) {
194  $this->processContactPerson($contact);
195  }
196  }
197  }
SimpleSAML_Metadata_SAMLParser\processAttributeAuthorityDescriptor
processAttributeAuthorityDescriptor(\SAML2\XML\md\AttributeAuthorityDescriptor $element, $expireTime)
This function extracts metadata from a AttributeAuthorityDescriptor element.
Definition: SAMLParser.php:971
SimpleSAML_Metadata_SAMLParser\processContactPerson
processContactPerson(\SAML2\XML\md\ContactPerson $element)
Parse and process a ContactPerson element.
Definition: SAMLParser.php:1154
SimpleSAML_Metadata_SAMLParser\processOrganization
processOrganization(\SAML2\XML\md\Organization $element)
Parse and process a Organization element.
Definition: SAMLParser.php:1140
SimpleSAML_Metadata_SAMLParser\processIDPSSODescriptor
processIDPSSODescriptor(\SAML2\XML\md\IDPSSODescriptor $element, $expireTime)
This function extracts metadata from a IDPSSODescriptor element.
Definition: SAMLParser.php:945
SimpleSAML_Metadata_SAMLParser\$validators
$validators
Definition: SAMLParser.php:131
SimpleSAML_Metadata_SAMLParser\processSPSSODescriptor
processSPSSODescriptor(\SAML2\XML\md\SPSSODescriptor $element, $expireTime)
This function extracts metadata from a SPSSODescriptor element.
Definition: SAMLParser.php:909
+ Here is the call graph for this function:

Member Function Documentation

◆ addExtensions()

SimpleSAML_Metadata_SAMLParser::addExtensions ( array &  $metadata,
array  $roleDescriptor 
)
private

Add data parsed from extensions to metadata.

Parameters
array&$metadataThe metadata that should be updated.
array$roleDescriptorThe parsed role descriptor.

Definition at line 469 of file SAMLParser.php.

References $entityAttributes, $registrationInfo, $scopes, and $tags.

Referenced by getMetadata1xIdP(), getMetadata1xSP(), getMetadata20IdP(), and getMetadata20SP().

470  {
471  assert(array_key_exists('scope', $roleDescriptor));
472  assert(array_key_exists('tags', $roleDescriptor));
473 
474  $scopes = array_merge($this->scopes, array_diff($roleDescriptor['scope'], $this->scopes));
475  if (!empty($scopes)) {
476  $metadata['scope'] = $scopes;
477  }
478 
479  $tags = array_merge($this->tags, array_diff($roleDescriptor['tags'], $this->tags));
480  if (!empty($tags)) {
481  $metadata['tags'] = $tags;
482  }
483 
484 
485  if (!empty($this->registrationInfo)) {
486  $metadata['RegistrationInfo'] = $this->registrationInfo;
487  }
488 
489  if (!empty($this->entityAttributes)) {
490  $metadata['EntityAttributes'] = $this->entityAttributes;
491 
492  // check for entity categories
493  if (SimpleSAML\Utils\Config\Metadata::isHiddenFromDiscovery($metadata)) {
494  $metadata['hide.from.discovery'] = true;
495  }
496  }
497 
498  if (!empty($roleDescriptor['UIInfo'])) {
499  $metadata['UIInfo'] = $roleDescriptor['UIInfo'];
500  }
501 
502  if (!empty($roleDescriptor['DiscoHints'])) {
503  $metadata['DiscoHints'] = $roleDescriptor['DiscoHints'];
504  }
505  }
SimpleSAML_Metadata_SAMLParser\$registrationInfo
$registrationInfo
Definition: SAMLParser.php:119
SimpleSAML_Metadata_SAMLParser\$tags
$tags
Definition: SAMLParser.php:124
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
SimpleSAML
Attribute-related utility methods.
SimpleSAML_Metadata_SAMLParser\$scopes
$scopes
Definition: SAMLParser.php:108
SimpleSAML_Metadata_SAMLParser\$entityAttributes
$entityAttributes
Definition: SAMLParser.php:113
+ Here is the caller graph for this function:

◆ extractEndpoints()

static SimpleSAML_Metadata_SAMLParser::extractEndpoints ( array  $endpoints)
staticprivate

Extract generic endpoints.

Parameters
array$endpointsThe endpoints we should parse.
Returns
array Array of parsed endpoints.

Definition at line 1276 of file SAMLParser.php.

References $ret.

1277  {
1278  $ret = array();
1279  foreach ($endpoints as $ep) {
1280  $ret[] = self::parseGenericEndpoint($ep);
1281  }
1282 
1283  return $ret;
1284  }
$ret
$ret
Definition: parser.php:6

◆ findEntityDescriptor()

static SimpleSAML_Metadata_SAMLParser::findEntityDescriptor (   $doc)
staticprivate

This function locates the EntityDescriptor node in a DOMDocument.

This node should be the first (and only) node in the document.

This function will throw an exception if it is unable to locate the node.

Parameters
DOMDocument$docThe DOMDocument where we should find the EntityDescriptor node.
Returns
The DOMEntity which represents the EntityDescriptor.
Exceptions
ExceptionIf the document is empty or the first element is not an EntityDescriptor element.

Definition at line 1393 of file SAMLParser.php.

1394  {
1395  assert($doc instanceof DOMDocument);
1396 
1397  // find the EntityDescriptor DOMElement. This should be the first (and only) child of the DOMDocument
1398  $ed = $doc->documentElement;
1399 
1400  if ($ed === null) {
1401  throw new Exception('Failed to load SAML metadata from empty XML document.');
1402  }
1403 
1404  if (SimpleSAML\Utils\XML::isDOMNodeOfType($ed, 'EntityDescriptor', '@md') === false) {
1405  throw new Exception('Expected first element in the metadata document to be an EntityDescriptor element.');
1406  }
1407 
1408  return new \SAML2\XML\md\EntityDescriptor($ed);
1409  }
SimpleSAML
Attribute-related utility methods.

◆ getAttributeAuthorities()

SimpleSAML_Metadata_SAMLParser::getAttributeAuthorities ( )

Retrieve AttributeAuthorities from the metadata.

Returns
array Array of AttributeAuthorityDescriptor entries.

Definition at line 811 of file SAMLParser.php.

References $attributeAuthorityDescriptors.

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

812  {
813  return $this->attributeAuthorityDescriptors;
814  }
SimpleSAML_Metadata_SAMLParser\$attributeAuthorityDescriptors
$attributeAuthorityDescriptors
Definition: SAMLParser.php:70
+ Here is the caller graph for this function:

◆ getEntityId()

SimpleSAML_Metadata_SAMLParser::getEntityId ( )

This function returns the entity id of this parsed entity.

Returns
string The entity id of this parsed entity.

Definition at line 430 of file SAMLParser.php.

References $entityId.

431  {
432  return $this->entityId;
433  }
SimpleSAML_Metadata_SAMLParser\$entityId
$entityId
Definition: SAMLParser.php:41

◆ getExpireTime()

static SimpleSAML_Metadata_SAMLParser::getExpireTime (   $element,
  $maxExpireTime 
)
staticprivate

Determine how long a given element can be cached.

This function looks for the 'validUntil' attribute to determine how long a given XML-element is valid. It returns this as a unix timestamp.

Parameters
mixed$elementThe element we should determine the expiry time of.
int | NULL$maxExpireTimeThe maximum expiration time.
Returns
int The unix timestamp for when the element should expire. Will be NULL if no limit is set for the element.

Definition at line 412 of file SAMLParser.php.

References $expire.

413  {
414  // validUntil may be null
415  $expire = $element->validUntil;
416 
417  if ($maxExpireTime !== null && ($expire === null || $maxExpireTime < $expire)) {
418  $expire = $maxExpireTime;
419  }
420 
421  return $expire;
422  }
$expire
$expire
Definition: saml2-acs.php:140

◆ getIdPDescriptors()

SimpleSAML_Metadata_SAMLParser::getIdPDescriptors (   $protocols)
private

This function finds IdP descriptors which supports one of the given protocols.

Parameters
$protocolsArray with the protocols we accept.
Returns
Array with IdP descriptors which supports one of the given protocols.

Definition at line 1365 of file SAMLParser.php.

References $ret.

Referenced by getMetadata1xIdP(), and getMetadata20IdP().

1366  {
1367  assert(is_array($protocols));
1368 
1369  $ret = array();
1370 
1371  foreach ($this->idpDescriptors as $idpd) {
1372  $sharedProtocols = array_intersect($protocols, $idpd['protocols']);
1373  if (count($sharedProtocols) > 0) {
1374  $ret[] = $idpd;
1375  }
1376  }
1377 
1378  return $ret;
1379  }
$ret
$ret
Definition: parser.php:6
+ Here is the caller graph for this function:

◆ getMetadata1xIdP()

SimpleSAML_Metadata_SAMLParser::getMetadata1xIdP ( )

This function returns the metadata for SAML 1.x IdPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

  • 'entityid': The entity id of the entity described in the metadata.
  • 'name': Auto generated name for this entity. Currently set to the entity id.
  • 'SingleSignOnService': String with the URL of the SSO service which supports the redirect binding.
  • 'SingleLogoutService': String with the URL where we should send logout requests/responses.
  • 'certData': X509Certificate for entity (if present).
  • 'certFingerprint': Fingerprint of the X509Certificate from the metadata. (deprecated)

Metadata must be loaded with one of the parse functions before this function can be called.

Returns
array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 1.x IdP.

Definition at line 594 of file SAMLParser.php.

References $idp, $ret, addExtensions(), getIdPDescriptors(), and getMetadataCommon().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

595  {
596  $ret = $this->getMetadataCommon();
597  $ret['metadata-set'] = 'shib13-idp-remote';
598 
599  // find IdP information which supports the SAML 1.x protocol
600  $idp = $this->getIdPDescriptors(self::$SAML1xProtocols);
601  if (count($idp) === 0) {
602  return null;
603  }
604 
605  // we currently only look at the first IDP descriptor which supports SAML 1.x
606  $idp = $idp[0];
607 
608  // fdd expire time to metadata
609  if (array_key_exists('expire', $idp)) {
610  $ret['expire'] = $idp['expire'];
611  }
612 
613  // find the SSO service endpoints
614  $ret['SingleSignOnService'] = $idp['SingleSignOnService'];
615 
616  // find the ArtifactResolutionService endpoint
617  $ret['ArtifactResolutionService'] = $idp['ArtifactResolutionService'];
618 
619  // add public keys
620  if (!empty($idp['keys'])) {
621  $ret['keys'] = $idp['keys'];
622  }
623 
624  // add extensions
625  $this->addExtensions($ret, $idp);
626 
627  // prioritize mdui:DisplayName as the name if available
628  if (!empty($ret['UIInfo']['DisplayName'])) {
629  $ret['name'] = $ret['UIInfo']['DisplayName'];
630  }
631 
632  return $ret;
633  }
SimpleSAML_Metadata_SAMLParser\getIdPDescriptors
getIdPDescriptors($protocols)
This function finds IdP descriptors which supports one of the given protocols.
Definition: SAMLParser.php:1365
SimpleSAML_Metadata_SAMLParser\getMetadataCommon
getMetadataCommon()
Definition: SAMLParser.php:436
SimpleSAML_Metadata_SAMLParser\addExtensions
addExtensions(array &$metadata, array $roleDescriptor)
Add data parsed from extensions to metadata.
Definition: SAMLParser.php:469
$idp
$idp
Definition: prp.php:13
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadata1xSP()

SimpleSAML_Metadata_SAMLParser::getMetadata1xSP ( )

This function returns the metadata for SAML 1.x SPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

  • 'entityid': The entity id of the entity described in the metadata.
  • 'AssertionConsumerService': String with the URL of the assertion consumer service which supports the browser-post binding.
  • 'certData': X509Certificate for entity (if present).

Metadata must be loaded with one of the parse functions before this function can be called.

Returns
array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 1.x SP.

Definition at line 520 of file SAMLParser.php.

References $ret, addExtensions(), getMetadataCommon(), and getSPDescriptors().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

521  {
522  $ret = $this->getMetadataCommon();
523  $ret['metadata-set'] = 'shib13-sp-remote';
524 
525 
526  // find SP information which supports one of the SAML 1.x protocols
527  $spd = $this->getSPDescriptors(self::$SAML1xProtocols);
528  if (count($spd) === 0) {
529  return null;
530  }
531 
532  // we currently only look at the first SPDescriptor which supports SAML 1.x
533  $spd = $spd[0];
534 
535  // add expire time to metadata
536  if (array_key_exists('expire', $spd)) {
537  $ret['expire'] = $spd['expire'];
538  }
539 
540  // find the assertion consumer service endpoints
541  $ret['AssertionConsumerService'] = $spd['AssertionConsumerService'];
542 
543  // add the list of attributes the SP should receive
544  if (array_key_exists('attributes', $spd)) {
545  $ret['attributes'] = $spd['attributes'];
546  }
547  if (array_key_exists('attributes.required', $spd)) {
548  $ret['attributes.required'] = $spd['attributes.required'];
549  }
550  if (array_key_exists('attributes.NameFormat', $spd)) {
551  $ret['attributes.NameFormat'] = $spd['attributes.NameFormat'];
552  }
553 
554  // add name & description
555  if (array_key_exists('name', $spd)) {
556  $ret['name'] = $spd['name'];
557  }
558  if (array_key_exists('description', $spd)) {
559  $ret['description'] = $spd['description'];
560  }
561 
562  // add public keys
563  if (!empty($spd['keys'])) {
564  $ret['keys'] = $spd['keys'];
565  }
566 
567  // add extensions
568  $this->addExtensions($ret, $spd);
569 
570  // prioritize mdui:DisplayName as the name if available
571  if (!empty($ret['UIInfo']['DisplayName'])) {
572  $ret['name'] = $ret['UIInfo']['DisplayName'];
573  }
574 
575  return $ret;
576  }
SimpleSAML_Metadata_SAMLParser\getMetadataCommon
getMetadataCommon()
Definition: SAMLParser.php:436
SimpleSAML_Metadata_SAMLParser\getSPDescriptors
getSPDescriptors($protocols)
This function finds SP descriptors which supports one of the given protocols.
Definition: SAMLParser.php:1341
SimpleSAML_Metadata_SAMLParser\addExtensions
addExtensions(array &$metadata, array $roleDescriptor)
Add data parsed from extensions to metadata.
Definition: SAMLParser.php:469
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadata20IdP()

SimpleSAML_Metadata_SAMLParser::getMetadata20IdP ( )

This function returns the metadata for SAML 2.0 IdPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

  • 'entityid': The entity id of the entity described in the metadata.
  • 'name': Auto generated name for this entity. Currently set to the entity id.
  • 'SingleSignOnService': String with the URL of the SSO service which supports the redirect binding.
  • 'SingleLogoutService': String with the URL where we should send logout requests(/responses).
  • 'SingleLogoutServiceResponse': String where we should send logout responses (if this is different from the 'SingleLogoutService' endpoint.
  • 'NameIDFormats': The name ID formats this IdP supports.
  • 'certData': X509Certificate for entity (if present).
  • 'certFingerprint': Fingerprint of the X509Certificate from the metadata. (deprecated)

Metadata must be loaded with one of the parse functions before this function can be called.

Returns
array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 2.0 IdP.

Definition at line 753 of file SAMLParser.php.

References $idp, $ret, addExtensions(), getIdPDescriptors(), and getMetadataCommon().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

754  {
755  $ret = $this->getMetadataCommon();
756  $ret['metadata-set'] = 'saml20-idp-remote';
757 
758  // find IdP information which supports the SAML 2.0 protocol
759  $idp = $this->getIdPDescriptors(self::$SAML20Protocols);
760  if (count($idp) === 0) {
761  return null;
762  }
763 
764  // we currently only look at the first IDP descriptor which supports SAML 2.0
765  $idp = $idp[0];
766 
767  // add expire time to metadata
768  if (array_key_exists('expire', $idp)) {
769  $ret['expire'] = $idp['expire'];
770  }
771 
772  // enable redirect.sign if WantAuthnRequestsSigned is enabled
773  if ($idp['WantAuthnRequestsSigned']) {
774  $ret['sign.authnrequest'] = true;
775  }
776 
777  // find the SSO service endpoint
778  $ret['SingleSignOnService'] = $idp['SingleSignOnService'];
779 
780  // find the single logout service endpoint
781  $ret['SingleLogoutService'] = $idp['SingleLogoutService'];
782 
783  // find the ArtifactResolutionService endpoint
784  $ret['ArtifactResolutionService'] = $idp['ArtifactResolutionService'];
785 
786  // add supported nameIDFormats
787  $ret['NameIDFormats'] = $idp['nameIDFormats'];
788 
789  // add public keys
790  if (!empty($idp['keys'])) {
791  $ret['keys'] = $idp['keys'];
792  }
793 
794  // add extensions
795  $this->addExtensions($ret, $idp);
796 
797  // prioritize mdui:DisplayName as the name if available
798  if (!empty($ret['UIInfo']['DisplayName'])) {
799  $ret['name'] = $ret['UIInfo']['DisplayName'];
800  }
801 
802  return $ret;
803  }
SimpleSAML_Metadata_SAMLParser\getIdPDescriptors
getIdPDescriptors($protocols)
This function finds IdP descriptors which supports one of the given protocols.
Definition: SAMLParser.php:1365
SimpleSAML_Metadata_SAMLParser\getMetadataCommon
getMetadataCommon()
Definition: SAMLParser.php:436
SimpleSAML_Metadata_SAMLParser\addExtensions
addExtensions(array &$metadata, array $roleDescriptor)
Add data parsed from extensions to metadata.
Definition: SAMLParser.php:469
$idp
$idp
Definition: prp.php:13
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadata20SP()

SimpleSAML_Metadata_SAMLParser::getMetadata20SP ( )

This function returns the metadata for SAML 2.0 SPs in the format SimpleSAMLphp expects.

This is an associative array with the following fields:

  • 'entityid': The entity id of the entity described in the metadata.
  • 'AssertionConsumerService': String with the URL of the assertion consumer service which supports the browser-post binding.
  • 'SingleLogoutService': String with the URL where we should send logout requests/responses.
  • 'NameIDFormat': The name ID format this SP expects. This may be unset.
  • 'certData': X509Certificate for entity (if present).

Metadata must be loaded with one of the parse functions before this function can be called.

Returns
array An associative array with metadata or NULL if we are unable to generate metadata for a SAML 2.x SP.

Definition at line 650 of file SAMLParser.php.

References $ret, addExtensions(), getMetadataCommon(), and getSPDescriptors().

Referenced by SimpleSAML\Metadata\Sources\MDQ\getParsedSet().

651  {
652  $ret = $this->getMetadataCommon();
653  $ret['metadata-set'] = 'saml20-sp-remote';
654 
655  // find SP information which supports the SAML 2.0 protocol
656  $spd = $this->getSPDescriptors(self::$SAML20Protocols);
657  if (count($spd) === 0) {
658  return null;
659  }
660 
661  // we currently only look at the first SPDescriptor which supports SAML 2.0
662  $spd = $spd[0];
663 
664  // add expire time to metadata
665  if (array_key_exists('expire', $spd)) {
666  $ret['expire'] = $spd['expire'];
667  }
668 
669  // find the assertion consumer service endpoints
670  $ret['AssertionConsumerService'] = $spd['AssertionConsumerService'];
671 
672 
673  // find the single logout service endpoint
674  $ret['SingleLogoutService'] = $spd['SingleLogoutService'];
675 
676 
677  // find the NameIDFormat. This may not exist
678  if (count($spd['nameIDFormats']) > 0) {
679  // SimpleSAMLphp currently only supports a single NameIDFormat pr. SP. We use the first one
680  $ret['NameIDFormat'] = $spd['nameIDFormats'][0];
681  }
682 
683  // add the list of attributes the SP should receive
684  if (array_key_exists('attributes', $spd)) {
685  $ret['attributes'] = $spd['attributes'];
686  }
687  if (array_key_exists('attributes.required', $spd)) {
688  $ret['attributes.required'] = $spd['attributes.required'];
689  }
690  if (array_key_exists('attributes.NameFormat', $spd)) {
691  $ret['attributes.NameFormat'] = $spd['attributes.NameFormat'];
692  }
693  if (array_key_exists('attributes.index', $spd)) {
694  $ret['attributes.index'] = $spd['attributes.index'];
695  }
696  if (array_key_exists('attributes.isDefault', $spd)) {
697  $ret['attributes.isDefault'] = $spd['attributes.isDefault'];
698  }
699 
700  // add name & description
701  if (array_key_exists('name', $spd)) {
702  $ret['name'] = $spd['name'];
703  }
704  if (array_key_exists('description', $spd)) {
705  $ret['description'] = $spd['description'];
706  }
707 
708  // add public keys
709  if (!empty($spd['keys'])) {
710  $ret['keys'] = $spd['keys'];
711  }
712 
713  // add validate.authnrequest
714  if (array_key_exists('AuthnRequestsSigned', $spd)) {
715  $ret['validate.authnrequest'] = $spd['AuthnRequestsSigned'];
716  }
717 
718  // add saml20.sign.assertion
719  if (array_key_exists('WantAssertionsSigned', $spd)) {
720  $ret['saml20.sign.assertion'] = $spd['WantAssertionsSigned'];
721  }
722 
723  // add extensions
724  $this->addExtensions($ret, $spd);
725 
726  // prioritize mdui:DisplayName as the name if available
727  if (!empty($ret['UIInfo']['DisplayName'])) {
728  $ret['name'] = $ret['UIInfo']['DisplayName'];
729  }
730 
731  return $ret;
732  }
SimpleSAML_Metadata_SAMLParser\getMetadataCommon
getMetadataCommon()
Definition: SAMLParser.php:436
SimpleSAML_Metadata_SAMLParser\getSPDescriptors
getSPDescriptors($protocols)
This function finds SP descriptors which supports one of the given protocols.
Definition: SAMLParser.php:1341
SimpleSAML_Metadata_SAMLParser\addExtensions
addExtensions(array &$metadata, array $roleDescriptor)
Add data parsed from extensions to metadata.
Definition: SAMLParser.php:469
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadataCommon()

SimpleSAML_Metadata_SAMLParser::getMetadataCommon ( )
private

Definition at line 436 of file SAMLParser.php.

References $contacts, $entityDescriptor, $entityId, $organizationDisplayName, $organizationName, $organizationURL, and $ret.

Referenced by getMetadata1xIdP(), getMetadata1xSP(), getMetadata20IdP(), and getMetadata20SP().

437  {
438  $ret = array();
439  $ret['entityid'] = $this->entityId;
440  $ret['entityDescriptor'] = $this->entityDescriptor;
441 
442  // add organizational metadata
443  if (!empty($this->organizationName)) {
444  $ret['description'] = $this->organizationName;
445  $ret['OrganizationName'] = $this->organizationName;
446  }
447  if (!empty($this->organizationDisplayName)) {
448  $ret['name'] = $this->organizationDisplayName;
449  $ret['OrganizationDisplayName'] = $this->organizationDisplayName;
450  }
451  if (!empty($this->organizationURL)) {
452  $ret['url'] = $this->organizationURL;
453  $ret['OrganizationURL'] = $this->organizationURL;
454  }
455 
456  //add contact metadata
457  $ret['contacts'] = $this->contacts;
458 
459  return $ret;
460  }
SimpleSAML_Metadata_SAMLParser\$contacts
$contacts
Definition: SAMLParser.php:103
SimpleSAML_Metadata_SAMLParser\$entityId
$entityId
Definition: SAMLParser.php:41
SimpleSAML_Metadata_SAMLParser\$organizationURL
$organizationURL
Definition: SAMLParser.php:96
SimpleSAML_Metadata_SAMLParser\$entityDescriptor
$entityDescriptor
Definition: SAMLParser.php:138
$ret
$ret
Definition: parser.php:6
SimpleSAML_Metadata_SAMLParser\$organizationName
$organizationName
Definition: SAMLParser.php:79
SimpleSAML_Metadata_SAMLParser\$organizationDisplayName
$organizationDisplayName
Definition: SAMLParser.php:88
+ Here is the caller graph for this function:

◆ getSPDescriptors()

SimpleSAML_Metadata_SAMLParser::getSPDescriptors (   $protocols)
private

This function finds SP descriptors which supports one of the given protocols.

Parameters
$protocolsArray with the protocols we accept.
Returns
Array with SP descriptors which supports one of the given protocols.

Definition at line 1341 of file SAMLParser.php.

References $ret.

Referenced by getMetadata1xSP(), and getMetadata20SP().

1342  {
1343  assert(is_array($protocols));
1344 
1345  $ret = array();
1346 
1347  foreach ($this->spDescriptors as $spd) {
1348  $sharedProtocols = array_intersect($protocols, $spd['protocols']);
1349  if (count($sharedProtocols) > 0) {
1350  $ret[] = $spd;
1351  }
1352  }
1353 
1354  return $ret;
1355  }
$ret
$ret
Definition: parser.php:6
+ Here is the caller graph for this function:

◆ parseAttributeConsumerService()

static SimpleSAML_Metadata_SAMLParser::parseAttributeConsumerService ( \SAML2\XML\md\AttributeConsumingService  $element,
$sp 
)
staticprivate

This function parses AttributeConsumerService elements.

Parameters
\SAML2\XML\md\AttributeConsumingService$elementThe AttributeConsumingService to parse.
array$spThe array with the SP's metadata.

Definition at line 1187 of file SAMLParser.php.

References $format, and SAML2\Constants\NAMEFORMAT_UNSPECIFIED.

1188  {
1189  assert(is_array($sp));
1190 
1191  $sp['name'] = $element->ServiceName;
1192  $sp['description'] = $element->ServiceDescription;
1193 
1194  $format = null;
1195  $sp['attributes'] = array();
1196  $sp['attributes.required'] = array();
1197  foreach ($element->RequestedAttribute as $child) {
1198  $attrname = $child->Name;
1199  $sp['attributes'][] = $attrname;
1200 
1201  if ($child->isRequired !== null && $child->isRequired === true) {
1202  $sp['attributes.required'][] = $attrname;
1203  }
1204 
1205  if ($child->NameFormat !== null) {
1206  $attrformat = $child->NameFormat;
1207  } else {
1208  $attrformat = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
1209  }
1210 
1211  if ($format === null) {
1212  $format = $attrformat;
1213  } elseif ($format !== $attrformat) {
1214  $format = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
1215  }
1216  }
1217 
1218  if (empty($sp['attributes'])) {
1219  // a really invalid configuration: all AttributeConsumingServices should have one or more attributes
1220  unset($sp['attributes']);
1221  }
1222  if (empty($sp['attributes.required'])) {
1223  unset($sp['attributes.required']);
1224  }
1225 
1226  if ($format !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED && $format !== null) {
1227  $sp['attributes.NameFormat'] = $format;
1228  }
1229  }
$format
$format
Definition: metadata.php:141
SAML2\Constants\NAMEFORMAT_UNSPECIFIED
const NAMEFORMAT_UNSPECIFIED
The interpretation of the attribute name is left to individual implementations.
Definition: Constants.php:146

◆ parseDescriptorsElement()

static SimpleSAML_Metadata_SAMLParser::parseDescriptorsElement ( DOMElement  $element = null)
static

This function parses a DOMElement which represents either an EntityDescriptor element or an EntitiesDescriptor element.

It will return an associative array of SAMLParser instances in both cases.

Parameters
DOMElement | NULL$elementThe DOMElement which contains the EntityDescriptor element or the EntitiesDescriptor element.
Returns
SimpleSAML_Metadata_SAMLParser[] An associative array of SAMLParser instances. The key of the array will be the entity id.
Exceptions
Exceptionif the document is empty or the root is an unexpected node.

Definition at line 341 of file SAMLParser.php.

References $ret, and $validators.

Referenced by sspmod_metarefresh_MetaLoader\loadXML().

342  {
343  if ($element === null) {
344  throw new Exception('Document was empty.');
345  }
346 
347  if (SimpleSAML\Utils\XML::isDOMNodeOfType($element, 'EntityDescriptor', '@md') === true) {
348  return self::processDescriptorsElement(new \SAML2\XML\md\EntityDescriptor($element));
349  } elseif (SimpleSAML\Utils\XML::isDOMNodeOfType($element, 'EntitiesDescriptor', '@md') === true) {
350  return self::processDescriptorsElement(new \SAML2\XML\md\EntitiesDescriptor($element));
351  } else {
352  throw new Exception('Unexpected root node: ['.$element->namespaceURI.']:'.$element->localName);
353  }
354  }
SimpleSAML
Attribute-related utility methods.
+ Here is the caller graph for this function:

◆ parseDescriptorsFile()

static SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile (   $file)
static

This function parses a file where the root node is either an EntityDescriptor element or an EntitiesDescriptor element.

In both cases it will return an associative array of SAMLParser instances. If the file contains a single EntityDescriptorElement, then the array will contain a single SAMLParser instance.

Parameters
string$fileThe path to the file which contains the EntityDescriptor or EntitiesDescriptor element.
Returns
SimpleSAML_Metadata_SAMLParser[] An array of SAMLParser instances.
Exceptions
ExceptionIf the file does not parse as XML.

Definition at line 285 of file SAMLParser.php.

References $data, SimpleSAML\Utils\HTTP\fetch(), and SAML2\DOMDocumentFactory\fromString().

Referenced by SimpleSAML_Metadata_MetaDataStorageHandlerXML\__construct().

286  {
287  if ($file === null) {
288  throw new Exception('Cannot open file NULL. File name not specified.');
289  }
290 
291  $data = \SimpleSAML\Utils\HTTP::fetch($file);
292 
293  try {
294  $doc = \SAML2\DOMDocumentFactory::fromString($data);
295  } catch (\Exception $e) {
296  throw new Exception('Failed to read XML from file: '.$file);
297  }
298 
299  if ($doc->documentElement === null) {
300  throw new Exception('Opened file is not an XML document: '.$file);
301  }
302 
303  return self::parseDescriptorsElement($doc->documentElement);
304  }
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:408
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseDescriptorsString()

static SimpleSAML_Metadata_SAMLParser::parseDescriptorsString (   $string)
static

This function parses a string with XML data.

The root node of the XML data is expected to be either an EntityDescriptor element or an EntitiesDescriptor element. It will return an associative array of SAMLParser instances.

Parameters
string$stringThe string with XML data.
Returns
SimpleSAML_Metadata_SAMLParser[] An associative array of SAMLParser instances. The key of the array will be the entity id.
Exceptions
ExceptionIf the string does not parse as XML.

Definition at line 318 of file SAMLParser.php.

References SAML2\DOMDocumentFactory\fromString().

Referenced by SimpleSAML_Metadata_MetaDataStorageHandlerXML\__construct().

319  {
320  try {
321  $doc = \SAML2\DOMDocumentFactory::fromString($string);
322  } catch (\Exception $e) {
323  throw new Exception('Failed to parse XML string.');
324  }
325 
326  return self::parseDescriptorsElement($doc->documentElement);
327  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseDocument()

static SimpleSAML_Metadata_SAMLParser::parseDocument (   $document)
static

This function parses a DOMDocument which is assumed to contain a single EntityDescriptor element.

Parameters
DOMDocument$documentThe DOMDocument which contains the EntityDescriptor element.
Returns
SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.

Definition at line 249 of file SAMLParser.php.

250  {
251  assert($document instanceof DOMDocument);
252 
253  $entityElement = self::findEntityDescriptor($document);
254 
255  return self::parseElement($entityElement);
256  }

◆ parseElement()

static SimpleSAML_Metadata_SAMLParser::parseElement (   $entityElement)
static

This function parses a object which represents a EntityDescriptor element.

Parameters
\SAML2\XML\md\EntityDescriptor$entityElementA object which represents a EntityDescriptor element.
Returns
SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.

Definition at line 267 of file SAMLParser.php.

268  {
269  assert($entityElement instanceof \SAML2\XML\md\EntityDescriptor);
270  return new SimpleSAML_Metadata_SAMLParser($entityElement, null, array());
271  }
SimpleSAML_Metadata_SAMLParser
This is class for parsing of SAML 1.x and SAML 2.0 metadata.
Definition: SAMLParser.php:15

◆ parseFile()

static SimpleSAML_Metadata_SAMLParser::parseFile (   $file)
static

This function parses a file which contains XML encoded metadata.

Parameters
string$fileThe path to the file which contains the metadata.
Returns
SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.
Exceptions
ExceptionIf the file does not parse as XML.

Definition at line 208 of file SAMLParser.php.

References $data, SimpleSAML\Utils\HTTP\fetch(), and SAML2\DOMDocumentFactory\fromString().

209  {
210  $data = \SimpleSAML\Utils\HTTP::fetch($file);
211 
212  try {
213  $doc = \SAML2\DOMDocumentFactory::fromString($data);
214  } catch (\Exception $e) {
215  throw new Exception('Failed to read XML from file: '.$file);
216  }
217 
218  return self::parseDocument($doc);
219  }
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:408
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:

◆ parseGenericEndpoint()

static SimpleSAML_Metadata_SAMLParser::parseGenericEndpoint ( \SAML2\XML\md\EndpointType  $element)
staticprivate

This function is a generic endpoint element parser.

The returned associative array has the following elements:

  • 'Binding': The binding this endpoint uses.
  • 'Location': The URL to this endpoint.
  • 'ResponseLocation': The URL where responses should be sent. This may not exist.
  • 'index': The index of this endpoint. This attribute is only for indexed endpoints.
  • 'isDefault': Whether this endpoint is the default endpoint for this type. This attribute may not exist.
Parameters
\SAML2\XML\md\EndpointType$elementThe element which should be parsed.
Returns
array An associative array with the data we have extracted from the element.

Definition at line 1246 of file SAMLParser.php.

1247  {
1248  $ep = array();
1249 
1250  $ep['Binding'] = $element->Binding;
1251  $ep['Location'] = $element->Location;
1252 
1253  if ($element->ResponseLocation !== null) {
1254  $ep['ResponseLocation'] = $element->ResponseLocation;
1255  }
1256 
1257  if ($element instanceof \SAML2\XML\md\IndexedEndpointType) {
1258  $ep['index'] = $element->index;
1259 
1260  if ($element->isDefault !== null) {
1261  $ep['isDefault'] = $element->isDefault;
1262  }
1263  }
1264 
1265  return $ep;
1266  }

◆ parseKeyDescriptor()

static SimpleSAML_Metadata_SAMLParser::parseKeyDescriptor ( \SAML2\XML\md\KeyDescriptor  $kd)
staticprivate

This function parses a KeyDescriptor element.

It currently only supports keys with a single X509 certificate.

The associative array for a key can contain:

  • 'encryption': Indicates whether this key can be used for encryption.
  • 'signing': Indicates whether this key can be used for signing.
  • 'type: The type of the key. 'X509Certificate' is the only key type we support.
  • 'X509Certificate': The contents of the first X509Certificate element (if the type is 'X509Certificate ').
Parameters
\SAML2\XML\md\KeyDescriptor$kdThe KeyDescriptor element.
Returns
array|null An associative array describing the key, or null if this is an unsupported key.

Definition at line 1301 of file SAMLParser.php.

References $d, $i, and $r.

1302  {
1303  $r = array();
1304 
1305  if ($kd->use === 'encryption') {
1306  $r['encryption'] = true;
1307  $r['signing'] = false;
1308  } elseif ($kd->use === 'signing') {
1309  $r['encryption'] = false;
1310  $r['signing'] = true;
1311  } else {
1312  $r['encryption'] = true;
1313  $r['signing'] = true;
1314  }
1315 
1316  $keyInfo = $kd->KeyInfo;
1317 
1318  foreach ($keyInfo->info as $i) {
1319  if ($i instanceof \SAML2\XML\ds\X509Data) {
1320  foreach ($i->data as $d) {
1321  if ($d instanceof \SAML2\XML\ds\X509Certificate) {
1322  $r['type'] = 'X509Certificate';
1323  $r['X509Certificate'] = $d->certificate;
1324  return $r;
1325  }
1326  }
1327  }
1328  }
1329 
1330  return null;
1331  }
$r
$r
Definition: example_031.php:79
$i
$i
Definition: disco.tpl.php:19
$d
for($i=6; $i< 13; $i++) for($i=1; $i< 13; $i++) $d
Definition: date.php:296

◆ parseRoleDescriptorType()

static SimpleSAML_Metadata_SAMLParser::parseRoleDescriptorType ( \SAML2\XML\md\RoleDescriptor  $element,
  $expireTime 
)
staticprivate

Parse a RoleDescriptorType element.

The returned associative array has the following elements:

  • 'protocols': Array with the protocols supported.
  • 'expire': Timestamp for when this descriptor expires.
  • 'keys': Array of associative arrays with the elements from parseKeyDescriptor.
Parameters
\SAML2\XML\md\RoleDescriptor$elementThe element we should extract metadata from.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.
Returns
array An associative array with metadata we have extracted from this element.

Definition at line 831 of file SAMLParser.php.

References $key, and $ret.

832  {
833  assert($expireTime === null || is_int($expireTime));
834 
835  $ret = array();
836 
837  $expireTime = self::getExpireTime($element, $expireTime);
838 
839  if ($expireTime !== null) {
840  // we got an expired timestamp, either from this element or one of the parent elements
841  $ret['expire'] = $expireTime;
842  }
843 
844  $ret['protocols'] = $element->protocolSupportEnumeration;
845 
846  // process KeyDescriptor elements
847  $ret['keys'] = array();
848  foreach ($element->KeyDescriptor as $kd) {
849  $key = self::parseKeyDescriptor($kd);
850  if ($key !== null) {
851  $ret['keys'][] = $key;
852  }
853  }
854 
855  $ext = self::processExtensions($element);
856  $ret['scope'] = $ext['scope'];
857  $ret['tags'] = $ext['tags'];
858  $ret['EntityAttributes'] = $ext['EntityAttributes'];
859  $ret['UIInfo'] = $ext['UIInfo'];
860  $ret['DiscoHints'] = $ext['DiscoHints'];
861 
862  return $ret;
863  }
$ret
$ret
Definition: parser.php:6
$key
$key
Definition: croninfo.php:18

◆ parseSSODescriptor()

static SimpleSAML_Metadata_SAMLParser::parseSSODescriptor ( \SAML2\XML\md\SSODescriptorType  $element,
  $expireTime 
)
staticprivate

This function extracts metadata from a SSODescriptor element.

The returned associative array has the following elements:

  • 'protocols': Array with the protocols this SSODescriptor supports.
  • 'SingleLogoutService': Array with the single logout service endpoints. Each endpoint is stored as an associative array with the elements that parseGenericEndpoint returns.
  • 'nameIDFormats': The NameIDFormats supported by this SSODescriptor. This may be an empty array.
  • 'keys': Array of associative arrays with the elements from parseKeyDescriptor:
Parameters
\SAML2\XML\md\SSODescriptorType$elementThe element we should extract metadata from.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.
Returns
array An associative array with metadata we have extracted from this element.

Definition at line 882 of file SAMLParser.php.

883  {
884  assert($expireTime === null || is_int($expireTime));
885 
886  $sd = self::parseRoleDescriptorType($element, $expireTime);
887 
888  // find all SingleLogoutService elements
889  $sd['SingleLogoutService'] = self::extractEndpoints($element->SingleLogoutService);
890 
891  // find all ArtifactResolutionService elements
892  $sd['ArtifactResolutionService'] = self::extractEndpoints($element->ArtifactResolutionService);
893 
894 
895  // process NameIDFormat elements
896  $sd['nameIDFormats'] = $element->NameIDFormat;
897 
898  return $sd;
899  }

◆ parseString()

static SimpleSAML_Metadata_SAMLParser::parseString (   $metadata)
static

This function parses a string which contains XML encoded metadata.

Parameters
string$metadataA string which contains XML encoded metadata.
Returns
SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.
Exceptions
ExceptionIf the string does not parse as XML.

Definition at line 230 of file SAMLParser.php.

References $metadata, and SAML2\DOMDocumentFactory\fromString().

231  {
232  try {
233  $doc = \SAML2\DOMDocumentFactory::fromString($metadata);
234  } catch (\Exception $e) {
235  throw new Exception('Failed to parse XML string.');
236  }
237 
238  return self::parseDocument($doc);
239  }
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
+ Here is the call graph for this function:

◆ processAttributeAuthorityDescriptor()

SimpleSAML_Metadata_SAMLParser::processAttributeAuthorityDescriptor ( \SAML2\XML\md\AttributeAuthorityDescriptor  $element,
  $expireTime 
)
private

This function extracts metadata from a AttributeAuthorityDescriptor element.

Parameters
\SAML2\XML\md\AttributeAuthorityDescriptor$elementThe element which should be parsed.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.

Definition at line 971 of file SAMLParser.php.

References $entityId.

Referenced by __construct().

974  {
975  assert($expireTime === null || is_int($expireTime));
976 
977  $aad = self::parseRoleDescriptorType($element, $expireTime);
978  $aad['entityid'] = $this->entityId;
979  $aad['metadata-set'] = 'attributeauthority-remote';
980 
981  $aad['AttributeService'] = self::extractEndpoints($element->AttributeService);
982  $aad['AssertionIDRequestService'] = self::extractEndpoints($element->AssertionIDRequestService);
983  $aad['NameIDFormat'] = $element->NameIDFormat;
984 
985  $this->attributeAuthorityDescriptors[] = $aad;
986  }
SimpleSAML_Metadata_SAMLParser\$entityId
$entityId
Definition: SAMLParser.php:41
+ Here is the caller graph for this function:

◆ processContactPerson()

SimpleSAML_Metadata_SAMLParser::processContactPerson ( \SAML2\XML\md\ContactPerson  $element)
private

Parse and process a ContactPerson element.

Parameters
\SAML2\XML\md\ContactPerson$elementThe ContactPerson element.

Definition at line 1154 of file SAMLParser.php.

Referenced by __construct().

1155  {
1156  $contactPerson = array();
1157  if (!empty($element->contactType)) {
1158  $contactPerson['contactType'] = $element->contactType;
1159  }
1160  if (!empty($element->Company)) {
1161  $contactPerson['company'] = $element->Company;
1162  }
1163  if (!empty($element->GivenName)) {
1164  $contactPerson['givenName'] = $element->GivenName;
1165  }
1166  if (!empty($element->SurName)) {
1167  $contactPerson['surName'] = $element->SurName;
1168  }
1169  if (!empty($element->EmailAddress)) {
1170  $contactPerson['emailAddress'] = $element->EmailAddress;
1171  }
1172  if (!empty($element->TelephoneNumber)) {
1173  $contactPerson['telephoneNumber'] = $element->TelephoneNumber;
1174  }
1175  if (!empty($contactPerson)) {
1176  $this->contacts[] = $contactPerson;
1177  }
1178  }
+ Here is the caller graph for this function:

◆ processExtensions()

static SimpleSAML_Metadata_SAMLParser::processExtensions (   $element,
  $parentExtensions = array() 
)
staticprivate

Parse an Extensions element.

Extensions may appear in multiple elements and certain extension may get inherited from a parent element.

Parameters
mixed$elementThe element which contains the Extensions element.
array$parentExtensionsAn optional array of extensions from the parent element.
Returns
array An associative array with the extensions parsed.

Definition at line 998 of file SAMLParser.php.

References $name, $ret, $values, and SimpleSAML\Logger\warning().

999  {
1000  $ret = array(
1001  'scope' => array(),
1002  'tags' => array(),
1003  'EntityAttributes' => array(),
1004  'RegistrationInfo' => array(),
1005  'UIInfo' => array(),
1006  'DiscoHints' => array(),
1007  );
1008 
1009  // Some extensions may get inherited from a parent element
1010  if (($element instanceof \SAML2\XML\md\EntityDescriptor || $element instanceof \SAML2\XML\md\EntitiesDescriptor)
1011  && !empty($parentExtensions['RegistrationInfo'])) {
1012  $ret['RegistrationInfo'] = $parentExtensions['RegistrationInfo'];
1013  }
1014 
1015  foreach ($element->Extensions as $e) {
1016  if ($e instanceof \SAML2\XML\shibmd\Scope) {
1017  $ret['scope'][] = $e->scope;
1018  continue;
1019  }
1020 
1021  // Entity Attributes are only allowed at entity level extensions and not at RoleDescriptor level
1022  if ($element instanceof \SAML2\XML\md\EntityDescriptor ||
1023  $element instanceof \SAML2\XML\md\EntitiesDescriptor) {
1024  if ($e instanceof \SAML2\XML\mdrpi\RegistrationInfo) {
1025  // Registration Authority cannot be overridden (warn only if override attempts to change the value)
1026  if (isset($ret['RegistrationInfo']['registrationAuthority'])
1027  && $ret['RegistrationInfo']['registrationAuthority'] !== $e->registrationAuthority) {
1028  SimpleSAML\Logger::warning('Invalid attempt to override registrationAuthority \''
1029  . $ret['RegistrationInfo']['registrationAuthority'] . "' with '{$e->registrationAuthority}'");
1030  } else {
1031  $ret['RegistrationInfo']['registrationAuthority'] = $e->registrationAuthority;
1032  }
1033  }
1034  if ($e instanceof \SAML2\XML\mdattr\EntityAttributes && !empty($e->children)) {
1035  foreach ($e->children as $attr) {
1036  // only saml:Attribute are currently supported here. The specifications also allows
1037  // saml:Assertions, which more complex processing
1038  if ($attr instanceof \SAML2\XML\saml\Attribute) {
1039  if (empty($attr->Name) || empty($attr->AttributeValue)) {
1040  continue;
1041  }
1042 
1043  // attribute names that is not URI is prefixed as this: '{nameformat}name'
1044  $name = $attr->Name;
1045  if (empty($attr->NameFormat)) {
1046  $name = '{'.\SAML2\Constants::NAMEFORMAT_UNSPECIFIED.'}'.$attr->Name;
1047  } elseif ($attr->NameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri') {
1048  $name = '{'.$attr->NameFormat.'}'.$attr->Name;
1049  }
1050 
1051  $values = array();
1052  foreach ($attr->AttributeValue as $attrvalue) {
1053  $values[] = $attrvalue->getString();
1054  }
1055 
1056  $ret['EntityAttributes'][$name] = $values;
1057  }
1058  }
1059  }
1060  }
1061 
1062  // UIInfo elements are only allowed at RoleDescriptor level extensions
1063  if ($element instanceof \SAML2\XML\md\RoleDescriptor) {
1064  if ($e instanceof \SAML2\XML\mdui\UIInfo) {
1065  $ret['UIInfo']['DisplayName'] = $e->DisplayName;
1066  $ret['UIInfo']['Description'] = $e->Description;
1067  $ret['UIInfo']['InformationURL'] = $e->InformationURL;
1068  $ret['UIInfo']['PrivacyStatementURL'] = $e->PrivacyStatementURL;
1069 
1070  foreach ($e->Keywords as $uiItem) {
1071  if (!($uiItem instanceof \SAML2\XML\mdui\Keywords)
1072  || empty($uiItem->Keywords)
1073  || empty($uiItem->lang)
1074  ) {
1075  continue;
1076  }
1077  $ret['UIInfo']['Keywords'][$uiItem->lang] = $uiItem->Keywords;
1078  }
1079  foreach ($e->Logo as $uiItem) {
1080  if (!($uiItem instanceof \SAML2\XML\mdui\Logo)
1081  || empty($uiItem->url)
1082  || empty($uiItem->height)
1083  || empty($uiItem->width)
1084  ) {
1085  continue;
1086  }
1087  $logo = array(
1088  'url' => $uiItem->url,
1089  'height' => $uiItem->height,
1090  'width' => $uiItem->width,
1091  );
1092  if (!empty($uiItem->lang)) {
1093  $logo['lang'] = $uiItem->lang;
1094  }
1095  $ret['UIInfo']['Logo'][] = $logo;
1096  }
1097  }
1098  }
1099 
1100  // DiscoHints elements are only allowed at IDPSSODescriptor level extensions
1101  if ($element instanceof \SAML2\XML\md\IDPSSODescriptor) {
1102  if ($e instanceof \SAML2\XML\mdui\DiscoHints) {
1103  $ret['DiscoHints']['IPHint'] = $e->IPHint;
1104  $ret['DiscoHints']['DomainHint'] = $e->DomainHint;
1105  $ret['DiscoHints']['GeolocationHint'] = $e->GeolocationHint;
1106  }
1107  }
1108 
1109  if (!($e instanceof \SAML2\XML\Chunk)) {
1110  continue;
1111  }
1112 
1113  if ($e->localName === 'Attribute' && $e->namespaceURI === \SAML2\Constants::NS_SAML) {
1114  $attribute = $e->xml;
1115 
1116  $name = $attribute->getAttribute('Name');
1117  $values = array_map(
1118  array('SimpleSAML\Utils\XML', 'getDOMText'),
1119  SimpleSAML\Utils\XML::getDOMChildren($attribute, 'AttributeValue', '@saml2')
1120  );
1121 
1122  if ($name === 'tags') {
1123  foreach ($values as $tagname) {
1124  if (!empty($tagname)) {
1125  $ret['tags'][] = $tagname;
1126  }
1127  }
1128  }
1129  }
1130  }
1131  return $ret;
1132  }
SimpleSAML
Attribute-related utility methods.
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177
$values
$values
Definition: testOperations.php:7
$ret
$ret
Definition: parser.php:6
$name
$name
Definition: client_example.php:35
+ Here is the call graph for this function:

◆ processIDPSSODescriptor()

SimpleSAML_Metadata_SAMLParser::processIDPSSODescriptor ( \SAML2\XML\md\IDPSSODescriptor  $element,
  $expireTime 
)
private

This function extracts metadata from a IDPSSODescriptor element.

Parameters
\SAML2\XML\md\IDPSSODescriptor$elementThe element which should be parsed.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.

Definition at line 945 of file SAMLParser.php.

References $idp.

Referenced by __construct().

946  {
947  assert($expireTime === null || is_int($expireTime));
948 
949  $idp = self::parseSSODescriptor($element, $expireTime);
950 
951  // find all SingleSignOnService elements
952  $idp['SingleSignOnService'] = self::extractEndpoints($element->SingleSignOnService);
953 
954  if ($element->WantAuthnRequestsSigned) {
955  $idp['WantAuthnRequestsSigned'] = true;
956  } else {
957  $idp['WantAuthnRequestsSigned'] = false;
958  }
959 
960  $this->idpDescriptors[] = $idp;
961  }
$idp
$idp
Definition: prp.php:13
+ Here is the caller graph for this function:

◆ processOrganization()

SimpleSAML_Metadata_SAMLParser::processOrganization ( \SAML2\XML\md\Organization  $element)
private

Parse and process a Organization element.

Parameters
\SAML2\XML\md\Organization$elementThe Organization element.

Definition at line 1140 of file SAMLParser.php.

Referenced by __construct().

1141  {
1142  $this->organizationName = $element->OrganizationName;
1143  $this->organizationDisplayName = $element->OrganizationDisplayName;
1144  $this->organizationURL = $element->OrganizationURL;
1145  }
+ Here is the caller graph for this function:

◆ processSPSSODescriptor()

SimpleSAML_Metadata_SAMLParser::processSPSSODescriptor ( \SAML2\XML\md\SPSSODescriptor  $element,
  $expireTime 
)
private

This function extracts metadata from a SPSSODescriptor element.

Parameters
\SAML2\XML\md\SPSSODescriptor$elementThe element which should be parsed.
int | NULL$expireTimeThe unix timestamp for when this element should expire, or NULL if unknown.

Definition at line 909 of file SAMLParser.php.

Referenced by __construct().

910  {
911  assert($expireTime === null || is_int($expireTime));
912 
913  $sp = self::parseSSODescriptor($element, $expireTime);
914 
915  // find all AssertionConsumerService elements
916  $sp['AssertionConsumerService'] = self::extractEndpoints($element->AssertionConsumerService);
917 
918  // find all the attributes and SP name...
919  $attcs = $element->AttributeConsumingService;
920  if (count($attcs) > 0) {
921  self::parseAttributeConsumerService($attcs[0], $sp);
922  }
923 
924  // check AuthnRequestsSigned
925  if ($element->AuthnRequestsSigned !== null) {
926  $sp['AuthnRequestsSigned'] = $element->AuthnRequestsSigned;
927  }
928 
929  // check WantAssertionsSigned
930  if ($element->WantAssertionsSigned !== null) {
931  $sp['WantAssertionsSigned'] = $element->WantAssertionsSigned;
932  }
933 
934  $this->spDescriptors[] = $sp;
935  }
+ Here is the caller graph for this function:

◆ validateFingerprint()

SimpleSAML_Metadata_SAMLParser::validateFingerprint (   $fingerprint)

This function checks if this EntityDescriptor was signed with a certificate with the given fingerprint.

Parameters
string$fingerprintFingerprint of the certificate which should have been used to sign this EntityDescriptor.
Returns
boolean True if it was signed with the certificate with the given fingerprint, false otherwise.

Definition at line 1459 of file SAMLParser.php.

References SimpleSAML\Logger\debug().

1460  {
1461  assert(is_string($fingerprint));
1462 
1463  $fingerprint = strtolower(str_replace(":", "", $fingerprint));
1464 
1465  $candidates = array();
1466  foreach ($this->validators as $validator) {
1467  foreach ($validator->getValidatingCertificates() as $cert) {
1468  $fp = strtolower(sha1(base64_decode($cert)));
1469  $candidates[] = $fp;
1470  if ($fp === $fingerprint) {
1471  return true;
1472  }
1473  }
1474  }
1475  SimpleSAML\Logger::debug('Fingerprint was ['.$fingerprint.'] not one of ['.join(', ', $candidates).']');
1476  return false;
1477  }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
+ Here is the call graph for this function:

◆ validateSignature()

SimpleSAML_Metadata_SAMLParser::validateSignature (   $certificates)

If this EntityDescriptor was signed this function use the public key to check the signature.

Parameters
array$certificatesOne ore more certificates with the public key. This makes it possible to do a key rollover.
Returns
boolean True if it is possible to check the signature with the certificate, false otherwise.
Exceptions
ExceptionIf the certificate file cannot be found.

Definition at line 1421 of file SAMLParser.php.

References $certificates, $key, SimpleSAML\Logger\debug(), and SimpleSAML\Utils\Config\getCertPath().

1422  {
1423  foreach ($certificates as $cert) {
1424  assert(is_string($cert));
1425  $certFile = \SimpleSAML\Utils\Config::getCertPath($cert);
1426  if (!file_exists($certFile)) {
1427  throw new Exception(
1428  'Could not find certificate file ['.$certFile.'], which is needed to validate signature'
1429  );
1430  }
1431  $certData = file_get_contents($certFile);
1432 
1433  foreach ($this->validators as $validator) {
1434  $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'public'));
1435  $key->loadKey($certData);
1436  try {
1437  if ($validator->validate($key)) {
1438  return true;
1439  }
1440  } catch (Exception $e) {
1441  // this certificate did not sign this element, skip
1442  }
1443  }
1444  }
1445  SimpleSAML\Logger::debug('Could not validate signature');
1446  return false;
1447  }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
$certificates
$certificates
Definition: metarefresh.php:39
SimpleSAML\Utils\Config\getCertPath
static getCertPath($path)
Resolves a path that may be relative to the cert-directory.
Definition: Config.php:22
$key
$key
Definition: croninfo.php:18
+ Here is the call graph for this function:

Field Documentation

◆ $attributeAuthorityDescriptors

SimpleSAML_Metadata_SAMLParser::$attributeAuthorityDescriptors = array()
private

Definition at line 70 of file SAMLParser.php.

Referenced by getAttributeAuthorities().

◆ $contacts

SimpleSAML_Metadata_SAMLParser::$contacts = array()
private

Definition at line 103 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $entityAttributes

SimpleSAML_Metadata_SAMLParser::$entityAttributes
private

Definition at line 113 of file SAMLParser.php.

Referenced by addExtensions().

◆ $entityDescriptor

SimpleSAML_Metadata_SAMLParser::$entityDescriptor
private

Definition at line 138 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $entityId

SimpleSAML_Metadata_SAMLParser::$entityId
private

Definition at line 41 of file SAMLParser.php.

Referenced by getEntityId(), getMetadataCommon(), and processAttributeAuthorityDescriptor().

◆ $idpDescriptors

SimpleSAML_Metadata_SAMLParser::$idpDescriptors
private

Definition at line 63 of file SAMLParser.php.

◆ $organizationDisplayName

SimpleSAML_Metadata_SAMLParser::$organizationDisplayName = array()
private

Definition at line 88 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $organizationName

SimpleSAML_Metadata_SAMLParser::$organizationName = array()
private

Definition at line 79 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $organizationURL

SimpleSAML_Metadata_SAMLParser::$organizationURL = array()
private

Definition at line 96 of file SAMLParser.php.

Referenced by getMetadataCommon().

◆ $registrationInfo

SimpleSAML_Metadata_SAMLParser::$registrationInfo
private

Definition at line 119 of file SAMLParser.php.

Referenced by addExtensions().

◆ $SAML1xProtocols

SimpleSAML_Metadata_SAMLParser::$SAML1xProtocols
staticprivate
Initial value:
= array(
'urn:oasis:names:tc:SAML:1.0:protocol',
'urn:oasis:names:tc:SAML:1.1:protocol',
)

Definition at line 22 of file SAMLParser.php.

◆ $SAML20Protocols

SimpleSAML_Metadata_SAMLParser::$SAML20Protocols
staticprivate
Initial value:
= array(
'urn:oasis:names:tc:SAML:2.0:protocol',
)

Definition at line 32 of file SAMLParser.php.

◆ $scopes

SimpleSAML_Metadata_SAMLParser::$scopes
private

Definition at line 108 of file SAMLParser.php.

Referenced by addExtensions().

◆ $spDescriptors

SimpleSAML_Metadata_SAMLParser::$spDescriptors
private

Definition at line 53 of file SAMLParser.php.

◆ $tags

SimpleSAML_Metadata_SAMLParser::$tags
private

Definition at line 124 of file SAMLParser.php.

Referenced by addExtensions().

◆ $validators

SimpleSAML_Metadata_SAMLParser::$validators = array()
private

Definition at line 131 of file SAMLParser.php.

Referenced by __construct(), and parseDescriptorsElement().

The documentation for this class was generated from the following file: