ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
ArtifactResolutionService.php
Go to the documentation of this file.
1 <?php
2 
11 require_once('../../_include.php');
12 
13 $config = SimpleSAML_Configuration::getInstance();
14 if (!$config->getBoolean('enable.saml20-idp', false)) {
15  throw new SimpleSAML_Error_Error('NOACCESS');
16 }
17 
18 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
19 $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
20 $idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-hosted');
21 
22 if (!$idpMetadata->getBoolean('saml20.sendartifact', false)) {
23  throw new SimpleSAML_Error_Error('NOACCESS');
24 }
25 
26 $store = \SimpleSAML\Store::getInstance();
27 if ($store === false) {
28  throw new Exception('Unable to send artifact without a datastore configured.');
29 }
30 
31 $binding = new \SAML2\SOAP();
32 try {
33  $request = $binding->receive();
34 } catch (Exception $e) { // TODO: look for a specific exception
35  // This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw
36  // an specific exception when the binding is unknown, and we should capture that here. Also note that the exception
37  // message here is bogus!
38  if ($e->getMessage() === 'Invalid message received to AssertionConsumerService endpoint.') {
39  throw new SimpleSAML_Error_Error('ARSPARAMS', $e, 400);
40  } else {
41  throw $e; // do not ignore other exceptions!
42  }
43 }
44 if (!($request instanceof \SAML2\ArtifactResolve)) {
45  throw new Exception('Message received on ArtifactResolutionService wasn\'t a ArtifactResolve request.');
46 }
47 
48 $issuer = $request->getIssuer();
49 $spMetadata = $metadata->getMetadataConfig($issuer, 'saml20-sp-remote');
50 
51 $artifact = $request->getArtifact();
52 
53 $responseData = $store->get('artifact', $artifact);
54 $store->delete('artifact', $artifact);
55 
56 if ($responseData !== null) {
57  $document = \SAML2\DOMDocumentFactory::fromString($responseData);
58  $responseXML = $document->firstChild;
59 } else {
60  $responseXML = null;
61 }
62 
63 $artifactResponse = new \SAML2\ArtifactResponse();
64 $artifactResponse->setIssuer($idpEntityId);
65 $artifactResponse->setInResponseTo($request->getId());
66 $artifactResponse->setAny($responseXML);
67 sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $artifactResponse);
68 $binding->send($artifactResponse);
SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
$binding
if($store===false) $binding
Definition: ArtifactResolutionService.php:31
SimpleSAML_Error_Error
Definition: Error.php:10
sspmod_saml_Message\addSign
static addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, \SAML2\SignedElement $element)
Add signature key and sender certificate to an element (Message or Assertion).
Definition: Message.php:20
$issuer
catch(Exception $e) if(!($request instanceof \SAML2\ArtifactResolve)) $issuer
Definition: ArtifactResolutionService.php:48
$store
if(! $idpMetadata->getBoolean('saml20.sendartifact', false)) $store
Definition: ArtifactResolutionService.php:26
SimpleSAML\Store\getInstance
static getInstance()
Retrieve our singleton instance.
Definition: Store.php:31
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325
$metadata
if(! $config->getBoolean('enable.saml20-idp', false)) $metadata
Definition: ArtifactResolutionService.php:18