ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
ArtifactResolutionService.php
Go to the documentation of this file.
1<?php
2
11require_once('../../_include.php');
12
13$config = SimpleSAML_Configuration::getInstance();
14if (!$config->getBoolean('enable.saml20-idp', false)) {
15 throw new SimpleSAML_Error_Error('NOACCESS');
16}
17
18$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
19$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
20$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-hosted');
21
22if (!$idpMetadata->getBoolean('saml20.sendartifact', false)) {
23 throw new SimpleSAML_Error_Error('NOACCESS');
24}
25
26$store = \SimpleSAML\Store::getInstance();
27if ($store === false) {
28 throw new Exception('Unable to send artifact without a datastore configured.');
29}
30
31$binding = new \SAML2\SOAP();
32try {
33 $request = $binding->receive();
34} catch (Exception $e) { // TODO: look for a specific exception
35 // This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw
36 // an specific exception when the binding is unknown, and we should capture that here. Also note that the exception
37 // message here is bogus!
38 if ($e->getMessage() === 'Invalid message received to AssertionConsumerService endpoint.') {
39 throw new SimpleSAML_Error_Error('ARSPARAMS', $e, 400);
40 } else {
41 throw $e; // do not ignore other exceptions!
42 }
43}
44if (!($request instanceof \SAML2\ArtifactResolve)) {
45 throw new Exception('Message received on ArtifactResolutionService wasn\'t a ArtifactResolve request.');
46}
47
48$issuer = $request->getIssuer();
49$spMetadata = $metadata->getMetadataConfig($issuer, 'saml20-sp-remote');
50
51$artifact = $request->getArtifact();
52
53$responseData = $store->get('artifact', $artifact);
54$store->delete('artifact', $artifact);
55
56if ($responseData !== null) {
57 $document = \SAML2\DOMDocumentFactory::fromString($responseData);
58 $responseXML = $document->firstChild;
59} else {
60 $responseXML = null;
61}
62
63$artifactResponse = new \SAML2\ArtifactResponse();
64$artifactResponse->setIssuer($idpEntityId);
65$artifactResponse->setInResponseTo($request->getId());
66$artifactResponse->setAny($responseXML);
67sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $artifactResponse);
68$binding->send($artifactResponse);
$metadata
if(! $config->getBoolean('enable.saml20-idp', false)) $metadata
Definition: ArtifactResolutionService.php:18
$store
if(! $idpMetadata->getBoolean('saml20.sendartifact', false)) $store
Definition: ArtifactResolutionService.php:26
$binding
if($store===false) $binding
Definition: ArtifactResolutionService.php:31
$issuer
catch(Exception $e) if(!($request instanceof \SAML2\ArtifactResolve)) $issuer
Definition: ArtifactResolutionService.php:48
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Store\getInstance
static getInstance()
Retrieve our singleton instance.
Definition: Store.php:31
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325
SimpleSAML_Error_Error
Definition: Error.php:11
SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40
sspmod_saml_Message\addSign
static addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, \SAML2\SignedElement $element)
Add signature key and sender certificate to an element (Message or Assertion).
Definition: Message.php:20