sspmod_saml_IdP_SAML1 Class Reference

Collaboration diagram for sspmod_saml_IdP_SAML1:

Static Public Member Functions
static	sendResponse (array $state)
	Send a response to the SP. More...
static	receiveAuthnRequest (SimpleSAML_IdP $idp)
	Receive an authentication request. More...

Detailed Description

Definition at line 9 of file SAML1.php.

Member Function Documentation

receiveAuthnRequest()

static sspmod_saml_IdP_SAML1::receiveAuthnRequest ( SimpleSAML_IdP  $idp )

static

Receive an authentication request.

Parameters

SimpleSAML_IdP

$idp

The IdP we are receiving it for.

Definition at line 65 of file SAML1.php.

References $metadata, $spEntityId, $spMetadata, $state, $target, SimpleSAML\Utils\HTTP\checkSessionCookie(), SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler(), SimpleSAML_IdP\handleAuthenticationRequest(), SimpleSAML\Logger\info(), SimpleSAML_Stats\log(), and SimpleSAML_Auth_State\RESTART.

    {
        if (isset($_REQUEST['cookieTime'])) {
            $cookieTime = (int)$_REQUEST['cookieTime'];
            if ($cookieTime + 5 > time()) {
                /*
                 * Less than five seconds has passed since we were
                 * here the last time. Cookies are probably disabled.
                 */
                \SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL());
            }
        }

        if (!isset($_REQUEST['providerId'])) {
            throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');
        }
        $spEntityId = (string)$_REQUEST['providerId'];

        if (!isset($_REQUEST['shire'])) {
            throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');
        }
        $shire = (string)$_REQUEST['shire'];

        if (isset($_REQUEST['target'])) {
            $target = $_REQUEST['target'];
        } else {
            $target = null;
        }

        SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, true) . '.');

        $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
        $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');

        $found = false;
        foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
            if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {
                continue;
            }
            if ($ep['Location'] !== $shire) {
                continue;
            }
            $found = true;
            break;
        }
        if (!$found) {
            throw new Exception('Invalid AssertionConsumerService for SP ' .
                var_export($spEntityId, true) . ': ' . var_export($shire, true));
        }

        SimpleSAML_Stats::log('saml:idp:AuthnRequest', array(
            'spEntityID' => $spEntityId,
            'protocol' => 'saml1',
        ));

        $sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(
            \SimpleSAML\Utils\HTTP::getSelfURL(),
            array('cookieTime' => time()));

        $state = array(
            'Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'),
            'SPMetadata' => $spMetadata->toArray(),
            SimpleSAML_Auth_State::RESTART => $sessionLostURL,
            'saml:shire' => $shire,
            'saml:target' => $target,
            'saml:AuthnRequestReceivedAt' => microtime(true),
        );

        $idp->handleAuthenticationRequest($state);
    }

Here is the call graph for this function:

sendResponse()

static sspmod_saml_IdP_SAML1::sendResponse ( array  $state )

static

Send a response to the SP.

Parameters

array

$state

The authentication state.

Definition at line 16 of file SAML1.php.

References $attributes, $config, $idp, $idpMetadata, $metadata, $spEntityId, $spMetadata, $target, SimpleSAML_IdP\getByState(), SimpleSAML_Configuration\getInstance(), SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler(), SimpleSAML\Logger\info(), SimpleSAML_Configuration\loadFromArray(), and SimpleSAML_Stats\log().

    {
        assert(isset($state['Attributes']));
        assert(isset($state['SPMetadata']));
        assert(isset($state['saml:shire']));
        assert(array_key_exists('saml:target', $state)); // Can be NULL

        $spMetadata = $state["SPMetadata"];
        $spEntityId = $spMetadata['entityid'];
        $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata,
            '$metadata[' . var_export($spEntityId, true) . ']');

        SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, true));

        $attributes = $state['Attributes'];
        $shire = $state['saml:shire'];
        $target = $state['saml:target'];

        $idp = SimpleSAML_IdP::getByState($state);

        $idpMetadata = $idp->getConfig();

        $config = SimpleSAML_Configuration::getInstance();
        $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();

        $statsData = array(
            'spEntityID' => $spEntityId,
            'idpEntityID' => $idpMetadata->getString('entityid'),
            'protocol' => 'saml1',
        );
        if (isset($state['saml:AuthnRequestReceivedAt'])) {
            $statsData['logintime'] = microtime(true) - $state['saml:AuthnRequestReceivedAt'];
        }
        SimpleSAML_Stats::log('saml:idp:Response', $statsData);

        // Generate and send response.
        $ar = new \SimpleSAML\XML\Shib13\AuthnResponse();
        $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);

        $httppost = new HTTPPost($config, $metadata);
        $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire);
    }

Here is the call graph for this function:

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/IdP/SAML1.php