ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes
SAML2\AuthnRequest Class Reference
+ Inheritance diagram for SAML2\AuthnRequest:
+ Collaboration diagram for SAML2\AuthnRequest:

Public Member Functions

 __construct (\DOMElement $xml=null)
 Constructor for SAML 2 authentication request messages. More...
 
 getNameIdPolicy ()
 Retrieve the NameIdPolicy. More...
 
 setNameIdPolicy (array $nameIdPolicy)
 Set the NameIDPolicy. More...
 
 getForceAuthn ()
 Retrieve the value of the ForceAuthn attribute. More...
 
 setForceAuthn ($forceAuthn)
 Set the value of the ForceAuthn attribute. More...
 
 getProviderName ()
 Retrieve the value of the ProviderName attribute. More...
 
 setProviderName ($ProviderName)
 Set the value of the ProviderName attribute. More...
 
 getIsPassive ()
 Retrieve the value of the IsPassive attribute. More...
 
 setIsPassive ($isPassive)
 Set the value of the IsPassive attribute. More...
 
 setIDPList (array $IDPList)
 This function sets the scoping for the request. More...
 
 getIDPList ()
 This function retrieves the list of providerIDs from this authentication request. More...
 
 setProxyCount ($ProxyCount)
 
 getProxyCount ()
 
 setRequesterID (array $RequesterID)
 
 getRequesterID ()
 
 getAssertionConsumerServiceURL ()
 Retrieve the value of the AssertionConsumerServiceURL attribute. More...
 
 setAssertionConsumerServiceURL ($assertionConsumerServiceURL)
 Set the value of the AssertionConsumerServiceURL attribute. More...
 
 getProtocolBinding ()
 Retrieve the value of the ProtocolBinding attribute. More...
 
 setProtocolBinding ($protocolBinding)
 Set the value of the ProtocolBinding attribute. More...
 
 getAttributeConsumingServiceIndex ()
 Retrieve the value of the AttributeConsumingServiceIndex attribute. More...
 
 setAttributeConsumingServiceIndex ($attributeConsumingServiceIndex)
 Set the value of the AttributeConsumingServiceIndex attribute. More...
 
 getAssertionConsumerServiceIndex ()
 Retrieve the value of the AssertionConsumerServiceIndex attribute. More...
 
 setAssertionConsumerServiceIndex ($assertionConsumerServiceIndex)
 Set the value of the AssertionConsumerServiceIndex attribute. More...
 
 getRequestedAuthnContext ()
 Retrieve the RequestedAuthnContext. More...
 
 setRequestedAuthnContext ($requestedAuthnContext)
 Set the RequestedAuthnContext. More...
 
 getNameId ()
 Retrieve the NameId of the subject in the assertion. More...
 
 setNameId ($nameId)
 Set the NameId of the subject in the assertion. More...
 
 encryptNameId (XMLSecurityKey $key)
 Encrypt the NameID in the AuthnRequest. More...
 
 decryptNameId (XMLSecurityKey $key, array $blacklist=array())
 Decrypt the NameId of the subject in the assertion. More...
 
 getSubjectConfirmation ()
 Retrieve the SubjectConfirmation elements we have in our Subject element. More...
 
 setSubjectConfirmation (array $subjectConfirmation)
 Set the SubjectConfirmation elements that should be included in the assertion. More...
 
 toUnsignedXML ()
 Convert this authentication request to an XML element. More...
 
- Public Member Functions inherited from SAML2\Message
 addValidator ($function, $data)
 Add a method for validating this message. More...
 
 validate (XMLSecurityKey $key)
 Validate this message against a public key. More...
 
 getId ()
 Retrieve the identifier of this message. More...
 
 setId ($id)
 Set the identifier of this message. More...
 
 getIssueInstant ()
 Retrieve the issue timestamp of this message. More...
 
 setIssueInstant ($issueInstant)
 Set the issue timestamp of this message. More...
 
 getDestination ()
 Retrieve the destination of this message. More...
 
 setDestination ($destination)
 Set the destination of this message. More...
 
 setConsent ($consent)
 Set the given consent for this message. More...
 
 getConsent ()
 Set the given consent for this message. More...
 
 getIssuer ()
 Retrieve the issuer if this message. More...
 
 setIssuer ($issuer)
 Set the issuer of this message. More...
 
 isMessageConstructedWithSignature ()
 Query whether or not the message contained a signature at the root level when the object was constructed. More...
 
 getRelayState ()
 Retrieve the RelayState associated with this message. More...
 
 setRelayState ($relayState)
 Set the RelayState associated with this message. More...
 
 toUnsignedXML ()
 Convert this message to an unsigned XML document. More...
 
 toSignedXML ()
 Convert this message to a signed XML document. More...
 
 getSignatureKey ()
 Retrieve the private key we should use to sign the message. More...
 
 setSignatureKey (XMLSecurityKey $signatureKey=null)
 Set the private key we should use to sign the message. More...
 
 setCertificates (array $certificates)
 Set the certificates that should be included in the message. More...
 
 getCertificates ()
 Retrieve the certificates that are included in the message. More...
 
 getExtensions ()
 Retrieve the Extensions. More...
 
 setExtensions ($extensions)
 Set the Extensions. More...
 
 getSignatureMethod ()
 

Protected Member Functions

 parseNameIdPolicy (\DOMElement $xml)
 
 parseRequestedAuthnContext (\DOMElement $xml)
 
 parseScoping (\DOMElement $xml)
 
- Protected Member Functions inherited from SAML2\Message
 __construct ($tagName, \DOMElement $xml=null)
 Initialize a message. More...
 

Private Member Functions

 parseSubject (\DOMElement $xml)
 
 addSubject (\DOMElement $root)
 Add a Subject-node to the assertion. More...
 

Private Attributes

 $nameIdPolicy
 
 $forceAuthn
 
 $ProviderName
 
 $isPassive
 
 $IDPList = array()
 
 $ProxyCount = null
 
 $RequesterID = array()
 
 $assertionConsumerServiceURL
 
 $protocolBinding
 
 $attributeConsumingServiceIndex
 
 $assertionConsumerServiceIndex
 
 $requestedAuthnContext
 
 $subjectConfirmation = array()
 
 $encryptedNameId
 
 $nameId
 

Additional Inherited Members

- Static Public Member Functions inherited from SAML2\Message
static fromXML (\DOMElement $xml)
 Convert an XML element into a message. More...
 
- Protected Attributes inherited from SAML2\Message
 $extensions
 
 $document
 
 $messageContainedSignatureUponConstruction = false
 

Detailed Description

Definition at line 15 of file AuthnRequest.php.

Constructor & Destructor Documentation

◆ __construct()

SAML2\AuthnRequest::__construct ( \DOMElement  $xml = null)

Constructor for SAML 2 authentication request messages.

Parameters
\DOMElement | null$xmlThe input message.
Exceptions

Definition at line 132 of file AuthnRequest.php.

References $xml.

133  {
134  parent::__construct('AuthnRequest', $xml);
135 
136  $this->nameIdPolicy = array();
137  $this->forceAuthn = false;
138  $this->isPassive = false;
139 
140  if ($xml === null) {
141  return;
142  }
143 
144  $this->forceAuthn = Utils::parseBoolean($xml, 'ForceAuthn', false);
145  $this->isPassive = Utils::parseBoolean($xml, 'IsPassive', false);
146 
147  if ($xml->hasAttribute('AssertionConsumerServiceURL')) {
148  $this->assertionConsumerServiceURL = $xml->getAttribute('AssertionConsumerServiceURL');
149  }
150 
151  if ($xml->hasAttribute('ProtocolBinding')) {
152  $this->protocolBinding = $xml->getAttribute('ProtocolBinding');
153  }
154 
155  if ($xml->hasAttribute('AttributeConsumingServiceIndex')) {
156  $this->attributeConsumingServiceIndex = (int) $xml->getAttribute('AttributeConsumingServiceIndex');
157  }
158 
159  if ($xml->hasAttribute('AssertionConsumerServiceIndex')) {
160  $this->assertionConsumerServiceIndex = (int) $xml->getAttribute('AssertionConsumerServiceIndex');
161  }
162 
163  if ($xml->hasAttribute('ProviderName')) {
164  $this->ProviderName = $xml->getAttribute('ProviderName');
165  }
166 
167  $this->parseSubject($xml);
168  $this->parseNameIdPolicy($xml);
169  $this->parseRequestedAuthnContext($xml);
170  $this->parseScoping($xml);
171  }
SAML2\AuthnRequest\parseRequestedAuthnContext
parseRequestedAuthnContext(\DOMElement $xml)
Definition: AuthnRequest.php:240
SAML2\AuthnRequest\parseSubject
parseSubject(\DOMElement $xml)
Definition: AuthnRequest.php:178
SAML2\Utils\parseBoolean
static parseBoolean(\DOMElement $node, $attributeName, $default=null)
Parse a boolean attribute.
Definition: Utils.php:276
SAML2\AuthnRequest\parseNameIdPolicy
parseNameIdPolicy(\DOMElement $xml)
Definition: AuthnRequest.php:218
$xml
$xml
Definition: fetch_windows_zones.php:11
SAML2\AuthnRequest\parseScoping
parseScoping(\DOMElement $xml)
Definition: AuthnRequest.php:271

Member Function Documentation

◆ addSubject()

SAML2\AuthnRequest::addSubject ( \DOMElement  $root)
private

Add a Subject-node to the assertion.

Parameters
\DOMElement$rootThe assertion element we should add the subject to.

Definition at line 787 of file AuthnRequest.php.

References $sc.

788  {
789  // If there is no nameId (encrypted or not) there is nothing to create a subject for
790  if ($this->nameId === null && $this->encryptedNameId === null) {
791  return;
792  }
793 
794  $subject = $root->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:Subject');
795  $root->appendChild($subject);
796 
797  if ($this->encryptedNameId === null) {
798  $this->nameId->toXML($subject);
799  } else {
800  $eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:EncryptedID');
801  $eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, true));
802  $subject->appendChild($eid);
803  }
804 
805  foreach ($this->subjectConfirmation as $sc) {
806  $sc->toXML($subject);
807  }
808  }
$root
$root
Definition: sabredav.php:45
SAML2\Constants\NS_SAML
const NS_SAML
The namespace for the SAML 2 assertions.
Definition: Constants.php:225

◆ decryptNameId()

SAML2\AuthnRequest::decryptNameId ( XMLSecurityKey  $key,
array  $blacklist = array() 
)

Decrypt the NameId of the subject in the assertion.

Parameters
XMLSecurityKey$keyThe decryption key.
array$blacklistBlacklisted decryption algorithms.

Definition at line 649 of file AuthnRequest.php.

References $nameId.

650  {
651  if ($this->encryptedNameId === null) {
652  /* No NameID to decrypt. */
653  return;
654  }
655 
656  $nameId = Utils::decryptElement($this->encryptedNameId, $key, $blacklist);
657  Utils::getContainer()->debugMessage($nameId, 'decrypt');
658  $this->nameId = new XML\saml\NameID($nameId);
659 
660  $this->encryptedNameId = null;
661  }
SAML2\Utils\decryptElement
static decryptElement(\DOMElement $encryptedData, XMLSecurityKey $inputKey, array $blacklist=array())
Decrypt an encrypted element.
Definition: Utils.php:558
$key
$key
Definition: croninfo.php:18
SAML2\Utils\getContainer
static getContainer()
Definition: Utils.php:752

◆ encryptNameId()

SAML2\AuthnRequest::encryptNameId ( XMLSecurityKey  $key)

Encrypt the NameID in the AuthnRequest.

Parameters
XMLSecurityKey$keyThe encryption key.

Definition at line 617 of file AuthnRequest.php.

References $nameId, and $root.

618  {
619  /* First create a XML representation of the NameID. */
620  $doc = new \DOMDocument();
621  $root = $doc->createElement('root');
622  $doc->appendChild($root);
623  $this->nameId->toXML($root);
624  $nameId = $root->firstChild;
625 
626  Utils::getContainer()->debugMessage($nameId, 'encrypt');
627 
628  /* Encrypt the NameID. */
629  $enc = new XMLSecEnc();
630  $enc->setNode($nameId);
631  // @codingStandardsIgnoreStart
632  $enc->type = XMLSecEnc::Element;
633  // @codingStandardsIgnoreEnd
634 
635  $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
636  $symmetricKey->generateSessionKey();
637  $enc->encryptKey($key, $symmetricKey);
638 
639  $this->encryptedNameId = $enc->encryptNode($symmetricKey);
640  $this->nameId = null;
641  }
$root
$root
Definition: sabredav.php:45
$key
$key
Definition: croninfo.php:18
SAML2\Utils\getContainer
static getContainer()
Definition: Utils.php:752

◆ getAssertionConsumerServiceIndex()

SAML2\AuthnRequest::getAssertionConsumerServiceIndex ( )

Retrieve the value of the AssertionConsumerServiceIndex attribute.

Returns
int|null The AssertionConsumerServiceIndex attribute.

Definition at line 543 of file AuthnRequest.php.

544  {
545  return $this->assertionConsumerServiceIndex;
546  }

◆ getAssertionConsumerServiceURL()

SAML2\AuthnRequest::getAssertionConsumerServiceURL ( )

Retrieve the value of the AssertionConsumerServiceURL attribute.

Returns
string|null The AssertionConsumerServiceURL attribute.

Definition at line 477 of file AuthnRequest.php.

478  {
479  return $this->assertionConsumerServiceURL;
480  }

◆ getAttributeConsumingServiceIndex()

SAML2\AuthnRequest::getAttributeConsumingServiceIndex ( )

Retrieve the value of the AttributeConsumingServiceIndex attribute.

Returns
int|null The AttributeConsumingServiceIndex attribute.

Definition at line 521 of file AuthnRequest.php.

522  {
523  return $this->attributeConsumingServiceIndex;
524  }

◆ getForceAuthn()

SAML2\AuthnRequest::getForceAuthn ( )

Retrieve the value of the ForceAuthn attribute.

Returns
bool The ForceAuthn attribute.

Definition at line 341 of file AuthnRequest.php.

342  {
343  return $this->forceAuthn;
344  }

◆ getIDPList()

SAML2\AuthnRequest::getIDPList ( )

This function retrieves the list of providerIDs from this authentication request.

Currently we only support a list of ipd ientity id's.

Returns
array List of idp EntityIDs from the request

Definition at line 434 of file AuthnRequest.php.

435  {
436  return $this->IDPList;
437  }

◆ getIsPassive()

SAML2\AuthnRequest::getIsPassive ( )

Retrieve the value of the IsPassive attribute.

Returns
bool The IsPassive attribute.

Definition at line 389 of file AuthnRequest.php.

390  {
391  return $this->isPassive;
392  }

◆ getNameId()

SAML2\AuthnRequest::getNameId ( )

Retrieve the NameId of the subject in the assertion.

Returns
|null The name identifier of the assertion.
Exceptions

Definition at line 588 of file AuthnRequest.php.

References $nameId.

589  {
590  if ($this->encryptedNameId !== null) {
591  throw new \Exception('Attempted to retrieve encrypted NameID without decrypting it first.');
592  }
593 
594  return $this->nameId;
595  }

◆ getNameIdPolicy()

SAML2\AuthnRequest::getNameIdPolicy ( )

Retrieve the NameIdPolicy.

See also
::setNameIdPolicy()
Returns
array The NameIdPolicy.

Definition at line 304 of file AuthnRequest.php.

305  {
306  return $this->nameIdPolicy;
307  }

◆ getProtocolBinding()

SAML2\AuthnRequest::getProtocolBinding ( )

Retrieve the value of the ProtocolBinding attribute.

Returns
string|null The ProtocolBinding attribute.

Definition at line 499 of file AuthnRequest.php.

500  {
501  return $this->protocolBinding;
502  }

◆ getProviderName()

SAML2\AuthnRequest::getProviderName ( )

Retrieve the value of the ProviderName attribute.

Returns
string The ProviderName attribute.

Definition at line 365 of file AuthnRequest.php.

366  {
367  return $this->ProviderName;
368  }

◆ getProxyCount()

SAML2\AuthnRequest::getProxyCount ( )
Returns
int|null

Definition at line 451 of file AuthnRequest.php.

452  {
453  return $this->ProxyCount;
454  }

◆ getRequestedAuthnContext()

SAML2\AuthnRequest::getRequestedAuthnContext ( )

Retrieve the RequestedAuthnContext.

Returns
array|null The RequestedAuthnContext.

Definition at line 565 of file AuthnRequest.php.

566  {
567  return $this->requestedAuthnContext;
568  }

◆ getRequesterID()

SAML2\AuthnRequest::getRequesterID ( )
Returns
array

Definition at line 467 of file AuthnRequest.php.

468  {
469  return $this->RequesterID;
470  }

◆ getSubjectConfirmation()

SAML2\AuthnRequest::getSubjectConfirmation ( )

Retrieve the SubjectConfirmation elements we have in our Subject element.

Returns
[]

Definition at line 668 of file AuthnRequest.php.

669  {
670  return $this->subjectConfirmation;
671  }

◆ parseNameIdPolicy()

SAML2\AuthnRequest::parseNameIdPolicy ( \DOMElement  $xml)
protected
Parameters
\DOMElement$xml
Exceptions

Definition at line 218 of file AuthnRequest.php.

219  {
220  $nameIdPolicy = Utils::xpQuery($xml, './saml_protocol:NameIDPolicy');
221  if (empty($nameIdPolicy)) {
222  return;
223  }
224 
225  $nameIdPolicy = $nameIdPolicy[0];
226  if ($nameIdPolicy->hasAttribute('Format')) {
227  $this->nameIdPolicy['Format'] = $nameIdPolicy->getAttribute('Format');
228  }
229  if ($nameIdPolicy->hasAttribute('SPNameQualifier')) {
230  $this->nameIdPolicy['SPNameQualifier'] = $nameIdPolicy->getAttribute('SPNameQualifier');
231  }
232  if ($nameIdPolicy->hasAttribute('AllowCreate')) {
233  $this->nameIdPolicy['AllowCreate'] = Utils::parseBoolean($nameIdPolicy, 'AllowCreate', false);
234  }
235  }
SAML2\Utils\parseBoolean
static parseBoolean(\DOMElement $node, $attributeName, $default=null)
Parse a boolean attribute.
Definition: Utils.php:276
SAML2\Utils\xpQuery
static xpQuery(\DOMNode $node, $query)
Do an XPath query on an XML node.
Definition: Utils.php:191
$xml
$xml
Definition: fetch_windows_zones.php:11

◆ parseRequestedAuthnContext()

SAML2\AuthnRequest::parseRequestedAuthnContext ( \DOMElement  $xml)
protected
Parameters
\DOMElement$xml

Definition at line 240 of file AuthnRequest.php.

References $i.

241  {
242  $requestedAuthnContext = Utils::xpQuery($xml, './saml_protocol:RequestedAuthnContext');
243  if (empty($requestedAuthnContext)) {
244  return;
245  }
246 
247  $requestedAuthnContext = $requestedAuthnContext[0];
248 
249  $rac = array(
250  'AuthnContextClassRef' => array(),
251  'Comparison' => Constants::COMPARISON_EXACT,
252  );
253 
254  $accr = Utils::xpQuery($requestedAuthnContext, './saml_assertion:AuthnContextClassRef');
255  foreach ($accr as $i) {
256  $rac['AuthnContextClassRef'][] = trim($i->textContent);
257  }
258 
259  if ($requestedAuthnContext->hasAttribute('Comparison')) {
260  $rac['Comparison'] = $requestedAuthnContext->getAttribute('Comparison');
261  }
262 
263  $this->requestedAuthnContext = $rac;
264  }
SAML2\Constants\COMPARISON_EXACT
const COMPARISON_EXACT
Request Authentication Context Comparison indicating that the resulting authentication context in the...
Definition: Constants.php:83
SAML2\Utils\xpQuery
static xpQuery(\DOMNode $node, $query)
Do an XPath query on an XML node.
Definition: Utils.php:191
$xml
$xml
Definition: fetch_windows_zones.php:11
$i
$i
Definition: disco.tpl.php:19

◆ parseScoping()

SAML2\AuthnRequest::parseScoping ( \DOMElement  $xml)
protected
Parameters
\DOMElement$xml
Exceptions

Definition at line 271 of file AuthnRequest.php.

272  {
273  $scoping = Utils::xpQuery($xml, './saml_protocol:Scoping');
274  if (empty($scoping)) {
275  return;
276  }
277 
278  $scoping = $scoping[0];
279 
280  if ($scoping->hasAttribute('ProxyCount')) {
281  $this->ProxyCount = (int) $scoping->getAttribute('ProxyCount');
282  }
283  $idpEntries = Utils::xpQuery($scoping, './saml_protocol:IDPList/saml_protocol:IDPEntry');
284 
285  foreach ($idpEntries as $idpEntry) {
286  if (!$idpEntry->hasAttribute('ProviderID')) {
287  throw new \Exception("Could not get ProviderID from Scoping/IDPEntry element in AuthnRequest object");
288  }
289  $this->IDPList[] = $idpEntry->getAttribute('ProviderID');
290  }
291 
292  $requesterIDs = Utils::xpQuery($scoping, './saml_protocol:RequesterID');
293  foreach ($requesterIDs as $requesterID) {
294  $this->RequesterID[] = trim($requesterID->textContent);
295  }
296  }
SAML2\Utils\xpQuery
static xpQuery(\DOMNode $node, $query)
Do an XPath query on an XML node.
Definition: Utils.php:191
$xml
$xml
Definition: fetch_windows_zones.php:11

◆ parseSubject()

SAML2\AuthnRequest::parseSubject ( \DOMElement  $xml)
private
Parameters
$xml
Exceptions

Definition at line 178 of file AuthnRequest.php.

References $nameId, and $sc.

179  {
180  $subject = Utils::xpQuery($xml, './saml_assertion:Subject');
181  if (empty($subject)) {
182  return;
183  }
184 
185  if (count($subject) > 1) {
186  throw new \Exception('More than one <saml:Subject> in <saml:AuthnRequest>.');
187  }
188  $subject = $subject[0];
189 
190  $nameId = Utils::xpQuery(
191  $subject,
192  './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData'
193  );
194  if (empty($nameId)) {
195  throw new \Exception('Missing <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.');
196  } elseif (count($nameId) > 1) {
197  throw new \Exception('More than one <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.');
198  }
199  $nameId = $nameId[0];
200  if ($nameId->localName === 'EncryptedData') {
201  /* The NameID element is encrypted. */
202  $this->encryptedNameId = $nameId;
203  } else {
204  $this->nameId = new XML\saml\NameID($nameId);
205  }
206 
207  $subjectConfirmation = Utils::xpQuery($subject, './saml_assertion:SubjectConfirmation');
208  foreach ($subjectConfirmation as $sc) {
209  $this->subjectConfirmation[] = new SubjectConfirmation($sc);
210  }
211  }
SAML2\Utils\xpQuery
static xpQuery(\DOMNode $node, $query)
Do an XPath query on an XML node.
Definition: Utils.php:191
$xml
$xml
Definition: fetch_windows_zones.php:11

◆ setAssertionConsumerServiceIndex()

SAML2\AuthnRequest::setAssertionConsumerServiceIndex (   $assertionConsumerServiceIndex)

Set the value of the AssertionConsumerServiceIndex attribute.

Parameters
int | null$assertionConsumerServiceIndexThe AssertionConsumerServiceIndex attribute.

Definition at line 553 of file AuthnRequest.php.

554  {
555  assert(is_int($assertionConsumerServiceIndex) || is_null($assertionConsumerServiceIndex));
556 
557  $this->assertionConsumerServiceIndex = $assertionConsumerServiceIndex;
558  }

◆ setAssertionConsumerServiceURL()

SAML2\AuthnRequest::setAssertionConsumerServiceURL (   $assertionConsumerServiceURL)

Set the value of the AssertionConsumerServiceURL attribute.

Parameters
string | null$assertionConsumerServiceURLThe AssertionConsumerServiceURL attribute.

Definition at line 487 of file AuthnRequest.php.

488  {
489  assert(is_string($assertionConsumerServiceURL) || is_null($assertionConsumerServiceURL));
490 
491  $this->assertionConsumerServiceURL = $assertionConsumerServiceURL;
492  }

◆ setAttributeConsumingServiceIndex()

SAML2\AuthnRequest::setAttributeConsumingServiceIndex (   $attributeConsumingServiceIndex)

Set the value of the AttributeConsumingServiceIndex attribute.

Parameters
int | null$attributeConsumingServiceIndexThe AttributeConsumingServiceIndex attribute.

Definition at line 531 of file AuthnRequest.php.

532  {
533  assert(is_int($attributeConsumingServiceIndex) || is_null($attributeConsumingServiceIndex));
534 
535  $this->attributeConsumingServiceIndex = $attributeConsumingServiceIndex;
536  }

◆ setForceAuthn()

SAML2\AuthnRequest::setForceAuthn (   $forceAuthn)

Set the value of the ForceAuthn attribute.

Parameters
bool$forceAuthnThe ForceAuthn attribute.

Definition at line 352 of file AuthnRequest.php.

353  {
354  assert(is_bool($forceAuthn));
355 
356  $this->forceAuthn = $forceAuthn;
357  }

◆ setIDPList()

SAML2\AuthnRequest::setIDPList ( array  $IDPList)

This function sets the scoping for the request.

See Core 3.4.1.2 for the definition of scoping. Currently we support an IDPList of idpEntries.

Each idpEntries consists of an array, containing keys (mapped to attributes) and corresponding values. Allowed attributes: Loc, Name, ProviderID.

For backward compatibility, an idpEntries can also be a string instead of an array, where each string is mapped to the value of attribute ProviderID.

Parameters
arrayList of idpEntries to scope the request to.

Definition at line 423 of file AuthnRequest.php.

424  {
425  $this->IDPList = $IDPList;
426  }

◆ setIsPassive()

SAML2\AuthnRequest::setIsPassive (   $isPassive)

Set the value of the IsPassive attribute.

Parameters
bool$isPassiveThe IsPassive attribute.

Definition at line 400 of file AuthnRequest.php.

401  {
402  assert(is_bool($isPassive));
403 
404  $this->isPassive = $isPassive;
405  }

◆ setNameId()

SAML2\AuthnRequest::setNameId (   $nameId)

Set the NameId of the subject in the assertion.

Parameters
\SAML2\XML\saml\NameID | null$nameIdThe name identifier of the assertion.

Definition at line 602 of file AuthnRequest.php.

References $nameId.

603  {
604  assert(is_array($nameId) || is_null($nameId) || $nameId instanceof XML\saml\NameID);
605 
606  if (is_array($nameId)) {
607  $nameId = XML\saml\NameID::fromArray($nameId);
608  }
609  $this->nameId = $nameId;
610  }
SAML2\XML\saml\NameIDType\fromArray
static fromArray(array $nameId)
Create a object from an array with its contents.
Definition: NameIDType.php:87

◆ setNameIdPolicy()

SAML2\AuthnRequest::setNameIdPolicy ( array  $nameIdPolicy)

Set the NameIDPolicy.

This function accepts an array with the following options:

  • 'Format' (string)
  • 'SPNameQualifier' (string)
  • 'AllowCreate' (bool)
Parameters
array$nameIdPolicyThe NameIDPolicy.

Definition at line 320 of file AuthnRequest.php.

321  {
322  if (isset($nameIdPolicy['Format']) && !is_string($nameIdPolicy['Format'])) {
323  throw InvalidArgumentException::invalidType('string', $nameIdPolicy['Format']);
324  }
325  if (isset($nameIdPolicy['SPNameQualifier']) && !is_string($nameIdPolicy['SPNameQualifier'])) {
326  throw InvalidArgumentException::invalidType('string', $nameIdPolicy['SPNameQualifier']);
327  }
328  if (isset($nameIdPolicy['AllowCreate']) && !is_bool($nameIdPolicy['AllowCreate'])) {
329  throw InvalidArgumentException::invalidType('bool', $nameIdPolicy['AllowCreate']);
330  }
331 
332  $this->nameIdPolicy = $nameIdPolicy;
333  }

◆ setProtocolBinding()

SAML2\AuthnRequest::setProtocolBinding (   $protocolBinding)

Set the value of the ProtocolBinding attribute.

Parameters
string$protocolBindingThe ProtocolBinding attribute.

Definition at line 509 of file AuthnRequest.php.

510  {
511  assert(is_string($protocolBinding) || is_null($protocolBinding));
512 
513  $this->protocolBinding = $protocolBinding;
514  }

◆ setProviderName()

SAML2\AuthnRequest::setProviderName (   $ProviderName)

Set the value of the ProviderName attribute.

Parameters
string$ProviderNameThe ProviderName attribute.

Definition at line 376 of file AuthnRequest.php.

377  {
378  assert(is_string($ProviderName));
379 
380  $this->ProviderName = $ProviderName;
381  }

◆ setProxyCount()

SAML2\AuthnRequest::setProxyCount (   $ProxyCount)
Parameters
int$ProxyCount

Definition at line 442 of file AuthnRequest.php.

443  {
444  assert(is_int($ProxyCount));
445  $this->ProxyCount = $ProxyCount;
446  }

◆ setRequestedAuthnContext()

SAML2\AuthnRequest::setRequestedAuthnContext (   $requestedAuthnContext)

Set the RequestedAuthnContext.

Parameters
array | null$requestedAuthnContextThe RequestedAuthnContext.

Definition at line 575 of file AuthnRequest.php.

576  {
577  assert(is_array($requestedAuthnContext) || is_null($requestedAuthnContext));
578 
579  $this->requestedAuthnContext = $requestedAuthnContext;
580  }

◆ setRequesterID()

SAML2\AuthnRequest::setRequesterID ( array  $RequesterID)
Parameters
array$RequesterID

Definition at line 459 of file AuthnRequest.php.

460  {
461  $this->RequesterID = $RequesterID;
462  }

◆ setSubjectConfirmation()

SAML2\AuthnRequest::setSubjectConfirmation ( array  $subjectConfirmation)

Set the SubjectConfirmation elements that should be included in the assertion.

Parameters
array[]

Definition at line 678 of file AuthnRequest.php.

679  {
680  $this->subjectConfirmation = $subjectConfirmation;
681  }

◆ toUnsignedXML()

SAML2\AuthnRequest::toUnsignedXML ( )

Convert this authentication request to an XML element.

Returns
This authentication request.

Definition at line 688 of file AuthnRequest.php.

References PHPMailer\PHPMailer\$provider, and $root.

689  {
690  $root = parent::toUnsignedXML();
691 
692  if ($this->forceAuthn) {
693  $root->setAttribute('ForceAuthn', 'true');
694  }
695 
696  if ($this->ProviderName !== null) {
697  $root->setAttribute('ProviderName', $this->ProviderName);
698  }
699 
700  if ($this->isPassive) {
701  $root->setAttribute('IsPassive', 'true');
702  }
703 
704  if ($this->assertionConsumerServiceIndex !== null) {
705  $root->setAttribute('AssertionConsumerServiceIndex', $this->assertionConsumerServiceIndex);
706  } else {
707  if ($this->assertionConsumerServiceURL !== null) {
708  $root->setAttribute('AssertionConsumerServiceURL', $this->assertionConsumerServiceURL);
709  }
710  if ($this->protocolBinding !== null) {
711  $root->setAttribute('ProtocolBinding', $this->protocolBinding);
712  }
713  }
714 
715  if ($this->attributeConsumingServiceIndex !== null) {
716  $root->setAttribute('AttributeConsumingServiceIndex', $this->attributeConsumingServiceIndex);
717  }
718 
719  $this->addSubject($root);
720 
721  if (!empty($this->nameIdPolicy)) {
722  $nameIdPolicy = $this->document->createElementNS(Constants::NS_SAMLP, 'NameIDPolicy');
723  if (array_key_exists('Format', $this->nameIdPolicy)) {
724  $nameIdPolicy->setAttribute('Format', $this->nameIdPolicy['Format']);
725  }
726  if (array_key_exists('SPNameQualifier', $this->nameIdPolicy)) {
727  $nameIdPolicy->setAttribute('SPNameQualifier', $this->nameIdPolicy['SPNameQualifier']);
728  }
729  if (array_key_exists('AllowCreate', $this->nameIdPolicy)) {
730  $nameIdPolicy->setAttribute('AllowCreate', ($this->nameIdPolicy['AllowCreate']) ? 'true' : 'false');
731  }
732  $root->appendChild($nameIdPolicy);
733  }
734 
735  $rac = $this->requestedAuthnContext;
736  if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) {
737  $e = $this->document->createElementNS(Constants::NS_SAMLP, 'RequestedAuthnContext');
738  $root->appendChild($e);
739  if (isset($rac['Comparison']) && $rac['Comparison'] !== Constants::COMPARISON_EXACT) {
740  $e->setAttribute('Comparison', $rac['Comparison']);
741  }
742  foreach ($rac['AuthnContextClassRef'] as $accr) {
743  Utils::addString($e, Constants::NS_SAML, 'AuthnContextClassRef', $accr);
744  }
745  }
746 
747  if ($this->ProxyCount !== null || count($this->IDPList) > 0 || count($this->RequesterID) > 0) {
748  $scoping = $this->document->createElementNS(Constants::NS_SAMLP, 'Scoping');
749  $root->appendChild($scoping);
750  if ($this->ProxyCount !== null) {
751  $scoping->setAttribute('ProxyCount', $this->ProxyCount);
752  }
753  if (count($this->IDPList) > 0) {
754  $idplist = $this->document->createElementNS(Constants::NS_SAMLP, 'IDPList');
755  foreach ($this->IDPList as $provider) {
756  $idpEntry = $this->document->createElementNS(Constants::NS_SAMLP, 'IDPEntry');
757  if (is_string($provider)) {
758  $idpEntry->setAttribute('ProviderID', $provider);
759  } elseif (is_array($provider)) {
760  foreach ($provider as $attribute => $value) {
761  if (in_array($attribute, array(
762  'ProviderID',
763  'Loc',
764  'Name'
765  ), true)) {
766  $idpEntry->setAttribute($attribute, $value);
767  }
768  }
769  }
770  $idplist->appendChild($idpEntry);
771  }
772  $scoping->appendChild($idplist);
773  }
774  if (count($this->RequesterID) > 0) {
775  Utils::addStrings($scoping, Constants::NS_SAMLP, 'RequesterID', false, $this->RequesterID);
776  }
777  }
778 
779  return $root;
780  }
SAML2\AuthnRequest\addSubject
addSubject(\DOMElement $root)
Add a Subject-node to the assertion.
Definition: AuthnRequest.php:787
SAML2\Constants\COMPARISON_EXACT
const COMPARISON_EXACT
Request Authentication Context Comparison indicating that the resulting authentication context in the...
Definition: Constants.php:83
SAML2\Utils\addStrings
static addStrings(\DOMElement $parent, $namespace, $name, $localized, array $values)
Append string elements.
Definition: Utils.php:659
SAML2\Utils\addString
static addString(\DOMElement $parent, $namespace, $name, $value)
Append string element.
Definition: Utils.php:635
$root
$root
Definition: sabredav.php:45
SAML2\Constants\NS_SAMLP
const NS_SAMLP
The namespace for the SAML 2 protocol.
Definition: Constants.php:220
SAML2\Constants\NS_SAML
const NS_SAML
The namespace for the SAML 2 assertions.
Definition: Constants.php:225

Field Documentation

◆ $assertionConsumerServiceIndex

SAML2\AuthnRequest::$assertionConsumerServiceIndex
private

Definition at line 97 of file AuthnRequest.php.

◆ $assertionConsumerServiceURL

SAML2\AuthnRequest::$assertionConsumerServiceURL
private

Definition at line 74 of file AuthnRequest.php.

◆ $attributeConsumingServiceIndex

SAML2\AuthnRequest::$attributeConsumingServiceIndex
private

Definition at line 90 of file AuthnRequest.php.

◆ $encryptedNameId

SAML2\AuthnRequest::$encryptedNameId
private

Definition at line 119 of file AuthnRequest.php.

◆ $forceAuthn

SAML2\AuthnRequest::$forceAuthn
private

Definition at line 29 of file AuthnRequest.php.

◆ $IDPList

SAML2\AuthnRequest::$IDPList = array()
private

Definition at line 52 of file AuthnRequest.php.

◆ $isPassive

SAML2\AuthnRequest::$isPassive
private

Definition at line 45 of file AuthnRequest.php.

◆ $nameId

SAML2\AuthnRequest::$nameId
private

Definition at line 124 of file AuthnRequest.php.

◆ $nameIdPolicy

SAML2\AuthnRequest::$nameIdPolicy
private

Definition at line 22 of file AuthnRequest.php.

◆ $protocolBinding

SAML2\AuthnRequest::$protocolBinding
private

Definition at line 82 of file AuthnRequest.php.

◆ $ProviderName

SAML2\AuthnRequest::$ProviderName
private

Definition at line 37 of file AuthnRequest.php.

◆ $ProxyCount

SAML2\AuthnRequest::$ProxyCount = null
private

Definition at line 59 of file AuthnRequest.php.

◆ $requestedAuthnContext

SAML2\AuthnRequest::$requestedAuthnContext
private

Definition at line 109 of file AuthnRequest.php.

◆ $RequesterID

SAML2\AuthnRequest::$RequesterID = array()
private

Definition at line 67 of file AuthnRequest.php.

◆ $subjectConfirmation

SAML2\AuthnRequest::$subjectConfirmation = array()
private

Definition at line 114 of file AuthnRequest.php.

The documentation for this class was generated from the following file: