14 const DEFLATE =
'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE';
24 if ($this->destination ===
null) {
35 $msgStr = $msgStr->ownerDocument->saveXML($msgStr);
37 Utils::getContainer()->debugMessage($msgStr,
'out');
39 $msgStr = gzdeflate($msgStr);
40 $msgStr = base64_encode($msgStr);
45 $msg =
'SAMLRequest=';
47 $msg =
'SAMLResponse=';
49 $msg .= urlencode($msgStr);
57 $msg .=
'&SigAlg=' . urlencode(
$key->type);
59 $signature =
$key->signData($msg);
60 $msg .=
'&Signature=' . urlencode(base64_encode($signature));
99 $data = self::parseQuery();
100 if (array_key_exists(
'SAMLRequest',
$data)) {
102 } elseif (array_key_exists(
'SAMLResponse',
$data)) {
105 throw new \Exception(
'Missing SAMLRequest or SAMLResponse parameter.');
108 if (isset(
$data[
'SAMLEncoding']) &&
$data[
'SAMLEncoding'] !== self::DEFLATE) {
109 throw new \Exception(
'Unknown SAMLEncoding: ' . var_export(
$data[
'SAMLEncoding'],
true));
114 throw new \Exception(
'Error while base64 decoding SAML message.');
119 throw new \Exception(
'Error while inflating SAML message.');
122 Utils::getContainer()->debugMessage(
$message,
'in');
123 $document = DOMDocumentFactory::fromString(
$message);
124 $xml = $document->firstChild;
127 if (array_key_exists(
'RelayState',
$data)) {
131 if (!array_key_exists(
'Signature',
$data)) {
135 if (!array_key_exists(
'SigAlg',
$data)) {
136 throw new \Exception(
'Missing signature algorithm.');
140 'Signature' =>
$data[
'Signature'],
141 'SigAlg' =>
$data[
'SigAlg'],
142 'Query' =>
$data[
'SignedQuery'],
145 $message->addValidator(array(get_class($this),
'validateSignature'), $signData);
170 foreach (explode(
'&',
$_SERVER[
'QUERY_STRING']) as $e) {
171 $tmp = explode(
'=', $e, 2);
173 if (count($tmp) === 2) {
185 $sigQuery =
$name .
'=' . $value;
191 $sigAlg =
'&SigAlg=' . $value;
212 assert(array_key_exists(
"Query",
$data));
213 assert(array_key_exists(
"SigAlg",
$data));
214 assert(array_key_exists(
"Signature",
$data));
217 $sigAlg =
$data[
'SigAlg'];
218 $signature =
$data[
'Signature'];
220 $signature = base64_decode($signature);
222 if (
$key->type !== XMLSecurityKey::RSA_SHA256) {
223 throw new \Exception(
'Invalid key type for validating signature on query string.');
225 if (
$key->type !== $sigAlg) {
226 $key = Utils::castKey(
$key, $sigAlg);
229 if (
$key->verifySignature(
$query, $signature) !== 1) {
230 throw new \Exception(
'Unable to validate signature on query string.');
An exception for terminatinating execution or to throw for unit testing.
getRedirectURL(Message $message)
Create the redirect URL for a message.
static validateSignature(array $data, XMLSecurityKey $key)
Validate the signature on a HTTP-Redirect message.
static parseQuery()
Helper function to parse query data.
receive()
Receive a SAML 2 message sent using the HTTP-Redirect binding.
send(Message $message)
Send a SAML 2 message using the HTTP-Redirect binding.
Base class for all SAML 2 messages.
catch(Exception $e) $message
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']