ILIAS  trunk Revision v11.0_alpha-1831-g8615d53dadb
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Private Member Functions
ILIAS\Saml\Metadata Class Reference
+ Collaboration diagram for ILIAS\Saml\Metadata:

Public Member Functions

 __construct (private readonly SimpleSamlFactory $create)
 
 buildXML (ilSamlAuth $auth)
 

Private Member Functions

 singleLogoutService (Configuration $config, string $logout_url, string $source_id)
 
 assertionConsumerServices (Configuration $config, array $default)
 
 defaultAssertionConsumerServices (Configuration $config, string $base_url, string $source_id)
 
 nameIdPolicy (Configuration $config)
 
 nameInformation (Configuration $config)
 
 organizationalInformation (Configuration $config)
 
 certificates (Configuration $config)
 
 buildCertData (?array $cert_info, bool $encryption)
 
 extensions (Configuration $config)
 
 removeKey ($key)
 
 mergeList (array $list)
 
 addIfExists (Configuration $config, string $needle, string $selector='getValue', ?string $as_key=null)
 
 mergeListIfExists (Configuration $config, array $list)
 

Detailed Description

Definition at line 30 of file Metadata.php.

Constructor & Destructor Documentation

◆ __construct()

ILIAS\Saml\Metadata::__construct ( private readonly SimpleSamlFactory  $create)

Definition at line 32 of file Metadata.php.

33  {
34  }

Member Function Documentation

◆ addIfExists()

ILIAS\Saml\Metadata::addIfExists ( Configuration  $config,
string  $needle,
string  $selector = 'getValue',
?string  $as_key = null 
)
private

Definition at line 263 of file Metadata.php.

Referenced by ILIAS\Saml\Metadata\mergeListIfExists(), and ILIAS\Saml\Metadata\organizationalInformation().

263  : array
264  {
265  return $config->hasValue($needle) ?
266  [$as_key ?? $needle => $config->$selector($needle)] :
267  [];
268  }
+ Here is the caller graph for this function:

◆ assertionConsumerServices()

ILIAS\Saml\Metadata::assertionConsumerServices ( Configuration  $config,
array  $default 
)
private

Definition at line 90 of file Metadata.php.

References $service, and ILIAS\Saml\Metadata\removeKey().

Referenced by ILIAS\Saml\Metadata\buildXML().

90  : array
91  {
92  $services = $config->getOptionalArray('acs.Bindings', array_keys($default));
93 
94  $services = array_intersect($services, array_keys($default));
95 
96  $services = array_map(static fn(string $service, int $index): array => array_merge($default[$service] ?? [], [
97  'index' => $index,
98  ]), $services, range(0, count($services) - 1));
99 
100  return [
101  'services' => array_map($this->removeKey('Protocol'), $services),
102  'supported_protocols' => array_unique(array_values(array_column($services, 'Protocol'))),
103  ];
104  }
array_map
$service
$service
Definition: ltiservices.php:40
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ buildCertData()

ILIAS\Saml\Metadata::buildCertData ( ?array  $cert_info,
bool  $encryption 
)
private

Definition at line 217 of file Metadata.php.

References null.

Referenced by ILIAS\Saml\Metadata\certificates().

217  : ?array
218  {
219  if ($cert_info['certData'] ?? false) {
220  return [
221  'type' => 'X509Certificate',
222  'signing' => true,
223  'encryption' => $encryption,
224  'X509Certificate' => $cert_info['certData'],
225  ];
226  }
227 
228  return null;
229  }
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
+ Here is the caller graph for this function:

◆ buildXML()

ILIAS\Saml\Metadata::buildXML ( ilSamlAuth  $auth)

Definition at line 36 of file Metadata.php.

References ILIAS\Saml\Metadata\assertionConsumerServices(), ILIAS\Saml\Metadata\certificates(), ILIAS\Saml\Metadata\defaultAssertionConsumerServices(), ILIAS\Saml\Metadata\extensions(), ilSamlAuth\getAuthId(), ILIAS\Saml\Metadata\mergeList(), ILIAS\Saml\Metadata\nameIdPolicy(), ILIAS\Saml\Metadata\nameInformation(), ILIAS\Saml\Metadata\organizationalInformation(), and ILIAS\Saml\Metadata\singleLogoutService().

36  : string
37  {
38  $source = $this->create->sourceById($auth->getAuthId());
39  $config = $source->getMetadata();
40  $base_url = rtrim(ILIAS_HTTP_PATH, '/');
41 
42  $acs = $this->assertionConsumerServices($config, $this->defaultAssertionConsumerServices($config, $base_url, $auth->getAuthId()));
43 
44  $base = [
45  'entityid' => $source->getEntityId(),
46  'metadata-set' => 'saml20-sp-remote',
47  'SingleLogoutService' => $this->singleLogoutService($config, $base_url, $source->getAuthId()),
48  'AssertionConsumerService' => $acs['services'],
49  ];
50 
51  $metadata_sp20 = $this->mergeList([
52  $base,
53  $this->nameIdPolicy($config),
54  $this->nameInformation($config),
55  $this->organizationalInformation($config),
56  $this->certificates($config),
57  $this->extensions($config),
58  ]);
59 
60  $builder = $this->create->builder($source->getEntityId());
61  $builder->addMetadataSP20($metadata_sp20, $acs['supported_protocols']);
62  $builder->addOrganizationInfo($metadata_sp20);
63 
64  $xml = $builder->getEntityDescriptorText();
65  $xml = $this->create->sign($xml, $config->toArray(), 'SAML 2 SP');
66 
67  return $xml;
68  }
ILIAS\Saml\Metadata\assertionConsumerServices
assertionConsumerServices(Configuration $config, array $default)
Definition: Metadata.php:90
ILIAS\Saml\Metadata\nameIdPolicy
nameIdPolicy(Configuration $config)
Definition: Metadata.php:133
ILIAS\Saml\Metadata\certificates
certificates(Configuration $config)
Definition: Metadata.php:196
ILIAS\Saml\Metadata\mergeList
mergeList(array $list)
Definition: Metadata.php:258
ILIAS\Saml\Metadata\organizationalInformation
organizationalInformation(Configuration $config)
Definition: Metadata.php:165
ILIAS\Saml\Metadata\extensions
extensions(Configuration $config)
Definition: Metadata.php:231
ILIAS\Saml\Metadata\singleLogoutService
singleLogoutService(Configuration $config, string $logout_url, string $source_id)
Definition: Metadata.php:70
ILIAS\Saml\Metadata\nameInformation
nameInformation(Configuration $config)
Definition: Metadata.php:145
ILIAS\Saml\Metadata\defaultAssertionConsumerServices
defaultAssertionConsumerServices(Configuration $config, string $base_url, string $source_id)
Definition: Metadata.php:106
+ Here is the call graph for this function:

◆ certificates()

ILIAS\Saml\Metadata::certificates ( Configuration  $config)
private

Definition at line 196 of file Metadata.php.

References ILIAS\Saml\Metadata\buildCertData(), and null.

Referenced by ILIAS\Saml\Metadata\buildXML().

196  : array
197  {
198  $crypt = $this->create->crypt();
199 
200  $key = $this->buildCertData($crypt->loadPublicKey($config, false, 'new_'), true);
201  $has_new_cert = $key !== null;
202 
203  $keys = array_values(array_filter([
204  $key,
205  $this->buildCertData($crypt->loadPublicKey($config), !$has_new_cert),
206  ]));
207 
208  if (count($keys) === 1) {
209  return ['certData' => $keys[0]['X509Certificate']];
210  } elseif (count($keys) > 1) {
211  return ['keys' => $keys];
212  }
213 
214  return [];
215  }
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ILIAS\Saml\Metadata\buildCertData
buildCertData(?array $cert_info, bool $encryption)
Definition: Metadata.php:217
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ defaultAssertionConsumerServices()

ILIAS\Saml\Metadata::defaultAssertionConsumerServices ( Configuration  $config,
string  $base_url,
string  $source_id 
)
private

Definition at line 106 of file Metadata.php.

Referenced by ILIAS\Saml\Metadata\buildXML().

106  : array
107  {
108  $default = [
109  'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' => [
110  'Binding' => Constants::BINDING_HTTP_POST,
111  'Location' => sprintf('%s/module.php/saml/sp/saml2-acs.php/%s', $base_url, $source_id),
112  'Protocol' => Constants::NS_SAMLP,
113  ],
114  'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' => [
115  'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
116  'Location' => sprintf('%s/module.php/saml/sp/saml2-acs.php/%s', $base_url, $source_id),
117  'Protocol' => Constants::NS_SAMLP,
118  ],
119  ];
120 
121  if ($config->getOptionalString('ProtocolBinding', '') === 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser') {
122  $default['urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser'] = [
123  'Binding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser',
124  'hoksso:ProtocolBinding' => Constants::BINDING_HTTP_REDIRECT,
125  'Location' => sprintf('%s/module.php/saml2-acs/%s', $base_url, $source_id),
126  'Protocol' => Constants::NS_SAMLP,
127  ];
128  }
129 
130  return $default;
131  }
+ Here is the caller graph for this function:

◆ extensions()

ILIAS\Saml\Metadata::extensions ( Configuration  $config)
private

Definition at line 231 of file Metadata.php.

References ILIAS\Saml\Metadata\mergeListIfExists().

Referenced by ILIAS\Saml\Metadata\buildXML().

231  : array
232  {
233  return $this->mergeListIfExists($config, [
234  ['EntityAttributes', 'getArray'],
235  ['UIInfo', 'getArray'],
236  ['RegistrationInfo', 'getArray'],
237  ['WantAssertionsSigned', 'getBoolean', 'saml20.sign.assertion'],
238  ['redirect.sign', 'getBoolean', 'redirect.validate'],
239  ['sign.authnrequest', 'getBoolean', 'validate.authnrequest'],
240  ]);
241  }
ILIAS\Saml\Metadata\mergeListIfExists
mergeListIfExists(Configuration $config, array $list)
Definition: Metadata.php:273
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mergeList()

ILIAS\Saml\Metadata::mergeList ( array  $list)
private
Parameters
list<array>$list

Definition at line 258 of file Metadata.php.

Referenced by ILIAS\Saml\Metadata\buildXML(), and ILIAS\Saml\Metadata\mergeListIfExists().

258  : array
259  {
260  return array_merge(...$list);
261  }
+ Here is the caller graph for this function:

◆ mergeListIfExists()

ILIAS\Saml\Metadata::mergeListIfExists ( Configuration  $config,
array  $list 
)
private
Parameters
list<string|list<string>>$list

Definition at line 273 of file Metadata.php.

References ILIAS\Saml\Metadata\addIfExists(), and ILIAS\Saml\Metadata\mergeList().

Referenced by ILIAS\Saml\Metadata\extensions(), and ILIAS\Saml\Metadata\nameInformation().

273  : array
274  {
275  return $this->mergeList(array_map(
276  fn($pair): array => $this->addIfExists($config, ...(is_array($pair) ? $pair : [$pair])),
277  $list
278  ));
279  }
array_map
ILIAS\Saml\Metadata\addIfExists
addIfExists(Configuration $config, string $needle, string $selector='getValue', ?string $as_key=null)
Definition: Metadata.php:263
ILIAS\Saml\Metadata\mergeList
mergeList(array $list)
Definition: Metadata.php:258
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nameIdPolicy()

ILIAS\Saml\Metadata::nameIdPolicy ( Configuration  $config)
private

Definition at line 133 of file Metadata.php.

References null.

Referenced by ILIAS\Saml\Metadata\buildXML().

133  : array
134  {
135  $format = $config->getOptionalValue('NameIDPolicy', null);
136  return match (gettype($format)) {
137  'array' => [
138  'NameIDFormat' => $this->create->configFromArray($format)->getString('Format'),
139  ],
140  'string' => ['NameIDFormat' => $format],
141  default => [],
142  };
143  }
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
+ Here is the caller graph for this function:

◆ nameInformation()

ILIAS\Saml\Metadata::nameInformation ( Configuration  $config)
private

Definition at line 145 of file Metadata.php.

References ILIAS\Saml\Metadata\mergeListIfExists().

Referenced by ILIAS\Saml\Metadata\buildXML().

145  : array
146  {
147  if (!$config->hasValue('name') || !$config->hasValue('attributes')) {
148  return [];
149  }
150 
151  $information = [
152  'name' => $config->getLocalizedString('name'),
153  'attributes' => $config->getArray('attributes'),
154  ];
155 
156  return array_merge($information, $this->mergeListIfExists($config, [
157  ['attributes.required', 'getArray'],
158  ['description', 'getString'],
159  ['attributes.NameFormat', 'getString'],
160  ['attributes.index', 'getInteger'],
161  ['attributes.isDefault', 'getBoolean'],
162  ]));
163  }
ILIAS\Saml\Metadata\mergeListIfExists
mergeListIfExists(Configuration $config, array $list)
Definition: Metadata.php:273
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ organizationalInformation()

ILIAS\Saml\Metadata::organizationalInformation ( Configuration  $config)
private

Definition at line 165 of file Metadata.php.

References ILIAS\Saml\Metadata\addIfExists(), and null.

Referenced by ILIAS\Saml\Metadata\buildXML().

165  : array
166  {
167  $array = [];
168  if ($config->hasValue('OrganizationName')) {
169  $array['OrganizationName'] = $config->getLocalizedString('OrganizationName');
170 
171  $array = array_merge($array, $this->addIfExists($config, 'OrganizationDisplayName', 'getLocalizedString'));
172 
173  if (!$config->hasValue('OrganizationURL')) {
174  throw new Exception('If OrganizationName is set, OrganizationURL must also be set.');
175  }
176  $array['OrganizationURL'] = $config->getLocalizedString('OrganizationURL');
177  }
178 
179  foreach ($config->getOptionalArray('contacts', []) as $contact) {
180  $array['contacts'][] = $this->create->contact($contact);
181  }
182 
183  // add technical contact
184  if ($config->hasValue('technicalcontact_email') && $config->getString('technicalcontact_email') !== 'na@example.org') {
185  $techcontact = [
186  'emailAddress' => $config->getString('technicalcontact_email'),
187  'name' => $config->getOptionalString('technicalcontact_name', null),
188  'contactType' => 'technical',
189  ];
190  $array['contacts'][] = $this->create->contact($techcontact);
191  }
192 
193  return $array;
194  }
ILIAS\Saml\Metadata\addIfExists
addIfExists(Configuration $config, string $needle, string $selector='getValue', ?string $as_key=null)
Definition: Metadata.php:263
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ removeKey()

ILIAS\Saml\Metadata::removeKey (   $key)
private
Parameters
string | int$key
Returns
Closure(array): array

Definition at line 247 of file Metadata.php.

References Vendor\Package\$a.

Referenced by ILIAS\Saml\Metadata\assertionConsumerServices().

247  : Closure
248  {
249  return static function (array $a) use ($key) {
250  unset($a[$key]);
251  return $a;
252  };
253  }
Vendor\Package\$a
$a
thx to https://mlocati.github.io/php-cs-fixer-configurator for the examples
Definition: example_cleaned.php:49
+ Here is the caller graph for this function:

◆ singleLogoutService()

ILIAS\Saml\Metadata::singleLogoutService ( Configuration  $config,
string  $logout_url,
string  $source_id 
)
private

Definition at line 70 of file Metadata.php.

References Vendor\Package\$b.

Referenced by ILIAS\Saml\Metadata\buildXML().

70  : array
71  {
72  $logout_url = $logout_url . '/module.php/saml/sp/saml2-logout.php/' . $source_id;
73  $store = $this->create->store();
74 
75  $bindings = $config->getOptionalArray('SingleLogoutServiceBinding', [
76  Constants::BINDING_HTTP_REDIRECT,
77  Constants::BINDING_SOAP,
78  ]);
79 
80  $bindings = $store instanceof SQLStore ?
81  $bindings :
82  array_values(array_filter($bindings, static fn(string $b): bool => $b !== Constants::BINDING_SOAP));
83 
84  return array_map(static fn(string $b): array => [
85  'Binding' => $b,
86  'Location' => $config->getOptionalString('SingleLogoutServiceLocation', $logout_url),
87  ], $bindings);
88  }
array_map
+ Here is the caller graph for this function:
The documentation for this class was generated from the following file: