public function validateSA(&$validate_url, &$text_response, &$tree_response, $renew = false)
{
phpCAS::traceBegin();
$result = false;
// build the URL to validate the ticket
$validate_url = $this->getServerSamlValidateURL();
if ($renew) {
// pass the renew
$validate_url .= '&renew=true';
}
// open and read the URL
if (!$this->_readURL($validate_url, $headers, $text_response, $err_msg)) {
phpCAS::trace('could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')');
throw new CAS_AuthenticationException($this, 'SA not validated', $validate_url, true);
}
phpCAS::trace('server version: ' . $this->getServerVersion());
// analyze the result depending on the version
switch ($this->getServerVersion()) {
case SAML_VERSION_1_1:
// create new DOMDocument Object
$dom = new DOMDocument();
// Fix possible whitspace problems
$dom->preserveWhiteSpace = false;
// read the response of the CAS server into a DOM object
if (!$dom->loadXML($text_response)) {
phpCAS::trace('dom->loadXML() failed');
throw new CAS_AuthenticationException($this, 'SA not validated', $validate_url, false, true, $text_response);
$result = false;
}
// read the root node of the XML tree
if (!($tree_response = $dom->documentElement)) {
phpCAS::trace('documentElement() failed');
throw new CAS_AuthenticationException($this, 'SA not validated', $validate_url, false, true, $text_response);
$result = false;
} else {
if ($tree_response->localName != 'Envelope') {
// insure that tag name is 'Envelope'
phpCAS::trace('bad XML root node (should be `Envelope\' instead of `' . $tree_response->localName . '\'');
throw new CAS_AuthenticationException($this, 'SA not validated', $validate_url, false, true, $text_response);
$result = false;
} else {
if ($tree_response->getElementsByTagName("NameIdentifier")->length != 0) {
// check for the NameIdentifier tag in the SAML response
$success_elements = $tree_response->getElementsByTagName("NameIdentifier");
phpCAS::trace('NameIdentifier found');
$user = trim($success_elements->item(0)->nodeValue);
phpCAS::trace('user = `' . $user . '`');
$this->_setUser($user);
$this->_setSessionAttributes($text_response);
$result = true;
} else {
phpCAS::trace('no <NameIdentifier> tag found in SAML payload');
throw new CAS_AuthenticationException($this, 'SA not validated', $validate_url, false, true, $text_response);
$result = false;
}
}
}
}
if ($result) {
$this->_renameSession($this->getTicket());
}
// at this step, ST has been validated and $this->_user has been set,
phpCAS::traceEnd($result);
return $result;
}