sspmod_saml_Message::buildAuthnRequest PHP Method

sspmod_saml_Message Class Documentation Usage Examples Of sspmod_saml_Message::buildAuthnRequest Mostrar archivo Open project: simplesamlphp/simplesamlphp

buildAuthnRequest() public static method

Build an authentication request based on information in the metadata.

public static buildAuthnRequest ( SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata )
$spMetadata	SimpleSAML_Configuration	The metadata of the service provider.
$idpMetadata	SimpleSAML_Configuration	The metadata of the identity provider.

    public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
    {
        $ar = new \SAML2\AuthnRequest();
        // get the NameIDPolicy to apply. IdP metadata has precedence.
        $nameIdPolicy = array();
        if ($idpMetadata->hasValue('NameIDPolicy')) {
            $nameIdPolicy = $idpMetadata->getValue('NameIDPolicy');
        } elseif ($spMetadata->hasValue('NameIDPolicy')) {
            $nameIdPolicy = $spMetadata->getValue('NameIDPolicy');
        }
        if (!is_array($nameIdPolicy)) {
            // handle old configurations where 'NameIDPolicy' was used to specify just the format
            $nameIdPolicy = array('Format' => $nameIdPolicy);
        }
        $nameIdPolicy_cf = SimpleSAML_Configuration::loadFromArray($nameIdPolicy);
        $policy = array('Format' => $nameIdPolicy_cf->getString('Format', \SAML2\Constants::NAMEID_TRANSIENT), 'AllowCreate' => $nameIdPolicy_cf->getBoolean('AllowCreate', true));
        $spNameQualifier = $nameIdPolicy_cf->getString('SPNameQualifier', false);
        if ($spNameQualifier !== false) {
            $policy['SPNameQualifier'] = $spNameQualifier;
        }
        $ar->setNameIdPolicy($policy);
        $ar->setForceAuthn($spMetadata->getBoolean('ForceAuthn', FALSE));
        $ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE));
        $protbind = $spMetadata->getValueValidate('ProtocolBinding', array(\SAML2\Constants::BINDING_HTTP_POST, \SAML2\Constants::BINDING_HOK_SSO, \SAML2\Constants::BINDING_HTTP_ARTIFACT, \SAML2\Constants::BINDING_HTTP_REDIRECT), \SAML2\Constants::BINDING_HTTP_POST);
        /* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */
        $ar->setProtocolBinding($protbind);
        $ar->setIssuer($spMetadata->getString('entityid'));
        $ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', NULL));
        $ar->setAttributeConsumingServiceIndex($spMetadata->getInteger('AttributeConsumingServiceIndex', NULL));
        if ($spMetadata->hasValue('AuthnContextClassRef')) {
            $accr = $spMetadata->getArrayizeString('AuthnContextClassRef');
            $comp = $spMetadata->getValueValidate('AuthnContextComparison', array(\SAML2\Constants::COMPARISON_EXACT, \SAML2\Constants::COMPARISON_MINIMUM, \SAML2\Constants::COMPARISON_MAXIMUM, \SAML2\Constants::COMPARISON_BETTER), \SAML2\Constants::COMPARISON_EXACT);
            $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr, 'Comparison' => $comp));
        }
        self::addRedirectSign($spMetadata, $idpMetadata, $ar);
        return $ar;
    }

Usage Example

Ejemplo n.º 1

Mostrar archivo

Archivo: initSSO.php Proyecto: Stony-Brook-University/doitsbu

        SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true'));
    }
    $discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid');
    $discoparameters['isPassive'] = $isPassive;
    if (sizeof($reachableIDPs) > 0) {
        $discoparameters['IDPList'] = $reachableIDPs;
    }
    SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters);
}
/*
 * Create and send authentication request to the IdP.
 */
try {
    $spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-hosted');
    $idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-remote');
    $ar = sspmod_saml_Message::buildAuthnRequest($spMetadata, $idpMetadata);
    $assertionConsumerServiceURL = $metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted');
    $ar->setAssertionConsumerServiceURL($assertionConsumerServiceURL);
    $ar->setRelayState($returnTo);
    if ($isPassive) {
        $ar->setIsPassive(TRUE);
    }
    if ($forceAuthn) {
        $ar->setForceAuthn(TRUE);
    }
    if (array_key_exists('IDPList', $spmetadata)) {
        $IDPList = array_unique(array_merge($IDPList, $spmetadata['IDPList']));
    }
    if (isset($_GET['IDPList']) && !empty($_GET['IDPList'])) {
        $providers = $_GET['IDPList'];
        if (!is_array($providers)) {

All Usage Examples Of sspmod_saml_Message::buildAuthnRequest

sspmod_saml_Message

addRedirectSign

addSign

buildAuthnRequest

buildLogoutRequest

buildLogoutResponse

checkSign

decryptAssertion

findCertificate

getBlacklistedAlgorithms

getDecryptionKeys

getEncryptionKey

getResponseError

processAssertion

processResponse

validateMessage