sspmod_saml_Message::validateMessage PHP 메소드

sspmod_saml_Message 1 문서 Usage Examples Of sspmod_saml_Message::validateMessage 파일 보기 프로젝트 열기: simplesamlphp/simplesamlphp

validateMessage() 공개 정적인 메소드

Check signature on a SAML2 message if enabled.

public static validateMessage ( SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, Message $message )
$srcMetadata	SimpleSAML_Configuration	The metadata of the sender.
$dstMetadata	SimpleSAML_Configuration	The metadata of the recipient.
$message	SAML2\Message	The message we should check the signature on.

    public static function validateMessage(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, \SAML2\Message $message)
    {
        if ($message instanceof \SAML2\LogoutRequest || $message instanceof \SAML2\LogoutResponse) {
            $enabled = $srcMetadata->getBoolean('validate.logout', NULL);
            if ($enabled === NULL) {
                $enabled = $dstMetadata->getBoolean('validate.logout', NULL);
            }
        } elseif ($message instanceof \SAML2\AuthnRequest) {
            $enabled = $srcMetadata->getBoolean('validate.authnrequest', NULL);
            if ($enabled === NULL) {
                $enabled = $dstMetadata->getBoolean('validate.authnrequest', NULL);
            }
        }
        if ($enabled === NULL) {
            $enabled = $srcMetadata->getBoolean('redirect.validate', NULL);
            if ($enabled === NULL) {
                $enabled = $dstMetadata->getBoolean('redirect.validate', FALSE);
            }
        }
        if (!$enabled) {
            return;
        }
        if (!self::checkSign($srcMetadata, $message)) {
            throw new SimpleSAML_Error_Exception('Validation of received messages enabled, but no signature found on message.');
        }
    }

Usage Example

예제 #1

파일 보기

파일: SAML2.php 프로젝트: rediris-es/simplesamlphp

 /**
  * Receive a logout message.
  *
  * @param SimpleSAML_IdP $idp  The IdP we are receiving it for.
  */
 public static function receiveLogoutMessage(SimpleSAML_IdP $idp)
 {
     $binding = SAML2_Binding::getCurrentBinding();
     $message = $binding->receive();
     $spEntityId = $message->getIssuer();
     if ($spEntityId === NULL) {
         /* Without an issuer we have no way to respond to the message. */
         throw new SimpleSAML_Error_BadRequest('Received message on logout endpoint without issuer.');
     }
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $idpMetadata = $idp->getConfig();
     $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
     sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $message);
     if ($message instanceof SAML2_LogoutResponse) {
         SimpleSAML_Logger::info('Received SAML 2.0 LogoutResponse from: ' . var_export($spEntityId, TRUE));
         $statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'));
         if (!$message->isSuccess()) {
             $statsData['error'] = $message->getStatus();
         }
         SimpleSAML_Stats::log('saml:idp:LogoutResponse:recv', $statsData);
         $relayState = $message->getRelayState();
         if (!$message->isSuccess()) {
             $logoutError = sspmod_saml_Message::getResponseError($message);
             SimpleSAML_Logger::warning('Unsuccessful logout. Status was: ' . $logoutError);
         } else {
             $logoutError = NULL;
         }
         $assocId = 'saml:' . $spEntityId;
         $idp->handleLogoutResponse($assocId, $relayState, $logoutError);
     } elseif ($message instanceof SAML2_LogoutRequest) {
         SimpleSAML_Logger::info('Received SAML 2.0 LogoutRequest from: ' . var_export($spEntityId, TRUE));
         SimpleSAML_Stats::log('saml:idp:LogoutRequest:recv', array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid')));
         $spStatsId = $spMetadata->getString('core:statistics-id', $spEntityId);
         SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $spStatsId . ' ' . $idpMetadata->getString('entityid'));
         $state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendLogoutResponse'), 'saml:SPEntityId' => $spEntityId, 'saml:RelayState' => $message->getRelayState(), 'saml:RequestId' => $message->getId());
         $assocId = 'saml:' . $spEntityId;
         $idp->handleLogoutRequest($state, $assocId);
     } else {
         throw new SimpleSAML_Error_BadRequest('Unknown message received on logout endpoint: ' . get_class($message));
     }
 }

All Usage Examples Of sspmod_saml_Message::validateMessage

sspmod_saml_Message

addRedirectSign

addSign

buildAuthnRequest

buildLogoutRequest

buildLogoutResponse

checkSign

decryptAssertion

findCertificate

getBlacklistedAlgorithms

getDecryptionKeys

getEncryptionKey

getResponseError

processAssertion

processResponse

validateMessage