SimpleSAML_XML_Shib13_AuthnResponse::validate PHP Method

SimpleSAML_XML_Shib13_AuthnResponse Class Documentation Usage Examples Of SimpleSAML_XML_Shib13_AuthnResponse::validate Show file Open project: simplesamlphp/simplesamlphp

validate() public method

public validate ( )

    public function validate()
    {
        assert('$this->dom instanceof DOMDocument');
        if ($this->messageValidated) {
            // This message was validated externally
            return TRUE;
        }
        // Validate the signature
        $this->validator = new SimpleSAML_XML_Validator($this->dom, array('ResponseID', 'AssertionID'));
        // Get the issuer of the response
        $issuer = $this->getIssuer();
        // Get the metadata of the issuer
        $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
        $md = $metadata->getMetaDataConfig($issuer, 'shib13-idp-remote');
        $publicKeys = $md->getPublicKeys('signing');
        if ($publicKeys !== NULL) {
            $certFingerprints = array();
            foreach ($publicKeys as $key) {
                if ($key['type'] !== 'X509Certificate') {
                    continue;
                }
                $certFingerprints[] = sha1(base64_decode($key['X509Certificate']));
            }
            $this->validator->validateFingerprint($certFingerprints);
        } elseif ($md->hasValue('certFingerprint')) {
            $certFingerprints = $md->getArrayizeString('certFingerprint');
            // Validate the fingerprint
            $this->validator->validateFingerprint($certFingerprints);
        } elseif ($md->hasValue('caFile')) {
            // Validate against CA
            $this->validator->validateCA(\SimpleSAML\Utils\Config::getCertPath($md->getString('caFile')));
        } else {
            throw new SimpleSAML_Error_Exception('Missing certificate in Shibboleth 1.3 IdP Remote metadata for identity provider [' . $issuer . '].');
        }
        return true;
    }

Usage Example

Example #1

Show file

File: saml1-acs.php Project: shirlei/simplesaml

$spMetadata = $source->getMetadata();
if (array_key_exists('SAMLart', $_REQUEST)) {
    if (!isset($state['saml:idp'])) {
        /* Unsolicited response. */
        throw new SimpleSAML_Error_Exception('IdP initiated authentication not supported with the SAML 1.1 SAMLart protocol.');
    }
    $idpMetadata = $source->getIdPMetadata($state['saml:idp']);
    $responseXML = SimpleSAML_Bindings_Shib13_Artifact::receive($spMetadata, $idpMetadata);
    $isValidated = TRUE;
    /* Artifact binding validated with ssl certificate. */
} elseif (array_key_exists('SAMLResponse', $_REQUEST)) {
    $responseXML = $_REQUEST['SAMLResponse'];
    $responseXML = base64_decode($responseXML);
    $isValidated = FALSE;
    /* Must check signature on response. */
} else {
    assert('FALSE');
}
$response = new SimpleSAML_XML_Shib13_AuthnResponse();
$response->setXML($responseXML);
$response->setMessageValidated($isValidated);
$response->validate();
$responseIssuer = $response->getIssuer();
$attributes = $response->getAttributes();
if (isset($state['saml:idp']) && $responseIssuer !== $state['saml:idp']) {
    throw new SimpleSAML_Error_Exception('The issuer of the response wasn\'t the destination of the request.');
}
$logoutState = array('saml:logout:Type' => 'saml1');
$state['LogoutState'] = $logoutState;
$source->handleResponse($state, $responseIssuer, $attributes);
assert('FALSE');

SimpleSAML_XML_Shib13_AuthnResponse

checkDateConditions

doXPathQuery

enc_attribute

generate

getAttributes

getIssuer

getNameID

getRelayState

getSessionIndex

isNodeValidated

setMessageValidated

setRelayState

setXML

validate