SAML2\AuthnRequest::toUnsignedXML PHP Method

AuthnRequest Class Documentation Usage Examples Of SAML2\AuthnRequest::toUnsignedXML Show file Open project: simplesamlphp/saml2

toUnsignedXML() public method

Convert this authentication request to an XML element.

public toUnsignedXML ( ) : DOMElement
return	DOMElement	This authentication request.

    public function toUnsignedXML()
    {
        $root = parent::toUnsignedXML();
        if ($this->forceAuthn) {
            $root->setAttribute('ForceAuthn', 'true');
        }
        if ($this->ProviderName !== null) {
            $root->setAttribute('ProviderName', $this->ProviderName);
        }
        if ($this->isPassive) {
            $root->setAttribute('IsPassive', 'true');
        }
        if ($this->assertionConsumerServiceIndex !== null) {
            $root->setAttribute('AssertionConsumerServiceIndex', $this->assertionConsumerServiceIndex);
        } else {
            if ($this->assertionConsumerServiceURL !== null) {
                $root->setAttribute('AssertionConsumerServiceURL', $this->assertionConsumerServiceURL);
            }
            if ($this->protocolBinding !== null) {
                $root->setAttribute('ProtocolBinding', $this->protocolBinding);
            }
        }
        if ($this->attributeConsumingServiceIndex !== null) {
            $root->setAttribute('AttributeConsumingServiceIndex', $this->attributeConsumingServiceIndex);
        }
        $this->addSubject($root);
        if (!empty($this->nameIdPolicy)) {
            $nameIdPolicy = $this->document->createElementNS(Constants::NS_SAMLP, 'NameIDPolicy');
            if (array_key_exists('Format', $this->nameIdPolicy)) {
                $nameIdPolicy->setAttribute('Format', $this->nameIdPolicy['Format']);
            }
            if (array_key_exists('SPNameQualifier', $this->nameIdPolicy)) {
                $nameIdPolicy->setAttribute('SPNameQualifier', $this->nameIdPolicy['SPNameQualifier']);
            }
            if (array_key_exists('AllowCreate', $this->nameIdPolicy) && is_bool($this->nameIdPolicy['AllowCreate'])) {
                $nameIdPolicy->setAttribute('AllowCreate', $this->nameIdPolicy['AllowCreate'] ? 'true' : 'false');
            }
            $root->appendChild($nameIdPolicy);
        }
        $rac = $this->requestedAuthnContext;
        if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) {
            $e = $this->document->createElementNS(Constants::NS_SAMLP, 'RequestedAuthnContext');
            $root->appendChild($e);
            if (isset($rac['Comparison']) && $rac['Comparison'] !== Constants::COMPARISON_EXACT) {
                $e->setAttribute('Comparison', $rac['Comparison']);
            }
            foreach ($rac['AuthnContextClassRef'] as $accr) {
                Utils::addString($e, Constants::NS_SAML, 'AuthnContextClassRef', $accr);
            }
        }
        if ($this->ProxyCount !== null || count($this->IDPList) > 0 || count($this->RequesterID) > 0) {
            $scoping = $this->document->createElementNS(Constants::NS_SAMLP, 'Scoping');
            $root->appendChild($scoping);
            if ($this->ProxyCount !== null) {
                $scoping->setAttribute('ProxyCount', $this->ProxyCount);
            }
            if (count($this->IDPList) > 0) {
                $idplist = $this->document->createElementNS(Constants::NS_SAMLP, 'IDPList');
                foreach ($this->IDPList as $provider) {
                    $idpEntry = $this->document->createElementNS(Constants::NS_SAMLP, 'IDPEntry');
                    if (is_string($provider)) {
                        $idpEntry->setAttribute('ProviderID', $provider);
                    } elseif (is_array($provider)) {
                        foreach ($provider as $attribute => $value) {
                            if (in_array($attribute, array('ProviderID', 'Loc', 'Name'))) {
                                $idpEntry->setAttribute($attribute, $value);
                            }
                        }
                    }
                    $idplist->appendChild($idpEntry);
                }
                $scoping->appendChild($idplist);
            }
            if (count($this->RequesterID) > 0) {
                Utils::addStrings($scoping, Constants::NS_SAMLP, 'RequesterID', false, $this->RequesterID);
            }
        }
        return $root;
    }

Usage Example

Example #1

Show file

File: AuthnRequestTest.php Project: simplesamlphp/saml2

    /**
     * Test setting a requesterID.
     */
    public function testRequesterIdIsAddedCorrectly()
    {
        // basic AuthnRequest
        $request = new AuthnRequest();
        $request->setIssuer('https://gateway.example.org/saml20/sp/metadata');
        $request->setDestination('https://tiqr.example.org/idp/profile/saml2/Redirect/SSO');
        $request->setRequesterID(array('https://engine.demo.openconext.org/authentication/sp/metadata', 'https://shib.example.edu/SSO/Metadata'));
        $expectedStructureDocument = <<<AUTHNREQUEST
<samlp:AuthnRequest
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID=""
    Version=""
    IssueInstant=""
    Destination="">
    <saml:Issuer></saml:Issuer>
    <samlp:Scoping>
        <samlp:RequesterID>https://engine.demo.openconext.org/authentication/sp/metadata</samlp:RequesterID>
        <samlp:RequesterID>https://shib.example.edu/SSO/Metadata</samlp:RequesterID>
    </samlp:Scoping>
</samlp:AuthnRequest>
AUTHNREQUEST;
        $expectedStructure = DOMDocumentFactory::fromString($expectedStructureDocument)->documentElement;
        $requestStructure = $request->toUnsignedXML();
        $this->assertEqualXMLStructure($expectedStructure, $requestStructure);
    }

AuthnRequest

__construct

addSubject

decryptNameId

encryptNameId

getAssertionConsumerServiceIndex

getAssertionConsumerServiceURL

getAttributeConsumingServiceIndex

getForceAuthn

getIDPList

getIsPassive

getNameId