sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse PHP Method

sspmod_adfs_IdP_ADFS Class Documentation Usage Examples Of sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse Exibir arquivo Open project: simplesamlphp/simplesamlphp

ADFS_GenerateResponse() public static method

public static ADFS_GenerateResponse ( $issuer, $target, $nameid, $attributes )

    public static function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes)
    {
        $issueInstant = SimpleSAML\Utils\Time::generateTimestamp();
        $notBefore = SimpleSAML\Utils\Time::generateTimestamp(time() - 30);
        $assertionExpire = SimpleSAML\Utils\Time::generateTimestamp(time() + 60 * 5);
        $assertionID = SimpleSAML\Utils\Random::generateID();
        $nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
        $result = '<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
   <wst:RequestedSecurityToken>
     <saml:Assertion Issuer="' . $issuer . '" IssueInstant="' . $issueInstant . '" AssertionID="' . $assertionID . '" MinorVersion="1" MajorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:Conditions NotOnOrAfter="' . $assertionExpire . '" NotBefore="' . $notBefore . '">
         <saml:AudienceRestrictionCondition>
           <saml:Audience>' . $target . '</saml:Audience>
         </saml:AudienceRestrictionCondition>
       </saml:Conditions>
       <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="' . $issueInstant . '">
         <saml:Subject>
           <saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
         </saml:Subject>
       </saml:AuthenticationStatement>
       <saml:AttributeStatement>
         <saml:Subject>
           <saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
         </saml:Subject>';
        foreach ($attributes as $name => $values) {
            if (!is_array($values) || count($values) == 0) {
                continue;
            }
            $hasValue = FALSE;
            $r = '<saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="' . htmlspecialchars($name) . '">';
            foreach ($values as $value) {
                if (!isset($value) || $value === '') {
                    continue;
                }
                $r .= '<saml:AttributeValue>' . htmlspecialchars($value) . '</saml:AttributeValue>';
                $hasValue = TRUE;
            }
            $r .= '</saml:Attribute>';
            if ($hasValue) {
                $result .= $r;
            }
        }
        $result .= '
       </saml:AttributeStatement>
     </saml:Assertion>
   </wst:RequestedSecurityToken>
   <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
     <wsa:Address>' . $target . '</wsa:Address>
   </wsa:EndpointReference></wsp:AppliesTo>
 </wst:RequestSecurityTokenResponse>';
        return $result;
    }

Usage Example

Exemplo n.º 1

Exibir arquivo

Arquivo: ADFS.php Projeto: emma5021/toba

 public static function sendResponse(array $state)
 {
     $spMetadata = $state["SPMetadata"];
     $spEntityId = $spMetadata['entityid'];
     $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']');
     $attributes = $state['Attributes'];
     $nameidattribute = $spMetadata->getValue('simplesaml.nameidattribute');
     if (!empty($nameidattribute)) {
         if (!array_key_exists($nameidattribute, $attributes)) {
             throw new Exception('simplesaml.nameidattribute does not exist in resulting attribute set');
         }
         $nameid = $attributes[$nameidattribute][0];
     } else {
         $nameid = SimpleSAML_Utilities::generateID();
     }
     $idp = SimpleSAML_IdP::getByState($state);
     $idpMetadata = $idp->getConfig();
     $idpEntityId = $idpMetadata->getString('entityid');
     $idp->addAssociation(array('id' => 'adfs:' . $spEntityId, 'Handler' => 'sspmod_adfs_IdP_ADFS', 'adfs:entityID' => $spEntityId));
     $response = sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse($idpEntityId, $spEntityId, $nameid, $attributes);
     $privateKeyFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('privatekey'));
     $certificateFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('certificate'));
     $wresult = sspmod_adfs_IdP_ADFS::ADFS_SignResponse($response, $privateKeyFile, $certificateFile);
     $wctx = $state['adfs:wctx'];
     sspmod_adfs_IdP_ADFS::ADFS_PostResponse($spMetadata->getValue('prp'), $wresult, $wctx);
 }

sspmod_adfs_IdP_ADFS

ADFS_GenerateResponse

ADFS_PostResponse

ADFS_SignResponse

getLogoutURL

receiveAuthnRequest

receiveLogoutMessage

sendLogoutResponse

sendResponse