当前位置: 首页>>代码示例>>PHP>>正文


PHP SimpleSAML_Utilities::generateID方法代码示例

本文整理汇总了PHP中SimpleSAML_Utilities::generateID方法的典型用法代码示例。如果您正苦于以下问题:PHP SimpleSAML_Utilities::generateID方法的具体用法?PHP SimpleSAML_Utilities::generateID怎么用?PHP SimpleSAML_Utilities::generateID使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在SimpleSAML_Utilities的用法示例。


在下文中一共展示了SimpleSAML_Utilities::generateID方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: login

 /**
  * Start a login operation.
  *
  * @param array $params  Various options to the authentication request.
  */
 public function login(array $params = array())
 {
     if (array_key_exists('KeepPost', $params)) {
         $keepPost = (bool) $params['KeepPost'];
     } else {
         $keepPost = TRUE;
     }
     if (!isset($params['ReturnTo']) && !isset($params['ReturnCallback'])) {
         $params['ReturnTo'] = SimpleSAML_Utilities::selfURL();
     }
     if (isset($params['ReturnTo']) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
         $params['ReturnTo'] = SimpleSAML_Utilities::createPostRedirectLink($params['ReturnTo'], $_POST);
     }
     $session = SimpleSAML_Session::getInstance();
     $authnRequest = array('IsPassive' => isset($params['isPassive']) ? $params['isPassive'] : FALSE, 'ForceAuthn' => isset($params['ForceAuthn']) ? $params['ForceAuthn'] : FALSE, 'core:State' => $params, 'core:prevSession' => $session->getAuthData($this->authority, 'AuthnInstant'), 'core:authority' => $this->authority);
     if (isset($params['saml:RequestId'])) {
         $authnRequest['RequestID'] = $params['saml:RequestId'];
     }
     if (isset($params['SPMetadata']['entityid'])) {
         $authnRequest['Issuer'] = $params['SPMetadata']['entityid'];
     }
     if (isset($params['saml:RelayState'])) {
         $authnRequest['RelayState'] = $params['saml:RelayState'];
     }
     if (isset($params['saml:IDPList'])) {
         $authnRequest['IDPList'] = $params['saml:IDPList'];
     }
     $authId = SimpleSAML_Utilities::generateID();
     $session->setAuthnRequest('saml2', $authId, $authnRequest);
     $relayState = SimpleSAML_Module::getModuleURL('core/bwc_resumeauth.php', array('RequestID' => $authId));
     $config = SimpleSAML_Configuration::getInstance();
     $authurl = '/' . $config->getBaseURL() . $this->auth;
     SimpleSAML_Utilities::redirect($authurl, array('RelayState' => $relayState, 'AuthId' => $authId, 'protocol' => 'saml2'));
 }
开发者ID:filonuse,项目名称:fedlab,代码行数:39,代码来源:BWC.php

示例2: __construct

 function __construct(SimpleSAML_Configuration $configuration, SimpleSAML_Metadata_MetaDataStorageHandler $metadatastore)
 {
     $this->configuration = $configuration;
     $this->metadata = $metadatastore;
     /* Generate request id. */
     $this->id = SimpleSAML_Utilities::generateID();
 }
开发者ID:stefanotirati,项目名称:moodle-google-apps,代码行数:7,代码来源:LogoutRequest.php

示例3: new_access_token

 function new_access_token($requestToken, $consumer)
 {
     SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
     $token = new OAuthToken(SimpleSAML_Utilities::generateID(), SimpleSAML_Utilities::generateID());
     // SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ',' . $token . ')');
     $this->store->set('access', $token->key, $consumer->key, $token, $this->config->getValue('accessTokenDuration', 60 * 60 * 24));
     return $token;
 }
开发者ID:filonuse,项目名称:fedlab,代码行数:8,代码来源:OAuthStore.php

示例4: buildRequest

 /**
  * Build the request we will send to the IdP.
  *
  * @param array $artifacts  The artifacts we will request.
  * @return string  The request, as an XML string.
  */
 private static function buildRequest(array $artifacts)
 {
     $msg = '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">' . '<SOAP-ENV:Body>' . '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"' . ' RequestID="' . SimpleSAML_Utilities::generateID() . '"' . ' MajorVersion="1" MinorVersion="1"' . ' IssueInstant="' . SimpleSAML_Utilities::generateTimestamp() . '"' . '>';
     foreach ($artifacts as $a) {
         $msg .= '<samlp:AssertionArtifact>' . htmlspecialchars($a) . '</samlp:AssertionArtifact>';
     }
     $msg .= '</samlp:Request>' . '</SOAP-ENV:Body>' . '</SOAP-ENV:Envelope>';
     return $msg;
 }
开发者ID:Stony-Brook-University,项目名称:doitsbu,代码行数:15,代码来源:Artifact.php

示例5: ADFS_GenerateResponse

function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes)
{
    #	$nameid = 'hans@surfnet.nl';
    $issueInstant = SimpleSAML_Utilities::generateTimestamp();
    $notBefore = SimpleSAML_Utilities::generateTimestamp(time() - 30);
    $assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);
    $assertionID = SimpleSAML_Utilities::generateID();
    $nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
    $result = '<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
   <wst:RequestedSecurityToken>
     <saml:Assertion Issuer="' . $issuer . '" IssueInstant="' . $issueInstant . '" AssertionID="' . $assertionID . '" MinorVersion="1" MajorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:Conditions NotOnOrAfter="' . $assertionExpire . '" NotBefore="' . $notBefore . '">
         <saml:AudienceRestrictionCondition>
           <saml:Audience>' . $target . '</saml:Audience>
         </saml:AudienceRestrictionCondition>
       </saml:Conditions>
       <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="' . $issueInstant . '">
         <saml:Subject>
           <saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
         </saml:Subject>
       </saml:AuthenticationStatement>
       <saml:AttributeStatement>
         <saml:Subject>
           <saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
         </saml:Subject>';
    foreach ($attributes as $name => $values) {
        if (!is_array($values) || count($values) == 0) {
            continue;
        }
        $hasValue = FALSE;
        $r = '<saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="' . htmlspecialchars($name) . '">';
        foreach ($values as $value) {
            if (!isset($value) or $value === '') {
                continue;
            }
            $r .= '<saml:AttributeValue>' . htmlspecialchars($value) . '</saml:AttributeValue>';
            $hasValue = TRUE;
        }
        $r .= '</saml:Attribute>';
        if ($hasValue) {
            $result .= $r;
        }
    }
    $result .= '
       </saml:AttributeStatement>
     </saml:Assertion>
   </wst:RequestedSecurityToken>
   <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
     <wsa:Address>' . $target . '</wsa:Address>
   </wsa:EndpointReference></wsp:AppliesTo>
 </wst:RequestSecurityTokenResponse>';
    return $result;
}
开发者ID:hukumonline,项目名称:yii,代码行数:53,代码来源:prp.php

示例6: getStateId

 /**
  * Retrieve the ID of a state array.
  *
  * Note that this function will not save the state.
  *
  * @param array &$state  The state array.
  * @param bool $rawId  Return a raw ID, without a restart URL. Defaults to FALSE.
  * @return string  Identifier which can be used to retrieve the state later.
  */
 public static function getStateId(&$state, $rawId = FALSE)
 {
     assert('is_array($state)');
     assert('is_bool($rawId)');
     if (!array_key_exists(self::ID, $state)) {
         $state[self::ID] = SimpleSAML_Utilities::generateID();
     }
     $id = $state[self::ID];
     if ($rawId || !array_key_exists(self::RESTART, $state)) {
         /* Either raw ID or no restart URL. In any case, return the raw ID. */
         return $id;
     }
     /* We have a restart URL. Return the ID with that URL. */
     return $id . ':' . $state[self::RESTART];
 }
开发者ID:JVS-IS,项目名称:ICONITO-EcoleNumerique,代码行数:24,代码来源:State.php

示例7: saveState

 /**
  * Save the state.
  *
  * This function saves the state, and returns an id which can be used to
  * retrieve it later. It will also update the $state array with the identifier.
  *
  * @param array &$state  The login request state.
  * @param string $stage  The current stage in the login process.
  * @param bool $rawId  Return a raw ID, without a restart URL.
  * @return string  Identifier which can be used to retrieve the state later.
  */
 public static function saveState(&$state, $stage, $rawId = FALSE)
 {
     assert('is_array($state)');
     assert('is_string($stage)');
     assert('is_bool($rawId)');
     /* Save stage. */
     $state[self::STAGE] = $stage;
     if (!array_key_exists(self::ID, $state)) {
         $state[self::ID] = SimpleSAML_Utilities::generateID();
     }
     $id = $state[self::ID];
     /* Embed the restart URL in the state identifier, if it is available. */
     if (array_key_exists(self::RESTART, $state) && !$rawId) {
         assert('is_string($state[self::RESTART])');
         $return = $id . ':' . $state[self::RESTART];
     } else {
         $return = $id;
     }
     $serializedState = serialize($state);
     $session = SimpleSAML_Session::getInstance();
     $session->setData('SimpleSAML_Auth_State', $id, $serializedState, 60 * 60);
     return $return;
 }
开发者ID:hukumonline,项目名称:yii,代码行数:34,代码来源:State.php

示例8: doLogin

 /**
  * Marks the user as logged in with the specified authority.
  *
  * If the user already has logged in, the user will be logged out first.
  *
  * @param string $authority The authority the user logged in with.
  * @param array|NULL $data The authentication data for this authority.
  */
 public function doLogin($authority, array $data = NULL)
 {
     assert('is_string($authority)');
     assert('is_array($data) || is_null($data)');
     SimpleSAML_Logger::debug('Session: doLogin("' . $authority . '")');
     $this->dirty = TRUE;
     if (isset($this->authData[$authority])) {
         /* We are already logged in. Log the user out first. */
         $this->doLogout($authority);
     }
     if ($data === NULL) {
         $data = array();
     }
     $data['Authority'] = $authority;
     $globalConfig = SimpleSAML_Configuration::getInstance();
     if (!isset($data['AuthnInstant'])) {
         $data['AuthnInstant'] = time();
     }
     $maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
     if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
         /* Unset, or beyond our session lifetime. Clamp it to our maximum session lifetime. */
         $data['Expire'] = $maxSessionExpire;
     }
     $this->authData[$authority] = $data;
     $this->authority = $authority;
     $this->authToken = SimpleSAML_Utilities::generateID();
     $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
     if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) && $globalConfig->getBoolean('session.rememberme.enable', FALSE)) {
         $this->setRememberMeExpire();
     } else {
         $sessionHandler->setCookie($globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), $this->authToken);
     }
 }
开发者ID:jerrcs,项目名称:simplesamlphp,代码行数:41,代码来源:Session.php

示例9: requireOwnership

}
function requireOwnership($entry, $userid)
{
    if (!isset($entry['owner'])) {
        throw new Exception('OAuth Consumer has no owner. Which means no one is granted access, not even you.');
    }
    if ($entry['owner'] !== $userid) {
        throw new Exception('OAuth Consumer has an owner that is not equal to your userid, hence you are not granted access.');
    }
}
if (array_key_exists('editkey', $_REQUEST)) {
    $entryc = $store->get('consumers', $_REQUEST['editkey'], '');
    $entry = $entryc['value'];
    requireOwnership($entry, $userid);
} else {
    $entry = array('owner' => $userid, 'key' => SimpleSAML_Utilities::generateID(), 'secret' => SimpleSAML_Utilities::generateID());
}
$editor = new sspmod_oauth_Registry();
if (isset($_POST['submit'])) {
    $editor->checkForm($_POST);
    $entry = $editor->formToMeta($_POST, array(), array('owner' => $userid));
    requireOwnership($entry, $userid);
    #	echo('<pre>Created: '); print_r($entry); exit;
    $store->set('consumers', $entry['key'], '', $entry);
    $template = new SimpleSAML_XHTML_Template($config, 'oauth:registry.saved.php');
    $template->data['entry'] = $entry;
    $template->show();
    exit;
}
$form = $editor->metaToForm($entry);
$template = new SimpleSAML_XHTML_Template($config, 'oauth:registry.edit.tpl.php');
开发者ID:shirlei,项目名称:simplesaml,代码行数:31,代码来源:registry.edit.php

示例10: createPostRedirectLink

 /**
  * Create a link which will POST data.
  *
  * @param string $destination  The destination URL.
  * @param array $post  The name-value pairs which will be posted to the destination.
  * @return string  An URL which can be accessed to post the data.
  */
 public static function createPostRedirectLink($destination, $post)
 {
     assert('is_string($destination)');
     assert('is_array($post)');
     $id = SimpleSAML_Utilities::generateID();
     $postData = array('post' => $post, 'url' => $destination);
     $session = SimpleSAML_Session::getInstance();
     $session->setData('core_postdatalink', $id, $postData);
     return SimpleSAML_Module::getModuleURL('core/postredirect.php', array('RedirId' => $id));
 }
开发者ID:newlongwhitecloudy,项目名称:OpenConext-serviceregistry,代码行数:17,代码来源:Utilities.php

示例11: generate

    /**
     * Build a authentication response.
     *
     * @param array $idp  Metadata for the IdP the response is sent from.
     * @param array $sp  Metadata for the SP the response is sent to.
     * @param string $shire  The endpoint on the SP the response is sent to.
     * @param array|NULL $attributes  The attributes which should be included in the response.
     * @return string  The response.
     */
    public function generate(SimpleSAML_Configuration $idp, SimpleSAML_Configuration $sp, $shire, $attributes)
    {
        assert('is_string($shire)');
        assert('$attributes === NULL || is_array($attributes)');
        if ($sp->hasValue('scopedattributes')) {
            $scopedAttributes = $sp->getArray('scopedattributes');
        } elseif ($idp->hasValue('scopedattributes')) {
            $scopedAttributes = $idp->getArray('scopedattributes');
        } else {
            $scopedAttributes = array();
        }
        $id = SimpleSAML_Utilities::generateID();
        $issueInstant = SimpleSAML_Utilities::generateTimestamp();
        // 30 seconds timeskew back in time to allow differing clocks.
        $notBefore = SimpleSAML_Utilities::generateTimestamp(time() - 30);
        $assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);
        # 5 minutes
        $assertionid = SimpleSAML_Utilities::generateID();
        $spEntityId = $sp->getString('entityid');
        $audience = $sp->getString('audience', $spEntityId);
        $base64 = $sp->getBoolean('base64attributes', FALSE);
        $namequalifier = $sp->getString('NameQualifier', $spEntityId);
        $nameid = SimpleSAML_Utilities::generateID();
        $subjectNode = '<Subject>' . '<NameIdentifier' . ' Format="urn:mace:shibboleth:1.0:nameIdentifier"' . ' NameQualifier="' . htmlspecialchars($namequalifier) . '"' . '>' . htmlspecialchars($nameid) . '</NameIdentifier>' . '<SubjectConfirmation>' . '<ConfirmationMethod>' . 'urn:oasis:names:tc:SAML:1.0:cm:bearer' . '</ConfirmationMethod>' . '</SubjectConfirmation>' . '</Subject>';
        $encodedattributes = '';
        if (is_array($attributes)) {
            $encodedattributes .= '<AttributeStatement>';
            $encodedattributes .= $subjectNode;
            foreach ($attributes as $name => $value) {
                $encodedattributes .= $this->enc_attribute($name, $value, $base64, $scopedAttributes);
            }
            $encodedattributes .= '</AttributeStatement>';
        }
        /*
         * The SAML 1.1 response message
         */
        $response = '<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="' . $issueInstant . '"
    MajorVersion="1" MinorVersion="1"
    Recipient="' . htmlspecialchars($shire) . '" ResponseID="' . $id . '">
    <Status>
        <StatusCode Value="samlp:Success" />
    </Status>
    <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
        AssertionID="' . $assertionid . '" IssueInstant="' . $issueInstant . '"
        Issuer="' . htmlspecialchars($idp->getString('entityid')) . '" MajorVersion="1" MinorVersion="1">
        <Conditions NotBefore="' . $notBefore . '" NotOnOrAfter="' . $assertionExpire . '">
            <AudienceRestrictionCondition>
                <Audience>' . htmlspecialchars($audience) . '</Audience>
            </AudienceRestrictionCondition>
        </Conditions>
        <AuthenticationStatement AuthenticationInstant="' . $issueInstant . '"
            AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">' . $subjectNode . '
        </AuthenticationStatement>
        ' . $encodedattributes . '
    </Assertion>
</Response>';
        return $response;
    }
开发者ID:Stony-Brook-University,项目名称:doitsbu,代码行数:70,代码来源:AuthnResponse.php

示例12: str_replace

         }
         $dn = $ldap->searchfordn($ldapconfig['search.base'], $ldapconfig['search.attributes'], $_POST['username']);
     } else {
         $dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern']);
     }
     $pwd = $_POST['password'];
     $ldap = new SimpleSAML_Auth_LDAP($ldapconfig['hostname'], $ldapconfig['enable_tls']);
     if ($pwd == "" or !$ldap->bind($dn, $pwd)) {
         SimpleSAML_Logger::info('AUTH - ldap-multi: ' . $_POST['username'] . ' failed to authenticate. DN=' . $dn);
         throw new Exception('Wrong username or password');
     }
     $attributes = $ldap->getAttributes($dn, $ldapconfig['attributes']);
     SimpleSAML_Logger::info('AUTH - ldap-multi: ' . $_POST['username'] . ' successfully authenticated');
     $session->doLogin('login-ldapmulti');
     $session->setAttributes($attributes);
     $session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
     /**
      * Create a statistics log entry for every successfull login attempt.
      * Also log a specific attribute as set in the config: statistics.authlogattr
      */
     $authlogattr = $config->getValue('statistics.authlogattr', null);
     if ($authlogattr && array_key_exists($authlogattr, $attributes)) {
         SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
     } else {
         SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
     }
     $returnto = $_REQUEST['RelayState'];
     SimpleSAML_Utilities::redirect($returnto);
 } catch (Exception $e) {
     $error = $e->getMessage();
 }
开发者ID:hukumonline,项目名称:yii,代码行数:31,代码来源:login-ldapmulti.php

示例13: __construct

 /**
  * Constructor for SAML 2 assertions.
  *
  * @param DOMElement|NULL $xml  The input assertion.
  */
 public function __construct(DOMElement $xml = NULL)
 {
     $this->id = SimpleSAML_Utilities::generateID();
     $this->issueInstant = time();
     $this->issuer = '';
     $this->authnInstant = time();
     $this->attributes = array();
     $this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
     $this->certificates = array();
     $this->AuthenticatingAuthority = array();
     $this->SubjectConfirmation = array();
     if ($xml === NULL) {
         return;
     }
     if (!$xml->hasAttribute('ID')) {
         throw new Exception('Missing ID attribute on SAML assertion.');
     }
     $this->id = $xml->getAttribute('ID');
     if ($xml->getAttribute('Version') !== '2.0') {
         /* Currently a very strict check. */
         throw new Exception('Unsupported version: ' . $xml->getAttribute('Version'));
     }
     $this->issueInstant = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('IssueInstant'));
     $issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer');
     if (empty($issuer)) {
         throw new Exception('Missing <saml:Issuer> in assertion.');
     }
     $this->issuer = trim($issuer[0]->textContent);
     $this->parseSubject($xml);
     $this->parseConditions($xml);
     $this->parseAuthnStatement($xml);
     $this->parseAttributes($xml);
     $this->parseEncryptedAttributes($xml);
     $this->parseSignature($xml);
 }
开发者ID:emma5021,项目名称:toba,代码行数:40,代码来源:Assertion.php

示例14: PrepSAMLAssertion

 public static function PrepSAMLAssertion(&$saml_xml_request)
 {
     //
     // Gather inputs needed during assembly of SAML Assertion (e.g., keys, certs, timestamps, IDs_
     //
     $DateTimeNow = new DateTime(null, new DateTimeZone("UTC"));
     $DateTimeNowString = $DateTimeNow->format("Y-m-d\\TH:i:s.B\\Z");
     $DateTime15Min = new DateTime(null, new DateTimeZone("UTC"));
     $DateTime15Min->modify('+900 sec');
     $DateTime15MinString = $DateTime15Min->format("Y-m-d\\TH:i:s.B\\Z");
     $SAMLParams = array();
     $SAMLParams['IssueInstant'] = $DateTimeNowString;
     $SAMLParams['Issuer'] = SAML_IDENTITY_PROVIDER_ID;
     $SAMLParams['ID'] = SimpleSAML_Utilities::generateID();
     $SAMLParams['NameID'] = SAML_NAME_ID;
     $SAMLParams['NotBefore'] = $DateTimeNowString;
     $SAMLParams['NotOnOrAfter'] = $DateTime15MinString;
     $SAMLParams['AuthnInstant'] = $DateTimeNowString;
     $SAMLParams['Audience'] = SAML_IDENTITY_PROVIDER_ID;
     $SAMLParams['x509'] = file_get_contents(SAML_X509_CERT_PATH);
     $SAMLParams['private_key'] = file_get_contents(SAML_X509_PRIVATE_KEY_PATH);
     //
     // Assemble DOM containing correct SAML assertion
     //
     $xml = new DOMDocument('1.0', 'utf-8');
     // Assertion
     $assertion = $xml->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml2:Assertion');
     $assertion->setAttribute('ID', $SAMLParams['ID']);
     $assertion->setAttribute('Version', '2.0');
     $assertion->setAttribute('IssueInstant', $SAMLParams['IssueInstant']);
     $xml->appendChild($assertion);
     // Issuer
     $issuer = $xml->createElement('saml2:Issuer', $SAMLParams['Issuer']);
     $assertion->appendChild($issuer);
     // Subject + NameID + SubjectConfirmation
     $subject = $xml->createElement('saml2:Subject');
     $assertion->appendChild($subject);
     // NameID
     $nameid = $xml->createElement('saml2:NameID', $SAMLParams['NameID']);
     $nameid->setAttribute('Format', 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified');
     $subject->appendChild($nameid);
     // SubjectConfirmation
     $confirmation = $xml->createElement('saml2:SubjectConfirmation');
     $confirmation->setAttribute('Method', 'urn:oasis:names:tc:SAML:2.0:cm:bearer');
     $subject->appendChild($confirmation);
     // Conditions + AudienceRestriction + Audience
     $condition = $xml->createElement('saml2:Conditions');
     $condition->setAttribute('NotBefore', $SAMLParams['NotBefore']);
     $condition->setAttribute('NotOnOrAfter', $SAMLParams['NotOnOrAfter']);
     $assertion->appendChild($condition);
     // AudienceRestriction
     $audiencer = $xml->createElement('saml2:AudienceRestriction');
     $condition->appendChild($audiencer);
     // Audience
     $audience = $xml->createElement('saml2:Audience', $SAMLParams['Audience']);
     $audiencer->appendChild($audience);
     // AuthnStatement + AuthnContext + AuthnContextClassRef
     $authnstat = $xml->createElement('saml2:AuthnStatement');
     $authnstat->setAttribute('AuthnInstant', $SAMLParams['AuthnInstant']);
     $authnstat->setAttribute('SessionIndex', $SAMLParams['ID']);
     $assertion->appendChild($authnstat);
     // AuthnContext
     $authncontext = $xml->createElement('saml2:AuthnContext');
     $authnstat->appendChild($authncontext);
     // AuthnContextClassRef
     $authncontext_ref = $xml->createElement('saml2:AuthnContextClassRef', 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified');
     $authncontext->appendChild($authncontext_ref);
     //Private KEY
     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     $objKey->loadKey($SAMLParams['private_key']);
     //Sign the Assertion
     $objXMLSecDSig = new XMLSecurityDSig();
     $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
     $objXMLSecDSig->addReferenceList(array($assertion), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('URI' => 'ID', 'overwrite' => false, 'id_name' => 'ID'));
     $objXMLSecDSig->sign($objKey);
     $objXMLSecDSig->add509Cert($SAMLParams['x509']);
     $objXMLSecDSig->insertSignature($assertion, $subject);
     $saml = $xml->saveXML();
     //
     // Change Reference URI locally (considered changing 'xmlseclibs.php', but
     // that seemed inappropriate)
     //
     preg_match("/<ds:Reference URI=\"#(.+?)\">/is", $saml, $URI);
     $saml = str_replace("Id=\"" . $URI[1] . "\"", "", $saml);
     $saml = str_replace($URI[1], $SAMLParams["ID"], $saml);
     //
     // Prepare Base64-Encoded SAML Assertion request body based on DOM
     //
     $saml = str_replace('<?xml version="1.0" encoding="utf-8"?>', '', $saml);
     $saml_xml_request = base64_encode(stripslashes($saml));
 }
开发者ID:jdq22,项目名称:phpaggcat,代码行数:91,代码来源:class.aggcatauth.php

示例15: buildAssertion

 /**
  * Build an assertion based on information in the metadata.
  *
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender (IdP).
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient (SP).
  * @param array $attributes  The attributes of the user
  * @return SAML2_Assertion  The assertion.
  */
 public static function buildAssertion(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, array $attributes, $consumerURL)
 {
     $signAssertion = $dstMetadata->getBoolean('saml20.sign.assertion', NULL);
     if ($signAssertion === NULL) {
         $signAssertion = $srcMetadata->getBoolean('saml20.sign.assertion', TRUE);
     }
     $config = SimpleSAML_Configuration::getInstance();
     $a = new SAML2_Assertion();
     if ($signAssertion) {
         self::addSign($srcMetadata, $dstMetadata, $a);
     }
     $a->setIssuer($srcMetadata->getString('entityid'));
     $a->setDestination($consumerURL);
     $a->setValidAudiences(array($dstMetadata->getString('entityid')));
     $a->setNotBefore(time() - 30);
     $assertionLifetime = $dstMetadata->getInteger('assertion.lifetime', NULL);
     if ($assertionLifetime === NULL) {
         $assertionLifetime = $srcMetadata->getInteger('assertion.lifetime', 300);
     }
     $a->setNotOnOrAfter(time() + $assertionLifetime);
     $a->setAuthnContext(SAML2_Const::AC_PASSWORD);
     $sessionLifetime = $config->getInteger('session.duration', 8 * 60 * 60);
     $a->setSessionNotOnOrAfter(time() + $sessionLifetime);
     $session = SimpleSAML_Session::getInstance();
     $sessionIndex = $session->getSessionIndex();
     $a->setSessionIndex($sessionIndex);
     /* Add attributes. */
     if ($dstMetadata->getBoolean('simplesaml.attributes', TRUE)) {
         $attributeNameFormat = $dstMetadata->getString('AttributeNameFormat', NULL);
         if ($attributeNameFormat === NULL) {
             $attributeNameFormat = $srcMetadata->getString('AttributeNameFormat', 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic');
         }
         $a->setAttributeNameFormat($attributeNameFormat);
         $attributes = self::encodeAttributes($srcMetadata, $dstMetadata, $attributes);
         $a->setAttributes($attributes);
     }
     /* Generate the NameID for the assertion. */
     $nameIdFormat = $dstMetadata->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
     $spNameQualifier = $dstMetadata->getString('SPNameQualifier', NULL);
     if ($spNameQualifier === NULL) {
         $spNameQualifier = $dstMetadata->getString('entityid');
     }
     if ($nameIdFormat === SAML2_Const::NAMEID_TRANSIENT) {
         $nameIdValue = SimpleSAML_Utilities::generateID();
     } else {
         $nameIdValue = self::generateNameIdValue($srcMetadata, $dstMetadata, $attributes);
     }
     $a->setNameId(array('Format' => $nameIdFormat, 'Value' => $nameIdValue, 'SPNameQualifier' => $spNameQualifier));
     return $a;
 }
开发者ID:hukumonline,项目名称:yii,代码行数:58,代码来源:Message.php


注:本文中的SimpleSAML_Utilities::generateID方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。