本文整理汇总了PHP中SimpleSAML_Utilities::generateID方法的典型用法代码示例。如果您正苦于以下问题:PHP SimpleSAML_Utilities::generateID方法的具体用法?PHP SimpleSAML_Utilities::generateID怎么用?PHP SimpleSAML_Utilities::generateID使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SimpleSAML_Utilities
的用法示例。
在下文中一共展示了SimpleSAML_Utilities::generateID方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: login
/**
* Start a login operation.
*
* @param array $params Various options to the authentication request.
*/
public function login(array $params = array())
{
if (array_key_exists('KeepPost', $params)) {
$keepPost = (bool) $params['KeepPost'];
} else {
$keepPost = TRUE;
}
if (!isset($params['ReturnTo']) && !isset($params['ReturnCallback'])) {
$params['ReturnTo'] = SimpleSAML_Utilities::selfURL();
}
if (isset($params['ReturnTo']) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
$params['ReturnTo'] = SimpleSAML_Utilities::createPostRedirectLink($params['ReturnTo'], $_POST);
}
$session = SimpleSAML_Session::getInstance();
$authnRequest = array('IsPassive' => isset($params['isPassive']) ? $params['isPassive'] : FALSE, 'ForceAuthn' => isset($params['ForceAuthn']) ? $params['ForceAuthn'] : FALSE, 'core:State' => $params, 'core:prevSession' => $session->getAuthData($this->authority, 'AuthnInstant'), 'core:authority' => $this->authority);
if (isset($params['saml:RequestId'])) {
$authnRequest['RequestID'] = $params['saml:RequestId'];
}
if (isset($params['SPMetadata']['entityid'])) {
$authnRequest['Issuer'] = $params['SPMetadata']['entityid'];
}
if (isset($params['saml:RelayState'])) {
$authnRequest['RelayState'] = $params['saml:RelayState'];
}
if (isset($params['saml:IDPList'])) {
$authnRequest['IDPList'] = $params['saml:IDPList'];
}
$authId = SimpleSAML_Utilities::generateID();
$session->setAuthnRequest('saml2', $authId, $authnRequest);
$relayState = SimpleSAML_Module::getModuleURL('core/bwc_resumeauth.php', array('RequestID' => $authId));
$config = SimpleSAML_Configuration::getInstance();
$authurl = '/' . $config->getBaseURL() . $this->auth;
SimpleSAML_Utilities::redirect($authurl, array('RelayState' => $relayState, 'AuthId' => $authId, 'protocol' => 'saml2'));
}
示例2: __construct
function __construct(SimpleSAML_Configuration $configuration, SimpleSAML_Metadata_MetaDataStorageHandler $metadatastore)
{
$this->configuration = $configuration;
$this->metadata = $metadatastore;
/* Generate request id. */
$this->id = SimpleSAML_Utilities::generateID();
}
示例3: new_access_token
function new_access_token($requestToken, $consumer)
{
SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
$token = new OAuthToken(SimpleSAML_Utilities::generateID(), SimpleSAML_Utilities::generateID());
// SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ',' . $token . ')');
$this->store->set('access', $token->key, $consumer->key, $token, $this->config->getValue('accessTokenDuration', 60 * 60 * 24));
return $token;
}
示例4: buildRequest
/**
* Build the request we will send to the IdP.
*
* @param array $artifacts The artifacts we will request.
* @return string The request, as an XML string.
*/
private static function buildRequest(array $artifacts)
{
$msg = '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">' . '<SOAP-ENV:Body>' . '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"' . ' RequestID="' . SimpleSAML_Utilities::generateID() . '"' . ' MajorVersion="1" MinorVersion="1"' . ' IssueInstant="' . SimpleSAML_Utilities::generateTimestamp() . '"' . '>';
foreach ($artifacts as $a) {
$msg .= '<samlp:AssertionArtifact>' . htmlspecialchars($a) . '</samlp:AssertionArtifact>';
}
$msg .= '</samlp:Request>' . '</SOAP-ENV:Body>' . '</SOAP-ENV:Envelope>';
return $msg;
}
示例5: ADFS_GenerateResponse
function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes)
{
# $nameid = 'hans@surfnet.nl';
$issueInstant = SimpleSAML_Utilities::generateTimestamp();
$notBefore = SimpleSAML_Utilities::generateTimestamp(time() - 30);
$assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);
$assertionID = SimpleSAML_Utilities::generateID();
$nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
$result = '<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken>
<saml:Assertion Issuer="' . $issuer . '" IssueInstant="' . $issueInstant . '" AssertionID="' . $assertionID . '" MinorVersion="1" MajorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotOnOrAfter="' . $assertionExpire . '" NotBefore="' . $notBefore . '">
<saml:AudienceRestrictionCondition>
<saml:Audience>' . $target . '</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="' . $issueInstant . '">
<saml:Subject>
<saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
</saml:Subject>';
foreach ($attributes as $name => $values) {
if (!is_array($values) || count($values) == 0) {
continue;
}
$hasValue = FALSE;
$r = '<saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="' . htmlspecialchars($name) . '">';
foreach ($values as $value) {
if (!isset($value) or $value === '') {
continue;
}
$r .= '<saml:AttributeValue>' . htmlspecialchars($value) . '</saml:AttributeValue>';
$hasValue = TRUE;
}
$r .= '</saml:Attribute>';
if ($hasValue) {
$result .= $r;
}
}
$result .= '
</saml:AttributeStatement>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsa:Address>' . $target . '</wsa:Address>
</wsa:EndpointReference></wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>';
return $result;
}
示例6: getStateId
/**
* Retrieve the ID of a state array.
*
* Note that this function will not save the state.
*
* @param array &$state The state array.
* @param bool $rawId Return a raw ID, without a restart URL. Defaults to FALSE.
* @return string Identifier which can be used to retrieve the state later.
*/
public static function getStateId(&$state, $rawId = FALSE)
{
assert('is_array($state)');
assert('is_bool($rawId)');
if (!array_key_exists(self::ID, $state)) {
$state[self::ID] = SimpleSAML_Utilities::generateID();
}
$id = $state[self::ID];
if ($rawId || !array_key_exists(self::RESTART, $state)) {
/* Either raw ID or no restart URL. In any case, return the raw ID. */
return $id;
}
/* We have a restart URL. Return the ID with that URL. */
return $id . ':' . $state[self::RESTART];
}
示例7: saveState
/**
* Save the state.
*
* This function saves the state, and returns an id which can be used to
* retrieve it later. It will also update the $state array with the identifier.
*
* @param array &$state The login request state.
* @param string $stage The current stage in the login process.
* @param bool $rawId Return a raw ID, without a restart URL.
* @return string Identifier which can be used to retrieve the state later.
*/
public static function saveState(&$state, $stage, $rawId = FALSE)
{
assert('is_array($state)');
assert('is_string($stage)');
assert('is_bool($rawId)');
/* Save stage. */
$state[self::STAGE] = $stage;
if (!array_key_exists(self::ID, $state)) {
$state[self::ID] = SimpleSAML_Utilities::generateID();
}
$id = $state[self::ID];
/* Embed the restart URL in the state identifier, if it is available. */
if (array_key_exists(self::RESTART, $state) && !$rawId) {
assert('is_string($state[self::RESTART])');
$return = $id . ':' . $state[self::RESTART];
} else {
$return = $id;
}
$serializedState = serialize($state);
$session = SimpleSAML_Session::getInstance();
$session->setData('SimpleSAML_Auth_State', $id, $serializedState, 60 * 60);
return $return;
}
示例8: doLogin
/**
* Marks the user as logged in with the specified authority.
*
* If the user already has logged in, the user will be logged out first.
*
* @param string $authority The authority the user logged in with.
* @param array|NULL $data The authentication data for this authority.
*/
public function doLogin($authority, array $data = NULL)
{
assert('is_string($authority)');
assert('is_array($data) || is_null($data)');
SimpleSAML_Logger::debug('Session: doLogin("' . $authority . '")');
$this->dirty = TRUE;
if (isset($this->authData[$authority])) {
/* We are already logged in. Log the user out first. */
$this->doLogout($authority);
}
if ($data === NULL) {
$data = array();
}
$data['Authority'] = $authority;
$globalConfig = SimpleSAML_Configuration::getInstance();
if (!isset($data['AuthnInstant'])) {
$data['AuthnInstant'] = time();
}
$maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
/* Unset, or beyond our session lifetime. Clamp it to our maximum session lifetime. */
$data['Expire'] = $maxSessionExpire;
}
$this->authData[$authority] = $data;
$this->authority = $authority;
$this->authToken = SimpleSAML_Utilities::generateID();
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) && $globalConfig->getBoolean('session.rememberme.enable', FALSE)) {
$this->setRememberMeExpire();
} else {
$sessionHandler->setCookie($globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), $this->authToken);
}
}
示例9: requireOwnership
}
function requireOwnership($entry, $userid)
{
if (!isset($entry['owner'])) {
throw new Exception('OAuth Consumer has no owner. Which means no one is granted access, not even you.');
}
if ($entry['owner'] !== $userid) {
throw new Exception('OAuth Consumer has an owner that is not equal to your userid, hence you are not granted access.');
}
}
if (array_key_exists('editkey', $_REQUEST)) {
$entryc = $store->get('consumers', $_REQUEST['editkey'], '');
$entry = $entryc['value'];
requireOwnership($entry, $userid);
} else {
$entry = array('owner' => $userid, 'key' => SimpleSAML_Utilities::generateID(), 'secret' => SimpleSAML_Utilities::generateID());
}
$editor = new sspmod_oauth_Registry();
if (isset($_POST['submit'])) {
$editor->checkForm($_POST);
$entry = $editor->formToMeta($_POST, array(), array('owner' => $userid));
requireOwnership($entry, $userid);
# echo('<pre>Created: '); print_r($entry); exit;
$store->set('consumers', $entry['key'], '', $entry);
$template = new SimpleSAML_XHTML_Template($config, 'oauth:registry.saved.php');
$template->data['entry'] = $entry;
$template->show();
exit;
}
$form = $editor->metaToForm($entry);
$template = new SimpleSAML_XHTML_Template($config, 'oauth:registry.edit.tpl.php');
示例10: createPostRedirectLink
/**
* Create a link which will POST data.
*
* @param string $destination The destination URL.
* @param array $post The name-value pairs which will be posted to the destination.
* @return string An URL which can be accessed to post the data.
*/
public static function createPostRedirectLink($destination, $post)
{
assert('is_string($destination)');
assert('is_array($post)');
$id = SimpleSAML_Utilities::generateID();
$postData = array('post' => $post, 'url' => $destination);
$session = SimpleSAML_Session::getInstance();
$session->setData('core_postdatalink', $id, $postData);
return SimpleSAML_Module::getModuleURL('core/postredirect.php', array('RedirId' => $id));
}
示例11: generate
/**
* Build a authentication response.
*
* @param array $idp Metadata for the IdP the response is sent from.
* @param array $sp Metadata for the SP the response is sent to.
* @param string $shire The endpoint on the SP the response is sent to.
* @param array|NULL $attributes The attributes which should be included in the response.
* @return string The response.
*/
public function generate(SimpleSAML_Configuration $idp, SimpleSAML_Configuration $sp, $shire, $attributes)
{
assert('is_string($shire)');
assert('$attributes === NULL || is_array($attributes)');
if ($sp->hasValue('scopedattributes')) {
$scopedAttributes = $sp->getArray('scopedattributes');
} elseif ($idp->hasValue('scopedattributes')) {
$scopedAttributes = $idp->getArray('scopedattributes');
} else {
$scopedAttributes = array();
}
$id = SimpleSAML_Utilities::generateID();
$issueInstant = SimpleSAML_Utilities::generateTimestamp();
// 30 seconds timeskew back in time to allow differing clocks.
$notBefore = SimpleSAML_Utilities::generateTimestamp(time() - 30);
$assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);
# 5 minutes
$assertionid = SimpleSAML_Utilities::generateID();
$spEntityId = $sp->getString('entityid');
$audience = $sp->getString('audience', $spEntityId);
$base64 = $sp->getBoolean('base64attributes', FALSE);
$namequalifier = $sp->getString('NameQualifier', $spEntityId);
$nameid = SimpleSAML_Utilities::generateID();
$subjectNode = '<Subject>' . '<NameIdentifier' . ' Format="urn:mace:shibboleth:1.0:nameIdentifier"' . ' NameQualifier="' . htmlspecialchars($namequalifier) . '"' . '>' . htmlspecialchars($nameid) . '</NameIdentifier>' . '<SubjectConfirmation>' . '<ConfirmationMethod>' . 'urn:oasis:names:tc:SAML:1.0:cm:bearer' . '</ConfirmationMethod>' . '</SubjectConfirmation>' . '</Subject>';
$encodedattributes = '';
if (is_array($attributes)) {
$encodedattributes .= '<AttributeStatement>';
$encodedattributes .= $subjectNode;
foreach ($attributes as $name => $value) {
$encodedattributes .= $this->enc_attribute($name, $value, $base64, $scopedAttributes);
}
$encodedattributes .= '</AttributeStatement>';
}
/*
* The SAML 1.1 response message
*/
$response = '<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="' . $issueInstant . '"
MajorVersion="1" MinorVersion="1"
Recipient="' . htmlspecialchars($shire) . '" ResponseID="' . $id . '">
<Status>
<StatusCode Value="samlp:Success" />
</Status>
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="' . $assertionid . '" IssueInstant="' . $issueInstant . '"
Issuer="' . htmlspecialchars($idp->getString('entityid')) . '" MajorVersion="1" MinorVersion="1">
<Conditions NotBefore="' . $notBefore . '" NotOnOrAfter="' . $assertionExpire . '">
<AudienceRestrictionCondition>
<Audience>' . htmlspecialchars($audience) . '</Audience>
</AudienceRestrictionCondition>
</Conditions>
<AuthenticationStatement AuthenticationInstant="' . $issueInstant . '"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">' . $subjectNode . '
</AuthenticationStatement>
' . $encodedattributes . '
</Assertion>
</Response>';
return $response;
}
示例12: str_replace
}
$dn = $ldap->searchfordn($ldapconfig['search.base'], $ldapconfig['search.attributes'], $_POST['username']);
} else {
$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern']);
}
$pwd = $_POST['password'];
$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['hostname'], $ldapconfig['enable_tls']);
if ($pwd == "" or !$ldap->bind($dn, $pwd)) {
SimpleSAML_Logger::info('AUTH - ldap-multi: ' . $_POST['username'] . ' failed to authenticate. DN=' . $dn);
throw new Exception('Wrong username or password');
}
$attributes = $ldap->getAttributes($dn, $ldapconfig['attributes']);
SimpleSAML_Logger::info('AUTH - ldap-multi: ' . $_POST['username'] . ' successfully authenticated');
$session->doLogin('login-ldapmulti');
$session->setAttributes($attributes);
$session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes)) {
SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
} else {
SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
}
$returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirect($returnto);
} catch (Exception $e) {
$error = $e->getMessage();
}
示例13: __construct
/**
* Constructor for SAML 2 assertions.
*
* @param DOMElement|NULL $xml The input assertion.
*/
public function __construct(DOMElement $xml = NULL)
{
$this->id = SimpleSAML_Utilities::generateID();
$this->issueInstant = time();
$this->issuer = '';
$this->authnInstant = time();
$this->attributes = array();
$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
$this->certificates = array();
$this->AuthenticatingAuthority = array();
$this->SubjectConfirmation = array();
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('ID')) {
throw new Exception('Missing ID attribute on SAML assertion.');
}
$this->id = $xml->getAttribute('ID');
if ($xml->getAttribute('Version') !== '2.0') {
/* Currently a very strict check. */
throw new Exception('Unsupported version: ' . $xml->getAttribute('Version'));
}
$this->issueInstant = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('IssueInstant'));
$issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer');
if (empty($issuer)) {
throw new Exception('Missing <saml:Issuer> in assertion.');
}
$this->issuer = trim($issuer[0]->textContent);
$this->parseSubject($xml);
$this->parseConditions($xml);
$this->parseAuthnStatement($xml);
$this->parseAttributes($xml);
$this->parseEncryptedAttributes($xml);
$this->parseSignature($xml);
}
示例14: PrepSAMLAssertion
public static function PrepSAMLAssertion(&$saml_xml_request)
{
//
// Gather inputs needed during assembly of SAML Assertion (e.g., keys, certs, timestamps, IDs_
//
$DateTimeNow = new DateTime(null, new DateTimeZone("UTC"));
$DateTimeNowString = $DateTimeNow->format("Y-m-d\\TH:i:s.B\\Z");
$DateTime15Min = new DateTime(null, new DateTimeZone("UTC"));
$DateTime15Min->modify('+900 sec');
$DateTime15MinString = $DateTime15Min->format("Y-m-d\\TH:i:s.B\\Z");
$SAMLParams = array();
$SAMLParams['IssueInstant'] = $DateTimeNowString;
$SAMLParams['Issuer'] = SAML_IDENTITY_PROVIDER_ID;
$SAMLParams['ID'] = SimpleSAML_Utilities::generateID();
$SAMLParams['NameID'] = SAML_NAME_ID;
$SAMLParams['NotBefore'] = $DateTimeNowString;
$SAMLParams['NotOnOrAfter'] = $DateTime15MinString;
$SAMLParams['AuthnInstant'] = $DateTimeNowString;
$SAMLParams['Audience'] = SAML_IDENTITY_PROVIDER_ID;
$SAMLParams['x509'] = file_get_contents(SAML_X509_CERT_PATH);
$SAMLParams['private_key'] = file_get_contents(SAML_X509_PRIVATE_KEY_PATH);
//
// Assemble DOM containing correct SAML assertion
//
$xml = new DOMDocument('1.0', 'utf-8');
// Assertion
$assertion = $xml->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml2:Assertion');
$assertion->setAttribute('ID', $SAMLParams['ID']);
$assertion->setAttribute('Version', '2.0');
$assertion->setAttribute('IssueInstant', $SAMLParams['IssueInstant']);
$xml->appendChild($assertion);
// Issuer
$issuer = $xml->createElement('saml2:Issuer', $SAMLParams['Issuer']);
$assertion->appendChild($issuer);
// Subject + NameID + SubjectConfirmation
$subject = $xml->createElement('saml2:Subject');
$assertion->appendChild($subject);
// NameID
$nameid = $xml->createElement('saml2:NameID', $SAMLParams['NameID']);
$nameid->setAttribute('Format', 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified');
$subject->appendChild($nameid);
// SubjectConfirmation
$confirmation = $xml->createElement('saml2:SubjectConfirmation');
$confirmation->setAttribute('Method', 'urn:oasis:names:tc:SAML:2.0:cm:bearer');
$subject->appendChild($confirmation);
// Conditions + AudienceRestriction + Audience
$condition = $xml->createElement('saml2:Conditions');
$condition->setAttribute('NotBefore', $SAMLParams['NotBefore']);
$condition->setAttribute('NotOnOrAfter', $SAMLParams['NotOnOrAfter']);
$assertion->appendChild($condition);
// AudienceRestriction
$audiencer = $xml->createElement('saml2:AudienceRestriction');
$condition->appendChild($audiencer);
// Audience
$audience = $xml->createElement('saml2:Audience', $SAMLParams['Audience']);
$audiencer->appendChild($audience);
// AuthnStatement + AuthnContext + AuthnContextClassRef
$authnstat = $xml->createElement('saml2:AuthnStatement');
$authnstat->setAttribute('AuthnInstant', $SAMLParams['AuthnInstant']);
$authnstat->setAttribute('SessionIndex', $SAMLParams['ID']);
$assertion->appendChild($authnstat);
// AuthnContext
$authncontext = $xml->createElement('saml2:AuthnContext');
$authnstat->appendChild($authncontext);
// AuthnContextClassRef
$authncontext_ref = $xml->createElement('saml2:AuthnContextClassRef', 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified');
$authncontext->appendChild($authncontext_ref);
//Private KEY
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$objKey->loadKey($SAMLParams['private_key']);
//Sign the Assertion
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($assertion), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('URI' => 'ID', 'overwrite' => false, 'id_name' => 'ID'));
$objXMLSecDSig->sign($objKey);
$objXMLSecDSig->add509Cert($SAMLParams['x509']);
$objXMLSecDSig->insertSignature($assertion, $subject);
$saml = $xml->saveXML();
//
// Change Reference URI locally (considered changing 'xmlseclibs.php', but
// that seemed inappropriate)
//
preg_match("/<ds:Reference URI=\"#(.+?)\">/is", $saml, $URI);
$saml = str_replace("Id=\"" . $URI[1] . "\"", "", $saml);
$saml = str_replace($URI[1], $SAMLParams["ID"], $saml);
//
// Prepare Base64-Encoded SAML Assertion request body based on DOM
//
$saml = str_replace('<?xml version="1.0" encoding="utf-8"?>', '', $saml);
$saml_xml_request = base64_encode(stripslashes($saml));
}
示例15: buildAssertion
/**
* Build an assertion based on information in the metadata.
*
* @param SimpleSAML_Configuration $srcMetadata The metadata of the sender (IdP).
* @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient (SP).
* @param array $attributes The attributes of the user
* @return SAML2_Assertion The assertion.
*/
public static function buildAssertion(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, array $attributes, $consumerURL)
{
$signAssertion = $dstMetadata->getBoolean('saml20.sign.assertion', NULL);
if ($signAssertion === NULL) {
$signAssertion = $srcMetadata->getBoolean('saml20.sign.assertion', TRUE);
}
$config = SimpleSAML_Configuration::getInstance();
$a = new SAML2_Assertion();
if ($signAssertion) {
self::addSign($srcMetadata, $dstMetadata, $a);
}
$a->setIssuer($srcMetadata->getString('entityid'));
$a->setDestination($consumerURL);
$a->setValidAudiences(array($dstMetadata->getString('entityid')));
$a->setNotBefore(time() - 30);
$assertionLifetime = $dstMetadata->getInteger('assertion.lifetime', NULL);
if ($assertionLifetime === NULL) {
$assertionLifetime = $srcMetadata->getInteger('assertion.lifetime', 300);
}
$a->setNotOnOrAfter(time() + $assertionLifetime);
$a->setAuthnContext(SAML2_Const::AC_PASSWORD);
$sessionLifetime = $config->getInteger('session.duration', 8 * 60 * 60);
$a->setSessionNotOnOrAfter(time() + $sessionLifetime);
$session = SimpleSAML_Session::getInstance();
$sessionIndex = $session->getSessionIndex();
$a->setSessionIndex($sessionIndex);
/* Add attributes. */
if ($dstMetadata->getBoolean('simplesaml.attributes', TRUE)) {
$attributeNameFormat = $dstMetadata->getString('AttributeNameFormat', NULL);
if ($attributeNameFormat === NULL) {
$attributeNameFormat = $srcMetadata->getString('AttributeNameFormat', 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic');
}
$a->setAttributeNameFormat($attributeNameFormat);
$attributes = self::encodeAttributes($srcMetadata, $dstMetadata, $attributes);
$a->setAttributes($attributes);
}
/* Generate the NameID for the assertion. */
$nameIdFormat = $dstMetadata->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
$spNameQualifier = $dstMetadata->getString('SPNameQualifier', NULL);
if ($spNameQualifier === NULL) {
$spNameQualifier = $dstMetadata->getString('entityid');
}
if ($nameIdFormat === SAML2_Const::NAMEID_TRANSIENT) {
$nameIdValue = SimpleSAML_Utilities::generateID();
} else {
$nameIdValue = self::generateNameIdValue($srcMetadata, $dstMetadata, $attributes);
}
$a->setNameId(array('Format' => $nameIdFormat, 'Value' => $nameIdValue, 'SPNameQualifier' => $spNameQualifier));
return $a;
}