本文整理匯總了PHP中SimpleSAML_Utilities::validateXMLDocument方法的典型用法代碼示例。如果您正苦於以下問題:PHP SimpleSAML_Utilities::validateXMLDocument方法的具體用法?PHP SimpleSAML_Utilities::validateXMLDocument怎麽用?PHP SimpleSAML_Utilities::validateXMLDocument使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類SimpleSAML_Utilities
的用法示例。
在下文中一共展示了SimpleSAML_Utilities::validateXMLDocument方法的8個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: convert_metadata
function convert_metadata($xmldata)
{
$config = SimpleSAML_Configuration::getInstance();
if ($xmldata) {
$xmldata = htmlspecialchars_decode($xmldata);
SimpleSAML_Utilities::validateXMLDocument($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
foreach ($entities as &$entity) {
$entity = array('shib13-sp-remote' => $entity->getMetadata1xSP(), 'shib13-idp-remote' => $entity->getMetadata1xIdP(), 'saml20-sp-remote' => $entity->getMetadata20SP(), 'saml20-idp-remote' => $entity->getMetadata20IdP());
}
$output = array($entity['saml20-sp-remote']['entityid'] => $entity['saml20-sp-remote']);
} else {
$xmldata = '';
$output = array();
}
return $output;
}
示例2: decodeResponse
/**
* Decode a received response.
*
* @param array $post POST data received.
* @return SimpleSAML_XML_Shib13_AuthnResponse Response.
*/
public function decodeResponse($post)
{
assert('is_array($post)');
if (!array_key_exists('SAMLResponse', $post)) {
throw new Exception('Missing required SAMLResponse parameter.');
}
$rawResponse = $post['SAMLResponse'];
$samlResponseXML = base64_decode($rawResponse);
SimpleSAML_Utilities::debugMessage($samlResponseXML, 'in');
SimpleSAML_Utilities::validateXMLDocument($samlResponseXML, 'saml11');
$samlResponse = new SimpleSAML_XML_Shib13_AuthnResponse();
$samlResponse->setXML($samlResponseXML);
if (array_key_exists('TARGET', $post)) {
$samlResponse->setRelayState($post['TARGET']);
}
return $samlResponse;
}
示例3: requireOwnership
}
function requireOwnership($metadata, $userid)
{
if (!isset($metadata['owner'])) {
throw new Exception('Metadata has no owner. Which means no one is granted access, not even you.');
}
if ($metadata['owner'] !== $userid) {
throw new Exception('Metadata has an owner that is not equal to your userid, hence you are not granted access.');
}
}
if (array_key_exists('entityid', $_REQUEST)) {
$metadata = $mdh->getMetadata($_REQUEST['entityid'], 'saml20-sp-remote');
requireOwnership($metadata, $userid);
} elseif (array_key_exists('xmlmetadata', $_REQUEST)) {
$xmldata = $_REQUEST['xmlmetadata'];
SimpleSAML_Utilities::validateXMLDocument($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
$entity = array_pop($entities);
$metadata = $entity->getMetadata20SP();
} else {
$metadata = array('owner' => $userid);
}
$editor = new sspmod_metaedit_MetaEditor();
if (isset($_POST['submit'])) {
$editor->checkForm($_POST);
$metadata = $editor->formToMeta($_POST, array(), array('owner' => $userid));
if (isset($_REQUEST['was-entityid']) && $_REQUEST['was-entityid'] !== $metadata['entityid']) {
$premetadata = $mdh->getMetadata($_REQUEST['was-entityid'], 'saml20-sp-remote');
requireOwnership($premetadata, $userid);
$mdh->deleteMetadata($_REQUEST['was-entityid'], 'saml20-sp-remote');
}
示例4: array
* This should also be stored in your production datastore.
*/
$metadata_url_for = array();
foreach ($metadata_url_for as $idp_name => $metadata_url) {
/*
* Fetch SAML metadata from the URL.
* NOTE:
* SAML metadata changes very rarely. On a production system,
* this data should be cached as approprate for your production system.
*/
$metadata_xml = file_get_contents($metadata_url);
/*
* Parse the SAML metadata using SimpleSAMLphp's parser.
* See also: modules/metaedit/www/edit.php:34
*/
SimpleSAML_Utilities::validateXMLDocument($metadata_xml, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($metadata_xml);
$entity = array_pop($entities);
$idp = $entity->getMetadata20IdP();
$entity_id = $idp['entityid'];
/*
* Remove HTTP-POST endpoints from metadata,
* since we only want to make HTTP-GET AuthN requests.
*/
for ($x = 0; $x < sizeof($idp['SingleSignOnService']); $x++) {
$endpoint = $idp['SingleSignOnService'][$x];
if ($endpoint['Binding'] == 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST') {
unset($idp['SingleSignOnService'][$x]);
}
}
/*
示例5: transaleXMLToSsPHP
function transaleXMLToSsPHP($xmldata)
{
if (!empty($xmldata)) {
SimpleSAML_Utilities::validateXMLDocument($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
/* Get all metadata for the entities. */
foreach ($entities as &$entity) {
$entity = array('saml20-sp-remote' => $entity->getMetadata20SP(), 'saml20-idp-remote' => $entity->getMetadata20IdP());
}
/* Transpose from $entities[entityid][type] to $output[type][entityid]. */
$output = SimpleSAML_Utilities::transposeArray($entities);
/* Merge all metadata of each type to a single string which should be
* added to the corresponding file.
*/
foreach ($output as $type => &$entities) {
$text = '';
foreach ($entities as $entityId => $entityMetadata) {
if ($entityMetadata === NULL) {
continue;
}
/* Remove the entityDescriptor element because it is unused, and only
* makes the output harder to read.
*/
unset($entityMetadata['entityDescriptor']);
$text .= '$metadata[' . var_export($entityId, TRUE) . '] = ' . var_export($entityMetadata, TRUE) . ";\n";
}
$entities = $text;
}
} else {
$output = array();
}
return $output;
}
示例6: gsaml_send_auth_response
/**
* Accept a SAML Request and form a Response
* NOTE: that this function is Google Specific
*
*/
function gsaml_send_auth_response($samldata)
{
global $CFG, $SESSION, $USER;
SimpleSAML_Configuration::init($CFG->dirroot . '/auth/gsaml/config');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
try {
$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idmetaindex = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted', 'metaindex');
$idpmetadata = $metadata->getMetaDataCurrent('saml20-idp-hosted');
if (!array_key_exists('auth', $idpmetadata)) {
throw new Exception('Missing mandatory parameter in SAML 2.0 IdP Hosted Metadata: [auth]');
}
} catch (Exception $exception) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
/// SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService');
if (!$config->getValue('enable.saml20-idp', false)) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
}
$rawRequest = $samldata;
if (!empty($SESSION->samlrelaystate)) {
$relaystate = $SESSION->samlrelaystate;
} else {
$relaystate = NULL;
}
$decodedRequest = @base64_decode($rawRequest);
if (!$decodedRequest) {
throw new Exception('Could not base64 decode SAMLRequest GET parameter');
}
$samlRequestXML = @gzinflate($decodedRequest);
if (!$samlRequestXML) {
$error = error_get_last();
throw new Exception('Could not gzinflate base64 decoded SAMLRequest: ' . $error['message']);
}
SimpleSAML_Utilities::validateXMLDocument($samlRequestXML, 'saml20');
$samlRequest = new SimpleSAML_XML_SAML20_AuthnRequest($config, $metadata);
$samlRequest->setXML($samlRequestXML);
if (!is_null($relaystate)) {
$samlRequest->setRelayState($relaystate);
}
// $samlRequest presenting the request object
$authnrequest = $samlRequest;
if ($session == NULL) {
debugging('No SAML Session gsaml_send_auth_response', DEBUG_DEVELOPER);
return false;
// if this func returns we Know it's an error
}
if (!empty($USER->id)) {
// TODO: if moodle user is not the same as google user
// use the mapping
$username = $USER->username;
} else {
debugging('No User given to gsaml_send_auth_response', DEBUG_DEVELOPER);
return false;
}
//TODO: better errors
if (!($domain = get_config('auth/gsaml', 'domainname'))) {
debugging('No domain set in gsaml_send_auth_response', DEBUG_DEVELOPER);
return false;
// if this func returns we Know it's an error
}
$attributes['useridemail'] = array($username . '@' . $domain);
$session->doLogin('login');
// was login
$session->setAttributes($attributes);
$session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
$requestcache = array('RequestID' => $authnrequest->getRequestID(), 'Issuer' => $authnrequest->getIssuer(), 'ConsentCookie' => SimpleSAML_Utilities::generateID(), 'RelayState' => $authnrequest->getRelayState());
try {
$spentityid = $requestcache['Issuer'];
$spmetadata = $metadata->getMetaData($spentityid, 'saml20-sp-remote');
$sp_name = isset($spmetadata['name']) ? $spmetadata['name'] : $spentityid;
// TODO: Are we really tracking SP's???
//
// Adding this service provider to the list of sessions.
// Right now the list is used for SAML 2.0 only.
$session->add_sp_session($spentityid);
/// SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Sending back AuthnResponse to ' . $spentityid);
// TODO: handle passive situtation
// Rigth now I replaced $isPassive with isset($isPassive) to prevent notice on debug mode
if (isset($isPassive)) {
/* Generate an SAML 2.0 AuthNResponse message
With statusCode: urn:oasis:names:tc:SAML:2.0:status:NoPassive
*/
$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
$authnResponseXML = $ar->generate($idpentityid, $spentityid, $requestcache['RequestID'], null, array(), 'NoPassive');
// Sending the AuthNResponse using HTTP-Post SAML 2.0 binding
$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
$httppost->sendResponse($authnResponseXML, $idpentityid, $spentityid, $requestcache['RelayState']);
exit;
}
/*
* Attribute handling
*/
//.........這裏部分代碼省略.........
示例7: decodeLogoutResponse
public function decodeLogoutResponse($get)
{
if (!isset($get['SAMLResponse'])) {
throw new Exception('SAMLResponse parameter not set in paramter (on SAML 2.0 HTTP Redirect binding endpoint)');
}
$rawRequest = $get["SAMLResponse"];
/* Check if a RelayState was provided with the request. */
if (array_key_exists('RelayState', $get)) {
$relaystate = $get['RelayState'];
} else {
$relaystate = NULL;
}
$decodedRequest = @base64_decode($rawRequest);
if (!$decodedRequest) {
throw new Exception('Could not base64 decode SAMLRequest GET parameter');
}
$samlRequestXML = @gzinflate($decodedRequest);
if (!$samlRequestXML) {
$error = error_get_last();
throw new Exception('Could not gzinflate base64 decoded SAMLRequest: ' . $error['message']);
}
SimpleSAML_Utilities::validateXMLDocument($samlRequestXML, 'saml20');
$samlRequest = new SimpleSAML_XML_SAML20_LogoutResponse($this->configuration, $this->metadata);
$samlRequest->setXML($samlRequestXML);
if (isset($relaystate)) {
$samlRequest->setRelayState($relaystate);
}
#echo("Authn response = " . $samlResponse );
return $samlRequest;
}
示例8: decodeResponse
public function decodeResponse($post)
{
if (!isset($post["SAMLResponse"])) {
throw new Exception('Could not get SAMLResponse from Browser/POST. May be there is some redirection related problem on your server? In example apache redirecting the POST to http to a GET on https.');
}
$rawResponse = $post["SAMLResponse"];
$relaystate = $post["RelayState"];
$samlResponseXML = base64_decode($rawResponse);
SimpleSAML_Utilities::validateXMLDocument($samlResponseXML, 'saml20');
//error_log("Response is: " . $samlResponseXML);
$samlResponse = new SimpleSAML_XML_SAML20_AuthnResponse($this->configuration, $this->metadata);
$samlResponse->setXML($samlResponseXML);
if (isset($relaystate)) {
$samlResponse->setRelayState($relaystate);
}
#echo("Authn response = " . $samlResponse );
return $samlResponse;
}