Skip to content

Commit

Permalink
Release 2.2.6
Browse files Browse the repository at this point in the history
  • Loading branch information
@pitbulk
pitbulk committed Oct 14, 2016
1 parent a3b29d9 commit d03f8c0
Show file tree
Hide file tree
Showing 11 changed files with 466 additions and 113 deletions.
36 changes: 29 additions & 7 deletions onelogin_saml/lib/Saml2/Auth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie

$security = $this->_settings->getSecurityData();
if (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned']) {
$signature = $this->buildResponseSignature($logoutResponse, $parameters['RelayState'], $security['signatureAlgorithm']);
$signature = $this->buildResponseSignature($logoutResponse, isset($parameters['RelayState'])? $parameters['RelayState']: null, $security['signatureAlgorithm']);
$parameters['SigAlg'] = $security['signatureAlgorithm'];
$parameters['Signature'] = $signature;
}
Expand Down Expand Up @@ -475,9 +475,20 @@ public function buildRequestSignature($samlRequest, $relayState, $signAlgorithm
$objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private'));
$objKey->loadKey($key, false);

$msg = 'SAMLRequest='.urlencode($samlRequest);
$msg .= '&RelayState='.urlencode($relayState);
$msg .= '&SigAlg=' . urlencode($signAlgorithm);
$security = $this->_settings->getSecurityData();
if ($security['lowercaseUrlencoding']) {
$msg = 'SAMLRequest='.rawurlencode($samlRequest);
if (isset($relayState)) {
$msg .= '&RelayState='.rawurlencode($relayState);
}
$msg .= '&SigAlg=' . rawurlencode($signAlgorithm);
} else {
$msg = 'SAMLRequest='.urlencode($samlRequest);
if (isset($relayState)) {
$msg .= '&RelayState='.urlencode($relayState);
}
$msg .= '&SigAlg=' . urlencode($signAlgorithm);
}
$signature = $objKey->signData($msg);
return base64_encode($signature);
}
Expand Down Expand Up @@ -508,9 +519,20 @@ public function buildResponseSignature($samlResponse, $relayState, $signAlgorith
$objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private'));
$objKey->loadKey($key, false);

$msg = 'SAMLResponse='.urlencode($samlResponse);
$msg .= '&RelayState='.urlencode($relayState);
$msg .= '&SigAlg=' . urlencode($signAlgorithm);
$security = $this->_settings->getSecurityData();
if ($security['lowercaseUrlencoding']) {
$msg = 'SAMLResponse='.rawurlencode($samlResponse);
if (isset($relayState)) {
$msg .= '&RelayState='.rawurlencode($relayState);
}
$msg .= '&SigAlg=' . rawurlencode($signAlgorithm);
} else {
$msg = 'SAMLResponse='.urlencode($samlResponse);
if (isset($relayState)) {
$msg .= '&RelayState='.urlencode($relayState);
}
$msg .= '&SigAlg=' . urlencode($signAlgorithm);
}
$signature = $objKey->signData($msg);
return base64_encode($signature);
}
Expand Down
18 changes: 14 additions & 4 deletions onelogin_saml/lib/Saml2/AuthnRequest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,12 +137,22 @@ public function __construct(OneLogin_Saml2_Settings $settings, $forceAuthn = fal

/**
* Returns deflated, base64 encoded, unsigned AuthnRequest.
*
*
* @param bool|null $deflate Whether or not we should 'gzdeflate' the request body before we return it.
*/
public function getRequest()
public function getRequest($deflate = null)
{
$deflatedRequest = gzdeflate($this->_authnRequest);
$base64Request = base64_encode($deflatedRequest);
$subject = $this->_authnRequest;

if (is_null($deflate)) {
$deflate = $this->_settings->shouldCompressRequests();
}

if ($deflate) {
$subject = gzdeflate($this->_authnRequest);
}

$base64Request = base64_encode($subject);
return $base64Request;
}

Expand Down
29 changes: 20 additions & 9 deletions onelogin_saml/lib/Saml2/LogoutRequest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ public function __construct(OneLogin_Saml2_Settings $settings, $request = null,

$nameIdValue = OneLogin_Saml2_Utils::generateUniqueID();
$issueInstant = OneLogin_Saml2_Utils::parseTime2SAML(time());

$cert = null;
if (isset($security['nameIdEncrypted']) && $security['nameIdEncrypted']) {
$cert = $idpData['x509cert'];
Expand Down Expand Up @@ -110,12 +110,23 @@ public function __construct(OneLogin_Saml2_Settings $settings, $request = null,
/**
* Returns the Logout Request defated, base64encoded, unsigned
*
* @param bool|null $deflate Whether or not we should 'gzdeflate' the request body before we return it.
*
* @return string Deflated base64 encoded Logout Request
*/
public function getRequest()
public function getRequest($deflate = null)
{
$deflatedRequest = gzdeflate($this->_logoutRequest);
return base64_encode($deflatedRequest);
$subject = $this->_logoutRequest;

if (is_null($deflate)) {
$deflate = $this->_settings->shouldCompressRequests();
}

if ($deflate) {
$subject = gzdeflate($this->_logoutRequest);
}

return base64_encode($subject);
}

/**
Expand Down Expand Up @@ -143,7 +154,7 @@ public static function getID($request)
*
* @param string|DOMDocument $request Logout Request Message
* @param string|null $key The SP key
*
*
* @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
*
* @throws Exception
Expand Down Expand Up @@ -235,11 +246,11 @@ public static function getIssuer($request)
/**
* Gets the SessionIndexes from the Logout Request.
* Notice: Our Constructor only support 1 SessionIndex but this parser
* extracts an array of all the SessionIndex found on a
* extracts an array of all the SessionIndex found on a
* Logout Request, that could be many.
*
* @param string|DOMDocument $request Logout Request Message
*
*
* @return array The SessionIndex value
*/
public static function getSessionIndexes($request)
Expand Down Expand Up @@ -283,7 +294,7 @@ public function isValid($retrieveParametersFromServer=false)
throw new Exception("Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd");
}
}

$currentURL = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery();

// Check NotOnOrAfter
Expand Down Expand Up @@ -375,7 +386,7 @@ public function isValid($retrieveParametersFromServer=false)

/* After execute a validation process, if fails this method returns the cause
*
* @return string Cause
* @return string Cause
*/
public function getError()
{
Expand Down
26 changes: 18 additions & 8 deletions onelogin_saml/lib/Saml2/LogoutResponse.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,13 +71,13 @@ public function getIssuer()

/**
* Gets the Status of the Logout Response.
*
*
* @return string The Status
*/
public function getStatus()
{
$entries = $this->_query('/samlp:LogoutResponse/samlp:Status/samlp:StatusCode');
if ($entries->length == 0) {
if ($entries->length != 1) {
return null;
}
$status = $entries->item(0)->getAttribute('Value');
Expand Down Expand Up @@ -213,7 +213,7 @@ private function _query($query)
/**
* Generates a Logout Response object.
*
* @param string $inResponseTo InResponseTo value for the Logout Response.
* @param string $inResponseTo InResponseTo value for the Logout Response.
*/
public function build($inResponseTo)
{
Expand Down Expand Up @@ -244,18 +244,28 @@ public function build($inResponseTo)

/**
* Returns a Logout Response object.
*
*
* @param bool|null $deflate Whether or not we should 'gzdeflate' the response body before we return it.
*
* @return string Logout Response deflated and base64 encoded
*/
public function getResponse()
public function getResponse($deflate = null)
{
$deflatedResponse = gzdeflate($this->_logoutResponse);
return base64_encode($deflatedResponse);
$subject = $this->_logoutResponse;

if (is_null($deflate)) {
$deflate = $this->_settings->shouldCompressResponses();
}

if ($deflate) {
$subject = gzdeflate($this->_logoutResponse);
}
return base64_encode($subject);
}

/* After execute a validation process, if fails this method returns the cause.
*
* @return string Cause
* @return string Cause
*/
public function getError()
{
Expand Down
58 changes: 56 additions & 2 deletions onelogin_saml/lib/Saml2/Metadata.php
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<?php

/**
* Metadata lib of OneLogin PHP Toolkit
*
Expand Down Expand Up @@ -58,6 +58,7 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
}

$strOrganization = '';

if (!empty($organization)) {
$organizationInfoNames = array();
$organizationInfoDisplaynames = array();
Expand Down Expand Up @@ -96,6 +97,58 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
$strContacts = "\n".implode("\n", $contactsInfo);
}

$strAttributeConsumingService = '';
if (isset($sp['attributeConsumingService'])) {
$attrCsDesc = '';
if (isset($sp['attributeConsumingService']['serviceDescription'])) {
$attrCsDesc = sprintf(
' <md:ServiceDescription xml:lang="en">%s</md:ServiceDescription>' . PHP_EOL,
$sp['attributeConsumingService']['serviceDescription']
);
}
if (!isset($sp['attributeConsumingService']['serviceName'])) {
$sp['attributeConsumingService']['serviceName'] = 'Service';
}
$requestedAttributeData = array();
foreach ($sp['attributeConsumingService']['requestedAttributes'] as $attribute) {
$requestedAttributeStr = sprintf(' <md:RequestedAttribute Name="%s"', $attribute['name']);
if (isset($attribute['nameFormat'])) {
$requestedAttributeStr .= sprintf(' NameFormat="%s"', $attribute['nameFormat']);
}
if (isset($attribute['friendlyName'])) {
$requestedAttributeStr .= sprintf(' FriendlyName="%s"', $attribute['friendlyName']);
}
if (isset($attribute['isRequired'])) {
$requestedAttributeStr .= sprintf(' isRequired="%s"', $attribute['isRequired'] === true ? 'true' : 'false');
}
$reqAttrAuxStr = " />";

if (isset($attribute['attributeValue']) && !empty($attribute['attributeValue'])) {
$reqAttrAuxStr = '>';
if (is_string($attribute['attributeValue'])) {
$attribute['attributeValue'] = array($attribute['attributeValue']);
}
foreach ($attribute['attributeValue'] as $attrValue) {
$reqAttrAuxStr .=<<<ATTRIBUTEVALUE
<saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">{$attrValue}</saml:AttributeValue>
ATTRIBUTEVALUE;
}
$reqAttrAuxStr .= "\n </md:RequestedAttribute>";
}

$requestedAttributeData[] = $requestedAttributeStr . $reqAttrAuxStr;
}

$requestedAttributeStr = implode(PHP_EOL, $requestedAttributeData);
$strAttributeConsumingService = <<<METADATA_TEMPLATE
<md:AttributeConsumingService index="1">
<md:ServiceName xml:lang="en">{$sp['attributeConsumingService']['serviceName']}</md:ServiceName>
{$attrCsDesc}{$requestedAttributeStr}
</md:AttributeConsumingService>
METADATA_TEMPLATE;
}

$metadata = <<<METADATA_TEMPLATE
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
Expand All @@ -107,6 +160,7 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
<md:AssertionConsumerService Binding="{$sp['assertionConsumerService']['binding']}"
Location="{$sp['assertionConsumerService']['url']}"
index="1" />
{$strAttributeConsumingService}
</md:SPSSODescriptor>{$strOrganization}{$strContacts}
</md:EntityDescriptor>
METADATA_TEMPLATE;
Expand Down Expand Up @@ -159,7 +213,7 @@ public static function addX509KeyDescriptors($metadata, $cert, $wantsEncrypted =

$keyInfo = $xml->createElementNS(OneLogin_Saml2_Constants::NS_DS, 'ds:KeyInfo');
$keyInfo->appendChild($keyData);

$keyDescriptor = $xml->createElementNS(OneLogin_Saml2_Constants::NS_MD, "md:KeyDescriptor");

$SPSSODescriptor = $xml->getElementsByTagName('SPSSODescriptor')->item(0);
Expand Down
Loading

0 comments on commit d03f8c0

Please sign in to comment.