Skip to content

Commit dfc629a

Browse files
tvdijentvdijen
committed
Migrate saml:NameID, saml:Issuer and samlp:RequestedAuthnContext to new interface
1 parent ce19626 commit dfc629a

11 files changed

Lines changed: 100 additions & 113 deletions

File tree

composer.lock

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/core/src/Auth/Process/TargetedID.php

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -142,16 +142,12 @@ public function process(array &$state): void
142142

143143
if ($this->generateNameId) {
144144
// Convert the targeted ID to a SAML 2.0 name identifier element
145-
$nameId = new NameID();
146-
$nameId->setValue($uid);
147-
$nameId->setFormat(C::NAMEID_PERSISTENT);
148-
149-
if (isset($state['Source']['entityid'])) {
150-
$nameId->setNameQualifier($state['Source']['entityid']);
151-
}
152-
if (isset($state['Destination']['entityid'])) {
153-
$nameId->setSPNameQualifier($state['Destination']['entityid']);
154-
}
145+
$nameId = new NameID(
146+
value: $uid,
147+
Format: C::NAMEID_PERSISTENT,
148+
NameQualifier: $state['Source']['entityid'] ?? null,
149+
SPNameQualifier: $state['Destination']['entityid'] ?? null,
150+
);
155151
} else {
156152
$nameId = $uid;
157153
}

modules/saml/src/Auth/Process/NameIDAttribute.php

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
use SimpleSAML\{Auth, Error};
88
use SimpleSAML\Assert\Assert;
99
use SimpleSAML\SAML2\Constants as C;
10+
use SimpleSAML\SAML2\XML\saml\NameID;
1011

1112
use function call_user_func;
1213
use function strpos;
@@ -90,7 +91,7 @@ private static function parseFormat(string $format): array
9091
$ret[] = 'SPNameQualifier';
9192
break;
9293
case 'V':
93-
$ret[] = 'Value';
94+
$ret[] = 'Content';
9495
break;
9596
case '%':
9697
$ret[] = '%';
@@ -122,18 +123,15 @@ public function process(array &$state): void
122123
}
123124

124125
$rep = $state['saml:sp:NameID'];
125-
Assert::notNull($rep->getValue());
126+
Assert::isInstanceOf($rep, NameID::class);
127+
$arr = $rep->toArray();
126128

127-
if ($rep->getFormat() === null) {
128-
$rep->setFormat(C::NAMEID_UNSPECIFIED);
129-
}
129+
$arr['Format'] = $arr['Format'] ?? C::NAMEID_UNSPECIFIED;
130+
$arr['NameQualifier'] = $arr['NameQualifier'] ?? $state['Source']['entityid'];
131+
$arr['SPNameQualifier'] = $arr['SPNameQualifier'] ?? $state['Destination']['entityid'];
130132

131-
if ($rep->getSPNameQualifier() === null) {
132-
$rep->setSPNameQualifier($state['Source']['entityid']);
133-
}
134-
if ($rep->getNameQualifier() === null) {
135-
$rep->setNameQualifier($state['Destination']['entityid']);
136-
}
133+
$rep = NameID::fromArray($arr);
134+
$state['saml:sp:NameID'] = $rep;
137135

138136
$value = '';
139137
$isString = true;

modules/saml/src/Auth/Source/SP.php

Lines changed: 8 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -14,14 +14,16 @@
1414
use SimpleSAML\SAML2\Exception\Protocol\{NoAvailableIDPException, NoPassiveException, NoSupportedIDPException};
1515
use SimpleSAML\SAML2\XML\md\ContactPerson;
1616
use SimpleSAML\SAML2\XML\saml\NameID;
17-
use SimpleSAML\SAML2\XML\samlp\{Extensions, IDPEntry, IDPList, RequesterID, Scoping};
17+
use SimpleSAML\SAML2\XML\saml\{AuthnContextClassRef};
18+
use SimpleSAML\SAML2\XML\samlp\{Extensions, IDPEntry, IDPList, RequestedAuthnContext, RequesterID, Scoping};
1819
use SimpleSAML\Store\StoreFactory;
1920
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
2021
use Symfony\Component\HttpFoundation\{RedirectResponse, Request, Response};
2122

2223
use function array_intersect;
2324
use function array_key_exists;
2425
use function array_keys;
26+
use function array_map;
2527
use function call_user_func;
2628
use function count;
2729
use function in_array;
@@ -469,6 +471,7 @@ private function startSSO2(Configuration $idpMetadata, array $state): Response
469471
$accr = null;
470472
if ($idpMetadata->getOptionalString('AuthnContextClassRef', null) !== null) {
471473
$accr = $arrayUtils->arrayize($idpMetadata->getString('AuthnContextClassRef'));
474+
$accr = array_map(fn($value): AuthnContextClassRef => new AuthnContextClassRef($value), $accr);
472475
} elseif (isset($state['saml:AuthnContextClassRef'])) {
473476
$accr = $arrayUtils->arrayize($state['saml:AuthnContextClassRef']);
474477
}
@@ -488,7 +491,9 @@ private function startSSO2(Configuration $idpMetadata, array $state): Response
488491
) {
489492
$comp = $state['saml:AuthnContextComparison'];
490493
}
491-
$ar->setRequestedAuthnContext(['AuthnContextClassRef' => $accr, 'Comparison' => $comp]);
494+
$ar->setRequestedAuthnContext(
495+
new RequestedAuthnContext($accr, $comp),
496+
);
492497
} elseif (
493498
$this->passAuthnContextClassRef
494499
&& isset($state['saml:RequestedAuthnContext'])
@@ -534,26 +539,7 @@ private function startSSO2(Configuration $idpMetadata, array $state): Response
534539

535540
$nameId = $state['saml:NameID'];
536541
if (is_array($nameId)) {
537-
// Must be an array > convert to object
538-
539-
$nid = new NameID();
540-
if (!array_key_exists('Value', $nameId)) {
541-
throw new \InvalidArgumentException('Missing "Value" in array, cannot create NameID from it.');
542-
}
543-
544-
$nid->setValue($nameId['Value']);
545-
if (array_key_exists('NameQualifier', $nameId) && $nameId['NameQualifier'] !== null) {
546-
$nid->setNameQualifier($nameId['NameQualifier']);
547-
}
548-
if (array_key_exists('SPNameQualifier', $nameId) && $nameId['SPNameQualifier'] !== null) {
549-
$nid->setSPNameQualifier($nameId['SPNameQualifier']);
550-
}
551-
if (array_key_exists('SPProvidedID', $nameId) && $nameId['SPProvidedId'] !== null) {
552-
$nid->setSPProvidedID($nameId['SPProvidedID']);
553-
}
554-
if (array_key_exists('Format', $nameId) && $nameId['Format'] !== null) {
555-
$nid->setFormat($nameId['Format']);
556-
}
542+
$nid = NameID::fromArray($state['saml:NameID']);
557543
} else {
558544
$nid = $nameId;
559545
}

modules/saml/src/Controller/ServiceProvider.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -216,7 +216,7 @@ public function assertionConsumerService(Request $request, string $sourceId): Re
216216
throw new Exception('Missing <saml:Issuer> in message delivered to AssertionConsumerService.');
217217
}
218218
}
219-
$issuer = $issuer->getValue();
219+
$issuer = $issuer->getContent();
220220

221221
$prevAuth = $this->session->getAuthData($sourceId, 'saml:sp:prevAuth');
222222

@@ -472,7 +472,7 @@ public function singleLogoutService(Request $request, string $sourceId): Respons
472472

473473
$issuer = $message->getIssuer();
474474
if ($issuer instanceof Issuer) {
475-
$idpEntityId = $issuer->getValue();
475+
$idpEntityId = $issuer->getContent();
476476
} else {
477477
$idpEntityId = $issuer;
478478
}

modules/saml/src/Message.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -516,8 +516,7 @@ public static function buildAuthnRequest(
516516

517517
// Shoaib: setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST
518518
$ar->setProtocolBinding($protbind);
519-
$issuer = new Issuer();
520-
$issuer->setValue($spMetadata->getString('entityID'));
519+
$issuer = new Issuer($spMetadata->getString('entityID'));
521520
$ar->setIssuer($issuer);
522521
$ar->setAssertionConsumerServiceIndex(
523522
$spMetadata->getOptionalInteger('AssertionConsumerServiceIndex', null)
@@ -558,9 +557,10 @@ public static function buildLogoutRequest(
558557
Configuration $dstMetadata
559558
): LogoutRequest {
560559
$lr = new LogoutRequest();
561-
$issuer = new Issuer();
562-
$issuer->setValue($srcMetadata->getString('entityid'));
563-
$issuer->setFormat(C::NAMEID_ENTITY);
560+
$issuer = new Issuer(
561+
value: $srcMetadata->getString('entityid'),
562+
Format: C::NAMEID_ENTITY,
563+
);
564564
$lr->setIssuer($issuer);
565565

566566
self::addRedirectSign($srcMetadata, $dstMetadata, $lr);

src/SimpleSAML/Metadata/SAMLParser.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -906,7 +906,7 @@ private static function processExtensions(mixed $element, array $parentExtension
906906
if ($attr instanceof Attribute) {
907907
$attrName = $attr->getName();
908908
$attrNameFormat = $attr->getNameFormat();
909-
$attrValue = $attr->getAttributeValue();
909+
$attrValue = $attr->getAttributeValues();
910910

911911
if ($attrName === null || $attrValue === []) {
912912
continue;
@@ -922,7 +922,7 @@ private static function processExtensions(mixed $element, array $parentExtension
922922

923923
$values = [];
924924
foreach ($attrValue as $attrval) {
925-
$values[] = $attrval->getString();
925+
$values[] = $attrval->getValue();
926926
}
927927

928928
$ret['EntityAttributes'][$name] = $values;

tests/modules/admin/src/Controller/TestTest.php

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -199,12 +199,13 @@ public function isAuthenticated(): bool
199199

200200
public function getAttributes(): array
201201
{
202-
$nameId = new NameID();
203-
$nameId->setValue('_b806c4f98188b42e48d3eb5444db613dbde463e2e8');
204-
$nameId->setSPProvidedID('some:entity');
205-
$nameId->setNameQualifier('some name qualifier');
206-
$nameId->setSPNameQualifier('some SP name qualifier');
207-
$nameId->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
202+
$nameId = new NameID(
203+
value: '_b806c4f98188b42e48d3eb5444db613dbde463e2e8',
204+
SPProvidedID: 'some:entity',
205+
NameQualifier: 'some name qualifier',
206+
SPNameQualifier: 'some SP name qualifier',
207+
Format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
208+
);
208209

209210
/** @psalm-suppress PossiblyNullPropertyFetch */
210211
return [
@@ -243,12 +244,13 @@ public function getAuthDataArray(): ?array
243244

244245
public function getAuthData(string $name): mixed
245246
{
246-
$nameId = new NameID();
247-
$nameId->setValue('_b806c4f98188b42e48d3eb5444db613dbde463e2e8');
248-
$nameId->setSPProvidedID('some:entity');
249-
$nameId->setNameQualifier('some name qualifier');
250-
$nameId->setSPNameQualifier('some SP name qualifier');
251-
$nameId->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
247+
$nameId = new NameID(
248+
value: '_b806c4f98188b42e48d3eb5444db613dbde463e2e8',
249+
SPProvidedID: 'some:entity',
250+
NameQualifier: 'some name qualifier',
251+
SPNameQualifier: 'some SP name qualifier',
252+
Format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
253+
);
252254

253255
return $nameId;
254256
}

tests/modules/core/src/Auth/Process/TargetedIDTest.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -108,11 +108,12 @@ public function testWithSrcDst(): void
108108
*/
109109
public function testNameIdGeneration(): void
110110
{
111-
$nameid = new NameID();
112-
$nameid->setFormat(C::NAMEID_PERSISTENT);
113-
$nameid->setNameQualifier('urn:example:src:id');
114-
$nameid->setSPNameQualifier('joe');
115-
$nameid->setValue('joe');
111+
$nameid = new NameID(
112+
value: 'joe',
113+
Format: C::NAMEID_PERSISTENT,
114+
NameQualifier: 'urn:example:src:id',
115+
SPNameQualifier: 'joe',
116+
);
116117

117118
$config = [
118119
'nameId' => true,

0 commit comments

Comments
 (0)