Skip to content

Commit 6138bee

Browse files
tvdijentvdijen
committed
Merge branch 'saml_interface'
2 parents 56266b8 + dfc629a commit 6138bee

File tree

13 files changed

+258
-127
lines changed

13 files changed

+258
-127
lines changed

composer.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@
6262
"ext-xml": "*",
6363
"ext-zlib": "*",
6464

65+
"beste/clock": "^3.0",
6566
"composer/composer": "^2.5",
6667
"gettext/gettext": "^5.7",
6768
"gettext/translator": "^1.1",

composer.lock

Lines changed: 135 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/core/src/Auth/Process/TargetedID.php

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -142,16 +142,12 @@ public function process(array &$state): void
142142

143143
if ($this->generateNameId) {
144144
// Convert the targeted ID to a SAML 2.0 name identifier element
145-
$nameId = new NameID();
146-
$nameId->setValue($uid);
147-
$nameId->setFormat(C::NAMEID_PERSISTENT);
148-
149-
if (isset($state['Source']['entityid'])) {
150-
$nameId->setNameQualifier($state['Source']['entityid']);
151-
}
152-
if (isset($state['Destination']['entityid'])) {
153-
$nameId->setSPNameQualifier($state['Destination']['entityid']);
154-
}
145+
$nameId = new NameID(
146+
value: $uid,
147+
Format: C::NAMEID_PERSISTENT,
148+
NameQualifier: $state['Source']['entityid'] ?? null,
149+
SPNameQualifier: $state['Destination']['entityid'] ?? null,
150+
);
155151
} else {
156152
$nameId = $uid;
157153
}

modules/saml/src/Auth/Process/NameIDAttribute.php

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
use SimpleSAML\{Auth, Error};
88
use SimpleSAML\Assert\Assert;
99
use SimpleSAML\SAML2\Constants as C;
10+
use SimpleSAML\SAML2\XML\saml\NameID;
1011

1112
use function call_user_func;
1213
use function strpos;
@@ -90,7 +91,7 @@ private static function parseFormat(string $format): array
9091
$ret[] = 'SPNameQualifier';
9192
break;
9293
case 'V':
93-
$ret[] = 'Value';
94+
$ret[] = 'Content';
9495
break;
9596
case '%':
9697
$ret[] = '%';
@@ -122,18 +123,15 @@ public function process(array &$state): void
122123
}
123124

124125
$rep = $state['saml:sp:NameID'];
125-
Assert::notNull($rep->getValue());
126+
Assert::isInstanceOf($rep, NameID::class);
127+
$arr = $rep->toArray();
126128

127-
if ($rep->getFormat() === null) {
128-
$rep->setFormat(C::NAMEID_UNSPECIFIED);
129-
}
129+
$arr['Format'] = $arr['Format'] ?? C::NAMEID_UNSPECIFIED;
130+
$arr['NameQualifier'] = $arr['NameQualifier'] ?? $state['Source']['entityid'];
131+
$arr['SPNameQualifier'] = $arr['SPNameQualifier'] ?? $state['Destination']['entityid'];
130132

131-
if ($rep->getSPNameQualifier() === null) {
132-
$rep->setSPNameQualifier($state['Source']['entityid']);
133-
}
134-
if ($rep->getNameQualifier() === null) {
135-
$rep->setNameQualifier($state['Destination']['entityid']);
136-
}
133+
$rep = NameID::fromArray($arr);
134+
$state['saml:sp:NameID'] = $rep;
137135

138136
$value = '';
139137
$isString = true;

modules/saml/src/Auth/Source/SP.php

Lines changed: 8 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -14,14 +14,16 @@
1414
use SimpleSAML\SAML2\Exception\Protocol\{NoAvailableIDPException, NoPassiveException, NoSupportedIDPException};
1515
use SimpleSAML\SAML2\XML\md\ContactPerson;
1616
use SimpleSAML\SAML2\XML\saml\NameID;
17-
use SimpleSAML\SAML2\XML\samlp\{Extensions, IDPEntry, IDPList, RequesterID, Scoping};
17+
use SimpleSAML\SAML2\XML\saml\{AuthnContextClassRef};
18+
use SimpleSAML\SAML2\XML\samlp\{Extensions, IDPEntry, IDPList, RequestedAuthnContext, RequesterID, Scoping};
1819
use SimpleSAML\Store\StoreFactory;
1920
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
2021
use Symfony\Component\HttpFoundation\{RedirectResponse, Request, Response};
2122

2223
use function array_intersect;
2324
use function array_key_exists;
2425
use function array_keys;
26+
use function array_map;
2527
use function call_user_func;
2628
use function count;
2729
use function in_array;
@@ -469,6 +471,7 @@ private function startSSO2(Configuration $idpMetadata, array $state): Response
469471
$accr = null;
470472
if ($idpMetadata->getOptionalString('AuthnContextClassRef', null) !== null) {
471473
$accr = $arrayUtils->arrayize($idpMetadata->getString('AuthnContextClassRef'));
474+
$accr = array_map(fn($value): AuthnContextClassRef => new AuthnContextClassRef($value), $accr);
472475
} elseif (isset($state['saml:AuthnContextClassRef'])) {
473476
$accr = $arrayUtils->arrayize($state['saml:AuthnContextClassRef']);
474477
}
@@ -488,7 +491,9 @@ private function startSSO2(Configuration $idpMetadata, array $state): Response
488491
) {
489492
$comp = $state['saml:AuthnContextComparison'];
490493
}
491-
$ar->setRequestedAuthnContext(['AuthnContextClassRef' => $accr, 'Comparison' => $comp]);
494+
$ar->setRequestedAuthnContext(
495+
new RequestedAuthnContext($accr, $comp),
496+
);
492497
} elseif (
493498
$this->passAuthnContextClassRef
494499
&& isset($state['saml:RequestedAuthnContext'])
@@ -534,26 +539,7 @@ private function startSSO2(Configuration $idpMetadata, array $state): Response
534539

535540
$nameId = $state['saml:NameID'];
536541
if (is_array($nameId)) {
537-
// Must be an array > convert to object
538-
539-
$nid = new NameID();
540-
if (!array_key_exists('Value', $nameId)) {
541-
throw new \InvalidArgumentException('Missing "Value" in array, cannot create NameID from it.');
542-
}
543-
544-
$nid->setValue($nameId['Value']);
545-
if (array_key_exists('NameQualifier', $nameId) && $nameId['NameQualifier'] !== null) {
546-
$nid->setNameQualifier($nameId['NameQualifier']);
547-
}
548-
if (array_key_exists('SPNameQualifier', $nameId) && $nameId['SPNameQualifier'] !== null) {
549-
$nid->setSPNameQualifier($nameId['SPNameQualifier']);
550-
}
551-
if (array_key_exists('SPProvidedID', $nameId) && $nameId['SPProvidedId'] !== null) {
552-
$nid->setSPProvidedID($nameId['SPProvidedID']);
553-
}
554-
if (array_key_exists('Format', $nameId) && $nameId['Format'] !== null) {
555-
$nid->setFormat($nameId['Format']);
556-
}
542+
$nid = NameID::fromArray($state['saml:NameID']);
557543
} else {
558544
$nid = $nameId;
559545
}

modules/saml/src/Controller/ServiceProvider.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -216,7 +216,7 @@ public function assertionConsumerService(Request $request, string $sourceId): Re
216216
throw new Exception('Missing <saml:Issuer> in message delivered to AssertionConsumerService.');
217217
}
218218
}
219-
$issuer = $issuer->getValue();
219+
$issuer = $issuer->getContent();
220220

221221
$prevAuth = $this->session->getAuthData($sourceId, 'saml:sp:prevAuth');
222222

@@ -472,7 +472,7 @@ public function singleLogoutService(Request $request, string $sourceId): Respons
472472

473473
$issuer = $message->getIssuer();
474474
if ($issuer instanceof Issuer) {
475-
$idpEntityId = $issuer->getValue();
475+
$idpEntityId = $issuer->getContent();
476476
} else {
477477
$idpEntityId = $issuer;
478478
}

0 commit comments

Comments
 (0)