1 | <?php |
||
2 | |||
3 | namespace SimpleSAML\Module\casserver\Cas\Protocol; |
||
4 | |||
5 | use SimpleSAML\Configuration; |
||
6 | use SimpleSAML\XML\Shib13\AuthnResponse; |
||
0 ignored issues
–
show
|
|||
7 | |||
8 | class SamlValidateResponder |
||
9 | { |
||
10 | /** |
||
11 | * Converts a ticket to saml1 response. Caller likely needs wrap in SOAP |
||
12 | * to return to a client. |
||
13 | * @param array $ticket The cas ticket |
||
14 | * @return string The saml 1 xml for the CAS response |
||
15 | */ |
||
16 | public function convertToSaml(array $ticket): string |
||
17 | { |
||
18 | $serviceUrl = $ticket['service']; |
||
19 | $attributes = $ticket['attributes']; |
||
20 | $user = $ticket['userName']; |
||
21 | |||
22 | $ar = new AuthnResponse(); |
||
23 | $idpMetadata = [ |
||
24 | // CAS doesn't seem to care what this is, however SSP code requires it to be set |
||
25 | 'entityid' => 'localhost' |
||
26 | ]; |
||
27 | $spMetadata = [ |
||
28 | 'entityid' => $serviceUrl, |
||
29 | ]; |
||
30 | $shire = $serviceUrl; //the recpient |
||
31 | $authnResponseXML = $ar->generate( |
||
32 | Configuration::loadFromArray($idpMetadata), |
||
33 | Configuration::loadFromArray($spMetadata), |
||
34 | $shire, |
||
35 | $attributes |
||
36 | ); |
||
37 | |||
38 | // replace NameIdentifier with actually username |
||
39 | $ret = preg_replace( |
||
40 | '|<NameIdentifier(.*)>.*</NameIdentifier>|', |
||
41 | '<NameIdentifier$1>' . htmlspecialchars($user) . '</NameIdentifier>', |
||
42 | $authnResponseXML |
||
43 | ); |
||
44 | // CAS seems to prefer this type of assertiond |
||
45 | $ret = str_replace('urn:oasis:names:tc:SAML:1.0:cm:bearer', 'urn:oasis:names:tc:SAML:1.0:cm:artifact', $ret); |
||
46 | // CAS uses a different namespace for attributes |
||
47 | $ret = str_replace( |
||
48 | 'urn:mace:shibboleth:1.0:attributeNamespace:uri', |
||
49 | 'http://www.ja-sig.org/products/cas/', |
||
50 | $ret |
||
51 | ); |
||
52 | return $ret; |
||
53 | } |
||
54 | |||
55 | |||
56 | /** |
||
57 | * @param string $samlResponse |
||
58 | * @return string |
||
59 | */ |
||
60 | public function wrapInSoap(string $samlResponse): string |
||
61 | { |
||
62 | $envelope = <<<SOAP |
||
63 | <?xml version="1.0" encoding="utf-8"?> |
||
64 | <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> |
||
65 | <SOAP-ENV:Header /> |
||
66 | <SOAP-ENV:Body>$samlResponse</SOAP-ENV:Body> |
||
67 | </SOAP-ENV:Envelope> |
||
68 | SOAP; |
||
69 | return $envelope; |
||
70 | } |
||
71 | } |
||
72 |
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"]
, you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths