1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace SimpleSAML\Module\casserver\Cas\Protocol; |
4
|
|
|
|
5
|
|
|
use SimpleSAML\Configuration; |
6
|
|
|
use SimpleSAML\XML\Shib13\AuthnResponse; |
7
|
|
|
|
8
|
|
|
class SamlValidateResponder |
9
|
|
|
{ |
10
|
|
|
/** |
11
|
|
|
* Converts a ticket to saml1 response. Caller likely needs wrap in SOAP |
12
|
|
|
* to return to a client. |
13
|
|
|
* @param array $ticket The cas ticket |
14
|
|
|
* @return string The saml 1 xml for the CAS response |
15
|
|
|
*/ |
16
|
|
|
public function convertToSaml(array $ticket) |
17
|
|
|
{ |
18
|
|
|
$serviceUrl = $ticket['service']; |
19
|
|
|
$attributes = $ticket['attributes']; |
20
|
|
|
$user = $ticket['userName']; |
21
|
|
|
|
22
|
|
|
$ar = new AuthnResponse(); |
23
|
|
|
$idpMetadata = [ |
24
|
|
|
// CAS doesn't seem to care what this is, however SSP code requires it to be set |
25
|
|
|
'entityid' => 'localhost' |
26
|
|
|
]; |
27
|
|
|
$spMetadata = [ |
28
|
|
|
'entityid' => $serviceUrl, |
29
|
|
|
]; |
30
|
|
|
$shire = $serviceUrl; //the recpient |
31
|
|
|
$authnResponseXML = $ar->generate( |
32
|
|
|
Configuration::loadFromArray($idpMetadata), |
33
|
|
|
Configuration::loadFromArray($spMetadata), |
34
|
|
|
$shire, |
35
|
|
|
$attributes |
36
|
|
|
); |
37
|
|
|
|
38
|
|
|
// replace NameIdentifier with actually username |
39
|
|
|
$ret = preg_replace( |
40
|
|
|
'|<NameIdentifier(.*)>.*</NameIdentifier>|', |
41
|
|
|
'<NameIdentifier$1>' . htmlspecialchars($user) . '</NameIdentifier>', |
42
|
|
|
$authnResponseXML |
43
|
|
|
); |
44
|
|
|
// CAS seems to prefer this type of assertiond |
45
|
|
|
$ret = str_replace('urn:oasis:names:tc:SAML:1.0:cm:bearer', 'urn:oasis:names:tc:SAML:1.0:cm:artifact', $ret); |
46
|
|
|
// CAS uses a different namespace for attributes |
47
|
|
|
$ret = str_replace( |
48
|
|
|
'urn:mace:shibboleth:1.0:attributeNamespace:uri', |
49
|
|
|
'http://www.ja-sig.org/products/cas/', |
50
|
|
|
$ret |
51
|
|
|
); |
52
|
|
|
return $ret; |
53
|
|
|
} |
54
|
|
|
|
55
|
|
|
public function wrapInSoap($samlResponse) |
56
|
|
|
{ |
57
|
|
|
$envelope = <<<SOAP |
58
|
|
|
<?xml version="1.0" encoding="utf-8"?> |
59
|
|
|
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> |
60
|
|
|
<SOAP-ENV:Header /> |
61
|
|
|
<SOAP-ENV:Body>$samlResponse</SOAP-ENV:Body> |
62
|
|
|
</SOAP-ENV:Envelope> |
63
|
|
|
SOAP; |
64
|
|
|
return $envelope; |
65
|
|
|
} |
66
|
|
|
} |
67
|
|
|
|