Completed
Push — master ( 511440...d2e337 )
by
unknown
26s
created

SamlValidateResponder   A

Complexity

Total Complexity 2

Size/Duplication

Total Lines 57
Duplicated Lines 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
wmc 2
eloc 32
c 1
b 0
f 0
dl 0
loc 57
rs 10

2 Methods

Rating   Name   Duplication   Size   Complexity  
A convertToSaml() 0 37 1
A wrapInSoap() 0 10 1
1
<?php
2
3
namespace SimpleSAML\Module\casserver\Cas\Protocol;
4
5
use SimpleSAML\Configuration;
6
use SimpleSAML\XML\Shib13\AuthnResponse;
7
8
class SamlValidateResponder
9
{
10
    /**
11
     * Converts a ticket to saml1 response. Caller likely needs wrap in SOAP
12
     * to return to a client.
13
     * @param array $ticket The cas ticket
14
     * @return string The saml 1 xml for the CAS response
15
     */
16
    public function convertToSaml(array $ticket)
17
    {
18
        $serviceUrl = $ticket['service'];
19
        $attributes = $ticket['attributes'];
20
        $user = $ticket['userName'];
21
22
        $ar = new AuthnResponse();
23
        $idpMetadata = [
24
            // CAS doesn't seem to care what this is, however SSP code requires it to be set
25
            'entityid' => 'localhost'
26
        ];
27
        $spMetadata = [
28
            'entityid' => $serviceUrl,
29
        ];
30
        $shire = $serviceUrl; //the recpient
31
        $authnResponseXML = $ar->generate(
32
            Configuration::loadFromArray($idpMetadata),
33
            Configuration::loadFromArray($spMetadata),
34
            $shire,
35
            $attributes
36
        );
37
38
        // replace NameIdentifier with actually username
39
        $ret = preg_replace(
40
            '|<NameIdentifier(.*)>.*</NameIdentifier>|',
41
            '<NameIdentifier$1>' . htmlspecialchars($user) . '</NameIdentifier>',
42
            $authnResponseXML
43
        );
44
        // CAS seems to prefer this type of assertiond
45
        $ret = str_replace('urn:oasis:names:tc:SAML:1.0:cm:bearer', 'urn:oasis:names:tc:SAML:1.0:cm:artifact', $ret);
46
        // CAS uses a different namespace for attributes
47
        $ret = str_replace(
48
            'urn:mace:shibboleth:1.0:attributeNamespace:uri',
49
            'http://www.ja-sig.org/products/cas/',
50
            $ret
51
        );
52
        return $ret;
53
    }
54
55
    public function wrapInSoap($samlResponse)
56
    {
57
        $envelope = <<<SOAP
58
<?xml version="1.0" encoding="utf-8"?>
59
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
60
    <SOAP-ENV:Header />
61
    <SOAP-ENV:Body>$samlResponse</SOAP-ENV:Body>
62
</SOAP-ENV:Envelope>
63
SOAP;
64
        return $envelope;
65
    }
66
}
67