-
- // ########################################################################
- // SAML VALIDATION
- // ########################################################################
- /**
- * @addtogroup internalBasic
- * @{
- */
-
- /**
- * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url,
- * $text_reponse and $tree_response on success. These parameters are used later
- * by CASClient::validatePGT() for CAS proxies.
- *
- * @param $validate_url the URL of the request to the CAS server.
- * @param $text_response the response of the CAS server, as is (XML text).
- * @param $tree_response the response of the CAS server, as a DOM XML tree.
- *
- * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
- *
- * @private
- */
- function validateSA($validate_url,&$text_response,&$tree_response)
- {
- phpCAS::traceBegin();
-
- // build the URL to validate the ticket
- $validate_url = $this->getServerSamlValidateURL();
-
- // open and read the URL
- if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
- phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
- $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/);
- }
-
- phpCAS::trace('server version: '.$this->getServerVersion());
-
- // analyze the result depending on the version
- switch ($this->getServerVersion()) {
- case SAML_VERSION_1_1:
-
- // read the response of the CAS server into a DOM object
- if ( !($dom = domxml_open_mem($text_response))) {
- phpCAS::trace('domxml_open_mem() failed');
- $this->authError('SA not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- // read the root node of the XML tree
- if ( !($tree_response = $dom->document_element()) ) {
- phpCAS::trace('document_element() failed');
- $this->authError('SA not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- // insure that tag name is 'Envelope'
- if ( $tree_response->node_name() != 'Envelope' ) {
- phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\'');
- $this->authError('SA not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- // check for the NameIdentifier tag in the SAML response
- if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) {
- phpCAS::trace('NameIdentifier found');
- $user = trim($success_elements[0]->get_content());
- phpCAS::trace('user = `'.$user.'`');
- $this->setUser($user);
- $this->setSessionAttributes($text_response);
- } else {
- phpCAS::trace('no <NameIdentifier> tag found in SAML payload');
- $this->authError('SA not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- break;
- }
-
- // at this step, ST has been validated and $this->_user has been set,
- phpCAS::traceEnd(TRUE);
- return TRUE;
- }
-
- /**
- * This method will parse the DOM and pull out the attributes from the SAML
- * payload and put them into an array, then put the array into the session.
- *
- * @param $text_response the SAML payload.
- * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
- *
- * @private
- */
- function setSessionAttributes($text_response)
- {
- phpCAS::traceBegin();
-
- $result = FALSE;
-
- if (isset($_SESSION[SAML_ATTRIBUTES])) {
- phpCAS::trace("session attrs already set."); //testbml - do we care?
- }
-
- $attr_array = array();
-
- if (($dom = domxml_open_mem($text_response))) {
- $xPath = $dom->xpath_new_context();
- $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
- $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
- $nodelist = $xPath->xpath_eval("//saml:Attribute");
- $attrs = $nodelist->nodeset;
- phpCAS::trace($text_response);
- foreach($attrs as $attr){
- $xres = $xPath->xpath_eval("saml:AttributeValue", $attr);
- $name = $attr->get_attribute("AttributeName");
- $value_array = array();
- foreach($xres->nodeset as $node){
- $value_array[] = $node->get_content();
-
- }
- phpCAS::trace("* " . $name . "=" . $value_array);
- $attr_array[$name] = $value_array;
- }
- $_SESSION[SAML_ATTRIBUTES] = $attr_array;
- // UGent addition...
- foreach($attr_array as $attr_key => $attr_value) {
- if(count($attr_value) > 1) {
- $this->_attributes[$attr_key] = $attr_value;
- }
- else {
- $this->_attributes[$attr_key] = $attr_value[0];
- }
- }
- $result = TRUE;
- }
- phpCAS::traceEnd($result);
- return $result;
- }
+
+ /**
+ * This method will parse the DOM and pull out the attributes from the SAML
+ * payload and put them into an array, then put the array into the session.
+ *
+ * @param $text_response the SAML payload.
+ * @return bool TRUE when successfull and FALSE if no attributes a found
+ *
+ * @private
+ */
+ function setSessionAttributes($text_response)
+ {
+ phpCAS::traceBegin();
+
+ $result = FALSE;
+
+ if (isset($_SESSION[SAML_ATTRIBUTES])) {
+ phpCAS::trace("session attrs already set."); //testbml - do we care?
+ }
+
+ $attr_array = array();
+
+ if (($dom = domxml_open_mem($text_response))) {
+ $xPath = $dom->xpath_new_context();
+ $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
+ $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
+ $nodelist = $xPath->xpath_eval("//saml:Attribute");
+ if($nodelist){
+ $attrs = $nodelist->nodeset;
+ foreach($attrs as $attr){
+ $xres = $xPath->xpath_eval("saml:AttributeValue", $attr);
+ $name = $attr->get_attribute("AttributeName");
+ $value_array = array();
+ foreach($xres->nodeset as $node){
+ $value_array[] = $node->get_content();
+ }
+ $attr_array[$name] = $value_array;
+ }
+ $_SESSION[SAML_ATTRIBUTES] = $attr_array;
+ // UGent addition...
+ foreach($attr_array as $attr_key => $attr_value) {
+ if(count($attr_value) > 1) {
+ $this->_attributes[$attr_key] = $attr_value;
+ phpCAS::trace("* " . $attr_key . "=" . $attr_value);
+ }
+ else {
+ $this->_attributes[$attr_key] = $attr_value[0];
+ phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]);
+ }
+ }
+ $result = TRUE;
+ }else{
+ phpCAS::trace("SAML Attributes are empty");
+ $result = FALSE;
+ }
+ }
+ phpCAS::traceEnd($result);
+ return $result;
+ }