Re-add code that got lost earlier

simplesamlphp · Jan 15, 2025 · 5cd8009 · 5cd8009
1 parent c7662d3
commit 5cd8009
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 10 deletions.
diff --git a/src/IdP/ADFS.php b/src/IdP/ADFS.php
@@ -27,13 +27,16 @@
 use SimpleSAML\SAML11\XML\saml\Conditions;
 use SimpleSAML\SAML11\XML\saml\NameIdentifier;
 use SimpleSAML\SAML11\XML\saml\Subject;
-use SimpleSAML\SOAP\XML\env_200305\Envelope;
+use SimpleSAML\SOAP\Constants as SOAP_C;
+use SimpleSAML\SOAP\XML\env_200305\{Body, Envelope, Header};
 use SimpleSAML\Utils;
-use SimpleSAML\WSSecurity\XML\wsa_200508\{Action, Address, EndpointReference, MessageID, To};
+use SimpleSAML\WSSecurity\XML\wsa_200508\{Action, Address, EndpointReference, MessageID, RelatesTo, To};
 use SimpleSAML\WSSecurity\XML\wsp\AppliesTo;
 use SimpleSAML\WSSecurity\XML\wsse\{Password, Security, Username, UsernameToken};
-use SimpleSAML\WSSecurity\XML\wst_200502\{RequestSecurityToken, RequestSecurityTokenResponse};
+use SimpleSAML\WSSecurity\XML\wst_200502\{Lifetime, RequestSecurityToken, RequestSecurityTokenResponse};
+use SimpleSAML\WSSecurity\XML\wsu\{Created, Expires, Timestamp};
 use SimpleSAML\XHTML\Template;
+use SimpleSAML\XML\Attribute as XMLAttribute;
 use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Key\PrivateKey;
 use SimpleSAML\XMLSecurity\Key\X509Certificate as PublicKey;
@@ -124,6 +127,7 @@ public static function receivePassiveAuthnRequest(
         $state = [
             'Responder' => [ADFS::class, 'sendPassiveResponse'],
             'SPMetadata' => $spMetadata->toArray(),
+            'MessageID' => $messageid->getContent(),
             // Dirty hack to leverage the SAML ECP logics
             'saml:Binding' => SAML2_C::BINDING_PAOS,
         ];
@@ -581,10 +585,14 @@ public static function sendPassiveResponse(array $state): void
             $assertionLifetime = $idpMetadata->getOptionalInteger('assertion.lifetime', 300);
         }
 
+        $now = new DateTimeImmutable('now', new DateTimeZone('Z'));
+        $created = $now->sub(DateInterval::createFromDateString(sprintf('30 seconds')));
+        $expires = $now->add(DateInterval::createFromDateString(sprintf('%d seconds', $assertionLifetime)));
+
         $attributes = $state['Attributes'];
-        $nameid = $attributes['ms-DS-ConsistencyGuid'][0];
+        $nameid = $state['saml:NameID'][SAML2_C::NAMEID_UNSPECIFIED];
 
-        $assertion = ADFS::generateActiveAssertion($idpEntityId, $spEntityId, $nameid, $attributes, $assertionLifetime);
+        $assertion = ADFS::generateActiveAssertion($idpEntityId, $spEntityId, $nameid->getValue(), $attributes, $assertionLifetime);
 
         $privateKeyCfg = $idpMetadata->getOptionalString('privatekey', null);
         $certificateCfg = $idpMetadata->getOptionalString('certificate', null);
@@ -603,7 +611,35 @@ public static function sendPassiveResponse(array $state): void
             $assertion = ADFS::signAssertion($assertion, $privateKeyFile, $certificateFile, $algo, $passphrase);
             $assertion = Assertion::fromXML($assertion->toXML());
         }
-        \SimpleSAML\Logger::debug($assertion->toXML()->ownerDocument->saveXML());
+
+        $requestSecurityToken = new RequestSecurityToken(null, [$assertion]);
+        $lifetime = new LifeTime($created, $expires);
+        $appliesTo = new AppliesTo([new EndpointReference(new Address($spEntityId))]);
+        $requestSecurityTokenResponse = new RequestSecurityTokenResponse(null, [$lifetime, $appliesTo, $requestSecurityToken]);
+
+        // Build envelope
+        $mustUnderstand = new XMLAttribute(SOAP_C::NS_SOAP_ENV_12, 'env', 'mustUnderstand', '1');
+        $header = new Header([
+            new Action('http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue', [$mustUnderstand]),
+            new RelatesTo($state['MessageID'], null),
+            new Security(
+                [
+                    new Timestamp(
+                        new Created($created),
+                        new Expires($expires),
+                    ),
+                ],
+                [$mustUnderstand],
+            ),
+        ]);
+        $body = new Body(null, [$requestSecurityTokenResponse]);
+        $envelope = new Envelope($body, $header);
+
+        $xmlResponse = $envelope->toXML();
+        \SimpleSAML\Logger::debug($xmlResponse->ownerDocument->saveXML($xmlResponse));
+
+        echo $xmlResponse->ownerDocument->saveXML($xmlResponse);
+        exit();
     }
 
 

diff --git a/src/IdP/PassiveIdP.php b/src/IdP/PassiveIdP.php
@@ -169,7 +169,7 @@ public function isAuthenticated(): bool
      *
      * @param array $state The authentication request state array.
      */
-    public static function postAuthProc(array $state): Response
+    public static function postAuthProc(array $state): void
     {
         Assert::isCallable($state['Responder']);
 
@@ -183,9 +183,8 @@ public static function postAuthProc(array $state): Response
             );
         }
 
-        $response = call_user_func($state['Responder'], $state);
-        Assert::isInstanceOf($response, Response::class);
-        return $response;
+        call_user_func($state['Responder'], $state);
+        Assert::true(false);
     }