CODEWITHSUNDEEP
phpsamlhttp-redirect
Fahad Abdullah
Fahad Abdullah

Reputation: 113

saml http secure redirect

Is there any standalone library like nusoap for soap webservices for saml assertion, that can create saml like this :

<samlp:Response ID="_d645f885-b6b9-4712-ba57-0b3cab551fab" Version="2.0"
IssueInstant="2013-11-13T15:12:16.155Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Organization Name</saml:Issuer>
<samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    <samlp:StatusMessage>Success</samlp:StatusMessage>
</samlp:Status>
<saml:Assertion Version="2.0" ID="_77a92d43-56db-4ed5-b07b-928db05cd67d"
    IssueInstant="2013-11-13T15:12:16.141Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
        >Organization Name</saml:Issuer>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <Reference URI="#_77a92d43-56db-4ed5-b07b-928db05cd67d">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <InclusiveNamespaces PrefixList="#default saml ds xs xsi"
                            xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transform>
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <DigestValue>(AUTO GENERATED)</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>(AUTO GENERATED)</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509SubjectName>(YOUR PUBLIC CERT SUBJECT)</X509SubjectName>
                <X509Certificate>(YOUR PUBLIC CERT)</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
    <saml:Subject>
        <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
            >(HUB Partner ID)</saml:NameID>
        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches">
            <saml:NameID>(YOUR CERT NAME)</saml:NameID>
        </saml:SubjectConfirmation>
    </saml:Subject>
    <saml:Conditions NotBefore="2013-11-13T14:12:16.141Z"
        NotOnOrAfter="2013-11-13T16:12:16.141Z"/>
    <saml:AttributeStatement>
        <saml:Attribute Name="State Exchange Code"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
            <saml:AttributeValue>(STATE CODE FOLLOWED BY ZERO)</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="Partner Assigned Consumer ID"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
            <saml:AttributeValue>(YOU ASSIGN THIS VALUE 1-32 STRING)</saml:AttributeValue>
        </saml:Attribute>

    <saml:AuthnStatement AuthnInstant="2013-11-13T15:12:16.141Z">
        <saml:SubjectLocality Address=""/>
        <saml:AuthnContext>
            <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
        </saml:AuthnContext>
    </saml:AuthnStatement>
</saml:Assertion>

'

for Now I am building saml in php variable with values and Sending Service provider URL but i am getting error failed to validate saml ,is there difference between library generated & as i am doing now , please help me in this simplesaml is so difficult to configure and i cannot include that in our existing system plus they are symfony bundles so please exclude that in your suggestions

Upvotes: 0

Views: 154

Answers (1)

Zafar Shah Faizi
Zafar Shah Faizi

Reputation: 544

Load the Akamai cookie first in your browser by visiting this Url.

And use Light SAML PHP library for creating and verifying saml requests.

$ed = new EntityDescriptor();
$sp = new SpSsoDescriptor();
$ed->addItem($sp);

// KeyDescriptor
$certificate = new X509Certificate();
$certificate->loadFromFile($certificatePath);
$keyDescriptor = new KeyDescriptor('signing', $certificate);
$ed->addItem($keyDescriptor);

// SingleLogoutService
$s = new SingleLogoutService();
$s->setLocation($url);
$s->setBinding($this->resolveBinding($binding));
$sp->addService($s);

// AssertionConsumerService
$s = new AssertionConsumerService($binding1, $url, 0);
$sp->addService($s);
$s = new AssertionConsumerService($binding2, $url, 1);
$sp->addService($s);

Upvotes: 1

Related Questions