Add usernamemixed endpoint

simplesamlphp · Oct 17, 2024 · 2f149cf · 2f149cf
1 parent 2dd657a
commit 2f149cf
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 0 deletions.
diff --git a/composer.json b/composer.json
@@ -47,6 +47,7 @@
         "simplesamlphp/simplesamlphp": "^2.3",
         "simplesamlphp/xml-common": "^1.16",
         "simplesamlphp/xml-security": "^1.9",
+        "simplesamlphp/xml-soap": "^1.5",
         "simplesamlphp/xml-wsdl": "^1.1",
         "simplesamlphp/ws-security": "^1.7",
         "symfony/http-foundation": "^6.4"

diff --git a/routing/routes/routes.yml b/routing/routes/routes.yml
@@ -34,3 +34,10 @@ adfs-wstrust-mex:
     _controller: 'SimpleSAML\Module\adfs\Controller\Adfs::mex'
   }
   methods: [GET]
+
+adfs-wstrust-usernamemixed:
+  path: /ws-trust/2005/services/usernamemixed
+  defaults: {
+    _controller: 'SimpleSAML\Module\adfs\Controller\Adfs::usernamemixed'
+  }
+  methods: [POST]
diff --git a/src/Controller/Adfs.php b/src/Controller/Adfs.php
@@ -10,6 +10,9 @@
 use SimpleSAML\Module\adfs\IdP\ADFS as ADFS_IDP;
 use SimpleSAML\Module\adfs\IdP\MetadataBuilder;
 use SimpleSAML\Module\adfs\MetadataExchange;
+use SimpleSAML\SOAP\XML\env_200305\Envelope;
+use SimpleSAML\WSSecurity\XML\wsa_200508\Address;
+use SimpleSAML\XML\DOMDocumentFactory;
 use Symfony\Component\HttpFoundation\{Request, Response, StreamedResponse};
 
 /**
@@ -205,4 +208,41 @@ public function mex(Request $request): Response
 
         return $response;
     }
+
+
+    /**
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
+    public function usernamemixed(Request $request): Response
+    {
+        if (!$this->config->getOptionalBoolean('enable.adfs-idp', false)) {
+            throw new SspError\Error('NOACCESS');
+        }
+
+        $soapMessage = $request->getContent();
+        if ($soapMessage === false) {
+            throw new SspError\BadRequest('Missing SOAP-content.');
+        }
+
+        $domDocument = DOMDocumentFactory::fromString($soapMessage);
+        $soapEnvelope = Envelope::fromXML($domDocument->documentElement);
+
+        $header = $soapEnvelope->getHeader();
+        $body = $soapEnvelope->getBody();
+
+        $address = null;
+        foreach ($header->getElements() as $elt) {
+            if ($elt instanceof Address) {
+                $address = $elt;
+                break;
+            }
+        }
+
+        if ($request->server->get('SCRIPT_URI') !== $address->getContent()) {
+            throw new SspError\BadRequest('This server is not the audience for the message received.');
+        }
+
+\SimpleSAML\Logger::debug(var_export($soapEnvelope, true));
+    }
 }