Skip to content

Commit

Permalink
Add usernamemixed endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
tvdijen committed Oct 17, 2024
1 parent 2dd657a commit 8c0eab2
Show file tree
Hide file tree
Showing 3 changed files with 78 additions and 0 deletions.
1 change: 1 addition & 0 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
"simplesamlphp/simplesamlphp": "^2.3",
"simplesamlphp/xml-common": "^1.16",
"simplesamlphp/xml-security": "^1.9",
"simplesamlphp/xml-soap": "^1.5",
"simplesamlphp/xml-wsdl": "^1.1",
"simplesamlphp/ws-security": "^1.7",
"symfony/http-foundation": "^6.4"
Expand Down
7 changes: 7 additions & 0 deletions routing/routes/routes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,10 @@ adfs-wstrust-mex:
_controller: 'SimpleSAML\Module\adfs\Controller\Adfs::mex'
}
methods: [GET]

adfs-wstrust-usernamemixed:
path: /ws-trust/2005/services/usernamemixed
defaults: {
_controller: 'SimpleSAML\Module\adfs\Controller\Adfs::usernamemixed'
}
methods: [POST]
70 changes: 70 additions & 0 deletions src/Controller/Adfs.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,12 @@
use SimpleSAML\Module\adfs\IdP\ADFS as ADFS_IDP;
use SimpleSAML\Module\adfs\IdP\MetadataBuilder;
use SimpleSAML\Module\adfs\MetadataExchange;
use SimpleSAML\SOAP\XML\env_200305\Envelope;
use SimpleSAML\WSSecurity\XML\wsa_200508\{Action, EndpointReference, MessageID, To};
use SimpleSAML\WSSecurity\XML\wsp\AppliesTo;
use SimpleSAML\WSSecurity\XML\wsse\Security;
use SimpleSAML\WSSecurity\XML\wst_200502\RequestSecurityToken;
use SimpleSAML\XML\DOMDocumentFactory;
use Symfony\Component\HttpFoundation\{Request, Response, StreamedResponse};

/**
Expand Down Expand Up @@ -205,4 +211,68 @@ public function mex(Request $request): Response

return $response;
}


/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @return \Symfony\Component\HttpFoundation\Response
*/
public function usernamemixed(Request $request): Response
{
if (!$this->config->getOptionalBoolean('enable.adfs-idp', false)) {
throw new SspError\Error('NOACCESS');
}

$soapMessage = $request->getContent();
if ($soapMessage === false) {
throw new SspError\BadRequest('Missing SOAP-content.');
}

$domDocument = DOMDocumentFactory::fromString($soapMessage);
$soapEnvelope = Envelope::fromXML($domDocument->documentElement);

$header = $soapEnvelope->getHeader();
$body = $soapEnvelope->getBody();

$to = $action = $messageid = $security = null;
foreach ($header->getElements() as $elt) {
if ($elt instanceof To) {
$to = $elt;
} elseif ($elt instanceof Action) {
$action = $elt;
} elseif ($elt instanceof MessageID) {
$messageid = $elt;
} elseif ($elt instanceof Security) {
$security = $elt;
}
}

$requestSecurityToken = null;
foreach ($body->getElements() as $elt) {
if ($elt instanceof RequestSecurityToken) {
$requestSecurityToken = $elt;
}
}

$appliesTo = null;
foreach ($requestSecurityToken->getElements() as $elt) {
if ($elt instanceof AppliesTo) {
$appliesTo = $elt;
}
}

$endpointReference = null;
foreach ($appliesTo->getElements() as $elt) {
if ($elt instanceof EndpointReference) {
$endpointReference = $elt;
}
}

// Make sure the message was addressed to us.
if ($to === null || $request->server->get('SCRIPT_URI') !== $to->getContent()) {
throw new SspError\BadRequest('This server is not the audience for the message received.');
}

\SimpleSAML\Logger::debug(var_export($endpointReference->getAddress()->getContent(), true));
}
}

0 comments on commit 8c0eab2

Please sign in to comment.