Add usernamemixed endpoint

src/Controller/Adfs.php

@@ -5,16 +5,22 @@
 namespace SimpleSAML\Module\adfs\Controller;
 
 use Exception;
+use SimpleSAML\Assert\Assert;
 use SimpleSAML\{Configuration, IdP, Logger, Metadata, Module, Session, Utils};
 use SimpleSAML\Error as SspError;
 use SimpleSAML\Metadata\MetaDataStorageHandler;
 use SimpleSAML\Module\adfs\IdP\ADFS as ADFS_IDP;
 use SimpleSAML\Module\adfs\IdP\MetadataBuilder;
 use SimpleSAML\Module\adfs\MetadataExchange;
 use SimpleSAML\SOAP\XML\env_200305\Envelope;
+use SimpleSAML\WSSecurity\XML\wsa_200508\EndpointReference;
+use SimpleSAML\WSSecurity\XML\wsp\AppliesTo;
+use SimpleSAML\WSSecurity\XML\wst_200502\RequestSecurityToken;
 use SimpleSAML\XML\DOMDocumentFactory;
 use Symfony\Component\HttpFoundation\{Request, Response, StreamedResponse};
 
+use function array_pop;
+
 /**
  * Controller class for the adfs module.
  *
@@ -227,50 +233,19 @@ public function usernamemixed(Request $request): Response
 
         $domDocument = DOMDocumentFactory::fromString($soapMessage);
         $soapEnvelope = Envelope::fromXML($domDocument->documentElement);
-
-/*
-        $header = $soapEnvelope->getHeader();
         $body = $soapEnvelope->getBody();
 
-        $to = $action = $messageid = $security = null;
-        foreach ($header->getElements() as $elt) {
-            if ($elt instanceof To) {
-                $to = $elt;
-            } elseif ($elt instanceof Action) {
-                $action = $elt;
-            } elseif ($elt instanceof MessageID) {
-                $messageid = $elt;
-            } elseif ($elt instanceof Security) {
-                $security = $elt;
-            }
-        }
+        $requestSecurityToken = RequestSecurityToken::getChildrenOfClass($body->toXML());
+        Assert::count($requestSecurityToken, 1, 'Missing RequestSecurityToken in SOAP Body.');
+        $requestSecurityToken = array_pop($requestSecurityToken);
 
-        $requestSecurityToken = null;
-        foreach ($body->getElements() as $elt) {
-            if ($elt instanceof RequestSecurityToken) {
-                $requestSecurityToken = $elt;
-            }
-        }
+        $appliesTo = AppliesTo::getChildrenOfClass($requestSecurityToken->toXML());
+        Assert::count($appliesTo, 1, 'Missing AppliesTo in RequestSecurityToken.');
+        $appliesTo = array_pop($appliesTo);
 
-        $appliesTo = null;
-        foreach ($requestSecurityToken->getElements() as $elt) {
-            if ($elt instanceof AppliesTo) {
-                $appliesTo = $elt;
-            }
-        }
-
-        $endpointReference = null;
-        foreach ($appliesTo->getElements() as $elt) {
-            if ($elt instanceof EndpointReference) {
-                $endpointReference = $elt;
-            }
-        }
-*/
-
-        // Make sure the message was addressed to us.
-        if ($to === null || $request->server->get('SCRIPT_URI') !== $to->getContent()) {
-            throw new SspError\BadRequest('This server is not the audience for the message received.');
-        }
+        $endpointReference = EndpointReference::getChildrenOfClass($appliesTo->toXML());
+        Assert::count($endpointReference, 1, 'Missing EndpointReference in AppliesTo.');
+        $endpointReference = array_pop($endpointReference);
 
         // Ensure we know the issuer
         $issuer = $endpointReference->getAddress()->getContent();

src/IdP/ADFS.php

@@ -103,7 +103,7 @@ public static function receivePassiveAuthnRequest(
 
         // Ensure we know the issuer
         $issuer = $endpointReference->getAddress()->getContent();
-        $idp = IdP::getById($this->config, 'adfs:' . $issuer);
+        //$idp = IdP::getById($this->config, 'adfs:' . $issuer);
 
         $metadata = MetaDataStorageHandler::getMetadataHandler(Configuration::getInstance());
         $spMetadata = $metadata->getMetaDataConfig($issuer, 'adfs-sp-remote');