Open
Description
Hello. This may not be the place to ask, but I am really stuck.
One thing I noticed is that the assertion in my response has a different node label than the examples I've been given and the examples in the LightSAML cookbook.
Mine... "<Assertion..."
All others... "<saml:Assertion..."
I am including the code I am using to generate the response in case there is something wrong there. Thanks for any and all help!
`$certificate = \LightSaml\Credential\X509Certificate::fromFile( path to file );
$privateKey = \LightSaml\Credential\KeyHelper::createPrivateKey( path to file, '', true );
$response_id = \LightSaml\Helper::generateID();
$response = new \LightSaml\Model\Protocol\Response();
$response
->addAssertion( $assertion = new \LightSaml\Model\Assertion\Assertion() )
->setStatus( new \LightSaml\Model\Protocol\Status(
new \LightSaml\Model\Protocol\StatusCode(
\LightSaml\SamlConstants::STATUS_SUCCESS )
)
)
->setID( $response_id )
->setIssueInstant( new \DateTime() )
->setDestination( $destination )
->setIssuer( new \LightSaml\Model\Assertion\Issuer( $carrier_id ) )
->setSignature(new \LightSaml\Model\XmlDSig\SignatureWriter( $certificate, $privateKey ));
$assertion_id = \LightSaml\Helper::generateID();
$assertion
->setId( $assertion_id )
->setIssueInstant(new \DateTime())
->setIssuer(new \LightSaml\Model\Assertion\Issuer( $carrier_id ))
->setSubject(
(new \LightSaml\Model\Assertion\Subject())
->setNameID(new \LightSaml\Model\Assertion\NameID(
$user->email,
\LightSaml\SamlConstants::NAME_ID_FORMAT_UNSPECIFIED
))
->addSubjectConfirmation(
(new \LightSaml\Model\Assertion\SubjectConfirmation())
->setMethod(\LightSaml\SamlConstants::CONFIRMATION_METHOD_BEARER)
->setSubjectConfirmationData(
(new \LightSaml\Model\Assertion\SubjectConfirmationData())
->setNotOnOrAfter(new \DateTime('+1 MINUTE'))
->setRecipient( $destination )
)
)
)
->setConditions(
(new \LightSaml\Model\Assertion\Conditions())
->setNotBefore(new \DateTime())
->setNotOnOrAfter(new \DateTime('+1 MINUTE'))
->addItem(
new \LightSaml\Model\Assertion\AudienceRestriction( [$audience] )
)
)
->addItem(
(new \LightSaml\Model\Assertion\AttributeStatement())
->addAttribute(new \LightSaml\Model\Assertion\Attribute(
'Groups',
'01945-UsersGroup'
))
->addAttribute(new \LightSaml\Model\Assertion\Attribute(
'Action',
'CREATE'
))
->addAttribute(new \LightSaml\Model\Assertion\Attribute(
'AppliationData'
))
->addAttribute(new \LightSaml\Model\Assertion\Attribute(
'ChannelName',
'WIA'
))
->addAttribute(new \LightSaml\Model\Assertion\Attribute(
'CompanyIdentifier',
'1945'
))
->addAttribute(new \LightSaml\Model\Assertion\Attribute(
'TimeoutURL'
))
)
->addItem(
( new \LightSaml\Model\Assertion\AuthnStatement())
->setAuthnInstant(new \DateTime('-10 MINUTE'))
->setSessionIndex( $assertion_id )
->setAuthnContext(
(new \LightSaml\Model\Assertion\AuthnContext())
->setAuthnContextClassRef(\LightSaml\SamlConstants::AUTHN_CONTEXT_UNSPECIFIED)
)
);
$bindingFactory = new \LightSaml\Binding\BindingFactory();
$postBinding = $bindingFactory->create(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST);
$messageContext = new \LightSaml\Context\Profile\MessageContext();
$messageContext->setMessage( $response )->asResponse();
$httpResponse = $postBinding->send( $messageContext );
print $httpResponse->getContent();
`
Metadata
Metadata
Assignees
Labels
No labels