save and migrate to L5

Author: aacotroneo

composer.json

@@ -1,6 +1,6 @@
 {
     "name": "aacotroneo/saml2",
-    "description": "A laravel package for saml2 integration as a SP (service provider) based on OneLogin toolkit, which is much lightweight than simplesamlphp",
+    "description": "A Laravel package for Saml2 integration as a SP (service provider) based on OneLogin toolkit, which is much lightweight than simplesamlphp",
     "authors": [
         {
             "name": "aacotroneo",

src/Aacotroneo/Saml2/Facades/Saml2Auth.php

@@ -0,0 +1,15 @@
+<?php
+namespace Aacotroneo\Saml2\Facades;
+
+use Illuminate\Support\Facades\Facade;
+
+class Saml2Auth extends Facade{
+
+    /**
+     * Get the registered name of the component.
+     *
+     * @return string
+     */
+    protected static function getFacadeAccessor() { return 'saml2auth'; }
+
+} 

src/Aacotroneo/Saml2/Saml2Auth.php

@@ -0,0 +1,120 @@
+<?php
+
+namespace Aacotroneo\Saml2;
+
+use OneLogin_Saml2_Auth;
+use OneLogin_Saml2_Error;
+use OneLogin_Saml2_Utils;
+
+class Saml2Auth
+{
+
+    /**
+     * @var \OneLogin_Saml2_Auth
+     */
+    protected $auth;
+    protected $uid_key;
+
+    function __construct($config)
+    {
+//        session_start();
+        $this->auth = new OneLogin_Saml2_Auth($config);
+//        $this->uid_key = $uid_key;
+//        $this->id_key = $config[]
+    }
+
+    function isAuthenticated()
+    {
+        return isset($_SESSION['samlUserdata']);
+    }
+
+    function getUserId()
+    {
+        $attributes = $this->getAttributes();
+        return $attributes[$this->uid_key][0];
+    }
+
+    function getAttributes()
+    {
+        $attributes = $_SESSION['samlUserdata'];
+        return $attributes;
+    }
+
+    function getRawSamlAssertion()
+    {
+        return isset($_SESSION['SAMLAssertion']) ? $_SESSION['SAMLAssertion'] : null;
+    }
+
+    function login()
+    {
+        $this->auth->login();
+    }
+
+    function acs()
+    {
+
+        /** @var $auth OneLogin_Saml2_Auth */
+        $auth = $this->auth;
+
+        $auth->processResponse();
+
+
+        $errors = $auth->getErrors();
+
+        if (!empty($errors)) {
+            print_r('<p>' . implode(', ', $errors) . '</p>');
+            exit();
+        }
+
+        if (!$auth->isAuthenticated()) {
+            echo "<p>Not authenticated</p>";
+            exit();
+        }
+
+        $_SESSION['samlUserdata'] = $auth->getAttributes();
+
+        $_SESSION['SAMLAssertion'] = $_POST['SAMLResponse']; //se lo robo al saml
+
+        if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
+            $auth->redirectTo($_POST['RelayState']);
+        }
+    }
+
+    function sls()
+    {
+        $auth = $this->auth;
+
+        $auth->processSLO();
+
+        $errors = $auth->getErrors();
+
+        if (empty($errors)) {
+            print_r('Sucessfully logged out');
+        } else {
+            print_r(implode(', ', $errors));
+        }
+    }
+
+    function getMetadata()
+    {
+        $auth = $this->auth;
+        $settings = $auth->getSettings();
+        $metadata = $settings->getSPMetadata();
+        $errors = $settings->validateMetadata($metadata);
+
+
+        if (empty($errors)) {
+            return $metadata;
+//            header('Content-Type: text/xml');
+//            echo $metadata;
+        } else {
+
+            throw new OneLogin_Saml2_Error(
+                'Invalid SP metadata: ' . implode(', ', $errors),
+                OneLogin_Saml2_Error::METADATA_SP_INVALID
+            );
+        }
+    }
+
+
+} 

src/Aacotroneo/Saml2/Saml2ServiceProvider.php

@@ -1,47 +1,66 @@
 <?php
 namespace Aacotroneo\Saml2;
 
+use Config;
+use Route;
+use URL;
 use Illuminate\Support\ServiceProvider;
 
-class Saml2ServiceProvider extends ServiceProvider {
-
-	/**
-	 * Indicates if loading of the provider is deferred.
-	 *
-	 * @var bool
-	 */
-	protected $defer = false;
-
-	/**
-	 * Bootstrap the application events.
-	 *
-	 * @return void
-	 */
-	public function boot()
-	{
-		$this->package('aacotroneo/saml2');
-
-        include __DIR__.'/../../routes.php';
-	}
-
-	/**
-	 * Register the service provider.
-	 *
-	 * @return void
-	 */
-	public function register()
-	{
-		//
-	}
-
-	/**
-	 * Get the services provided by the provider.
-	 *
-	 * @return array
-	 */
-	public function provides()
-	{
-		return array();
-	}
+class Saml2ServiceProvider extends ServiceProvider
+{
+
+    /**
+     * Indicates if loading of the provider is deferred.
+     *
+     * @var bool
+     */
+    protected $defer = false;
+
+    /**
+     * Bootstrap the application events.
+     *
+     * @return void
+     */
+    public function boot()
+    {
+        $this->package('aacotroneo/saml2');
+
+        include __DIR__ . '/../../routes.php';
+    }
+
+    /**
+     * Register the service provider.
+     *
+     * @return void
+     */
+    public function register()
+    {
+        $this->app['saml2auth'] = $this->app->share(function ($app) {
+            $config = Config::get('saml2::saml_settings');
+
+            $config['sp']['entityId'] = URL::route('saml_metadata');
+
+            $config['sp']['assertionConsumerService']['url'] = URL::route('saml_acs');
+
+            $config['sp']['singleLogoutService']['url'] = URL::route('saml_sls');
+
+            return new \Aacotroneo\Saml2\Saml2Auth($config);
+        });
+
+        $this->app->booting(function () {
+            $loader = \Illuminate\Foundation\AliasLoader::getInstance();
+            $loader->alias('Saml2Auth', 'Aacotroneo\Saml2\Facades\Saml2Auth');
+        });
+    }
+
+    /**
+     * Get the services provided by the provider.
+     *
+     * @return array
+     */
+    public function provides()
+    {
+        return array();
+    }
 
 }

src/config/saml_settings.php

@@ -12,13 +12,25 @@
 
     // Service Provider Data that we are deploying
     'sp' => array (
+
+        // Specifies constraints on the name identifier to be used to
+        // represent the requested subject.
+        // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
+        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+
+        // Usually x509cert and privateKey of the SP are provided by files placed at
+        // the certs folder. But we can also provide them with the following parameters
+        'x509cert' => '',
+        'privateKey' > '',
+
+        //LARAVEL - You don't need to change anything else on the sp
         // Identifier of the SP entity  (must be a URI)
-        'entityId' => '',
+        'entityId' => '',  //LARAVEL: This would be set to saml_metadata route
         // Specifies info about where and how the <AuthnResponse> message MUST be
         // returned to the requester, in this case our SP.
         'assertionConsumerService' => array (
             // URL Location where the <Response> from the IdP will be returned
-            'url' => '',
+            'url' => '', //LARAVEL: This would be set to saml_acs route
             // SAML protocol binding to be used when returning the <Response>
             // message.  Onelogin Toolkit supports for this endpoint the
             // HTTP-Redirect binding only
@@ -28,31 +40,22 @@
         // returned to the requester, in this case our SP.
         'singleLogoutService' => array (
             // URL Location where the <Response> from the IdP will be returned
-            'url' => '',
+            'url' => '',  //LARAVEL: This would be set to saml_sls route
             // SAML protocol binding to be used when returning the <Response>
             // message.  Onelogin Toolkit supports for this endpoint the
             // HTTP-Redirect binding only
             'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
         ),
-        // Specifies constraints on the name identifier to be used to
-        // represent the requested subject.
-        // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
-        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
-
-        // Usually x509cert and privateKey of the SP are provided by files placed at
-        // the certs folder. But we can also provide them with the following parameters
-        'x509cert' => '',
-        'privateKey' > '',
     ),
 
     // Identity Provider Data that we want connect with our SP
     'idp' => array (
         // Identifier of the IdP entity  (must be a URI)
-        'entityId' => '',
+        'entityId' => 'http://localhost:8000/simplesaml/saml2/idp/metadata.php',
         // SSO endpoint info of the IdP. (Authentication Request protocol)
         'singleSignOnService' => array (
             // URL Target of the IdP where the SP will send the Authentication Request Message
-            'url' => '',
+            'url' => 'http://localhost:8000/simplesaml/saml2/idp/SSOService.php',
             // SAML protocol binding to be used when returning the <Response>
             // message.  Onelogin Toolkit supports for this endpoint the
             // HTTP-POST binding only
@@ -61,14 +64,14 @@
         // SLO endpoint info of the IdP.
         'singleLogoutService' => array (
             // URL Location of the IdP where the SP will send the SLO Request
-            'url' => '',
+            'url' => 'http://localhost:8000/simplesaml/saml2/idp/SingleLogoutService.php',
             // SAML protocol binding to be used when returning the <Response>
             // message.  Onelogin Toolkit supports for this endpoint the
             // HTTP-Redirect binding only
             'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
         ),
         // Public x509 certificate of the IdP
-        'x509cert' => '',
+        'x509cert' => 'MIID/TCCAuWgAwIBAgIJAI4R3WyjjmB1MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJBUjEVMBMGA1UECAwMQnVlbm9zIEFpcmVzMRUwEwYDVQQHDAxCdWVub3MgQWlyZXMxDDAKBgNVBAoMA1NJVTERMA8GA1UECwwIU2lzdGVtYXMxFDASBgNVBAMMC09yZy5TaXUuQ29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbmlAc2l1LmVkdS5hcjAeFw0xNDEyMDExNDM2MjVaFw0yNDExMzAxNDM2MjVaMIGUMQswCQYDVQQGEwJBUjEVMBMGA1UECAwMQnVlbm9zIEFpcmVzMRUwEwYDVQQHDAxCdWVub3MgQWlyZXMxDDAKBgNVBAoMA1NJVTERMA8GA1UECwwIU2lzdGVtYXMxFDASBgNVBAMMC09yZy5TaXUuQ29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbmlAc2l1LmVkdS5hcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbzW/EpEv+qqZzfT1Buwjg9nnNNVrxkCfuR9fQiQw2tSouS5X37W5h7RmchRt54wsm046PDKtbSz1NpZT2GkmHN37yALW2lY7MyVUC7itv9vDAUsFr0EfKIdCKgxCKjrzkZ5ImbNvjxf7eA77PPGJnQ/UwXY7W+cvLkirp0K5uWpDk+nac5W0JXOCFR1BpPUJRbz2jFIEHyChRt7nsJZH6ejzNqK9lABEC76htNy1Ll/D3tUoPaqo8VlKW3N3MZE0DB9O7g65DmZIIlFqkaMH3ALd8adodJtOvqfDU/A6SxuwMfwDYPjoucykGDu1etRZ7dF2gd+W+1Pn7yizPT1q8CAwEAAaNQME4wHQYDVR0OBBYEFPsn8tUHN8XXf23ig5Qro3beP8BuMB8GA1UdIwQYMBaAFPsn8tUHN8XXf23ig5Qro3beP8BuMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGu60odWFiK+DkQekozGnlpNBQz5lQ/bwmOWdktnQj6HYXu43e7sh9oZWArLYHEOyMUekKQAxOK51vbTHzzw66BZU91/nqvaOBfkJyZKGfluHbD0/hfOl/D5kONqI9kyTu4wkLQcYGyuIi75CJs15uA03FSuULQdY/Liv+czS/XYDyvtSLnu43VuAQWN321PQNhuGueIaLJANb2C5qq5ilTBUw6PxY9Z+vtMjAjTJGKEkE/tQs7CvzLPKXX3KTD9lIILmX5yUC3dLgjVKi1KGDqNApYGOMtjr5eoxPQrqDBmyx3flcy0dQTdLXud3UjWVW3N0PYgJtw5yBsS74QTGD4=',
         /*
          *  Instead of use the whole x509cert you can use a fingerprint
          *  (openssl x509 -noout -fingerprint -in "idp.crt" to generate it)

src/controllers/Saml2Controller.php

@@ -1,20 +1,23 @@
 <?php
 
-namespace Aacotroneo\Saml2;
+namespace Aacotroneo\Saml2\Controllers;
 
+use Saml2Auth;
+use Controller;
+use Response;
 
-use Illuminate\Routing\Controller;
-use Illuminate\Support\Facades\Config;
 
 class Saml2Controller extends Controller {
 
 
     public function metadata(){
 
-        $config = Config::get('saml2::saml_settings');
+        $metadata = Saml2Auth::getMetadata();
+        $response = Response::make($metadata, 200);
 
+        $response->header('Content-Type', 'text/xml');
 
-        return print_r($config, true);
+        return $response;
     }
 
     public function acs(){

src/routes.php

@@ -5,16 +5,16 @@
     //Admin Dashboard
     Route::get('/metadata', array(
         'as' => 'saml_metadata',
-        'uses' => 'Aacotroneo\Saml2\Saml2Controller@metadata',
+        'uses' => 'Aacotroneo\Saml2\Controllers\Saml2Controller@metadata',
     ));
 
     Route::post('/acs', array(
-        'as' => 'saml_metadata',
-        'uses' => 'Aacotroneo\Saml2\Controllers\AdminController@acs',
+        'as' => 'saml_acs',
+        'uses' => 'Aacotroneo\Saml2\Controllers\Saml2Controller@acs',
     ));
 
     Route::get('/sls', array(
-        'as' => 'saml_metadata',
-        'uses' => 'Aacotroneo\Saml2\Controllers\AdminController@sls',
+        'as' => 'saml_sls',
+        'uses' => 'Aacotroneo\Saml2\Controllers\Saml2Controller@sls',
     ));
 });