Constants

RESPONSE_SIGNATURE_XPATH

RESPONSE_SIGNATURE_XPATH

ASSERTION_SIGNATURE_XPATH

ASSERTION_SIGNATURE_XPATH

Properties

$_proxyVars

$_proxyVars : boolean

Type

boolean — Control if the `Forwarded-For-*` headers are used

$_host

$_host : string|null

Type

string|null

$_protocol

$_protocol : string|null

Type

string|null

$_port

$_port : integer|null

Type

integer|null

$_baseurlpath

$_baseurlpath : string|null

Type

string|null

$_protocolRegex

$_protocolRegex : string

Type

string

Methods

t()

t(string  $msg, array|null  $args = array()) : string

Translates any string. Accepts args

Parameters

string $msg

Message to be translated

array|null $args

Arguments

Returns

string —

$translatedMsg Translated text

loadXML()

loadXML(\DOMDocument  $dom, string  $xml) : \DOMDocument|false

This function load an XML string in a save way.

Prevent XEE/XXE Attacks

Parameters

\DOMDocument $dom

The document where load the xml.

string $xml

The XML string to be loaded.

Throws

\Exception

Returns

\DOMDocument|false —

$dom The result of load the XML at the DomDocument

validateXML()

validateXML(string|\DOMDocument  $xml, string  $schema, boolean  $debug = false, string  $schemaPath = null) : string|\DOMDocument

This function attempts to validate an XML string against the specified schema.

It will parse the string into a DOM document and validate this document against the schema.

Parameters

string|\DOMDocument $xml

The XML string or document which should be validated.

string $schema

The schema filename which should be used.

boolean $debug

To disable/enable the debug mode

string $schemaPath

Change schema path

Throws

\Exception

Returns

string|\DOMDocument —

$dom string that explains the problem or the DOMDocument

treeCopyReplace()

treeCopyReplace(\DomNode  $targetNode, \DomNode  $sourceNode, boolean  $recurse = false) : \DOMNode

Import a node tree into a target document Copy it before a reference node as a sibling and at the end of the copy remove the reference node in the target document As it were 'replacing' it Leaving nested default namespaces alone (Standard importNode with deep copy mangles nested default namespaces)

The reference node must not be a DomDocument It CAN be the top element of a document Returns the copied node in the target document

Parameters

\DomNode $targetNode
\DomNode $sourceNode
boolean $recurse

Throws

\Exception

Returns

\DOMNode

formatCert()

formatCert(string  $cert, boolean  $heads = true) : string

Returns a x509 cert (adding header & footer if required).

Parameters

string $cert

A x509 unformated cert

boolean $heads

True if we want to include head and footer

Returns

string —

$x509 Formatted cert

formatPrivateKey()

formatPrivateKey(string  $key, boolean  $heads = true) : string

Returns a private key (adding header & footer if required).

Parameters

string $key

A private key

boolean $heads

True if we want to include head and footer

Returns

string —

$rsaKey Formatted private key

getStringBetween()

getStringBetween(string  $str, string  $start, string  $end) : string

Extracts a substring between 2 marks

Parameters

string $str

The target string

string $start

The initial mark

string $end

The end mark

Returns

string —

A substring or an empty string if is not able to find the marks or if there is no string between the marks

redirect()

redirect(string  $url, array  $parameters = array(), boolean  $stay = false) : string|null

Executes a redirection to the provided url (or return the target url).

Parameters

string $url

The target url

array $parameters

Extra parameters to be passed as part of the url

boolean $stay

True if we want to stay (returns the url string) False to redirect

Throws

\OneLogin_Saml2_Error

Returns

string|null —

$url

setProtocolRegex()

setProtocolRegex(  $protocolRegex) 

Parameters

$protocolRegex

setBaseURL()

setBaseURL(  $baseurl) 

Parameters

$baseurl

string The base url to be used when constructing URLs

setProxyVars()

setProxyVars(  $proxyVars) 

Parameters

$proxyVars

bool Whether to use X-Forwarded-* headers to determine port/domain/protocol

getProxyVars()

getProxyVars() 

return bool

getSelfURLhost()

getSelfURLhost() : string

Returns the protocol + the current host + the port (if different than common ports).

Returns

string —

$url

setSelfHost()

setSelfHost(  $host) 

Parameters

$host

string The host to use when constructing URLs

setBaseURLPath()

setBaseURLPath(  $baseurlpath) 

Parameters

$baseurlpath

string The baseurl path to use when constructing URLs

getBaseURLPath()

getBaseURLPath() : string

Returns

string —

The baseurlpath to be used when constructing URLs

setSelfPort()

setSelfPort(  $port) 

Parameters

$port

int The port number to use when constructing URLs

setSelfProtocol()

setSelfProtocol(  $protocol) 

Parameters

$protocol

string The protocol to identify as using, usually http or https

getSelfProtocol()

getSelfProtocol() : string

Returns

string —

http|https

getSelfHost()

getSelfHost() : string

Returns the current host.

Returns

string —

$currentHost The current host

getSelfPort()

getSelfPort() : null|string

Returns

null|string —

The port number used for the request

isHTTPS()

isHTTPS() : boolean

Checks if https or http.

Returns

boolean —

$isHttps False if https is not active

getSelfURLNoQuery()

getSelfURLNoQuery() : string

Returns the URL of the current host + current view.

Returns

string

getSelfRoutedURLNoQuery()

getSelfRoutedURLNoQuery() : string

Returns the routed URL of the current host + current view.

Returns

string

strLreplace()

strLreplace(  $search,   $replace,   $subject) 

Parameters

$search
$replace
$subject

getSelfURL()

getSelfURL() : string

Returns the URL of the current host + current view + query.

Returns

string

extractOriginalQueryParam()

extractOriginalQueryParam(string  $name) : string

Extract a query param - as it was sent - from $_SERVER[QUERY_STRING]

Parameters

string $name

The param to-be extracted

Returns

string

generateUniqueID()

generateUniqueID() : string

Generates an unique string (used for example as ID for assertions).

Returns

string —

A unique string

parseTime2SAML()

parseTime2SAML(string|integer  $time) : string

Converts a UNIX timestamp to SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z.

Parameters

string|integer $time

The time we should convert (DateTime).

Returns

string —

$timestamp SAML2 timestamp.

parseSAML2Time()

parseSAML2Time(string  $time) : integer

Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z to a UNIX timestamp. The sub-second part is ignored.

Parameters

string $time

The time we should convert (SAML Timestamp).

Throws

\Exception

Returns

integer —

$timestamp Converted to a unix timestamp.

parseDuration()

parseDuration(string  $duration, integer|null  $timestamp = null) : integer

Interprets a ISO8601 duration value relative to a given timestamp.

Parameters

string $duration

The duration, as a string.

integer|null $timestamp

The unix timestamp we should apply the duration to. Optional, default to the current time.

Throws

\Exception

Returns

integer —

The new timestamp, after the duration is applied.

getExpireTime()

getExpireTime(string|null  $cacheDuration = null, string|integer|null  $validUntil = null) : integer|null

Compares 2 dates and returns the earliest.

Parameters

string|null $cacheDuration

The duration, as a string.

string|integer|null $validUntil

The valid until date, as a string or as a timestamp

Throws

\Exception

Returns

integer|null —

$expireTime The expiration time.

query()

query(\DOMDocument  $dom, string  $query, \DomElement|null  $context = null) : \DOMNodeList

Extracts nodes from the DOMDocument.

Parameters

\DOMDocument $dom

The DOMDocument

string $query

Xpath Expresion

\DomElement|null $context

Context Node (DomElement)

Returns

\DOMNodeList —

The queried nodes

isSessionStarted()

isSessionStarted() : boolean

Checks if the session is started or not.

Returns

boolean —

true if the sessíon is started

deleteLocalSession()

deleteLocalSession() 

Deletes the local session.

calculateX509Fingerprint()

calculateX509Fingerprint(string  $x509cert, string  $alg = 'sha1') : null|string

Calculates the fingerprint of a x509cert.

Parameters

string $x509cert

x509 cert

string $alg

Returns

null|string —

Formatted fingerprint

formatFingerPrint()

formatFingerPrint(string  $fingerprint) : string

Formates a fingerprint.

Parameters

string $fingerprint

fingerprint

Returns

string —

Formatted fingerprint

generateNameId()

generateNameId(string  $value, string  $spnq, string|null  $format = null, string|null  $cert = null, string|null  $nq = null) : string

Generates a nameID.

Parameters

string $value

fingerprint

string $spnq

SP Name Qualifier

string|null $format

SP Format

string|null $cert

IdP Public cert to encrypt the nameID

string|null $nq

IdP Name Qualifier

Throws

\Exception

Returns

string —

$nameIDElement DOMElement | XMLSec nameID

getStatus()

getStatus(\DOMDocument  $dom) : array

Gets Status from a Response.

Parameters

\DOMDocument $dom

The Response as XML

Throws

\OneLogin_Saml2_ValidationError

Returns

array —

$status The Status, an array with the code and a message.

decryptElement()

decryptElement(\DOMElement  $encryptedData, \XMLSecurityKey  $inputKey, boolean  $formatOutput = true) : \DOMElement

Decrypts an encrypted element.

Parameters

\DOMElement $encryptedData

The encrypted data.

\XMLSecurityKey $inputKey

The decryption key.

boolean $formatOutput

Format or not the output.

Throws

\OneLogin_Saml2_ValidationError

Returns

\DOMElement —

The decrypted element.

castKey()

castKey(\XMLSecurityKey  $key, string  $algorithm, string  $type = 'public') : \XMLSecurityKey

Converts a XMLSecurityKey to the correct algorithm.

Parameters

\XMLSecurityKey $key

The key.

string $algorithm

The desired algorithm.

string $type

Public or private key, defaults to public.

Throws

\Exception

Returns

\XMLSecurityKey —

The new key.

isSupportedSigningAlgorithm()

isSupportedSigningAlgorithm(  $algorithm) : boolean

Parameters

$algorithm

Returns

boolean

addSign()

addSign(string|\DomDocument  $xml, string  $key, string  $cert, string  $signAlgorithm = \XMLSecurityKey::RSA_SHA1, string  $digestAlgorithm = \XMLSecurityDSig::SHA1) : string

Adds signature key and senders certificate to an element (Message or Assertion).

Parameters

string|\DomDocument $xml

The element we should sign

string $key

The private key

string $cert

The public

string $signAlgorithm

Signature algorithm method

string $digestAlgorithm

Digest algorithm method

Throws

\Exception

Returns

string

validateSign()

validateSign(string|\DomNode  $xml, string|null  $cert = null, string|null  $fingerprint = null, string|null  $fingerprintalg = 'sha1', string|null  $xpath = null, array|null  $multiCerts = null) : boolean

Validates a signature (Message or Assertion).

Parameters

string|\DomNode $xml

The element we should validate

string|null $cert

The public cert

string|null $fingerprint

The fingerprint of the public cert

string|null $fingerprintalg

The algorithm used to get the fingerprint

string|null $xpath

The xpath of the signed element

array|null $multiCerts

Multiple public certs

Throws

\Exception

Returns

boolean

validateBinarySign()

validateBinarySign(string  $messageType, array  $getData, array  $idpData, boolean  $retrieveParametersFromServer = false) : boolean

Validates a binary signature

Parameters

string $messageType

Type of SAML Message

array $getData

HTTP GET array

array $idpData

IdP setting data

boolean $retrieveParametersFromServer

Indicates where to get the values in order to validate the Sign, from getData or from $_SERVER

Throws

\Exception

Returns

boolean

getRawHost()

getRawHost() : string

Returns

string —

The raw host name

buildWithBaseURLPath()

buildWithBaseURLPath(  $info) : string

Returns the part of the URL with the BaseURLPath.

Parameters

$info

Returns

string