theodorejb/saml-utils

Utilities to streamline Light Saml usage

Maintainers

Details

github.com/theodorejb/saml-utils

Source

Issues

Installs: 1 307

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

v1.1.0 2023-10-11 21:47 UTC

Requires

Requires (Dev)

MIT 210950e18d2a59c682f8d8753f09923255f95d58

  • Theodore Brown <theodorejb.woop@outlook.com>

This package is auto-updated.

Last update: 2024-06-11 23:18:57 UTC

README

This package provides a few helpful utilities on top of Light Saml to streamline common tasks.

Install via Composer

composer require theodorejb/saml-utils

Working with metadata

The SamlMetadata class simplifies getting data from Identity Provider metadata. Call SamlMetadata::fromXml($xml) to create an instance from an Entity Descriptor XML string.

The underlying EntityDescriptor object can be accessed via a readonly $entityDescriptor property.

SamlMetadata implements the following methods:

getIdpCertificate()

Returns an X509Certificate instance for the Identity Provider certificate.

getIdpSsoRedirectLocation()

Returns the redirect location string defined by the Identity Provider for receiving a SAML request to initiate single sign-on.

getIdpRedirectLogoutService()

Returns the redirect SingleLogoutService if defined by the Identity Provider, otherwise null.

Utility methods

The SamlUtils class implements the following static utility methods:

getRequestFromGlobals(): MessageContext

Returns an object for the SAML request or response from the global GET/POST data.

getMessageHttpResponse(SamlMessage $message, string $bindingType): Response

Returns a Symfony\Component\HttpFoundation\Response instance for sending the SAML message.

validateSignature(SamlMessage $message, X509Certificate $certificate): void

Throws an Exception if the message signature is missing or fails verification with the certificate.

getSubjectNameId(SamlResponse $response): string

Returns the user identity being asserted by the identity provider.

getFirstAttributeStatement(SamlResponse $response): AttributeStatement|null

Returns the first assertion attribute statement if one exists.

getAttributeStatementValue(AttributeStatement $statement, string $name): string

Returns the assertion attribute value for the specified attribute name. Throws an exception if the attribute doesn't exist.

getResponseAttributeValue(SamlResponse $response, string $name): string

Same as getAttributeStatementValue(), but can be used directly from a SamlResponse rather than an AttributeStatement.