1

What I wish to accomplish is adding the following example to Authnrequest

<samlp:Extensions>
   <somens:TheExtensionName xmlns:somens="http://uriofextension/">
<somens:TheExtensionName Name="AttributeName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
isRequired="true"/>
   </somens:TheExtensionName >
</samlp:Extensions>

By using authsource.php, how am I able to accomplish that?

I've read the documentation and at the point

https://simplesamlphp.org/docs/stable/saml:sp

5.8 Using samlp:Extensions

They have:

$dom = \SAML2\DOMDocumentFactory::create();
$ce = $dom->createElementNS('http://www.example.com/XFoo', 'xfoo:test', 'Test data!');
$ext[] = new \SAML2\XML\Chunk($ce);

$auth = new \SimpleSAML\Auth\Simple('default-sp');
$auth->login(array(
    'saml:Extensions' => $ext,
));

But where is this code included? As I've added it to the authsources.php without luck, and can't figure out how to use this, consider also my lack of knowledge regarding php, so maybe im just messing things.

This is what I've tried in authsources.php

Disregard some parts of the code that belong to the examples provided

<?php

$dom = \SAML2\DOMDocumentFactory::create();
$ce = $dom->createElementNS('http://www.example.com/XFoo', 'xfoo:test', 'Test data!');
$ext[] = new \SAML2\XML\Chunk($ce);

$config = array(

    'sp.name' => array(
        'saml:SP',
        'privatekey'  => '/certs/privkey.pem',
        'certificate' => '/certs/fullchain.pem',
        'entityID' => 'entityID',
        'idp' => 'idpID',
        'saml:Extensions' => $ext,

    ),

);
Ilhicas
  • 1,429
  • 1
  • 19
  • 26

1 Answers1

1

Well I've not been able to use authsources.php yet, but managed to recreate it with the samlp:extensions authnrequest I needed.

I've created an php app and connected that to Simplesaml Service Provider in order to send the request with samlp:Extensions and here is a code for those having the same issue:

app/app.php

<?php
    //Load SimpleSAMLphp.
    require_once('/var/www/simplesamlphp/lib/_autoload.php');

    //Initiate a SimpleSAML_Auth_Simple object.
    $as = new SimpleSAML_Auth_Simple('name-of-sp');

    //Standard PHP lib more info at -> http://php.net/manual/en/domdocument.createelementns.phphttp://php.net/manual/en/domdocument.createelementns.php
    $dom = SAML2_DOMDocumentFactory::create();

    $attributes_ext = $dom->createElementNS('namespace-uri', 'fa:RequestedAttributes');

    $item = $dom->createElementNS('namespace-uri', 'fa:RequestedAttribute');
    $attrName = $dom->createAttribute('Name');
    $attrName->value = 'attributeName';

    $attrNameFormat = $dom->createAttribute('NameFormat');
    $attrNameFormat->value = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";

    $attrRequirement = $dom->createAttribute('isRequired');
    $attrRequirement->value = "true";

    $item->appendChild($attrName);
    $item->appendChild($attrNameFormat);
    $item->appendChild($attrRequirement);

    $attributes_ext->appendChild($item);
    $ext[] = new SAML2_XML_Chunk($attributes_ext);

    $as->login(array(
        'saml:Extensions' => $ext,
    ));

    //If the user is not authenticated, authenticate the user
    $as->requireAuth();

    //Get the users attributes and print them.
    $attributes = $as->getAttributes();
    print_r($attributes);

    //Output the attributes to a file
    $myFile = "/tmp/attributes.log";
    $fh = fopen($myFile, 'a') or die("can't open file");
    $stringData = print_r($attributes, true);
    fwrite($fh, $stringData);
    fclose($fh);

    //Displays a Login and Logout link
    $url_in = $as->getLoginURL();
    $url_out = $as->getLogoutURL();
    print('<br><a href="' . htmlspecialchars($url_in) . '">Login</a>');
    print('<br><a href="' . htmlspecialchars($url_out) . '">Logout</a><br>');

    //If using PHP sessions in SimpleSAMLphp cleanup the SimpleSAMLphp session to be able to use $_SESSION
    $session = SimpleSAML_Session::getSessionFromRequest();
    $session->cleanup();

    //Display PHP information
    phpinfo()
?>
</body>
</html>

To set it to run for experiment

php -S 0.0.0.0:5000 -t app/

Navigate to localhost:5000/app.php, this will automatically send you to the login of the IDP, using the SP configurations. You can try with authsources.php examples provided by simplesamlphp

Ilhicas
  • 1,429
  • 1
  • 19
  • 26