Lines Matching refs:a
15 …questId was provided to the validator but the SAMLResponse does not contain a InResponseTo attribu…
21 Update php-saml to 2.15.0, this version includes a security patch related to XEE attacks
25 Update php-saml to 2.10.4, this version includes a security patch related to
28 Update php-saml to 2.10.0, this version includes a security patch that contains extra validations t…
36 …a security vulnerability in this toolkit, please report it at https://www.onelogin.com/security wi…
50 integrity, SAML is a secure single sign-on protocol that the largest
53 sign a user into an application.
54 * **Phishing Prevention** - If you don’t have a password for an app, you
55 can’t be tricked into entering it on a fake login page.
66 OneLogin's SAML PHP toolkit let you build a SP (Service Provider) over
76 * Enable a Single Logout Service endpoint.
103 Since [PHP 5.3 is officially unsupported](http://php.net/eol.php) we recommend you to use a newer P…
134 After installation has completed you will find at the `vendor/` folder a new folder named `onelogin…
144 This 2.0 version has a new library. The toolkit is still compatible.
151 the toolkit (v.1). Take a look.
153 Sometimes the names of the classes of the old code could be a bit different
164 If you are using the library with a framework like Symfony that contains
165 namespaces, remember that calls to the class must be done by adding a backslash (`\`) to the
179 …e fingerprint method. The fingerprint, is a hash, so at the end is open to a collision attack that…
193 SAML requires a x509 cert to sign and encrypt elements like `NameID`, `Message`,
205 Sometimes we could need a signature on the metadata published by the SP, in
206 this case we could use the x509 cert previously mentioned or use a new x509
209 Use `sp_new.crt` if you are in a key rollover process and you want to
223 * `Saml` folder contains a modified version of the toolkit v.1 and allows the
227 are described in a later section.
251 Locale folder contains some translations: `en_US` and `es_ES` as a proof of concept.
258 * `settings_example.php` - A template to be used in order to create a
260 * `advanced_settings_example.php` - A template to be used in order to create a
271 * `demo1/` - Contains an example of a simple PHP app with SAML support.
288 * Use a `settings.php` file that we should locate at the base folder of the
294 There is a template file, `settings_example.php`, so you can make a copy of this
310 // Set a BaseURL to be used instead of try to guess
318 // Identifier of the SP entity (must be a URI)
330 // If you need to specify requested attributes, set a
358 // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported.
377 // Identifier of the IdP entity (must be a URI)
404 * Instead of use the whole x509cert you can use a fingerprint in order to
405 * validate a SAMLResponse, but we don't recommend to use that
406 * method on production since is exploitable by a collision attack.
410 * If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to
439 information that could be defined. In the same way that a template exists
440 for the basic info, there is a template for that advanced info located
489 // Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest>
493 // Indicates a requirement for the <saml:Assertion> elements received by
497 // Indicates a requirement for the <saml:Assertion> elements received by
501 // Indicates a requirement for the NameID element on the SAMLResponse
505 // Indicates a requirement for the NameID received by
539 // Notice that sha1 is a deprecated algorithm and should not be used
547 // Notice that sha1 is a deprecated algorithm and should not be used
555 // Contact information template, it is recommended to supply a
582 But if we provide a `$deflate` boolean parameter to the `getRequest` or `getResponse` method it wil…
614 require_once 'custom_settings.php'; // The custom_settings.php contains a
646 new toolkit due there are a lot of new features that you can't handle with the
669 …ttribute Consumer Service of the SP with this information. If we do not set a `'url'` param in the…
671 We can set a `'returnTo'` url to change the workflow and redirect the user to the other PHP file.
685 * `$setNameIdPolicy` - When true the AuthNRequest will set a nameIdPolicy element.
688 If a match on the future SAMLResponse ID and the AuthNRequest ID to be sent is required, that AuthN…
735 Before the XML metadata is exposed, a check takes place to ensure
822 2. If `RelayState` is provided, a redirection takes place.
865 is an array - a single-valued attribute is an array of a single element.
883 returned. For example, if we call to `getAttributes` before a
920 If the SLS endpoints receives a Logout Response, the response is
941 the session is closed and a Logout Response is sent to the SLS endpoint of
977 If you aren't using the default PHP session, or otherwise need a manual
978 way to destroy the session, you can pass a callback method to the
991 If we don't want that `processSLO` to destroy the session, pass a true
1001 In order to send a Logout Request to the IdP:
1017 … used to build the LogoutRequest. If `name_id` parameter is not set and the auth object processed a
1018 SAML Response with a `NameId`, then this `NameId` will be used.
1030 If we do not set a `'url'` param in the logout method and are using the
1071 If a match on the future LogoutResponse ID and the LogoutRequest ID to be sent is required, that Lo…
1082 #### Example of a view that initiates the SSO request and handles the response (is the acs target) …
1084 We can code a unique file that initiates the SSO process, handle the response, get the attributes, …
1087 Note: Review the `demo1` folder that contains that use case; in a later section we
1105 $returnTo = $spBaseUrl.'/demo1/attrs.php'; // but set a custom RelayState URL
1107 } else if (isset($_GET['slo'])) { // SLO action. Will sent a Logout Request to IdP
1128 $auth->redirectTo($_POST['RelayState']); // Redirect if there is a
1157 echo '<p><a href="?slo" >Logout</a></p>'; // Print some links with possible
1159 echo '<p><a href="?sso" >Login</a></p>';
1160 echo '<p><a href="?sso2" >Login and access to attrs.php page</a></p>';
1206 php-saml toolkit uses a bunch of methods in OneLogin_Saml2_Utils that try to guess the URL where th…
1218 When the PHP application is behind a proxy or a load balancer we can execute `setProxyVars(true)` a…
1220 …a developer can use `setSelfProtocol`, `setSelfHost`, `setSelfPort` and `getBaseURLPath` to define…
1222 At the settings the developer will be able to set a `'baseurl'` parameter that automatically will u…
1335 * `buildRequestSignature` - Generates the Signature for a SAML Request
1336 * `buildResponseSignature` - Generates the Signature for a SAML Response
1372 * `validateNumAssertions` - Verifies that the document only contains a single
1376 * `getError` - After executing a validation process, if it fails, this method returns the cause
1391 * `getError` - After executing a validation process, if it fails, this method returns the cause
1398 * `OneLogin_Saml2_LogoutResponse` - Constructs a Logout Response object
1403 * `build` - Generates a Logout Response object.
1404 * `getResponse` - Returns a Logout Response object.
1405 * `getError` - After executing a validation process, if it fails, this method returns the cause.
1440 * `setBaseURL` - Set a baseurl value
1460 * `formatCert` - Returns a x509 cert (adding header & footer if required).
1461 * `formatPrivateKey` - returns a RSA private key (adding header & footer if required).
1462 * `redirect` - Executes a redirection to the provided url (or return the
1470 * `generateUniqueID` - Generates a unique string (used for example as ID
1472 * `parseTime2SAML` - Converts a UNIX timestamp to SAML2 timestamp on the
1474 * `parseSAML2Time` - Converts a SAML2 timestamp on the form
1475 `yyyy-mm-ddThh:mm:ss(\.s+)?Z` to a UNIX timestamp. The sub-second part is
1477 * `parseDuration` - Interprets a ISO8601 duration value relative to a given
1483 * `calculateX509Fingerprint` - Calculates the fingerprint of a x509cert.
1484 * `formatFingerPrint` - Formats a fingerprint.
1485 * `generateNameId` - Generates a `nameID`.
1486 * `getStatus` - Gets Status from a Response.
1488 * `castKey` - Converts a `XMLSecurityKey` to the correct algorithm.
1491 * `validateSign` - Validates a signature (Message or Assertion).
1512 The toolkit includes three demo apps to teach how use the toolkit, take a look on it.
1522 * Use a `settings.php` file that we should locate at the base folder of the
1526 In this demo we provide the data in the second way, using a setting array named
1527 `$settingsInfo`. This array users the `settings_example.php` included as a template
1554 is sent to the IdP, we authenticate at the IdP and then a Response is sent
1556 Notice that a `RelayState` parameter is set to the url that initiated the
1563 is not valid, the process stops here and a message is shown. Otherwise we
1564 are redirected to the RelayState view. a) `index.php` or b) `attrs.php`.
1571 5.1 SLO Initiated by SP. Click on the "logout" link at the SP, after that a
1573 replies through the client to the SP with a Logout Response (sent to the
1579 side, the logout process is initiated at the idP, sends a Logout
1582 at the local app and send a Logout Response to the IdP (to the SLS endpoint
1586 Notice that all the SAML Requests and Responses are handled by a unique file,
1597 * Use a `settings.php` file that we should locate at the base folder of the
1633 We authenticate at the IdP and then a `Response` is sent to the SP, to the
1637 the process stops here and a message is shown. Otherwise we are redirected
1648 we are redirected to the `slo.php` view and there a Logout Request is sent
1649 to the IdP, the session at the IdP is closed and replies to the SP a
1656 side, the logout process is initiated at the idP, sends a Logout
1659 close the session of the user at the local app and sends a Logout Response
1674 could be used as a template for your `settings.php` file.
1695 Initiated SAML. The service provider creates a SAML Authentication Request and