Skip to content

Commit

Permalink
Add support for encrypted name id in encrypted assertion. See #594
Browse files Browse the repository at this point in the history
  • Loading branch information
@pitbulk
pitbulk committed Sep 29, 2024
1 parent 2df155b commit 78bc99c
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 21 deletions.
93 changes: 72 additions & 21 deletions lib/Saml2/Response.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,13 @@ class OneLogin_Saml2_Response
*/
public $encrypted = false;

/**
* The response contains an encrypted nameId in the assertion.
*
* @var bool
*/
public $encryptedNameId = false;

/**
* After validation, if it fail this var has the cause of the problem
* @var string
Expand Down Expand Up @@ -200,14 +207,12 @@ public function isValid($requestId = null)
);
}

if ($security['wantNameIdEncrypted']) {
$encryptedIdNodes = $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData');
if ($encryptedIdNodes->length != 1) {
throw new OneLogin_Saml2_ValidationError(
"The NameID of the Response is not encrypted and the SP requires it",
OneLogin_Saml2_ValidationError::NO_ENCRYPTED_NAMEID
);
}
$this->encryptedNameId = $this->encryptedNameId || $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')->length > 0;
if (!$this->encryptedNameId && $security['wantNameIdEncrypted']) {
throw new OneLogin_Saml2_ValidationError(
"The NameID of the Response is not encrypted and the SP requires it",
OneLogin_Saml2_ValidationError::NO_ENCRYPTED_NAMEID
);
}

// Validate Conditions element exists
Expand Down Expand Up @@ -366,17 +371,6 @@ public function isValid($requestId = null)
}
}

// Detect case not supported
if ($this->encrypted) {
$encryptedIDNodes = OneLogin_Saml2_Utils::query($this->decryptedDocument, '/samlp:Response/saml:Assertion/saml:Subject/saml:EncryptedID');
if ($encryptedIDNodes->length > 0) {
throw new OneLogin_Saml2_ValidationError(
'SAML Response that contains a an encrypted Assertion with encrypted nameId is not supported.',
OneLogin_Saml2_ValidationError::NOT_SUPPORTED
);
}
}

if (empty($signedElements) || (!$hasSignedResponse && !$hasSignedAssertion)) {
throw new OneLogin_Saml2_ValidationError(
'No Signature found. SAML Response rejected',
Expand Down Expand Up @@ -585,9 +579,15 @@ public function getNameIdData()
if ($encryptedIdDataEntries->length == 1) {
$encryptedData = $encryptedIdDataEntries->item(0);

$key = $this->_settings->getSPkey();
$pem = $this->_settings->getSPkey();
if (empty($pem)) {
throw new OneLogin_Saml2_Error(
"No private key available, check settings",
OneLogin_Saml2_Error::PRIVATE_KEY_NOT_FOUND
);
}
$seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private'));
$seckey->loadKey($key);
$seckey->loadKey($pem);

$nameId = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey);

Expand Down Expand Up @@ -1139,6 +1139,17 @@ protected function _decryptAssertion($dom)
if ($check === false) {
throw new Exception('Error: string from decrypted assertion could not be loaded into a XML document');
}

// check if the decrypted assertion contains an encryptedID
$encryptedID = $decrypted->getElementsByTagName('EncryptedID')->item(0);
if ($encryptedID) {
// decrypt the encryptedID
$this->encryptedNameId = true;
$encryptedData = $encryptedID->getElementsByTagName('EncryptedData')->item(0);
$nameId = $this->decryptNameId($encryptedData, $pem);
OneLogin_Saml2_Utils::treeCopyReplace($encryptedID, $nameId);
}

if ($encData->parentNode instanceof DOMDocument) {
return $decrypted;
} else {
Expand Down Expand Up @@ -1171,6 +1182,46 @@ protected function _decryptAssertion($dom)
}
}

/**
* Decrypt EncryptedID element
*
* @param \DOMElement $encryptedData The encrypted data.
* @param string $key The private key
*
* @return \DOMElement The decrypted element.
*
* @throws OneLogin_Saml2_Error
* @throws OneLogin_Saml2_ValidationError
*/
private function decryptNameId(\DOMElement $encryptedData, string $pem)
{
$objenc = new XMLSecEnc();
$encData = $objenc->locateEncryptedData($encryptedData);
$objenc->setNode($encData);
$objenc->type = $encData->getAttribute("Type");
if (!$objKey = $objenc->locateKey()) {
throw new OneLogin_Saml2_ValidationError(
"Unknown algorithm",
ValidationError::KEY_ALGORITHM_ERROR
);
}
$key = null;
if ($objKeyInfo = $objenc->locateKeyInfo($objKey)) {
if ($objKeyInfo->isEncrypted) {
$objencKey = $objKeyInfo->encryptedCtx;
$objKeyInfo->loadKey($pem, false, false);
$key = $objencKey->decryptKey($objKeyInfo);
} else {
// symmetric encryption key support
$objKeyInfo->loadKey($pem, false, false);
}
}
if (empty($objKey->key)) {
$objKey->loadKey($key);
}
return OneLogin_Saml2_Utils::decryptElement($encryptedData, $objKey);
}

/**
* After execute a validation process, if fails this method returns the cause
*
Expand Down
1 change: 1 addition & 0 deletions tests/data/responses/response_encrypted_nameid_encrypted_assertion2.xml.base64
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeDczMzI1MzJjLWQ2MDUtZmVkOS0xNTk2LWVlYTM0YjkyNDY2NiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciPjxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDczMzI1MzJjLWQ2MDUtZmVkOS0xNTk2LWVlYTM0YjkyNDY2NiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+SndSWVdySHdNQ1RKWHJGVXI0cTZRL0g1UWpFPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5lOEZYb2xETlA3MnFlZkVrRzExdkkzMVVqTmx2bWdqeStweVROa1FHbVhsME52bHRaVHJFamswVlFYanJUZkhMVzFvNTE4cU5ubWU1Nzl5ZXFnMWJLQU0xd3BCcENodWtIdnlWaXg2c3UyanBZbWQ1NFQ2bXJuTXFpYnUzZ01OZU52U2ZMaHFJQlpBWnVrc3kwZk1YNUpqd3R6elh0ejNHTENYNWFKVCsvRFk9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjx4ZW5jOkVuY3J5cHRlZERhdGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPjxkc2lnOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PHhlbmM6RW5jcnlwdGVkS2V5Pjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNyc2EtMV81Ii8+PHhlbmM6Q2lwaGVyRGF0YT48eGVuYzpDaXBoZXJWYWx1ZT5pSWUyWTlWZFlGTUZLaWd5bUlaU2xGZlZpa09rclNoeE5qUzV2VjVRNEZJSGdYczU3dDVUTjIxMlJlalFCTVkzVzdjV0NFV01RZzZ6NXFVS3QrNEhNZ0lsVVc3V2h2UytDeDBIK1QzczhHYkRycGQxeVU2SE93WVMwclpydkVqaW05WmtMY25FRlZIREpGYWpneUsxZGU1Y3c4S1NBa25hL1F0Mk1aRS9BOWM9PC94ZW5jOkNpcGhlclZhbHVlPjwveGVuYzpDaXBoZXJEYXRhPjwveGVuYzpFbmNyeXB0ZWRLZXk+PC9kc2lnOktleUluZm8+DQogICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgPHhlbmM6Q2lwaGVyVmFsdWU+cHFpOGpRZ1o3YzMwSGVTbGt2M1hpY0JhRU03QkdJY3JqSEF3NkZ4NHpaMS9uTE9SSEtiZ1h2Rnh3REh3ZWljOXdibjZIZkFCalhtK2pBc1p4RnZxNmRHTmRZK2l5Y3VZaGN6QzlVUXYxTEpqclM4a1M1bkJnL2dQQy9WeEN1Vk1rRlVPekIxN0JUM0JaSy9zWjhoYWFjaXI4NlNFU2p1bytUVUJxQzkrc2czMnVGbEs0QnZ6RmJtT3NHMmFXcUo3WGVkODRleUNuV2R4Y3RpeW5ZbWh0MDlzUjRZaU1XWEw1elB2V3JmMXhZdnd5YlE0blVUTkJmditBZmoyMTNTYVJuN3p6bGdjOUtvUWNLWEVlTHFpMGZYb0ZjU2l4VXhDRGFURm54Y0tzNDlOeXl1ZmE5aUdHOE82WmpQUVFjVlVEVURTWVFJQWo3ZkxnZWhnUm1RRW5WUVR3WUFoK3JaWjEzMWc2VUNNcHlZRnlHWGx1TzlZa0NwQUpaTFp0NDk2M1FZREE5UE5KTjVvblhPRmZhVk4zc1hmUUlVaWVjcDdZK0FoNmlISjJBbUc3NnRLbWFqTk55d0VpRVRmWTRLVGVrU2J1RlY2YUo5NEpBcGVYa2RvWlZnajBURGZURHlUY20wTkpoTE1yWmpwOHpPd1g1ajd3MUY0SFJNM2tra1JhQmdRdUVTM2NER1QyaVMzbWNzQTM3S29IWnlFd0hrZHQ0azBuUHhmbHErZ2RlbUI1UkJMZGlEM3QySzdWZjJDOW5weTBIMFNUckR6dkM2TzJRNW5CeGxuU1IyNVd3bWxSaFIzaUhHaVBmOExkK1gwS1I2L1R2WDRzNHlyZDhraWtrK1NaM25GWGxiUEdWaXhxNzZsTnlQOXk4M0E2UE5GM05HL1RKRC81YVBFR1JXZzM1S05aN3ZiU3p6YTh2dXRHOVZUekJKQjBKdnlHbUtJTWlOeWNQbmxrSHFlOXdkTGVQeGw2b1o4UWlEdndzVVM0YjNmaFpwaDZVNE1oMi93TWJ2ZnE0WUIxd29QL0t2ako4eVdlV3FHa1EwbXdjVUNmbUxjTk5FUGpVbW5sOTVTTTlacWUzdldMTXpxaVNpSW5YaFFLUFpkbjV4WmxpRmRNU0kzWEM4L2hOSkI0aTQvRVJ6eXNVdEM3NzZsVkU4OTFmNnNoME9SWm9iR0FNU0J4TGc2bjB5QWZHVUJSU2ZuRDdpc3craWdrQWNxWHBqV0RZQ0diWFIrV2RUMHZaWGRqd3pxMjhReFZqcXhPYnVzWkxvZVBCcnI2bGdPd2NMcCtQSVN6VVlzcW9YSTJJdk1BVURjMGxUMldwNDlKdUwvcnU0Y0F1U0Zla1hRZ0tJcUM2anVGZkpueDBTazd4K2NHekcxK3FLQ1ArSHF0Z01IMkdBUUFOMExJTU9YM08xQ3hYVE5CNGd2K3gvWk5RdFNVZy83dG5KL3BCTEZWMzVSNEp6RFlxWllVVkk4NTRYQ2thZ0dFZ1NyZXNDQWRVc1BQbHFjbGRibCtqMzl2Z0tDN3V4dWtXaXErRzhCYkY2WUdtWVNGQThPa1kwMmFrSjJLMnkrYlppOTc2eE9ucERQWGhLT083eHhUMDEzUTN0VG56b1JaTkRHM0lhekVHblpBY2UrTlNDNDNzVFA0dHZpK0Nyay9sd1IwOEVRVDlOUDZUZ3BxNXpKeEViZEVJUXpoTDVsMDRRSjNKSGdnamV1QkljOXE2Ylp5SXdyc1AxVHQ2M0p6cHdERkxBRzRNRVhHM3VXSzVZTE9QN0l3SjZLcDZFK3poYVpqYUZJWTVKcUkvdi9FdjFUL3pLZ3hOUW9heGNZSDhBRTQwTFJYQWErVk8valU1dk5kdGF2SEFBUDQrU1ppTEtSUjlGYnhXencxd2owR1FLcWRZU2t6bU1QSFFBQU5hS04rdmhwRjZ3VnZFVnZkU0JXc0xKZnVtZi9COHhKbzZZWk5seUpSbUlyTURBTUNxdG5TYlNwbTZnSlJheHhML2Uyc29QbDZ2VXdwZ3N2OEkxbUljS1lmTHRlakt3VjRXREd5amYybHZvK29SdHhyTU9SNE5xNWNwRHBONkRHNlcxN2FqazhzN2ZFR0JPN1cxcFh6MVlXN1Y2TjgvaTV6M05kWExOcjkreExrWVN6a0NTR0tSb2hJQk9iRnIxK3VlbURpajVmZEhkZXpWbTY5aVdQZUR2aDJvK3JaS0NGOVl6Z0tIeGVrK1hmZUxiamVHREZNejBlNk5GZk03bW1lV1JZUzFNc25uK3pQNnI2cHQ3K1dReUYwZjhja2k1anhIM1BrU3B2eXNDK0NlUGFIRThodmVBM3J6Y1UrZ1NlU0FQWFFHY1hCK09GNzkyQThYU21JK2RhbzcxbU4wS2RCVUdGS1N0K2RlMnAzZFRIQTM4YW91VkU2d1Z0UXd1cVFmSmFzd2JjVmNTQU5WVkhiTWxQM0F1aVAxTWdmREFMNDBDU1N1Tjk5WGR2a1ZKMXNMODJhZDlkL1N3SDN6OHMremdIdDZCZTNFWS9aVEYvcjRXVG9kSVArK1JCcm50aEp6RGZwdkhjdmdGZmtuUTJoKzZMVTVwMXhvb21aeU1wUEtOZmdSL01lTk9vd3FrdkZxM2dDSFp0SlJ1QTVMaGVKb3g0ZXI4OXRFQks0Tll2eHp1RnhkaVM5UWRpSERBT1hWWjA3bXBtM1cxUkpybkE1anBNdjBzRHVOUFkvbStlakYwc2N3a3lmNFVjRU9DdjFnTTF2akYreWRPcVM1Y0MybFBEK1JCWll2L05QU3A2WSttMWFCbUVYS3ZuMEU1cE9QSXZ3QlNjSEVjVy9qaFhPcUpsYjNmc2FOOEpWemNUTWliRWlPdjltM3FaMUhyL3luOTN4REZLN1ZnQmg1aHJSNWhHY1M4MEwwMUpMY0JpcklLMGZPWW5GckJSNzhabjhRUW44OGNtMGMxdFE1SkhnenQ1bnVLNTUwWi9tM0hpMldNaDV3bDF6Sno1TkV2TkR3aHpybU94bHNVNEZDN2gzUDQySFV3aFdHZHBndys2Zzc1T1BJbGppc3hwa3N4WmxRYTIveWU1bGd4YWZRYzNaN1RwanpLQ2VMb2Q5Z0RRb20wT2RqNlM1VkZxTGNZaXFqMzRWUjRNRFplRW41TUFpU1BZVW5rQUk4TWtHMVZIT3VhaWJlVXZjVlBtVXRIMmZIcUhUU3BybFVzT3hDUVM3bWxqQUdvYkRyM3RBZEpxY2ZkblBrTVZlU0V2dDBzL1JOZC9jMTY1dnd3cENXV2czdkFmL2NWeEZYRmhQRldhcGpqNW1ub1JveTJIZzh2dmZKaTlIclpiSXhic2g5V1crR2VwZnpCWXhRL0l2RWI5QzQ0NFlreUJGWEF2c3lXaGVxL3J0TVhiTklJMmo0UkF2WEEyc0xkZTZ1cmVSUytmdVBwdHRURlpqd0FtSS9wT3BpSC9nWFVOcVZmbnRMcWV4ZkJWN2dmM0xNMGRHcE5CM1RIU24wMlIrSjVyOGtJMFE2M2JJTmNDMjhrUExDUUhCNk8zUU5OODVFZHlVa0F3TVhOSG45anFwUy9VSVZjdnp5alFBempYTngwd2Y4MUJRS1N1R0p4WS9JdzB0bW8yell3ZitWaWpzKy9iK1Z5NHVxZy92ckhqT0U2V041SllET3dkTnJBVDNIRTNlbHZReXRsazgwZXdCRERoL1QzYm50K0FqS2JtUHExclVzd21lcjJ3MG9aZHErRnpEc1VtclBZaS81UGtqbURMbWd4Rkp5R04weHpBbldwdjI1M2pwa1NCdW5xT3RYRjYrSTJ5aldNaFlHQ3hoN25kR3M5QXI3eHVkSlBNQWp6YVNEbzNYbFNtQXNnbFkxRGsvek50emxrZGMwTjRteVZGaGdDb1ozekIyNmZOVGsyM3RGOWJTSFBuYk44NFpaV05VdWs2MFUwU1BiY2pZUHI2U0tNTnEzOGtCTjVsRFUybTNXQ2owM0gyU29tOFNtWFlGdG9FcGZSb2ZKajltWmUvQUplMktxR3FOSE9RSFU1UldzU2JrWE1IM3VNOTJjU3ZjTmNYMGtuclNudUVFUGVpOEZXS2FnVFJTVm8rdzhEY3p4OVY2Q2JCemFkWWR5c0pFQ3Zrb0lEZ0xRQmJyWFhvVEMzT1FEaUxVdkVDbFBlSU1EMzhLREhxTEplOFVUSS9QSW9ONTFMTTZJVVVvOGJmUTJuTklWMGttZ1gwK1E0SW41UEhPMFlwaEh0OWR5WXVaV3I0cE9wZmVjR1RTRFB4TldxV2xvWVAreFFMWDkwRW5LNm1wTjVYTDFIQ0VqaUxFNjBUcXJsZUFLcmNhSnNzaDdSb3o5cVFWS2syRjcxQ2FLcGhQNkdaR09EZzhlelpFbXhGblVDc29USGREU2M4YzdULzV6UzA2eEZSSVcwSVRiMnJHWmppdnhYU0JjZ3BRSFNBZlZDWUtmVzVBREhWL1FoZVNNWDdtZGtBZ0YvbVZxUldvVGZRcGdsZFUxZUYrT0RTeUdoN083US9MTUh2Y3BxTzdXREpha2pXdjZaa0xMWFpvd3lJRUY3cDlEVmZhQ2ord1h4UWR0TFg4eHlKSFJZTHRybnRBZDNsODArYnlVYmw0SEdtVkNqTkVMMm5Xa1hzQ1Y3eUVsV0xLM2N1ek1MR1FDTWtOZFl0NHRlVHJOYkFOaWpScFVxelBrUExsVGdHanRvUGxzVnh1TkRXUFN1T1FBb2dzdUlYN01Db0wydmFITTB3MERTcjQwdnd6WXNzV2ZWN1FBSGIramVPQ2VwUWtTdWQzckwrcUF6VXZrcUQ3VVFBNUFZQWtMM1ppbVJvRFZCWVlUeDF5RFZOQXEyT1pySzBiUG5FclNGU2ozOG1FNmFwS3V4YWVHWHR0S2NkYVJDWUd5UCtXZit3TnU3alkwZEw1WTYreThjajNRMlZPamY4bytmamo3alZLaDRNc0RSbUtUd0R2VHR1VERma1hsMmZPOXBtemNMQmtWbWxDSzAxczJBcnJ3ck9CUnJmbE0veGNIMm9HUkRyTzNnSU9WK3JhMWNWSzdPNDlGNjdmbytuSm5ZV0s5Qno2aG90Ri9lMXEvdVVSU3d4L1lDN2Y4MGlqa21ieVpSZFk5MkxHM0RZMGFIOGNpS3pIK3hzMmkweld6RWpLWkdPaFREU1pjdWNnZWJuUi8xR0JlRy84RXVEYksxcWppSGhoaGErNVV3QmNwaW9JMFhORXJiTUVOSnZVdEpYcEtmd3FiUXg5MnZuUDJVY1plSUJ5WWE0YS9OUVEySWYrYXlGTFZpdEJiL1FNOGF4dUJyODBUbnIzZzUxVjYwQWRBUUZ3T1Q0K3Zkc0V5UnlzenN5bGgrckhlaEp1RHdncWJIMVBIODIyOVVaWWFqYjBpbEhSZUlKV1gxY0NFaTBzTVhEdTJJT2hCbXpOMzBhRFZSUkdNNHZKdU1ueEhYak1FQ2pvTjhkQUNQSnN2aTdNc0JqMHRkNjdKRDVxRVJjUkZBdk14QkF2Z1VmUmxXQUFtNXdzTUFmSGx0OFV6bkcyTGxXWEczQjcxYkoyUWhrbUpZendiemVjYzRiQ1dPQzBTalhIL3QvSTU5SHd0WlBFVHpITE9XOVpBMk1ZalVYRHpGc2xFbW5sdm9RT0EvcVlMT2dVY05ZVStDWDE0T3BCbjMzSHZEczZTeVBpb0VLdEJlTHp5Q21EWGgrdHlKWTUwZ1ppVVA2d3ovL04wdDBtM1JTTWtFcWVCYU1taWxGZjhIakdja1RXT2RQd1hqUjQvWmU0RUJ2ZG9aTzF0QjQvNHA0SSt2aTFzWTR3Y1JVZFlvbW54bWVaaG9RdnF0UFZmTTdtM1ZVaVM2Yktqd1Jpd2Y4PC94ZW5jOkNpcGhlclZhbHVlPg0KICAgPC94ZW5jOkNpcGhlckRhdGE+DQo8L3hlbmM6RW5jcnlwdGVkRGF0YT48L3NhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
8 changes: 8 additions & 0 deletions tests/src/OneLogin/Saml2/ResponseTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1813,4 +1813,12 @@ public function testIsValidSignUsingX509certMulti()
$response = new OneLogin_Saml2_Response($settings, $xml);
$this->assertTrue($response->isValid());
}

public function testCanGetEncryptedNameIdInEncryptedAssertion()
{
$xml = file_get_contents(TEST_ROOT . '/data/responses/response_encrypted_nameid_encrypted_assertion2.xml.base64');
$response = new OneLogin_Saml2_Response($this->_settings, $xml);
$this->assertTrue($response->isValid());
$this->assertEquals('492882615acf31c8096b627245d76ae53036c090', $response->getNameId());
}
}

0 comments on commit 78bc99c

Please sign in to comment.