Support to add SAML token in message and attach pointer to the signature

composer.json

@@ -1,26 +1,25 @@
 {
-	"name" : "robrichards/wse-php",
-	"description" : "Libraries for adding WS-* support to ext/soap in PHP.",
-	"authors" : [{
-			"name" : "Rob Richards",
-			"homepage" : "http://www.cdatazone.org/",
-			"role" : "Main developer"
-		}
-	],
-	"license" : "BSD-3-Clause",
-	"keywords" : [
-		"SOAP",
-		"WS-Addressing",
-		"WS-Security"
-	],
-	"homepage" : "https://github.com/robrichards/wse-php",
-	"autoload" : {
-		"psr-4" : {
-			"RobRichards\\WsePhp\\" : "src"
-		}
-	},
-	"require" : {
-		"php" : ">= 5.3",
-		"robrichards/xmlseclibs" : ">=3.0.4"
-	}
+    "name": "robrichards/wse-php",
+    "description": "Libraries for adding WS-* support to ext/soap in PHP.",
+    "authors": [{
+        "name": "Rob Richards",
+        "homepage": "http://www.cdatazone.org/",
+        "role": "Main developer"
+    }],
+    "license": "BSD-3-Clause",
+    "keywords": [
+        "SOAP",
+        "WS-Addressing",
+        "WS-Security"
+    ],
+    "homepage": "https://github.com/robrichards/wse-php",
+    "autoload": {
+        "psr-4": {
+            "RobRichards\\WsePhp\\": "src"
+        }
+    },
+    "require": {
+        "php": ">= 5.3",
+        "robrichards/xmlseclibs": ">=3.0.4"
+    }
 }

examples/soap-wsse-saml-example.php

@@ -0,0 +1,66 @@
+<?php
+require __DIR__ . '/../vendor/autoload.php';
+
+use RobRichards\WsePhp\WSSESoap;
+use RobRichards\XMLSecLibs\XMLSecurityKey;
+
+define('PRIVATE_KEY', 'priv_key.pem');
+define('CERT_FILE', 'pub_key.pem');
+define('SERVICE_CERT', 'sitekey_pub.cer');
+
+class MySoap extends SoapClient
+{
+    /**
+     * @var string
+     */
+    public $samlToken;
+
+
+    public function __doRequest($request, $location, $saction, $version)
+    {
+        $doc = new DOMDocument('1.0');
+        $doc->loadXML($request);
+
+        $objWSSE = new WSSESoap($doc);
+
+        /* add Timestamp with no expiration timestamp */
+        $objWSSE->signAllHeaders = true;
+        $objWSSE->signBody = true;
+        $objWSSE->addTimestamp();
+
+        /* create new XMLSec Key using AES256_CBC and type is private key */
+        $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
+
+        /* load the private key from file - last arg is bool if key in file (true) or is string (false) */
+        $objKey->loadKey(PRIVATE_KEY, true);
+
+        /* Sign the message - also signs appropiate WS-Security items */
+        $options = array("insertBefore" => false);
+        $objWSSE->signSoapDoc($objKey, $options);
+
+        /* Add SAML Token to the message */
+        $token = $objWSSE->addSamlToken($this->samlToken);
+
+        /* Attach pointer to Signature */
+        $objWSSE->attachTokentoSig($token, true);
+
+        $request = $objWSSE->saveXML();
+
+        $retVal = parent::__doRequest($request, $location, $saction, $version);
+
+        return $retVal;
+    }
+}
+
+$wsdl = '<wsdl location>';
+
+$sc = new MySoap($wsdl);
+$sc->samlToken = '<SAML_TOKEN>';
+
+try {
+    $out = $sc->callmethod(1);
+    var_dump($out);
+} catch (SoapFault $fault) {
+    var_dump($fault);
+}
+

src/WSSESoap.php

@@ -190,7 +190,16 @@ public function addBinaryToken($cert, $isPEMFormat = true, $isDSig = true)
         return $token;
     }
 
-    public function attachTokentoSig($token)
+    public function addSamlToken($samlToken)
+    {
+        $token = dom_import_simplexml(simplexml_load_string($samlToken));
+        $token = $this->soapDoc->importNode($token, true);
+        $security = $this->locateSecurityHeader();
+        $token = $security->insertBefore($token, $security->firstChild);
+        return $token;
+    }
+
+    public function attachTokentoSig($token, $isSamlToken = false)
     {
         if (!($token instanceof DOMElement)) {
             throw new Exception('Invalid parameter: BinarySecurityToken element expected');
@@ -209,9 +218,15 @@ public function attachTokentoSig($token)
 
             $tokenRef = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX.':SecurityTokenReference');
             $keyInfo->appendChild($tokenRef);
-            $reference = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX.':Reference');
-            $reference->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3');
-            $reference->setAttribute('URI', $tokenURI);
+
+            if ($isSamlToken) {
+                $reference = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX.':KeyIdentifier', $token->getAttribute('AssertionID'));
+                $reference->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID');
+            } else {
+                $reference = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX.':Reference');
+                $reference->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3');
+                $reference->setAttribute('URI', $tokenURI);
+            }
             $tokenRef->appendChild($reference);
         } else {
             throw new Exception('Unable to locate digital signature');