Prvním krokem je získání informací z metadat IdP
V dokumentaci je uveden odkaz na metadata NIA IdP FederationMetadata.xml
Více informací o NIA IdP metadatech je uvedeno na stránce IdP - Úvod
<?php
// použijeme knihovnu simplesamlphp/saml2 z https://github.com/simplesamlphp/saml2
use SAML2\XML\md\EntityDescriptor;
use SAML2\DOMDocumentFactory;
$metadata_url = "https://tnia.identitaobcana.cz/FPSTS/FederationMetadata/2007-06/FederationMetadata.xml";
$metadata_string = file_get_contents($metadata_url);
$metadata_dom = DOMDocumentFactory::fromString($metadata_string);
$metadata = new EntityDescriptor($metadata_dom->documentElement);
// také lze využít metodu DOMDocumentFactory::fromFile($filepath); pokud máte metadata stažena lokálně
Objekt následovně obsahuje tato data:EntityDescriptor {#96
#signatureKey: null
#certificates: array:1 [
0 => "MIIH0jCCBbqgAwIBAgIEAV0YjTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEXMBUGA1UEYRMOTlRSQ1otNDcxMTQ5ODMxHTAbBgNVBAoMFMSMZXNrw6EgcG/FoXRhLCBzLnAuMSIwIAYDVQQDExlQb3N0U2lnbnVtIFF1YWxpZmllZCBDQSA0MB4XDTIzMDMyODEyMDMyNFoXDTI0MDQxNjEyMDMyNFoweTELMAkGA1UEBhMCQ1oxFzAVBgNVBGETDk5UUkNaLTcyMDU0NTA2MScwJQYDVQQKDB5TcHLDoXZhIHrDoWtsYWRuw61jaCByZWdpc3Ryxa8xFjAUBgNVBAMMDUdHX0ZQU1RTX1RFU1QxEDAOBgNVBAUTB1MyNzU3MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB4/CorRF9irYIIkTrOUUj4dEq1zLdjD//D7DNuxPmaRtYsdAHqdJqnsDrp9JFO9H38iR8S4cvlMefANjcyBfDT1jNE97z1cw8RP2lJUdRykaFmXNK+xuf93fcozt0mIXbVmAf0LPt3doJhLCc+JBwvqeEeOJgkAwzP7Qw/poOG6iD+4QMgiEnQ5q1oHnQeLbuB1U0JKoGJRGf6kjgDWIPPE3B9it2rSuGMJ6rlS5DkqIAO/yGO5UrBOULSlYMQxwV/6KuO/aXk+1nDIbTqtykgphbqevC/Rhft8VLuI1EvGgrbARp7Ti2NKguEP3pvCccTF8thwXi2s06G2Dg51ghAgMBAAGjggNwMIIDbDCCASYGA1UdIASCAR0wggEZMIIBCgYJZ4EGAQQBEoFIMIH8MIHTBggrBgEFBQcCAjCBxhqBw1RlbnRvIGt2YWxpZmlrb3ZhbnkgY2VydGlmaWthdCBwcm8gZWxla3Ryb25pY2tvdSBwZWNldCBieWwgdnlkYW4gdiBzb3VsYWR1IHMgbmFyaXplbmltIEVVIGMuIDkxMC8yMDE0LlRoaXMgaXMgYSBxdWFsaWZpZWQgY2VydGlmaWNhdGUgZm9yIGVsZWN0cm9uaWMgc2VhbCBhY2NvcmRpbmcgdG8gUmVndWxhdGlvbiAoRVUpIE5vIDkxMC8yMDE0LjAkBggrBgEFBQcCARYYaHR0cDovL3d3dy5wb3N0c2lnbnVtLmN6MAkGBwQAi+xAAQEwgZsGCCsGAQUFBwEDBIGOMIGLMAgGBgQAjkYBATBqBgYEAI5GAQUwYDAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bkcy9wZHNfZW4ucGRmEwJlbjAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bkcy9wZHNfY3MucGRmEwJjczATBgYEAI5GAQYwCQYHBACORgEGAjB9BggrBgEFBQcBAQRxMG8wOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQucG9zdHNpZ251bS5jei9jcnQvcHNxdWFsaWZpZWRjYTQuY3J0MDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5wb3N0c2lnbnVtLmN6L09DU1AvUUNBNC8wDgYDVR0PAQH/BAQDAgXgMB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMB8GA1UdIwQYMBaAFA8ofD42ADgQUK49uCGXi/dgXGF4MIGxBgNVHR8EgakwgaYwNaAzoDGGL2h0dHA6Ly9jcmwucG9zdHNpZ251bS5jei9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMDagNKAyhjBodHRwOi8vY3JsMi5wb3N0c2lnbnVtLmN6L2NybC9wc3F1YWxpZmllZGNhNC5jcmwwNaAzoDGGL2h0dHA6Ly9jcmwucG9zdHNpZ251bS5ldS9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMB0GA1UdDgQWBBQzXA9iKKnMw1cGd+Z3fefm6sk/sDANBgkqhkiG9w0BAQsFAAOCAgEAVSRQgSbL5NhaBxokAl/mIy2PcZFfUVOvDzBrqSZrdm+orcEJzpaGUb8E7W8cjL0k2XcrqAGmT9tZA7H6AiS6OtDP0JXwhyfeNvqGVe6p6+BGlKRAyKqUzjYx3bY5VHExef/HL5MD7PDsyy8WfJw05NdZHuSRBpbxkBlrBlJ7pMM58JVu1GGdDCWxPIDPHDohd5uaf3nCZKCOnQGRBr9UWZKsAY9n+990C/0vCW+FtW69TA4eZgW2qGnkQWBq1IGz62/Ii61VlqFvFUFgyLJCpT7z79vNWAls7q3+LNeF0AdwyqOqcPjJY3QS6yprynQbwLx6P2DTRAupEr2CQ4FEbZIIAjGn6bXeIEbLEWXy8IMOFwBWUzkHpXqpANEiRqphVLgUnRxjdAjUGYq+ZXQI6ViqjP9UplXuFQXDJ1+2M3eZGE4yKHebEnRRuA9IXvn65KvqWJoiZk+2vLvVqAelDYpWpspeEyUa88KawbH3RSRj0BByPnijH+kcxZ38hd/s8X6eKwGiw7+5LpaDtLsX7Z9kluVUIikT9042X+dQClxB++d751AZsqaVYAGvySS3yLjF4mR/d6cim40i+mtTtwnOt6Mqp8Z4vOkWwEdjwC1oFPBq7ngNayycszZ9tbylV6A+tlfv8+ZrluoTztrfjL67gDu+boPiw18O0YYlmDE="
]
-validators: array:1 [
0 => array:2 [
"Function" => array:2 [
0 => "SAML2\Utils"
1 => "validateSignature"
]
"Data" => array:2 [
"Signature" => XMLSecurityDSig {#94
+sigNode: DOMElement {#99
+schemaTypeInfo: null
+nodeName: "Signature"
+nodeValue: ""
+nodeType: XML_ELEMENT_NODE
+parentNode: null
+childNodes: DOMNodeList {#176
+length: 3
}
+firstChild: DOMElement {#178 …}
+lastChild: DOMElement {#180 …}
+previousSibling: null
+nextSibling: null
+attributes: DOMNamedNodeMap {#183
+length: 0
}
+ownerDocument: DOMDocument {#185 …}
+namespaceURI: "http://www.w3.org/2000/09/xmldsig#"
+prefix: ""
+localName: "Signature"
+baseURI: "/nix/store/dhds8frdd8d0354v9ydd6nkxgc4aw4s7-nia.otevrenamesta.cz/webroot/"
+textContent: ""
+tagName: "Signature"
}
+idKeys: array:1 [
0 => "ID"
]
+idNS: []
-signedInfo: "<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod><Reference URI="#_44816f8a-9878-4f84-bdc4-3127a93cdfe1"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>+dbYf2bx79MS29kXb7HylUaRbEg1Q3cy27lTxTiZS8I=</DigestValue></Reference></SignedInfo>"
-xPathCtx: DOMXPath {#98
+document: DOMDocument {#185 …}
}
-canonicalMethod: null
-prefix: "ds:"
-searchpfx: "secdsig"
-validatedNodes: array:1 [
"_44816f8a-9878-4f84-bdc4-3127a93cdfe1" => DOMElement {#95
+schemaTypeInfo: null
+nodeName: "EntityDescriptor"
+nodeValue: ""
+nodeType: XML_ELEMENT_NODE
+parentNode: DOMNamedNodeMap {#183}
+childNodes: DOMNodeList {#182
+length: 3
}
+firstChild: DOMText {#179 …}
+lastChild: DOMElement {#180 …}
+previousSibling: DOMElement {#178 …}
+nextSibling: DOMNodeList {#176}
+attributes: DOMNamedNodeMap {#175
+length: 2
}
+ownerDocument: DOMNamedNodeMap {#183}
+namespaceURI: "urn:oasis:names:tc:SAML:2.0:metadata"
+prefix: ""
+localName: "EntityDescriptor"
+baseURI: "/nix/store/dhds8frdd8d0354v9ydd6nkxgc4aw4s7-nia.otevrenamesta.cz/webroot/"
+textContent: ""
+tagName: "EntityDescriptor"
}
]
}
"Certificates" => array:1 [
0 => "MIIH0jCCBbqgAwIBAgIEAV0YjTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEXMBUGA1UEYRMOTlRSQ1otNDcxMTQ5ODMxHTAbBgNVBAoMFMSMZXNrw6EgcG/FoXRhLCBzLnAuMSIwIAYDVQQDExlQb3N0U2lnbnVtIFF1YWxpZmllZCBDQSA0MB4XDTIzMDMyODEyMDMyNFoXDTI0MDQxNjEyMDMyNFoweTELMAkGA1UEBhMCQ1oxFzAVBgNVBGETDk5UUkNaLTcyMDU0NTA2MScwJQYDVQQKDB5TcHLDoXZhIHrDoWtsYWRuw61jaCByZWdpc3Ryxa8xFjAUBgNVBAMMDUdHX0ZQU1RTX1RFU1QxEDAOBgNVBAUTB1MyNzU3MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB4/CorRF9irYIIkTrOUUj4dEq1zLdjD//D7DNuxPmaRtYsdAHqdJqnsDrp9JFO9H38iR8S4cvlMefANjcyBfDT1jNE97z1cw8RP2lJUdRykaFmXNK+xuf93fcozt0mIXbVmAf0LPt3doJhLCc+JBwvqeEeOJgkAwzP7Qw/poOG6iD+4QMgiEnQ5q1oHnQeLbuB1U0JKoGJRGf6kjgDWIPPE3B9it2rSuGMJ6rlS5DkqIAO/yGO5UrBOULSlYMQxwV/6KuO/aXk+1nDIbTqtykgphbqevC/Rhft8VLuI1EvGgrbARp7Ti2NKguEP3pvCccTF8thwXi2s06G2Dg51ghAgMBAAGjggNwMIIDbDCCASYGA1UdIASCAR0wggEZMIIBCgYJZ4EGAQQBEoFIMIH8MIHTBggrBgEFBQcCAjCBxhqBw1RlbnRvIGt2YWxpZmlrb3ZhbnkgY2VydGlmaWthdCBwcm8gZWxla3Ryb25pY2tvdSBwZWNldCBieWwgdnlkYW4gdiBzb3VsYWR1IHMgbmFyaXplbmltIEVVIGMuIDkxMC8yMDE0LlRoaXMgaXMgYSBxdWFsaWZpZWQgY2VydGlmaWNhdGUgZm9yIGVsZWN0cm9uaWMgc2VhbCBhY2NvcmRpbmcgdG8gUmVndWxhdGlvbiAoRVUpIE5vIDkxMC8yMDE0LjAkBggrBgEFBQcCARYYaHR0cDovL3d3dy5wb3N0c2lnbnVtLmN6MAkGBwQAi+xAAQEwgZsGCCsGAQUFBwEDBIGOMIGLMAgGBgQAjkYBATBqBgYEAI5GAQUwYDAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bkcy9wZHNfZW4ucGRmEwJlbjAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bkcy9wZHNfY3MucGRmEwJjczATBgYEAI5GAQYwCQYHBACORgEGAjB9BggrBgEFBQcBAQRxMG8wOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQucG9zdHNpZ251bS5jei9jcnQvcHNxdWFsaWZpZWRjYTQuY3J0MDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5wb3N0c2lnbnVtLmN6L09DU1AvUUNBNC8wDgYDVR0PAQH/BAQDAgXgMB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMB8GA1UdIwQYMBaAFA8ofD42ADgQUK49uCGXi/dgXGF4MIGxBgNVHR8EgakwgaYwNaAzoDGGL2h0dHA6Ly9jcmwucG9zdHNpZ251bS5jei9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMDagNKAyhjBodHRwOi8vY3JsMi5wb3N0c2lnbnVtLmN6L2NybC9wc3F1YWxpZmllZGNhNC5jcmwwNaAzoDGGL2h0dHA6Ly9jcmwucG9zdHNpZ251bS5ldS9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMB0GA1UdDgQWBBQzXA9iKKnMw1cGd+Z3fefm6sk/sDANBgkqhkiG9w0BAQsFAAOCAgEAVSRQgSbL5NhaBxokAl/mIy2PcZFfUVOvDzBrqSZrdm+orcEJzpaGUb8E7W8cjL0k2XcrqAGmT9tZA7H6AiS6OtDP0JXwhyfeNvqGVe6p6+BGlKRAyKqUzjYx3bY5VHExef/HL5MD7PDsyy8WfJw05NdZHuSRBpbxkBlrBlJ7pMM58JVu1GGdDCWxPIDPHDohd5uaf3nCZKCOnQGRBr9UWZKsAY9n+990C/0vCW+FtW69TA4eZgW2qGnkQWBq1IGz62/Ii61VlqFvFUFgyLJCpT7z79vNWAls7q3+LNeF0AdwyqOqcPjJY3QS6yprynQbwLx6P2DTRAupEr2CQ4FEbZIIAjGn6bXeIEbLEWXy8IMOFwBWUzkHpXqpANEiRqphVLgUnRxjdAjUGYq+ZXQI6ViqjP9UplXuFQXDJ1+2M3eZGE4yKHebEnRRuA9IXvn65KvqWJoiZk+2vLvVqAelDYpWpspeEyUa88KawbH3RSRj0BByPnijH+kcxZ38hd/s8X6eKwGiw7+5LpaDtLsX7Z9kluVUIikT9042X+dQClxB++d751AZsqaVYAGvySS3yLjF4mR/d6cim40i+mtTtwnOt6Mqp8Z4vOkWwEdjwC1oFPBq7ngNayycszZ9tbylV6A+tlfv8+ZrluoTztrfjL67gDu+boPiw18O0YYlmDE="
]
]
]
]
+validUntil: null
+cacheDuration: null
-entityID: "urn:microsoft:cgg2010:fpsts"
-ID: "_44816f8a-9878-4f84-bdc4-3127a93cdfe1"
-Extensions: []
-RoleDescriptor: array:2 [
0 => UnknownRoleDescriptor {#103
#signatureKey: null
#certificates: []
-validators: []
+validUntil: null
+cacheDuration: null
-elementName: "md:RoleDescriptor"
-ID: null
-protocolSupportEnumeration: array:1 [
0 => "http://docs.oasis-open.org/wsfed/federation/200706"
]
-errorURL: null
-Extensions: []
-KeyDescriptor: array:1 [
0 => KeyDescriptor {#105
-use: "signing"
-KeyInfo: KeyInfo {#101
-Id: null
-info: array:1 [
0 => X509Data {#111
-data: array:1 [
0 => X509Certificate {#113
-certificate: "MIIH0jCCBbqgAwIBAgIEAV0YjTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEXMBUGA1UEYRMOTlRSQ1otNDcxMTQ5ODMxHTAbBgNVBAoMFMSMZXNrw6EgcG/FoXRhLCBzLnAuMSIwIAYDVQQDExlQb3N0U2lnbnVtIFF1YWxpZmllZCBDQSA0MB4XDTIzMDMyODEyMDMyNFoXDTI0MDQxNjEyMDMyNFoweTELMAkGA1UEBhMCQ1oxFzAVBgNVBGETDk5UUkNaLTcyMDU0NTA2MScwJQYDVQQKDB5TcHLDoXZhIHrDoWtsYWRuw61jaCByZWdpc3Ryxa8xFjAUBgNVBAMMDUdHX0ZQU1RTX1RFU1QxEDAOBgNVBAUTB1MyNzU3MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB4/CorRF9irYIIkTrOUUj4dEq1zLdjD//D7DNuxPmaRtYsdAHqdJqnsDrp9JFO9H38iR8S4cvlMefANjcyBfDT1jNE97z1cw8RP2lJUdRykaFmXNK+xuf93fcozt0mIXbVmAf0LPt3doJhLCc+JBwvqeEeOJgkAwzP7Qw/poOG6iD+4QMgiEnQ5q1oHnQeLbuB1U0JKoGJRGf6kjgDWIPPE3B9it2rSuGMJ6rlS5DkqIAO/yGO5UrBOULSlYMQxwV/6KuO/aXk+1nDIbTqtykgphbqevC/Rhft8VLuI1EvGgrbARp7Ti2NKguEP3pvCccTF8thwXi2s06G2Dg51ghAgMBAAGjggNwMIIDbDCCASYGA1UdIASCAR0wggEZMIIBCgYJZ4EGAQQBEoFIMIH8MIHTBggrBgEFBQcCAjCBxhqBw1RlbnRvIGt2YWxpZmlrb3ZhbnkgY2VydGlmaWthdCBwcm8gZWxla3Ryb25pY2tvdSBwZWNldCBieWwgdnlkYW4gdiBzb3VsYWR1IHMgbmFyaXplbmltIEVVIGMuIDkxMC8yMDE0LlRoaXMgaXMgYSBxdWFsaWZpZWQgY2VydGlmaWNhdGUgZm9yIGVsZWN0cm9uaWMgc2VhbCBhY2NvcmRpbmcgdG8gUmVndWxhdGlvbiAoRVUpIE5vIDkxMC8yMDE0LjAkBggrBgEFBQcCARYYaHR0cDovL3d3dy5wb3N0c2lnbnVtLmN6MAkGBwQAi+xAAQEwgZsGCCsGAQUFBwEDBIGOMIGLMAgGBgQAjkYBATBqBgYEAI5GAQUwYDAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bkcy9wZHNfZW4ucGRmEwJlbjAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bkcy9wZHNfY3MucGRmEwJjczATBgYEAI5GAQYwCQYHBACORgEGAjB9BggrBgEFBQcBAQRxMG8wOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQucG9zdHNpZ251bS5jei9jcnQvcHNxdWFsaWZpZWRjYTQuY3J0MDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5wb3N0c2lnbnVtLmN6L09DU1AvUUNBNC8wDgYDVR0PAQH/BAQDAgXgMB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMB8GA1UdIwQYMBaAFA8ofD42ADgQUK49uCGXi/dgXGF4MIGxBgNVHR8EgakwgaYwNaAzoDGGL2h0dHA6Ly9jcmwucG9zdHNpZ251bS5jei9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMDagNKAyhjBodHRwOi8vY3JsMi5wb3N0c2lnbnVtLmN6L2NybC9wc3F1YWxpZmllZGNhNC5jcmwwNaAzoDGGL2h0dHA6Ly9jcmwucG9zdHNpZ251bS5ldS9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMB0GA1UdDgQWBBQzXA9iKKnMw1cGd+Z3fefm6sk/sDANBgkqhkiG9w0BAQsFAAOCAgEAVSRQgSbL5NhaBxokAl/mIy2PcZFfUVOvDzBrqSZrdm+orcEJzpaGUb8E7W8cjL0k2XcrqAGmT9tZA7H6AiS6OtDP0JXwhyfeNvqGVe6p6+BGlKRAyKqUzjYx3bY5VHExef/HL5MD7PDsyy8WfJw05NdZHuSRBpbxkBlrBlJ7pMM58JVu1GGdDCWxPIDPHDohd5uaf3nCZKCOnQGRBr9UWZKsAY9n+990C/0vCW+FtW69TA4eZgW2qGnkQWBq1IGz62/Ii61VlqFvFUFgyLJCpT7z79vNWAls7q3+LNeF0AdwyqOqcPjJY3QS6yprynQbwLx6P2DTRAupEr2CQ4FEbZIIAjGn6bXeIEbLEWXy8IMOFwBWUzkHpXqpANEiRqphVLgUnRxjdAjUGYq+ZXQI6ViqjP9UplXuFQXDJ1+2M3eZGE4yKHebEnRRuA9IXvn65KvqWJoiZk+2vLvVqAelDYpWpspeEyUa88KawbH3RSRj0BByPnijH+kcxZ38hd/s8X6eKwGiw7+5LpaDtLsX7Z9kluVUIikT9042X+dQClxB++d751AZsqaVYAGvySS3yLjF4mR/d6cim40i+mtTtwnOt6Mqp8Z4vOkWwEdjwC1oFPBq7ngNayycszZ9tbylV6A+tlfv8+ZrluoTztrfjL67gDu+boPiw18O0YYlmDE="
}
]
}
]
}
-EncryptionMethod: []
}
]
-Organization: null
-ContactPerson: []
-xml: Chunk {#106
-localName: "RoleDescriptor"
-namespaceURI: "urn:oasis:names:tc:SAML:2.0:metadata"
-xml: DOMElement {#108
+schemaTypeInfo: null
+nodeName: "RoleDescriptor"
+nodeValue: ""
+nodeType: XML_ELEMENT_NODE
+parentNode: null
+childNodes: DOMNodeList {#156
+length: 5
}
+firstChild: DOMElement {#158 …}
+lastChild: DOMElement {#160 …}
+previousSibling: null
+nextSibling: null
+attributes: DOMNamedNodeMap {#163
+length: 2
}
+ownerDocument: DOMDocument {#165 …}
+namespaceURI: "urn:oasis:names:tc:SAML:2.0:metadata"
+prefix: ""
+localName: "RoleDescriptor"
+baseURI: null
+textContent: ""
+tagName: "RoleDescriptor"
}
}
}
1 => IDPSSODescriptor {#104
#signatureKey: null
#certificates: []
-validators: []
+validUntil: null
+cacheDuration: null
-elementName: "md:IDPSSODescriptor"
-ID: null
-protocolSupportEnumeration: array:1 [
0 => "urn:oasis:names:tc:SAML:2.0:protocol"
]
-errorURL: null
-Extensions: []
-KeyDescriptor: array:1 [
0 => KeyDescriptor {#110
-use: "signing"
-KeyInfo: KeyInfo {#114
-Id: null
-info: array:1 [
0 => X509Data {#118
-data: array:1 [
0 => X509Certificate {#120
-certificate: "MIIH0jCCBbqgAwIBAgIEAV0YjTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEXMBUGA1UEYRMOTlRSQ1otNDcxMTQ5ODMxHTAbBgNVBAoMFMSMZXNrw6EgcG/FoXRhLCBzLnAuMSIwIAYDVQQDExlQb3N0U2lnbnVtIFF1YWxpZmllZCBDQSA0MB4XDTIzMDMyODEyMDMyNFoXDTI0MDQxNjEyMDMyNFoweTELMAkGA1UEBhMCQ1oxFzAVBgNVBGETDk5UUkNaLTcyMDU0NTA2MScwJQYDVQQKDB5TcHLDoXZhIHrDoWtsYWRuw61jaCByZWdpc3Ryxa8xFjAUBgNVBAMMDUdHX0ZQU1RTX1RFU1QxEDAOBgNVBAUTB1MyNzU3MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB4/CorRF9irYIIkTrOUUj4dEq1zLdjD//D7DNuxPmaRtYsdAHqdJqnsDrp9JFO9H38iR8S4cvlMefANjcyBfDT1jNE97z1cw8RP2lJUdRykaFmXNK+xuf93fcozt0mIXbVmAf0LPt3doJhLCc+JBwvqeEeOJgkAwzP7Qw/poOG6iD+4QMgiEnQ5q1oHnQeLbuB1U0JKoGJRGf6kjgDWIPPE3B9it2rSuGMJ6rlS5DkqIAO/yGO5UrBOULSlYMQxwV/6KuO/aXk+1nDIbTqtykgphbqevC/Rhft8VLuI1EvGgrbARp7Ti2NKguEP3pvCccTF8thwXi2s06G2Dg51ghAgMBAAGjggNwMIIDbDCCASYGA1UdIASCAR0wggEZMIIBCgYJZ4EGAQQBEoFIMIH8MIHTBggrBgEFBQcCAjCBxhqBw1RlbnRvIGt2YWxpZmlrb3ZhbnkgY2VydGlmaWthdCBwcm8gZWxla3Ryb25pY2tvdSBwZWNldCBieWwgdnlkYW4gdiBzb3VsYWR1IHMgbmFyaXplbmltIEVVIGMuIDkxMC8yMDE0LlRoaXMgaXMgYSBxdWFsaWZpZWQgY2VydGlmaWNhdGUgZm9yIGVsZWN0cm9uaWMgc2VhbCBhY2NvcmRpbmcgdG8gUmVndWxhdGlvbiAoRVUpIE5vIDkxMC8yMDE0LjAkBggrBgEFBQcCARYYaHR0cDovL3d3dy5wb3N0c2lnbnVtLmN6MAkGBwQAi+xAAQEwgZsGCCsGAQUFBwEDBIGOMIGLMAgGBgQAjkYBATBqBgYEAI5GAQUwYDAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bkcy9wZHNfZW4ucGRmEwJlbjAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bkcy9wZHNfY3MucGRmEwJjczATBgYEAI5GAQYwCQYHBACORgEGAjB9BggrBgEFBQcBAQRxMG8wOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQucG9zdHNpZ251bS5jei9jcnQvcHNxdWFsaWZpZWRjYTQuY3J0MDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5wb3N0c2lnbnVtLmN6L09DU1AvUUNBNC8wDgYDVR0PAQH/BAQDAgXgMB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMB8GA1UdIwQYMBaAFA8ofD42ADgQUK49uCGXi/dgXGF4MIGxBgNVHR8EgakwgaYwNaAzoDGGL2h0dHA6Ly9jcmwucG9zdHNpZ251bS5jei9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMDagNKAyhjBodHRwOi8vY3JsMi5wb3N0c2lnbnVtLmN6L2NybC9wc3F1YWxpZmllZGNhNC5jcmwwNaAzoDGGL2h0dHA6Ly9jcmwucG9zdHNpZ251bS5ldS9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMB0GA1UdDgQWBBQzXA9iKKnMw1cGd+Z3fefm6sk/sDANBgkqhkiG9w0BAQsFAAOCAgEAVSRQgSbL5NhaBxokAl/mIy2PcZFfUVOvDzBrqSZrdm+orcEJzpaGUb8E7W8cjL0k2XcrqAGmT9tZA7H6AiS6OtDP0JXwhyfeNvqGVe6p6+BGlKRAyKqUzjYx3bY5VHExef/HL5MD7PDsyy8WfJw05NdZHuSRBpbxkBlrBlJ7pMM58JVu1GGdDCWxPIDPHDohd5uaf3nCZKCOnQGRBr9UWZKsAY9n+990C/0vCW+FtW69TA4eZgW2qGnkQWBq1IGz62/Ii61VlqFvFUFgyLJCpT7z79vNWAls7q3+LNeF0AdwyqOqcPjJY3QS6yprynQbwLx6P2DTRAupEr2CQ4FEbZIIAjGn6bXeIEbLEWXy8IMOFwBWUzkHpXqpANEiRqphVLgUnRxjdAjUGYq+ZXQI6ViqjP9UplXuFQXDJ1+2M3eZGE4yKHebEnRRuA9IXvn65KvqWJoiZk+2vLvVqAelDYpWpspeEyUa88KawbH3RSRj0BByPnijH+kcxZ38hd/s8X6eKwGiw7+5LpaDtLsX7Z9kluVUIikT9042X+dQClxB++d751AZsqaVYAGvySS3yLjF4mR/d6cim40i+mtTtwnOt6Mqp8Z4vOkWwEdjwC1oFPBq7ngNayycszZ9tbylV6A+tlfv8+ZrluoTztrfjL67gDu+boPiw18O0YYlmDE="
}
]
}
]
}
-EncryptionMethod: []
}
]
-Organization: null
-ContactPerson: []
-ArtifactResolutionService: []
-SingleLogoutService: array:1 [
0 => EndpointType {#112
-Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-Location: "https://tnia.identitaobcana.cz/FPSTS/saml2/basic"
-ResponseLocation: null
-attributes: []
}
]
-ManageNameIDService: []
-NameIDFormat: []
-WantAuthnRequestsSigned: null
-SingleSignOnService: array:2 [
0 => EndpointType {#116
-Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-Location: "https://tnia.identitaobcana.cz/FPSTS/saml2/basic"
-ResponseLocation: null
-attributes: []
}
1 => EndpointType {#122
-Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-Location: "https://tnia.identitaobcana.cz/FPSTS/saml2/basic"
-ResponseLocation: null
-attributes: []
}
]
-NameIDMappingService: []
-AssertionIDRequestService: []
-AttributeProfile: []
-Attribute: []
}
]
-AffiliationDescriptor: null
-Organization: null
-ContactPerson: []
-AdditionalMetadataLocation: []
}
<?php
use RobRichards\XMLSecLibs\XMLSecurityKey;
// soubor s certifikátem bychom měli mít uložen lokálně, aby validace podpisu proběhla korektně
// na uvedené adrese je uložen NIA certifikát (PEM) z testovacího prostředí
$tnia_cert_data = file_get_contents('https://nia.otevrenamesta.cz/tnia.crt');
// z dat certifikátu vytvoříme klíč
$tnia_key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, ['type' => 'public']);
$tnia_key->loadKey($tnia_cert_data, false, true);
// a použijeme interní metodu EntityDescriptor->validate(XMLSecurityKey $key) pro validaci
$valid = $metadata->validate($tnia_key);
Obsah proměnné valid: true
<?php
use SAML2\Constants;
use SAML2\XML\md\IDPSSODescriptor;
use SAML2\XML\md\EntityDescriptor;
private function extractSSOLoginUrls(EntityDescriptor $idp_descriptor){
$idp_sso_descriptor = false;
foreach ($idp_descriptor->getRoleDescriptor() as $role_descriptor) {
if ($role_descriptor instanceof IDPSSODescriptor) {
$idp_sso_descriptor = $role_descriptor;
}
}
$sso_redirect_login_url = false;
$sso_post_login_url = false;
if ($idp_sso_descriptor instanceof IDPSSODescriptor) {
foreach ($idp_sso_descriptor->getSingleSignOnService() as $descriptorType) {
if ($descriptorType->getBinding() === Constants::BINDING_HTTP_REDIRECT) {
$sso_redirect_login_url = $descriptorType->getLocation();
} else if ($descriptorType->getBinding() === Constants::BINDING_HTTP_POST) {
$sso_post_login_url = $descriptorType->getLocation();
}
}
}
return [Constants::BINDING_HTTP_REDIRECT => $sso_redirect_login_url, Constants::BINDING_HTTP_POST => $sso_post_login_url];
}
$urls = extractSSOLoginUrls($metadata);
$redirect_url = $urls[Constants::BINDING_HTTP_REDIRECT];
$post_url = $urls[Constants::BINDING_HTTP_POST];
Obsah proměnné urls: array:2 [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" => "https://tnia.identitaobcana.cz/FPSTS/saml2/basic" "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" => "https://tnia.identitaobcana.cz/FPSTS/saml2/basic" ]