Prvním krokem je získání informací z metadat IdP
V dokumentaci je uveden odkaz na metadata NIA IdP FederationMetadata.xml
Více informací o NIA IdP metadatech je uvedeno na stránce IdP - Úvod
<?php
// použijeme knihovnu simplesamlphp/saml2 z https://github.com/simplesamlphp/saml2
use SAML2\XML\md\EntityDescriptor;
use SAML2\DOMDocumentFactory;
$metadata_url = "https://tnia.identitaobcana.cz/FPSTS/FederationMetadata/2007-06/FederationMetadata.xml";
$metadata_string = file_get_contents($metadata_url);
$metadata_dom = DOMDocumentFactory::fromString($metadata_string);
$metadata = new EntityDescriptor($metadata_dom->documentElement);
// také lze využít metodu DOMDocumentFactory::fromFile($filepath); pokud máte metadata stažena lokálně
Objekt následovně obsahuje tato data:EntityDescriptor {#96 #signatureKey: null #certificates: array:1 [ 0 => "MIIIzzCCBregAwIBAgIEAL3zyjANBgkqhkiG9w0BAQsFADCBgTEqMCgGA1UEAwwhSS5DQSBFVSBRdWFsaWZpZWQgQ0EyL1JTQSAwNi8yMDIyMS0wKwYDVQQKDCRQcnZuw60gY2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEucy4xFzAVBgNVBGEMDk5UUkNaLTI2NDM5Mzk1MQswCQYDVQQGEwJDWjAeFw0yNTA0MDIwOTMyMThaFw0yNjA0MDIwOTMyMThaMIGKMSwwKgYDVQQKDCNEaWdpdMOhbG7DrSBhIGluZm9ybWHEjW7DrSBhZ2VudHVyYTEXMBUGA1UEYQwOTlRSQ1otMTc2NTE5MjExGzAZBgNVBAMMEkdHX0ZQU1RTX1RFU1RfU0lHTjELMAkGA1UEBhMCQ1oxFzAVBgNVBAUTDklDQSAtIDEwNzE5MjY5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvq7kS5mG2wha+qMZ6chInzmYBc6Vroqh8wYUMGnS8gRTtCMalT59AQFt0gGWk++A0ohq8vMFTXBM0i3kMwPB+1P+SqK8FWVH2kigjqtvAUPb2QfWzTmpeTOyia/iLfLpgs1QfZJKjIoHQn2y58PMywStpL4pJCMF2MYCJI3NUIC93VlN10GVbsqxKQcviC84dy8VLouysBRDmsAWbAq/aUv6iN8X5s6DBpSKJk1vlMZgSwfmvmG+POSnaCNdvvnMTNhitlLmGMb+v8gFqOWw+JHV6QqG0ileT85+Id96gt1EkuBS19RpSDl3cspnasYko2HrtfYoGGbSR7PLxCF2XgZd8ONtMAlZaN89GvJ8Ni81i4JoABejny1oD2b1EOmJZ65Mu1mv7ncNOireom1hH7rcpMaZrcagIGj7q2eEx2YX5kgTs5lQ0KcU37lj9IpYkoV+O9l/ZYYqKDG4fDYsVOANz3RH0iM4BDZ+pv22x8tB53vfMqx3FK4L7LXSLftLZarw7YkwtxKORRogZWkhnhEaFEJKioFQxhSNEmNor+fXT2RhWg5r5JD6r5bo896h+5vAWP98kwOpuVeeXHdS1NJjjFLakNO72AjQgpMtW68fl7vvpSfkhOSoRNTqVzDVAcgb0l7Ee9LpRmYVv1lyYeYWYtn2ovtNt3OiY/Dv5DkCAwEAAaOCA0IwggM+MCMGA1UdEQQcMBqgGAYKKwYBBAGBuEgEBqAKDAgxMDcxOTI2OTAOBgNVHQ8BAf8EBAMCBeAwCQYDVR0TBAIwADCCASMGA1UdIASCARowggEWMIIBBwYNKwYBBAGBuEgKAR8BADCB9TAdBggrBgEFBQcCARYRaHR0cDovL3d3dy5pY2EuY3owgdMGCCsGAQUFBwICMIHGDIHDVGVudG8ga3ZhbGlmaWtvdmFueSBjZXJ0aWZpa2F0IHBybyBlbGVrdHJvbmlja291IHBlY2V0IGJ5bCB2eWRhbiB2IHNvdWxhZHUgcyBuYXJpemVuaW0gRVUgYy4gOTEwLzIwMTQuVGhpcyBpcyBhIHF1YWxpZmllZCBjZXJ0aWZpY2F0ZSBmb3IgZWxlY3Ryb25pYyBzZWFsIGFjY29yZGluZyB0byBSZWd1bGF0aW9uIChFVSkgTm8gOTEwLzIwMTQuMAkGBwQAi+xAAQEwgY8GA1UdHwSBhzCBhDAqoCigJoYkaHR0cDovL3FjcmxkcDEuaWNhLmN6LzJxY2EyMl9yc2EuY3JsMCqgKKAmhiRodHRwOi8vcWNybGRwMi5pY2EuY3ovMnFjYTIyX3JzYS5jcmwwKqAooCaGJGh0dHA6Ly9xY3JsZHAzLmljYS5jei8ycWNhMjJfcnNhLmNybDCBhgYIKwYBBQUHAQMEejB4MAgGBgQAjkYBATBXBgYEAI5GAQUwTTAtFidodHRwczovL3d3dy5pY2EuY3ovWnByYXZ5LXByby11eml2YXRlbGUTAmNzMBwWFmh0dHBzOi8vd3d3LmljYS5jei9QRFMTAmVuMBMGBgQAjkYBBjAJBgcEAI5GAQYCMGUGCCsGAQUFBwEBBFkwVzAqBggrBgEFBQcwAoYeaHR0cDovL3EuaWNhLmN6LzJxY2EyMl9yc2EuY2VyMCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5pY2EuY3ovMnFjYTIyX3JzYTAfBgNVHSMEGDAWgBSK/2CytkhQJY8uzUNTOwiExcroZDAdBgNVHQ4EFgQUzZcBzxV2peZjKaS/Dkle/NuqK+8wEwYDVR0lBAwwCgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIBAKfQNUY1Z0xCyB6o+BC3g+nB1iK+VYw+RgX0sTnMxbgkmPb/wQrXUFZYh+Bt80wbkETKxZgKLRs84/sKcjvth9ebMyFje5WoWTgdNnVSk2FcZ7r2bClx5f3PLbJrtZskn7+8lD59B9UXJyr41wcWS4yfs/DRTNvoxbbGZp0FQP+kn2qRo6lwf8Ogv/nPUFNAHN9t8wAGXKoREru6Y8k9gGvc0AHEyLT6IQ0fDtgSo6CH6W/9IqVjDSvUyWzO5lsf3ZkoR3mToY+KXtP+TbfrqUJhw7n3tGWF36NsNTkynAJUtpxyIFu4v/vwkiNtWzy+ydgrwII/E30tJbaTpwGdY9lbR0C/eKfko5SVXuFHZSLPl+ZQb9e/jhIip8pjSRyT4swmiTVfPvxOMEh5OfQ1sQZTeegc7F4GcnauD6RDfh9sgI6vJW/wQR8woaAk7lpGl/HpvA8QtMG4lNQUylqZt0cYS+ebOVDHEugbNSKXu5OaIuBTHLj8UzB13SVfboHTbOobtFNrEqJemLeKPx1pzgwLqOsNvef8rwMiXPih+Sr5NfBFzm2rZcl+TjBMkWwl36Cs30ECOEWsqAaHre9uvGm+P8qCtSwEdOV5elkmxCm2eww/QLlxOUl25Vj2to5X/573/L+BwGvN38xR/m64Jt7GZnakdPf1VN6pevXKpC1P" ] -validators: array:1 [ 0 => array:2 [ "Function" => array:2 [ 0 => "SAML2\Utils" 1 => "validateSignature" ] "Data" => array:2 [ "Signature" => XMLSecurityDSig {#94 +sigNode: DOMElement {#99 +schemaTypeInfo: null +nodeName: "Signature" +nodeValue: "" +nodeType: XML_ELEMENT_NODE +parentNode: null +childNodes: DOMNodeList {#176 +length: 3 } +firstChild: DOMElement {#178 …} +lastChild: DOMElement {#180 …} +previousSibling: null +nextSibling: null +attributes: DOMNamedNodeMap {#183 +length: 0 } +ownerDocument: DOMDocument {#185 …} +namespaceURI: "http://www.w3.org/2000/09/xmldsig#" +prefix: "" +localName: "Signature" +baseURI: "/nix/store/k31x1s88lx0bmkd0n0l59gcx1y2krqsx-nia.otevrenamesta.cz/webroot/" +textContent: "" +tagName: "Signature" } +idKeys: array:1 [ 0 => "ID" ] +idNS: [] -signedInfo: "<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod><Reference URI="#_eca8ef91-7419-4c97-ade0-282326c93bfb"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>1ZZv5sJuvxpKN9tiVvwi/eK8GgG2mnZOzWOPK9/Ez9s=</DigestValue></Reference></SignedInfo>" -xPathCtx: DOMXPath {#98 +document: DOMDocument {#185 …} } -canonicalMethod: null -prefix: "ds:" -searchpfx: "secdsig" -validatedNodes: array:1 [ "_eca8ef91-7419-4c97-ade0-282326c93bfb" => DOMElement {#95 +schemaTypeInfo: null +nodeName: "EntityDescriptor" +nodeValue: "" +nodeType: XML_ELEMENT_NODE +parentNode: DOMNamedNodeMap {#183} +childNodes: DOMNodeList {#182 +length: 3 } +firstChild: DOMText {#179 …} +lastChild: DOMElement {#180 …} +previousSibling: DOMElement {#178 …} +nextSibling: DOMNodeList {#176} +attributes: DOMNamedNodeMap {#175 +length: 2 } +ownerDocument: DOMNamedNodeMap {#183} +namespaceURI: "urn:oasis:names:tc:SAML:2.0:metadata" +prefix: "" +localName: "EntityDescriptor" +baseURI: "/nix/store/k31x1s88lx0bmkd0n0l59gcx1y2krqsx-nia.otevrenamesta.cz/webroot/" +textContent: "" +tagName: "EntityDescriptor" } ] } "Certificates" => array:1 [ 0 => "MIIIzzCCBregAwIBAgIEAL3zyjANBgkqhkiG9w0BAQsFADCBgTEqMCgGA1UEAwwhSS5DQSBFVSBRdWFsaWZpZWQgQ0EyL1JTQSAwNi8yMDIyMS0wKwYDVQQKDCRQcnZuw60gY2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEucy4xFzAVBgNVBGEMDk5UUkNaLTI2NDM5Mzk1MQswCQYDVQQGEwJDWjAeFw0yNTA0MDIwOTMyMThaFw0yNjA0MDIwOTMyMThaMIGKMSwwKgYDVQQKDCNEaWdpdMOhbG7DrSBhIGluZm9ybWHEjW7DrSBhZ2VudHVyYTEXMBUGA1UEYQwOTlRSQ1otMTc2NTE5MjExGzAZBgNVBAMMEkdHX0ZQU1RTX1RFU1RfU0lHTjELMAkGA1UEBhMCQ1oxFzAVBgNVBAUTDklDQSAtIDEwNzE5MjY5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvq7kS5mG2wha+qMZ6chInzmYBc6Vroqh8wYUMGnS8gRTtCMalT59AQFt0gGWk++A0ohq8vMFTXBM0i3kMwPB+1P+SqK8FWVH2kigjqtvAUPb2QfWzTmpeTOyia/iLfLpgs1QfZJKjIoHQn2y58PMywStpL4pJCMF2MYCJI3NUIC93VlN10GVbsqxKQcviC84dy8VLouysBRDmsAWbAq/aUv6iN8X5s6DBpSKJk1vlMZgSwfmvmG+POSnaCNdvvnMTNhitlLmGMb+v8gFqOWw+JHV6QqG0ileT85+Id96gt1EkuBS19RpSDl3cspnasYko2HrtfYoGGbSR7PLxCF2XgZd8ONtMAlZaN89GvJ8Ni81i4JoABejny1oD2b1EOmJZ65Mu1mv7ncNOireom1hH7rcpMaZrcagIGj7q2eEx2YX5kgTs5lQ0KcU37lj9IpYkoV+O9l/ZYYqKDG4fDYsVOANz3RH0iM4BDZ+pv22x8tB53vfMqx3FK4L7LXSLftLZarw7YkwtxKORRogZWkhnhEaFEJKioFQxhSNEmNor+fXT2RhWg5r5JD6r5bo896h+5vAWP98kwOpuVeeXHdS1NJjjFLakNO72AjQgpMtW68fl7vvpSfkhOSoRNTqVzDVAcgb0l7Ee9LpRmYVv1lyYeYWYtn2ovtNt3OiY/Dv5DkCAwEAAaOCA0IwggM+MCMGA1UdEQQcMBqgGAYKKwYBBAGBuEgEBqAKDAgxMDcxOTI2OTAOBgNVHQ8BAf8EBAMCBeAwCQYDVR0TBAIwADCCASMGA1UdIASCARowggEWMIIBBwYNKwYBBAGBuEgKAR8BADCB9TAdBggrBgEFBQcCARYRaHR0cDovL3d3dy5pY2EuY3owgdMGCCsGAQUFBwICMIHGDIHDVGVudG8ga3ZhbGlmaWtvdmFueSBjZXJ0aWZpa2F0IHBybyBlbGVrdHJvbmlja291IHBlY2V0IGJ5bCB2eWRhbiB2IHNvdWxhZHUgcyBuYXJpemVuaW0gRVUgYy4gOTEwLzIwMTQuVGhpcyBpcyBhIHF1YWxpZmllZCBjZXJ0aWZpY2F0ZSBmb3IgZWxlY3Ryb25pYyBzZWFsIGFjY29yZGluZyB0byBSZWd1bGF0aW9uIChFVSkgTm8gOTEwLzIwMTQuMAkGBwQAi+xAAQEwgY8GA1UdHwSBhzCBhDAqoCigJoYkaHR0cDovL3FjcmxkcDEuaWNhLmN6LzJxY2EyMl9yc2EuY3JsMCqgKKAmhiRodHRwOi8vcWNybGRwMi5pY2EuY3ovMnFjYTIyX3JzYS5jcmwwKqAooCaGJGh0dHA6Ly9xY3JsZHAzLmljYS5jei8ycWNhMjJfcnNhLmNybDCBhgYIKwYBBQUHAQMEejB4MAgGBgQAjkYBATBXBgYEAI5GAQUwTTAtFidodHRwczovL3d3dy5pY2EuY3ovWnByYXZ5LXByby11eml2YXRlbGUTAmNzMBwWFmh0dHBzOi8vd3d3LmljYS5jei9QRFMTAmVuMBMGBgQAjkYBBjAJBgcEAI5GAQYCMGUGCCsGAQUFBwEBBFkwVzAqBggrBgEFBQcwAoYeaHR0cDovL3EuaWNhLmN6LzJxY2EyMl9yc2EuY2VyMCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5pY2EuY3ovMnFjYTIyX3JzYTAfBgNVHSMEGDAWgBSK/2CytkhQJY8uzUNTOwiExcroZDAdBgNVHQ4EFgQUzZcBzxV2peZjKaS/Dkle/NuqK+8wEwYDVR0lBAwwCgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIBAKfQNUY1Z0xCyB6o+BC3g+nB1iK+VYw+RgX0sTnMxbgkmPb/wQrXUFZYh+Bt80wbkETKxZgKLRs84/sKcjvth9ebMyFje5WoWTgdNnVSk2FcZ7r2bClx5f3PLbJrtZskn7+8lD59B9UXJyr41wcWS4yfs/DRTNvoxbbGZp0FQP+kn2qRo6lwf8Ogv/nPUFNAHN9t8wAGXKoREru6Y8k9gGvc0AHEyLT6IQ0fDtgSo6CH6W/9IqVjDSvUyWzO5lsf3ZkoR3mToY+KXtP+TbfrqUJhw7n3tGWF36NsNTkynAJUtpxyIFu4v/vwkiNtWzy+ydgrwII/E30tJbaTpwGdY9lbR0C/eKfko5SVXuFHZSLPl+ZQb9e/jhIip8pjSRyT4swmiTVfPvxOMEh5OfQ1sQZTeegc7F4GcnauD6RDfh9sgI6vJW/wQR8woaAk7lpGl/HpvA8QtMG4lNQUylqZt0cYS+ebOVDHEugbNSKXu5OaIuBTHLj8UzB13SVfboHTbOobtFNrEqJemLeKPx1pzgwLqOsNvef8rwMiXPih+Sr5NfBFzm2rZcl+TjBMkWwl36Cs30ECOEWsqAaHre9uvGm+P8qCtSwEdOV5elkmxCm2eww/QLlxOUl25Vj2to5X/573/L+BwGvN38xR/m64Jt7GZnakdPf1VN6pevXKpC1P" ] ] ] ] +validUntil: null +cacheDuration: null -entityID: "urn:microsoft:cgg2010:fpsts" -ID: "_eca8ef91-7419-4c97-ade0-282326c93bfb" -Extensions: [] -RoleDescriptor: array:2 [ 0 => UnknownRoleDescriptor {#103 #signatureKey: null #certificates: [] -validators: [] +validUntil: null +cacheDuration: null -elementName: "md:RoleDescriptor" -ID: null -protocolSupportEnumeration: array:1 [ 0 => "http://docs.oasis-open.org/wsfed/federation/200706" ] -errorURL: null -Extensions: [] -KeyDescriptor: array:1 [ 0 => KeyDescriptor {#105 -use: "signing" -KeyInfo: KeyInfo {#101 -Id: null -info: array:1 [ 0 => X509Data {#111 -data: array:1 [ 0 => X509Certificate {#113 -certificate: "MIIIzzCCBregAwIBAgIEAL3zyjANBgkqhkiG9w0BAQsFADCBgTEqMCgGA1UEAwwhSS5DQSBFVSBRdWFsaWZpZWQgQ0EyL1JTQSAwNi8yMDIyMS0wKwYDVQQKDCRQcnZuw60gY2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEucy4xFzAVBgNVBGEMDk5UUkNaLTI2NDM5Mzk1MQswCQYDVQQGEwJDWjAeFw0yNTA0MDIwOTMyMThaFw0yNjA0MDIwOTMyMThaMIGKMSwwKgYDVQQKDCNEaWdpdMOhbG7DrSBhIGluZm9ybWHEjW7DrSBhZ2VudHVyYTEXMBUGA1UEYQwOTlRSQ1otMTc2NTE5MjExGzAZBgNVBAMMEkdHX0ZQU1RTX1RFU1RfU0lHTjELMAkGA1UEBhMCQ1oxFzAVBgNVBAUTDklDQSAtIDEwNzE5MjY5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvq7kS5mG2wha+qMZ6chInzmYBc6Vroqh8wYUMGnS8gRTtCMalT59AQFt0gGWk++A0ohq8vMFTXBM0i3kMwPB+1P+SqK8FWVH2kigjqtvAUPb2QfWzTmpeTOyia/iLfLpgs1QfZJKjIoHQn2y58PMywStpL4pJCMF2MYCJI3NUIC93VlN10GVbsqxKQcviC84dy8VLouysBRDmsAWbAq/aUv6iN8X5s6DBpSKJk1vlMZgSwfmvmG+POSnaCNdvvnMTNhitlLmGMb+v8gFqOWw+JHV6QqG0ileT85+Id96gt1EkuBS19RpSDl3cspnasYko2HrtfYoGGbSR7PLxCF2XgZd8ONtMAlZaN89GvJ8Ni81i4JoABejny1oD2b1EOmJZ65Mu1mv7ncNOireom1hH7rcpMaZrcagIGj7q2eEx2YX5kgTs5lQ0KcU37lj9IpYkoV+O9l/ZYYqKDG4fDYsVOANz3RH0iM4BDZ+pv22x8tB53vfMqx3FK4L7LXSLftLZarw7YkwtxKORRogZWkhnhEaFEJKioFQxhSNEmNor+fXT2RhWg5r5JD6r5bo896h+5vAWP98kwOpuVeeXHdS1NJjjFLakNO72AjQgpMtW68fl7vvpSfkhOSoRNTqVzDVAcgb0l7Ee9LpRmYVv1lyYeYWYtn2ovtNt3OiY/Dv5DkCAwEAAaOCA0IwggM+MCMGA1UdEQQcMBqgGAYKKwYBBAGBuEgEBqAKDAgxMDcxOTI2OTAOBgNVHQ8BAf8EBAMCBeAwCQYDVR0TBAIwADCCASMGA1UdIASCARowggEWMIIBBwYNKwYBBAGBuEgKAR8BADCB9TAdBggrBgEFBQcCARYRaHR0cDovL3d3dy5pY2EuY3owgdMGCCsGAQUFBwICMIHGDIHDVGVudG8ga3ZhbGlmaWtvdmFueSBjZXJ0aWZpa2F0IHBybyBlbGVrdHJvbmlja291IHBlY2V0IGJ5bCB2eWRhbiB2IHNvdWxhZHUgcyBuYXJpemVuaW0gRVUgYy4gOTEwLzIwMTQuVGhpcyBpcyBhIHF1YWxpZmllZCBjZXJ0aWZpY2F0ZSBmb3IgZWxlY3Ryb25pYyBzZWFsIGFjY29yZGluZyB0byBSZWd1bGF0aW9uIChFVSkgTm8gOTEwLzIwMTQuMAkGBwQAi+xAAQEwgY8GA1UdHwSBhzCBhDAqoCigJoYkaHR0cDovL3FjcmxkcDEuaWNhLmN6LzJxY2EyMl9yc2EuY3JsMCqgKKAmhiRodHRwOi8vcWNybGRwMi5pY2EuY3ovMnFjYTIyX3JzYS5jcmwwKqAooCaGJGh0dHA6Ly9xY3JsZHAzLmljYS5jei8ycWNhMjJfcnNhLmNybDCBhgYIKwYBBQUHAQMEejB4MAgGBgQAjkYBATBXBgYEAI5GAQUwTTAtFidodHRwczovL3d3dy5pY2EuY3ovWnByYXZ5LXByby11eml2YXRlbGUTAmNzMBwWFmh0dHBzOi8vd3d3LmljYS5jei9QRFMTAmVuMBMGBgQAjkYBBjAJBgcEAI5GAQYCMGUGCCsGAQUFBwEBBFkwVzAqBggrBgEFBQcwAoYeaHR0cDovL3EuaWNhLmN6LzJxY2EyMl9yc2EuY2VyMCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5pY2EuY3ovMnFjYTIyX3JzYTAfBgNVHSMEGDAWgBSK/2CytkhQJY8uzUNTOwiExcroZDAdBgNVHQ4EFgQUzZcBzxV2peZjKaS/Dkle/NuqK+8wEwYDVR0lBAwwCgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIBAKfQNUY1Z0xCyB6o+BC3g+nB1iK+VYw+RgX0sTnMxbgkmPb/wQrXUFZYh+Bt80wbkETKxZgKLRs84/sKcjvth9ebMyFje5WoWTgdNnVSk2FcZ7r2bClx5f3PLbJrtZskn7+8lD59B9UXJyr41wcWS4yfs/DRTNvoxbbGZp0FQP+kn2qRo6lwf8Ogv/nPUFNAHN9t8wAGXKoREru6Y8k9gGvc0AHEyLT6IQ0fDtgSo6CH6W/9IqVjDSvUyWzO5lsf3ZkoR3mToY+KXtP+TbfrqUJhw7n3tGWF36NsNTkynAJUtpxyIFu4v/vwkiNtWzy+ydgrwII/E30tJbaTpwGdY9lbR0C/eKfko5SVXuFHZSLPl+ZQb9e/jhIip8pjSRyT4swmiTVfPvxOMEh5OfQ1sQZTeegc7F4GcnauD6RDfh9sgI6vJW/wQR8woaAk7lpGl/HpvA8QtMG4lNQUylqZt0cYS+ebOVDHEugbNSKXu5OaIuBTHLj8UzB13SVfboHTbOobtFNrEqJemLeKPx1pzgwLqOsNvef8rwMiXPih+Sr5NfBFzm2rZcl+TjBMkWwl36Cs30ECOEWsqAaHre9uvGm+P8qCtSwEdOV5elkmxCm2eww/QLlxOUl25Vj2to5X/573/L+BwGvN38xR/m64Jt7GZnakdPf1VN6pevXKpC1P" } ] } ] } -EncryptionMethod: [] } ] -Organization: null -ContactPerson: [] -xml: Chunk {#106 -localName: "RoleDescriptor" -namespaceURI: "urn:oasis:names:tc:SAML:2.0:metadata" -xml: DOMElement {#108 +schemaTypeInfo: null +nodeName: "RoleDescriptor" +nodeValue: "" +nodeType: XML_ELEMENT_NODE +parentNode: null +childNodes: DOMNodeList {#156 +length: 5 } +firstChild: DOMElement {#158 …} +lastChild: DOMElement {#160 …} +previousSibling: null +nextSibling: null +attributes: DOMNamedNodeMap {#163 +length: 2 } +ownerDocument: DOMDocument {#165 …} +namespaceURI: "urn:oasis:names:tc:SAML:2.0:metadata" +prefix: "" +localName: "RoleDescriptor" +baseURI: null +textContent: "" +tagName: "RoleDescriptor" } } } 1 => IDPSSODescriptor {#104 #signatureKey: null #certificates: [] -validators: [] +validUntil: null +cacheDuration: null -elementName: "md:IDPSSODescriptor" -ID: null -protocolSupportEnumeration: array:1 [ 0 => "urn:oasis:names:tc:SAML:2.0:protocol" ] -errorURL: null -Extensions: [] -KeyDescriptor: array:1 [ 0 => KeyDescriptor {#110 -use: "signing" -KeyInfo: KeyInfo {#114 -Id: null -info: array:1 [ 0 => X509Data {#118 -data: array:1 [ 0 => X509Certificate {#120 -certificate: "MIIIzzCCBregAwIBAgIEAL3zyjANBgkqhkiG9w0BAQsFADCBgTEqMCgGA1UEAwwhSS5DQSBFVSBRdWFsaWZpZWQgQ0EyL1JTQSAwNi8yMDIyMS0wKwYDVQQKDCRQcnZuw60gY2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEucy4xFzAVBgNVBGEMDk5UUkNaLTI2NDM5Mzk1MQswCQYDVQQGEwJDWjAeFw0yNTA0MDIwOTMyMThaFw0yNjA0MDIwOTMyMThaMIGKMSwwKgYDVQQKDCNEaWdpdMOhbG7DrSBhIGluZm9ybWHEjW7DrSBhZ2VudHVyYTEXMBUGA1UEYQwOTlRSQ1otMTc2NTE5MjExGzAZBgNVBAMMEkdHX0ZQU1RTX1RFU1RfU0lHTjELMAkGA1UEBhMCQ1oxFzAVBgNVBAUTDklDQSAtIDEwNzE5MjY5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvq7kS5mG2wha+qMZ6chInzmYBc6Vroqh8wYUMGnS8gRTtCMalT59AQFt0gGWk++A0ohq8vMFTXBM0i3kMwPB+1P+SqK8FWVH2kigjqtvAUPb2QfWzTmpeTOyia/iLfLpgs1QfZJKjIoHQn2y58PMywStpL4pJCMF2MYCJI3NUIC93VlN10GVbsqxKQcviC84dy8VLouysBRDmsAWbAq/aUv6iN8X5s6DBpSKJk1vlMZgSwfmvmG+POSnaCNdvvnMTNhitlLmGMb+v8gFqOWw+JHV6QqG0ileT85+Id96gt1EkuBS19RpSDl3cspnasYko2HrtfYoGGbSR7PLxCF2XgZd8ONtMAlZaN89GvJ8Ni81i4JoABejny1oD2b1EOmJZ65Mu1mv7ncNOireom1hH7rcpMaZrcagIGj7q2eEx2YX5kgTs5lQ0KcU37lj9IpYkoV+O9l/ZYYqKDG4fDYsVOANz3RH0iM4BDZ+pv22x8tB53vfMqx3FK4L7LXSLftLZarw7YkwtxKORRogZWkhnhEaFEJKioFQxhSNEmNor+fXT2RhWg5r5JD6r5bo896h+5vAWP98kwOpuVeeXHdS1NJjjFLakNO72AjQgpMtW68fl7vvpSfkhOSoRNTqVzDVAcgb0l7Ee9LpRmYVv1lyYeYWYtn2ovtNt3OiY/Dv5DkCAwEAAaOCA0IwggM+MCMGA1UdEQQcMBqgGAYKKwYBBAGBuEgEBqAKDAgxMDcxOTI2OTAOBgNVHQ8BAf8EBAMCBeAwCQYDVR0TBAIwADCCASMGA1UdIASCARowggEWMIIBBwYNKwYBBAGBuEgKAR8BADCB9TAdBggrBgEFBQcCARYRaHR0cDovL3d3dy5pY2EuY3owgdMGCCsGAQUFBwICMIHGDIHDVGVudG8ga3ZhbGlmaWtvdmFueSBjZXJ0aWZpa2F0IHBybyBlbGVrdHJvbmlja291IHBlY2V0IGJ5bCB2eWRhbiB2IHNvdWxhZHUgcyBuYXJpemVuaW0gRVUgYy4gOTEwLzIwMTQuVGhpcyBpcyBhIHF1YWxpZmllZCBjZXJ0aWZpY2F0ZSBmb3IgZWxlY3Ryb25pYyBzZWFsIGFjY29yZGluZyB0byBSZWd1bGF0aW9uIChFVSkgTm8gOTEwLzIwMTQuMAkGBwQAi+xAAQEwgY8GA1UdHwSBhzCBhDAqoCigJoYkaHR0cDovL3FjcmxkcDEuaWNhLmN6LzJxY2EyMl9yc2EuY3JsMCqgKKAmhiRodHRwOi8vcWNybGRwMi5pY2EuY3ovMnFjYTIyX3JzYS5jcmwwKqAooCaGJGh0dHA6Ly9xY3JsZHAzLmljYS5jei8ycWNhMjJfcnNhLmNybDCBhgYIKwYBBQUHAQMEejB4MAgGBgQAjkYBATBXBgYEAI5GAQUwTTAtFidodHRwczovL3d3dy5pY2EuY3ovWnByYXZ5LXByby11eml2YXRlbGUTAmNzMBwWFmh0dHBzOi8vd3d3LmljYS5jei9QRFMTAmVuMBMGBgQAjkYBBjAJBgcEAI5GAQYCMGUGCCsGAQUFBwEBBFkwVzAqBggrBgEFBQcwAoYeaHR0cDovL3EuaWNhLmN6LzJxY2EyMl9yc2EuY2VyMCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5pY2EuY3ovMnFjYTIyX3JzYTAfBgNVHSMEGDAWgBSK/2CytkhQJY8uzUNTOwiExcroZDAdBgNVHQ4EFgQUzZcBzxV2peZjKaS/Dkle/NuqK+8wEwYDVR0lBAwwCgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIBAKfQNUY1Z0xCyB6o+BC3g+nB1iK+VYw+RgX0sTnMxbgkmPb/wQrXUFZYh+Bt80wbkETKxZgKLRs84/sKcjvth9ebMyFje5WoWTgdNnVSk2FcZ7r2bClx5f3PLbJrtZskn7+8lD59B9UXJyr41wcWS4yfs/DRTNvoxbbGZp0FQP+kn2qRo6lwf8Ogv/nPUFNAHN9t8wAGXKoREru6Y8k9gGvc0AHEyLT6IQ0fDtgSo6CH6W/9IqVjDSvUyWzO5lsf3ZkoR3mToY+KXtP+TbfrqUJhw7n3tGWF36NsNTkynAJUtpxyIFu4v/vwkiNtWzy+ydgrwII/E30tJbaTpwGdY9lbR0C/eKfko5SVXuFHZSLPl+ZQb9e/jhIip8pjSRyT4swmiTVfPvxOMEh5OfQ1sQZTeegc7F4GcnauD6RDfh9sgI6vJW/wQR8woaAk7lpGl/HpvA8QtMG4lNQUylqZt0cYS+ebOVDHEugbNSKXu5OaIuBTHLj8UzB13SVfboHTbOobtFNrEqJemLeKPx1pzgwLqOsNvef8rwMiXPih+Sr5NfBFzm2rZcl+TjBMkWwl36Cs30ECOEWsqAaHre9uvGm+P8qCtSwEdOV5elkmxCm2eww/QLlxOUl25Vj2to5X/573/L+BwGvN38xR/m64Jt7GZnakdPf1VN6pevXKpC1P" } ] } ] } -EncryptionMethod: [] } ] -Organization: null -ContactPerson: [] -ArtifactResolutionService: [] -SingleLogoutService: array:1 [ 0 => EndpointType {#112 -Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" -Location: "https://tnia.identita.gov.cz/FPSTS/saml2/basic" -ResponseLocation: null -attributes: [] } ] -ManageNameIDService: [] -NameIDFormat: [] -WantAuthnRequestsSigned: null -SingleSignOnService: array:2 [ 0 => EndpointType {#116 -Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" -Location: "https://tnia.identita.gov.cz/FPSTS/saml2/basic" -ResponseLocation: null -attributes: [] } 1 => EndpointType {#122 -Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" -Location: "https://tnia.identita.gov.cz/FPSTS/saml2/basic" -ResponseLocation: null -attributes: [] } ] -NameIDMappingService: [] -AssertionIDRequestService: [] -AttributeProfile: [] -Attribute: [] } ] -AffiliationDescriptor: null -Organization: null -ContactPerson: [] -AdditionalMetadataLocation: [] }
<?php
use RobRichards\XMLSecLibs\XMLSecurityKey;
// soubor s certifikátem bychom měli mít uložen lokálně, aby validace podpisu proběhla korektně
// na uvedené adrese je uložen NIA certifikát (PEM) z testovacího prostředí
$tnia_cert_data = file_get_contents('https://nia.otevrenamesta.cz/tnia.crt');
// z dat certifikátu vytvoříme klíč
$tnia_key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, ['type' => 'public']);
$tnia_key->loadKey($tnia_cert_data, false, true);
// a použijeme interní metodu EntityDescriptor->validate(XMLSecurityKey $key) pro validaci
$valid = $metadata->validate($tnia_key);
Obsah proměnné valid: null
<?php
use SAML2\Constants;
use SAML2\XML\md\IDPSSODescriptor;
use SAML2\XML\md\EntityDescriptor;
private function extractSSOLoginUrls(EntityDescriptor $idp_descriptor){
$idp_sso_descriptor = false;
foreach ($idp_descriptor->getRoleDescriptor() as $role_descriptor) {
if ($role_descriptor instanceof IDPSSODescriptor) {
$idp_sso_descriptor = $role_descriptor;
}
}
$sso_redirect_login_url = false;
$sso_post_login_url = false;
if ($idp_sso_descriptor instanceof IDPSSODescriptor) {
foreach ($idp_sso_descriptor->getSingleSignOnService() as $descriptorType) {
if ($descriptorType->getBinding() === Constants::BINDING_HTTP_REDIRECT) {
$sso_redirect_login_url = $descriptorType->getLocation();
} else if ($descriptorType->getBinding() === Constants::BINDING_HTTP_POST) {
$sso_post_login_url = $descriptorType->getLocation();
}
}
}
return [Constants::BINDING_HTTP_REDIRECT => $sso_redirect_login_url, Constants::BINDING_HTTP_POST => $sso_post_login_url];
}
$urls = extractSSOLoginUrls($metadata);
$redirect_url = $urls[Constants::BINDING_HTTP_REDIRECT];
$post_url = $urls[Constants::BINDING_HTTP_POST];
Obsah proměnné urls: array:2 [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" => "https://tnia.identita.gov.cz/FPSTS/saml2/basic" "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" => "https://tnia.identita.gov.cz/FPSTS/saml2/basic" ]