SAML-Toolkits · Fredthelead · May 24, 2021 · May 24, 2021 · May 24, 2021
diff --git a/composer.json b/composer.json
@@ -16,6 +16,7 @@
     },
     "require": {
         "php": ">=7.3",
+        "guzzlehttp/guzzle": "^7.3",
         "robrichards/xmlseclibs": ">=3.1.1"
     },
     "require-dev": {

diff --git a/demo1/attrs.php b/demo1/attrs.php
@@ -1,25 +1,27 @@
 <?php
 
 session_start();
-
+$html = '';
 if (isset($_SESSION['samlUserdata'])) {
     if (!empty($_SESSION['samlUserdata'])) {
         $attributes = $_SESSION['samlUserdata'];
-        echo 'You have the following attributes:<br>';
-        echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
+        $html .= 'You have the following attributes:<br>';
+        $html .= '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
         foreach ($attributes as $attributeName => $attributeValues) {
-            echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
+            $html .= '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
             foreach ($attributeValues as $attributeValue) {
-                echo '<li>' . htmlentities($attributeValue) . '</li>';
+                $html .= '<li>' . htmlentities($attributeValue) . '</li>';
             }
-            echo '</ul></td></tr>';
+            $html .= '</ul></td></tr>';
         }
-        echo '</tbody></table>';
+        $html .= '</tbody></table>';
     } else {
-        echo "<p>You don't have any attribute</p>";
+        $html .= "<p>You don't have any attribute</p>";
     }
 
-    echo '<p><a href="index.php?slo" >Logout</a></p>';
+    $html .= '<p><a href="index.php?slo" >Logout</a></p>';
 } else {
-    echo '<p><a href="index.php?sso2" >Login and access later to this page</a></p>';
+    $html .= '<p><a href="index.php?sso2" >Login and access later to this page</a></p>';
 }
+
+return new \GuzzleHttp\Psr7\Response(200, [], $html);
diff --git a/demo1/index.php b/demo1/index.php
@@ -15,21 +15,25 @@
 
 $auth = new Auth($settingsInfo);
 
-if (isset($_GET['sso'])) {
-    $auth->login();
+/** @var \GuzzleHttp\Psr7\ServerRequest $request */
+$request = \GuzzleHttp\Psr7\ServerRequest::fromGlobals();
 
+if (isset($request->getQueryParams()['sso'])) {
+    return $auth->login();
     # If AuthNRequest ID need to be saved in order to later validate it, do instead
     # $ssoBuiltUrl = $auth->login(null, array(), false, false, true);
     # $_SESSION['AuthNRequestID'] = $auth->getLastRequestID();
-    # header('Pragma: no-cache');
-    # header('Cache-Control: no-cache, must-revalidate');
-    # header('Location: ' . $ssoBuiltUrl);
-    # exit();
+    # return new \GuzzleHttp\Psr7\Response(302, [
+    #   'Pragma' => 'no-cache',
+    #   'Cache-Control' => 'no-cache, must-revalidate',
+    #   'location' => [(string) $ssoBuiltUrl]
+    #]);
 
-} else if (isset($_GET['sso2'])) {
+
+} else if (isset($request->getQueryParams()['sso2'])) {
     $returnTo = $spBaseUrl.'/demo1/attrs.php';
-    $auth->login($returnTo);
-} else if (isset($_GET['slo'])) {
+    return $auth->login($returnTo);
+} else if (isset($request->getQueryParams()['slo'])) {
     $returnTo = null;
     $paramters = array();
     $nameId = null;
@@ -54,7 +58,7 @@
         $sessionIndex = $_SESSION['samlSessionIndex'];
     }
 
-    $auth->logout($returnTo, $paramters, $nameId, $sessionIndex, false, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier);
+    return $auth->logout($returnTo, $paramters, $nameId, $sessionIndex, false, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier);
 
     # If LogoutRequest ID need to be saved in order to later validate it, do instead
     # $sloBuiltUrl = $auth->logout(null, $paramters, $nameId, $sessionIndex, true);
@@ -64,7 +68,7 @@
     # header('Location: ' . $sloBuiltUrl);
     # exit();
 
-} else if (isset($_GET['acs'])) {
+} else if (isset($request->getQueryParams()['acs'])) {
     if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) {
         $requestID = $_SESSION['AuthNRequestID'];
     } else {
@@ -76,15 +80,15 @@
     $errors = $auth->getErrors();
 
     if (!empty($errors)) {
-        echo '<p>' . implode(', ', $errors) . '</p>';
+        $html = '<p>' . implode(', ', $errors) . '</p>';
         if ($auth->getSettings()->isDebugActive()) {
-            echo '<p>'.$auth->getLastErrorReason().'</p>';
+            $html .= '<p>'.$auth->getLastErrorReason().'</p>';
         }
+        return new \GuzzleHttp\Psr7\Response(500, [], $html);
     }
 
     if (!$auth->isAuthenticated()) {
-        echo '<p>Not authenticated</p>';
-        exit();
+        return new \GuzzleHttp\Psr7\Response(401, [], '<p>Not authenticated</p>');
     }
 
     $_SESSION['samlUserdata'] = $auth->getAttributes();
@@ -95,10 +99,11 @@
     $_SESSION['samlSessionIndex'] = $auth->getSessionIndex();
 
     unset($_SESSION['AuthNRequestID']);
-    if (isset($_POST['RelayState']) && Utils::getSelfURL() != $_POST['RelayState']) {
-        $auth->redirectTo($_POST['RelayState']);
+    $relayState = $request->getParsedBody()['RelayState'] ?? null;
+    if ($relayState !== null && Utils::getSelfURL() !== $relayState) {
+        return $auth->redirectTo($relayState);
     }
-} else if (isset($_GET['sls'])) {
+} else if (isset($request->getQueryParams()['sls'])) {
     if (isset($_SESSION) && isset($_SESSION['LogoutRequestID'])) {
         $requestID = $_SESSION['LogoutRequestID'];
     } else {
@@ -108,34 +113,36 @@
     $auth->processSLO(false, $requestID);
     $errors = $auth->getErrors();
     if (empty($errors)) {
-        echo '<p>Sucessfully logged out</p>';
+        $html = '<p>Sucessfully logged out</p>';
     } else {
-        echo '<p>' . implode(', ', $errors) . '</p>';
+        $html = '<p>' . implode(', ', $errors) . '</p>';
         if ($auth->getSettings()->isDebugActive()) {
-            echo '<p>'.$auth->getLastErrorReason().'</p>';
+            $html .= '<p>'.$auth->getLastErrorReason().'</p>';
         }
     }
 }
 
 if (isset($_SESSION['samlUserdata'])) {
     if (!empty($_SESSION['samlUserdata'])) {
         $attributes = $_SESSION['samlUserdata'];
-        echo 'You have the following attributes:<br>';
-        echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
+        $html .= 'You have the following attributes:<br>';
+        $html .= '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
         foreach ($attributes as $attributeName => $attributeValues) {
-            echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
+            $html .= '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
             foreach ($attributeValues as $attributeValue) {
-                echo '<li>' . htmlentities($attributeValue) . '</li>';
+                $html .= '<li>' . htmlentities($attributeValue) . '</li>';
             }
-            echo '</ul></td></tr>';
+            $html .= '</ul></td></tr>';
         }
-        echo '</tbody></table>';
+        $html .= '</tbody></table>';
     } else {
-        echo "<p>You don't have any attribute</p>";
+        $html .= "<p>You don't have any attribute</p>";
     }
 
-    echo '<p><a href="?slo" >Logout</a></p>';
+    $html .= '<p><a href="?slo" >Logout</a></p>';
 } else {
-    echo '<p><a href="?sso" >Login</a></p>';
-    echo '<p><a href="?sso2" >Login and access to attrs.php page</a></p>';
+    $html .= '<p><a href="?sso" >Login</a></p>';
+    $html .= '<p><a href="?sso2" >Login and access to attrs.php page</a></p>';
 }
+
+return new \GuzzleHttp\Psr7\Response(200, [], $html);
diff --git a/demo1/metadata.php b/demo1/metadata.php
@@ -19,14 +19,13 @@
     $metadata = $settings->getSPMetadata();
     $errors = $settings->validateMetadata($metadata);
     if (empty($errors)) {
-        header('Content-Type: text/xml');
-        echo $metadata;
+	    return new \GuzzleHttp\Psr7\Response(500, ['Content-Type', 'text/xml'], $metadata);
     } else {
         throw new Error(
             'Invalid SP metadata: '.implode(', ', $errors),
             Error::METADATA_SP_INVALID
         );
     }
 } catch (Exception $e) {
-    echo $e->getMessage();
+	return new \GuzzleHttp\Psr7\Response(500, [], $e->getMessage());
 }
diff --git a/demo2/consume.php b/demo2/consume.php
@@ -12,31 +12,36 @@
 use OneLogin\Saml2\Response;
 use OneLogin\Saml2\Settings;
 
+/** @var \GuzzleHttp\Psr7\ServerRequest $request */
+$request = \GuzzleHttp\Psr7\ServerRequest::fromGlobals();
+$html = '';
+
 try {
-    if (isset($_POST['SAMLResponse'])) {
+    if (isset($request->getParsedBody()['SAMLResponse'])) {
         $samlSettings = new Settings();
-        $samlResponse = new Response($samlSettings, $_POST['SAMLResponse']);
+        $samlResponse = new Response($samlSettings, $request->getParsedBody()['SAMLResponse']);
         if ($samlResponse->isValid()) {
-            echo 'You are: ' . $samlResponse->getNameId() . '<br>';
+            $html .= 'You are: ' . $samlResponse->getNameId() . '<br>';
             $attributes = $samlResponse->getAttributes();
             if (!empty($attributes)) {
-                echo 'You have the following attributes:<br>';
-                echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
+                $html .= 'You have the following attributes:<br>';
+                $html .= '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
                 foreach ($attributes as $attributeName => $attributeValues) {
-                    echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
+                    $html .= '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
                     foreach ($attributeValues as $attributeValue) {
-                        echo '<li>' . htmlentities($attributeValue) . '</li>';
+                        $html .= '<li>' . htmlentities($attributeValue) . '</li>';
                     }
-                    echo '</ul></td></tr>';
+                    $html .= '</ul></td></tr>';
                 }
-                echo '</tbody></table>';
+                $html .= '</tbody></table>';
             }
         } else {
-            echo 'Invalid SAML Response';
+            $html .= 'Invalid SAML Response';
         }
     } else {
-        echo 'No SAML Response found in POST.';
+        $html .= 'No SAML Response found in POST.';
     }
+    return new \GuzzleHttp\Psr7\Response(200, [], 'Invalid SAML Response: ' . $html);
 } catch (Exception $e) {
-    echo 'Invalid SAML Response: ' . $e->getMessage();
+    return new \GuzzleHttp\Psr7\Response(400, [], 'Invalid SAML Response: ' . $e->getMessage());
 }
diff --git a/demo2/index.php b/demo2/index.php
@@ -16,6 +16,9 @@
 use OneLogin\Saml2\Settings;
 use OneLogin\Saml2\Utils;
 
+/** @var \GuzzleHttp\Psr7\ServerRequest $request */
+$request = \GuzzleHttp\Psr7\ServerRequest::fromGlobals();
+
 if (!isset($_SESSION['samlUserdata'])) {
     $settings = new Settings();
     $authRequest = new AuthnRequest($settings);
@@ -26,27 +29,28 @@
 
     $idpData = $settings->getIdPData();
     $ssoUrl = $idpData['singleSignOnService']['url'];
-    $url = Utils::redirect($ssoUrl, $parameters, true);
-
-    header("Location: $url");
+    return Utils::redirect($ssoUrl, $parameters);
 } else {
+    $html = '';
     if (!empty($_SESSION['samlUserdata'])) {
         $attributes = $_SESSION['samlUserdata'];
-        echo 'You have the following attributes:<br>';
-        echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
+        $html .= 'You have the following attributes:<br>';
+        $html .= '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
         foreach ($attributes as $attributeName => $attributeValues) {
-            echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
+            $html .= '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
             foreach ($attributeValues as $attributeValue) {
-                echo '<li>' . htmlentities($attributeValue) . '</li>';
+                $html .= '<li>' . htmlentities($attributeValue) . '</li>';
             }
-            echo '</ul></td></tr>';
+            $html .= '</ul></td></tr>';
         }
-        echo '</tbody></table>';
+        $html .= '</tbody></table>';
         if (!empty($_SESSION['IdPSessionIndex'])) {
-            echo '<p>The SessionIndex of the IdP is: '.$_SESSION['IdPSessionIndex'].'</p>';
+            $html .= '<p>The SessionIndex of the IdP is: '.$_SESSION['IdPSessionIndex'].'</p>';
         }
     } else {
-        echo "<p>You don't have any attribute</p>";
+        $html .= "<p>You don't have any attribute</p>";
     }
-    echo '<p><a href="slo.php">Logout</a></p>';
+    $html .= '<p><a href="slo.php">Logout</a></p>';
+
+    return new \GuzzleHttp\Psr7\Response(200, [], $html);
 }
diff --git a/demo2/metadata.php b/demo2/metadata.php
@@ -11,10 +11,9 @@
 use OneLogin\Saml2\Metadata;
 use OneLogin\Saml2\Settings;
 
-header('Content-Type: text/xml');
-
 $samlSettings = new Settings();
 $sp = $samlSettings->getSPData();
 
 $samlMetadata = Metadata::builder($sp);
-echo $samlMetadata;
+
+return new \GuzzleHttp\Psr7\Response(200, ['Content-Type' => 'text/xml'], $samlMetadata);
diff --git a/demo2/slo.php b/demo2/slo.php
@@ -14,6 +14,9 @@
 use OneLogin\Saml2\Settings;
 use OneLogin\Saml2\Utils;
 
+/** @var \GuzzleHttp\Psr7\ServerRequest $request */
+$request = \GuzzleHttp\Psr7\ServerRequest::fromGlobals();
+
 $samlSettings = new Settings();
 
 $idpData = $samlSettings->getIdPData();
@@ -33,6 +36,4 @@
 
 $parameters = array('SAMLRequest' => $samlRequest);
 
-$url = Utils::redirect($sloUrl, $parameters, true);
-
-header("Location: $url");
+return Utils::redirect($sloUrl, $parameters);
diff --git a/demo2/sso.php b/demo2/sso.php
@@ -18,8 +18,8 @@
 $auth = new OneLogin\Saml2\Auth();
 
 if (!isset($_SESSION['samlUserdata'])) {
-    $auth->login();
+    return $auth->login();
 } else {
     $indexUrl = str_replace('/sso.php', '/index.php', Utils::getSelfURLNoQuery());
-    Utils::redirect($indexUrl);
+    return Utils::redirect($indexUrl);
 }