saml:IdP: Extract extensions from authentication request.

Thanks to Andjelko Horvat for implementing this!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2701 44740490-163a-0410-bde0-09ae8108e29a

3 files changed, 81 insertions, 0 deletions

diff --git a/lib/SAML2/AuthnRequest.php b/lib/SAML2/AuthnRequest.php
index dc1c26d..44fa85c 100644
--- a/lib/SAML2/AuthnRequest.php
+++ b/lib/SAML2/AuthnRequest.php
@@ -79,6 +79,12 @@ class SAML2_AuthnRequest extends SAML2_Request {
 	 */
 	private $requestedAuthnContext;
 
+	/**
+	 * Request extensions.
+	 *
+	 * @var array
+	 */
+	private $extensions;
 
 	/**
 	 * Constructor for SAML 2 authentication request messages.
@@ -165,6 +171,8 @@ class SAML2_AuthnRequest extends SAML2_Request {
 			}
 
 		}
+
+		$this->extensions = SAML2_XML_samlp_Extensions::getList($xml);
 	}
 
 
@@ -347,6 +355,28 @@ class SAML2_AuthnRequest extends SAML2_Request {
 
 
 	/**
+	 * Retrieve the Extensions.
+	 *
+	 * @return SAML2_XML_samlp_Extensions.
+	 */
+	public function getExtensions() {
+		return $this->extensions;
+	}
+
+
+	/**
+	 * Set the Extensions.
+	 *
+	 * @param array|NULL $extensions The Extensions.
+	 */
+	public function setExtensions($extensions) {
+		assert('is_array($extensions) || is_null($extensions)');
+
+		$this->extensions = $extensions;
+	}
+
+
+	/**
 	 * Convert this authentication request to an XML element.
 	 *
 	 * @return DOMElement  This authentication request.
diff --git a/lib/SAML2/XML/samlp/Extensions.php b/lib/SAML2/XML/samlp/Extensions.php
new file mode 100644
index 0000000..ad86c3f
--- /dev/null
+++ b/lib/SAML2/XML/samlp/Extensions.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * Class for handling SAML2 extensions.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class SAML2_XML_samlp_Extensions {
+
+	/**
+	 * Get a list of Extensions in the given element.
+	 *
+	 * @param DOMElement $parent  The element that may contain the samlp:Extensions element.
+	 * @return array  Array of extensions.
+	 */
+	public static function getList(DOMElement $parent) {
+
+		$ret = array();
+		foreach (SAML2_Utils::xpQuery($parent, './saml_protocol:Extensions/*') as $node) {
+			$ret[] = new SAML2_XML_Chunk($node);
+		}
+
+		return $ret;
+	}
+
+
+	/**
+	 * Add a list of Extensions to the given element.
+	 *
+	 * @param DOMElement $parent  The element we should add the extensions to.
+	 * @param array $extensions  List of extension objects.
+	 */
+	public static function addList(DOMElement $parent, array $extensions) {
+
+		if (empty($extensions)) {
+			return;
+		}
+
+		$extElement = $parent->ownerDocument->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:Extensions');
+		$parent->appendChild($extElement);
+
+		foreach ($extensions as $ext) {
+			$ext->toXML($extElement);
+		}
+	}
+
+}
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 85050b4..589b343 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -173,6 +173,7 @@ class sspmod_saml_IdP_SAML2 {
 			$forceAuthn = FALSE;
 			$isPassive = FALSE;
 			$consumerURL = NULL;
+			$extensions = NULL;
 
 			SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: '. var_export($spEntityId, TRUE));
 
@@ -204,6 +205,7 @@ class sspmod_saml_IdP_SAML2 {
 			$isPassive = $request->getIsPassive();
 			$consumerURL = $request->getAssertionConsumerServiceURL();
 			$protocolBinding = $request->getProtocolBinding();
+			$extensions = $request->getExtensions();
 
 			$nameIdPolicy = $request->getNameIdPolicy();
 			if (isset($nameIdPolicy['Format'])) {
@@ -283,6 +285,7 @@ class sspmod_saml_IdP_SAML2 {
 			'saml:ConsumerURL' => $consumerURL,
 			'saml:Binding' => $protocolBinding,
 			'saml:NameIDFormat' => $nameIDFormat,
+			'saml:Extensions' => $extensions,
 		);
 
 		$idp->handleAuthenticationRequest($state);