SecureBlackbox 2020 PHP Edition

Questions / Feedback?

SAMLIdPServer Class

Properties   Methods   Events   Configuration Settings   Errors  

The SAMLIdPServer class represents a SAML identity provider.

Class Name

SecureBlackbox_SAMLIdPServer

Procedural Interface

 secureblackbox_samlidpserver_open();
 secureblackbox_samlidpserver_close($res);
 secureblackbox_samlidpserver_register_callback($res, $id, $function);
 secureblackbox_samlidpserver_get_last_error($res);
 secureblackbox_samlidpserver_get_last_error_code($res);
 secureblackbox_samlidpserver_set($res, $id, $index, $value);
 secureblackbox_samlidpserver_get($res, $id, $index);
 secureblackbox_samlidpserver_do_addidpssolink($res, $spindex, $url, $relaystate);
 secureblackbox_samlidpserver_do_adduser($res, $login, $password);
 secureblackbox_samlidpserver_do_adduserwithemail($res, $login, $email, $password);
 secureblackbox_samlidpserver_do_clearusers($res);
 secureblackbox_samlidpserver_do_config($res, $configurationstring);
 secureblackbox_samlidpserver_do_loadspmetadata($res, $filename);
 secureblackbox_samlidpserver_do_removeidpssolink($res, $index);
 secureblackbox_samlidpserver_do_removesp($res, $index);
 secureblackbox_samlidpserver_do_removeuser($res, $login);
 secureblackbox_samlidpserver_do_savemetadata($res, $filename);
 secureblackbox_samlidpserver_do_start($res);
 secureblackbox_samlidpserver_do_stop($res);

Remarks

The identity provider in the SAML (Security Assertion Markup Language) exchange flow represents the server that issues authentication assertions for single sign-on (SSO).

Requests received by the IdP server from known service providers (SP) are processed automatically, in accordance with known SP metadata and IdP options. If the request is correct, the client is redirected to the IdP for authentication. The authentication algorithm depends on the IdP options and may be reduced to a simple IP check, X.509 certificate authentication, or login credentials check.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

ActiveTells whether the server is active and ready to process requests.
AllowIDPSSOSpecifies if IdP-initiated Single Sign-On (SSO) is allowed.
ArtifactResolutionServiceThe location of the artifact resolution service.
AttributeQueryServiceThe location of the AttributeQuery service.
AuthFormTemplateDefines the default authentication template (login page).
EncryptAssertionsSpecifies whether to encrypt assertions included into the IdP response.
EncryptionCertBytesReturns raw certificate data in DER format.
EncryptionCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
ErrorOriginIndicates the endpoint where the error originates from.
ErrorSeverityThe severity of the error that happened.
ExternalCryptoCustomParamsCustom parameters to be passed to the signing service (uninterpreted).
ExternalCryptoDataAdditional data to be included in the async state and mirrored back by the requestor.
ExternalCryptoExternalHashCalculationSpecifies whether the message hash is to be calculated at the external endpoint.
ExternalCryptoHashAlgorithmSpecifies the request's signature hash algorithm.
ExternalCryptoKeyIDThe ID of the pre-shared key used for DC request authentication.
ExternalCryptoKeySecretThe pre-shared key used for DC request authentication.
ExternalCryptoMethodSpecifies the asynchronous signing method.
ExternalCryptoModeSpecifies the external cryptography mode.
ExternalCryptoPublicKeyAlgorithmProvide public key algorithm here if the certificate is not available on the pre-signing stage.
HostSpecifies the host address of the IdP server.
IDPSSOPageSpecifies the relative URL of the IdP-initiated SSO page.
IDPSSOPageContentThe content of the IdP-initiated SSO page.
LoginAttemptsLimitThe maximum number of login attempts.
MetadataURLThe IdP's metadata location.
MetaSigningCertBytesReturns raw certificate data in DER format.
MetaSigningCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
PortThe listening port number.
PreferredSingleLogoutResponseBindingSpecifies the preferred single logout response binding.
PreferredSingleSignOnResponseBindingSpecifies preferred SSO response binding.
ServerCertCountThe number of records in the ServerCert arrays.
ServerCertBytesReturns raw certificate data in DER format.
ServerCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
SignAssertionsSpecifies whether the assertions included in IdP responses should be signed.
SigningCertBytesReturns raw certificate data in DER format.
SigningCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
SigningChainCountThe number of records in the SigningChain arrays.
SigningChainBytesReturns raw certificate data in DER format.
SigningChainHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
SignMetadataSpecifies whether the IdP's metadata should be signed.
SignResponseSpecifies whether the IdP responses should be signed.
SingleLogoutServiceThe URL of the single logout service.
SingleLogoutServiceBindingsDefines single logout service bindings.
SingleSignOnServiceThe URL of the single logout service.
SingleSignOnServiceBindingsDefines single sign-on service bindings.
SocketIncomingSpeedLimitThe maximum number of bytes to read from the socket, per second.
SocketLocalAddressThe local network interface to bind the socket to.
SocketLocalPortThe local port number to bind the socket to.
SocketOutgoingSpeedLimitThe maximum number of bytes to write to the socket, per second.
SocketTimeoutThe maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
SocketUseIPv6Enables or disables IP protocol version 6.
TLSAutoValidateCertificatesSpecifies whether server-side TLS certificates should be validated automatically using internal validation rules.
TLSBaseConfigurationSelects the base configuration for the TLS settings.
TLSCiphersuitesA list of ciphersuites separated with commas or semicolons.
TLSECCurvesDefines the elliptic curves to enable.
TLSForceResumeIfDestinationChangesWhether to force TLS session resumption when the destination address changes.
TLSPreSharedIdentityDefines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
TLSPreSharedKeyContains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
TLSPreSharedKeyCiphersuiteDefines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
TLSRenegotiationAttackPreventionModeSelects renegotiation attack prevention mechanism.
TLSRevocationCheckSpecifies the kind(s) of revocation check to perform.
TLSSSLOptionsVarious SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
TLSTLSModeSpecifies the TLS mode to use.
TLSUseExtendedMasterSecretEnables Extended Master Secret Extension, as defined in RFC 7627.
TLSUseSessionResumptionEnables or disables TLS session resumption capability.
TLSVersionsTh SSL/TLS versions to enable by default.
URLSpecifies the base URL of this IdP server.
UseTLSEnables or disables the secure connection requirement.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

AddIdPSSOLinkAdds an SSO URL to the list.
AddUserRegisters known user credentials.
AddUserWithEmailRegisters known user credentials.
ClearUsersClears the database of registered users.
ConfigSets or retrieves a configuration setting.
LoadSPMetadataLoads the metadata required for information exchange with the service provider.
RemoveIdPSSOLinkRemoves the specified SSO link.
RemoveSPRemoves an SP from the list of trusted service providers.
RemoveUserUnregister user credentials.
SaveMetadataSaves the IdP configuration to a metadata file.
StartStarts the IdP server.
StopStops the IdP server.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

AcceptReports an incoming connection.
ConnectReports an accepted connection.
DisconnectFires to report a disconnected client.
ErrorInformation about errors during data delivery.
ExternalSignHandles remote or external signing initiated by the server protocol.
NotificationThis event notifies the application about an underlying control flow event.
SessionClosedThis event is fired when the IdP server has closed a session.
SessionEstablishedThis event is fired when a new session has been established.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

AssertionsOneTimeUseAdds a one-time use condition to the assertion.
AssertionsTTLThe assertions time-to-live value.
BoundPortThe port that was bound by the server.
DefaultNameIDPolicyFormatDefault name ID policy format.
DefaultPassiveAuthnContextClassRefThe default passive authentication context class.
DualStackAllows the use of ip4 and ip6 simultaneously.
HandshakeTimeoutThe HTTPS handshake timeout.
MaxIssueInstantTimeDiffThe maximum issue-instant time delta.
NotBeforeTimeoutThe 'not-before' timeout to use.
PortRangeFromThe lower bound of allowed port scope to listen on.
PortRangeToThe higher bound of allowed port scope to listen on.
ServerNameSpecifies the server name for the created responses.
SessionTimeoutThe HTTP session timeout.
SessionTTLThe SAML session time-to-live value.
SubjectConfirmationMethodSubject confirmation method.
TempPathPath for storing temporary files.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client classes should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 PHP Edition - Version 20.0 [Build 8154]