/** * Handle the forwarding of the user to the proper IdP0 after the WAYF screen. * * @param string $serviceName * @throws EngineBlock_Corto_Module_Services_Exception * @throws EngineBlock_Exception * @throws EngineBlock_Corto_Module_Services_SessionLostException */ public function serve($serviceName) { $selectedIdp = urldecode($_REQUEST['idp']); if (!$selectedIdp) { throw new EngineBlock_Corto_Module_Services_Exception('No IdP selected after WAYF'); } // Retrieve the request from the session. $id = $_POST['ID']; if (!$id) { throw new EngineBlock_Exception('Missing ID for AuthnRequest after WAYF', EngineBlock_Exception::CODE_NOTICE); } $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($this->_server->getSessionLog()); $request = $authnRequestRepository->findRequestById($id); if (!$request) { throw new EngineBlock_Corto_Module_Services_SessionLostException('Session lost after WAYF'); } // Flush log if SP or IdP has additional logging enabled $sp = $this->_server->getRepository()->fetchServiceProviderByEntityId($request->getIssuer()); $idp = $this->_server->getRepository()->fetchIdentityProviderByEntityId($selectedIdp); if (EngineBlock_SamlHelper::doRemoteEntitiesRequireAdditionalLogging(array($sp, $idp))) { $application = EngineBlock_ApplicationSingleton::getInstance(); $application->flushLog('Activated additional logging for the SP or IdP'); $log = $application->getLogInstance(); $log->info('Raw HTTP request', array('http_request' => (string) $application->getHttpRequest())); } $this->_server->sendAuthenticationRequest($request, $selectedIdp); }
/** * @param EngineBlock_Saml2_ResponseAnnotationDecorator $response * @return EngineBlock_Saml2_AuthnRequestAnnotationDecorator * @throws EngineBlock_Corto_ProxyServer_Exception * @throws EngineBlock_Exception * @throws EngineBlock_Corto_Module_Services_SessionLostException */ public function getReceivedRequestFromResponse(EngineBlock_Saml2_ResponseAnnotationDecorator $response) { /** @var SAML2_Response $response */ $requestId = $response->getInResponseTo(); if (!$requestId) { throw new EngineBlock_Corto_ProxyServer_Exception('Response without InResponseTo, e.g. unsolicited. We don\'t support this.', EngineBlock_Exception::CODE_NOTICE); } $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($this->getSessionLog()); $spRequestId = $authnRequestRepository->findLinkedRequestId($requestId); if (!$spRequestId) { throw new EngineBlock_Corto_Module_Services_SessionLostException("Trying to find a AuthnRequest (we made and sent) with id '{$requestId}' but it is not known in this session? " . "This could be an unsolicited Response (which we do not support) but more likely the user lost their session", EngineBlock_Corto_ProxyServer_Exception::CODE_NOTICE); } $spRequest = $authnRequestRepository->findRequestById($spRequestId); if (!$spRequest) { throw new EngineBlock_Corto_ProxyServer_Exception('Response has no known Request', EngineBlock_Corto_ProxyServer_Exception::CODE_NOTICE); } return $spRequest; }