SimpleSAML_Utilities::redirect($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true'));
}
$discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid');
$discoparameters['isPassive'] = $isPassive;
if (sizeof($reachableIDPs) > 0) {
$discoparameters['IDPList'] = $reachableIDPs;
}
SimpleSAML_Utilities::redirect($discourl, $discoparameters);
}
/*
* Create and send authentication request to the IdP.
*/
try {
$spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-hosted');
$idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-remote');
$ar = sspmod_saml2_Message::buildAuthnRequest($spMetadata, $idpMetadata);
$assertionConsumerServiceURL = $metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted');
$ar->setAssertionConsumerServiceURL($assertionConsumerServiceURL);
$ar->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$ar->setRelayState($_REQUEST['RelayState']);
if ($isPassive) {
$ar->setIsPassive(TRUE);
}
if ($forceAuthn) {
$ar->setForceAuthn(TRUE);
}
if (array_key_exists('IDPList', $spmetadata)) {
$IDPList = array_unique(array_merge($IDPList, $spmetadata['IDPList']));
}
if (isset($_GET['IDPList']) && !empty($_GET['IDPList'])) {
$providers = $_GET['IDPList'];
/**
* Send a SAML2 SSO request to an IdP.
*
* @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP.
* @param array $state The state array for the current authentication.
*/
private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state)
{
$ar = sspmod_saml2_Message::buildAuthnRequest($this->metadata, $idpMetadata);
$ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId));
$ar->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
if (isset($state['SimpleSAML_Auth_Default.ReturnURL'])) {
$ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']);
}
$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', TRUE);
$ar->setId($id);
$b = new SAML2_HTTPRedirect();
$b->setDestination(sspmod_SAML2_Message::getDebugDestination());
$b->send($ar);
assert('FALSE');
}
/**
* Send authentication request to specified IdP.
*
* @param string $idp The IdP we should send the request to.
* @param array $state Our state array.
*/
public function initSSO($idp, $state)
{
assert('is_string($idp)');
assert('is_array($state)');
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote');
$ar = sspmod_saml2_Message::buildAuthnRequest($this->metadata, $idpMetadata);
$ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml2/sp/acs.php'));
$ar->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$id = SimpleSAML_Auth_State::saveState($state, self::STAGE_SENT);
$ar->setRelayState($id);
$b = new SAML2_HTTPRedirect();
$b->setDestination(sspmod_SAML2_Message::getDebugDestination());
$b->send($ar);
assert('FALSE');
}
