function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes = FALSE)
{
/*
* Create a new processing chain
*/
$pc = new SimpleSAML_Auth_ProcessingChain($idp_metadata, $sp_metadata, 'idp');
/*
* Construct the state.
* REMEMBER: Do not set Return URL if you are calling processStatePassive
*/
$authProcState = array('Attributes' => $attributes, 'Destination' => $sp_metadata, 'Source' => $idp_metadata, 'isPassive' => TRUE);
/*
* Call processStatePAssive.
* We are not interested in any user interaction, only modifications to the attributes
*/
$pc->processStatePassive($authProcState);
$attributes = $authProcState['Attributes'];
/*
* Generate identifiers and hashes
*/
$destination = $sp_metadata['metadata-set'] . '|' . $sp_entityid;
$targeted_id = sspmod_consent_Auth_Process_Consent::getTargetedID($userid, $source, $destination);
$attribute_hash = sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes, $hashAttributes);
SimpleSAML_Logger::info('consentAdmin: user: '******'consentAdmin: target: ' . $targeted_id);
SimpleSAML_Logger::info('consentAdmin: attribute: ' . $attribute_hash);
/* Return values */
return array($targeted_id, $attribute_hash, $attributes);
}
/**
* Process a request.
*
* This function never returns.
*
* @param Auth_OpenID_Request $request The request we are processing.
*/
public function processRequest(array $state)
{
assert('isset($state["request"])');
$request = $state['request'];
$sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
$ax_req = Auth_OpenId_AX_FetchRequest::fromOpenIDRequest($request);
/* In resume.php there should be a way to display data requested through sreg or ax. */
if (!$this->authSource->isAuthenticated()) {
if ($request->immediate) {
/* Not logged in, and we cannot show a login form. */
$this->sendResponse($request->answer(FALSE));
}
$resumeURL = $this->getStateURL('resume.php', $state);
$this->authSource->requireAuth(array('ReturnTo' => $resumeURL));
}
$identity = $this->getIdentity();
assert('$identity !== FALSE');
/* Should always be logged in here. */
if (!$request->idSelect() && $identity !== $request->identity) {
/* The identity in the request doesn't match the one of the logged in user. */
throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.');
}
if ($this->isTrusted($identity, $request->trust_root)) {
$trusted = TRUE;
} elseif (isset($state['TrustResponse'])) {
$trusted = (bool) $state['TrustResponse'];
} else {
if ($request->immediate) {
/* Not trusted, and we cannot show a trust-form. */
$this->sendResponse($request->answer(FALSE));
}
$trustURL = $this->getStateURL('trust.php', $state);
SimpleSAML_Utilities::redirectTrustedURL($trustURL);
}
if (!$trusted) {
/* The user doesn't trust this site. */
$this->sendResponse($request->answer(FALSE));
}
$response = $request->answer(TRUE, NULL, $identity);
//Process attributes
$attributes = $this->authSource->getAttributes();
foreach ($attributes as $key => $attr) {
if (is_array($attr) && count($attr) === 1) {
$attributes[$key] = $attr[0];
}
}
$pc = new SimpleSAML_Auth_ProcessingChain($this->authProc, array(), 'idp');
$state = array('Attributes' => $attributes, 'isPassive' => TRUE);
$pc->processStatePassive(&$state);
$attributes = $state['Attributes'];
//Process SREG requests
$sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $attributes);
$sreg_resp->toMessage($response->fields);
//Process AX requests
$ax_resp = new Auth_OpenID_AX_FetchResponse();
foreach ($ax_req->iterTypes() as $type_uri) {
if (isset($attributes[$type_uri])) {
$ax_resp->addValue($type_uri, $attributes[$type_uri]);
}
}
$ax_resp->toMessage($response->fields);
/* The user is authenticated, and trusts this site. */
$this->sendResponse($response);
}
private function processFilters(&$attributes)
{
$spMetadataArray = $this->spMetadata->toArray();
$aaMetadataArray = $this->aaMetadata->toArray();
$pc = new SimpleSAML_Auth_ProcessingChain($aaMetadataArray, $spMetadataArray, 'aa');
$authProcState = array('Attributes' => $attributes, 'Destination' => $spMetadataArray, 'Source' => $aaMetadataArray);
$pc->processStatePassive($authProcState);
// backend, passive processing, no user interaction
$attributes = $authProcState['Attributes'];
}
