/**
* Handle authentication error.
*
* SimpleSAML_Error_Exception $exception The exception.
* @param array $state The error state.
*/
public static function handleAuthError(SimpleSAML_Error_Exception $exception, array $state)
{
assert('isset($state["SPMetadata"])');
assert('isset($state["saml:ConsumerURL"])');
assert('array_key_exists("saml:RequestId", $state)');
// Can be NULL.
assert('array_key_exists("saml:RelayState", $state)');
// Can be NULL.
$spMetadata = $state["SPMetadata"];
$spEntityId = $spMetadata['entityid'];
$spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']');
$requestId = $state['saml:RequestId'];
$relayState = $state['saml:RelayState'];
$consumerURL = $state['saml:ConsumerURL'];
$protocolBinding = $state['saml:Binding'];
$idp = SimpleSAML_IdP::getByState($state);
$idpMetadata = $idp->getConfig();
$error = sspmod_saml_Error::fromException($exception);
SimpleSAML_Logger::warning('Returning error to sp: ' . var_export($spEntityId, TRUE));
$error->logWarning();
$ar = self::buildResponse($idpMetadata, $spMetadata, $consumerURL);
$ar->setInResponseTo($requestId);
$ar->setRelayState($relayState);
$status = array('Code' => $error->getStatus(), 'SubCode' => $error->getSubStatus(), 'Message' => $error->getStatusMessage());
$ar->setStatus($status);
$statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'protocol' => 'saml2', 'error' => $status);
if (isset($state['saml:AuthnRequestReceivedAt'])) {
$statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt'];
}
SimpleSAML_Stats::log('saml:idp:Response:error', $statsData);
$binding = SAML2_Binding::getBinding($protocolBinding);
$binding->send($ar);
}
/**
* ProxyCountExceeded error constructor.
*
* @param string $responsible A string telling who is responsible for this error. Can be one of the following:
* - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder.
* - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester.
* @param string|null $message A short message explaining why this error happened.
* @param \Exception|null $cause An exception that caused this error.
*/
public function __construct($responsible, $message = null, \Exception $cause = null)
{
parent::__construct($responsible, Constants::STATUS_PROXY_COUNT_EXCEEDED, $message, $cause);
}
/**
* NoAvailableIDP error constructor.
*
* @param string $responsible A string telling who is responsible for this error. Can be one of the following:
* - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder.
* - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester.
* @param string|null $message A short message explaining why this error happened.
* @param \Exception|null $cause An exception that caused this error.
*/
public function __construct($responsible, $message = null, \Exception $cause = null)
{
parent::__construct($responsible, Constants::STATUS_NO_AVAILABLE_IDP, $message, $cause);
}
/**
* NoAuthnContext error constructor.
*
* @param string $responsible A string telling who is responsible for this error. Can be one of the following:
* - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder.
* - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester.
* @param string|null $message A short message explaining why this error happened.
* @param \Exception|null $cause An exception that caused this error.
*/
public function __construct($responsible, $message = null, \Exception $cause = null)
{
parent::__construct($responsible, Constants::STATUS_NO_AUTHN_CONTEXT, $message, $cause);
}
