Returns the URL of the current host + current view + query.
| public static getSelfURL ( ) : string | ||
| return | string | |
function verificar_acceso($datos_iniciales = null)
{
$auth = $this->instanciar_pedido_onelogin();
if (!is_null(toba::memoria()->get_parametro('acs'))) {
//Se verifica la respuesta y se chequea la autenticacion
$auth->processResponse();
$this->verificar_errores_onelogin($auth);
if (!$auth->isAuthenticated()) {
throw new toba_error_autenticacion('No ha sido posible autenticar al usuario');
}
$this->set_atributos_usuario($auth->getAttributes());
$id_usuario = $this->recuperar_usuario_toba();
//Recupero usr y verifico existencia en toba, excepcion si no existe
try {
toba::manejador_sesiones()->login($id_usuario, 'foobar', $datos_iniciales);
//La clave no importa porque se autentifica via token
} catch (toba_reset_nucleo $e) {
if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
$auth->redirectTo($_POST['RelayState']);
} else {
throw $e;
}
}
return $id_usuario;
} else {
$this->procesar_logout($auth);
//Se hace el redirect hacia el idp
$parametros_url = array();
if (isset($this->parametros_url) && is_array($this->parametros_url)) {
$parametros_url = $this->parametros_url;
}
$auth->login($this->generar_url($parametros_url));
}
}
public function acsAction(Request $req)
{
$auth = $this->get('arcanys_sso_auth.saml2');
$auth->processResponse();
$errors = $auth->getErrors();
if (!empty($errors)) {
throw new \Exception(implode(', ', $errors));
}
if (!$auth->isAuthenticated()) {
throw new AccessDeniedHttpException();
}
$session = $this->get('session');
$session->getFlashBag()->set('arcanys_sso_auth.user_data', $auth->getAttributes());
$session->getFlashBag()->set('arcanys_sso_auth.name_id', $auth->getNameId());
$session->getFlashBag()->set('arcanys_sso_auth.session_index', $auth->getSessionIndex());
if ($req->request->get('RelayState') && \OneLogin_Saml2_Utils::getSelfURL() != $req->request->get('RelayState')) {
// $auth->redirectTo($req->request->get('RelayState'));
return $this->redirect($req->request->get('RelayState'));
}
}
$requestID = null;
}
$auth->processResponse($requestID);
$errors = $auth->getErrors();
if (!empty($errors)) {
print_r('<p>' . implode(', ', $errors) . '</p>');
}
if (!$auth->isAuthenticated()) {
echo "<p>Not authenticated</p>";
exit;
}
$_SESSION['samlUserdata'] = $auth->getAttributes();
$_SESSION['samlNameId'] = $auth->getNameId();
$_SESSION['samlSessionIndex'] = $auth->getSessionIndex();
unset($_SESSION['AuthNRequestID']);
if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
$auth->redirectTo($_POST['RelayState']);
}
} else {
if (isset($_GET['sls'])) {
if (isset($_SESSION) && isset($_SESSION['LogoutRequestID'])) {
$requestID = $_SESSION['LogoutRequestID'];
} else {
$requestID = null;
}
$auth->processSLO(false, $requestID);
$errors = $auth->getErrors();
if (empty($errors)) {
print_r('<p>Sucessfully logged out</p>');
} else {
print_r('<p>' . implode(', ', $errors) . '</p>');
/**
* Tests the getSelfURL method of the OneLogin_Saml2_Utils
*
* @covers OneLogin_Saml2_Utils::getSelfURL
*/
public function testGetSelfURL()
{
$url = OneLogin_Saml2_Utils::getSelfURLhost();
$this->assertEquals($url, OneLogin_Saml2_Utils::getSelfURL());
$_SERVER['REQUEST_URI'] = '/index.php';
$this->assertEquals($url . '/index.php', OneLogin_Saml2_Utils::getSelfURL());
$_SERVER['REQUEST_URI'] = '/test/index.php?testing';
$this->assertEquals($url . '/test/index.php?testing', OneLogin_Saml2_Utils::getSelfURL());
$_SERVER['REQUEST_URI'] = '/test/index.php?testing';
$this->assertEquals($url . '/test/index.php?testing', OneLogin_Saml2_Utils::getSelfURL());
$_SERVER['REQUEST_URI'] = 'https://example.com/testing';
$this->assertEquals($url . '/testing', OneLogin_Saml2_Utils::getSelfURL());
}
/**
* SAML 2.0 Auth test endpoint
*
* FIXME remove termporary saml2 acs endpoint
*/
public function samlAction()
{
/* FIXME We'll enable \Scalr::config('scalr.auth_mode') !== 'saml' when it is production ready
if (\Scalr::config('scalr.auth_mode') !== 'saml') {
$this->response->setHttpResponseCode(404);
return;
}
*/
@session_start();
//This is necessary for test container as OneLogin_Saml2_Utils::getSelfHost() method relies on HTTP_HOST / SERVER_PORT
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
$auth = $this->getContainer()->saml;
$body = '';
if (isset($_GET['sso'])) {
$auth->login();
} else {
if (isset($_GET['slo'])) {
$auth->logout(null, [], isset($_SESSION['samlNameId']) ? $_SESSION['samlNameId'] : null, isset($_SESSION['samlSessionIndex']) ? $_SESSION['samlSessionIndex'] : null);
} else {
if (isset($_GET['acs'])) {
$auth->processResponse();
$errors = $auth->getErrors();
if (!empty($errors)) {
$body .= '<p>' . implode(', ', $errors) . '</p>';
}
if (!$auth->isAuthenticated()) {
$body .= "<p>Not authenticated</p>";
$this->response->body = $body;
return;
}
$_SESSION['samlUserdata'] = $auth->getAttributes();
$_SESSION['samlNameId'] = $auth->getNameId();
$_SESSION['samlSessionIndex'] = $auth->getSessionIndex();
if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
$auth->redirectTo($_POST['RelayState']);
return;
}
} else {
if (isset($_GET['sls'])) {
$auth->processSLO();
$errors = $auth->getErrors();
if (empty($errors)) {
$body .= '<p>Sucessfully logged out</p>';
} else {
$body .= '<p>' . implode(', ', $errors) . '</p>';
}
} else {
if (isset($_GET['metadata'])) {
$settings = $auth->getSettings();
// Now we only validate SP settings
$metadata = $settings->getSPMetadata();
$errors = $settings->validateMetadata($metadata);
if (empty($errors)) {
$this->response->setHeader('Content-Type', 'text/xml');
$this->response->body = $metadata;
return;
} else {
throw new OneLogin_Saml2_Error('Invalid SP metadata: ' . implode(', ', $errors), OneLogin_Saml2_Error::METADATA_SP_INVALID);
}
}
}
}
}
}
if (isset($_SESSION['samlUserdata'])) {
if (!empty($_SESSION['samlUserdata'])) {
$attributes = $_SESSION['samlUserdata'];
$body .= '<style type="text/css">' . ' th, td { border: 1px solid black; padding: 2px 4px; }' . ' ul { padding: 1px 2px; margin: 0px; }' . ' ul li { list-style-type: none; }' . '</style>';
$body .= 'Scalr requires following attributes:<br>';
$body .= '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
$body .= '<tr><td>Email</td><td><ul><li>' . htmlentities($_SESSION['samlNameId']) . '</li></ul></td></tr>';
$body .= '<tr><td>Groups</td><td><ul><li>' . (!empty($_SESSION['samlUserdata']['Groups']) ? join(', ', array_map('htmlentities', (array) $_SESSION['samlUserdata']['Groups'])) : '<b color="red">not provided</b>') . '</li></ul></td></tr>';
$body .= '</tbody></table>';
$body .= "<br><br>";
$body .= 'Your Identity Provider responded with attributes:<br>';
$body .= '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
$body .= '<tr><td>Email</td><td><ul><li>' . htmlentities($_SESSION['samlNameId']) . '</li></ul></td></tr>';
foreach ($attributes as $attributeName => $attributeValues) {
$body .= '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
foreach ($attributeValues as $attributeValue) {
$body .= '<li>' . htmlentities($attributeValue) . '</li>';
}
$body .= '</ul></td></tr>';
}
$body .= '</tbody></table>';
} else {
$body .= "<p>You don't have any attribute</p>";
}
$body .= '<p><a href="?slo">single logout</a></p>';
} else {
$body .= '<p><a href="?sso">single sign on</a></p>';
}
$this->response->body = $body;
}
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
session_start();
require_once '_toolkit_loader.php';
if (!isset($_SESSION['samlUserdata'])) {
$settings = new OneLogin_Saml2_Settings();
$authRequest = new OneLogin_Saml2_AuthnRequest($settings);
$samlRequest = $authRequest->getRequest();
$parameters = array('SAMLRequest' => $samlRequest);
$parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfURL();
//echo str_replace("\n", "<BR>", str_replace(" ", " ", print_r($settings, true)));
//echo str_replace("\n", "<BR>", str_replace(" ", " ", print_r($parameters, true)));
$idpData = $settings->getIdPData();
$ssoUrl = $idpData['singleSignOnService']['url'];
$url = OneLogin_Saml2_Utils::redirect($ssoUrl, $parameters, true);
header("Location: {$url}");
} else {
if (!empty($_SESSION['samlUserdata'])) {
$xertedata = array();
// echo str_replace("\n", "<BR>", str_replace(" ", " ", print_r($_SESSION['samlUserdata'], true)));
// echo str_replace("\n", "<BR>", str_replace(" ", " ", print_r($_REQUEST, true)));
$xertedata['IdPSessionIndex'] = $_SESSION['IdPSessionIndex'];
$xertedata['username'] = $_SESSION['samlUserdata']['urn:oid:0.9.2342.19200300.100.1.1'][0];
// uid
$xertedata['firstname'] = $_SESSION['samlUserdata']['urn:oid:2.5.4.42'][0];
