/** * Does the actual authentication of the user and returns an id that will be * used * to load the current user (loadUserOnSession) * * @param string $name * @param string $password * @return string id - used for loading the user * * Contributions by Erik Mitchell erikm@logicpd.com */ public function authenticateUser($name, $password) { $GLOBALS['log']->debug('authenticating user.'); if (empty($_POST['SAMLResponse'])) { return parent::authenticateUser($name, $password); } $GLOBALS['log']->debug('have saml data.'); $this->settings = SAMLAuthenticate::loadSettings(); try { $this->samlresponse = new OneLogin_Saml_Response($this->settings, $_POST['SAMLResponse']); } catch (Exception $e) { $GLOBALS['log']->error("Unexpected exception: " . $e->getMessage()); return ''; } if ($this->samlresponse->isValid()) { $GLOBALS['log']->debug('response is valid'); $this->samlresponse->attributes = $this->samlresponse->getAttributes(); if (!empty($this->settings->useXML)) { $this->xpath = new DOMXpath($this->samlresponse->document); } $id = $this->get_user_id(); if (!empty($this->settings->id)) { $user = $this->fetch_user($id, $this->settings->id); } else { $user = $this->fetch_user($id); } // user already exists use this one if ($user->id) { $GLOBALS['log']->debug('have db results'); if ($user->status != 'Inactive') { $GLOBALS['log']->debug('have current user'); $this->updateCustomFields($user); return $user->id; } else { $GLOBALS['log']->debug('have inactive user'); return ''; } } else { $xpath = new DOMXpath($this->samlresponse->document); if (isset($this->settings->customCreateFunction)) { return call_user_func($this->settings->customCreateFunction, $this, $this->samlresponse->getNameId(), $xpath, $this->settings); } else { return $this->createUser($this->samlresponse->getNameId()); } } } return ''; }
<?php /** * SAMPLE Code to demonstrate how to handle a SAML assertion response. * * The URL of this file will have been given during the SAML authorization. * After a successful authorization, the browser will be directed to this * link where it will send a certified response via $_POST. */ error_reporting(E_ALL); $settings = null; require 'settings.php'; $samlResponse = new OneLogin_Saml_Response($settings, $_POST['SAMLResponse']); try { if ($samlResponse->isValid()) { echo 'You are: ' . $samlResponse->getNameId() . '<br>'; $attributes = $samlResponse->getAttributes(); if (!empty($attributes)) { echo 'You have the following attributes:<br>'; echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>'; foreach ($attributes as $attributeName => $attributeValues) { echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>'; foreach ($attributeValues as $attributeValue) { echo '<li>' . htmlentities($attributeValue) . '</li>'; } echo '</ul></td></tr>'; } echo '</tbody></table><br><br>'; echo "The v.1 of the Onelogin's PHP SAML Tookit does not support SLO."; } } else {