/**
* Send a SAML1 SSO request to an IdP.
*
* @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP.
* @param array $state The state array for the current authentication.
*/
private function startSSO1(SimpleSAML_Configuration $idpMetadata, array $state)
{
$idpEntityId = $idpMetadata->getString('entityid');
$state['saml:idp'] = $idpEntityId;
$ar = new SimpleSAML_XML_Shib13_AuthnRequest();
$ar->setIssuer($this->entityId);
$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
$ar->setRelayState($id);
$useArtifact = $idpMetadata->getBoolean('saml1.useartifact', NULL);
if ($useArtifact === NULL) {
$useArtifact = $this->metadata->getBoolean('saml1.useartifact', FALSE);
}
if ($useArtifact) {
$shire = SimpleSAML\Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId . '/artifact');
} else {
$shire = SimpleSAML\Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId);
}
$url = $ar->createRedirect($idpEntityId, $shire);
SimpleSAML\Logger::debug('Starting SAML 1 SSO to ' . var_export($idpEntityId, TRUE) . ' from ' . var_export($this->entityId, TRUE) . '.');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
}
* Falling back to builtin discovery service.
*/
if (array_key_exists('idpdisco.url', $spmetadata)) {
$discservice = $spmetadata['idpdisco.url'];
} elseif ($config->getString('idpdisco.url.shib13', NULL) !== NULL) {
$discservice = $config->getString('idpdisco.url.shib13');
} else {
$discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php';
}
SimpleSAML_Utilities::redirect($discservice, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'));
}
try {
$ar = new SimpleSAML_XML_Shib13_AuthnRequest();
$ar->setIssuer($spentityid);
if (isset($_GET['RelayState'])) {
$ar->setRelayState($_GET['RelayState']);
}
SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
$url = $ar->createRedirect($idpentityid);
SimpleSAML_Utilities::redirect($url);
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
}
} else {
$relaystate = $session->getRelayState();
if (isset($relaystate) && !empty($relaystate)) {
SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
SimpleSAML_Utilities::redirect($relaystate);
} else {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
* Falling back to builtin discovery service.
*/
if (array_key_exists('idpdisco.url', $spmetadata)) {
$discservice = $spmetadata['idpdisco.url'];
} elseif ($config->getString('idpdisco.url.shib13', NULL) !== NULL) {
$discservice = $config->getString('idpdisco.url.shib13');
} else {
$discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php';
}
SimpleSAML_Utilities::redirectTrustedURL($discservice, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'));
}
try {
$ar = new SimpleSAML_XML_Shib13_AuthnRequest();
$ar->setIssuer($spentityid);
if (isset($_GET['RelayState'])) {
$ar->setRelayState(SimpleSAML_Utilities::checkURLAllowed($_GET['RelayState']));
}
SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
$url = $ar->createRedirect($idpentityid);
SimpleSAML_Utilities::redirectTrustedURL($url);
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
}
} else {
$relaystate = $_GET['RelayState'];
if (isset($relaystate) && !empty($relaystate)) {
SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
SimpleSAML_Utilities::redirectUntrustedURL($relaystate);
} else {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}