Example #1
0
 /**
  * Send a SAML1 SSO request to an IdP.
  *
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the IdP.
  * @param array $state  The state array for the current authentication.
  */
 private function startSSO1(SimpleSAML_Configuration $idpMetadata, array $state)
 {
     $idpEntityId = $idpMetadata->getString('entityid');
     $state['saml:idp'] = $idpEntityId;
     $ar = new SimpleSAML_XML_Shib13_AuthnRequest();
     $ar->setIssuer($this->entityId);
     $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
     $ar->setRelayState($id);
     $useArtifact = $idpMetadata->getBoolean('saml1.useartifact', NULL);
     if ($useArtifact === NULL) {
         $useArtifact = $this->metadata->getBoolean('saml1.useartifact', FALSE);
     }
     if ($useArtifact) {
         $shire = SimpleSAML\Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId . '/artifact');
     } else {
         $shire = SimpleSAML\Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId);
     }
     $url = $ar->createRedirect($idpEntityId, $shire);
     SimpleSAML\Logger::debug('Starting SAML 1 SSO to ' . var_export($idpEntityId, TRUE) . ' from ' . var_export($this->entityId, TRUE) . '.');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
 }
Example #2
0
         * Falling back to builtin discovery service.
         */
        if (array_key_exists('idpdisco.url', $spmetadata)) {
            $discservice = $spmetadata['idpdisco.url'];
        } elseif ($config->getString('idpdisco.url.shib13', NULL) !== NULL) {
            $discservice = $config->getString('idpdisco.url.shib13');
        } else {
            $discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php';
        }
        SimpleSAML_Utilities::redirect($discservice, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'));
    }
    try {
        $ar = new SimpleSAML_XML_Shib13_AuthnRequest();
        $ar->setIssuer($spentityid);
        if (isset($_GET['RelayState'])) {
            $ar->setRelayState($_GET['RelayState']);
        }
        SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
        $url = $ar->createRedirect($idpentityid);
        SimpleSAML_Utilities::redirect($url);
    } catch (Exception $exception) {
        throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
    }
} else {
    $relaystate = $session->getRelayState();
    if (isset($relaystate) && !empty($relaystate)) {
        SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
        SimpleSAML_Utilities::redirect($relaystate);
    } else {
        throw new SimpleSAML_Error_Error('NORELAYSTATE');
    }
Example #3
0
         * Falling back to builtin discovery service.
         */
        if (array_key_exists('idpdisco.url', $spmetadata)) {
            $discservice = $spmetadata['idpdisco.url'];
        } elseif ($config->getString('idpdisco.url.shib13', NULL) !== NULL) {
            $discservice = $config->getString('idpdisco.url.shib13');
        } else {
            $discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php';
        }
        SimpleSAML_Utilities::redirectTrustedURL($discservice, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'));
    }
    try {
        $ar = new SimpleSAML_XML_Shib13_AuthnRequest();
        $ar->setIssuer($spentityid);
        if (isset($_GET['RelayState'])) {
            $ar->setRelayState(SimpleSAML_Utilities::checkURLAllowed($_GET['RelayState']));
        }
        SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
        $url = $ar->createRedirect($idpentityid);
        SimpleSAML_Utilities::redirectTrustedURL($url);
    } catch (Exception $exception) {
        throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
    }
} else {
    $relaystate = $_GET['RelayState'];
    if (isset($relaystate) && !empty($relaystate)) {
        SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
        SimpleSAML_Utilities::redirectUntrustedURL($relaystate);
    } else {
        throw new SimpleSAML_Error_Error('NORELAYSTATE');
    }