/** * Handle authentication error. * * SimpleSAML_Error_Exception $exception The exception. * @param array $state The error state. */ public static function handleAuthError(SimpleSAML_Error_Exception $exception, array $state) { assert('isset($state["SPMetadata"])'); assert('isset($state["saml:ConsumerURL"])'); assert('array_key_exists("saml:RequestId", $state)'); // Can be NULL. assert('array_key_exists("saml:RelayState", $state)'); // Can be NULL. $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']'); $requestId = $state['saml:RequestId']; $relayState = $state['saml:RelayState']; $consumerURL = $state['saml:ConsumerURL']; $protocolBinding = $state['saml:Binding']; $idp = SimpleSAML_IdP::getByState($state); $idpMetadata = $idp->getConfig(); $error = sspmod_saml_Error::fromException($exception); SimpleSAML_Logger::warning('Returning error to sp: ' . var_export($spEntityId, TRUE)); $error->logWarning(); $ar = self::buildResponse($idpMetadata, $spMetadata, $consumerURL); $ar->setInResponseTo($requestId); $ar->setRelayState($relayState); $status = array('Code' => $error->getStatus(), 'SubCode' => $error->getSubStatus(), 'Message' => $error->getStatusMessage()); $ar->setStatus($status); $statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'protocol' => 'saml2', 'error' => $status); if (isset($state['saml:AuthnRequestReceivedAt'])) { $statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt']; } SimpleSAML_Stats::log('saml:idp:Response:error', $statsData); $binding = SAML2_Binding::getBinding($protocolBinding); $binding->send($ar); }
/** * ProxyCountExceeded error constructor. * * @param string $responsible A string telling who is responsible for this error. Can be one of the following: * - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder. * - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester. * @param string|null $message A short message explaining why this error happened. * @param \Exception|null $cause An exception that caused this error. */ public function __construct($responsible, $message = null, \Exception $cause = null) { parent::__construct($responsible, Constants::STATUS_PROXY_COUNT_EXCEEDED, $message, $cause); }
/** * NoAvailableIDP error constructor. * * @param string $responsible A string telling who is responsible for this error. Can be one of the following: * - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder. * - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester. * @param string|null $message A short message explaining why this error happened. * @param \Exception|null $cause An exception that caused this error. */ public function __construct($responsible, $message = null, \Exception $cause = null) { parent::__construct($responsible, Constants::STATUS_NO_AVAILABLE_IDP, $message, $cause); }
/** * NoAuthnContext error constructor. * * @param string $responsible A string telling who is responsible for this error. Can be one of the following: * - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder. * - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester. * @param string|null $message A short message explaining why this error happened. * @param \Exception|null $cause An exception that caused this error. */ public function __construct($responsible, $message = null, \Exception $cause = null) { parent::__construct($responsible, Constants::STATUS_NO_AUTHN_CONTEXT, $message, $cause); }