public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
try {
$samlToken = new SamlUserToken();
$samlToken->setDirectEntry($this->options['direct_entry']);
$authToken = $this->authenticationManager->authenticate($samlToken);
if ($authToken instanceof TokenInterface) {
$this->onSuccess($request, $authToken);
return $authToken;
} else {
if ($authToken instanceof Response) {
return $event->setResponse($authToken);
}
}
} catch (\Exception $e) {
$token = $this->tokenStorage->getToken();
list($attributes) = $this->map->getPatterns($request);
if (null !== $token && null !== $attributes) {
if ($token->isAuthenticated() && $this->accessDecisionManager->decide($token, $attributes, $request)) {
return;
}
}
$this->requestSaml($request);
$token = $this->tokenStorage->getToken();
if ($token instanceof SamlUserToken) {
$this->tokenStorage->setToken(null);
}
return;
//throw new AuthenticationException('The Saml user could not be retrieved from the session.');
}
// By default deny authorization
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$event->setResponse($response);
}
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return null;
}
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if ($user) {
$authenticatedToken = new SamlUserToken($user->getRoles());
$authenticatedToken->setUser($user);
$authenticatedToken->setAuthenticated(true);
$authenticatedToken->setAttributes($token->getAttributes());
$authenticatedToken->setDirectEntry($token->getDirectEntry());
return $authenticatedToken;
}
throw new AuthenticationException('The SAML authentication failed.');
}
