Particularly, it will make sure that the provided URL is allowed by the 'redirect.trustedsites' directive in the
configuration.
If the aforementioned option is not set or the URL does correspond to a trusted site, it performs a redirection
to it. If the site is not trusted, an exception will be thrown.
| public static redirectUntrustedURL ( string $url, string[] $parameters = [] ) : void | ||
| $url | string | The URL we should redirect to. This URL may include query parameters. If this URL is a relative URL (starting with '/'), then it will be turned into an absolute URL by prefixing it with the absolute URL to the root of the website. |
| $parameters | string[] | An array with extra query string parameters which should be appended to the URL. The name of the parameter is the array index. The value of the parameter is the value stored in the index. Both the name and the value will be urlencoded. If the value is NULL, then the parameter will be encoded as just the name, without a value. |
| return | void | This function never returns. |
/**
* Handle an unsolicited login operations.
*
* This method creates a session from the information received. It will then redirect to the given URL. This is used
* to handle IdP initiated SSO. This method will never return.
*
* @param string $authId The id of the authentication source that received the request.
* @param array $state A state array.
* @param string $redirectTo The URL we should redirect the user to after updating the session. The function will
* check if the URL is allowed, so there is no need to manually check the URL on beforehand. Please refer to the
* 'trusted.url.domains' configuration directive for more information about allowing (or disallowing) URLs.
*/
public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
{
assert('is_string($authId)');
assert('is_string($redirectTo)');
$session = SimpleSAML_Session::getSessionFromRequest();
$session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::redirectUntrustedURL() instead.
*/
public static function redirectUntrustedURL($url, $parameters = array())
{
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($url, $parameters);
}
/**
* Retrieve saved state.
*
* This function retrieves saved state information. If the state information has been lost,
* it will attempt to restart the request by calling the restart URL which is embedded in the
* state information. If there is no restart information available, an exception will be thrown.
*
* @param string $id State identifier (with embedded restart information).
* @param string $stage The stage the state should have been saved in.
* @param bool $allowMissing Whether to allow the state to be missing.
* @return array|NULL State information, or NULL if the state is missing and $allowMissing is TRUE.
*/
public static function loadState($id, $stage, $allowMissing = FALSE)
{
assert('is_string($id)');
assert('is_string($stage)');
assert('is_bool($allowMissing)');
SimpleSAML_Logger::debug('Loading state: ' . var_export($id, TRUE));
$sid = self::parseStateID($id);
$session = SimpleSAML_Session::getSessionFromRequest();
$state = $session->getData('SimpleSAML_Auth_State', $sid['id']);
if ($state === NULL) {
/* Could not find saved data. */
if ($allowMissing) {
return NULL;
}
if ($sid['url'] === NULL) {
throw new SimpleSAML_Error_NoState();
}
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($sid['url']);
}
$state = unserialize($state);
assert('is_array($state)');
assert('array_key_exists(self::ID, $state)');
assert('array_key_exists(self::STAGE, $state)');
/* Verify stage. */
if ($state[self::STAGE] !== $stage) {
/* This could be a user trying to bypass security, but most likely it is just
* someone using the back-button in the browser. We try to restart the
* request if that is possible. If not, show an error.
*/
$msg = 'Wrong stage in state. Was \'' . $state[self::STAGE] . '\', should be \'' . $stage . '\'.';
SimpleSAML_Logger::warning($msg);
if ($sid['url'] === NULL) {
throw new Exception($msg);
}
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($sid['url']);
}
return $state;
}
<?php
/*
* Helper page for starting a admin login. Can be used as a target for links.
*/
if (!array_key_exists('ReturnTo', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing ReturnTo parameter.');
}
SimpleSAML\Utils\Auth::requireAdmin();
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($_REQUEST['ReturnTo']);
