Initiates the SSO process.
public login ( string | null $returnTo = null, array $parameters = [], boolean $forceAuthn = false, boolean $isPassive = false, boolean $stay = false, boolean $setNameIdPolicy = true ) : If | ||
$returnTo | string | null | The target URL the user should be returned to after login. |
$parameters | array | Extra parameters to be added to the GET |
$forceAuthn | boolean | When true the AuthNReuqest will set the ForceAuthn='true' |
$isPassive | boolean | When true the AuthNReuqest will set the Ispassive='true' |
$stay | boolean | True if we want to stay (returns the url string) False to redirect |
$setNameIdPolicy | boolean | When true the AuthNReuqest will set a nameIdPolicy element |
Résultat | If | $stay is True, it return a string with the SLO URL + LogoutRequest + parameters |
$dbobj = $Tools->fetch_object("usersAuthMethod", "type", "SAML2"); if (!$dbobj) { $Result->show("danger", "SAML settings not found in database", true); } //decode authentication module params $params = json_decode($dbobj->params); //if using advanced settings, instantiate without db settings if ($params->advanced == "1") { $auth = new OneLogin_Saml2_Auth(); } else { $settings = array('sp' => array('entityId' => $Tools->createURL(), 'assertionConsumerService' => array('url' => create_link('saml2')), 'singleLogoutService' => array('url' => $Tools->createURL()), 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'), 'idp' => array('entityId' => $params->idpissuer, 'singleSignOnService' => array('url' => $params->idplogin), 'singleLogoutService' => array('url' => $params->idplogout), 'certFingerprint' => $params->idpcertfingerprint, 'certFingerprintAlgorithm' => $params->idpcertalgorithm)); $auth = new OneLogin_Saml2_Auth($settings); } //if SAMLResponse is not in the request, create an authnrequest and send it to the idp if (!isset($_POST["SAMLResponse"])) { $ssoBuiltUrl = $auth->login(null, array(), false, false, true); $_SESSION['AuthNRequestID'] = $auth->getLastRequestID(); header('Pragma: no-cache'); header('Cache-Control: no-cache, must-revalidate'); header('Location: ' . $ssoBuiltUrl); exit; } else { //process the authentication response if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) { $requestID = $_SESSION['AuthNRequestID']; } else { $requestID = null; } // process errors and check for errors $auth->processResponse($requestID); $errors = $auth->getErrors();
<?php /** * SAML Handler */ session_start(); require_once dirname(dirname(__FILE__)) . '/_toolkit_loader.php'; require_once 'settings_example.php'; /* echo "Settings info "; var_dump($settingsInfo); */ $auth = new OneLogin_Saml2_Auth($settingsInfo); if (isset($_GET['sso'])) { $auth->login(); # If AuthNRequest ID need to be saved in order to later validate it, do instead # $ssoBuiltUrl = $auth->login(null, array(), false, false, true); # $_SESSION['AuthNRequestID'] = $auth->getLastRequestID(); # header('Pragma: no-cache'); # header('Cache-Control: no-cache, must-revalidate'); # header('Location: ' . $ssoBuiltUrl); # exit(); } else { if (isset($_GET['sso2'])) { $returnTo = $spBaseUrl . '/demo1/attrs.php'; $auth->login($returnTo); } else { if (isset($_GET['slo'])) { $returnTo = null; $paramters = array(); $nameId = null;
/** * Tests the login method of the OneLogin_Saml2_Auth class * Case Logout with no parameters. A AuthN Request is built with IsPassive and redirect executed * * @covers OneLogin_Saml2_Auth::login * @runInSeparateProcess */ public function testLoginIsPassive() { $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; $settingsInfo['security']['authnRequestsSigned'] = true; $auth = new OneLogin_Saml2_Auth($settingsInfo); try { // The Header of the redirect produces an Exception $returnTo = 'http://example.com/returnto'; $auth->login($returnTo); // Do not ever get here $this->assertFalse(true); } catch (Exception $e) { $this->assertContains('Cannot modify header information', $e->getMessage()); $trace = $e->getTrace(); $targetUrl = getUrlFromRedirect($trace); $parsedQuery = getParamsFromUrl($targetUrl); $ssoUrl = $settingsInfo['idp']['singleSignOnService']['url']; $this->assertContains($ssoUrl, $targetUrl); $this->assertArrayHasKey('SAMLRequest', $parsedQuery); $encodedRequest = $parsedQuery['SAMLRequest']; $decoded = base64_decode($encodedRequest); $request = gzinflate($decoded); $this->assertNotContains('IsPassive="true"', $request); } try { // The Header of the redirect produces an Exception $returnTo = 'http://example.com/returnto'; $auth->login($returnTo, array(), false, false); // Do not ever get here $this->assertFalse(true); } catch (Exception $e) { $this->assertContains('Cannot modify header information', $e->getMessage()); $trace2 = $e->getTrace(); $targetUrl2 = getUrlFromRedirect($trace2); $parsedQuery2 = getParamsFromUrl($targetUrl2); $ssoUrl2 = $settingsInfo['idp']['singleSignOnService']['url']; $this->assertContains($ssoUrl2, $targetUrl2); $this->assertArrayHasKey('SAMLRequest', $parsedQuery2); $encodedRequest2 = $parsedQuery2['SAMLRequest']; $decoded2 = base64_decode($encodedRequest2); $request2 = gzinflate($decoded2); $this->assertNotContains('IsPassive="true"', $request2); } try { // The Header of the redirect produces an Exception $returnTo = 'http://example.com/returnto'; $auth->login($returnTo, array(), false, true); // Do not ever get here $this->assertFalse(true); } catch (Exception $e) { $this->assertContains('Cannot modify header information', $e->getMessage()); $trace3 = $e->getTrace(); $targetUrl3 = getUrlFromRedirect($trace3); $parsedQuery3 = getParamsFromUrl($targetUrl3); $ssoUrl3 = $settingsInfo['idp']['singleSignOnService']['url']; $this->assertContains($ssoUrl3, $targetUrl3); $this->assertArrayHasKey('SAMLRequest', $parsedQuery3); $encodedRequest3 = $parsedQuery3['SAMLRequest']; $decoded3 = base64_decode($encodedRequest3); $request3 = gzinflate($decoded3); $this->assertContains('IsPassive="true"', $request3); } }
<?php date_default_timezone_set("Asia/Taipei"); /** * SAML Handler */ session_start(); require_once './vendor/autoload.php'; require_once 'settings.php'; $auth = new OneLogin_Saml2_Auth($settingsInfo); if (isset($_GET['sso'])) { $auth->login('http://localhost/hw4/php/forum.php'); } else { if (isset($_GET['sso2'])) { $returnTo = $spBaseUrl . '/php/attrs.php'; $auth->login($returnTo); } else { if (isset($_GET['slo'])) { $returnTo = null; $paramters = array(); $nameId = null; $sessionIndex = null; if (isset($_SESSION['samlNameId'])) { $nameId = $_SESSION['samlNameId']; } if (isset($_SESSION['samlSessionIndex'])) { $sessionIndex = $_SESSION['samlSessionIndex']; } $auth->logout($returnTo, $paramters, $nameId, $sessionIndex); } else { if (isset($_GET['acs'])) {
<?php /** * SAMPLE Code to demonstrate how to initiate a SAML Authorization request * * When the user visits this URL, the browser will be redirected to the SSO * IdP with an authorization request. If successful, it will then be * redirected to the consume URL (specified in settings) with the auth * details. */ session_start(); require_once '../_toolkit_loader.php'; $auth = new OneLogin_Saml2_Auth(); if (!isset($_SESSION['samlUserdata'])) { $auth->login(); } else { $indexUrl = str_replace('/sso.php', '/index.php', OneLogin_Saml2_Utils::getSelfURLNoQuery()); OneLogin_Saml2_Utils::redirect($indexUrl); }
/** * Tests the login method of the OneLogin_Saml2_Auth class * Case Login signed. An AuthnRequest signed is built an redirect executed * * @covers OneLogin_Saml2_Auth::login * @runInSeparateProcess */ public function testLoginSigned() { $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; $settingsInfo['security']['authnRequestsSigned'] = true; $auth = new OneLogin_Saml2_Auth($settingsInfo); try { // The Header of the redirect produces an Exception $returnTo = 'http://example.com/returnto'; $auth->login($returnTo); // Do not ever get here $this->assertFalse(true); } catch (Exception $e) { $this->assertContains('Cannot modify header information', $e->getMessage()); $trace = $e->getTrace(); $targetUrl = getUrlFromRedirect($trace); $parsedQuery = getParamsFromUrl($targetUrl); $ssoUrl = $settingsInfo['idp']['singleSignOnService']['url']; $this->assertContains($ssoUrl, $targetUrl); $this->assertArrayHasKey('SAMLRequest', $parsedQuery); $this->assertArrayHasKey('RelayState', $parsedQuery); $this->assertArrayHasKey('SigAlg', $parsedQuery); $this->assertArrayHasKey('Signature', $parsedQuery); $this->assertEquals($parsedQuery['RelayState'], $returnTo); $this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']); } }
/** * Call the login method on OneLogin_Saml2_Auth. */ public function login($returnTo = null, $parameters = array(), $forceAuthn = false, $isPassive = false) { return $this->instance->login($returnTo, $parameters, $forceAuthn, $isPassive); }