/**
* Process authentication requests.
*
* @param array &$state The authentication request state.
*/
public function handleAuthenticationRequest(array &$state)
{
assert('isset($state["Responder"])');
$state['core:IdP'] = $this->id;
if (isset($state['SPMetadata']['entityid'])) {
$spEntityId = $state['SPMetadata']['entityid'];
} elseif (isset($state['SPMetadata']['entityID'])) {
$spEntityId = $state['SPMetadata']['entityID'];
} else {
$spEntityId = NULL;
}
$state['core:SP'] = $spEntityId;
/* First, check whether we need to authenticate the user. */
if (isset($state['ForceAuthn']) && (bool) $state['ForceAuthn']) {
/* Force authentication is in effect. */
$needAuth = TRUE;
} elseif (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0) {
$needAuth = !in_array($this->authSource->getAuthData('saml:sp:IdP'), $state['saml:IDPList'], TRUE);
} else {
$needAuth = !$this->isAuthenticated();
}
$state['IdPMetadata'] = $this->getConfig()->toArray();
$state['ReturnCallback'] = array('SimpleSAML_IdP', 'postAuth');
try {
if ($needAuth) {
$this->authenticate($state);
assert('FALSE');
} else {
$this->reauthenticate($state);
}
$this->postAuth($state);
} catch (SimpleSAML_Error_Exception $e) {
SimpleSAML_Auth_State::throwException($state, $e);
} catch (Exception $e) {
$e = new SimpleSAML_Error_UnserializableException($e);
SimpleSAML_Auth_State::throwException($state, $e);
}
}
// If request is a logout request
if (array_key_exists('logout', $_REQUEST)) {
$returnURL = $cA_config->getValue('returnURL');
$as->logout($returnURL);
}
$hashAttributes = $cA_config->getValue('attributes.hash');
/* Check if valid local session exists */
$as->requireAuth();
// Get released attributes
$attributes = $as->getAttributes();
// Get metadata storage handler
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/*
* Get IdP id and metadata
*/
if ($as->getAuthData('saml:sp:IdP') !== NULL) {
/*
* From a remote idp (as bridge)
*/
$idp_entityid = $as->getAuthData('saml:sp:IdP');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-remote');
} else {
/*
* from the local idp
*/
$idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-hosted');
}
// Get user ID
$userid_attributename = isset($idp_metadata['userid.attribute']) && is_string($idp_metadata['userid.attribute']) ? $idp_metadata['userid.attribute'] : 'eduPersonPrincipalName';
$userids = $attributes[$userid_attributename];
$as = new SimpleSAML_Auth_Simple($as);
$as->requireAuth();
// Get all attributes
$attributes = $as->getAttributes();
// Get user ID
$userid_attributename = $consentconfig->getValue('userid', 'eduPersonPrincipalName');
if (empty($attributes[$userid_attributename])) {
throw new Exception('Could not generate useridentifier for storing consent. Attribute [' . $userid_attributename . '] was not available.');
}
$userid = $attributes[$userid_attributename][0];
// Get metadata storage handler
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/*
* Get IdP id and metadata
*/
if ($as->getAuthData('saml:sp:IdP') != null) {
// From a remote idp (as bridge)
$idp_entityid = $as->getAuthData('saml:sp:IdP');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-remote');
} else {
// from the local idp
$idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-hosted');
}
SimpleSAML_Logger::debug('consentAdmin: IdP is [' . $idp_entityid . ']');
$source = $idp_metadata['metadata-set'] . '|' . $idp_entityid;
// Parse consent config
$consent_storage = sspmod_consent_Store::parseStoreConfig($consentconfig->getValue('store'));
// Calc correct user ID hash
$hashed_user_id = sspmod_consent_Auth_Process_Consent::getHashedUserID($userid, $source);
// Check if button with withdraw all consent was clicked.
}
$asId = (string) $_REQUEST['as'];
$as = new SimpleSAML_Auth_Simple($asId);
if (array_key_exists('logout', $_REQUEST)) {
$as->logout('/' . $config->getBaseURL() . 'logout.php');
}
if (array_key_exists(SimpleSAML_Auth_State::EXCEPTION_PARAM, $_REQUEST)) {
// This is just a simple example of an error
$state = SimpleSAML_Auth_State::loadExceptionState();
assert('array_key_exists(SimpleSAML_Auth_State::EXCEPTION_DATA, $state)');
$e = $state[SimpleSAML_Auth_State::EXCEPTION_DATA];
header('Content-Type: text/plain');
echo "Exception during login:\n";
foreach ($e->format() as $line) {
echo $line . "\n";
}
exit(0);
}
if (!$as->isAuthenticated()) {
$url = SimpleSAML_Module::getModuleURL('core/authenticate.php', array('as' => $asId));
$params = array('ErrorURL' => $url, 'ReturnTo' => $url);
$as->login($params);
}
$attributes = $as->getAttributes();
$t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes');
$t->data['header'] = '{status:header_saml20_sp}';
$t->data['attributes'] = $attributes;
// if saml:sp:IdP is set, this is SAML auth so we can pass a NameId
$t->data['nameid'] = !is_null($as->getAuthData('saml:sp:IdP')) ? $as->getAuthData('saml:sp:NameID') : FALSE;
$t->data['logouturl'] = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery() . '?as=' . urlencode($asId) . '&logout';
$t->show();
/**
* Get the attributes from an SAML authentication exchange.
*
* These attributes can include all kinds of information, for example:
* - firstname
* - lastname
* - email address
* - etc.
*
* @param SimpleSAML_Auth_Simple $saml_auth the Authentication object from the SimpleSAMLPHP library
* @param string $source the name of the Service Provider
*
* @return bool|array an array with the provided attributes, false on failure
*/
function simplesaml_get_authentication_attributes(SimpleSAML_Auth_Simple $saml_auth, $source)
{
$result = false;
if (!empty($saml_auth) && $saml_auth instanceof SimpleSAML_Auth_Simple && !empty($source)) {
$result = $saml_auth->getAttributes();
$auth_source = $saml_auth->getAuthSource();
if ($auth_source instanceof sspmod_saml_Auth_Source_SP) {
// only check extra data for SAML sources
$setting = elgg_get_plugin_setting($source . "_external_id", "simplesaml");
if (!empty($setting)) {
$external_id = $saml_auth->getAuthData($setting);
if (!empty($external_id)) {
$result["elgg:external_id"] = array($external_id["Value"]);
}
}
}
}
return $result;
}
if ($groupsAttr !== null) {
if (!array_key_exists($groupsAttr, $attributes)) {
throw new Exception("The user doesn't have an attribute named '" . $groupsAttr . "'. This attribute is expected to contain the groups the user is a member of.");
}
$authData['Groups'] = $attributes[$groupsAttr];
} else {
$authData['Groups'] = array();
}
$authData['RemoteIP'] = $_SERVER['REMOTE_ADDR'];
foreach ($attributes as $n => $v) {
$authData['ATTR_' . $n] = $v;
}
// store the authentication data in the memcache server
$data = '';
foreach ($authData as $n => $v) {
if (is_array($v)) {
$v = implode(':', $v);
}
$data .= $n . '=' . $v . "\r\n";
}
$memcache = $amc->getMemcache();
$expirationTime = $s->getAuthData('Expire');
$memcache->set($sessionID, $data, 0, $expirationTime);
// register logout handler
$session = SimpleSAML_Session::getSessionFromRequest();
$session->registerLogoutHandler($sourceId, 'SimpleSAML_AuthMemCookie', 'logoutHandler');
// redirect the user back to this page to signal that the login is completed
\SimpleSAML\Utils\HTTP::redirectTrustedURL(\SimpleSAML\Utils\HTTP::getSelfURL());
} catch (Exception $e) {
throw new SimpleSAML_Error_Error('CONFIG', $e);
}
exit;
}
$asId = (string) $_REQUEST['as'];
$as = new SimpleSAML_Auth_Simple($asId);
if (array_key_exists('logout', $_REQUEST)) {
$as->logout('/' . $config->getBaseURL() . 'logout.php');
}
if (array_key_exists(SimpleSAML_Auth_State::EXCEPTION_PARAM, $_REQUEST)) {
// This is just a simple example of an error
$state = SimpleSAML_Auth_State::loadExceptionState();
assert('array_key_exists(SimpleSAML_Auth_State::EXCEPTION_DATA, $state)');
$e = $state[SimpleSAML_Auth_State::EXCEPTION_DATA];
header('Content-Type: text/plain');
echo "Exception during login:\n";
foreach ($e->format() as $line) {
echo $line . "\n";
}
exit(0);
}
if (!$as->isAuthenticated()) {
$url = SimpleSAML\Module::getModuleURL('core/authenticate.php', array('as' => $asId));
$params = array('ErrorURL' => $url, 'ReturnTo' => $url);
$as->login($params);
}
$attributes = $as->getAttributes();
$t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes');
$t->data['header'] = '{status:header_saml20_sp}';
$t->data['attributes'] = $attributes;
$t->data['nameid'] = !is_null($as->getAuthData('saml:sp:NameID')) ? $as->getAuthData('saml:sp:NameID') : false;
$t->data['logouturl'] = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery() . '?as=' . urlencode($asId) . '&logout';
$t->show();
private function getAttributesInitToken()
{
require_once '/var/simplesamlphp/lib/_autoload.php';
$auth = new \SimpleSAML_Auth_Simple('default-sp');
$auth->requireAuth();
\Factory::$properties['LOGOUTURL'] = $auth->getLogoutURL('https://' . gethostname());
$attributes = $auth->getAttributes();
if (!empty($attributes)) {
// which idp did the user select?
$idp = $auth->getAuthData('saml:sp:IdP');
// EGI IdP
if ($idp == 'https://www.egi.eu/idp/shibboleth') {
// For EGI federated id:
//$dnAttribute = $attributes['urn:oid:1.3.6.1.4.1.11433.2.2.1.9'][0];
//if (!empty($dnAttribute)) {
// $this->principle = str_replace("emailAddress=", "Email=", $dnAttribute);
// $this->userDetails = array('AuthenticationRealm' => array('EGI_SSO_IDP'));
//}
$nameID = $auth->getAuthData('saml:sp:NameID');
$this->principle = $nameID['Value'];
$this->userDetails = array('AuthenticationRealm' => array('EGI_SSO_IDP'));
// iterate the attributes and store in the userDetails
// Each attribute name can be used as an index into $attributes to obtain the value.
// Every attribute value is an array - a single-valued attribute is an array of a single element.
foreach ($attributes as $key => $valArray) {
$this->userDetails[$key] = $valArray;
}
} else {
if ($idp == 'https://unity.eudat-aai.fz-juelich.de:8443/saml-idp/metadata') {
// For EUDAT federated id:
//$dnAttribute = $attributes['urn:oid:2.5.4.49'][0];
//$dnAttribute = $attributes['unity:identity:persistent'][0];
//print_r($attributes);
$nameID = $auth->getAuthData('saml:sp:NameID');
$this->principle = $nameID['Value'];
$this->userDetails = array('AuthenticationRealm' => array('EUDAT_SSO_IDP'));
// iterate the attributes and store in the userDetails
// Each attribute name can be used as an index into $attributes to obtain the value.
// Every attribute value is an array - a single-valued attribute is an array of a single element.
foreach ($attributes as $key => $valArray) {
$this->userDetails[$key] = $valArray;
}
}
}
}
}
}
$returnUrl = SimpleSAML\Utils\HTTP::getSelfURLNoQuery() . '?' . http_build_query($query);
$params = array('ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'ReturnTo' => $returnUrl);
if (isset($_GET['entityId'])) {
$params['saml:idp'] = $_GET['entityId'];
}
if (isset($idpList)) {
if (sizeof($idpList) > 1) {
$params['saml:IDPList'] = $idpList;
} else {
$params['saml:idp'] = $idpList[0];
}
}
$as->login($params);
}
$sessionExpiry = $as->getAuthData('Expire');
if (!is_array($sessionTicket) || $forceAuthn) {
$sessionTicket = $ticketFactory->createSessionTicket($session->getSessionId(), $sessionExpiry);
$ticketStore->addTicket($sessionTicket);
}
$parameters = array();
if (array_key_exists('language', $_GET)) {
$oldLanguagePreferred = SimpleSAML_XHTML_Template::getLanguageCookie();
if (isset($oldLanguagePreferred)) {
$parameters['language'] = $oldLanguagePreferred;
} else {
if (is_string($_GET['language'])) {
$parameters['language'] = $_GET['language'];
}
}
}
$title = 'SimpleSAMLphp Example SAML SP';
$user_session_key = 'user_session';
$saml_sso = 'saml_sso';
// If the user is logged in and requesting a logout.
if (isset($_SESSION[$user_session_key]) && isset($_REQUEST['logout'])) {
$sp = $_SESSION[$user_session_key]['sp'];
unset($_SESSION[$user_session_key]);
$as = new SimpleSAML_Auth_Simple($sp);
$as->logout(["ReturnTo" => $_SERVER['PHP_SELF']]);
}
// If the user is logging in.
if (isset($_REQUEST[$saml_sso])) {
$sp = $_REQUEST[$saml_sso];
$as = new SimpleSAML_Auth_Simple($sp);
$as->requireAuth();
$user = array('sp' => $sp, 'authed' => $as->isAuthenticated(), 'idp' => $as->getAuthData('saml:sp:IdP'), 'nameId' => $as->getAuthData('saml:sp:NameID')['Value'], 'attributes' => $as->getAttributes());
$_SESSION[$user_session_key] = $user;
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?php
echo $title;
?>
</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap -->
<link href="<?php
echo $bootstrap_cdn_css_url;
