throwException() public static méthode

Throw exception to the state exception handler.
public static throwException ( array $state, SimpleSAML_Error_Exception $exception )
$state array The state array.
$exception SimpleSAML_Error_Exception The exception.
Exemple #1
0
 /**
  * Start authentication.
  *
  * This function never returns.
  *
  * @param string $authId  The identifier of the authentication source.
  * @param string|array $return The URL or function we should direct the
  * user to after authentication. If using a URL obtained from user input,
  * please make sure to check it by calling
  * SimpleSAML_Utilities::checkURLAllowed().
  * @param string|NULL $errorURL The URL we should direct the user to after
  * failed authentication. Can be NULL, in which case a standard error page
  * will be shown. If using a URL obtained from user input, please make sure
  * to check it by calling SimpleSAML_Utilities::checkURLAllowed().
  * @param array $params Extra information about the login. Different
  * authentication requestors may provide different information. Optional,
  * will default to an empty array.
  */
 public static function initLogin($authId, $return, $errorURL = NULL, array $params = array())
 {
     assert('is_string($authId)');
     assert('is_string($return) || is_array($return)');
     assert('is_string($errorURL) || is_null($errorURL)');
     $state = array_merge($params, array('SimpleSAML_Auth_Default.id' => $authId, 'SimpleSAML_Auth_Default.Return' => $return, 'SimpleSAML_Auth_Default.ErrorURL' => $errorURL, 'LoginCompletedHandler' => array(get_class(), 'loginCompleted'), 'LogoutCallback' => array(get_class(), 'logoutCallback'), 'LogoutCallbackState' => array('SimpleSAML_Auth_Default.logoutSource' => $authId)));
     if (is_string($return)) {
         $state['SimpleSAML_Auth_Default.ReturnURL'] = $return;
     }
     if ($errorURL !== NULL) {
         $state[SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL] = $errorURL;
     }
     $as = SimpleSAML_Auth_Source::getById($authId);
     if ($as === NULL) {
         throw new Exception('Invalid authentication source: ' . $authId);
     }
     try {
         $as->authenticate($state);
     } catch (SimpleSAML_Error_Exception $e) {
         SimpleSAML_Auth_State::throwException($state, $e);
     } catch (Exception $e) {
         $e = new SimpleSAML_Error_UnserializableException($e);
         SimpleSAML_Auth_State::throwException($state, $e);
     }
     self::loginCompleted($state);
 }
Exemple #2
0
 /**
  * Initiate authentication.
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     $state['aselect::authid'] = $this->authId;
     $id = SimpleSAML_Auth_State::saveState($state, 'aselect:login', true);
     try {
         $app_url = SimpleSAML_Module::getModuleURL('aselect/credentials.php', array('ssp_state' => $id));
         $as_url = $this->request_authentication($app_url);
         SimpleSAML_Utilities::redirect($as_url);
     } catch (Exception $e) {
         // attach the exception to the state
         SimpleSAML_Auth_State::throwException($state, $e);
     }
 }
Exemple #3
0
/**
 * Check the credentials that the user got from the A-Select server.
 * This function is called after the user returns from the A-Select server.
 *
 * @author Wessel Dankers, Tilburg University
 */
function check_credentials()
{
    if (!array_key_exists('ssp_state', $_REQUEST)) {
        SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing ssp_state parameter"));
    }
    $id = $_REQUEST['ssp_state'];
    // sanitize the input
    $sid = SimpleSAML_Utilities::parseStateID($id);
    if (!is_null($sid['url'])) {
        SimpleSAML_Utilities::checkURLAllowed($sid['url']);
    }
    $state = SimpleSAML_Auth_State::loadState($id, 'aselect:login');
    if (!array_key_exists('a-select-server', $_REQUEST)) {
        SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing a-select-server parameter"));
    }
    $server_id = $_REQUEST['a-select-server'];
    if (!array_key_exists('aselect_credentials', $_REQUEST)) {
        SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter"));
    }
    $credentials = $_REQUEST['aselect_credentials'];
    if (!array_key_exists('rid', $_REQUEST)) {
        SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter"));
    }
    $rid = $_REQUEST['rid'];
    try {
        if (!array_key_exists('aselect::authid', $state)) {
            throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state");
        }
        $authid = $state['aselect::authid'];
        $aselect = SimpleSAML_Auth_Source::getById($authid);
        if (is_null($aselect)) {
            throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}");
        }
        $creds = $aselect->verify_credentials($server_id, $credentials, $rid);
        if (array_key_exists('attributes', $creds)) {
            $state['Attributes'] = $creds['attributes'];
        } else {
            $res = $creds['res'];
            $state['Attributes'] = array('uid' => array($res['uid']), 'organization' => array($res['organization']));
        }
    } catch (Exception $e) {
        SimpleSAML_Auth_State::throwException($state, $e);
    }
    SimpleSAML_Auth_Source::completeAuth($state);
    SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component"));
}
 /**
  * Delegate authentication.
  *
  * This method is called once the user has choosen one authentication
  * source. It saves the selected authentication source in the session
  * to be able to logout properly. Then it calls the authenticate method
  * on such selected authentication source.
  *
  * @param string $authId	Selected authentication source
  * @param array	 $state	 Information about the current authentication.
  */
 public static function delegateAuthentication($authId, $state)
 {
     assert('is_string($authId)');
     assert('is_array($state)');
     $as = SimpleSAML_Auth_Source::getById($authId);
     if ($as === NULL) {
         throw new Exception('Invalid authentication source: ' . $authId);
     }
     /* Save the selected authentication source for the logout process. */
     $session = SimpleSAML_Session::getSessionFromRequest();
     $session->setData(self::SESSION_SOURCE, $state[self::AUTHID], $authId, SimpleSAML_Session::DATA_TIMEOUT_SESSION_END);
     try {
         $as->authenticate($state);
     } catch (SimpleSAML_Error_Exception $e) {
         SimpleSAML_Auth_State::throwException($state, $e);
     } catch (Exception $e) {
         $e = new SimpleSAML_Error_UnserializableException($e);
         SimpleSAML_Auth_State::throwException($state, $e);
     }
     SimpleSAML_Auth_Source::completeAuth($state);
 }
Exemple #5
0
    }
    if ($sessionIndex === NULL) {
        $sessionIndex = $assertion->getSessionIndex();
    }
    if ($expire === NULL) {
        $expire = $assertion->getSessionNotOnOrAfter();
    }
    $attributes = array_merge($attributes, $assertion->getAttributes());
    if ($assertion->getAuthnInstant() !== NULL) {
        /* Assertion contains AuthnStatement, since AuthnInstant is a required attribute. */
        $foundAuthnStatement = TRUE;
    }
}
if (!$foundAuthnStatement) {
    $e = new SimpleSAML_Error_Exception('No AuthnStatement found in assertion(s).');
    SimpleSAML_Auth_State::throwException($state, $e);
}
if ($expire !== NULL) {
    $logoutExpire = $expire;
} else {
    /* Just expire the logout associtaion 24 hours into the future. */
    $logoutExpire = time() + 24 * 60 * 60;
}
/* Register this session in the logout store. */
sspmod_saml_SP_LogoutStore::addSession($sourceId, $nameId, $sessionIndex, $logoutExpire);
/* We need to save the NameID and SessionIndex for logout. */
$logoutState = array('saml:logout:Type' => 'saml2', 'saml:logout:IdP' => $idp, 'saml:logout:NameID' => $nameId, 'saml:logout:SessionIndex' => $sessionIndex);
$state['LogoutState'] = $logoutState;
$state['saml:AuthenticatingAuthority'] = $authenticatingAuthority;
$state['saml:AuthenticatingAuthority'][] = $idp;
$state['PersistentAuthData'][] = 'saml:AuthenticatingAuthority';
Exemple #6
0
 /**
  * Process authentication requests.
  *
  * @param array &$state  The authentication request state.
  */
 public function handleAuthenticationRequest(array &$state)
 {
     assert('isset($state["Responder"])');
     $state['core:IdP'] = $this->id;
     if (isset($state['SPMetadata']['entityid'])) {
         $spEntityId = $state['SPMetadata']['entityid'];
     } elseif (isset($state['SPMetadata']['entityID'])) {
         $spEntityId = $state['SPMetadata']['entityID'];
     } else {
         $spEntityId = NULL;
     }
     $state['core:SP'] = $spEntityId;
     /* First, check whether we need to authenticate the user. */
     if (isset($state['ForceAuthn']) && (bool) $state['ForceAuthn']) {
         /* Force authentication is in effect. */
         $needAuth = TRUE;
     } else {
         $needAuth = !$this->isAuthenticated();
     }
     $state['IdPMetadata'] = $this->getConfig()->toArray();
     $state['ReturnCallback'] = array('SimpleSAML_IdP', 'postAuth');
     try {
         if ($needAuth) {
             $this->authenticate($state);
             assert('FALSE');
         } else {
             $this->reauthenticate($state);
         }
         $this->postAuth($state);
     } catch (SimpleSAML_Error_Exception $e) {
         SimpleSAML_Auth_State::throwException($state, $e);
     } catch (Exception $e) {
         $e = new SimpleSAML_Error_UnserializableException($e);
         SimpleSAML_Auth_State::throwException($state, $e);
     }
 }
Exemple #7
0
<?php

/* Find the authentication state. */
if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) {
    throw new SimpleSAML_Error_BadRequest('Missing mandatory parameter: AuthState');
}
$authState = $_REQUEST['AuthState'];
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($authState);
if (!is_null($sid['url'])) {
    SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($authState, 'openid:auth');
$sourceId = $state['openid:AuthId'];
$authSource = SimpleSAML_Auth_Source::getById($sourceId);
if ($authSource === NULL) {
    throw new SimpleSAML_Error_BadRequest('Invalid AuthId \'' . $sourceId . '\' - not found.');
}
try {
    $authSource->postAuth($state);
    /* postAuth() should never return. */
    assert('FALSE');
} catch (SimpleSAML_Error_Exception $e) {
    SimpleSAML_Auth_State::throwException($state, $e);
} catch (Exception $e) {
    SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_AuthSource($sourceId, 'Error on OpenID linkback endpoint.', $e));
}
 /**
  * Continues processing of the state.
  *
  * This function is used to resume processing by filters which for example needed to show
  * a page to the user.
  *
  * This function will never return. Exceptions thrown during processing will be passed
  * to whatever exception handler is defined in the state array.
  *
  * @param array $state  The state we are processing.
  */
 public static function resumeProcessing($state)
 {
     assert('is_array($state)');
     while (count($state[self::FILTERS_INDEX]) > 0) {
         $filter = array_shift($state[self::FILTERS_INDEX]);
         try {
             $filter->process($state);
         } catch (SimpleSAML_Error_Exception $e) {
             SimpleSAML_Auth_State::throwException($state, $e);
         } catch (Exception $e) {
             $e = new SimpleSAML_Error_UnserializableException($e);
             SimpleSAML_Auth_State::throwException($state, $e);
         }
     }
     /* Completed. */
     assert('array_key_exists("ReturnURL", $state) || array_key_exists("ReturnCall", $state)');
     assert('!array_key_exists("ReturnURL", $state) || !array_key_exists("ReturnCall", $state)');
     if (array_key_exists('ReturnURL', $state)) {
         /*
          * Save state information, and redirect to the URL specified
          * in $state['ReturnURL'].
          */
         $id = SimpleSAML_Auth_State::saveState($state, self::COMPLETED_STAGE);
         SimpleSAML_Utilities::redirectTrustedURL($state['ReturnURL'], array(self::AUTHPARAM => $id));
     } else {
         /* Pass the state to the function defined in $state['ReturnCall']. */
         /* We are done with the state array in the session. Delete it. */
         SimpleSAML_Auth_State::deleteState($state);
         $func = $state['ReturnCall'];
         assert('is_callable($func)');
         call_user_func($func, $state);
         assert(FALSE);
     }
 }
Exemple #9
0
 /**
  * Send a SAML2 SSO request to an IdP.
  *
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the IdP.
  * @param array $state  The state array for the current authentication.
  */
 private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state)
 {
     if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] < 0) {
         SimpleSAML_Auth_State::throwException($state, new \SimpleSAML\Module\saml\Error\ProxyCountExceeded(\SAML2\Constants::STATUS_RESPONDER));
     }
     $ar = sspmod_saml_Message::buildAuthnRequest($this->metadata, $idpMetadata);
     $ar->setAssertionConsumerServiceURL(SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId));
     if (isset($state['SimpleSAML_Auth_Source.ReturnURL'])) {
         $ar->setRelayState($state['SimpleSAML_Auth_Source.ReturnURL']);
     }
     if (isset($state['saml:AuthnContextClassRef'])) {
         $accr = SimpleSAML\Utils\Arrays::arrayize($state['saml:AuthnContextClassRef']);
         $comp = SAML2\Constants::COMPARISON_EXACT;
         if (isset($state['saml:AuthnContextComparison']) && in_array($state['AuthnContextComparison'], array(SAML2\Constants::COMPARISON_EXACT, SAML2\Constants::COMPARISON_MINIMUM, SAML2\Constants::COMPARISON_MAXIMUM, SAML2\Constants::COMPARISON_BETTER))) {
             $comp = $state['saml:AuthnContextComparison'];
         }
         $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr, 'Comparison' => $comp));
     }
     if (isset($state['ForceAuthn'])) {
         $ar->setForceAuthn((bool) $state['ForceAuthn']);
     }
     if (isset($state['isPassive'])) {
         $ar->setIsPassive((bool) $state['isPassive']);
     }
     if (isset($state['saml:NameID'])) {
         if (!is_array($state['saml:NameID'])) {
             throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameID\'].');
         }
         $ar->setNameId($state['saml:NameID']);
     }
     if (isset($state['saml:NameIDPolicy'])) {
         if (is_string($state['saml:NameIDPolicy'])) {
             $policy = array('Format' => (string) $state['saml:NameIDPolicy'], 'AllowCreate' => TRUE);
         } elseif (is_array($state['saml:NameIDPolicy'])) {
             $policy = $state['saml:NameIDPolicy'];
         } else {
             throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameIDPolicy\'].');
         }
         $ar->setNameIdPolicy($policy);
     }
     if (isset($state['saml:IDPList'])) {
         $IDPList = $state['saml:IDPList'];
     } else {
         $IDPList = array();
     }
     $ar->setIDPList(array_unique(array_merge($this->metadata->getArray('IDPList', array()), $idpMetadata->getArray('IDPList', array()), (array) $IDPList)));
     if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] !== null) {
         $ar->setProxyCount($state['saml:ProxyCount']);
     } elseif ($idpMetadata->getInteger('ProxyCount', null) !== null) {
         $ar->setProxyCount($idpMetadata->getInteger('ProxyCount', null));
     } elseif ($this->metadata->getInteger('ProxyCount', null) !== null) {
         $ar->setProxyCount($this->metadata->getInteger('ProxyCount', null));
     }
     $requesterID = array();
     if (isset($state['saml:RequesterID'])) {
         $requesterID = $state['saml:RequesterID'];
     }
     if (isset($state['core:SP'])) {
         $requesterID[] = $state['core:SP'];
     }
     $ar->setRequesterID($requesterID);
     if (isset($state['saml:Extensions'])) {
         $ar->setExtensions($state['saml:Extensions']);
     }
     // save IdP entity ID as part of the state
     $state['ExpectedIssuer'] = $idpMetadata->getString('entityid');
     $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', TRUE);
     $ar->setId($id);
     SimpleSAML\Logger::debug('Sending SAML 2 AuthnRequest to ' . var_export($idpMetadata->getString('entityid'), TRUE));
     /* Select appropriate SSO endpoint */
     if ($ar->getProtocolBinding() === \SAML2\Constants::BINDING_HOK_SSO) {
         $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(\SAML2\Constants::BINDING_HOK_SSO));
     } else {
         $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(\SAML2\Constants::BINDING_HTTP_REDIRECT, \SAML2\Constants::BINDING_HTTP_POST));
     }
     $ar->setDestination($dst['Location']);
     $b = \SAML2\Binding::getBinding($dst['Binding']);
     $this->sendSAML2AuthnRequest($state, $b, $ar);
     assert('FALSE');
 }
Exemple #10
0
 /**
  * Send a SAML2 SSO request to an IdP.
  *
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the IdP.
  * @param array $state  The state array for the current authentication.
  */
 private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state)
 {
     if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] < 0) {
         SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_ProxyCountExceeded("ProxyCountExceeded"));
     }
     $ar = sspmod_saml_Message::buildAuthnRequest($this->metadata, $idpMetadata);
     $ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId));
     if (isset($state['SimpleSAML_Auth_Default.ReturnURL'])) {
         $ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']);
     }
     if (isset($state['saml:AuthnContextClassRef'])) {
         $accr = SimpleSAML_Utilities::arrayize($state['saml:AuthnContextClassRef']);
         $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr));
     }
     if (isset($state['ForceAuthn'])) {
         $ar->setForceAuthn((bool) $state['ForceAuthn']);
     }
     if (isset($state['isPassive'])) {
         $ar->setIsPassive((bool) $state['isPassive']);
     }
     if (isset($state['saml:NameIDPolicy'])) {
         if (is_string($state['saml:NameIDPolicy'])) {
             $policy = array('Format' => (string) $state['saml:NameIDPolicy'], 'AllowCreate' => TRUE);
         } elseif (is_array($state['saml:NameIDPolicy'])) {
             $policy = $state['saml:NameIDPolicy'];
         } else {
             throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameIDPolicy\'].');
         }
         $ar->setNameIdPolicy($policy);
     }
     if (isset($state['saml:IDPList'])) {
         $IDPList = $state['saml:IDPList'];
     } else {
         $IDPList = array();
     }
     $ar->setIDPList(array_unique(array_merge($this->metadata->getArray('IDPList', array()), $idpMetadata->getArray('IDPList', array()), (array) $IDPList)));
     if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] !== null) {
         $ar->setProxyCount($state['saml:ProxyCount']);
     } elseif ($idpMetadata->getInteger('ProxyCount', null) !== null) {
         $ar->setProxyCount($idpMetadata->getInteger('ProxyCount', null));
     } elseif ($this->metadata->getInteger('ProxyCount', null) !== null) {
         $ar->setProxyCount($this->metadata->getInteger('ProxyCount', null));
     }
     $requesterID = array();
     if (isset($state['saml:RequesterID'])) {
         $requesterID = $state['saml:RequesterID'];
     }
     if (isset($state['core:SP'])) {
         $requesterID[] = $state['core:SP'];
     }
     $ar->setRequesterID($requesterID);
     if (isset($state['saml:Extensions'])) {
         $ar->setExtensions($state['saml:Extensions']);
     }
     $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', TRUE);
     $ar->setId($id);
     SimpleSAML_Logger::debug('Sending SAML 2 AuthnRequest to ' . var_export($idpMetadata->getString('entityid'), TRUE));
     $b = new SAML2_HTTPRedirect();
     $this->sendSAML2AuthnRequest($state, $b, $ar);
     assert('FALSE');
 }
Exemple #11
0
 /**
  * Passes control of the login process to a different module.
  *
  * @param string $state	 Information about the current authentication.
  */
 public static function fallBack(&$state)
 {
     $authId = $state['LogoutState']['negotiate:backend'];
     if ($authId === NULL) {
         $msg = "This code should never be reached.";
         throw new SimpleSAML_Error_AuthSource($msg);
     }
     $source = SimpleSAML_Auth_Source::getById($authId);
     try {
         $source->authenticate($state);
     } catch (SimpleSAML_Error_Exception $e) {
         SimpleSAML_Auth_State::throwException($state, $e);
     } catch (Exception $e) {
         $e = new SimpleSAML_Error_UnserializableException($e);
         SimpleSAML_Auth_State::throwException($state, $e);
     }
     // fallBack never returns after loginCompleted()
     SimpleSAML_Logger::debug('Negotiate: backend returned');
     self::loginCompleted($state);
 }
Exemple #12
0
 /**
  * Passes control of the login process to a different module.
  *
  * @param string $state Information about the current authentication.
  *
  * @throws SimpleSAML_Error_Error If couldn't determine the auth source.
  * @throws SimpleSAML_Error_Exception
  * @throws Exception
  */
 public static function fallBack(&$state)
 {
     $authId = $state['LogoutState']['negotiate:backend'];
     if ($authId === null) {
         throw new SimpleSAML_Error_Error(500, "Unable to determine auth source.");
     }
     $source = SimpleSAML_Auth_Source::getById($authId);
     try {
         $source->authenticate($state);
     } catch (SimpleSAML_Error_Exception $e) {
         SimpleSAML_Auth_State::throwException($state, $e);
     } catch (Exception $e) {
         $e = new SimpleSAML_Error_UnserializableException($e);
         SimpleSAML_Auth_State::throwException($state, $e);
     }
     // fallBack never returns after loginCompleted()
     SimpleSAML_Logger::debug('Negotiate: backend returned');
     self::loginCompleted($state);
 }
Exemple #13
0
}
$server_id = $_REQUEST['a-select-server'];
if (!array_key_exists('aselect_credentials', $_REQUEST)) {
    SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter"));
}
$credentials = $_REQUEST['aselect_credentials'];
if (!array_key_exists('rid', $_REQUEST)) {
    SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter"));
}
$rid = $_REQUEST['rid'];
try {
    if (!array_key_exists('aselect::authid', $state)) {
        throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state");
    }
    $authid = $state['aselect::authid'];
    $aselect = SimpleSAML_Auth_Source::getById($authid);
    if (is_null($aselect)) {
        throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}");
    }
    $creds = $aselect->verify_credentials($server_id, $credentials, $rid);
    if (array_key_exists('attributes', $creds)) {
        $state['Attributes'] = $creds['attributes'];
    } else {
        $state['Attributes'] = array('uid' => array($creds['uid']), 'organization' => array($creds['organization']));
    }
} catch (Exception $e) {
    SimpleSAML_Auth_State::throwException($state, $e);
}
SimpleSAML_Auth_Source::completeAuth($state);
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component"));
 public static function fallback(&$state)
 {
     $authId = $state['negotiateserver:AuthFallback'];
     if ($authId === null) {
         throw new SimpleSAML_Error_Error(500, "Unable to determine fallback auth source.");
     }
     $source = SimpleSAML_Auth_Source::getById($authId);
     try {
         $source->authenticate($state);
     } catch (SimpleSAML_Error_Exception $e) {
         SimpleSAML_Auth_State::throwException($state, $e);
     } catch (Exception $e) {
         $e = new SimpleSAML_Error_UnserializableException($e);
         SimpleSAML_Auth_State::throwException($state, $e);
     }
     SimpleSAML\Logger::debug('Negotiate Server: fallback auth source returned');
     self::loginCompleted($state);
 }
if (!array_key_exists('AuthState', $_REQUEST)) {
    throw new SimpleSAML_Error_BadRequest('Missing mandatory parameter: AuthState');
}
try {
    // try to get the state
    $state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], 'saml:proxy:invalid_idp');
} catch (Exception $e) {
    // the user probably hit the back button after starting the logout, try to recover the state with another stage
    $state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], 'core:Logout:afterbridge');
    // success! Try to continue with reauthentication, since we no longer have a valid session here
    $idp = SimpleSAML_IdP::getById($state['core:IdP']);
    sspmod_saml_Auth_Source_SP::reauthPostLogout($idp, $state);
}
if (isset($_POST['cancel'])) {
    // the user does not want to logout, cancel login
    SimpleSAML_Auth_State::throwException($state, new \SimpleSAML\Module\saml\Error\NoAvailableIDP(\SAML2\Constants::STATUS_RESPONDER, 'User refused to reauthenticate with any of the IdPs requested.'));
}
if (isset($_POST['continue'])) {
    // log the user out before being able to login again
    $as = SimpleSAML_Auth_Source::getById($state['saml:sp:AuthId'], 'sspmod_saml_Auth_Source_SP');
    /** @var sspmod_saml_Auth_Source_SP $as */
    $as->reauthLogout($state);
}
$cfg = SimpleSAML_Configuration::getInstance();
$template = new SimpleSAML_XHTML_Template($cfg, 'saml:proxy/invalid_session.php');
$translator = $template->getTranslator();
$template->data['AuthState'] = (string) $_REQUEST['AuthState'];
// get the name of the IdP
$idpmdcfg = $state['saml:sp:IdPMetadata'];
/** @var SimpleSAML_Configuration $idpmdcfg */
$idpmd = $idpmdcfg->toArray();
Exemple #16
0
 /**
  * Process authentication requests.
  *
  * @param array &$state  The authentication request state.
  */
 public function handleAuthenticationRequest(array &$state)
 {
     assert('isset($state["Responder"])');
     $state['core:IdP'] = $this->id;
     if (isset($state['SPMetadata']['entityid'])) {
         $spEntityId = $state['SPMetadata']['entityid'];
     } elseif (isset($state['SPMetadata']['entityID'])) {
         $spEntityId = $state['SPMetadata']['entityID'];
     } else {
         $spEntityId = NULL;
     }
     $state['core:SP'] = $spEntityId;
     /* First, check whether we need to authenticate the user. */
     if (isset($state['ForceAuthn']) && (bool) $state['ForceAuthn']) {
         /* Force authentication is in effect. */
         $needAuth = TRUE;
     } elseif (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0) {
         $needAuth = TRUE;
     } else {
         $needAuth = !$this->isAuthenticated();
     }
     try {
         if ($needAuth) {
             $this->authenticate($state);
             assert('FALSE');
         } else {
             foreach ($this->authSource->getAuthDataArray() as $k => $v) {
                 $state[$k] = $v;
             }
         }
         $this->postAuth($state);
     } catch (SimpleSAML_Error_Exception $e) {
         SimpleSAML_Auth_State::throwException($state, $e);
     } catch (Exception $e) {
         $e = new SimpleSAML_Error_UnserializableException($e);
         SimpleSAML_Auth_State::throwException($state, $e);
     }
 }