/**
* @param SamlToken|TokenInterface $token
* @return TokenInterface|void
*/
public function authenticate(TokenInterface $token)
{
$translatedAssertion = $this->attributeDictionary->translate($token->assertion);
$nameId = $translatedAssertion->getNameID();
$institution = $translatedAssertion->getAttribute('schacHomeOrganization');
$identity = $this->identityService->findByNameIdAndInstitution($nameId, $institution);
// if no identity can be found, we're done.
if ($identity === null) {
throw new BadCredentialsException('Unable to find Identity matching the criteria. Has the identity been registered before?');
}
$raCredentials = $this->identityService->getRaCredentials($identity);
// if no credentials can be found, we're done.
if (!$raCredentials) {
throw new BadCredentialsException('The Identity is not registered as (S)RA(A) and therefor does not have access to this application');
}
// determine the role based on the credentials given
$roles = [];
if ($raCredentials->isSraa) {
$roles[] = 'ROLE_SRAA';
}
if ($raCredentials->isRaa) {
$roles[] = 'ROLE_RAA';
} else {
$roles[] = 'ROLE_RA';
}
// set the token
$authenticatedToken = new SamlToken($token->getLoa(), $roles);
$authenticatedToken->setUser($identity);
return $authenticatedToken;
}
