Author: Andreas Åkre Solberg, UNINETT AS. (andreas.solberg@uninett.no)
Esempio n. 1
0
 /**
  * Send a response to the SP.
  *
  * @param array $state  The authentication state.
  */
 public static function sendResponse(array $state)
 {
     assert('isset($state["Attributes"])');
     assert('isset($state["SPMetadata"])');
     assert('isset($state["saml:shire"])');
     assert('array_key_exists("saml:target", $state)');
     // Can be NULL
     $spMetadata = $state["SPMetadata"];
     $spEntityId = $spMetadata['entityid'];
     $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']');
     SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE));
     $attributes = $state['Attributes'];
     $shire = $state['saml:shire'];
     $target = $state['saml:target'];
     $idp = SimpleSAML_IdP::getByState($state);
     $idpMetadata = $idp->getConfig();
     $config = SimpleSAML_Configuration::getInstance();
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'protocol' => 'saml1');
     if (isset($state['saml:AuthnRequestReceivedAt'])) {
         $statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt'];
     }
     SimpleSAML_Stats::log('saml:idp:Response', $statsData);
     // Generate and send response.
     $ar = new SimpleSAML_XML_Shib13_AuthnResponse();
     $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);
     $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
     $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire);
 }
Esempio n. 2
0
 /**
  * Send a response to the SP.
  *
  * @param array $state  The authentication state.
  */
 public static function sendResponse(array $state)
 {
     assert('isset($state["Attributes"])');
     assert('isset($state["SPMetadata"])');
     assert('isset($state["saml:shire"])');
     assert('array_key_exists("saml:target", $state)');
     // Can be NULL.
     $spMetadata = $state["SPMetadata"];
     $spEntityId = $spMetadata['entityid'];
     $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']');
     SimpleSAML_Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE));
     $attributes = $state['Attributes'];
     $shire = $state['saml:shire'];
     $target = $state['saml:target'];
     $idp = SimpleSAML_IdP::getByState($state);
     $idpMetadata = $idp->getConfig();
     $config = SimpleSAML_Configuration::getInstance();
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     /* Generate and send response. */
     $ar = new SimpleSAML_XML_Shib13_AuthnResponse();
     $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);
     $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
     $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire);
 }
    /* We have returned from the authentication processing filters. */
    $authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
    // sanitize the input
    $sid = SimpleSAML_Utilities::parseStateID($authProcId);
    if (!is_null($sid['url'])) {
        SimpleSAML_Utilities::checkURLAllowed($sid['url']);
    }
    $authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
    finishLogin($authProcState);
}
if (empty($_POST['SAMLResponse'])) {
    throw new SimpleSAML_Error_Error('ACSPARAMS', $exception);
}
try {
    $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
    $binding = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
    $authnResponse = $binding->decodeResponse($_POST);
    $authnResponse->validate();
    /* Successfully authenticated. */
    $idpmetadata = $metadata->getMetadata($authnResponse->getIssuer(), 'shib13-idp-remote');
    SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Successful authentication to IdP ' . $idpmetadata['entityid']);
    SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $idpmetadata['entityid'] . ' NA');
    $relayState = $authnResponse->getRelayState();
    if (!isset($relayState)) {
        throw new SimpleSAML_Error_Error('NORELAYSTATE');
    }
    $spmetadata = $metadata->getMetaData(NULL, 'shib13-sp-hosted');
    /* Begin module attribute processing */
    $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'sp');
    $authProcState = array('core:shib13-sp:NameID' => $authnResponse->getNameID(), 'core:shib13-sp:SessionIndex' => $authnResponse->getSessionIndex(), 'core:shib13-sp:TargetURL' => SimpleSAML_Utilities::checkURLAllowed($relayState), 'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(), 'Attributes' => $authnResponse->getAttributes(), 'Destination' => $spmetadata, 'Source' => $idpmetadata);
    $pc->processState($authProcState);
Esempio n. 4
0
    if (!array_key_exists('AssertionConsumerService', $spmetadata)) {
        throw new Exception('Could not find [AssertionConsumerService] in Shib 1.3 Service Provider remote metadata.');
    }
    $foundACS = FALSE;
    foreach (SimpleSAML_Utilities::arrayize($spmetadata['AssertionConsumerService']) as $acs) {
        if ($acs === $shire) {
            SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Found AssertionConsumerService: ' . $acs);
            $foundACS = TRUE;
            break;
        }
    }
    if (!$foundACS) {
        throw new Exception('Invalid AssertionConsumerService for SP ' . var_export($spmetadata['entityid'], TRUE) . ': ' . var_export($shire, TRUE));
    }
    $attributes = $session->getAttributes();
    /* Authentication processing operations. */
    if (!isset($authProcState)) {
        /* Not processed. */
        $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'idp');
        $authProcState = array('core:shib13-idp:requestcache' => $requestcache, 'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(), 'Attributes' => $attributes, 'Destination' => $spmetadata, 'Source' => $idpmetadata);
        $pc->processState($authProcState);
    }
    $attributes = $authProcState['Attributes'];
    /* Generate and send response. */
    $ar = new SimpleSAML_XML_Shib13_AuthnResponse();
    $authnResponseXML = $ar->generate($idpmetadata, $spmetadata, $shire, $attributes);
    $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
    $httppost->sendResponse($authnResponseXML, $idpmetadata, $spmetadata, $requestcache['RelayState'], $shire);
} catch (Exception $exception) {
    SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $exception);
}