Receive an authentication request.
public static receiveAuthnRequest ( SimpleSAML_IdP $idp ) | ||
$idp | SimpleSAML_IdP | The IdP we are receiving it for. |
public function actionSso() { $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId); \sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp); assert('FALSE'); }
public function actionSso() { //logout previous sso session \utilities\Registry::clearRegistry(); $isRequestPost = $this->_request->isPost(); if ($isRequestPost) { // check if every required parameter is set or not $username = $this->_request->getParam('username', null); $password = $this->_request->getParam('password', null); $referrer = $this->_request->getParam('spentityid', null); if (!$username) { $this->_response->renderJson(array('message' => 'Username is not set')); } if (!$password) { $this->_response->renderJson(array('message' => 'Password is not set')); } if (!$referrer) { $this->_response->renderJson(array('message' => 'Referrer not set')); } $objDbUserauth = new \models\Users(); // check if user is authenticated or not $userAuthenticationStatus = $objDbUserauth->authenticate($username, $password); // user locked due to 5 invalid attempts if (\models\Users::ERROR_USER_LOCKED === $userAuthenticationStatus) { $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => $userAuthenticationStatus)); } //user password is expired if (\models\Users::ERROR_USER_PWD_EXPIRED === $userAuthenticationStatus) { $this->_response->renderJson(array('message' => 'Your password is expired', 'authstatus' => $userAuthenticationStatus)); } //user authentication is successfull if ($userAuthenticationStatus === true) { $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId); \sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp); assert('FALSE'); } else { //handle invalid attempts $objInvalidAttempts = new \models\UserLoginAttempts(); $loginAttemptsLeft = $objInvalidAttempts->handleInvalidLoginAttempts($username); $invalidAttempt = false; // if attempt is invalid username is wrong $message = "Invalid credentials"; if ($loginAttemptsLeft !== false) { // if last attempt was hit then show that account is locked if ($loginAttemptsLeft === 0) { $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => \models\Users::ERROR_USER_LOCKED)); } $invalidAttempt = true; $message = "Incorrect Password.You have {$loginAttemptsLeft} attempts left"; } $this->_response->renderJson(array('message' => $message, 'invalidAttempt' => $invalidAttempt)); exit; } } $this->_response->renderJson(array('message' => 'Only post request are accepted')); }
<?php /** * The SSOService is part of the SAML 2.0 IdP code, and it receives incoming Authentication Requests * from a SAML 2.0 SP, parses, and process it, and then authenticates the user and sends the user back * to the SP with an Authentication Response. * * @author Andreas Åkre Solberg, UNINETT AS. <*****@*****.**> * @package SimpleSAMLphp */ require_once '../../_include.php'; SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService'); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId); try { sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp); } catch (Exception $e) { if ($e->getMessage() === "Unable to find the current binding.") { throw new SimpleSAML_Error_Error('SSOPARAMS', $e, 400); } else { throw $e; // do not ignore other exceptions! } } assert('FALSE');