コード例 #1
0
<?php

/**
 * Show a warning to an user about the SP requesting SSO a short time after
 * doing it previously.
 *
 * @package SimpleSAMLphp
 */
if (!array_key_exists('StateId', $_REQUEST)) {
    throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
$id = $_REQUEST['StateId'];
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
$session = SimpleSAML_Session::getSessionFromRequest();
if (array_key_exists('continue', $_REQUEST)) {
    // The user has pressed the continue/retry-button
    SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php');
$t->data['target'] = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php');
$t->data['params'] = array('StateId' => $id);
$t->data['trackId'] = $session->getTrackID();
$t->show();
コード例 #2
0
ファイル: Tiqr.php プロジェクト: RKathees/is-connectors
 public static function completeLogin($authStateId)
 {
     $state = self::_validateAuthState($authStateId);
     $server = self::getServer(false);
     $session = SimpleSAML_Session::getSessionFromRequest();
     $sessionId = $session->getSessionId();
     $user = $server->getAuthenticatedUser($sessionId);
     if (empty($user)) {
         $url = SimpleSAML_Module::getModuleURL('authTiqr/login.php');
         SimpleSAML_Utilities::redirect($url, array('AuthState' => $authStateId));
     } else {
         if (!isset($state["tiqrUser"])) {
             // Single factor. We can now continue to login.
             $attributes = array('uid' => array($user), 'displayName' => array(self::getUserStorage()->getDisplayName($user)));
             $attributes = array_merge($attributes, self::getUserStorage()->getAdditionalAttributes($user));
             $state['Attributes'] = $attributes;
             SimpleSAML_Auth_Source::completeAuth($state);
         } else {
             // Two factor, we can now complete the processing filter process.
             SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
         }
     }
 }
コード例 #3
0
 */
if (isset($_POST['sig_response'])) {
    /*
     * Verify sig response and log in user. Make sure that verifyResponse
     * does not return NULL, if it is NOT NULL then it will return a username.
     * You can then set any cookies/session data for that username and complete
     * the login process.
     */
    $resp = Duo::verifyResponse(IKEY, SKEY, AKEY, $_POST['sig_response']);
    if (isset($attributes[$username_attribute])) {
        $username = $attributes[$username_attribute][0];
    } else {
        throw new SimpleSAML_Error_BadRequest('Missing required username attribute.');
    }
    if ($resp != NULL and $resp === $username) {
        SimpleSAML_Auth_ProcessingChain::resumeProcessing($this->data['state']);
    } else {
        throw new SimpleSAML_Error_BadRequest('Response verification failed.');
    }
}
/*
 * Verify username and password. If the user and pass are good, then generate
 * a sig_request and load up the Duo iframe for secondary authentication.
 */
if (isset($attributes[$username_attribute])) {
    $username = $attributes[$username_attribute][0];
    // Generate sig request and then load up Duo javascript and iframe
    $sig_request = Duo::signRequest(IKEY, SKEY, AKEY, $username);
    ?>
    <script src="Duo-Web-v2.min.js"></script>
    <link rel="stylesheet" type="text/css" href="Duo-Frame.css">
 /**
  * Process a authentication response
  *
  * This function saves the state, and redirects the user to the Attribute Authority for
  * entitlements.
  *
  * @param array &$state The state of the response.
  *
  * @return void
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     $state['attributeaggregator:authsourceId'] = $state["saml:sp:State"]["saml:sp:AuthId"];
     $state['attributeaggregator:entityId'] = $this->entityId;
     $state['attributeaggregator:attributeId'] = $state['Attributes'][$this->attributeId];
     $state['attributeaggregator:nameIdFormat'] = $this->nameIdFormat;
     $state['attributeaggregator:attributes'] = $this->attributes;
     $state['attributeaggregator:attributeNameFormat'] = $this->attributeNameFormat;
     if (!$state['attributeaggregator:attributeId']) {
         if (!$this->required) {
             SimpleSAML_Logger::info('[attributeaggregator] This user session does not have ' . $this->attributeId . ', which is required for querying the AA! Continue processing.');
             SimpleSAML_Logger::debug('[attributeaggregator] Attributes are: ' . var_export($state['Attributes'], true));
             SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
         }
         throw new SimpleSAML_Error_Exception("This user session does not have " . $this->attributeId . ", which is required for querying the AA! Attributes are: " . var_export($state['Attributes'], 1));
     }
     // Save state and redirect
     $id = SimpleSAML_Auth_State::saveState($state, 'attributeaggregator:request');
     $url = SimpleSAML_Module::getModuleURL('attributeaggregator/attributequery.php');
     SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
     // FIXME: redirect is deprecated
 }