<?php /** * Show a warning to an user about the SP requesting SSO a short time after * doing it previously. * * @package SimpleSAMLphp */ if (!array_key_exists('StateId', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.'); } $id = $_REQUEST['StateId']; $state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval'); $session = SimpleSAML_Session::getSessionFromRequest(); if (array_key_exists('continue', $_REQUEST)) { // The user has pressed the continue/retry-button SimpleSAML_Auth_ProcessingChain::resumeProcessing($state); } $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php'); $t->data['target'] = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php'); $t->data['params'] = array('StateId' => $id); $t->data['trackId'] = $session->getTrackID(); $t->show();
public static function completeLogin($authStateId) { $state = self::_validateAuthState($authStateId); $server = self::getServer(false); $session = SimpleSAML_Session::getSessionFromRequest(); $sessionId = $session->getSessionId(); $user = $server->getAuthenticatedUser($sessionId); if (empty($user)) { $url = SimpleSAML_Module::getModuleURL('authTiqr/login.php'); SimpleSAML_Utilities::redirect($url, array('AuthState' => $authStateId)); } else { if (!isset($state["tiqrUser"])) { // Single factor. We can now continue to login. $attributes = array('uid' => array($user), 'displayName' => array(self::getUserStorage()->getDisplayName($user))); $attributes = array_merge($attributes, self::getUserStorage()->getAdditionalAttributes($user)); $state['Attributes'] = $attributes; SimpleSAML_Auth_Source::completeAuth($state); } else { // Two factor, we can now complete the processing filter process. SimpleSAML_Auth_ProcessingChain::resumeProcessing($state); } } }
*/ if (isset($_POST['sig_response'])) { /* * Verify sig response and log in user. Make sure that verifyResponse * does not return NULL, if it is NOT NULL then it will return a username. * You can then set any cookies/session data for that username and complete * the login process. */ $resp = Duo::verifyResponse(IKEY, SKEY, AKEY, $_POST['sig_response']); if (isset($attributes[$username_attribute])) { $username = $attributes[$username_attribute][0]; } else { throw new SimpleSAML_Error_BadRequest('Missing required username attribute.'); } if ($resp != NULL and $resp === $username) { SimpleSAML_Auth_ProcessingChain::resumeProcessing($this->data['state']); } else { throw new SimpleSAML_Error_BadRequest('Response verification failed.'); } } /* * Verify username and password. If the user and pass are good, then generate * a sig_request and load up the Duo iframe for secondary authentication. */ if (isset($attributes[$username_attribute])) { $username = $attributes[$username_attribute][0]; // Generate sig request and then load up Duo javascript and iframe $sig_request = Duo::signRequest(IKEY, SKEY, AKEY, $username); ?> <script src="Duo-Web-v2.min.js"></script> <link rel="stylesheet" type="text/css" href="Duo-Frame.css">
/** * Process a authentication response * * This function saves the state, and redirects the user to the Attribute Authority for * entitlements. * * @param array &$state The state of the response. * * @return void */ public function process(&$state) { assert('is_array($state)'); $state['attributeaggregator:authsourceId'] = $state["saml:sp:State"]["saml:sp:AuthId"]; $state['attributeaggregator:entityId'] = $this->entityId; $state['attributeaggregator:attributeId'] = $state['Attributes'][$this->attributeId]; $state['attributeaggregator:nameIdFormat'] = $this->nameIdFormat; $state['attributeaggregator:attributes'] = $this->attributes; $state['attributeaggregator:attributeNameFormat'] = $this->attributeNameFormat; if (!$state['attributeaggregator:attributeId']) { if (!$this->required) { SimpleSAML_Logger::info('[attributeaggregator] This user session does not have ' . $this->attributeId . ', which is required for querying the AA! Continue processing.'); SimpleSAML_Logger::debug('[attributeaggregator] Attributes are: ' . var_export($state['Attributes'], true)); SimpleSAML_Auth_ProcessingChain::resumeProcessing($state); } throw new SimpleSAML_Error_Exception("This user session does not have " . $this->attributeId . ", which is required for querying the AA! Attributes are: " . var_export($state['Attributes'], 1)); } // Save state and redirect $id = SimpleSAML_Auth_State::saveState($state, 'attributeaggregator:request'); $url = SimpleSAML_Module::getModuleURL('attributeaggregator/attributequery.php'); SimpleSAML_Utilities::redirect($url, array('StateId' => $id)); // FIXME: redirect is deprecated }