if (array_key_exists('SAMLart', $_REQUEST)) { if (!isset($state['saml:idp'])) { /* Unsolicited response. */ throw new SimpleSAML_Error_Exception('IdP initiated authentication not supported with the SAML 1.1 SAMLart protocol.'); } $idpMetadata = $source->getIdPMetadata($state['saml:idp']); $responseXML = SimpleSAML_Bindings_Shib13_Artifact::receive($spMetadata, $idpMetadata); $isValidated = TRUE; /* Artifact binding validated with ssl certificate. */ } elseif (array_key_exists('SAMLResponse', $_REQUEST)) { $responseXML = $_REQUEST['SAMLResponse']; $responseXML = base64_decode($responseXML); $isValidated = FALSE; /* Must check signature on response. */ } else { assert('FALSE'); } $response = new SimpleSAML_XML_Shib13_AuthnResponse(); $response->setXML($responseXML); $response->setMessageValidated($isValidated); $response->validate(); $responseIssuer = $response->getIssuer(); $attributes = $response->getAttributes(); if (isset($state['saml:idp']) && $responseIssuer !== $state['saml:idp']) { throw new SimpleSAML_Error_Exception('The issuer of the response wasn\'t the destination of the request.'); } $logoutState = array('saml:logout:Type' => 'saml1'); $state['LogoutState'] = $logoutState; $state['saml:sp:NameID'] = $response->getNameID(); $source->handleResponse($state, $responseIssuer, $attributes); assert('FALSE');