function handleResponse() { try { $binding = SAML2_Binding::getCurrentBinding(); $response = $binding->receive(); } catch (Exception $e) { return; } SimpleSAML_Logger::debug('attributequery - received message.'); if (!$response instanceof SAML2_Response) { throw new SimpleSAML_Error_Exception('Unexpected message received to attribute query example.'); } $idpEntityId = $response->getIssuer(); if ($idpEntityId === NULL) { throw new SimpleSAML_Error_Exception('Missing issuer in response.'); } $idpMetadata = $GLOBALS['metadata']->getMetaDataConfig($idpEntityId, 'saml20-idp-remote'); $spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted'); $assertion = sspmod_saml2_Message::processResponse($spMetadata, $idpMetadata, $response); $dataId = $response->getRelayState(); if ($dataId === NULL) { throw new SimpleSAML_Error_Exception('RelayState was lost during request.'); } $data = $GLOBALS['session']->getData('attributequeryexample:data', $dataId); $data['attributes'] = $assertion->getAttributes(); $GLOBALS['session']->setData('attributequeryexample:data', $dataId, $data, 3600); SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('dataId' => $dataId)); }
if ($source === NULL) { throw new Exception('Could not find authentication source with id ' . $sourceId); } $idp = $response->getIssuer(); if ($idp === NULL) { throw new Exception('Missing <saml:Issuer> in message delivered to AssertionConsumerService.'); } $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote'); $spMetadata = $source->getMetadata(); /* Check if the IdP is allowed to authenticate users for this authentication source. */ if (!$source->isIdPValid($idp)) { throw new Exception('Invalid IdP responded for authentication source with id ' . $sourceId . '. The IdP was ' . var_export($idp, TRUE)); } try { $assertion = sspmod_saml2_Message::processResponse($spMetadata, $idpMetadata, $response); } catch (sspmod_saml2_Error $e) { /* The status of the response wasn't "success". */ $e = $e->toException(); SimpleSAML_Auth_State::throwException($state, $e); } $nameId = $assertion->getNameId(); $sessionIndex = $assertion->getSessionIndex(); /* We need to save the NameID and SessionIndex for logout. */ $logoutState = array(sspmod_saml2_Auth_Source_SP::LOGOUT_IDP => $idp, sspmod_saml2_Auth_Source_SP::LOGOUT_NAMEID => $nameId, sspmod_saml2_Auth_Source_SP::LOGOUT_SESSIONINDEX => $sessionIndex); $state['LogoutState'] = $logoutState; $spMetadataArray = $spMetadata->toArray(); $idpMetadataArray = $idpMetadata->toArray(); $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadataArray, $spMetadataArray, 'sp'); $authProcState = array('saml2:sp:IdP' => $idp, 'saml2:sp:State' => $state, 'ReturnCall' => array('sspmod_saml2_Auth_Source_SP', 'onProcessingCompleted'), 'Attributes' => $assertion->getAttributes(), 'Destination' => $spMetadataArray, 'Source' => $idpMetadataArray); $pc->processState($authProcState);