If the response is an error response, we will throw a sspmod_saml_Error
exception with the error.
| public static processResponse ( SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata, SAML2\Response $response ) : array | ||
| $spMetadata | SimpleSAML_Configuration | The metadata of the service provider. |
| $idpMetadata | SimpleSAML_Configuration | The metadata of the identity provider. |
| $response | SAML2\Response | The response. |
| return | array | Array with \SAML2\Assertion objects, containing valid assertions from the response. |
function handleResponse()
{
try {
$binding = SAML2_Binding::getCurrentBinding();
$response = $binding->receive();
} catch (Exception $e) {
return;
}
SimpleSAML_Logger::debug('attributequery - received message.');
if (!$response instanceof SAML2_Response) {
throw new SimpleSAML_Error_Exception('Unexpected message received to attribute query example.');
}
$idpEntityId = $response->getIssuer();
if ($idpEntityId === NULL) {
throw new SimpleSAML_Error_Exception('Missing issuer in response.');
}
$idpMetadata = $GLOBALS['metadata']->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
$spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted');
$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
if (count($assertion) > 1) {
throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
}
$assertion = $assertion[0];
$dataId = $response->getRelayState();
if ($dataId === NULL) {
throw new SimpleSAML_Error_Exception('RelayState was lost during request.');
}
$data = $GLOBALS['session']->getData('attributequeryexample:data', $dataId);
$data['attributes'] = $assertion->getAttributes();
$GLOBALS['session']->setData('attributequeryexample:data', $dataId, $data, 3600);
SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('dataId' => $dataId));
}
if ($state['saml:sp:AuthId'] !== $sourceId) {
throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
}
/* Check that the issuer is the one we are expecting. */
assert('array_key_exists("ExpectedIssuer", $state)');
if ($state['ExpectedIssuer'] !== $idp) {
throw new SimpleSAML_Error_Exception('The issuer of the response does not match to the identity provider we sent the request to.');
}
} else {
/* This is an unsolicited response. */
$state = array('saml:sp:isUnsolicited' => TRUE, 'saml:sp:AuthId' => $sourceId, 'saml:sp:RelayState' => $response->getRelayState());
}
SimpleSAML_Logger::debug('Received SAML2 Response from ' . var_export($idp, TRUE) . '.');
$idpMetadata = $source->getIdPmetadata($idp);
try {
$assertions = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
} catch (sspmod_saml_Error $e) {
/* The status of the response wasn't "success". */
$e = $e->toException();
SimpleSAML_Auth_State::throwException($state, $e);
}
$authenticatingAuthority = NULL;
$nameId = NULL;
$sessionIndex = NULL;
$expire = NULL;
$attributes = array();
$foundAuthnStatement = FALSE;
foreach ($assertions as $assertion) {
/* Check for duplicate assertion (replay attack). */
$store = SimpleSAML_Store::getInstance();
if ($store !== FALSE) {
