/** * The user is authenticated. * * @param array $state The authentication request state arrray. */ public static function postAuth(array $state) { $idp = SimpleSAML_IdP::getByState($state); if (!$idp->isAuthenticated()) { throw new SimpleSAML_Error_Exception('Not authenticated.'); } $state['Attributes'] = $idp->authSource->getAttributes(); if (isset($state['SPMetadata'])) { $spMetadata = $state['SPMetadata']; } else { $spMetadata = array(); } if (isset($state['core:SP'])) { $session = SimpleSAML_Session::getSessionFromRequest(); $previousSSOTime = $session->getData('core:idp-ssotime', $state['core:IdP'] . ';' . $state['core:SP']); if ($previousSSOTime !== NULL) { $state['PreviousSSOTimestamp'] = $previousSSOTime; } } $idpMetadata = $idp->getConfig()->toArray(); $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadata, $spMetadata, 'idp'); $state['ReturnCall'] = array('SimpleSAML_IdP', 'postAuthProc'); $state['Destination'] = $spMetadata; $state['Source'] = $idpMetadata; $pc->processState($state); self::postAuthProc($state); }
/** * Handle a response from a SSO operation. * * @param array $state The authentication state. * @param string $idp The entity id of the IdP. * @param array $attributes The attributes. */ public function handleResponse(array $state, $idp, array $attributes) { assert('is_string($idp)'); assert('array_key_exists("LogoutState", $state)'); assert('array_key_exists("saml:logout:Type", $state["LogoutState"])'); $idpMetadata = $this->getIdpMetadata($idp); $spMetadataArray = $this->metadata->toArray(); $idpMetadataArray = $idpMetadata->toArray(); /* Save the IdP in the state array. */ $state['saml:sp:IdP'] = $idp; $state['PersistentAuthData'][] = 'saml:sp:IdP'; $authProcState = array('saml:sp:IdP' => $idp, 'saml:sp:State' => $state, 'ReturnCall' => array('sspmod_saml_Auth_Source_SP', 'onProcessingCompleted'), 'Attributes' => $attributes, 'Destination' => $spMetadataArray, 'Source' => $idpMetadataArray); if (isset($state['saml:sp:NameID'])) { $authProcState['saml:sp:NameID'] = $state['saml:sp:NameID']; } if (isset($state['saml:sp:SessionIndex'])) { $authProcState['saml:sp:SessionIndex'] = $state['saml:sp:SessionIndex']; } $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadataArray, $spMetadataArray, 'sp'); $pc->processState($authProcState); self::onProcessingCompleted($authProcState); }
$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId); finishLogin($authProcState); } if (empty($_POST['SAMLResponse'])) { throw new SimpleSAML_Error_Error('ACSPARAMS', $exception); } try { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $binding = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata); $authnResponse = $binding->decodeResponse($_POST); $authnResponse->validate(); /* Successfully authenticated. */ $idpmetadata = $metadata->getMetadata($authnResponse->getIssuer(), 'shib13-idp-remote'); SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Successful authentication to IdP ' . $idpmetadata['entityid']); SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $idpmetadata['entityid'] . ' NA'); $relayState = $authnResponse->getRelayState(); if (!isset($relayState)) { throw new SimpleSAML_Error_Error('NORELAYSTATE'); } $spmetadata = $metadata->getMetaData(NULL, 'shib13-sp-hosted'); /* Begin module attribute processing */ $pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'sp'); $authProcState = array('core:shib13-sp:NameID' => $authnResponse->getNameID(), 'core:shib13-sp:SessionIndex' => $authnResponse->getSessionIndex(), 'core:shib13-sp:TargetURL' => SimpleSAML_Utilities::checkURLAllowed($relayState), 'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(), 'Attributes' => $authnResponse->getAttributes(), 'Destination' => $spmetadata, 'Source' => $idpmetadata); $pc->processState($authProcState); /* Since this function returns, processing has completed and attributes have * been updated. */ finishLogin($authProcState); } catch (Exception $exception) { throw new SimpleSAML_Error_Error('GENERATEAUTHNRESPONSE', $exception); }
/** * Handle a response from a SSO operation. * * @param array $state The authentication state. * @param string $idp The entity id of the IdP. * @param array $attributes The attributes. */ public function handleResponse(array $state, $idp, array $attributes) { assert('is_string($idp)'); assert('array_key_exists("LogoutState", $state)'); assert('array_key_exists("saml:logout:Type", $state["LogoutState"])'); $idpMetadata = $this->getIdpMetadata($idp); $spMetadataArray = $this->metadata->toArray(); $idpMetadataArray = $idpMetadata->toArray(); $authProcState = array('saml:sp:IdP' => $idp, 'saml:sp:State' => $state, 'ReturnCall' => array('sspmod_saml_Auth_Source_SP', 'onProcessingCompleted'), 'Attributes' => $attributes, 'Destination' => $spMetadataArray, 'Source' => $idpMetadataArray); $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadataArray, $spMetadataArray, 'sp'); $pc->processState($authProcState); self::onProcessingCompleted($authProcState); }