<?php
/**
* Show a warning to an user about the SP requesting SSO a short time after
* doing it previously.
*
* @package SimpleSAMLphp
*/
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
$id = $_REQUEST['StateId'];
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
$session = SimpleSAML_Session::getSessionFromRequest();
if (array_key_exists('continue', $_REQUEST)) {
// The user has pressed the continue/retry-button
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php');
$t->data['target'] = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php');
$t->data['params'] = array('StateId' => $id);
$t->data['trackId'] = $session->getTrackID();
$t->show();
public static function completeLogin($authStateId)
{
$state = self::_validateAuthState($authStateId);
$server = self::getServer(false);
$session = SimpleSAML_Session::getSessionFromRequest();
$sessionId = $session->getSessionId();
$user = $server->getAuthenticatedUser($sessionId);
if (empty($user)) {
$url = SimpleSAML_Module::getModuleURL('authTiqr/login.php');
SimpleSAML_Utilities::redirect($url, array('AuthState' => $authStateId));
} else {
if (!isset($state["tiqrUser"])) {
// Single factor. We can now continue to login.
$attributes = array('uid' => array($user), 'displayName' => array(self::getUserStorage()->getDisplayName($user)));
$attributes = array_merge($attributes, self::getUserStorage()->getAdditionalAttributes($user));
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
} else {
// Two factor, we can now complete the processing filter process.
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
}
}
*/
if (isset($_POST['sig_response'])) {
/*
* Verify sig response and log in user. Make sure that verifyResponse
* does not return NULL, if it is NOT NULL then it will return a username.
* You can then set any cookies/session data for that username and complete
* the login process.
*/
$resp = Duo::verifyResponse(IKEY, SKEY, AKEY, $_POST['sig_response']);
if (isset($attributes[$username_attribute])) {
$username = $attributes[$username_attribute][0];
} else {
throw new SimpleSAML_Error_BadRequest('Missing required username attribute.');
}
if ($resp != NULL and $resp === $username) {
SimpleSAML_Auth_ProcessingChain::resumeProcessing($this->data['state']);
} else {
throw new SimpleSAML_Error_BadRequest('Response verification failed.');
}
}
/*
* Verify username and password. If the user and pass are good, then generate
* a sig_request and load up the Duo iframe for secondary authentication.
*/
if (isset($attributes[$username_attribute])) {
$username = $attributes[$username_attribute][0];
// Generate sig request and then load up Duo javascript and iframe
$sig_request = Duo::signRequest(IKEY, SKEY, AKEY, $username);
?>
<script src="Duo-Web-v2.min.js"></script>
<link rel="stylesheet" type="text/css" href="Duo-Frame.css">
/**
* Process a authentication response
*
* This function saves the state, and redirects the user to the Attribute Authority for
* entitlements.
*
* @param array &$state The state of the response.
*
* @return void
*/
public function process(&$state)
{
assert('is_array($state)');
$state['attributeaggregator:authsourceId'] = $state["saml:sp:State"]["saml:sp:AuthId"];
$state['attributeaggregator:entityId'] = $this->entityId;
$state['attributeaggregator:attributeId'] = $state['Attributes'][$this->attributeId];
$state['attributeaggregator:nameIdFormat'] = $this->nameIdFormat;
$state['attributeaggregator:attributes'] = $this->attributes;
$state['attributeaggregator:attributeNameFormat'] = $this->attributeNameFormat;
if (!$state['attributeaggregator:attributeId']) {
if (!$this->required) {
SimpleSAML_Logger::info('[attributeaggregator] This user session does not have ' . $this->attributeId . ', which is required for querying the AA! Continue processing.');
SimpleSAML_Logger::debug('[attributeaggregator] Attributes are: ' . var_export($state['Attributes'], true));
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
throw new SimpleSAML_Error_Exception("This user session does not have " . $this->attributeId . ", which is required for querying the AA! Attributes are: " . var_export($state['Attributes'], 1));
}
// Save state and redirect
$id = SimpleSAML_Auth_State::saveState($state, 'attributeaggregator:request');
$url = SimpleSAML_Module::getModuleURL('attributeaggregator/attributequery.php');
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
// FIXME: redirect is deprecated
}
