Retrieve the IdP "owning" the state.
public static getByState ( array &$state ) : SimpleSAML_IdP | ||
$state | array | |
리턴 | SimpleSAML_IdP | The IdP. |
/** * Start the logout operation. * * @param array &$state The logout state. * @param string|NULL $assocId The SP we are logging out from. */ public function startLogout(array &$state, $assocId) { assert('is_string($assocId) || is_null($assocId)'); $associations = $this->idp->getAssociations(); if (count($associations) === 0) { $this->idp->finishLogout($state); } foreach ($associations as $id => &$association) { $idp = SimpleSAML_IdP::getByState($association); $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; if (!is_null($assocId)) { $spName = $this->idp->getSPName($assocId); if ($spName === NULL) { $spName = array('en' => $assocId); } $state['core:Logout-IFrame:From'] = $spName; } else { $state['core:Logout-IFrame:From'] = NULL; } $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'); $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id)); SimpleSAML_Utilities::redirect($url); }
/** * Handle authentication error. * * SimpleSAML_Error_Exception $exception The exception. * @param array $state The error state. */ public static function handleAuthError(SimpleSAML_Error_Exception $exception, array $state) { assert('isset($state["SPMetadata"])'); assert('isset($state["saml:ConsumerURL"])'); assert('array_key_exists("saml:RequestId", $state)'); // Can be NULL. assert('array_key_exists("saml:RelayState", $state)'); // Can be NULL. $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']'); $requestId = $state['saml:RequestId']; $relayState = $state['saml:RelayState']; $consumerURL = $state['saml:ConsumerURL']; $protocolBinding = $state['saml:Binding']; $idp = SimpleSAML_IdP::getByState($state); $idpMetadata = $idp->getConfig(); $error = sspmod_saml_Error::fromException($exception); SimpleSAML_Logger::warning('Returning error to sp: ' . var_export($spEntityId, TRUE)); $error->logWarning(); $ar = self::buildResponse($idpMetadata, $spMetadata, $consumerURL); $ar->setInResponseTo($requestId); $ar->setRelayState($relayState); $status = array('Code' => $error->getStatus(), 'SubCode' => $error->getSubStatus(), 'Message' => $error->getStatusMessage()); $ar->setStatus($status); $statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'protocol' => 'saml2', 'error' => $status); if (isset($state['saml:AuthnRequestReceivedAt'])) { $statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt']; } SimpleSAML_Stats::log('saml:idp:Response:error', $statsData); $binding = SAML2_Binding::getBinding($protocolBinding); $binding->send($ar); }
/** * Start the logout operation. * * @param array &$state The logout state. * @param string|null $assocId The SP we are logging out from. */ public function startLogout(array &$state, $assocId) { assert('is_string($assocId) || is_null($assocId)'); $associations = $this->idp->getAssociations(); if (count($associations) === 0) { $this->idp->finishLogout($state); } foreach ($associations as $id => &$association) { $idp = SimpleSAML_IdP::getByState($association); $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; if (!is_null($assocId)) { $spName = $this->idp->getSPName($assocId); if ($spName === null) { $spName = array('en' => $assocId); } $state['core:Logout-IFrame:From'] = $spName; } else { $state['core:Logout-IFrame:From'] = null; } $params = array('id' => SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame')); if (isset($state['core:Logout-IFrame:InitType'])) { $params['type'] = $state['core:Logout-IFrame:InitType']; } $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', $params); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url); }
/** * Send a response to the SP. * * @param array $state The authentication state. */ public static function sendResponse(array $state) { assert('isset($state["Attributes"])'); assert('isset($state["SPMetadata"])'); assert('isset($state["saml:shire"])'); assert('array_key_exists("saml:target", $state)'); // Can be NULL $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']'); SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE)); $attributes = $state['Attributes']; $shire = $state['saml:shire']; $target = $state['saml:target']; $idp = SimpleSAML_IdP::getByState($state); $idpMetadata = $idp->getConfig(); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'protocol' => 'saml1'); if (isset($state['saml:AuthnRequestReceivedAt'])) { $statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt']; } SimpleSAML_Stats::log('saml:idp:Response', $statsData); // Generate and send response. $ar = new SimpleSAML_XML_Shib13_AuthnResponse(); $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes); $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata); $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire); }
/** * Picks the next SP and issues a logout request. * * This function never returns. * * @param array &$state The logout state. */ private function logoutNextSP(array &$state) { $association = array_pop($state['core:LogoutTraditional:Remaining']); if ($association === null) { $this->idp->finishLogout($state); } $relayState = \SimpleSAML_Auth_State::saveState($state, 'core:LogoutTraditional', true); $id = $association['id']; Logger::info('Logging out of ' . var_export($id, true) . '.'); try { $idp = \SimpleSAML_IdP::getByState($association); $url = call_user_func(array($association['Handler'], 'getLogoutURL'), $idp, $association, $relayState); HTTP::redirectTrustedURL($url); } catch (\Exception $e) { Logger::warning('Unable to initialize logout to ' . var_export($id, true) . '.'); $this->idp->terminateAssociation($id); $state['core:Failed'] = true; // Try the next SP $this->logoutNextSP($state); assert('FALSE'); } }
/** * Picks the next SP and issues a logout request. * * This function never returns. * * @param array &$state The logout state. */ private function logoutNextSP(array &$state) { $association = array_pop($state['core:LogoutTraditional:Remaining']); if ($association === NULL) { $this->idp->finishLogout($state); } $relayState = SimpleSAML_Auth_State::saveState($state, 'core:LogoutTraditional', TRUE); $id = $association['id']; SimpleSAML_Logger::info('Logging out of ' . var_export($id, TRUE) . '.'); try { $idp = SimpleSAML_IdP::getByState($association); $url = call_user_func(array($association['Handler'], 'getLogoutURL'), $idp, $association, $relayState); SimpleSAML_Utilities::redirect($url); } catch (Exception $e) { SimpleSAML_Logger::warning('Unable to initialize logout to ' . var_export($id, TRUE) . '.'); $this->idp->terminateAssociation($id); $state['core:Failed'] = TRUE; /* Try the next SP. */ $this->logoutNextSP($state); assert('FALSE'); } }
/** * Send a response to the SP. * * @param array $state The authentication state. */ public static function sendResponse(array $state) { assert('isset($state["Attributes"])'); assert('isset($state["SPMetadata"])'); assert('isset($state["saml:shire"])'); assert('array_key_exists("saml:target", $state)'); // Can be NULL. $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']'); SimpleSAML_Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE)); $attributes = $state['Attributes']; $shire = $state['saml:shire']; $target = $state['saml:target']; $idp = SimpleSAML_IdP::getByState($state); $idpMetadata = $idp->getConfig(); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); /* Generate and send response. */ $ar = new SimpleSAML_XML_Shib13_AuthnResponse(); $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes); $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata); $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire); }
$assocConfig = call_user_func(array($sp['Handler'], 'getAssociationConfig'), $assocIdP, $sp); $sp['core:Logout-IFrame:Timeout'] = $assocConfig->getInteger('core:logout-timeout', 5) + time(); } else { $sp['core:Logout-IFrame:Timeout'] = time() + 5; } } } } if ($type === 'js' || $type === 'nojs') { foreach ($state['core:Logout-IFrame:Associations'] as $assocId => &$sp) { if ($sp['core:Logout-IFrame:State'] !== 'inprogress') { /* This SP isn't logging out. */ continue; } try { $assocIdP = SimpleSAML_IdP::getByState($sp); $url = call_user_func(array($sp['Handler'], 'getLogoutURL'), $assocIdP, $sp, NULL); $sp['core:Logout-IFrame:URL'] = $url; } catch (Exception $e) { $sp['core:Logout-IFrame:State'] = 'failed'; } } } $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'); $globalConfig = SimpleSAML_Configuration::getInstance(); if ($type === 'nojs') { $t = new SimpleSAML_XHTML_Template($globalConfig, 'core:logout-iframe-wrapper.php'); $t->data['id'] = $id; $t->data['SPs'] = $state['core:Logout-IFrame:Associations']; $t->show(); exit(0);
/** * Finish the logout operation. * * This function will never return. * * @param array &$state The logout request state. */ public function finishLogout(array &$state) { assert('isset($state["Responder"])'); $idp = SimpleSAML_IdP::getByState($state); call_user_func($state['Responder'], $idp, $state); assert('FALSE'); }
<?php /** * This is the handler for logout started from the consent page. * * @package simpleSAMLphp */ if (!array_key_exists('StateId', $_GET)) { throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.'); } $id = (string) $_GET['StateId']; // sanitize the input $sid = SimpleSAML_Utilities::parseStateID($id); if (!is_null($sid['url'])) { SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'consent:request'); $state['Responder'] = array('sspmod_consent_Logout', 'postLogout'); $idp = SimpleSAML_IdP::getByState($state); $idp->handleLogoutRequest($state, NULL); assert('FALSE');
/** * Log the user out before logging in again. * * This method will never return. * * @param array $state The state array. */ public static function reauthLogout(array $state) { SimpleSAML\Logger::debug('Proxy: logging the user out before re-authentication.'); if (isset($state['Responder'])) { $state['saml:proxy:reauthLogout:PrevResponder'] = $state['Responder']; } $state['Responder'] = array('sspmod_saml_Auth_Source_SP', 'reauthPostLogout'); $idp = SimpleSAML_IdP::getByState($state); $idp->handleLogoutRequest($state, null); assert('false'); }
public static function sendResponse(array $state) { $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']'); $attributes = $state['Attributes']; $nameidattribute = $spMetadata->getValue('simplesaml.nameidattribute'); if (!empty($nameidattribute)) { if (!array_key_exists($nameidattribute, $attributes)) { throw new Exception('simplesaml.nameidattribute does not exist in resulting attribute set'); } $nameid = $attributes[$nameidattribute][0]; } else { $nameid = SimpleSAML_Utilities::generateID(); } $idp = SimpleSAML_IdP::getByState($state); $idpMetadata = $idp->getConfig(); $idpEntityId = $idpMetadata->getString('entityid'); $idp->addAssociation(array('id' => 'adfs:' . $spEntityId, 'Handler' => 'sspmod_adfs_IdP_ADFS', 'adfs:entityID' => $spEntityId)); $response = sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse($idpEntityId, $spEntityId, $nameid, $attributes); $privateKeyFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('privatekey')); $certificateFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('certificate')); $wresult = sspmod_adfs_IdP_ADFS::ADFS_SignResponse($response, $privateKeyFile, $certificateFile); $wctx = $state['adfs:wctx']; sspmod_adfs_IdP_ADFS::ADFS_PostResponse($spMetadata->getValue('prp'), $wresult, $wctx); }