public function handle(GetResponseEvent $event) { $request = $event->getRequest(); try { $samlToken = new SamlUserToken(); $samlToken->setDirectEntry($this->options['direct_entry']); $authToken = $this->authenticationManager->authenticate($samlToken); if ($authToken instanceof TokenInterface) { $this->onSuccess($request, $authToken); return $authToken; } else { if ($authToken instanceof Response) { return $event->setResponse($authToken); } } } catch (\Exception $e) { $token = $this->tokenStorage->getToken(); list($attributes) = $this->map->getPatterns($request); if (null !== $token && null !== $attributes) { if ($token->isAuthenticated() && $this->accessDecisionManager->decide($token, $attributes, $request)) { return; } } $this->requestSaml($request); $token = $this->tokenStorage->getToken(); if ($token instanceof SamlUserToken) { $this->tokenStorage->setToken(null); } return; //throw new AuthenticationException('The Saml user could not be retrieved from the session.'); } // By default deny authorization $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $event->setResponse($response); }
public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user) { $authenticatedToken = new SamlUserToken($user->getRoles()); $authenticatedToken->setUser($user); $authenticatedToken->setAuthenticated(true); $authenticatedToken->setAttributes($token->getAttributes()); $authenticatedToken->setDirectEntry($token->getDirectEntry()); return $authenticatedToken; } throw new AuthenticationException('The SAML authentication failed.'); }