/**
* @param SamlToken $token
* @return TokenInterface|void
*/
public function authenticate(TokenInterface $token)
{
$translatedAssertion = $this->attributeDictionary->translate($token->assertion);
$nameId = $translatedAssertion->getNameID();
$institution = $translatedAssertion->getAttribute('schacHomeOrganization');
$email = $translatedAssertion->getAttribute('mail');
$commonName = $translatedAssertion->getAttribute('commonName');
$identity = $this->identityService->findByNameIdAndInstitution($nameId, $institution);
if ($identity === null) {
$identity = new Identity();
$identity->id = Uuid::generate();
$identity->nameId = $nameId;
$identity->institution = $institution;
$identity->email = $email;
$identity->commonName = $commonName;
$identity->preferredLocale = $this->preferredLocaleProvider->providePreferredLocale();
$this->identityService->createIdentity($identity);
} elseif ($identity->email !== $email || $identity->commonName !== $commonName) {
$identity->email = $email;
$identity->commonName = $commonName;
$this->identityService->updateIdentity($identity);
}
$authenticatedToken = new SamlToken(['ROLE_USER']);
$authenticatedToken->setUser($identity);
return $authenticatedToken;
}
/**
* @param SamlToken|TokenInterface $token
* @return TokenInterface|void
*/
public function authenticate(TokenInterface $token)
{
$translatedAssertion = $this->attributeDictionary->translate($token->assertion);
$nameId = $translatedAssertion->getNameID();
$institution = $translatedAssertion->getAttribute('schacHomeOrganization');
$identity = $this->identityService->findByNameIdAndInstitution($nameId, $institution);
// if no identity can be found, we're done.
if ($identity === null) {
throw new BadCredentialsException('Unable to find Identity matching the criteria. Has the identity been registered before?');
}
$raCredentials = $this->identityService->getRaCredentials($identity);
// if no credentials can be found, we're done.
if (!$raCredentials) {
throw new BadCredentialsException('The Identity is not registered as (S)RA(A) and therefor does not have access to this application');
}
// determine the role based on the credentials given
$roles = [];
if ($raCredentials->isSraa) {
$roles[] = 'ROLE_SRAA';
}
if ($raCredentials->isRaa) {
$roles[] = 'ROLE_RAA';
} else {
$roles[] = 'ROLE_RA';
}
// set the token
$authenticatedToken = new SamlToken($token->getLoa(), $roles);
$authenticatedToken->setUser($identity);
return $authenticatedToken;
}
public function authenticate(TokenInterface $token)
{
ConfigurableAttributeSetFactory::configureWhichAttributeSetToCreate(AttributeSetWithFallbacks::class);
$translatedAssertion = $this->attributeDictionary->translate($token->assertion);
$authenticatingAuthorities = array_map(function ($authenticatingAuthority) {
return new EntityId($authenticatingAuthority);
}, $token->assertion->getAuthenticatingAuthority());
$user = AuthenticatedUser::createFrom($translatedAssertion, $authenticatingAuthorities);
$authenticatedToken = new SamlToken(['ROLE_USER']);
$authenticatedToken->setUser($user);
return $authenticatedToken;
}
