/** * @param SamlToken $token * @return TokenInterface|void */ public function authenticate(TokenInterface $token) { $translatedAssertion = $this->attributeDictionary->translate($token->assertion); $nameId = $translatedAssertion->getNameID(); $institution = $translatedAssertion->getAttribute('schacHomeOrganization'); $email = $translatedAssertion->getAttribute('mail'); $commonName = $translatedAssertion->getAttribute('commonName'); $identity = $this->identityService->findByNameIdAndInstitution($nameId, $institution); if ($identity === null) { $identity = new Identity(); $identity->id = Uuid::generate(); $identity->nameId = $nameId; $identity->institution = $institution; $identity->email = $email; $identity->commonName = $commonName; $identity->preferredLocale = $this->preferredLocaleProvider->providePreferredLocale(); $this->identityService->createIdentity($identity); } elseif ($identity->email !== $email || $identity->commonName !== $commonName) { $identity->email = $email; $identity->commonName = $commonName; $this->identityService->updateIdentity($identity); } $authenticatedToken = new SamlToken(['ROLE_USER']); $authenticatedToken->setUser($identity); return $authenticatedToken; }
/** * @param SamlToken|TokenInterface $token * @return TokenInterface|void */ public function authenticate(TokenInterface $token) { $translatedAssertion = $this->attributeDictionary->translate($token->assertion); $nameId = $translatedAssertion->getNameID(); $institution = $translatedAssertion->getAttribute('schacHomeOrganization'); $identity = $this->identityService->findByNameIdAndInstitution($nameId, $institution); // if no identity can be found, we're done. if ($identity === null) { throw new BadCredentialsException('Unable to find Identity matching the criteria. Has the identity been registered before?'); } $raCredentials = $this->identityService->getRaCredentials($identity); // if no credentials can be found, we're done. if (!$raCredentials) { throw new BadCredentialsException('The Identity is not registered as (S)RA(A) and therefor does not have access to this application'); } // determine the role based on the credentials given $roles = []; if ($raCredentials->isSraa) { $roles[] = 'ROLE_SRAA'; } if ($raCredentials->isRaa) { $roles[] = 'ROLE_RAA'; } else { $roles[] = 'ROLE_RA'; } // set the token $authenticatedToken = new SamlToken($token->getLoa(), $roles); $authenticatedToken->setUser($identity); return $authenticatedToken; }
public function authenticate(TokenInterface $token) { ConfigurableAttributeSetFactory::configureWhichAttributeSetToCreate(AttributeSetWithFallbacks::class); $translatedAssertion = $this->attributeDictionary->translate($token->assertion); $authenticatingAuthorities = array_map(function ($authenticatingAuthority) { return new EntityId($authenticatingAuthority); }, $token->assertion->getAuthenticatingAuthority()); $user = AuthenticatedUser::createFrom($translatedAssertion, $authenticatingAuthorities); $authenticatedToken = new SamlToken(['ROLE_USER']); $authenticatedToken->setUser($user); return $authenticatedToken; }