login() публичный метод

Initiates the SSO process.
public login ( string | null $returnTo = null, array $parameters = [], boolean $forceAuthn = false, boolean $isPassive = false, boolean $stay = false, boolean $setNameIdPolicy = true ) : If
$returnTo string | null The target URL the user should be returned to after login.
$parameters array Extra parameters to be added to the GET
$forceAuthn boolean When true the AuthNReuqest will set the ForceAuthn='true'
$isPassive boolean When true the AuthNReuqest will set the Ispassive='true'
$stay boolean True if we want to stay (returns the url string) False to redirect
$setNameIdPolicy boolean When true the AuthNReuqest will set a nameIdPolicy element
Результат If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
Пример #1
0
$dbobj = $Tools->fetch_object("usersAuthMethod", "type", "SAML2");
if (!$dbobj) {
    $Result->show("danger", "SAML settings not found in database", true);
}
//decode authentication module params
$params = json_decode($dbobj->params);
//if using advanced settings, instantiate without db settings
if ($params->advanced == "1") {
    $auth = new OneLogin_Saml2_Auth();
} else {
    $settings = array('sp' => array('entityId' => $Tools->createURL(), 'assertionConsumerService' => array('url' => create_link('saml2')), 'singleLogoutService' => array('url' => $Tools->createURL()), 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'), 'idp' => array('entityId' => $params->idpissuer, 'singleSignOnService' => array('url' => $params->idplogin), 'singleLogoutService' => array('url' => $params->idplogout), 'certFingerprint' => $params->idpcertfingerprint, 'certFingerprintAlgorithm' => $params->idpcertalgorithm));
    $auth = new OneLogin_Saml2_Auth($settings);
}
//if SAMLResponse is not in the request, create an authnrequest and send it to the idp
if (!isset($_POST["SAMLResponse"])) {
    $ssoBuiltUrl = $auth->login(null, array(), false, false, true);
    $_SESSION['AuthNRequestID'] = $auth->getLastRequestID();
    header('Pragma: no-cache');
    header('Cache-Control: no-cache, must-revalidate');
    header('Location: ' . $ssoBuiltUrl);
    exit;
} else {
    //process the authentication response
    if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) {
        $requestID = $_SESSION['AuthNRequestID'];
    } else {
        $requestID = null;
    }
    // process errors and check for errors
    $auth->processResponse($requestID);
    $errors = $auth->getErrors();
Пример #2
0
<?php

/**
 *  SAML Handler
 */
session_start();
require_once dirname(dirname(__FILE__)) . '/_toolkit_loader.php';
require_once 'settings_example.php';
/*
echo "Settings info ";
var_dump($settingsInfo);
*/
$auth = new OneLogin_Saml2_Auth($settingsInfo);
if (isset($_GET['sso'])) {
    $auth->login();
    # If AuthNRequest ID need to be saved in order to later validate it, do instead
    # $ssoBuiltUrl = $auth->login(null, array(), false, false, true);
    # $_SESSION['AuthNRequestID'] = $auth->getLastRequestID();
    # header('Pragma: no-cache');
    # header('Cache-Control: no-cache, must-revalidate');
    # header('Location: ' . $ssoBuiltUrl);
    # exit();
} else {
    if (isset($_GET['sso2'])) {
        $returnTo = $spBaseUrl . '/demo1/attrs.php';
        $auth->login($returnTo);
    } else {
        if (isset($_GET['slo'])) {
            $returnTo = null;
            $paramters = array();
            $nameId = null;
Пример #3
0
 /**
  * Tests the login method of the OneLogin_Saml2_Auth class
  * Case Logout with no parameters. A AuthN Request is built with IsPassive and redirect executed
  *
  * @covers OneLogin_Saml2_Auth::login
  * @runInSeparateProcess
  */
 public function testLoginIsPassive()
 {
     $settingsDir = TEST_ROOT . '/settings/';
     include $settingsDir . 'settings1.php';
     $settingsInfo['security']['authnRequestsSigned'] = true;
     $auth = new OneLogin_Saml2_Auth($settingsInfo);
     try {
         // The Header of the redirect produces an Exception
         $returnTo = 'http://example.com/returnto';
         $auth->login($returnTo);
         // Do not ever get here
         $this->assertFalse(true);
     } catch (Exception $e) {
         $this->assertContains('Cannot modify header information', $e->getMessage());
         $trace = $e->getTrace();
         $targetUrl = getUrlFromRedirect($trace);
         $parsedQuery = getParamsFromUrl($targetUrl);
         $ssoUrl = $settingsInfo['idp']['singleSignOnService']['url'];
         $this->assertContains($ssoUrl, $targetUrl);
         $this->assertArrayHasKey('SAMLRequest', $parsedQuery);
         $encodedRequest = $parsedQuery['SAMLRequest'];
         $decoded = base64_decode($encodedRequest);
         $request = gzinflate($decoded);
         $this->assertNotContains('IsPassive="true"', $request);
     }
     try {
         // The Header of the redirect produces an Exception
         $returnTo = 'http://example.com/returnto';
         $auth->login($returnTo, array(), false, false);
         // Do not ever get here
         $this->assertFalse(true);
     } catch (Exception $e) {
         $this->assertContains('Cannot modify header information', $e->getMessage());
         $trace2 = $e->getTrace();
         $targetUrl2 = getUrlFromRedirect($trace2);
         $parsedQuery2 = getParamsFromUrl($targetUrl2);
         $ssoUrl2 = $settingsInfo['idp']['singleSignOnService']['url'];
         $this->assertContains($ssoUrl2, $targetUrl2);
         $this->assertArrayHasKey('SAMLRequest', $parsedQuery2);
         $encodedRequest2 = $parsedQuery2['SAMLRequest'];
         $decoded2 = base64_decode($encodedRequest2);
         $request2 = gzinflate($decoded2);
         $this->assertNotContains('IsPassive="true"', $request2);
     }
     try {
         // The Header of the redirect produces an Exception
         $returnTo = 'http://example.com/returnto';
         $auth->login($returnTo, array(), false, true);
         // Do not ever get here
         $this->assertFalse(true);
     } catch (Exception $e) {
         $this->assertContains('Cannot modify header information', $e->getMessage());
         $trace3 = $e->getTrace();
         $targetUrl3 = getUrlFromRedirect($trace3);
         $parsedQuery3 = getParamsFromUrl($targetUrl3);
         $ssoUrl3 = $settingsInfo['idp']['singleSignOnService']['url'];
         $this->assertContains($ssoUrl3, $targetUrl3);
         $this->assertArrayHasKey('SAMLRequest', $parsedQuery3);
         $encodedRequest3 = $parsedQuery3['SAMLRequest'];
         $decoded3 = base64_decode($encodedRequest3);
         $request3 = gzinflate($decoded3);
         $this->assertContains('IsPassive="true"', $request3);
     }
 }
Пример #4
0
<?php

date_default_timezone_set("Asia/Taipei");
/**
 *  SAML Handler
 */
session_start();
require_once './vendor/autoload.php';
require_once 'settings.php';
$auth = new OneLogin_Saml2_Auth($settingsInfo);
if (isset($_GET['sso'])) {
    $auth->login('http://localhost/hw4/php/forum.php');
} else {
    if (isset($_GET['sso2'])) {
        $returnTo = $spBaseUrl . '/php/attrs.php';
        $auth->login($returnTo);
    } else {
        if (isset($_GET['slo'])) {
            $returnTo = null;
            $paramters = array();
            $nameId = null;
            $sessionIndex = null;
            if (isset($_SESSION['samlNameId'])) {
                $nameId = $_SESSION['samlNameId'];
            }
            if (isset($_SESSION['samlSessionIndex'])) {
                $sessionIndex = $_SESSION['samlSessionIndex'];
            }
            $auth->logout($returnTo, $paramters, $nameId, $sessionIndex);
        } else {
            if (isset($_GET['acs'])) {
Пример #5
0
<?php

/**
 * SAMPLE Code to demonstrate how to initiate a SAML Authorization request
 *
 * When the user visits this URL, the browser will be redirected to the SSO
 * IdP with an authorization request. If successful, it will then be
 * redirected to the consume URL (specified in settings) with the auth
 * details.
 */
session_start();
require_once '../_toolkit_loader.php';
$auth = new OneLogin_Saml2_Auth();
if (!isset($_SESSION['samlUserdata'])) {
    $auth->login();
} else {
    $indexUrl = str_replace('/sso.php', '/index.php', OneLogin_Saml2_Utils::getSelfURLNoQuery());
    OneLogin_Saml2_Utils::redirect($indexUrl);
}
Пример #6
0
 /**
  * Tests the login method of the OneLogin_Saml2_Auth class
  * Case Login signed. An AuthnRequest signed is built an redirect executed
  *
  * @covers OneLogin_Saml2_Auth::login
  * @runInSeparateProcess
  */
 public function testLoginSigned()
 {
     $settingsDir = TEST_ROOT . '/settings/';
     include $settingsDir . 'settings1.php';
     $settingsInfo['security']['authnRequestsSigned'] = true;
     $auth = new OneLogin_Saml2_Auth($settingsInfo);
     try {
         // The Header of the redirect produces an Exception
         $returnTo = 'http://example.com/returnto';
         $auth->login($returnTo);
         // Do not ever get here
         $this->assertFalse(true);
     } catch (Exception $e) {
         $this->assertContains('Cannot modify header information', $e->getMessage());
         $trace = $e->getTrace();
         $targetUrl = getUrlFromRedirect($trace);
         $parsedQuery = getParamsFromUrl($targetUrl);
         $ssoUrl = $settingsInfo['idp']['singleSignOnService']['url'];
         $this->assertContains($ssoUrl, $targetUrl);
         $this->assertArrayHasKey('SAMLRequest', $parsedQuery);
         $this->assertArrayHasKey('RelayState', $parsedQuery);
         $this->assertArrayHasKey('SigAlg', $parsedQuery);
         $this->assertArrayHasKey('Signature', $parsedQuery);
         $this->assertEquals($parsedQuery['RelayState'], $returnTo);
         $this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']);
     }
 }
Пример #7
0
 /**
  * Call the login method on OneLogin_Saml2_Auth.
  */
 public function login($returnTo = null, $parameters = array(), $forceAuthn = false, $isPassive = false)
 {
     return $this->instance->login($returnTo, $parameters, $forceAuthn, $isPassive);
 }