Throw exception to the state exception handler.
public static throwException ( array $state, SimpleSAML_Error_Exception $exception ) | ||
$state | array | The state array. |
$exception | SimpleSAML_Error_Exception | The exception. |
/** * Start authentication. * * This function never returns. * * @param string $authId The identifier of the authentication source. * @param string|array $return The URL or function we should direct the * user to after authentication. If using a URL obtained from user input, * please make sure to check it by calling * SimpleSAML_Utilities::checkURLAllowed(). * @param string|NULL $errorURL The URL we should direct the user to after * failed authentication. Can be NULL, in which case a standard error page * will be shown. If using a URL obtained from user input, please make sure * to check it by calling SimpleSAML_Utilities::checkURLAllowed(). * @param array $params Extra information about the login. Different * authentication requestors may provide different information. Optional, * will default to an empty array. */ public static function initLogin($authId, $return, $errorURL = NULL, array $params = array()) { assert('is_string($authId)'); assert('is_string($return) || is_array($return)'); assert('is_string($errorURL) || is_null($errorURL)'); $state = array_merge($params, array('SimpleSAML_Auth_Default.id' => $authId, 'SimpleSAML_Auth_Default.Return' => $return, 'SimpleSAML_Auth_Default.ErrorURL' => $errorURL, 'LoginCompletedHandler' => array(get_class(), 'loginCompleted'), 'LogoutCallback' => array(get_class(), 'logoutCallback'), 'LogoutCallbackState' => array('SimpleSAML_Auth_Default.logoutSource' => $authId))); if (is_string($return)) { $state['SimpleSAML_Auth_Default.ReturnURL'] = $return; } if ($errorURL !== NULL) { $state[SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL] = $errorURL; } $as = SimpleSAML_Auth_Source::getById($authId); if ($as === NULL) { throw new Exception('Invalid authentication source: ' . $authId); } try { $as->authenticate($state); } catch (SimpleSAML_Error_Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } catch (Exception $e) { $e = new SimpleSAML_Error_UnserializableException($e); SimpleSAML_Auth_State::throwException($state, $e); } self::loginCompleted($state); }
/** * Initiate authentication. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { $state['aselect::authid'] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, 'aselect:login', true); try { $app_url = SimpleSAML_Module::getModuleURL('aselect/credentials.php', array('ssp_state' => $id)); $as_url = $this->request_authentication($app_url); SimpleSAML_Utilities::redirect($as_url); } catch (Exception $e) { // attach the exception to the state SimpleSAML_Auth_State::throwException($state, $e); } }
/** * Check the credentials that the user got from the A-Select server. * This function is called after the user returns from the A-Select server. * * @author Wessel Dankers, Tilburg University */ function check_credentials() { if (!array_key_exists('ssp_state', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing ssp_state parameter")); } $id = $_REQUEST['ssp_state']; // sanitize the input $sid = SimpleSAML_Utilities::parseStateID($id); if (!is_null($sid['url'])) { SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'aselect:login'); if (!array_key_exists('a-select-server', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing a-select-server parameter")); } $server_id = $_REQUEST['a-select-server']; if (!array_key_exists('aselect_credentials', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter")); } $credentials = $_REQUEST['aselect_credentials']; if (!array_key_exists('rid', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter")); } $rid = $_REQUEST['rid']; try { if (!array_key_exists('aselect::authid', $state)) { throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state"); } $authid = $state['aselect::authid']; $aselect = SimpleSAML_Auth_Source::getById($authid); if (is_null($aselect)) { throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}"); } $creds = $aselect->verify_credentials($server_id, $credentials, $rid); if (array_key_exists('attributes', $creds)) { $state['Attributes'] = $creds['attributes']; } else { $res = $creds['res']; $state['Attributes'] = array('uid' => array($res['uid']), 'organization' => array($res['organization'])); } } catch (Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } SimpleSAML_Auth_Source::completeAuth($state); SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component")); }
/** * Delegate authentication. * * This method is called once the user has choosen one authentication * source. It saves the selected authentication source in the session * to be able to logout properly. Then it calls the authenticate method * on such selected authentication source. * * @param string $authId Selected authentication source * @param array $state Information about the current authentication. */ public static function delegateAuthentication($authId, $state) { assert('is_string($authId)'); assert('is_array($state)'); $as = SimpleSAML_Auth_Source::getById($authId); if ($as === NULL) { throw new Exception('Invalid authentication source: ' . $authId); } /* Save the selected authentication source for the logout process. */ $session = SimpleSAML_Session::getSessionFromRequest(); $session->setData(self::SESSION_SOURCE, $state[self::AUTHID], $authId, SimpleSAML_Session::DATA_TIMEOUT_SESSION_END); try { $as->authenticate($state); } catch (SimpleSAML_Error_Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } catch (Exception $e) { $e = new SimpleSAML_Error_UnserializableException($e); SimpleSAML_Auth_State::throwException($state, $e); } SimpleSAML_Auth_Source::completeAuth($state); }
} if ($sessionIndex === NULL) { $sessionIndex = $assertion->getSessionIndex(); } if ($expire === NULL) { $expire = $assertion->getSessionNotOnOrAfter(); } $attributes = array_merge($attributes, $assertion->getAttributes()); if ($assertion->getAuthnInstant() !== NULL) { /* Assertion contains AuthnStatement, since AuthnInstant is a required attribute. */ $foundAuthnStatement = TRUE; } } if (!$foundAuthnStatement) { $e = new SimpleSAML_Error_Exception('No AuthnStatement found in assertion(s).'); SimpleSAML_Auth_State::throwException($state, $e); } if ($expire !== NULL) { $logoutExpire = $expire; } else { /* Just expire the logout associtaion 24 hours into the future. */ $logoutExpire = time() + 24 * 60 * 60; } /* Register this session in the logout store. */ sspmod_saml_SP_LogoutStore::addSession($sourceId, $nameId, $sessionIndex, $logoutExpire); /* We need to save the NameID and SessionIndex for logout. */ $logoutState = array('saml:logout:Type' => 'saml2', 'saml:logout:IdP' => $idp, 'saml:logout:NameID' => $nameId, 'saml:logout:SessionIndex' => $sessionIndex); $state['LogoutState'] = $logoutState; $state['saml:AuthenticatingAuthority'] = $authenticatingAuthority; $state['saml:AuthenticatingAuthority'][] = $idp; $state['PersistentAuthData'][] = 'saml:AuthenticatingAuthority';
/** * Process authentication requests. * * @param array &$state The authentication request state. */ public function handleAuthenticationRequest(array &$state) { assert('isset($state["Responder"])'); $state['core:IdP'] = $this->id; if (isset($state['SPMetadata']['entityid'])) { $spEntityId = $state['SPMetadata']['entityid']; } elseif (isset($state['SPMetadata']['entityID'])) { $spEntityId = $state['SPMetadata']['entityID']; } else { $spEntityId = NULL; } $state['core:SP'] = $spEntityId; /* First, check whether we need to authenticate the user. */ if (isset($state['ForceAuthn']) && (bool) $state['ForceAuthn']) { /* Force authentication is in effect. */ $needAuth = TRUE; } else { $needAuth = !$this->isAuthenticated(); } $state['IdPMetadata'] = $this->getConfig()->toArray(); $state['ReturnCallback'] = array('SimpleSAML_IdP', 'postAuth'); try { if ($needAuth) { $this->authenticate($state); assert('FALSE'); } else { $this->reauthenticate($state); } $this->postAuth($state); } catch (SimpleSAML_Error_Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } catch (Exception $e) { $e = new SimpleSAML_Error_UnserializableException($e); SimpleSAML_Auth_State::throwException($state, $e); } }
<?php /* Find the authentication state. */ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) { throw new SimpleSAML_Error_BadRequest('Missing mandatory parameter: AuthState'); } $authState = $_REQUEST['AuthState']; // sanitize the input $sid = SimpleSAML_Utilities::parseStateID($authState); if (!is_null($sid['url'])) { SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($authState, 'openid:auth'); $sourceId = $state['openid:AuthId']; $authSource = SimpleSAML_Auth_Source::getById($sourceId); if ($authSource === NULL) { throw new SimpleSAML_Error_BadRequest('Invalid AuthId \'' . $sourceId . '\' - not found.'); } try { $authSource->postAuth($state); /* postAuth() should never return. */ assert('FALSE'); } catch (SimpleSAML_Error_Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } catch (Exception $e) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_AuthSource($sourceId, 'Error on OpenID linkback endpoint.', $e)); }
/** * Continues processing of the state. * * This function is used to resume processing by filters which for example needed to show * a page to the user. * * This function will never return. Exceptions thrown during processing will be passed * to whatever exception handler is defined in the state array. * * @param array $state The state we are processing. */ public static function resumeProcessing($state) { assert('is_array($state)'); while (count($state[self::FILTERS_INDEX]) > 0) { $filter = array_shift($state[self::FILTERS_INDEX]); try { $filter->process($state); } catch (SimpleSAML_Error_Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } catch (Exception $e) { $e = new SimpleSAML_Error_UnserializableException($e); SimpleSAML_Auth_State::throwException($state, $e); } } /* Completed. */ assert('array_key_exists("ReturnURL", $state) || array_key_exists("ReturnCall", $state)'); assert('!array_key_exists("ReturnURL", $state) || !array_key_exists("ReturnCall", $state)'); if (array_key_exists('ReturnURL', $state)) { /* * Save state information, and redirect to the URL specified * in $state['ReturnURL']. */ $id = SimpleSAML_Auth_State::saveState($state, self::COMPLETED_STAGE); SimpleSAML_Utilities::redirectTrustedURL($state['ReturnURL'], array(self::AUTHPARAM => $id)); } else { /* Pass the state to the function defined in $state['ReturnCall']. */ /* We are done with the state array in the session. Delete it. */ SimpleSAML_Auth_State::deleteState($state); $func = $state['ReturnCall']; assert('is_callable($func)'); call_user_func($func, $state); assert(FALSE); } }
/** * Send a SAML2 SSO request to an IdP. * * @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP. * @param array $state The state array for the current authentication. */ private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state) { if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] < 0) { SimpleSAML_Auth_State::throwException($state, new \SimpleSAML\Module\saml\Error\ProxyCountExceeded(\SAML2\Constants::STATUS_RESPONDER)); } $ar = sspmod_saml_Message::buildAuthnRequest($this->metadata, $idpMetadata); $ar->setAssertionConsumerServiceURL(SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId)); if (isset($state['SimpleSAML_Auth_Source.ReturnURL'])) { $ar->setRelayState($state['SimpleSAML_Auth_Source.ReturnURL']); } if (isset($state['saml:AuthnContextClassRef'])) { $accr = SimpleSAML\Utils\Arrays::arrayize($state['saml:AuthnContextClassRef']); $comp = SAML2\Constants::COMPARISON_EXACT; if (isset($state['saml:AuthnContextComparison']) && in_array($state['AuthnContextComparison'], array(SAML2\Constants::COMPARISON_EXACT, SAML2\Constants::COMPARISON_MINIMUM, SAML2\Constants::COMPARISON_MAXIMUM, SAML2\Constants::COMPARISON_BETTER))) { $comp = $state['saml:AuthnContextComparison']; } $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr, 'Comparison' => $comp)); } if (isset($state['ForceAuthn'])) { $ar->setForceAuthn((bool) $state['ForceAuthn']); } if (isset($state['isPassive'])) { $ar->setIsPassive((bool) $state['isPassive']); } if (isset($state['saml:NameID'])) { if (!is_array($state['saml:NameID'])) { throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameID\'].'); } $ar->setNameId($state['saml:NameID']); } if (isset($state['saml:NameIDPolicy'])) { if (is_string($state['saml:NameIDPolicy'])) { $policy = array('Format' => (string) $state['saml:NameIDPolicy'], 'AllowCreate' => TRUE); } elseif (is_array($state['saml:NameIDPolicy'])) { $policy = $state['saml:NameIDPolicy']; } else { throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameIDPolicy\'].'); } $ar->setNameIdPolicy($policy); } if (isset($state['saml:IDPList'])) { $IDPList = $state['saml:IDPList']; } else { $IDPList = array(); } $ar->setIDPList(array_unique(array_merge($this->metadata->getArray('IDPList', array()), $idpMetadata->getArray('IDPList', array()), (array) $IDPList))); if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] !== null) { $ar->setProxyCount($state['saml:ProxyCount']); } elseif ($idpMetadata->getInteger('ProxyCount', null) !== null) { $ar->setProxyCount($idpMetadata->getInteger('ProxyCount', null)); } elseif ($this->metadata->getInteger('ProxyCount', null) !== null) { $ar->setProxyCount($this->metadata->getInteger('ProxyCount', null)); } $requesterID = array(); if (isset($state['saml:RequesterID'])) { $requesterID = $state['saml:RequesterID']; } if (isset($state['core:SP'])) { $requesterID[] = $state['core:SP']; } $ar->setRequesterID($requesterID); if (isset($state['saml:Extensions'])) { $ar->setExtensions($state['saml:Extensions']); } // save IdP entity ID as part of the state $state['ExpectedIssuer'] = $idpMetadata->getString('entityid'); $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', TRUE); $ar->setId($id); SimpleSAML\Logger::debug('Sending SAML 2 AuthnRequest to ' . var_export($idpMetadata->getString('entityid'), TRUE)); /* Select appropriate SSO endpoint */ if ($ar->getProtocolBinding() === \SAML2\Constants::BINDING_HOK_SSO) { $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(\SAML2\Constants::BINDING_HOK_SSO)); } else { $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(\SAML2\Constants::BINDING_HTTP_REDIRECT, \SAML2\Constants::BINDING_HTTP_POST)); } $ar->setDestination($dst['Location']); $b = \SAML2\Binding::getBinding($dst['Binding']); $this->sendSAML2AuthnRequest($state, $b, $ar); assert('FALSE'); }
/** * Send a SAML2 SSO request to an IdP. * * @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP. * @param array $state The state array for the current authentication. */ private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state) { if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] < 0) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_ProxyCountExceeded("ProxyCountExceeded")); } $ar = sspmod_saml_Message::buildAuthnRequest($this->metadata, $idpMetadata); $ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId)); if (isset($state['SimpleSAML_Auth_Default.ReturnURL'])) { $ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']); } if (isset($state['saml:AuthnContextClassRef'])) { $accr = SimpleSAML_Utilities::arrayize($state['saml:AuthnContextClassRef']); $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr)); } if (isset($state['ForceAuthn'])) { $ar->setForceAuthn((bool) $state['ForceAuthn']); } if (isset($state['isPassive'])) { $ar->setIsPassive((bool) $state['isPassive']); } if (isset($state['saml:NameIDPolicy'])) { if (is_string($state['saml:NameIDPolicy'])) { $policy = array('Format' => (string) $state['saml:NameIDPolicy'], 'AllowCreate' => TRUE); } elseif (is_array($state['saml:NameIDPolicy'])) { $policy = $state['saml:NameIDPolicy']; } else { throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameIDPolicy\'].'); } $ar->setNameIdPolicy($policy); } if (isset($state['saml:IDPList'])) { $IDPList = $state['saml:IDPList']; } else { $IDPList = array(); } $ar->setIDPList(array_unique(array_merge($this->metadata->getArray('IDPList', array()), $idpMetadata->getArray('IDPList', array()), (array) $IDPList))); if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] !== null) { $ar->setProxyCount($state['saml:ProxyCount']); } elseif ($idpMetadata->getInteger('ProxyCount', null) !== null) { $ar->setProxyCount($idpMetadata->getInteger('ProxyCount', null)); } elseif ($this->metadata->getInteger('ProxyCount', null) !== null) { $ar->setProxyCount($this->metadata->getInteger('ProxyCount', null)); } $requesterID = array(); if (isset($state['saml:RequesterID'])) { $requesterID = $state['saml:RequesterID']; } if (isset($state['core:SP'])) { $requesterID[] = $state['core:SP']; } $ar->setRequesterID($requesterID); if (isset($state['saml:Extensions'])) { $ar->setExtensions($state['saml:Extensions']); } $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', TRUE); $ar->setId($id); SimpleSAML_Logger::debug('Sending SAML 2 AuthnRequest to ' . var_export($idpMetadata->getString('entityid'), TRUE)); $b = new SAML2_HTTPRedirect(); $this->sendSAML2AuthnRequest($state, $b, $ar); assert('FALSE'); }
/** * Passes control of the login process to a different module. * * @param string $state Information about the current authentication. */ public static function fallBack(&$state) { $authId = $state['LogoutState']['negotiate:backend']; if ($authId === NULL) { $msg = "This code should never be reached."; throw new SimpleSAML_Error_AuthSource($msg); } $source = SimpleSAML_Auth_Source::getById($authId); try { $source->authenticate($state); } catch (SimpleSAML_Error_Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } catch (Exception $e) { $e = new SimpleSAML_Error_UnserializableException($e); SimpleSAML_Auth_State::throwException($state, $e); } // fallBack never returns after loginCompleted() SimpleSAML_Logger::debug('Negotiate: backend returned'); self::loginCompleted($state); }
/** * Passes control of the login process to a different module. * * @param string $state Information about the current authentication. * * @throws SimpleSAML_Error_Error If couldn't determine the auth source. * @throws SimpleSAML_Error_Exception * @throws Exception */ public static function fallBack(&$state) { $authId = $state['LogoutState']['negotiate:backend']; if ($authId === null) { throw new SimpleSAML_Error_Error(500, "Unable to determine auth source."); } $source = SimpleSAML_Auth_Source::getById($authId); try { $source->authenticate($state); } catch (SimpleSAML_Error_Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } catch (Exception $e) { $e = new SimpleSAML_Error_UnserializableException($e); SimpleSAML_Auth_State::throwException($state, $e); } // fallBack never returns after loginCompleted() SimpleSAML_Logger::debug('Negotiate: backend returned'); self::loginCompleted($state); }
} $server_id = $_REQUEST['a-select-server']; if (!array_key_exists('aselect_credentials', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter")); } $credentials = $_REQUEST['aselect_credentials']; if (!array_key_exists('rid', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter")); } $rid = $_REQUEST['rid']; try { if (!array_key_exists('aselect::authid', $state)) { throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state"); } $authid = $state['aselect::authid']; $aselect = SimpleSAML_Auth_Source::getById($authid); if (is_null($aselect)) { throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}"); } $creds = $aselect->verify_credentials($server_id, $credentials, $rid); if (array_key_exists('attributes', $creds)) { $state['Attributes'] = $creds['attributes']; } else { $state['Attributes'] = array('uid' => array($creds['uid']), 'organization' => array($creds['organization'])); } } catch (Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } SimpleSAML_Auth_Source::completeAuth($state); SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component"));
public static function fallback(&$state) { $authId = $state['negotiateserver:AuthFallback']; if ($authId === null) { throw new SimpleSAML_Error_Error(500, "Unable to determine fallback auth source."); } $source = SimpleSAML_Auth_Source::getById($authId); try { $source->authenticate($state); } catch (SimpleSAML_Error_Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } catch (Exception $e) { $e = new SimpleSAML_Error_UnserializableException($e); SimpleSAML_Auth_State::throwException($state, $e); } SimpleSAML\Logger::debug('Negotiate Server: fallback auth source returned'); self::loginCompleted($state); }
if (!array_key_exists('AuthState', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing mandatory parameter: AuthState'); } try { // try to get the state $state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], 'saml:proxy:invalid_idp'); } catch (Exception $e) { // the user probably hit the back button after starting the logout, try to recover the state with another stage $state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], 'core:Logout:afterbridge'); // success! Try to continue with reauthentication, since we no longer have a valid session here $idp = SimpleSAML_IdP::getById($state['core:IdP']); sspmod_saml_Auth_Source_SP::reauthPostLogout($idp, $state); } if (isset($_POST['cancel'])) { // the user does not want to logout, cancel login SimpleSAML_Auth_State::throwException($state, new \SimpleSAML\Module\saml\Error\NoAvailableIDP(\SAML2\Constants::STATUS_RESPONDER, 'User refused to reauthenticate with any of the IdPs requested.')); } if (isset($_POST['continue'])) { // log the user out before being able to login again $as = SimpleSAML_Auth_Source::getById($state['saml:sp:AuthId'], 'sspmod_saml_Auth_Source_SP'); /** @var sspmod_saml_Auth_Source_SP $as */ $as->reauthLogout($state); } $cfg = SimpleSAML_Configuration::getInstance(); $template = new SimpleSAML_XHTML_Template($cfg, 'saml:proxy/invalid_session.php'); $translator = $template->getTranslator(); $template->data['AuthState'] = (string) $_REQUEST['AuthState']; // get the name of the IdP $idpmdcfg = $state['saml:sp:IdPMetadata']; /** @var SimpleSAML_Configuration $idpmdcfg */ $idpmd = $idpmdcfg->toArray();
/** * Process authentication requests. * * @param array &$state The authentication request state. */ public function handleAuthenticationRequest(array &$state) { assert('isset($state["Responder"])'); $state['core:IdP'] = $this->id; if (isset($state['SPMetadata']['entityid'])) { $spEntityId = $state['SPMetadata']['entityid']; } elseif (isset($state['SPMetadata']['entityID'])) { $spEntityId = $state['SPMetadata']['entityID']; } else { $spEntityId = NULL; } $state['core:SP'] = $spEntityId; /* First, check whether we need to authenticate the user. */ if (isset($state['ForceAuthn']) && (bool) $state['ForceAuthn']) { /* Force authentication is in effect. */ $needAuth = TRUE; } elseif (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0) { $needAuth = TRUE; } else { $needAuth = !$this->isAuthenticated(); } try { if ($needAuth) { $this->authenticate($state); assert('FALSE'); } else { foreach ($this->authSource->getAuthDataArray() as $k => $v) { $state[$k] = $v; } } $this->postAuth($state); } catch (SimpleSAML_Error_Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } catch (Exception $e) { $e = new SimpleSAML_Error_UnserializableException($e); SimpleSAML_Auth_State::throwException($state, $e); } }