if (isset($_GET['RelayState'])) {
$requestcache['RelayState'] = $_GET['RelayState'];
}
} else {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SSOSERVICEPARAMS');
}
/* Check whether we should authenticate with an AuthSource. Any time the auth-option matches a
* valid AuthSource, we assume that this is the case.
*/
if (SimpleSAML_Auth_Source::getById($idpmetadata['auth']) !== NULL) {
/* Authenticate with an AuthSource. */
$authSource = TRUE;
$authority = $idpmetadata['auth'];
} else {
$authSource = FALSE;
$authority = SimpleSAML_Utilities::getAuthority($idpmetadata);
}
/**
* As we have passed the code above, we have an associated request that is already processed.
*
* Now we check whether we have a authenticated session. If we do not have an authenticated session,
* we look up in the metadata of the IdP, to see what authenticaiton module to use, then we redirect
* the user to the authentication module, to authenticate. Later the user is redirected back to this
* endpoint - then the session is authenticated and set, and the user is redirected back with a RequestID
* parameter so we can retrieve the cached information from the request.
*/
if (!isset($session) || !$session->isValid($authority)) {
/* We don't have a valid session. */
$needAuth = TRUE;
} elseif (array_key_exists('NeedAuthentication', $requestcache) && $requestcache['NeedAuthentication']) {
/* We have a valid session, but ForceAuthn is on. */
