/** * Get URL to follow to get logged out * @return string */ public function getLogoutUrl() { if (empty($GLOBALS['sugar_config']['SAML_SLO'])) { return; } $auth = new OneLogin_Saml2_Auth(SAMLAuthenticate::loadSettings()); $req = new OneLogin_Saml2_LogoutRequest($auth->getSettings()); return $GLOBALS['sugar_config']['SAML_SLO'] . "?SAMLRequest=" . urlencode($req->getRequest()); }
<?php /** * SAML Handler */ session_start(); require_once dirname(dirname(__FILE__)) . '/_toolkit_loader.php'; require_once 'settings_example.php'; /* echo "Settings info "; var_dump($settingsInfo); */ $auth = new OneLogin_Saml2_Auth($settingsInfo); if (isset($_GET['sso'])) { $auth->login(); # If AuthNRequest ID need to be saved in order to later validate it, do instead # $ssoBuiltUrl = $auth->login(null, array(), false, false, true); # $_SESSION['AuthNRequestID'] = $auth->getLastRequestID(); # header('Pragma: no-cache'); # header('Cache-Control: no-cache, must-revalidate'); # header('Location: ' . $ssoBuiltUrl); # exit(); } else { if (isset($_GET['sso2'])) { $returnTo = $spBaseUrl . '/demo1/attrs.php'; $auth->login($returnTo); } else { if (isset($_GET['slo'])) { $returnTo = null; $paramters = array(); $nameId = null;
define("TOOLKIT_PATH", dirname(__FILE__) . '/../../functions/php-saml/'); require_once TOOLKIT_PATH . '_toolkit_loader.php'; // We load the SAML2 lib // get SAML2 settings from db $dbobj = $Tools->fetch_object("usersAuthMethod", "type", "SAML2"); if (!$dbobj) { $Result->show("danger", "SAML settings not found in database", true); } //decode authentication module params $params = json_decode($dbobj->params); //if using advanced settings, instantiate without db settings if ($params->advanced == "1") { $auth = new OneLogin_Saml2_Auth(); } else { $settings = array('sp' => array('entityId' => $Tools->createURL(), 'assertionConsumerService' => array('url' => create_link('saml2')), 'singleLogoutService' => array('url' => $Tools->createURL()), 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'), 'idp' => array('entityId' => $params->idpissuer, 'singleSignOnService' => array('url' => $params->idplogin), 'singleLogoutService' => array('url' => $params->idplogout), 'certFingerprint' => $params->idpcertfingerprint, 'certFingerprintAlgorithm' => $params->idpcertalgorithm)); $auth = new OneLogin_Saml2_Auth($settings); } //if SAMLResponse is not in the request, create an authnrequest and send it to the idp if (!isset($_POST["SAMLResponse"])) { $ssoBuiltUrl = $auth->login(null, array(), false, false, true); $_SESSION['AuthNRequestID'] = $auth->getLastRequestID(); header('Pragma: no-cache'); header('Cache-Control: no-cache, must-revalidate'); header('Location: ' . $ssoBuiltUrl); exit; } else { //process the authentication response if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) { $requestID = $_SESSION['AuthNRequestID']; } else { $requestID = null;
<?php /** * SP Single Logout Service Endpoint */ session_start(); require_once dirname(dirname(__FILE__)) . '/_toolkit_loader.php'; $auth = new OneLogin_Saml2_Auth(); $auth->processSLO(); $errors = $auth->getErrors(); if (empty($errors)) { print_r('Sucessfully logged out'); } else { print_r(implode(', ', $errors)); }
public function __construct($settings = null) { $auth = new OneLogin_Saml2_Auth($settings); $this->_settings = $auth->getSettings(); }
/** * Tests the setStrict method of the OneLogin_Saml2_Auth * * @covers OneLogin_Saml2_Auth::setStrict */ public function testSetStrict() { $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; $settingsInfo['strict'] = false; $auth = new OneLogin_Saml2_Auth($settingsInfo); $settings = $auth->getSettings(); $this->assertFalse($settings->isStrict()); $auth->setStrict(true); $settings = $auth->getSettings(); $this->assertTrue($settings->isStrict()); $auth->setStrict(false); $settings = $auth->getSettings(); $this->assertFalse($settings->isStrict()); try { $auth->setStrict('a'); $this->assertTrue(false); } catch (Exception $e) { $this->assertContains('Assertion "is_bool($value)" failed', $e->getMessage()); } }
<?php date_default_timezone_set("Asia/Taipei"); /** * SAML Handler */ session_start(); require_once './vendor/autoload.php'; require_once 'settings.php'; $auth = new OneLogin_Saml2_Auth($settingsInfo); if (isset($_GET['sso'])) { $auth->login('http://localhost/hw4/php/forum.php'); } else { if (isset($_GET['sso2'])) { $returnTo = $spBaseUrl . '/php/attrs.php'; $auth->login($returnTo); } else { if (isset($_GET['slo'])) { $returnTo = null; $paramters = array(); $nameId = null; $sessionIndex = null; if (isset($_SESSION['samlNameId'])) { $nameId = $_SESSION['samlNameId']; } if (isset($_SESSION['samlSessionIndex'])) { $sessionIndex = $_SESSION['samlSessionIndex']; } $auth->logout($returnTo, $paramters, $nameId, $sessionIndex); } else { if (isset($_GET['acs'])) {
<?php /** * SP Assertion Consumer Service Endpoint */ session_start(); require_once dirname(dirname(__FILE__)) . '/_toolkit_loader.php'; $auth = new OneLogin_Saml2_Auth(); $auth->processResponse(); $errors = $auth->getErrors(); if (!empty($errors)) { print_r('<p>' . implode(', ', $errors) . '</p>'); exit; } if (!$auth->isAuthenticated()) { echo "<p>Not authenticated</p>"; exit; } $_SESSION['samlUserdata'] = $auth->getAttributes(); $_SESSION['IdPSessionIndex'] = $auth->getSessionIndex(); if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) { $auth->redirectTo($_POST['RelayState']); } $attributes = $_SESSION['samlUserdata']; if (!empty($attributes)) { echo '<h1>' . _('User attributes:') . '</h1>'; echo '<table><thead><th>' . _('Name') . '</th><th>' . _('Values') . '</th></thead><tbody>'; foreach ($attributes as $attributeName => $attributeValues) { echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>'; foreach ($attributeValues as $attributeValue) { echo '<li>' . htmlentities($attributeValue) . '</li>';
/** * Constructor that process the SAML Response, * Internally initializes an SP SAML instance * and an OneLogin_Saml2_Response. * * @param OneLogin_Saml_Settings $oldSettings Settings * @param string $$assertion SAML Response */ public function __construct($oldSettings, $assertion) { $auth = new OneLogin_Saml2_Auth($oldSettings); $settings = $auth->getSettings(); parent::__construct($settings, $assertion); }
<?php /** * SAMPLE Code to demonstrate how to initiate a SAML Authorization request * * When the user visits this URL, the browser will be redirected to the SSO * IdP with an authorization request. If successful, it will then be * redirected to the consume URL (specified in settings) with the auth * details. */ session_start(); require_once '../_toolkit_loader.php'; $auth = new OneLogin_Saml2_Auth(); if (!isset($_SESSION['samlUserdata'])) { $auth->login(); } else { $indexUrl = str_replace('/sso.php', '/index.php', OneLogin_Saml2_Utils::getSelfURLNoQuery()); OneLogin_Saml2_Utils::redirect($indexUrl); }
<?php /** * SP Metadata Endpoint */ require_once dirname(dirname(__FILE__)) . '/_toolkit_loader.php'; try { $auth = new OneLogin_Saml2_Auth(); $settings = $auth->getSettings(); $metadata = $settings->getSPMetadata(); $errors = $settings->validateMetadata($metadata); if (empty($errors)) { header('Content-Type: text/xml'); echo $metadata; } else { throw new OneLogin_Saml2_Error('Invalid SP metadata: ' . implode(', ', $errors), OneLogin_Saml2_Error::METADATA_SP_INVALID); } } catch (Exception $e) { echo $e->getMessage(); }
<?php /** * SAML Handler */ session_start(); require_once dirname(dirname(__FILE__)) . '/_toolkit_loader.php'; require_once 'settings.php'; $auth = new OneLogin_Saml2_Auth($settingsInfo); if (isset($_GET['sso'])) { $auth->login(); } else { if (isset($_GET['sso2'])) { $returnTo = $spBaseUrl . '/demo1/attrs.php'; $auth->login($returnTo); } else { if (isset($_GET['slo'])) { $auth->logout(); } else { if (isset($_GET['acs'])) { $auth->processResponse(); $errors = $auth->getErrors(); if (!empty($errors)) { print_r('<p>' . implode(', ', $errors) . '</p>'); } if (!$auth->isAuthenticated()) { echo "<p>Not authenticated</p>"; exit; } $_SESSION['samlUserdata'] = $auth->getAttributes(); if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
private function procesar_logout(OneLogin_Saml2_Auth $auth) { if (!is_null(toba::memoria()->get_parametro('sls'))) { $auth->processSLO(); } elseif (isset($_GET['slo'])) { $auth->logout(); } $this->verificar_errores_onelogin($auth); }
/** * Call the getErrors method on OneLogin_Saml2_Auth. */ public function getErrors() { return $this->instance->getErrors(); }
public function logout($returnTo = null, $parameters = array(), $nameId = null, $sessionIndex = null) { parent::logout($returnTo, $parameters, $nameId, $sessionIndex); }