/**
  * Does the actual authentication of the user and returns an id that will be
  * used
  * to load the current user (loadUserOnSession)
  *
  * @param string $name
  * @param string $password
  * @return string id - used for loading the user
  *
  *         Contributions by Erik Mitchell erikm@logicpd.com
  */
 public function authenticateUser($name, $password)
 {
     $GLOBALS['log']->debug('authenticating user.');
     if (empty($_POST['SAMLResponse'])) {
         return parent::authenticateUser($name, $password);
     }
     $GLOBALS['log']->debug('have saml data.');
     $this->settings = SAMLAuthenticate::loadSettings();
     try {
         $this->samlresponse = new OneLogin_Saml_Response($this->settings, $_POST['SAMLResponse']);
     } catch (Exception $e) {
         $GLOBALS['log']->error("Unexpected exception: " . $e->getMessage());
         return '';
     }
     if ($this->samlresponse->isValid()) {
         $GLOBALS['log']->debug('response is valid');
         $this->samlresponse->attributes = $this->samlresponse->getAttributes();
         if (!empty($this->settings->useXML)) {
             $this->xpath = new DOMXpath($this->samlresponse->document);
         }
         $id = $this->get_user_id();
         if (!empty($this->settings->id)) {
             $user = $this->fetch_user($id, $this->settings->id);
         } else {
             $user = $this->fetch_user($id);
         }
         // user already exists use this one
         if ($user->id) {
             $GLOBALS['log']->debug('have db results');
             if ($user->status != 'Inactive') {
                 $GLOBALS['log']->debug('have current user');
                 $this->updateCustomFields($user);
                 return $user->id;
             } else {
                 $GLOBALS['log']->debug('have inactive user');
                 return '';
             }
         } else {
             $xpath = new DOMXpath($this->samlresponse->document);
             if (isset($this->settings->customCreateFunction)) {
                 return call_user_func($this->settings->customCreateFunction, $this, $this->samlresponse->getNameId(), $xpath, $this->settings);
             } else {
                 return $this->createUser($this->samlresponse->getNameId());
             }
         }
     }
     return '';
 }
示例#2
0
<?php

/**
 * SAMPLE Code to demonstrate how to handle a SAML assertion response.
 *
 * The URL of this file will have been given during the SAML authorization.
 * After a successful authorization, the browser will be directed to this
 * link where it will send a certified response via $_POST.
 */
error_reporting(E_ALL);
$settings = null;
require 'settings.php';
$samlResponse = new OneLogin_Saml_Response($settings, $_POST['SAMLResponse']);
try {
    if ($samlResponse->isValid()) {
        echo 'You are: ' . $samlResponse->getNameId() . '<br>';
        $attributes = $samlResponse->getAttributes();
        if (!empty($attributes)) {
            echo 'You have the following attributes:<br>';
            echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
            foreach ($attributes as $attributeName => $attributeValues) {
                echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
                foreach ($attributeValues as $attributeValue) {
                    echo '<li>' . htmlentities($attributeValue) . '</li>';
                }
                echo '</ul></td></tr>';
            }
            echo '</tbody></table><br><br>';
            echo "The v.1 of the Onelogin's PHP SAML Tookit does not support SLO.";
        }
    } else {