/**
* Does the actual authentication of the user and returns an id that will be
* used
* to load the current user (loadUserOnSession)
*
* @param string $name
* @param string $password
* @return string id - used for loading the user
*
* Contributions by Erik Mitchell erikm@logicpd.com
*/
public function authenticateUser($name, $password)
{
$GLOBALS['log']->debug('authenticating user.');
if (empty($_POST['SAMLResponse'])) {
return parent::authenticateUser($name, $password);
}
$GLOBALS['log']->debug('have saml data.');
$this->settings = SAMLAuthenticate::loadSettings();
try {
$this->samlresponse = new OneLogin_Saml_Response($this->settings, $_POST['SAMLResponse']);
} catch (Exception $e) {
$GLOBALS['log']->error("Unexpected exception: " . $e->getMessage());
return '';
}
if ($this->samlresponse->isValid()) {
$GLOBALS['log']->debug('response is valid');
$this->samlresponse->attributes = $this->samlresponse->getAttributes();
if (!empty($this->settings->useXML)) {
$this->xpath = new DOMXpath($this->samlresponse->document);
}
$id = $this->get_user_id();
if (!empty($this->settings->id)) {
$user = $this->fetch_user($id, $this->settings->id);
} else {
$user = $this->fetch_user($id);
}
// user already exists use this one
if ($user->id) {
$GLOBALS['log']->debug('have db results');
if ($user->status != 'Inactive') {
$GLOBALS['log']->debug('have current user');
$this->updateCustomFields($user);
return $user->id;
} else {
$GLOBALS['log']->debug('have inactive user');
return '';
}
} else {
$xpath = new DOMXpath($this->samlresponse->document);
if (isset($this->settings->customCreateFunction)) {
return call_user_func($this->settings->customCreateFunction, $this, $this->samlresponse->getNameId(), $xpath, $this->settings);
} else {
return $this->createUser($this->samlresponse->getNameId());
}
}
}
return '';
}
<?php
/**
* SAMPLE Code to demonstrate how to handle a SAML assertion response.
*
* The URL of this file will have been given during the SAML authorization.
* After a successful authorization, the browser will be directed to this
* link where it will send a certified response via $_POST.
*/
error_reporting(E_ALL);
$settings = null;
require 'settings.php';
$samlResponse = new OneLogin_Saml_Response($settings, $_POST['SAMLResponse']);
try {
if ($samlResponse->isValid()) {
echo 'You are: ' . $samlResponse->getNameId() . '<br>';
$attributes = $samlResponse->getAttributes();
if (!empty($attributes)) {
echo 'You have the following attributes:<br>';
echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
foreach ($attributes as $attributeName => $attributeValues) {
echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
foreach ($attributeValues as $attributeValue) {
echo '<li>' . htmlentities($attributeValue) . '</li>';
}
echo '</ul></td></tr>';
}
echo '</tbody></table><br><br>';
echo "The v.1 of the Onelogin's PHP SAML Tookit does not support SLO.";
}
} else {
