if (isset($_GET['RelayState'])) { $requestcache['RelayState'] = $_GET['RelayState']; } } else { SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SSOSERVICEPARAMS'); } /* Check whether we should authenticate with an AuthSource. Any time the auth-option matches a * valid AuthSource, we assume that this is the case. */ if (SimpleSAML_Auth_Source::getById($idpmetadata['auth']) !== NULL) { /* Authenticate with an AuthSource. */ $authSource = TRUE; $authority = $idpmetadata['auth']; } else { $authSource = FALSE; $authority = SimpleSAML_Utilities::getAuthority($idpmetadata); } /** * As we have passed the code above, we have an associated request that is already processed. * * Now we check whether we have a authenticated session. If we do not have an authenticated session, * we look up in the metadata of the IdP, to see what authenticaiton module to use, then we redirect * the user to the authentication module, to authenticate. Later the user is redirected back to this * endpoint - then the session is authenticated and set, and the user is redirected back with a RequestID * parameter so we can retrieve the cached information from the request. */ if (!isset($session) || !$session->isValid($authority)) { /* We don't have a valid session. */ $needAuth = TRUE; } elseif (array_key_exists('NeedAuthentication', $requestcache) && $requestcache['NeedAuthentication']) { /* We have a valid session, but ForceAuthn is on. */