/** * Start the logout operation. * * @param array &$state The logout state. * @param string|NULL $assocId The SP we are logging out from. */ public function startLogout(array &$state, $assocId) { assert('is_string($assocId) || is_null($assocId)'); $associations = $this->idp->getAssociations(); if (count($associations) === 0) { $this->idp->finishLogout($state); } foreach ($associations as $id => &$association) { $idp = SimpleSAML_IdP::getByState($association); $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; if (!is_null($assocId)) { $spName = $this->idp->getSPName($assocId); if ($spName === NULL) { $spName = array('en' => $assocId); } $state['core:Logout-IFrame:From'] = $spName; } else { $state['core:Logout-IFrame:From'] = NULL; } $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'); $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id)); SimpleSAML_Utilities::redirect($url); }
/** * Process a authentication response. * * This function checks how long it is since the last time the user was authenticated. * If it is to short a while since, we will show a warning to the user. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (!array_key_exists('PreviousSSOTimestamp', $state)) { /* * No timestamp from the previous SSO to this SP. This is the first * time during this session. */ return; } $timeDelta = time() - $state['PreviousSSOTimestamp']; if ($timeDelta >= 10) { /* At least 10 seconds since last attempt. */ return; } if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) { $entityId = $state['Destination']['entityid']; } else { $entityId = 'UNKNOWN'; } SimpleSAML_Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE)); /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval'); $url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php'); SimpleSAML_Utilities::redirect($url, array('StateId' => $id)); }
protected function saveChanges() { $this->foodle->updateFromPostFixDate($this->user); # echo '<pre>'; print_r($_REQUEST); print_r($this->foodle); exit; $this->foodle->acl($this->user, 'write'); $this->foodle->save(); // if (isset($this->user->email)) { // $this->sendMail(); // } if (!empty($_REQUEST['send_fixdate_mail'])) { $responses = $this->foodle->getResponses(); foreach ($responses as $response) { $user = null; if (!empty($response->user)) { $user = $response->user; } if (empty($user)) { $user = new Data_User($this->fdb); $user->userid = $response->userid; $user->email = $response->email; $user->username = $response->username; } $this->sendFixDateMail($user, $this->foodle); } } $newurl = FoodleUtils::getUrl() . 'foodle/' . $this->foodle->identifier . '#distribute'; SimpleSAML_Utilities::redirect($newurl); exit; }
/** * Apply filter to validate attributes. * * @param array &$request The current request */ public function process(&$request) { $authorize = FALSE; assert('is_array($request)'); assert('array_key_exists("Attributes", $request)'); $attributes =& $request['Attributes']; foreach ($this->valid_attribute_values as $name => $patterns) { if (array_key_exists($name, $attributes)) { foreach ($patterns as $pattern) { $values = $attributes[$name]; if (!is_array($values)) { $values = array($values); } foreach ($values as $value) { if (preg_match($pattern, $value)) { $authorize = TRUE; break 3; } } } } } if (!$authorize) { /* Save state and redirect to 403 page. */ $id = SimpleSAML_Auth_State::saveState($request, 'authorize:Authorize'); $url = SimpleSAML_Module::getModuleURL('authorize/authorize_403.php'); SimpleSAML_Utilities::redirect($url, array('StateId' => $id)); } }
/** * When the process logic determines that the user is not * authorized for this service, then forward the user to * an 403 unauthorized page. * * Separated this code into its own method so that child * classes can override it and change the action. Forward * thinking in case a "chained" ACL is needed, more complex * permission logic. * * @param array $request */ protected function unauthorized(&$request) { SimpleSAML_Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, TRUE)); $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized'); $url = SimpleSAML_Module::getModuleURL('saml/sp/wrong_authncontextclassref.php'); SimpleSAML_Utilities::redirect($url, array('StateId' => $id)); }
function prepare() { if (!empty($_REQUEST['useridFrom']) && !empty($_REQUEST['useridTo'])) { $this->fdb->migrateAccount($_REQUEST['useridFrom'], $_REQUEST['useridTo']); SimpleSAML_Utilities::redirect('/accountmappingprepare'); } }
function handleResponse() { try { $binding = SAML2_Binding::getCurrentBinding(); $response = $binding->receive(); } catch (Exception $e) { return; } SimpleSAML_Logger::debug('attributequery - received message.'); if (!$response instanceof SAML2_Response) { throw new SimpleSAML_Error_Exception('Unexpected message received to attribute query example.'); } $idpEntityId = $response->getIssuer(); if ($idpEntityId === NULL) { throw new SimpleSAML_Error_Exception('Missing issuer in response.'); } $idpMetadata = $GLOBALS['metadata']->getMetaDataConfig($idpEntityId, 'saml20-idp-remote'); $spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted'); $assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response); if (count($assertion) > 1) { throw new SimpleSAML_Error_Exception('More than one assertion in received response.'); } $assertion = $assertion[0]; $dataId = $response->getRelayState(); if ($dataId === NULL) { throw new SimpleSAML_Error_Exception('RelayState was lost during request.'); } $data = $GLOBALS['session']->getData('attributequeryexample:data', $dataId); $data['attributes'] = $assertion->getAttributes(); $GLOBALS['session']->setData('attributequeryexample:data', $dataId, $data, 3600); SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('dataId' => $dataId)); }
function complete() { $return = FoodleUtils::getURL(); if (!empty($_REQUEST['return'])) { $return = $_REQUEST['return']; } SimpleSAML_Utilities::redirect($return); }
public function authenticate(&$state) { assert('is_array($state)'); // We are going to need the authId in order to retrieve this authentication source later. $state[self::AUTHID] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID); $url = SimpleSAML_Module::getModuleURL('authtfaga/login.php'); SimpleSAML_Utilities::redirect($url, array('AuthState' => $id)); }
/** * Initialize processing of the redirect test. * * @param array &$state The state we should update. */ public function process(&$state) { assert('is_array($state)'); assert('array_key_exists("Attributes", $state)'); /* To check whether the state is saved correctly. */ $state['Attributes']['RedirectTest1'] = array('OK'); /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test'); $url = SimpleSAML_Module::getModuleURL('exampleauth/redirecttest.php'); SimpleSAML_Utilities::redirect($url, array('StateId' => $id)); }
/** * Log-in using LiveID platform * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); SimpleSAML_Logger::debug('authwindowslive auth state id = ' . $stateID); // Authenticate the user // Documentation at: http://msdn.microsoft.com/en-us/library/ff749771.aspx $authorizeURL = 'https://consent.live.com/Connect.aspx' . '?wrap_client_id=' . $this->key . '&wrap_callback=' . urlencode(SimpleSAML_Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&wrap_client_state=' . urlencode($stateID) . '&wrap_scope=WL_Profiles.View,Messenger.SignIn'; SimpleSAML_Utilities::redirect($authorizeURL); }
public function getAuthorizeRequest($url, $requestToken, $redirect = TRUE, $callback = NULL) { $authorizeURL = $url . '?oauth_token=' . $requestToken->key; if ($callback) { $authorizeURL .= '&oauth_callback=' . urlencode($callback); } if ($redirect) { SimpleSAML_Utilities::redirect($authorizeURL); exit; } return $authorizeURL; }
/** * Process a authentication response. * * This function saves the state, and redirects the user to the page where the user * can authorize the release of the attributes. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (isset($state['isPassive']) && $state['isPassive'] === TRUE) { /* We have a passive request. Skip the warning. */ return; } /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'warning:request'); $url = SimpleSAML_Module::getModuleURL('preprodwarning/showwarning.php'); SimpleSAML_Utilities::redirect($url, array('StateId' => $id)); }
/** * Initiate authentication. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { $state['aselect::authid'] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, 'aselect:login', true); try { $app_url = SimpleSAML_Module::getModuleURL('aselect/credentials.php', array('ssp_state' => $id)); $as_url = $this->request_authentication($app_url); SimpleSAML_Utilities::redirect($as_url); } catch (Exception $e) { // attach the exception to the state SimpleSAML_Auth_State::throwException($state, $e); } }
/** * Log-in using Facebook platform * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $facebook = new sspmod_authfacebook_Facebook(array('appId' => $this->api_key, 'secret' => $this->secret), $state); $facebook->destroySession(); $linkback = SimpleSAML_Module::getModuleURL('authfacebook/linkback.php', array('AuthState' => $stateID)); $url = $facebook->getLoginUrl(array('redirect_uri' => $linkback, 'scope' => $this->req_perms)); SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); SimpleSAML_Utilities::redirect($url); }
protected function saveChanges() { $this->foodle->updateFromPost($this->user); # echo '<pre>'; print_r($_REQUEST); exit; print_r($this->foodle); exit; $this->foodle->acl($this->user, 'write'); $this->foodle->save(); if (isset($this->user->email)) { $this->sendMail(); } $newurl = FoodleUtils::getUrl() . 'foodle/' . $this->foodle->identifier . '#distribute'; SimpleSAML_Utilities::redirect($newurl); exit; }
function addEntry() { $foodle = new Data_Foodle($this->fdb); $foodle->updateFromPost($this->user); #echo '<pre>'; print_r($foodle); exit; $foodle->save(); if (isset($this->user->email)) { $this->sendMail($foodle); } $newurl = FoodleUtils::getUrl() . 'foodle/' . $foodle->identifier . '#distribute'; SimpleSAML_Utilities::redirect($newurl); exit; }
/** * Finish login operation. * * This helper function finishes a login operation and redirects the user back to the page which * requested the login. * * @param array $authProcState The state of the authentication process. */ function finishLogin($authProcState) { assert('is_array($authProcState)'); assert('array_key_exists("Attributes", $authProcState)'); assert('array_key_exists("core:saml20-sp:NameID", $authProcState)'); assert('array_key_exists("core:saml20-sp:SessionIndex", $authProcState)'); assert('array_key_exists("core:saml20-sp:TargetURL", $authProcState)'); assert('array_key_exists("Source", $authProcState)'); assert('array_key_exists("entityid", $authProcState["Source"])'); $authData = array('Attributes' => $authProcState['Attributes'], 'saml:sp:NameID' => $authProcState['core:saml20-sp:NameID'], 'saml:sp:SessionIndex' => $authProcState['core:saml20-sp:SessionIndex'], 'saml:sp:IdP' => $authProcState['Source']['entityid']); global $session; $session->doLogin('saml2', $authData); SimpleSAML_Utilities::redirect($authProcState['core:saml20-sp:TargetURL']); }
/** * Prompt the user with a list of authentication sources. * * This method saves the information about the configured sources, * and redirects to a page where the user must select one of these * authentication sources. * * This method never return. The authentication process is finished * in the delegateAuthentication method. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); $state[self::AUTHID] = $this->authId; $state[self::SOURCESID] = $this->sources; /* Save the $state array, so that we can restore if after a redirect */ $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID); /* Redirect to the select source page. We include the identifier of the saved state array as a parameter to the login form */ $url = SimpleSAML_Module::getModuleURL('multiauth/selectsource.php'); $params = array('AuthState' => $id); SimpleSAML_Utilities::redirect($url, $params); /* The previous function never returns, so this code is never executed */ assert('FALSE'); }
/** * Log-in using LiveID platform * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; SimpleSAML_Logger::debug('$$$$authwindowslive auth state = ' . $state['SimpleSAML_Auth_Default.Return']); SimpleSAML_Logger::debug('$$$$authwindowslive auth state = ' . $state['SimpleSAML_Auth_Default.id']); SimpleSAML_Logger::debug('$$$$authwindowslive auth state = ' . $state['SimpleSAML_Auth_Default.ErrorURL']); SimpleSAML_Logger::debug('$$$$authwindowslive auth state = ' . $state['LogoutCallback']); $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); SimpleSAML_Logger::debug('authwindowslive auth state id = ' . $stateID); // Authenticate the user // Documentation at: http://msdn.microsoft.com/en-us/library/live/hh243641 // http://msdn.microsoft.com/en-us/library/live/hh243647.aspx $authorizeURL = 'https://login.live.com/oauth20_authorize.srf' . '?client_id=' . $this->key . '&scope=' . urlencode('wl.signin,wl.basic,wl.emails') . '&response_type=code' . '&redirect_uri=' . urlencode(SimpleSAML_Module::getModuleUrl('authwindowslive') . '/linkback.php?wrap_client_state=' . urlencode($stateID)) . '&wrap_client_state=' . urlencode($stateID); SimpleSAML_Logger::debug('LIVE state: ' . $state); SimpleSAML_Utilities::redirect($authorizeURL); }
/** * Finish login operation. * * This helper function finishes a login operation and redirects the user back to the page which * requested the login. * * @param array $authProcState The state of the authentication process. */ function finishLogin($authProcState) { assert('is_array($authProcState)'); assert('array_key_exists("Attributes", $authProcState)'); assert('array_key_exists("core:shib13-sp:NameID", $authProcState)'); assert('array_key_exists("core:shib13-sp:SessionIndex", $authProcState)'); assert('array_key_exists("core:shib13-sp:TargetURL", $authProcState)'); assert('array_key_exists("Source", $authProcState)'); assert('array_key_exists("entityid", $authProcState["Source"])'); global $session; /* Update the session information */ $session->doLogin('shib13'); $session->setAttributes($authProcState['Attributes']); $session->setNameID($authProcState['core:shib13-sp:NameID']); $session->setSessionIndex($authProcState['core:shib13-sp:SessionIndex']); $session->setIdP($authProcState['Source']['entityid']); SimpleSAML_Utilities::redirect($authProcState['core:shib13-sp:TargetURL']); }
/** * Initialize login. * * This function saves the information about the login, and redirects to a * login page. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); $config = SimpleSAML_Configuration::getConfig('authsources.php'); $state[sspmod_authTiqr_Auth_Tiqr::CONFIGID] = $config->getArray(self::getAuthId(), array()); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, sspmod_authTiqr_Auth_Tiqr::STAGEID); $server = sspmod_authTiqr_Auth_Tiqr::getServer(false); $session = SimpleSAML_Session::getSessionFromRequest(); $sessionId = $session->getSessionId(); $user = $server->getAuthenticatedUser($sessionId); if (empty($user)) { $url = SimpleSAML_Module::getModuleURL('authTiqr/login.php'); SimpleSAML_Utilities::redirect($url, array('AuthState' => $id)); } else { $attributes = array('uid' => array($user), 'displayName' => array(sspmod_authTiqr_Auth_Tiqr::getUserStorage()->getDisplayName($user))); $attributes = array_merge($attributes, sspmod_authTiqr_Auth_Tiqr::getUserStorage()->getAdditionalAttributes($user)); $state['Attributes'] = $attributes; } }
/** * Picks the next SP and issues a logout request. * * This function never returns. * * @param array &$state The logout state. */ private function logoutNextSP(array &$state) { $association = array_pop($state['core:LogoutTraditional:Remaining']); if ($association === NULL) { $this->idp->finishLogout($state); } $relayState = SimpleSAML_Auth_State::saveState($state, 'core:LogoutTraditional', TRUE); $id = $association['id']; SimpleSAML_Logger::info('Logging out of ' . var_export($id, TRUE) . '.'); try { $idp = SimpleSAML_IdP::getByState($association); $url = call_user_func(array($association['Handler'], 'getLogoutURL'), $idp, $association, $relayState); SimpleSAML_Utilities::redirect($url); } catch (Exception $e) { SimpleSAML_Logger::warning('Unable to initialize logout to ' . var_export($id, TRUE) . '.'); $this->idp->terminateAssociation($id); $state['core:Failed'] = TRUE; /* Try the next SP. */ $this->logoutNextSP($state); assert('FALSE'); } }
/** * Throw exception to the state exception handler. * * @param array $state The state array. * @param SimpleSAML_Error_Exception $exception The exception. */ public static function throwException($state, SimpleSAML_Error_Exception $exception) { assert('is_array($state)'); if (array_key_exists(self::EXCEPTION_HANDLER_URL, $state)) { /* Save the exception. */ $state[self::EXCEPTION_DATA] = $exception; $id = self::saveState($state, self::EXCEPTION_STAGE); /* Redirect to the exception handler. */ SimpleSAML_Utilities::redirect($state[self::EXCEPTION_HANDLER_URL], array(self::EXCEPTION_PARAM => $id)); } elseif (array_key_exists(self::EXCEPTION_HANDLER_FUNC, $state)) { /* Call the exception handler. */ $func = $state[self::EXCEPTION_HANDLER_FUNC]; assert('is_callable($func)'); call_user_func($func, $exception, $state); assert(FALSE); } else { /* * No exception handler is defined for the current state. */ throw $exception; } }
$attributes = $ldap->getAttributes($dn, $ldapconfig['attributes']); SimpleSAML_Logger::info('AUTH - ldap-multi: ' . $_POST['username'] . ' successfully authenticated'); $session->doLogin('login-ldapmulti'); $session->setAttributes($attributes); $session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); /** * Create a statistics log entry for every successfull login attempt. * Also log a specific attribute as set in the config: statistics.authlogattr */ $authlogattr = $config->getValue('statistics.authlogattr', null); if ($authlogattr && array_key_exists($authlogattr, $attributes)) { SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]); } else { SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK'); } $returnto = $_REQUEST['RelayState']; SimpleSAML_Utilities::redirect($returnto); } catch (Exception $e) { $error = $e->getMessage(); } } $t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php', 'login'); $t->data['header'] = 'simpleSAMLphp: Enter username and password'; $t->data['relaystate'] = $_REQUEST['RelayState']; $t->data['ldapconfig'] = $ldapmulti; $t->data['org'] = $_REQUEST['org']; $t->data['error'] = $error; if (isset($error)) { $t->data['username'] = $_POST['username']; } $t->show();
/** * Log in using an external authentication helper. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); $attributes = $this->getUser(); if ($attributes !== NULL) { /* * The user is already authenticated. * * Add the users attributes to the $state-array, and return control * to the authentication process. */ $state['Attributes'] = $attributes; return; } /* * The user isn't authenticated. We therefore need to * send the user to the login page. */ /* * First we add the identifier of this authentication source * to the state array, so that we know where to resume. */ $state['drupalauth:AuthID'] = $this->authId; /* * We need to save the $state-array, so that we can resume the * login process after authentication. * * Note the second parameter to the saveState-function. This is a * unique identifier for where the state was saved, and must be used * again when we retrieve the state. * * The reason for it is to prevent * attacks where the user takes a $state-array saved in one location * and restores it in another location, and thus bypasses steps in * the authentication process. */ $stateId = SimpleSAML_Auth_State::saveState($state, 'drupalauth:External'); /* * Now we generate an URL the user should return to after authentication. * We assume that whatever authentication page we send the user to has an * option to return the user to a specific page afterwards. */ $returnTo = SimpleSAML_Module::getModuleURL('drupalauth/resume.php', array('State' => $stateId)); /* * Get the URL of the authentication page. * * Here we use the getModuleURL function again, since the authentication page * is also part of this module, but in a real example, this would likely be * the absolute URL of the login page for the site. */ $authPage = $this->drupal_login_url . '?ReturnTo=' . $returnTo; /* * The redirect to the authentication page. * * Note the 'ReturnTo' parameter. This must most likely be replaced with * the real name of the parameter for the login page. */ SimpleSAML_Utilities::redirect($authPage, array('ReturnTo' => $returnTo)); /* * The redirect function never returns, so we never get this far. */ assert('FALSE'); }
/* No issuer found in the assertions. */ throw new Exception('Missing <saml:Issuer> in message delivered to AssertionConsumerService.'); } } $session = SimpleSAML_Session::getInstance(); $prevAuth = $session->getAuthData($sourceId, 'saml:sp:prevAuth'); if ($prevAuth !== NULL && $prevAuth['id'] === $response->getId() && $prevAuth['issuer'] === $idp) { /* OK, it looks like this message has the same issuer * and ID as the SP session we already have active. We * therefore assume that the user has somehow triggered * a resend of the message. * In that case we may as well just redo the previous redirect * instead of displaying a confusing error message. */ SimpleSAML_Logger::info('Duplicate SAML 2 response detected - ignoring the response and redirecting the user to the correct page.'); SimpleSAML_Utilities::redirect($prevAuth['redirect']); } $stateId = $response->getInResponseTo(); if (!empty($stateId)) { /* This is a response to a request we sent earlier. */ $state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:sso'); /* Check that the authentication source is correct. */ assert('array_key_exists("saml:sp:AuthId", $state)'); if ($state['saml:sp:AuthId'] !== $sourceId) { throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.'); } /* Check that the issuer is the one we are expecting. */ assert('array_key_exists("ExpectedIssuer", $state)'); if ($state['ExpectedIssuer'] !== $idp) { throw new SimpleSAML_Error_Exception('The issuer of the response does not match to the identity provider we sent the request to.'); }
<?php /** * Endpoint for logging in with an authentication source. * * @package simpleSAMLphp * @version $Id$ */ if (!is_string($_REQUEST['ReturnTo'])) { throw new SimpleSAML_Error_BadRequest('Missing ReturnTo parameter.'); } if (!is_string($_REQUEST['AuthId'])) { throw new SimpleSAML_Error_BadRequest('Missing AuthId parameter.'); } $as = new SimpleSAML_Auth_Simple($_REQUEST['AuthId']); $as->requireAuth(array('ReturnTo' => $_REQUEST['ReturnTo'])); SimpleSAML_Utilities::redirect($_REQUEST['ReturnTo']);
/** * Handle a unsoliced login operations. * * This function creates a session from the received information. It * will then redirect to the given URL. * * This is used to handle IdP initiated SSO. * * @param string $authId The id of the authentication source that received the request. * @param array $state A state array. * @param string $redirectTo The URL we should redirect the user to after * updating the session. */ public static function handleUnsolicedAuth($authId, array $state, $redirectTo) { assert('is_string($authId)'); assert('is_string($redirectTo)'); $session = SimpleSAML_Session::getInstance(); $session->doLogin($authId); if (array_key_exists('Attributes', $state)) { $session->setAttributes($state['Attributes']); } else { $session->setAttributes(array()); } if (array_key_exists('Expires', $state)) { $session->setSessionDuration($state['Expires'] - time()); } if (array_key_exists('LogoutState', $state)) { $session->setLogoutState($state['LogoutState']); } SimpleSAML_Utilities::redirect($redirectTo); }
/** * Initialize login. * * This function saves the information about the login, and redirects to a * login page. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); /* * Save the identifier of this authentication source, so that we can * retrieve it later. This allows us to call the login()-function on * the current object. */ $state[self::AUTHID] = $this->authId; /* What username we should force, if any. */ if ($this->forcedUsername !== NULL) { /* * This is accessed by the login form, to determine if the user * is allowed to change the username. */ $state['forcedUsername'] = $this->forcedUsername; } /* Save the $state-array, so that we can restore it after a redirect. */ $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID); /* * Redirect to the login form. We include the identifier of the saved * state array as a parameter to the login form. */ $url = SimpleSAML_Module::getModuleURL('core/loginuserpass.php'); $params = array('AuthState' => $id); SimpleSAML_Utilities::redirect($url, $params); /* The previous function never returns, so this code is never executed. */ assert('FALSE'); }