/** * @param GetResponseEvent $event */ private function handleEvent(GetResponseEvent $event) { if ($this->tokenStorage->getToken()) { return; } if (!$this->samlInteractionProvider->isSamlAuthenticationInitiated()) { $this->sendAuthnRequest($event); return; } $expectedInResponseTo = $this->stateHandler->getRequestId(); $logger = $this->logger; try { $assertion = $this->samlInteractionProvider->processSamlResponse($event->getRequest()); } catch (PreconditionNotMetException $e) { $logger->notice(sprintf('SAML response precondition not met: "%s"', $e->getMessage())); $this->setPreconditionExceptionResponse($e, $event); return; } catch (Exception $e) { $logger->error(sprintf('Failed SAMLResponse Parsing: "%s"', $e->getMessage())); throw new AuthenticationException('Failed SAMLResponse parsing', 0, $e); } if (!InResponseTo::assertEquals($assertion, $expectedInResponseTo)) { $logger->error('Unknown or unexpected InResponseTo in SAMLResponse'); throw new AuthenticationException('Unknown or unexpected InResponseTo in SAMLResponse'); } $logger->notice('Successfully processed SAMLResponse, attempting to authenticate'); $token = new SamlToken(); $token->assertion = $assertion; try { $authToken = $this->authenticationManager->authenticate($token); } catch (AuthenticationException $failed) { $logger->error(sprintf('Authentication Failed, reason: "%s"', $failed->getMessage())); $this->setAuthenticationFailedResponse($event); return; } $this->tokenStorage->setToken($authToken); // migrate the session to prevent session hijacking $this->session->migrate(); $event->setResponse(new RedirectResponse($this->stateHandler->getCurrentRequestUri())); $logger->notice('Authentication succeeded, redirecting to original location'); }