/**
* @param GetResponseEvent $event
*/
private function handleEvent(GetResponseEvent $event)
{
if ($this->tokenStorage->getToken()) {
return;
}
if (!$this->samlInteractionProvider->isSamlAuthenticationInitiated()) {
$this->sendAuthnRequest($event);
return;
}
$expectedInResponseTo = $this->stateHandler->getRequestId();
$logger = $this->logger;
try {
$assertion = $this->samlInteractionProvider->processSamlResponse($event->getRequest());
} catch (PreconditionNotMetException $e) {
$logger->notice(sprintf('SAML response precondition not met: "%s"', $e->getMessage()));
$this->setPreconditionExceptionResponse($e, $event);
return;
} catch (Exception $e) {
$logger->error(sprintf('Failed SAMLResponse Parsing: "%s"', $e->getMessage()));
throw new AuthenticationException('Failed SAMLResponse parsing', 0, $e);
}
if (!InResponseTo::assertEquals($assertion, $expectedInResponseTo)) {
$logger->error('Unknown or unexpected InResponseTo in SAMLResponse');
throw new AuthenticationException('Unknown or unexpected InResponseTo in SAMLResponse');
}
$logger->notice('Successfully processed SAMLResponse, attempting to authenticate');
$token = new SamlToken();
$token->assertion = $assertion;
try {
$authToken = $this->authenticationManager->authenticate($token);
} catch (AuthenticationException $failed) {
$logger->error(sprintf('Authentication Failed, reason: "%s"', $failed->getMessage()));
$this->setAuthenticationFailedResponse($event);
return;
}
$this->tokenStorage->setToken($authToken);
// migrate the session to prevent session hijacking
$this->session->migrate();
$event->setResponse(new RedirectResponse($this->stateHandler->getCurrentRequestUri()));
$logger->notice('Authentication succeeded, redirecting to original location');
}
