-
Olav Morken authored
Change "idpdisco.url.saml2" to "idpdisco.url.saml20", to be consistent with the rest of simpleSAMLphp. Also include a forgotten change from the last patch. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@616 44740490-163a-0410-bde0-09ae8108e29a
Olav Morken authoredChange "idpdisco.url.saml2" to "idpdisco.url.saml20", to be consistent with the rest of simpleSAMLphp. Also include a forgotten change from the last patch. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@616 44740490-163a-0410-bde0-09ae8108e29a
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
initSSO.php 2.97 KiB
<?php
require_once('../../_include.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: Accessing SAML 2.0 SP initSSO script');
if (!$config->getValue('enable.saml20-sp', false))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
/*
* Incomming URL parameters
*
* idpentityid optional The entityid of the wanted IdP to authenticate with. If not provided will use default.
* spentityid optional The entityid of the SP config to use. If not provided will use default to host.
* RelayState required Where to send the user back to after authentication.
*/
if (empty($_GET['RelayState'])) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
}
try {
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getValue('default-saml20-idp') ;
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
if($idpentityid === NULL) {
/* We are going to need the SP metadata to determine which IdP discovery service we should use. */
$spmetadata = $metadata->getMetaDataCurrent('saml20-sp-hosted');
}
} catch (Exception $exception) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
}
/*
* If no IdP can be resolved, send the user to the SAML 2.0 Discovery Service
*/
if ($idpentityid == null) {
SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
/* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
* Falling back to builtin discovery service.
*/
if(array_key_exists('idpdisco.url', $spmetadata)) {
$discourl = $spmetadata['idpdisco.url'];
} elseif($config->getValue('idpdisco.url.saml20', NULL) !== NULL) {
$discourl = $config->getValue('idpdisco.url.saml20', NULL);
} else {
$discourl = '/' . $config->getBaseURL() . 'saml2/sp/idpdisco.php';
}
SimpleSAML_Utilities::redirect($discourl, array(
'entityID' => $spentityid,
'return' => SimpleSAML_Utilities::selfURL(),
'returnIDParam' => 'idpentityid')
);
}
/*
* Create and send authentication request to the IdP.
*/try {
$sr = new SimpleSAML_XML_SAML20_AuthnRequest($config, $metadata);
if (isset($_GET['IsPassive'])) {
$sr->setIsPassive($_GET['IsPassive']);
};
$md = $metadata->getMetaData($idpentityid, 'saml20-idp-remote');
$req = $sr->generate($spentityid, $md['SingleSignOnService']);
$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
$httpredirect->sendMessage($req, $spentityid, $idpentityid, $_GET['RelayState']);
} catch(Exception $exception) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
}
?>