Skip to content
Snippets Groups Projects
Select Git revision
  • a38bf33da41b36cdb8350e2b35ea75e2317056d5
  • master default protected
  • cesnet_simplesamlphp-1.19.8
  • elixir_simplesamlphp-1.19.8
  • simplesamlphp-1.19.8
  • cesnet_simplesamlphp-1.19.5
  • simplesamlphp-2.0
  • feature/assets
  • feature/rac-source-selector
  • cleanup/remove-base64-attributes
  • simplesamlphp-1.19
  • elixir_simplesamlphp-1.19.5
  • aarc_idp_hinting
  • feature/validate-authstate-before-processing
  • feature/build-two-tarballs
  • dependabot/composer/twig/twig-3.4.3
  • tvdijen-patch-1
  • unchanged-acs-url-no-www-script
  • feature/translation-improvements
  • symfony6
  • move_tests
  • v1.19.9
  • v2.1.3
  • v2.0.10
  • v2.1.2
  • v2.0.9
  • v2.1.1
  • v2.0.8
  • v2.1.0
  • v2.0.7
  • v2.1.0-rc1
  • v2.0.6
  • v2.0.5
  • 2.0.4-alpha.1
  • v2.0.4-alpha.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1-alpha.1
  • v2.0.1
  • v1.19.8
41 results

IdP.php

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    shib13-example.php 2.28 KiB 
    <?php

/**
 * The _include script sets simpleSAMLphp libraries in the PHP PATH, as well as 
 * initialize the simpleSAMLphp config class with the correct path.
 */
require_once('../_include.php');

/**
 * We need to load a few classes from simpleSAMLphp. These are available because
 * the _include script above did set the PHP class PATH properly.
 */
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/XHTML/Template.php');


/* Load simpleSAMLphp, configuration and metadata */
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance(TRUE);

/**
 * Check if valid local session exists, and the authority is the Shib 1.3 SP
 * part of simpleSAMLphp. If the currenct session is not valid, the user is
 * redirected to the initSSO.php script. This script will send the user to
 * a Shib 1.3 IdP with an authentication request, and thereafter the user
 * will be asked at the Shib 1.3 IdP to authenticate. You add one important
 * parameter when you send the user to the initSSO script, the RelayState.
 * The RelayState URL is the URL that you want to send the user to after
 * authentication is complete - and usually you want to send the user back
 * to this very page. To get the URL of the current page we use the selfURL()
 * helper function.
 *
 * When the user is complete authenticating at the IdP, the user will be sent
 * back to the AssertionConsumerService.php script in simpleSAMLphp. The assertion
 * is validated, and if trusted, the user's session is set to be valid, and the user
 * is redirected back to the RelayState URL. And then the user is here again, but 
 * authenticated, and therefore passes the if sentence below, and moves on to 
 * retrieving attributes from the session.
 */
if (!isset($session) || !$session->isValid('shib13') ) {	
	SimpleSAML_Utilities::redirect(
		'/' . $config->getValue('baseurlpath') . 'shib13/sp/initSSO.php',
		array('RelayState' => SimpleSAML_Utilities::selfURL())
	);
}

$t = new SimpleSAML_XHTML_Template($config, 'status.php');

$t->data['header'] = 'Shibboleth demo';
$t->data['remaining'] = $session->remainingTime();
$t->data['attributes'] = $session->getAttributes();
$t->data['logout'] = 'Shibboleth logout not implemented yet.';
$et->data['icon'] = 'bino.png';
$t->show();


?>