You are here

Home » API reference » SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7 » Utilities.php » Utilities

public static function Utilities::validateIssuerAndAudience in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7

1 call to Utilities::validateIssuerAndAudience()
MiniOrangeAcs::processSamlResponse in includes/Acs.php
The function processSamlResponse.

File

includes/Utilities.php, line 961

Class

Utilities
This file is part of miniOrange SAML plugin.

Code

public static function validateIssuerAndAudience($samlResponse, $spEntityId, $issuerToValidateAgainst, $b_url, $relayState) {
  $issuer = current($samlResponse
    ->getAssertions())
    ->getIssuer();
  variable_set('miniorange_saml_expected_issuer', $issuer);
  $audience = current(current($samlResponse
    ->getAssertions())
    ->getValidAudiences());
  if (strcmp($issuerToValidateAgainst, $issuer) === 0) {
    if (strcmp($audience, $b_url) === 0) {
      return TRUE;
    }
    else {
      echo sprintf('Invalid audience');
      exit;
    }
  }
  else {
    if ($relayState == 'testValidate') {
      ob_end_clean();
      echo '<div style="font-family:Calibri;padding:0 3%;">';
      echo '<div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>
                <div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error: </strong>Issuer cannot be verified.</p>
                <p>Please contact your administrator and report the following error:</p>
                <p><strong>Possible Cause: </strong>The value in \'IdP Entity ID or Issuer\' field in Service Provider Settings is incorrect</p>
                <p><strong>Expected Entity ID: </strong>' . $issuer . '<p>
                <p><strong>Entity ID Found: </strong>' . $issuerToValidateAgainst . '</p>
                </div>
                <div style="margin:1%;display:block;text-align:center;">
                <div style="margin:3%;display:block;text-align:center;"><input style="padding:1%;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Fix it" onClick="fix_it();">
                <input style="padding:1%;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;margin: inherit; white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>
                <script>
                        function fix_it(){
                            var url = "admin/config/people/miniorange_saml/fix_attribute";
                            window.location = url;
                        }
                    </script>';
      exit;
    }
    else {
      echo ' <div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error: </strong>We could not sign you in. Please contact your Administrator.</p></div>
                  <div style="margin:3%;display:block;text-align:center;">
                        <form action=' . $b_url . '><input style="padding:1%;width:150px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="submit" value="Back to home"></form></div>';
      exit;
    }
  }
}