You are here

Home » API reference » SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7 » miniorange_saml.module

function saml_response in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7

Validate SAML Response and authenticate user.

1 string reference to 'saml_response'
miniorange_saml_menu in ./miniorange_saml.module

File

./miniorange_saml.module, line 344
Module file for miniOrange SAML Module.

Code

function saml_response() {
  global $user;
  $b_url = Utilities::miniorange_get_baseURL();
  $entity_id = Utilities::miniorange_get_issuer();
  $acs_url = $b_url . '/?q=samlassertion';
  $cert_fingerprint = variable_get('miniorange_saml_idp_x509_certificate', '');
  $issuer = variable_get('miniorange_saml_idp_issuer', '');
  $sp_entity_id = variable_get('miniorange_saml_sp_issuer', '');
  $default_role = variable_get('miniorange_saml_default_role', '');

  //Commented by DEEPAK

  /*// Try main library path.
       if (libraries_get_path('xmlseclibs')) {
           $xmlseclibs_file = libraries_get_path('xmlseclibs') . '/xmlseclibs.php';
       }
       else {
           // Trying alternate library path.
           $xmlseclibs_file = libraries_get_path('xmlseclibs-master') . '/xmlseclibs.php';
       }
       libraries_load('xmlseclibs');

       if (!class_exists('XMLSecurityKey') && !@include($xmlseclibs_file)) {
           echo "<div>
               <p><font class='alert' background-color='crimson' color='red'>Error: xmlseclibs not loaded properly</font></p>
  	         <p>You can download xmlseclibs from <a href='https://github.com/robrichards/xmlseclibs/tree/1.4' target='_blank'>here</a>.
  	         <br>Extract the archive and place it under <b>sites/all/libraries/</b> in your Drupal directory.</p>
  	         <div>";
               exit();
       }*/
  $response_obj = new MiniOrangeAcs();
  $response = $response_obj
    ->processSamlResponse($_POST, $acs_url, $cert_fingerprint, $issuer, $entity_id, $sp_entity_id);
  $account = user_load_by_mail($response);

  // Create user if not already present.
  if ($account == NULL) {
    $random_password = user_password(8);
    $result = db_select('role', 'rid')
      ->fields('rid')
      ->condition('name', $default_role, '=')
      ->execute()
      ->fetchAssoc();
    $dc[$result['rid']] = $default_role;
    $new_user = array(
      'name' => $response,
      'mail' => $response,
      'pass' => $random_password,
      'status' => 1,
      'roles' => $dc,
    );
    try {
      $account = user_save(NULL, $new_user);
    } catch (Exception $e) {
      variable_set('miniorange_saml_pdo_exception', 1);
      drupal_set_message('<b>Error:</b> There was an error signing you in. Please contact your administrator.', 'error');
      drupal_goto($b_url);
    }
    variable_set('miniorange_saml_pdo_exception', 0);

    /**
     * Default Role mapping
     */
    $account = user_load($account->uid);
    if (!empty(variable_get('miniorange_saml_enable_rolemapping'))) {
      if ($account->{"roles"} != 'administrator') {
        $result = array_search($default_role, user_roles());
        $dc[$result] = $default_role;
        $account->{"roles"} = $dc;
        user_save($account);
      }
    }
  }

  // Flood control check and check if user is blocked.
  if (flood_is_allowed($response, 3600) && user_is_blocked($response) == FALSE) {

    // Allowed to proceed.
    // Clear flood control event.
    flood_clear_event($response);
    $user = user_load($account->uid);
    $edit = array();
    if (isset($_POST['RelayState'])) {
      $relay_state = $_POST['RelayState'];
    }
    else {
      $relay_state = $b_url;
    }
    $edit['redirect'] = $relay_state;
    user_login_finalize($edit);
    drupal_goto($edit['redirect']);
  }
  else {

    // Register flood control event.
    flood_register_event($response, 3600);
    form_set_error('user_login_block', t('You are not allowed to login'));
    drupal_goto();
  }
}