You are here

Home » API reference » SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8 » miniorange_samlController.php » miniorange_samlController

public function miniorange_samlController::saml_response in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8

1 string reference to 'miniorange_samlController::saml_response'
miniorange_saml.routing.yml in ./miniorange_saml.routing.yml
miniorange_saml.routing.yml

File

src/Controller/miniorange_samlController.php, line 130
Contains \Drupal\miniorange_saml\Controller\DefaultController.

Class

miniorange_samlController
Default controller for the miniorange_saml module.

Namespace

Drupal\miniorange_saml\Controller

Code

public function saml_response() {
  $base_url = Utilities::getBaseUrl();
  $acs_url = Utilities::getAcsUrl();
  $cert_fingerprint = \Drupal::config('miniorange_saml.settings')
    ->get('miniorange_saml_idp_x509_certificate');
  $issuer = \Drupal::config('miniorange_saml.settings')
    ->get('miniorange_saml_idp_issuer');
  $sp_entity_id = \Drupal::config('miniorange_saml.settings')
    ->get('miniorange_saml_sp_issuer');
  $username_attribute = \Drupal::config('miniorange_saml.settings')
    ->get('miniorange_saml_email_attribute');
  if (isset($_GET['SAMLResponse'])) {
    session_destroy();
    $response = new RedirectResponse($base_url);
    $response
      ->send();
    return new Response();
  }
  $attrs = array();
  $role = array();
  $response_obj = new MiniOrangeAcs();
  $response = $response_obj
    ->processSamlResponse($_POST, $acs_url, $cert_fingerprint, $issuer, $base_url, $sp_entity_id, $username_attribute, $attrs, $role);
  $account = user_load_by_name($response['username']);

  // Create user if not already present.
  if ($account == NULL) {
    $random_password = user_password(8);
    $new_user = [
      'name' => $response['username'],
      'mail' => $response['email'],
      'pass' => $random_password,
      'status' => 1,
    ];

    // user_save() is now a method of the user entity.
    $account = User::create($new_user);
    $account
      ->save();
    $enable_roleMapping = \Drupal::config('miniorange_saml.settings')
      ->get('miniorange_saml_enable_rolemapping');
    if ($enable_roleMapping) {

      /**
       * Getting machine names of the roles.
       */
      $roles_with_machine_name = \Drupal::entityTypeManager()
        ->getStorage('user_role')
        ->loadMultiple();
      $roles_with_machine_name_array = array();
      foreach ($roles_with_machine_name as $key => $values) {
        $roles_with_machine_name_array[$key] = strtolower($values
          ->label());
      }

      /**
       * Get machine name of the default role. (eg. Authenticated User(role) = authenticated(machine name))
       */
      $default_role = \Drupal::config('miniorange_saml.settings')
        ->get('miniorange_saml_default_role');
      foreach ($roles_with_machine_name_array as $machine_name => $role_name) {
        if ($role_name == strtolower($default_role)) {
          $default_role_value = $machine_name;
        }
      }

      /**
       * Assign default role for user is default role is other than AUTHENTICATED USER.
       */
      if (isset($default_role_value) && $default_role_value != 'authenticated') {
        $account
          ->addRole($default_role_value);
        $account
          ->save();
      }
    }
  }
  if (user_is_blocked($response['username']) == FALSE) {
    $rediectUrl = $base_url;
    if (array_key_exists('relay_state', $response) && !empty(trim($response['relay_state']))) {
      $rediectUrl = $response['relay_state'];
    }
    $_SESSION['sessionIndex'] = $response['sessionIndex'];
    $_SESSION['NameID'] = $response['NameID'];
    $_SESSION['mo_saml']['logged_in_with_idp'] = TRUE;

    /**
     * Invoke the hook and check whether 2FA is enabled or not.
     */
    \Drupal::moduleHandler()
      ->invokeAll('invoke_miniorange_2fa_before_login', [
      $account,
    ]);
    user_login_finalize($account);
    $response = new RedirectResponse($rediectUrl);
    $request = \Drupal::request();
    $request
      ->getSession()
      ->save();
    $response
      ->prepare($request);
    \Drupal::service('kernel')
      ->terminate($request, $response);
    $response
      ->send();
    exit;
    return new Response();
  }
  else {
    $error = t('User Blocked By Administrator.');
    $message = t('Please Contact your administrator.');
    $cause = t('This user account is not allowed to login.');
    Utilities::showErrorMessage($error, $message, $cause);
    return new Response();
  }
}