You are here

public static function Utilities::validateIssuerAndAudience in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8

1 call to Utilities::validateIssuerAndAudience()
MiniOrangeAcs::processSamlResponse in src/MiniOrangeAcs.php
The function processSamlResponse.

File

src/Utilities.php, line 531

Class

Utilities
This file is part of miniOrange SAML plugin.

Namespace

Drupal\miniorange_saml

Code

public static function validateIssuerAndAudience($samlResponse, $spEntityId, $issuerToValidateAgainst, $base_url) {
  $issuer = current($samlResponse
    ->getAssertions())
    ->getIssuer();
  $audience = current(current($samlResponse
    ->getAssertions())
    ->getValidAudiences());
  if (strcmp($issuerToValidateAgainst, $issuer) === 0) {
    if (strcmp($audience, $base_url) === 0) {
      return TRUE;
    }
    else {
      if (array_key_exists('RelayState', $_REQUEST) && $_REQUEST['RelayState'] == 'testValidate') {
        echo '<div style="font-family:Calibri;padding:0 3%;">';
        echo '<div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>
                    <div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error: </strong>Invalid Audience URI.</p>
                    <p>Please contact your administrator and report the following error:</p>
                    <p><strong>Possible Cause: </strong>The value of \'Audience URI\' field on Identity Provider\'s side is incorrect</p>
                    <p>Expected one of the Audiences to be: ' . $spEntityId . '<p>
                    </div>
                    <div style="margin:3%;display:block;text-align:center;">
                    <div style="margin:3%;display:block;text-align:center;"><input style="padding:1%;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>';
      }
      else {
        echo '<div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><b>Error: </b>We could not sign you in. Please contact your Administrator.</p></div>';
      }
      exit;
    }
  }
  else {
    if (array_key_exists('RelayState', $_REQUEST) && $_REQUEST['RelayState'] == 'testValidate') {
      echo '<div style="font-family:Calibri;padding:0 3%;">';
      echo '<div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>
					<div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error: </strong>Issuer cannot be verified.</p>
					<p>Please contact your administrator and report the following error:</p>
					<p><strong>Possible Cause: </strong>The value in \'IdP Entity ID or Issuer\' field in Service Provider Settings is incorrect</p>
					<p><strong>Expected Entity ID: </strong>' . $issuer . '<p>
					<p><strong>Entity ID Found: </strong>' . Xss::filter($issuerToValidateAgainst) . '</p>
					</div>
					<div style="margin:3%;display:block;text-align:center;">
					<div style="margin:3%;display:block;text-align:center;"><input style="padding:1%;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>';
    }
    else {
      echo '<div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><b>Error: </b>We could not sign you in. Please contact your Administrator.</p></div>';
    }
    exit;
  }
}