class SamlSPController in SAML Service Provider 8.2
Same name and namespace in other branches
- 8.3 src/Controller/SamlSPController.php \Drupal\saml_sp\Controller\SamlSPController
- 7.8 src/Controller/SamlSPController.php \Drupal\saml_sp\Controller\SamlSPController
- 4.x src/Controller/SamlSPController.php \Drupal\saml_sp\Controller\SamlSPController
- 3.x src/Controller/SamlSPController.php \Drupal\saml_sp\Controller\SamlSPController
Provides route responses for the SAML SP module
Hierarchy
- class \Drupal\Core\Controller\ControllerBase implements ContainerInjectionInterface uses LoggerChannelTrait, MessengerTrait, LinkGeneratorTrait, RedirectDestinationTrait, UrlGeneratorTrait, StringTranslationTrait
- class \Drupal\saml_sp\Controller\SamlSPController
Expanded class hierarchy of SamlSPController
File
- src/
Controller/ SamlSPController.php, line 22 - Contains \Drupal\samlsp\Controller\SamlSPController.
Namespace
Drupal\saml_sp\ControllerView source
class SamlSPController extends ControllerBase {
/**
* generate the XMl metadata for the given IDP
*/
public function metadata($return_string = FALSE) {
list($metadata, $errors) = saml_sp__get_metadata();
$output = $metadata;
if ($return_string) {
return $output;
}
$response = new Response();
$response
->setContent($metadata);
$response->headers
->set('Content-Type', 'text/xml');
return $response;
}
/**
* receive data back from the IdP
*/
public function consume() {
if (!$this
->saml_sp__is_valid_authentication_response()) {
return new RedirectResponse(\Drupal::url('<front>'));
}
// The OneLogin_Saml_Response object uses the settings to verify the validity
// of a request, in OneLogin_Saml_Response::isValid(), via XMLSecurityDSig.
// Extract the incoming ID (the `inresponseto` parameter of the
// `<samlp:response` XML node).
if ($inbound_id = _saml_sp__extract_inbound_id($_POST['SAMLResponse'])) {
if ($request = saml_sp__get_tracked_request($inbound_id)) {
$idp = saml_sp_idp_load($request['idp']);
// Try to check the validity of the samlResponse.
try {
if (!is_array($idp->x509_cert)) {
$certs = array(
$idp->x509_cert,
);
}
else {
$certs = $idp->x509_cert;
}
$is_valid = FALSE;
// go through each cert and see if one of them provides a valid
// response
foreach ($certs as $cert) {
if ($is_valid) {
continue;
}
$idp->x509_cert = $cert;
$settings = saml_sp__get_settings($idp);
// Creating Saml2 Settings object from array
$saml_settings = new OneLogin_Saml2_Settings($settings);
//$saml_response = new saml_sp_Response($saml_settings, $_POST['SAMLResponse']);
$saml_response = new OneLogin_Saml2_Response($saml_settings, $_POST['SAMLResponse']);
// $saml_response->isValid() will throw various exceptions to communicate
// any errors. Sadly, these are all of type Exception - no subclassing.
$is_valid = $saml_response
->isValid();
}
} catch (Exception $e) {
// @TODO: inspect the Exceptions, and log a meaningful error condition.
\Drupal::logger('saml_sp')
->error('Invalid response, %exception', array(
'%exception' => $e->message,
));
$is_valid = FALSE;
}
// Remove the now-expired tracked request.
$store = saml_sp_get_tempstore('track_request');
$store
->delete($inbound_id);
if (!$is_valid) {
$error = $saml_response
->getError();
list($problem) = array_reverse(explode(' ', $error));
switch ($problem) {
case 'Responder':
$message = t('There was a problem with the response from @idp_name. Please try again later.', array(
'@idp_name' => $idp->name,
));
break;
case 'Requester':
$message = t('There was an issue with the request made to @idp_name. Please try again later.', array(
'@idp_name' => $idp->name,
));
break;
case 'VersionMismatch':
$message = t('SAML VersionMismatch between @idp_name and @site_name. Please try again later.', array(
'@idp_name' => $idp->name,
'@site_name' => variable_get('site_name', 'Drupal'),
));
break;
}
if (!empty($message)) {
drupal_set_message($message, 'error');
}
\Drupal::logger('saml_sp')
->error('Invalid response, @error: <pre>@response</pre>', array(
'@error' => $error,
'@response' => print_r($saml_response->response, TRUE),
));
}
// Invoke the callback function.
$callback = $request['callback'];
$result = $callback($is_valid, $saml_response, $idp);
// The callback *should* redirect the user to a valid page.
// Provide a fail-safe just in case it doesn't.
if (empty($result)) {
return new RedirectResponse(\Drupal::url('user.page'));
}
else {
return $result;
}
}
else {
\Drupal::logger('saml_sp')
->error('Request with inbound ID @id not found.', array(
'@id' => $inbound_id,
));
}
}
// Failover: redirect to the homepage.
\Drupal::logger('saml_sp')
->warning('Failover: redirect to the homepage. No inbound ID or something.');
return new RedirectResponse(\Drupal::url('<front>'));
}
/**
* Check that a request is a valid SAML authentication response.
*
* @return Boolean
*/
private function saml_sp__is_valid_authentication_response() {
return $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['SAMLResponse']);
}
/**
* log the user out
*/
public function logout() {
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
ControllerBase:: |
protected | property | The configuration factory. | |
ControllerBase:: |
protected | property | The current user service. | 1 |
ControllerBase:: |
protected | property | The entity form builder. | |
ControllerBase:: |
protected | property | The entity manager. | |
ControllerBase:: |
protected | property | The entity type manager. | |
ControllerBase:: |
protected | property | The form builder. | 2 |
ControllerBase:: |
protected | property | The key-value storage. | 1 |
ControllerBase:: |
protected | property | The language manager. | 1 |
ControllerBase:: |
protected | property | The module handler. | 2 |
ControllerBase:: |
protected | property | The state service. | |
ControllerBase:: |
protected | function | Returns the requested cache bin. | |
ControllerBase:: |
protected | function | Retrieves a configuration object. | |
ControllerBase:: |
private | function | Returns the service container. | |
ControllerBase:: |
public static | function |
Instantiates a new instance of this class. Overrides ContainerInjectionInterface:: |
40 |
ControllerBase:: |
protected | function | Returns the current user. | 1 |
ControllerBase:: |
protected | function | Retrieves the entity form builder. | |
ControllerBase:: |
protected | function | Retrieves the entity manager service. | |
ControllerBase:: |
protected | function | Retrieves the entity type manager. | |
ControllerBase:: |
protected | function | Returns the form builder service. | 2 |
ControllerBase:: |
protected | function | Returns a key/value storage collection. | 1 |
ControllerBase:: |
protected | function | Returns the language manager service. | 1 |
ControllerBase:: |
protected | function | Returns the module handler. | 2 |
ControllerBase:: |
protected | function |
Returns a redirect response object for the specified route. Overrides UrlGeneratorTrait:: |
|
ControllerBase:: |
protected | function | Returns the state storage service. | |
LinkGeneratorTrait:: |
protected | property | The link generator. | 1 |
LinkGeneratorTrait:: |
protected | function | Returns the link generator. | |
LinkGeneratorTrait:: |
protected | function | Renders a link to a route given a route name and its parameters. | |
LinkGeneratorTrait:: |
public | function | Sets the link generator service. | |
LoggerChannelTrait:: |
protected | property | The logger channel factory service. | |
LoggerChannelTrait:: |
protected | function | Gets the logger for a specific channel. | |
LoggerChannelTrait:: |
public | function | Injects the logger channel factory. | |
MessengerTrait:: |
protected | property | The messenger. | 29 |
MessengerTrait:: |
public | function | Gets the messenger. | 29 |
MessengerTrait:: |
public | function | Sets the messenger. | |
RedirectDestinationTrait:: |
protected | property | The redirect destination service. | 1 |
RedirectDestinationTrait:: |
protected | function | Prepares a 'destination' URL query parameter for use with \Drupal\Core\Url. | |
RedirectDestinationTrait:: |
protected | function | Returns the redirect destination service. | |
RedirectDestinationTrait:: |
public | function | Sets the redirect destination service. | |
SamlSPController:: |
public | function | receive data back from the IdP | |
SamlSPController:: |
public | function | log the user out | |
SamlSPController:: |
public | function | generate the XMl metadata for the given IDP | |
SamlSPController:: |
private | function | Check that a request is a valid SAML authentication response. | |
StringTranslationTrait:: |
protected | property | The string translation service. | 1 |
StringTranslationTrait:: |
protected | function | Formats a string containing a count of items. | |
StringTranslationTrait:: |
protected | function | Returns the number of plurals supported by a given language. | |
StringTranslationTrait:: |
protected | function | Gets the string translation service. | |
StringTranslationTrait:: |
public | function | Sets the string translation service to use. | 2 |
StringTranslationTrait:: |
protected | function | Translates a string to the current language or to a given language. | |
UrlGeneratorTrait:: |
protected | property | The url generator. | |
UrlGeneratorTrait:: |
protected | function | Returns the URL generator service. | |
UrlGeneratorTrait:: |
public | function | Sets the URL generator service. | |
UrlGeneratorTrait:: |
protected | function | Generates a URL or path for a specific route based on the given parameters. |