View source
<?php
namespace Drupal\saml_sp\SAML;
use OneLogin_Saml2_Auth;
use OneLogin_Saml2_Settings;
use Drupal\Core\Url;
use Drupal\Core\Link;
use XMLSecurityKey;
class SamlSPAuth extends OneLogin_Saml2_Auth {
public $auth_callback;
private $__settings;
public function __construct($oldSettings = null) {
$this->__settings = new OneLogin_Saml2_Settings($oldSettings);
parent::__construct($oldSettings);
}
public function setAuthCallback($callback) {
$this->auth_callback = $callback;
}
public function login($returnTo = NULL, $parameters = array(), $forceAuthn = FALSE, $isPassive = FALSE, $stay = FALSE, $setNameIdPolicy = TRUE) {
assert('is_array($parameters)');
$authnRequest = new SamlSPAuthnRequest($this
->getSettings(), $forceAuthn, $isPassive, $setNameIdPolicy);
$this->_lastRequestID = $authnRequest
->getId();
$samlRequest = $authnRequest
->getRequest();
$parameters['SAMLRequest'] = $samlRequest;
if (!empty($returnTo)) {
$parameters['RelayState'] = $returnTo;
}
else {
$parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery();
}
$security = $this
->getSettings()
->getSecurityData();
if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) {
$signature = $this
->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']);
$parameters['SigAlg'] = $security['signatureAlgorithm'];
$parameters['Signature'] = $signature;
}
$idp = (object) $this
->getSettings()
->getIdPData();
$all_idps = saml_sp__load_all_idps();
foreach ($all_idps as $this_idp) {
if ($this_idp->entity_id == $idp->entityId) {
$idp->id = $this_idp->id;
}
}
$id = $authnRequest
->getId();
saml_sp__track_request($id, $idp, $this->auth_callback);
if (\Drupal::config('saml_sp.settings')
->get('debug')) {
if (\Drupal::moduleHandler()
->moduleExists('devel')) {
dpm($samlRequest, '$samlRequest');
dpm($parameters, '$parameters');
}
else {
$decoded_request = base64_decode($samlRequest);
$inflate = $this->__settings
->shouldCompressRequests();
if ($inflate) {
$request = gzinflate($decoded_request);
}
drupal_set_message(t('Request =><br/> <pre>@request</pre>', [
'@request' => $request,
]));
drupal_set_message(t('Parameters =><br/> <pre>@parameters</pre>', [
'@parameters' => print_r($parameters, TRUE),
]));
}
$url = Url::fromUri($this
->getSSOurl(), array(
'query' => $parameters,
));
return [
'message' => [
'#markup' => t('This is a debug page, you can proceed by clicking the following link (this might not work, because "/" chars are encoded differently when the link is made by Drupal as opposed to redirected, as it is when debugging is turned off).') . ' ',
],
'link' => Link::fromTextAndUrl(t('test link'), $url)
->toRenderable(),
];
}
$this
->redirectTo($this
->getSSOurl(), $parameters);
}
public function buildRequestSignature($samlRequest, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA1) {
$signature = parent::buildRequestSignature($samlRequest, $relayState, $signAlgorithm);
if (\Drupal::config('saml_sp.settings')
->get('debug') && \Drupal::moduleHandler()
->moduleExists('devel')) {
dpm($samlRequest, '$samlRequest');
}
return $signature;
}
}