You are here

public function SamlSPAuth::login in SAML Service Provider 4.x

Same name and namespace in other branches
  1. 8.3 src/SAML/SamlSPAuth.php \Drupal\saml_sp\SAML\SamlSPAuth::login()
  2. 8.2 src/SAML/SamlSPAuth.php \Drupal\saml_sp\SAML\SamlSPAuth::login()
  3. 3.x src/SAML/SamlSPAuth.php \Drupal\saml_sp\SAML\SamlSPAuth::login()

Initiates the SSO process.

File

src/SAML/SamlSPAuth.php, line 57

Class

SamlSPAuth
Handles the authentication.

Namespace

Drupal\saml_sp\SAML

Code

public function login($returnTo = NULL, array $parameters = [], $forceAuthn = FALSE, $isPassive = FALSE, $stay = FALSE, $setNameIdPolicy = TRUE, $nameIdValueReq = NULL) {
  $authnRequest = new SamlSPAuthnRequest($this
    ->getSettings(), $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq);
  $this->_lastRequestID = $authnRequest
    ->getId();
  $samlRequest = $authnRequest
    ->getRequest();
  $parameters['SAMLRequest'] = $samlRequest;
  if (!empty($returnTo)) {
    $parameters['RelayState'] = $returnTo;
  }
  else {
    $parameters['RelayState'] = Utils::getSelfRoutedURLNoQuery();
  }
  $security = $this
    ->getSettings()
    ->getSecurityData();
  if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) {
    $signature = $this
      ->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']);
    $parameters['SigAlg'] = $security['signatureAlgorithm'];
    $parameters['Signature'] = $signature;
  }

  // Multiple IdPs may be configured, but we can only use one per request.
  // Find the one that should be used for the current login attempt.
  $idp = NULL;
  $idp_data = (object) $this
    ->getSettings()
    ->getIdPData();
  $all_idps = saml_sp__load_all_idps();
  foreach ($all_idps as $this_idp) {
    if ($this_idp
      ->getEntityId() == $idp_data->entityId) {
      $idp = $this_idp;
      break;
    }
  }
  if (!isset($idp)) {
    \Drupal::messenger()
      ->addMessage(t('Could not find a valid Identity Provider server.'), MessengerInterface::TYPE_ERROR);
    $this
      ->redirectTo($parameters['RelayState']);
  }

  // Record the outbound Id of the request.
  $id = $authnRequest
    ->getId();
  saml_sp__track_request($id, $idp, $this->authCallback);
  if (\Drupal::config('saml_sp.settings')
    ->get('debug')) {
    _saml_sp__debug('SAML Request', $samlRequest);
    $decoded_request = base64_decode($samlRequest);
    if ($this->samlSettings
      ->shouldCompressRequests()) {
      $decoded_request = gzinflate($decoded_request);
    }
    _saml_sp__debug('Decoded Request', base64_decode($samlRequest));
    _saml_sp__debug('Parameters', $parameters);
    $url = Url::fromUri($this
      ->getSSOurl(), [
      'query' => $parameters,
    ]);
    return [
      'message' => [
        '#markup' => t('This is a debug page, you can proceed by clicking the following link (this might not work, because "/" chars are encoded differently when the link is made by Drupal as opposed to redirected, as it is when debugging is turned off).') . ' ',
      ],
      'link' => Link::fromTextAndUrl(t('test link'), $url)
        ->toRenderable(),
    ];
  }
  $this
    ->redirectTo($this
    ->getSSOurl(), $parameters);
}