public function SamlSPAuth::login in SAML Service Provider 8.3
Same name and namespace in other branches
- 8.2 src/SAML/SamlSPAuth.php \Drupal\saml_sp\SAML\SamlSPAuth::login()
- 4.x src/SAML/SamlSPAuth.php \Drupal\saml_sp\SAML\SamlSPAuth::login()
- 3.x src/SAML/SamlSPAuth.php \Drupal\saml_sp\SAML\SamlSPAuth::login()
Initiates the SSO process.
File
- src/
SAML/ SamlSPAuth.php, line 57
Class
- SamlSPAuth
- Handles the authentication.
Namespace
Drupal\saml_sp\SAMLCode
public function login($returnTo = NULL, array $parameters = [], $forceAuthn = FALSE, $isPassive = FALSE, $stay = FALSE, $setNameIdPolicy = TRUE, $nameIdValueReq = NULL) {
$authnRequest = new SamlSPAuthnRequest($this
->getSettings(), $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq);
$this->_lastRequestID = $authnRequest
->getId();
$samlRequest = $authnRequest
->getRequest();
$parameters['SAMLRequest'] = $samlRequest;
if (!empty($returnTo)) {
$parameters['RelayState'] = $returnTo;
}
else {
$parameters['RelayState'] = Utils::getSelfRoutedURLNoQuery();
}
$security = $this
->getSettings()
->getSecurityData();
if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) {
$signature = $this
->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']);
$parameters['SigAlg'] = $security['signatureAlgorithm'];
$parameters['Signature'] = $signature;
}
// Multiple IdPs may be configured, but we can only use one per request.
// Find the one that should be used for the current login attempt.
$idp = NULL;
$idp_data = (object) $this
->getSettings()
->getIdPData();
$all_idps = saml_sp__load_all_idps();
foreach ($all_idps as $this_idp) {
if ($this_idp
->getEntityId() == $idp_data->entityId) {
$idp = $this_idp;
break;
}
}
if (!isset($idp)) {
\Drupal::messenger()
->addMessage(t('Could not find a valid Identity Provider server.'), MessengerInterface::TYPE_ERROR);
$this
->redirectTo($parameters['RelayState']);
}
// Record the outbound Id of the request.
$id = $authnRequest
->getId();
saml_sp__track_request($id, $idp, $this->authCallback);
if (\Drupal::config('saml_sp.settings')
->get('debug')) {
_saml_sp__debug('SAML Request', $samlRequest);
$decoded_request = base64_decode($samlRequest);
if ($this->samlSettings
->shouldCompressRequests()) {
$decoded_request = gzinflate($decoded_request);
}
_saml_sp__debug('Decoded Request', base64_decode($samlRequest));
_saml_sp__debug('Parameters', $parameters);
$url = Url::fromUri($this
->getSSOurl(), [
'query' => $parameters,
]);
return [
'message' => [
'#markup' => t('This is a debug page, you can proceed by clicking the following link (this might not work, because "/" chars are encoded differently when the link is made by Drupal as opposed to redirected, as it is when debugging is turned off).') . ' ',
],
'link' => Link::fromTextAndUrl(t('test link'), $url)
->toRenderable(),
];
}
$this
->redirectTo($this
->getSSOurl(), $parameters);
}