public static processResponse ( SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata, SAML2\Response $response ) : array | ||
$spMetadata | SimpleSAML_Configuration | The metadata of the service provider. |
$idpMetadata | SimpleSAML_Configuration | The metadata of the identity provider. |
$response | SAML2\Response | The response. |
return | array | Array with \SAML2\Assertion objects, containing valid assertions from the response. |
public static function processResponse(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata, \SAML2\Response $response)
{
if (!$response->isSuccess()) {
throw self::getResponseError($response);
}
/* Validate Response-element destination. */
$currentURL = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery();
$msgDestination = $response->getDestination();
if ($msgDestination !== NULL && $msgDestination !== $currentURL) {
throw new Exception('Destination in response doesn\'t match the current URL. Destination is "' . $msgDestination . '", current URL is "' . $currentURL . '".');
}
$responseSigned = self::checkSign($idpMetadata, $response);
/*
* When we get this far, the response itself is valid.
* We only need to check signatures and conditions of the response.
*/
$assertion = $response->getAssertions();
if (empty($assertion)) {
throw new SimpleSAML_Error_Exception('No assertions found in response from IdP.');
}
$ret = array();
foreach ($assertion as $a) {
$ret[] = self::processAssertion($spMetadata, $idpMetadata, $response, $a, $responseSigned);
}
return $ret;
}
function handleResponse() { try { $binding = SAML2_Binding::getCurrentBinding(); $response = $binding->receive(); } catch (Exception $e) { return; } SimpleSAML_Logger::debug('attributequery - received message.'); if (!$response instanceof SAML2_Response) { throw new SimpleSAML_Error_Exception('Unexpected message received to attribute query example.'); } $idpEntityId = $response->getIssuer(); if ($idpEntityId === NULL) { throw new SimpleSAML_Error_Exception('Missing issuer in response.'); } $idpMetadata = $GLOBALS['metadata']->getMetaDataConfig($idpEntityId, 'saml20-idp-remote'); $spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted'); $assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response); if (count($assertion) > 1) { throw new SimpleSAML_Error_Exception('More than one assertion in received response.'); } $assertion = $assertion[0]; $dataId = $response->getRelayState(); if ($dataId === NULL) { throw new SimpleSAML_Error_Exception('RelayState was lost during request.'); } $data = $GLOBALS['session']->getData('attributequeryexample:data', $dataId); $data['attributes'] = $assertion->getAttributes(); $GLOBALS['session']->setData('attributequeryexample:data', $dataId, $data, 3600); SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('dataId' => $dataId)); }