if (!$dbobj) {
$Result->show("danger", "SAML settings not found in database", true);
}
//decode authentication module params
$params = json_decode($dbobj->params);
//if using advanced settings, instantiate without db settings
if ($params->advanced == "1") {
$auth = new OneLogin_Saml2_Auth();
} else {
$settings = array('sp' => array('entityId' => $Tools->createURL(), 'assertionConsumerService' => array('url' => create_link('saml2')), 'singleLogoutService' => array('url' => $Tools->createURL()), 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'), 'idp' => array('entityId' => $params->idpissuer, 'singleSignOnService' => array('url' => $params->idplogin), 'singleLogoutService' => array('url' => $params->idplogout), 'certFingerprint' => $params->idpcertfingerprint, 'certFingerprintAlgorithm' => $params->idpcertalgorithm));
$auth = new OneLogin_Saml2_Auth($settings);
}
//if SAMLResponse is not in the request, create an authnrequest and send it to the idp
if (!isset($_POST["SAMLResponse"])) {
$ssoBuiltUrl = $auth->login(null, array(), false, false, true);
$_SESSION['AuthNRequestID'] = $auth->getLastRequestID();
header('Pragma: no-cache');
header('Cache-Control: no-cache, must-revalidate');
header('Location: ' . $ssoBuiltUrl);
exit;
} else {
//process the authentication response
if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) {
$requestID = $_SESSION['AuthNRequestID'];
} else {
$requestID = null;
}
// process errors and check for errors
$auth->processResponse($requestID);
$errors = $auth->getErrors();
// check if errors are present