| public login ( string | null $returnTo = null, array $parameters = [], boolean $forceAuthn = false, boolean $isPassive = false, boolean $stay = false, boolean $setNameIdPolicy = true ) : If | ||
| $returnTo | string | null | The target URL the user should be returned to after login. |
| $parameters | array | Extra parameters to be added to the GET |
| $forceAuthn | boolean | When true the AuthNReuqest will set the ForceAuthn='true' |
| $isPassive | boolean | When true the AuthNReuqest will set the Ispassive='true' |
| $stay | boolean | True if we want to stay (returns the url string) False to redirect |
| $setNameIdPolicy | boolean | When true the AuthNReuqest will set a nameIdPolicy element |
| Результат | If | $stay is True, it return a string with the SLO URL + LogoutRequest + parameters |
public function login($returnTo = null, $parameters = array(), $forceAuthn = false, $isPassive = false, $stay = false, $setNameIdPolicy = true)
{
assert('is_array($parameters)');
$authnRequest = new OneLogin_Saml2_AuthnRequest($this->_settings, $forceAuthn, $isPassive, $setNameIdPolicy);
$this->_lastRequestID = $authnRequest->getId();
$samlRequest = $authnRequest->getRequest();
$parameters['SAMLRequest'] = $samlRequest;
if (!empty($returnTo)) {
$parameters['RelayState'] = $returnTo;
} else {
$parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery();
}
$security = $this->_settings->getSecurityData();
if (isset($security['authnRequestsSigned']) && $security['authnRequestsSigned']) {
$signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']);
$parameters['SigAlg'] = $security['signatureAlgorithm'];
$parameters['Signature'] = $signature;
}
return $this->redirectTo($this->getSSOurl(), $parameters, $stay);
}$dbobj = $Tools->fetch_object("usersAuthMethod", "type", "SAML2");
if (!$dbobj) {
$Result->show("danger", "SAML settings not found in database", true);
}
//decode authentication module params
$params = json_decode($dbobj->params);
//if using advanced settings, instantiate without db settings
if ($params->advanced == "1") {
$auth = new OneLogin_Saml2_Auth();
} else {
$settings = array('sp' => array('entityId' => $Tools->createURL(), 'assertionConsumerService' => array('url' => create_link('saml2')), 'singleLogoutService' => array('url' => $Tools->createURL()), 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'), 'idp' => array('entityId' => $params->idpissuer, 'singleSignOnService' => array('url' => $params->idplogin), 'singleLogoutService' => array('url' => $params->idplogout), 'certFingerprint' => $params->idpcertfingerprint, 'certFingerprintAlgorithm' => $params->idpcertalgorithm));
$auth = new OneLogin_Saml2_Auth($settings);
}
//if SAMLResponse is not in the request, create an authnrequest and send it to the idp
if (!isset($_POST["SAMLResponse"])) {
$ssoBuiltUrl = $auth->login(null, array(), false, false, true);
$_SESSION['AuthNRequestID'] = $auth->getLastRequestID();
header('Pragma: no-cache');
header('Cache-Control: no-cache, must-revalidate');
header('Location: ' . $ssoBuiltUrl);
exit;
} else {
//process the authentication response
if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) {
$requestID = $_SESSION['AuthNRequestID'];
} else {
$requestID = null;
}
// process errors and check for errors
$auth->processResponse($requestID);
$errors = $auth->getErrors();
