$_SESSION['return'] = $_GET['return'];
}
-
if ($needsAuth) {
$metadata = getMetadata();
$url = $base;
- // put SAML settings into an array to avoid placing files in the
- // composer vendor/ directories
$samlsettings = [
'sp' => [
- // Identifier of the SP entity (must be a URI)
'entityId' => $base,
- // Specifies info about where and how the <AuthnResponse> message MUST be
- // returned to the requester, in this case our SP.
'assertionConsumerService' => array(
- // URL Location where the <Response> from the IdP will be returned
'url' => $url,
- // SAML protocol binding to be used when returning the <Response>
- // message. Onelogin Toolkit supports for this endpoint the
- // HTTP-POST binding only
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
),
-// // If you need to specify requested attributes, set a
-// // attributeConsumingService. nameFormat, attributeValue and
-// // friendlyName can be omitted. Otherwise remove this section.
-// "attributeConsumingService" => array(
-// "serviceName" => "SP test",
-// "serviceDescription" => "Test Service",
-// "requestedAttributes" => array(
-// array(
-// "name" => "",
-// "isRequired" => false,
-// "nameFormat" => "",
-// "friendlyName" => "",
-// "attributeValue" => ""
-// )
-// )
-// ),
-// // Specifies info about where and how the <Logout Response> message MUST be
-// // returned to the requester, in this case our SP.
-// 'singleLogoutService' => array(
-// // URL Location where the <Response> from the IdP will be returned
-// 'url' => '',
-// // SAML protocol binding to be used when returning the <Response>
-// // message. Onelogin Toolkit supports for this endpoint the
-// // HTTP-Redirect binding only
-// 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
-// ),
-// // Specifies constraints on the name identifier to be used to
-// // represent the requested subject.
-// // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
-// 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
-//
-// // Usually x509cert and privateKey of the SP are provided by files placed at
-// // the certs folder. But we can also provide them with the following parameters
-// 'x509cert' => '',
-// 'privateKey' => '',
-//
-// /*
-// * Key rollover
-// * If you plan to update the SP x509cert and privateKey
-// * you can define here the new x509cert and it will be
-// * published on the SP metadata so Identity Providers can
-// * read them and get ready for rollover.
-// */
-// // 'x509certNew' => '',
],
'idp' => [
'entityId' => $metadata['EntityDescriptor']['@entityID'],
try {
$auth = new Auth($samlsettings);
-
} catch (Exception $e) {
http_response_code(500);
print_r($e);
file_put_contents($logdir . 'xml.' . $t . '.log', $auth->getLastResponseXML());
} else {
file_put_contents($logdir . 'err.' . $t . '.log', print_r($errors, true) . "\n\n--\n\n" . print_r($auth->getLastErrorReason(), true) . "\n\n--\n\n" . print_r($auth->getLastErrorException(), true));
+ header('Location: ' . $_SESSION['return']);
}
} else {
$auth->login(null, [], true);
}
+} else {
+ header('Location: ' . $_SESSION['return']);
}
projects / fluidbook-hosting.git / commitdiff