From: Vincent Vanwaelscappel Date: Thu, 31 Mar 2022 15:29:03 +0000 (+0200) Subject: wip #5074 @0.5 X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=84a0b94b5e3a161a62ffab71a94f9eace67bd6b9;p=fluidbook-hosting.git wip #5074 @0.5 --- diff --git a/VacheronSSO/_sso.php b/VacheronSSO/_sso.php index 9deec82..557805a 100644 --- a/VacheronSSO/_sso.php +++ b/VacheronSSO/_sso.php @@ -36,71 +36,17 @@ if (isset($_GET['return'])) { $_SESSION['return'] = $_GET['return']; } - if ($needsAuth) { $metadata = getMetadata(); $url = $base; - // put SAML settings into an array to avoid placing files in the - // composer vendor/ directories $samlsettings = [ 'sp' => [ - // Identifier of the SP entity (must be a URI) 'entityId' => $base, - // Specifies info about where and how the message MUST be - // returned to the requester, in this case our SP. 'assertionConsumerService' => array( - // URL Location where the from the IdP will be returned 'url' => $url, - // SAML protocol binding to be used when returning the - // message. Onelogin Toolkit supports for this endpoint the - // HTTP-POST binding only 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', ), -// // If you need to specify requested attributes, set a -// // attributeConsumingService. nameFormat, attributeValue and -// // friendlyName can be omitted. Otherwise remove this section. -// "attributeConsumingService" => array( -// "serviceName" => "SP test", -// "serviceDescription" => "Test Service", -// "requestedAttributes" => array( -// array( -// "name" => "", -// "isRequired" => false, -// "nameFormat" => "", -// "friendlyName" => "", -// "attributeValue" => "" -// ) -// ) -// ), -// // Specifies info about where and how the message MUST be -// // returned to the requester, in this case our SP. -// 'singleLogoutService' => array( -// // URL Location where the from the IdP will be returned -// 'url' => '', -// // SAML protocol binding to be used when returning the -// // message. Onelogin Toolkit supports for this endpoint the -// // HTTP-Redirect binding only -// 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', -// ), -// // Specifies constraints on the name identifier to be used to -// // represent the requested subject. -// // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported -// 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', -// -// // Usually x509cert and privateKey of the SP are provided by files placed at -// // the certs folder. But we can also provide them with the following parameters -// 'x509cert' => '', -// 'privateKey' => '', -// -// /* -// * Key rollover -// * If you plan to update the SP x509cert and privateKey -// * you can define here the new x509cert and it will be -// * published on the SP metadata so Identity Providers can -// * read them and get ready for rollover. -// */ -// // 'x509certNew' => '', ], 'idp' => [ 'entityId' => $metadata['EntityDescriptor']['@entityID'], @@ -112,7 +58,6 @@ if ($needsAuth) { try { $auth = new Auth($samlsettings); - } catch (Exception $e) { http_response_code(500); print_r($e); @@ -135,10 +80,13 @@ if ($needsAuth) { file_put_contents($logdir . 'xml.' . $t . '.log', $auth->getLastResponseXML()); } else { file_put_contents($logdir . 'err.' . $t . '.log', print_r($errors, true) . "\n\n--\n\n" . print_r($auth->getLastErrorReason(), true) . "\n\n--\n\n" . print_r($auth->getLastErrorException(), true)); + header('Location: ' . $_SESSION['return']); } } else { $auth->login(null, [], true); } +} else { + header('Location: ' . $_SESSION['return']); }