PHP SimpleSAML_IdP::getById方法代码示例

 public function actionSso()
 {
     $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
     $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
     \sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
     assert('FALSE');
 }

 public function actionSso()
 {
     //logout previous sso session
     \utilities\Registry::clearRegistry();
     $isRequestPost = $this->_request->isPost();
     if ($isRequestPost) {
         // check if every required parameter is set or not
         $username = $this->_request->getParam('username', null);
         $password = $this->_request->getParam('password', null);
         $referrer = $this->_request->getParam('spentityid', null);
         if (!$username) {
             $this->_response->renderJson(array('message' => 'Username is not set'));
         }
         if (!$password) {
             $this->_response->renderJson(array('message' => 'Password is not set'));
         }
         if (!$referrer) {
             $this->_response->renderJson(array('message' => 'Referrer not set'));
         }
         $objDbUserauth = new \models\Users();
         // check if user is authenticated or not
         $userAuthenticationStatus = $objDbUserauth->authenticate($username, $password);
         // user locked due to 5 invalid attempts
         if (\models\Users::ERROR_USER_LOCKED === $userAuthenticationStatus) {
             $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => $userAuthenticationStatus));
         }
         //user password is expired
         if (\models\Users::ERROR_USER_PWD_EXPIRED === $userAuthenticationStatus) {
             $this->_response->renderJson(array('message' => 'Your password is expired', 'authstatus' => $userAuthenticationStatus));
         }
         //user authentication is successfull
         if ($userAuthenticationStatus === true) {
             $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
             $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
             $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
             \sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
             assert('FALSE');
         } else {
             //handle invalid attempts
             $objInvalidAttempts = new \models\UserLoginAttempts();
             $loginAttemptsLeft = $objInvalidAttempts->handleInvalidLoginAttempts($username);
             $invalidAttempt = false;
             // if attempt is invalid username is wrong
             $message = "Invalid credentials";
             if ($loginAttemptsLeft !== false) {
                 // if last attempt was hit then show that account is locked
                 if ($loginAttemptsLeft === 0) {
                     $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => \models\Users::ERROR_USER_LOCKED));
                 }
                 $invalidAttempt = true;
                 $message = "Incorrect Password.You have {$loginAttemptsLeft} attempts left";
             }
             $this->_response->renderJson(array('message' => $message, 'invalidAttempt' => $invalidAttempt));
             exit;
         }
     }
     $this->_response->renderJson(array('message' => 'Only post request are accepted'));
 }

<?php

/**
 * This SAML 2.0 endpoint can receive incoming LogoutRequests. It will also send LogoutResponses,
 * and LogoutRequests and also receive LogoutResponses. It is implemeting SLO at the SAML 2.0 IdP.
 *
 * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
 * @package SimpleSAMLphp
 */
require_once '../../_include.php';
SimpleSAML\Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService');
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
if (isset($_REQUEST['ReturnTo'])) {
    $idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed((string) $_REQUEST['ReturnTo']));
} else {
    try {
        sspmod_saml_IdP_SAML2::receiveLogoutMessage($idp);
    } catch (Exception $e) {
        // TODO: look for a specific exception
        /*
         * This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should
         * throw an specific exception when the binding is unknown, and we should capture that here
         */
        if ($e->getMessage() === 'Unable to find the current binding.') {
            throw new SimpleSAML_Error_Error('SLOSERVICEPARAMS', $e, 400);
        } else {
            throw $e;
            // do not ignore other exceptions!
        }

<?php

/**
 * ADFS PRP IDP protocol support for simpleSAMLphp.
 *
 * @author Hans Zandbelt, SURFnet bv, <hans.zandbelt@surfnet.nl>
 * @package simpleSAMLphp
 */
SimpleSAML_Logger::info('ADFS - IdP.prp: Accessing ADFS IdP endpoint prp');
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('adfs-idp-hosted');
$idp = SimpleSAML_IdP::getById('adfs:' . $idpEntityId);
if (isset($_GET['wa'])) {
    if ($_GET['wa'] === 'wsignout1.0') {
        sspmod_adfs_IdP_ADFS::receiveLogoutMessage($idp);
    } else {
        if ($_GET['wa'] === 'wsignin1.0') {
            sspmod_adfs_IdP_ADFS::receiveAuthnRequest($idp);
        }
    }
    assert('FALSE');
} elseif (isset($_GET['assocId'])) {
    // logout response from ADFS SP
    $assocId = $_GET['assocId'];
    /* Association ID of the SP that sent the logout response. */
    $relayState = $_GET['relayState'];
    /* Data that was sent in the logout request to the SP. Can be null. */
    $logoutError = NULL;
    /* NULL on success, or an instance of a SimpleSAML_Error_Exception on failure. */
    $idp->handleLogoutResponse($assocId, $relayState, $logoutError);
}

 /**
  * Get a list of associated SAML 2 SPs.
  *
  * This function is just for backwards-compatibility. New code should
  * use the SimpleSAML_IdP::getAssociations()-function.
  *
  * @return array  Array of SAML 2 entityIDs.
  * @deprecated  Will be removed in the future.
  */
 public function get_sp_list()
 {
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     try {
         $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
         $idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
     } catch (Exception $e) {
         /* No SAML 2 IdP configured? */
         return array();
     }
     $ret = array();
     foreach ($idp->getAssociations() as $assoc) {
         if (isset($assoc['saml:entityID'])) {
             $ret[] = $assoc['saml:entityID'];
         }
     }
     return $ret;
 }

 * @author Jaime Pérez Crespo, UNINETT AS <jaime.perez@uninett.no>
 *
 * @package SimpleSAMLphp
 */
// retrieve the authentication state
if (!array_key_exists('AuthState', $_REQUEST)) {
    throw new SimpleSAML_Error_BadRequest('Missing mandatory parameter: AuthState');
}
try {
    // try to get the state
    $state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], 'saml:proxy:invalid_idp');
} catch (Exception $e) {
    // the user probably hit the back button after starting the logout, try to recover the state with another stage
    $state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], 'core:Logout:afterbridge');
    // success! Try to continue with reauthentication, since we no longer have a valid session here
    $idp = SimpleSAML_IdP::getById($state['core:IdP']);
    sspmod_saml_Auth_Source_SP::reauthPostLogout($idp, $state);
}
if (isset($_POST['cancel'])) {
    // the user does not want to logout, cancel login
    SimpleSAML_Auth_State::throwException($state, new \SimpleSAML\Module\saml\Error\NoAvailableIDP(\SAML2\Constants::STATUS_RESPONDER, 'User refused to reauthenticate with any of the IdPs requested.'));
}
if (isset($_POST['continue'])) {
    // log the user out before being able to login again
    $as = SimpleSAML_Auth_Source::getById($state['saml:sp:AuthId'], 'sspmod_saml_Auth_Source_SP');
    /** @var sspmod_saml_Auth_Source_SP $as */
    $as->reauthLogout($state);
}
$cfg = SimpleSAML_Configuration::getInstance();
$template = new SimpleSAML_XHTML_Template($cfg, 'saml:proxy/invalid_session.php');
$translator = $template->getTranslator();

<?php

if (!isset($_REQUEST['idp'])) {
    throw new SimpleSAML_Error_BadRequest('Missing "idp" parameter.');
}
$idp = (string) $_REQUEST['idp'];
$idp = SimpleSAML_IdP::getById($idp);
if (!isset($_REQUEST['association'])) {
    throw new SimpleSAML_Error_BadRequest('Missing "association" parameter.');
}
$assocId = urldecode($_REQUEST['association']);
$relayState = NULL;
if (isset($_REQUEST['RelayState'])) {
    $relayState = (string) $_REQUEST['RelayState'];
}
$associations = $idp->getAssociations();
if (!isset($associations[$assocId])) {
    throw new SimpleSAML_Error_BadRequest('Invalid association id.');
}
$association = $associations[$assocId];
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote');
$lr = sspmod_saml_Message::buildLogoutRequest($idpMetadata, $spMetadata);
$lr->setSessionIndex($association['saml:SessionIndex']);
$lr->setNameId($association['saml:NameID']);
$assertionLifetime = $spMetadata->getInteger('assertion.lifetime', NULL);
if ($assertionLifetime === NULL) {
    $assertionLifetime = $idpMetadata->getInteger('assertion.lifetime', 300);
}
$lr->setNotOnOrAfter(time() + $assertionLifetime);