'.implode(', ', $errors).'
')); } if (!$auth->isAuthenticated()) { return array('msg' => 'SAML sign in', 'body' => 'Not authenticated
'); } $attrs = $auth->getAttributes(); $_SESSION['samlUserdata'] = $attrs; $_SESSION['samlNameId'] = $auth->getNameId(); $_SESSION['samlSessionIndex'] = $auth->getSessionIndex(); if (isset($attrs[PLUGIN_SAML_AUTHUSER_ID_ATTR][0])) { // PukiWiki ExternalAuth requirement $_SESSION['authenticated_user'] = $attrs[PLUGIN_SAML_AUTHUSER_ID_ATTR][0]; } else { $_SESSION['authenticated_user'] = $auth->getNameId(); } if (isset($attrs[PLUGIN_SAML_AUTHUSER_DISPLAYNAME_ATTR][0])) { // PukiWiki ExternalAuth requirement $_SESSION['authenticated_user_fullname'] = $attrs[PLUGIN_SAML_AUTHUSER_DISPLAYNAME_ATTR][0]; } if (isset($_POST['RelayState']) && OneLogin\Saml2\Utils::getSelfURL() != $_POST['RelayState']) { $auth->redirectTo($_POST['RelayState']); } return array('msg' => 'SAML sign in', 'body' => 'SAML Sined in. but no redirection'); } else if (isset($vars['sls'])) { // sls: Sign out endpoint after IdP // onelone/php-saml only supports Redirect SingleLogout $is_post = $_SERVER['REQUEST_METHOD'] === 'POST'; if ($is_post) { session_destroy(); $_SESSION = array(); } else { $auth->processSLO(); $errors = $auth->getErrors(); $msg = ''; if (empty($errors)) { $msg .= 'Sucessfully logged out
'; } else { $msg .= ''.implode(', ', $errors).'
'; } } return array('msg' => 'SAML sign out', 'body' => 'SAML Sined out. ' . $msg); } else if (isset($vars['metadata'])) { // metadata: SP metadata endpoint try { $auth = new OneLogin\Saml2\Auth($settingsInfo); $settings = $auth->getSettings(); $metadata = $settings->getSPMetadata(); $errors = $settings->validateMetadata($metadata); if (empty($errors)) { header('Content-Type: text/xml'); echo $metadata; } else { throw new OneLogin\Saml2\Error( 'Invalid SP metadata: '.implode(', ', $errors), OneLogin\Saml2\Error::METADATA_SP_INVALID ); } } catch (Exception $e) { echo $e->getMessage(); } exit; } return array('msg' => 'Error', 'body' => 'SAML Invalid state srror'); }