This repository was archived by the owner on Nov 14, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 83
Expand file tree
/
Copy pathSaml2Controller.php
More file actions
144 lines (122 loc) · 3.64 KB
/
Saml2Controller.php
File metadata and controls
144 lines (122 loc) · 3.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
<?php
namespace Slides\Saml2\Http\Controllers;
use Slides\Saml2\Events\SignedIn;
use Slides\Saml2\Auth;
use Illuminate\Routing\Controller;
use Illuminate\Http\Request;
use OneLogin\Saml2\Error as OneLoginError;
/**
* Class Saml2Controller
*
* @package Slides\Saml2\Http\Controllers
*/
class Saml2Controller extends Controller
{
/**
* Render the metadata.
*
* @param Auth $auth
*
* @return \Illuminate\Support\Facades\Response
*
* @throws OneLoginError
*/
public function metadata(Auth $auth)
{
$metadata = $auth->getMetadata();
return response($metadata, 200, ['Content-Type' => 'text/xml']);
}
/**
* Process the SAML Response sent by the IdP.
*
* Fires "SignedIn" event if a valid user is found.
*
* @param Auth $auth
*
* @return \Illuminate\Support\Facades\Redirect
*
* @throws OneLoginError
* @throws \OneLogin\Saml2\ValidationError
*/
public function acs(Auth $auth)
{
$errors = $auth->acs();
if (!empty($errors)) {
$error = $auth->getLastErrorReason();
$uuid = $auth->getTenant()->uuid;
logger()->error('saml2.error_detail', compact('uuid', 'error'));
session()->flash('saml2.error_detail', [$error]);
logger()->error('saml2.error', $errors);
session()->flash('saml2.error', $errors);
return redirect(config('saml2.errorRoute'));
}
$user = $auth->getSaml2User();
event(new SignedIn($user, $auth));
$redirectUrl = $user->getIntendedUrl();
if ($redirectUrl) {
return redirect($redirectUrl);
}
return redirect($auth->getTenant()->relay_state_url ?: config('saml2.loginRoute'));
}
/**
* Process the SAML Logout Response / Logout Request sent by the IdP.
*
* Fires 'saml2.logoutRequestReceived' event if its valid.
*
* This means the user logged out of the SSO infrastructure, you 'should' log him out locally too.
*
* @param Auth $auth
*
* @return \Illuminate\Support\Facades\Redirect
*
* @throws OneLoginError
* @throws \Exception
*/
public function sls(Auth $auth)
{
$errors = $auth->sls(config('saml2.retrieveParametersFromServer'));
if (!empty($errors)) {
$error = $auth->getLastErrorReason();
$uuid = $auth->getTenant()->uuid;
logger()->error('saml2.error_detail', compact('uuid', 'error'));
session()->flash('saml2.error_detail', [$error]);
logger()->error('saml2.error', $errors);
session()->flash('saml2.error', $errors);
return redirect(config('saml2.errorRoute'));
}
return redirect(config('saml2.logoutRoute')); //may be set a configurable default
}
/**
* Initiate a login request.
*
* @param Illuminate\Http\Request $request
* @param Auth $auth
*
* @return void
*
* @throws OneLoginError
*/
public function login(Request $request, Auth $auth)
{
$redirectUrl = $auth->getTenant()->relay_state_url ?: config('saml2.loginRoute');
$auth->login($request->query('returnTo', $redirectUrl));
}
/**
* Initiate a logout request.
*
* @param Illuminate\Http\Request $request
* @param Auth $auth
*
* @return void
*
* @throws OneLoginError
*/
public function logout(Request $request, Auth $auth)
{
$auth->logout(
$request->query('returnTo'),
$request->query('nameId'),
$request->query('sessionIndex')
);
}
}