allow IDP to initiate login

if the user starts the login process on the IDP, we always assume that
the first configured IDP is used (this doesn't work for multiple IDP's
for now) and tries to login the user.

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Björn Schiessle 2019-01-16 16:51:01 +01:00
parent 577f612267
commit d468228769
No known key found for this signature in database
GPG Key ID: 2378A753E2BF04F6
1 changed files with 8 additions and 2 deletions

View File

@ -243,11 +243,17 @@ class SAMLController extends Controller {
public function assertionConsumerService() {
$AuthNRequestID = $this->session->get('user_saml.AuthNRequestID');
$idp = $this->session->get('user_saml.Idp');
$idp = $idp === null ? 1 : $idp;
$auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp));
if(is_null($AuthNRequestID) || $AuthNRequestID === '' || is_null($idp)) {
return;
$auth->login(null, [], false, false, true);
$this->session->set('user_saml.AuthNRequestID', $auth->getLastRequestID());
$this->session->set('user_saml.OriginalUrl', $this->request->getParam('originalUrl', ''));
$this->session->set('user_saml.Idp', $idp);
$AuthNRequestID = $this->session->get('user_saml.AuthNRequestID');
}
$auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp));
$auth->processResponse($AuthNRequestID);
$this->logger->debug('Attributes send by the IDP: ' . json_encode($auth->getAttributes()));