getRequest(); $idpData = $settings->getIdPData(); if (isset($_GET['sso'])) { $auth->login(); // If AuthNRequest ID need to be saved in order to later validate it, do instead /*$ssoBuiltUrl = $auth->login(null, [], false, false, true); $_SESSION['AuthNRequestID'] = $auth->getLastRequestID(); header('Pragma: no-cache'); header('Cache-Control: no-cache, must-revalidate'); header('Location: ' . $ssoBuiltUrl); exit();*/ } elseif (isset($_GET['slo'])) { /* if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['url'])) { $sloUrl = $idpData['singleLogoutService']['url']; } else { throw new Exception("The IdP does not support Single Log Out"); } if (isset($_SESSION['samlSessionIndex']) && !empty($_SESSION['samlSessionIndex'])) { $logoutRequest = new \OneLogin\Saml2\LogoutRequest($settings, null, $_SESSION['samlSessionIndex']); } else { $logoutRequest = new \OneLogin\Saml2\LogoutRequest($settings); } $samlRequest = $logoutRequest->getRequest(); $parameters = array('SAMLRequest' => $samlRequest); $url = \OneLogin\Saml2\Utils::redirect($sloUrl, $parameters, true); header("Location: $url"); exit;*/ $returnTo = null; $parameters = []; $nameId = Session::read('samlNameId'); $sessionIndex = Session::read('samlSessionIndex'); $nameIdFormat = Session::read('samlNameIdFormat'); $auth->logout($returnTo, $parameters, $nameId, $sessionIndex, false, $nameIdFormat); // If LogoutRequest ID need to be saved in order to later validate it, do instead // $sloBuiltUrl = $auth->logout(null, [], $nameId, $sessionIndex, true); /*$_SESSION['LogoutRequestID'] = $auth->getLastRequestID(); header('Pragma: no-cache'); header('Cache-Control: no-cache, must-revalidate'); header('Location: ' . $sloBuiltUrl); exit();*/ } elseif (isset($_GET['acs'])) { $requestID = Session::read('AuthNRequestID'); $auth->processResponse($requestID); $errors = $auth->getErrors(); if (!empty($errors)) { $content .= '
'.implode(', ', $errors).'
'; } if (!$auth->isAuthenticated()) { api_not_allowed(true, $content.'Not authenticated
'); exit; } $keyCloackUserName = $auth->getNameId(); $userInfo = api_get_user_info_from_username($keyCloackUserName); $attributes = $auth->getAttributes(); $userId = 0; if (!empty($attributes) && empty($userInfo)) { $firstName = ''; if (isset($attributes['FirstName']) && !empty($attributes['FirstName'])) { $firstName = reset($attributes['FirstName']); } $lastName = ''; if (isset($attributes['LastName']) && !empty($attributes['LastName'])) { $lastName = reset($attributes['LastName']); } $email = ''; if (isset($attributes['Email']) && !empty($attributes['Email'])) { $email = reset($attributes['Email']); } if (empty($email)) { api_not_allowed(true); } $userId = UserManager::create_user( $firstName, $lastName, STUDENT, $email, $keyCloackUserName, '', '', '', '', '', 'keycloak' ); if ($userId) { $userInfo = api_get_user_info($userId); } } else { // Only load users that were created using this method. if ($userInfo['auth_source'] === 'keycloak') { $userId = $userInfo['user_id']; } } if (!empty($userId)) { // Set chamilo sessions Session::write('samlUserdata', $auth->getAttributes()); Session::write('samlNameId', $auth->getNameId()); Session::write('samlNameIdFormat', $auth->getNameIdFormat()); Session::write('samlSessionIndex', $auth->getSessionIndex()); Session::erase('AuthNRequestID'); // Filling session variables with new data Session::write('_uid', $userId); Session::write('_user', $userInfo); Session::write('is_platformAdmin', false); Session::write('is_allowedCreateCourse', false); } else { Display::addFlash(Display::return_message(get_lang('InvalidId'))); } /*if (isset($_POST['RelayState']) && \OneLogin\Saml2\Utils::getSelfURL() != $_POST['RelayState']) { $auth->redirectTo($_POST['RelayState']); }*/ header('Location: '.api_get_path(WEB_PATH)); exit; } elseif (isset($_GET['sls'])) { $requestID = Session::read('LogoutRequestID'); $auth->processSLO(false, $requestID); $errors = $auth->getErrors(); if (empty($errors)) { Session::erase('samlNameId'); Session::erase('samlSessionIndex'); Session::erase('samlNameIdFormat'); Session::erase('samlUserdata'); Session::erase('AuthNRequestID'); Session::erase('LogoutRequestID'); Display::addFlash(Display::return_message('Sucessfully logged out')); header('Location: '.api_get_path(WEB_PATH)); exit; } else { api_not_allowed(true, implode(', ', $errors)); } } $template = new Template(''); if (isset($_SESSION['samlUserdata'])) { $attributes = Session::read('samlUserdata'); $params = []; if (!empty($attributes)) { $content .= 'You have the following attributes:Name | Values | '; foreach ($attributes as $attributeName => $attributeValues) { $content .= '
---|---|
'.htmlentities($attributeName).' |
|
You don't have any attribute
"; } $content .= ''; } else { $content .= ''; $content .= ''; } $template->assign('content', $content); $template->display_one_col_template();