<?php

/**
 * WARNING:
 *
 * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
 *
 * @deprecated
 */

require_once('../../_include.php');

$config = SimpleSAML_Configuration::getInstance();

SimpleSAML_Logger::warning('The file shib13/sp/AssertionConsumerService.php is deprecated and will be removed in future versions.');

$session = SimpleSAML_Session::getSessionFromRequest();


/**
 * Finish login operation.
 *
 * This helper function finishes a login operation and redirects the user back to the page which
 * requested the login.
 *
 * @param array $authProcState  The state of the authentication process.
 */
function finishLogin($authProcState) {
	assert('is_array($authProcState)');
	assert('array_key_exists("Attributes", $authProcState)');
	assert('array_key_exists("core:shib13-sp:NameID", $authProcState)');
	assert('array_key_exists("core:shib13-sp:SessionIndex", $authProcState)');
	assert('array_key_exists("core:shib13-sp:TargetURL", $authProcState)');
	assert('array_key_exists("Source", $authProcState)');
	assert('array_key_exists("entityid", $authProcState["Source"])');

	$authData = array(
		'Attributes' => $authProcState['Attributes'],
		'saml:sp:NameID' => $authProcState['core:shib13-sp:NameID'],
		'saml:sp:SessionIndex' => $authProcState['core:shib13-sp:SessionIndex'],
		'saml:sp:IdP' => $authProcState['Source']['entityid'],
	);

	global $session;
	$session->doLogin('shib13', $authData);

	SimpleSAML_Utilities::redirectTrustedURL($authProcState['core:shib13-sp:TargetURL']);
}


SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Accessing Shibboleth 1.3 SP endpoint AssertionConsumerService');

if (!$config->getBoolean('enable.shib13-sp', false))
	throw new SimpleSAML_Error_Error('NOACCESS');

if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
	/* We have returned from the authentication processing filters. */

	$authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];

	// sanitize the input
	$sid = SimpleSAML_Utilities::parseStateID($authProcId);
	if (!is_null($sid['url'])) {
		SimpleSAML_Utilities::checkURLAllowed($sid['url']);
	}

	$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
	finishLogin($authProcState);
}

if (empty($_POST['SAMLResponse'])) 
	throw new SimpleSAML_Error_Error('ACSPARAMS', $exception);

try {

	$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();

	$binding = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
	$authnResponse = $binding->decodeResponse($_POST);

	$authnResponse->validate();

	/* Successfully authenticated. */

	$idpmetadata = $metadata->getMetadata($authnResponse->getIssuer(), 'shib13-idp-remote');

	SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Successful authentication to IdP ' . $idpmetadata['entityid']);


	SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $idpmetadata['entityid'] . ' NA');


	$relayState = $authnResponse->getRelayState();
	if (!isset($relayState)) {
		throw new SimpleSAML_Error_Error('NORELAYSTATE');
	}

	$spmetadata = $metadata->getMetaData(NULL, 'shib13-sp-hosted');

	/* Begin module attribute processing */
	$pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'sp');

	$authProcState = array(
		'core:shib13-sp:NameID' => $authnResponse->getNameID(),
		'core:shib13-sp:SessionIndex' => $authnResponse->getSessionIndex(),
		'core:shib13-sp:TargetURL' => SimpleSAML_Utilities::checkURLAllowed($relayState),
		'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(),
		'Attributes' => $authnResponse->getAttributes(),
		'Destination' => $spmetadata,
		'Source' => $idpmetadata,
		);

	$pc->processState($authProcState);
	/* Since this function returns, processing has completed and attributes have
	 * been updated.
	 */

	finishLogin($authProcState);

} catch(Exception $exception) {
	throw new SimpleSAML_Error_Error('GENERATEAUTHNRESPONSE', $exception);
}


?>