require_once __DIR__.'/include/config.inc.php';
$redirect_to = (new CUrl('index.php'))->setArgument('form', 'default');
$request = CSessionHelper::get('request');
CSessionHelper::unset(['request']);
if (hasRequest('request')) {
$request = getRequest('request');
preg_match('/^\/?(?<filename>[a-z0-9_.]+\.php)(\?.*)?$/i', $request, $test_request);
if (!array_key_exists('filename', $test_request) || !file_exists('./'.$test_request['filename'])
|| $test_request['filename'] === basename(__FILE__)) {
$redirect_to->setArgument('request', $request);
CSessionHelper::set('request', $request);
if (CAuthenticationHelper::getPublic(CAuthenticationHelper::SAML_AUTH_ENABLED) == ZBX_AUTH_SAML_DISABLED) {
CSessionHelper::unset(['request']);
redirect($redirect_to->toString());
use OneLogin\Saml2\Utils;
use SCIM\services\Group as ScimGroup;
$SSO += ['SETTINGS' => []];
'SP_KEY' => 'conf/certs/sp.key',
'SP_CERT' => 'conf/certs/sp.crt',
'IDP_CERT' => 'conf/certs/idp.crt'
$certs = array_merge($certs, array_intersect_key($SSO, $certs));
$certs = array_filter($certs, 'is_readable');
$certs = array_map('file_get_contents', $certs);
$certs += array_fill_keys(['SP_KEY', 'SP_CERT', 'IDP_CERT'], '');
$service = API::getApiService('user');
$userdirectoryid = CAuthenticationHelper::getSamlUserdirectoryid();
$provisioning = CProvisioning::forUserDirectoryId($userdirectoryid);
$provisioning_enabled = ($provisioning->isProvisioningEnabled()
&& CAuthenticationHelper::getPublic(CAuthenticationHelper::SAML_JIT_STATUS) == JIT_PROVISIONING_ENABLED
if (array_key_exists('baseurl', $SSO['SETTINGS']) && !is_array($SSO['SETTINGS']['baseurl'])
&& $SSO['SETTINGS']['baseurl'] !== '') {
Utils::setBaseURL((string) $SSO['SETTINGS']['baseurl']);
if (array_key_exists('use_proxy_headers', $SSO['SETTINGS']) && (bool) $SSO['SETTINGS']['use_proxy_headers']) {
Utils::setProxyVars(true);
$baseurl = Utils::getSelfURLNoQuery();
$saml_settings = $provisioning->getIdpConfig();