ILIAS Release_3_7_x_branch .rev 46817: classes/class.ilShibbolethWAYF.php Source File

Go to the documentation of this file.
00001 <?php
00002 /*
00003         +-----------------------------------------------------------------------------+
00004         | ILIAS open source                                                           |
00005         +-----------------------------------------------------------------------------+
00006         | Copyright (c) 1998-2001 ILIAS open source, University of Cologne            |
00007         |                                                                             |
00008         | This program is free software; you can redistribute it and/or               |
00009         | modify it under the terms of the GNU General Public License                 |
00010         | as published by the Free Software Foundation; either version 2              |
00011         | of the License, or (at your option) any later version.                      |
00012         |                                                                             |
00013         | This program is distributed in the hope that it will be useful,             |
00014         | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
00015         | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
00016         | GNU General Public License for more details.                                |
00017         |                                                                             |
00018         | You should have received a copy of the GNU General Public License           |
00019         | along with this program; if not, write to the Free Software                 |
00020         | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
00021         +-----------------------------------------------------------------------------+
00022 */
00023 
00032 class ShibWAYF
00033 {
00034         
00035         var $isSelection = false;
00036         var $isValidSelection = false;
00037         var $selectedIDP = '-';
00038         var $IDPList = false;
00039         
00040         function ShibWAYF()
00041         {
00042                 // Was the WAYF form submitted?
00043                 if (isset($_POST['home_organization_selection']))
00044                 {
00045                         $this->isSelection = true;
00046                 }
00047                 else
00048                 {
00049                         $this->isSelection = false;
00050                 }
00051                 
00052                 // Was selected IdP a valid
00053                 $this->IDPList = $this->getIDPList();
00054                 if (
00055                         isset($_POST['idp_selection'])
00056                         && $_POST['idp_selection'] != '-'
00057                         && isset($this->IDPList[$_POST['idp_selection']])
00058                         )
00059                 {
00060                         $this->isValidSelection = true;
00061                         $this->selectedIDP = $_POST['idp_selection'];
00062                 }
00063                 else
00064                 {
00065                         $this->isValidSelection = false;
00066                 }
00067         }
00068         
00069         // Return true if WAYF form was used
00070         function isSelection()
00071         {
00072                 
00073                 return $this->isSelection;
00074         }
00075         
00076         // Return true if a valid IdP was submitted
00077         function isValidSelection()
00078         {
00079                 
00080                 return $this->isValidSelection;
00081                 
00082         }
00083         
00084         // Generate select element displayed on login page
00085         function generateSelection()
00086         {
00087                 global $ilSetting;
00088                 
00089                 // Calculate select element
00090                 
00091                 $selectElement = '';
00092                 
00093                 if (!$this->IDPList)
00094                 {
00095                         $idp_list = $this->getIDPList();
00096                 }
00097                 else
00098                 {
00099                         $idp_list = $this->IDPList;
00100                 }
00101                 
00102                 $idp_cookie = $this->generateCookieArray($_COOKIE['_saml_idp']);
00103                 
00104                 $lng = new ilLanguage($_GET["lang"]);
00105                 
00106                 if (count($idp_cookie) > 0 && isset($idp_list[end($idp_cookie)]))
00107                 {
00108                         $selectedIDP = end($idp_cookie);
00109                         $selectElement = '
00110                 <select name="idp_selection">
00111                         <option value="-">'.$lng->txt("shib_member_of").'</option>';
00112                 }
00113                 else
00114                 {
00115                         $selectElement = '
00116                 <select name="idp_selection">
00117                         <option value="-" selected="selected">'.$lng->txt("shib_member_of").'</option>';
00118                 }
00119                 
00120                 foreach ($idp_list as $idp_id => $idp_data){
00121                         
00122                         if ($idp_id == $selectedIDP)
00123                         {
00124                                 $selectElement .= '<option value="'.$idp_id.'" selected="selected">'.$idp_data[0].'</option>';
00125                         }
00126                         else
00127                         {
00128                                 $selectElement .= '<option value="'.$idp_id.'">'.$idp_data[0].'</option>';
00129                         }
00130                 }
00131                 
00132                 $selectElement .= '
00133                 </select>';
00134                 
00135                 return $selectElement;
00136         }
00137         
00138         // Redirects user to the local Shibboleth session initatiotor with
00139         // already set GET arguments for the right IdP and return location.
00140         function redirect()
00141         {
00142                 if (!$this->IDPList)
00143                 {
00144                         $idp_list = $this->getIDPList();
00145                 }
00146                 else
00147                 {
00148                         $idp_list = $this->IDPList;
00149                 }
00150                 
00151                 // Where to return after the authentication process
00152                 $target = trim(ILIAS_HTTP_PATH, '/').'/shib_login.php';
00153                 
00154                 $idp_data = $idp_list[$this->selectedIDP];
00155                 if (isset($idp_data[1]))
00156                 {
00157                         ilUtil::redirect($idp_data[1].'?providerId='.urlencode($this->selectedIDP).'&target='.urlencode($target));
00158                 }
00159                 else
00160                 {
00161                         ilUtil::redirect('/Shibboleth.sso?providerId='.urlencode($this->selectedIDP).'&target='.urlencode($target));
00162                 }
00163                 
00164         }
00165         
00166         // Sets the standard SAML domain cookie that is also used to preselect
00167         // the right entry on the local wayf
00168         function setSAMLCookie()
00169         {
00170                 if (isset($_COOKIE['_saml_idp']))
00171                 {
00172                         $IDPArray = $this->generateCookieArray($_COOKIE['_saml_idp']);
00173                 }
00174                 else
00175                 {
00176                         $IDPArray = array();
00177                 }
00178                 $IDPArray = $this->appendCookieValue($this->selectedIDP, $IDPArray);
00179                 setcookie ('_saml_idp', $this->generateCookieValue($IDPArray), time() + (100*24*3600), '/');
00180         }
00181         
00182         // Show notice in case no IdP was selected
00183         function showNotice()
00184         {
00185                 $lng = new ilLanguage($_GET["lang"]);
00186                 
00187                 if (!$this->isSelection() or $this->isValidSelection())
00188                 {
00189                         return '';
00190                 }
00191                 else
00192                 {
00193                         return $lng->txt("shib_invalid_home_organization");
00194                 }
00195         }
00196         
00197         // Generate array of IdPs from ILIAS Shibboleth settings
00198         function getIDPList()
00199         {
00200                 global $ilSetting;
00201                 
00202                 $idp_list = array();
00203                 
00204                 $idp_raw_list = split("\n", $ilSetting->get("shib_idp_list"));
00205                 
00206                 foreach ($idp_raw_list as $idp_line){
00207                         $idp_data = split(',', $idp_line);
00208                         if (isset($idp_data[2]))
00209                         {
00210                                 $idp_list[trim($idp_data[0])] = array(trim($idp_data[1]),trim($idp_data[2])); 
00211                         }
00212                         elseif(isset($idp_data[1]))
00213                         {
00214                                 $idp_list[trim($idp_data[0])] = array(trim($idp_data[1]));
00215                         }
00216                 }
00217                 
00218                 return $idp_list;
00219                 print_r($idp_list);exit;
00220         }
00221         
00222         // Generates an array of IDPs using the cookie value
00223         function generateCookieArray($value)
00224         {
00225                 
00226                 // Decodes and splits cookie value
00227                 $CookieArray = split(' ', $value);
00228                 $CookieArray = array_map('base64_decode', $CookieArray);
00229                 
00230                 return $CookieArray;
00231         }
00232         
00233         // Generate the value that is stored in the cookie using the list of IDPs
00234         function generateCookieValue($CookieArray)
00235         {
00236         
00237                 // Merges cookie content and encodes it
00238                 $CookieArray = array_map('base64_encode', $CookieArray);
00239                 $value = implode(' ', $CookieArray);
00240                 return $value;
00241         }
00242         
00243         // Append a value to the array of IDPs
00244         function appendCookieValue($value, $CookieArray)
00245         {
00246                 
00247                 array_push($CookieArray, $value);
00248                 $CookieArray = array_reverse($CookieArray);
00249                 $CookieArray = array_unique($CookieArray);
00250                 $CookieArray = array_reverse($CookieArray);
00251                 
00252                 return $CookieArray;
00253         }
00254         
00255 }
00256 ?>