ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilShibbolethWAYF.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
32 class ShibWAYF
33 {
34 
35  var $isSelection = false;
36  var $isValidSelection = false;
37  var $selectedIDP = '-';
38  var $IDPList = false;
39 
40  function ShibWAYF()
41  {
42  // Was the WAYF form submitted?
43  if (isset($_POST['home_organization_selection']))
44  {
45  $this->isSelection = true;
46  }
47  else
48  {
49  $this->isSelection = false;
50  }
51 
52  // Was selected IdP a valid
53  $this->IDPList = $this->getIDPList();
54  if (
55  isset($_POST['idp_selection'])
56  && $_POST['idp_selection'] != '-'
57  && isset($this->IDPList[$_POST['idp_selection']])
58  )
59  {
60  $this->isValidSelection = true;
61  $this->selectedIDP = $_POST['idp_selection'];
62  }
63  else
64  {
65  $this->isValidSelection = false;
66  }
67  }
68 
69  // Return true if WAYF form was used
70  function isSelection()
71  {
72 
73  return $this->isSelection;
74  }
75 
76  // Return true if a valid IdP was submitted
77  function isValidSelection()
78  {
79 
80  return $this->isValidSelection;
81 
82  }
83 
84  // Generate select element displayed on login page
85  function generateSelection()
86  {
87  global $ilSetting;
88 
89  // Calculate select element
90 
91  $selectElement = '';
92 
93  if (!$this->IDPList)
94  {
95  $idp_list = $this->getIDPList();
96  }
97  else
98  {
99  $idp_list = $this->IDPList;
100  }
101 
102  $idp_cookie = $this->generateCookieArray($_COOKIE['_saml_idp']);
103 
104  $lng = new ilLanguage($_GET["lang"]);
105 
106  if (count($idp_cookie) > 0 && isset($idp_list[end($idp_cookie)]))
107  {
108  $selectedIDP = end($idp_cookie);
109  $selectElement = '
110  <select name="idp_selection">
111  <option value="-">'.$lng->txt("shib_member_of").'</option>';
112  }
113  else
114  {
115  $selectElement = '
116  <select name="idp_selection">
117  <option value="-" selected="selected">'.$lng->txt("shib_member_of").'</option>';
118  }
119 
120  foreach ($idp_list as $idp_id => $idp_data){
121 
122  if ($idp_id == $selectedIDP)
123  {
124  $selectElement .= '<option value="'.$idp_id.'" selected="selected">'.$idp_data[0].'</option>';
125  }
126  else
127  {
128  $selectElement .= '<option value="'.$idp_id.'">'.$idp_data[0].'</option>';
129  }
130  }
131 
132  $selectElement .= '
133  </select>';
134 
135  return $selectElement;
136  }
137 
138  // Redirects user to the local Shibboleth session initatiotor with
139  // already set GET arguments for the right IdP and return location.
140  function redirect()
141  {
142  if (!$this->IDPList)
143  {
144  $idp_list = $this->getIDPList();
145  }
146  else
147  {
148  $idp_list = $this->IDPList;
149  }
150 
151  // Where to return after the authentication process
152  $target = trim(ILIAS_HTTP_PATH, '/').'/shib_login.php?target='.$_POST["il_target"];
153 
154  $idp_data = $idp_list[$this->selectedIDP];
155  if (isset($idp_data[1]))
156  {
157  ilUtil::redirect($idp_data[1].'?providerId='.urlencode($this->selectedIDP).'&target='.urlencode($target));
158  }
159  else
160  {
161  ilUtil::redirect('/Shibboleth.sso?providerId='.urlencode($this->selectedIDP).'&target='.urlencode($target));
162  }
163 
164  }
165 
166  // Sets the standard SAML domain cookie that is also used to preselect
167  // the right entry on the local wayf
168  function setSAMLCookie()
169  {
170  if (isset($_COOKIE['_saml_idp']))
171  {
172  $IDPArray = $this->generateCookieArray($_COOKIE['_saml_idp']);
173  }
174  else
175  {
176  $IDPArray = array();
177  }
178  $IDPArray = $this->appendCookieValue($this->selectedIDP, $IDPArray);
179  setcookie ('_saml_idp', $this->generateCookieValue($IDPArray), time() + (100*24*3600), '/');
180  }
181 
182  // Show notice in case no IdP was selected
183  function showNotice()
184  {
185  $lng = new ilLanguage($_GET["lang"]);
186 
187  if (!$this->isSelection() or $this->isValidSelection())
188  {
189  return '';
190  }
191  else
192  {
193  return $lng->txt("shib_invalid_home_organization");
194  }
195  }
196 
197  // Generate array of IdPs from ILIAS Shibboleth settings
198  function getIDPList()
199  {
200  global $ilSetting;
201 
202  $idp_list = array();
203 
204  $idp_raw_list = split("\n", $ilSetting->get("shib_idp_list"));
205 
206  foreach ($idp_raw_list as $idp_line){
207  $idp_data = split(',', $idp_line);
208  if (isset($idp_data[2]))
209  {
210  $idp_list[trim($idp_data[0])] = array(trim($idp_data[1]),trim($idp_data[2]));
211  }
212  elseif(isset($idp_data[1]))
213  {
214  $idp_list[trim($idp_data[0])] = array(trim($idp_data[1]));
215  }
216  }
217 
218  return $idp_list;
219  print_r($idp_list);exit;
220  }
221 
222  // Generates an array of IDPs using the cookie value
223  function generateCookieArray($value)
224  {
225 
226  // Decodes and splits cookie value
227  $CookieArray = split(' ', $value);
228  $CookieArray = array_map('base64_decode', $CookieArray);
229 
230  return $CookieArray;
231  }
232 
233  // Generate the value that is stored in the cookie using the list of IDPs
234  function generateCookieValue($CookieArray)
235  {
236 
237  // Merges cookie content and encodes it
238  $CookieArray = array_map('base64_encode', $CookieArray);
239  $value = implode(' ', $CookieArray);
240  return $value;
241  }
242 
243  // Append a value to the array of IDPs
244  function appendCookieValue($value, $CookieArray)
245  {
246 
247  array_push($CookieArray, $value);
248  $CookieArray = array_reverse($CookieArray);
249  $CookieArray = array_unique($CookieArray);
250  $CookieArray = array_reverse($CookieArray);
251 
252  return $CookieArray;
253  }
254 
255 }
256 ?>