ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilShibbolethWAYF.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
32 class ShibWAYF
33 {
34 
35  var $isSelection = false;
36  var $isValidSelection = false;
37  var $selectedIDP = '-';
38  var $IDPList = false;
39 
40  function ShibWAYF()
41  {
42  // Was the WAYF form submitted?
43  if (isset($_POST['home_organization_selection']))
44  {
45  $this->isSelection = true;
46  }
47  else
48  {
49  $this->isSelection = false;
50  }
51 
52  // Was selected IdP a valid
53  $this->IDPList = $this->getIDPList();
54  if (
55  isset($_POST['idp_selection'])
56  && $_POST['idp_selection'] != '-'
57  && isset($this->IDPList[$_POST['idp_selection']])
58  )
59  {
60  $this->isValidSelection = true;
61  $this->selectedIDP = $_POST['idp_selection'];
62  }
63  else
64  {
65  $this->isValidSelection = false;
66  }
67  }
68 
69  // Return true if WAYF form was used
70  function isSelection()
71  {
72 
73  return $this->isSelection;
74  }
75 
76  // Return true if a valid IdP was submitted
77  function isValidSelection()
78  {
79 
80  return $this->isValidSelection;
81 
82  }
83 
84  // Generate select element displayed on login page
85  function generateSelection()
86  {
87  global $ilSetting;
88 
89  // Calculate select element
90 
91  $selectElement = '';
92 
93  if (!$this->IDPList)
94  {
95  $idp_list = $this->getIDPList();
96  }
97  else
98  {
99  $idp_list = $this->IDPList;
100  }
101 
102  $idp_cookie = $this->generateCookieArray($_COOKIE['_saml_idp']);
103 
104  $lng = new ilLanguage($_GET["lang"]);
105 
106  if (count($idp_cookie) > 0 && isset($idp_list[end($idp_cookie)]))
107  {
108  $selectedIDP = end($idp_cookie);
109  $selectElement = '
110  <select name="idp_selection">
111  <option value="-">'.$lng->txt("shib_member_of").'</option>';
112  }
113  else
114  {
115  $selectElement = '
116  <select name="idp_selection">
117  <option value="-" selected="selected">'.$lng->txt("shib_member_of").'</option>';
118  }
119 
120  foreach ($idp_list as $idp_id => $idp_data){
121 
122  if ($idp_id == $selectedIDP)
123  {
124  $selectElement .= '<option value="'.$idp_id.'" selected="selected">'.$idp_data[0].'</option>';
125  }
126  else
127  {
128  $selectElement .= '<option value="'.$idp_id.'">'.$idp_data[0].'</option>';
129  }
130  }
131 
132  $selectElement .= '
133  </select>';
134 
135  return $selectElement;
136  }
137 
138  // Redirects user to the local Shibboleth session initatiotor with
139  // already set GET arguments for the right IdP and return location.
140  function redirect()
141  {
142  if (!$this->IDPList)
143  {
144  $idp_list = $this->getIDPList();
145  }
146  else
147  {
148  $idp_list = $this->IDPList;
149  }
150 
151  // Where to return after the authentication process
152  $target = trim(ILIAS_HTTP_PATH, '/').'/shib_login.php?target='.$_POST["il_target"];
153 
154  $idp_data = $idp_list[$this->selectedIDP];
155  if (isset($idp_data[1]))
156  {
157  ilUtil::redirect($idp_data[1].'?providerId='.urlencode($this->selectedIDP).'&target='.urlencode($target));
158  }
159  else
160  {
161  // TODO: This has to be changed to /Shibboleth.sso/DS?entityId= for
162  // Shibbolet 2.x sometime...
163  ilUtil::redirect('/Shibboleth.sso?providerId='.urlencode($this->selectedIDP).'&target='.urlencode($target));
164  }
165 
166  }
167 
168  // Sets the standard SAML domain cookie that is also used to preselect
169  // the right entry on the local wayf
170  function setSAMLCookie()
171  {
172  if (isset($_COOKIE['_saml_idp']))
173  {
174  $IDPArray = $this->generateCookieArray($_COOKIE['_saml_idp']);
175  }
176  else
177  {
178  $IDPArray = array();
179  }
180  $IDPArray = $this->appendCookieValue($this->selectedIDP, $IDPArray);
181  setcookie ('_saml_idp', $this->generateCookieValue($IDPArray), time() + (100*24*3600), '/');
182  }
183 
184  // Show notice in case no IdP was selected
185  function showNotice()
186  {
187  $lng = new ilLanguage($_GET["lang"]);
188 
189  if (!$this->isSelection() or $this->isValidSelection())
190  {
191  return '';
192  }
193  else
194  {
195  return $lng->txt("shib_invalid_home_organization");
196  }
197  }
198 
199  // Generate array of IdPs from ILIAS Shibboleth settings
200  function getIDPList()
201  {
202  global $ilSetting;
203 
204  $idp_list = array();
205 
206  $idp_raw_list = split("\n", $ilSetting->get("shib_idp_list"));
207 
208  foreach ($idp_raw_list as $idp_line){
209  $idp_data = split(',', $idp_line);
210  if (isset($idp_data[2]))
211  {
212  $idp_list[trim($idp_data[0])] = array(trim($idp_data[1]),trim($idp_data[2]));
213  }
214  elseif(isset($idp_data[1]))
215  {
216  $idp_list[trim($idp_data[0])] = array(trim($idp_data[1]));
217  }
218  }
219 
220  return $idp_list;
221  print_r($idp_list);exit;
222  }
223 
224  // Generates an array of IDPs using the cookie value
225  function generateCookieArray($value)
226  {
227 
228  // Decodes and splits cookie value
229  $CookieArray = split(' ', $value);
230  $CookieArray = array_map('base64_decode', $CookieArray);
231 
232  return $CookieArray;
233  }
234 
235  // Generate the value that is stored in the cookie using the list of IDPs
236  function generateCookieValue($CookieArray)
237  {
238 
239  // Merges cookie content and encodes it
240  $CookieArray = array_map('base64_encode', $CookieArray);
241  $value = implode(' ', $CookieArray);
242  return $value;
243  }
244 
245  // Append a value to the array of IDPs
246  function appendCookieValue($value, $CookieArray)
247  {
248 
249  array_push($CookieArray, $value);
250  $CookieArray = array_reverse($CookieArray);
251  $CookieArray = array_unique($CookieArray);
252  $CookieArray = array_reverse($CookieArray);
253 
254  return $CookieArray;
255  }
256 
257 }
258 ?>