ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilShibbolethWAYF.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
34 class ShibWAYF {
35 
39  public $is_selection = false;
43  public $is_valid_selection = false;
47  public $selected_idp = '-';
51  public $idp_list = false;
52 
53 
54  public function __construct() {
55  // Was the WAYF form submitted?
56  if (isset($_POST['home_organization_selection'])) {
57  $this->is_selection = true;
58  } else {
59  $this->is_selection = false;
60  }
61  // Was selected IdP a valid
62  $this->idp_list = $this->getIdplist();
63  if (isset($_POST['idp_selection']) AND
64  $_POST['idp_selection'] != '-' AND isset($this->idp_list[$_POST['idp_selection']])
65  ) {
66  $this->is_valid_selection = true;
67  $this->selected_idp = $_POST['idp_selection'];
68  } else {
69  $this->is_valid_selection = false;
70  }
71  }
72 
73 
77  public function is_selection() {
78  return $this->isSelection();
79  }
80 
81 
85  public function isSelection() {
86  return $this->is_selection;
87  }
88 
89 
93  public function is_valid_selection() {
94  return $this->isValidSelection();
95  }
96 
97 
101  public function isValidSelection() {
102  return $this->is_valid_selection;
103  }
104 
105 
109  public function generateSelection() {
110  if (! $this->idp_list) {
111  $arr_idp_list = $this->getIdplist();
112  } else {
113  $arr_idp_list = $this->idp_list;
114  }
115  $idp_cookie = $this->generateCookieArray($_COOKIE['_saml_idp']);
116  $lng = new ilLanguage($_GET["lang"]);
117  if (count($idp_cookie) > 0 AND isset($arr_idp_list[end($idp_cookie)])) {
118  $selectedIDP = end($idp_cookie);
119  $selectElement = '
120  <select name="idp_selection">
121  <option value="-">' . $lng->txt("shib_member_of") . '</option>';
122  } else {
123  $selectElement = '
124  <select name="idp_selection">
125  <option value="-" selected="selected">' . $lng->txt("shib_member_of") . '</option>';
126  }
127  foreach ($arr_idp_list as $idp_id => $idp_data) {
128  if ($idp_id == $selectedIDP) {
129  $selectElement .= '<option value="' . $idp_id . '" selected="selected">' . $idp_data[0] . '</option>';
130  } else {
131  $selectElement .= '<option value="' . $idp_id . '">' . $idp_data[0] . '</option>';
132  }
133  }
134  $selectElement .= '
135  </select>';
136 
137  return $selectElement;
138  }
139 
140 
144  public function redirect() {
145  if (! $this->idp_list) {
146  $arr_idp_list = $this->getIdplist();
147  } else {
148  $arr_idp_list = $this->idp_list;
149  }
150  // Where to return after the authentication process
151  $target = trim(ILIAS_HTTP_PATH, '/') . '/shib_login.php?target=' . $_POST["il_target"];
152  $idp_data = $arr_idp_list[$this->selected_idp];
153  if (isset($idp_data[1])) {
154  ilUtil::redirect($idp_data[1] . '?providerId=' . urlencode($this->selected_idp) . '&target='
155  . urlencode($target));
156  } else {
157  // TODO: This has to be changed to /Shibboleth.sso/DS?entityId= for
158  // Shibbolet 2.x sometime...
159  ilUtil::redirect('/Shibboleth.sso?providerId=' . urlencode($this->selected_idp) . '&target='
160  . urlencode($target));
161  }
162  }
163 
164 
168  public function setSAMLCookie() {
169  if (isset($_COOKIE['_saml_idp'])) {
170  $arr_idps = $this->generateCookieArray($_COOKIE['_saml_idp']);
171  } else {
172  $arr_idps = array();
173  }
174  $arr_idps = $this->appendCookieValue($this->selected_idp, $arr_idps);
175  setcookie('_saml_idp', $this->generateCookieValue($arr_idps), time() + (100 * 24 * 3600), '/');
176  }
177 
178 
183  public function showNotice() {
184  $lng = new ilLanguage($_GET["lang"]);
185  if (! $this->is_selection() or $this->is_valid_selection()) {
186  return '';
187  } else {
188  return $lng->txt("shib_invalid_home_organization");
189  }
190  }
191 
192 
197  public function getIdplist() {
198  global $ilSetting;
199  $idp_list = array();
200  $idp_raw_list = split("\n", $ilSetting->get("shib_idp_list"));
201  foreach ($idp_raw_list as $idp_line) {
202  $idp_data = split(',', $idp_line);
203  if (isset($idp_data[2])) {
204  $idp_list[trim($idp_data[0])] = array( trim($idp_data[1]), trim($idp_data[2]) );
205  } elseif (isset($idp_data[1])) {
206  $idp_list[trim($idp_data[0])] = array( trim($idp_data[1]) );
207  }
208  }
209 
210  return $idp_list;
211  }
212 
213 
221  public function generateCookieArray($value) {
222  $arr_cookie = explode(' ', $value);
223  $arr_cookie = array_map('base64_decode', $arr_cookie);
224 
225  return $arr_cookie;
226  }
227 
228 
236  public function generateCookieValue(array $arr_cookie) {
237  $arr_cookie = array_map('base64_encode', $arr_cookie);
238  $value = implode(' ', $arr_cookie);
239 
240  return $value;
241  }
242 
243 
252  public function appendCookieValue($value, array $arr_cookie) {
253  array_push($arr_cookie, $value);
254  $arr_cookie = array_reverse($arr_cookie);
255  $arr_cookie = array_unique($arr_cookie);
256  $arr_cookie = array_reverse($arr_cookie);
257 
258  return $arr_cookie;
259  }
260 }
261 
262 ?>