ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilShibbolethWAYF.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
34class ShibWAYF {
35
39 public $is_selection = false;
43 public $is_valid_selection = false;
47 public $selected_idp = '-';
51 public $idp_list = false;
52
53
54 public function __construct() {
55 // Was the WAYF form submitted?
56 if (isset($_POST['home_organization_selection'])) {
57 $this->is_selection = true;
58 } else {
59 $this->is_selection = false;
60 }
61 // Was selected IdP a valid
62 $this->idp_list = $this->getIdplist();
63 if (isset($_POST['idp_selection']) AND
64 $_POST['idp_selection'] != '-' AND isset($this->idp_list[$_POST['idp_selection']])
65 ) {
66 $this->is_valid_selection = true;
67 $this->selected_idp = $_POST['idp_selection'];
68 } else {
69 $this->is_valid_selection = false;
70 }
71 }
72
73
77 public function is_selection() {
78 return $this->isSelection();
79 }
80
81
85 public function isSelection() {
87 }
88
89
93 public function is_valid_selection() {
94 return $this->isValidSelection();
95 }
96
97
101 public function isValidSelection() {
103 }
104
105
109 public function generateSelection() {
110 if (! $this->idp_list) {
111 $arr_idp_list = $this->getIdplist();
112 } else {
113 $arr_idp_list = $this->idp_list;
114 }
115 $idp_cookie = $this->generateCookieArray($_COOKIE['_saml_idp']);
116 $lng = new ilLanguage($_GET["lang"]);
117 if (count($idp_cookie) > 0 AND isset($arr_idp_list[end($idp_cookie)])) {
118 $selectedIDP = end($idp_cookie);
119 $selectElement = '
120 <select name="idp_selection">
121 <option value="-">' . $lng->txt("shib_member_of") . '</option>';
122 } else {
123 $selectElement = '
124 <select name="idp_selection">
125 <option value="-" selected="selected">' . $lng->txt("shib_member_of") . '</option>';
126 }
127 foreach ($arr_idp_list as $idp_id => $idp_data) {
128 if ($idp_id == $selectedIDP) {
129 $selectElement .= '<option value="' . $idp_id . '" selected="selected">' . $idp_data[0] . '</option>';
130 } else {
131 $selectElement .= '<option value="' . $idp_id . '">' . $idp_data[0] . '</option>';
132 }
133 }
134 $selectElement .= '
135 </select>';
136
137 return $selectElement;
138 }
139
140
144 public function redirect() {
145 if (! $this->idp_list) {
146 $arr_idp_list = $this->getIdplist();
147 } else {
148 $arr_idp_list = $this->idp_list;
149 }
150 // Where to return after the authentication process
151 $target = trim(ILIAS_HTTP_PATH, '/') . '/shib_login.php?target=' . $_POST["il_target"];
152 $idp_data = $arr_idp_list[$this->selected_idp];
153 if (isset($idp_data[1])) {
154 ilUtil::redirect($idp_data[1] . '?providerId=' . urlencode($this->selected_idp) . '&target='
155 . urlencode($target));
156 } else {
157 // TODO: This has to be changed to /Shibboleth.sso/DS?entityId= for
158 // Shibbolet 2.x sometime...
159 ilUtil::redirect('/Shibboleth.sso?providerId=' . urlencode($this->selected_idp) . '&target='
160 . urlencode($target));
161 }
162 }
163
164
168 public function setSAMLCookie() {
169 if (isset($_COOKIE['_saml_idp'])) {
170 $arr_idps = $this->generateCookieArray($_COOKIE['_saml_idp']);
171 } else {
172 $arr_idps = array();
173 }
174 $arr_idps = $this->appendCookieValue($this->selected_idp, $arr_idps);
175 setcookie('_saml_idp', $this->generateCookieValue($arr_idps), time() + (100 * 24 * 3600), '/');
176 }
177
178
183 public function showNotice() {
184 $lng = new ilLanguage($_GET["lang"]);
185 if (! $this->is_selection() or $this->is_valid_selection()) {
186 return '';
187 } else {
188 return $lng->txt("shib_invalid_home_organization");
189 }
190 }
191
192
197 public function getIdplist() {
198 global $ilSetting;
199 $idp_list = array();
200 $idp_raw_list = split("\n", $ilSetting->get("shib_idp_list"));
201 foreach ($idp_raw_list as $idp_line) {
202 $idp_data = split(',', $idp_line);
203 if (isset($idp_data[2])) {
204 $idp_list[trim($idp_data[0])] = array( trim($idp_data[1]), trim($idp_data[2]) );
205 } elseif (isset($idp_data[1])) {
206 $idp_list[trim($idp_data[0])] = array( trim($idp_data[1]) );
207 }
208 }
209
210 return $idp_list;
211 }
212
213
221 public function generateCookieArray($value) {
222 $arr_cookie = explode(' ', $value);
223 $arr_cookie = array_map('base64_decode', $arr_cookie);
224
225 return $arr_cookie;
226 }
227
228
236 public function generateCookieValue(array $arr_cookie) {
237 $arr_cookie = array_map('base64_encode', $arr_cookie);
238 $value = implode(' ', $arr_cookie);
239
240 return $value;
241 }
242
243
252 public function appendCookieValue($value, array $arr_cookie) {
253 array_push($arr_cookie, $value);
254 $arr_cookie = array_reverse($arr_cookie);
255 $arr_cookie = array_unique($arr_cookie);
256 $arr_cookie = array_reverse($arr_cookie);
257
258 return $arr_cookie;
259 }
260}
261
262?>
$_GET["client_id"]
Class ShibbolethWAYF.
redirect()
@description Redirects user to the local Shibboleth session initatiotor with already set GET argument...
generateCookieValue(array $arr_cookie)
setSAMLCookie()
@description Sets the standard SAML domain cookie that is also used to preselect the right entry on t...
appendCookieValue($value, array $arr_cookie)
generateCookieArray($value)
language handling
static redirect($a_script)
http redirect to other script
$_POST['username']
Definition: cron.php:12
$_COOKIE["ilClientId"]
Definition: cron.php:11
global $lng
Definition: privfeed.php:40
global $ilSetting
Definition: privfeed.php:40