ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
SQLPersistentNameID.php
Go to the documentation of this file.
1<?php
2
3
10{
11
17 private $attribute;
18
24 private $allowUnspecified = false;
25
31 private $allowDifferent = false;
32
38 private $alwaysCreate = false;
39
40
49 public function __construct($config, $reserved)
50 {
51 parent::__construct($config, $reserved);
52 assert('is_array($config)');
53
55
56 if (!isset($config['attribute'])) {
57 throw new SimpleSAML_Error_Exception("PersistentNameID: Missing required option 'attribute'.");
58 }
59 $this->attribute = $config['attribute'];
60
61 if (isset($config['allowUnspecified'])) {
62 $this->allowUnspecified = (bool) $config['allowUnspecified'];
63 }
64
65 if (isset($config['allowDifferent'])) {
66 $this->allowDifferent = (bool) $config['allowDifferent'];
67 }
68
69 if (isset($config['alwaysCreate'])) {
70 $this->alwaysCreate = (bool) $config['alwaysCreate'];
71 }
72 }
73
74
83 protected function getValue(array &$state)
84 {
85
86 if (!isset($state['saml:NameIDFormat']) && !$this->allowUnspecified) {
88 'SQLPersistentNameID: Request did not specify persistent NameID format, '.
89 'not generating persistent NameID.'
90 );
91 return null;
92 }
93
94 $validNameIdFormats = @array_filter(array(
95 $state['saml:NameIDFormat'],
96 $state['SPMetadata']['NameIDPolicy'],
97 $state['SPMetadata']['NameIDFormat']
98 ));
99 if (count($validNameIdFormats) && !in_array($this->format, $validNameIdFormats, true) &&
100 !$this->allowDifferent
101 ) {
103 'SQLPersistentNameID: SP expects different NameID format ('.
104 implode(', ', $validNameIdFormats).'), not generating persistent NameID.'
105 );
106 return null;
107 }
108
109 if (!isset($state['Destination']['entityid'])) {
110 SimpleSAML\Logger::warning('SQLPersistentNameID: No SP entity ID - not generating persistent NameID.');
111 return null;
112 }
113 $spEntityId = $state['Destination']['entityid'];
114
115 if (!isset($state['Source']['entityid'])) {
116 SimpleSAML\Logger::warning('SQLPersistentNameID: No IdP entity ID - not generating persistent NameID.');
117 return null;
118 }
119 $idpEntityId = $state['Source']['entityid'];
120
121 if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
123 'SQLPersistentNameID: Missing attribute '.var_export($this->attribute, true).
124 ' on user - not generating persistent NameID.'
125 );
126 return null;
127 }
128 if (count($state['Attributes'][$this->attribute]) > 1) {
130 'SQLPersistentNameID: More than one value in attribute '.var_export($this->attribute, true).
131 ' on user - not generating persistent NameID.'
132 );
133 return null;
134 }
135 $uid = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
136 $uid = $uid[0];
137
138 if (empty($uid)) {
140 'Empty value in attribute '.var_export($this->attribute, true).
141 ' on user - not generating persistent NameID.'
142 );
143 return null;
144 }
145
147 if ($value !== null) {
149 'SQLPersistentNameID: Found persistent NameID '.var_export($value, true).' for user '.
150 var_export($uid, true).'.'
151 );
152 return $value;
153 }
154
155 if ((!isset($state['saml:AllowCreate']) || !$state['saml:AllowCreate']) && !$this->alwaysCreate) {
157 'SQLPersistentNameID: Did not find persistent NameID for user, and not allowed to create new NameID.'
158 );
159 throw new sspmod_saml_Error(
160 \SAML2\Constants::STATUS_RESPONDER,
161 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'
162 );
163 }
164
165 $value = bin2hex(openssl_random_pseudo_bytes(20));
167 'SQLPersistentNameID: Created persistent NameID '.var_export($value, true).' for user '.
168 var_export($uid, true).'.'
169 );
171
172 return $value;
173 }
174}
$spEntityId
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
An exception for terminatinating execution or to throw for unit testing.
const NAMEID_PERSISTENT
Persistent NameID format.
Definition: Constants.php:190
static warning($string)
Definition: Logger.php:179
static debug($string)
Definition: Logger.php:213
__construct($config, $reserved)
Initialize this filter, parse configuration.
getValue(array &$state)
Get the NameID value.
static add($idpEntityId, $spEntityId, $user, $value)
Add a NameID into the database.
Definition: SQLNameID.php:66
static get($idpEntityId, $spEntityId, $user)
Retrieve a NameID into from database.
Definition: SQLNameID.php:95
$idpEntityId
Definition: prp.php:12