d2/d0a/SQLPersistentNameID_8php_source.html

<?php


class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameIDGenerator

{


    private $attribute;


    private $allowUnspecified = false;


    private $allowDifferent = false;


    private $alwaysCreate = false;


    public function __construct($config, $reserved)

    {

        parent::__construct($config, $reserved);

        assert('is_array($config)');


        $this->format = \SAML2\Constants::NAMEID_PERSISTENT;


        if (!isset($config['attribute'])) {

            throw new SimpleSAML_Error_Exception("PersistentNameID: Missing required option 'attribute'.");

        }

        $this->attribute = $config['attribute'];


        if (isset($config['allowUnspecified'])) {

            $this->allowUnspecified = (bool) $config['allowUnspecified'];

        }


        if (isset($config['allowDifferent'])) {

            $this->allowDifferent = (bool) $config['allowDifferent'];

        }


        if (isset($config['alwaysCreate'])) {

            $this->alwaysCreate = (bool) $config['alwaysCreate'];

        }

    }


    protected function getValue(array &$state)

    {


        if (!isset($state['saml:NameIDFormat']) && !$this->allowUnspecified) {

            SimpleSAML\Logger::debug(

                'SQLPersistentNameID: Request did not specify persistent NameID format, '.

                'not generating persistent NameID.'

            );

            return null;

        }


        $validNameIdFormats = @array_filter(array(

            $state['saml:NameIDFormat'],

            $state['SPMetadata']['NameIDPolicy'],

            $state['SPMetadata']['NameIDFormat']

        ));

        if (count($validNameIdFormats) && !in_array($this->format, $validNameIdFormats, true) &&

            !$this->allowDifferent

        ) {

            SimpleSAML\Logger::debug(

                'SQLPersistentNameID: SP expects different NameID format ('.

                implode(', ', $validNameIdFormats).'),  not generating persistent NameID.'

            );

            return null;

        }


        if (!isset($state['Destination']['entityid'])) {

            SimpleSAML\Logger::warning('SQLPersistentNameID: No SP entity ID - not generating persistent NameID.');

            return null;

        }

        $spEntityId = $state['Destination']['entityid'];


        if (!isset($state['Source']['entityid'])) {

            SimpleSAML\Logger::warning('SQLPersistentNameID: No IdP entity ID - not generating persistent NameID.');

            return null;

        }

        $idpEntityId = $state['Source']['entityid'];


        if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {

            SimpleSAML\Logger::warning(

                'SQLPersistentNameID: Missing attribute '.var_export($this->attribute, true).

                ' on user - not generating persistent NameID.'

            );

            return null;

        }

        if (count($state['Attributes'][$this->attribute]) > 1) {

            SimpleSAML\Logger::warning(

                'SQLPersistentNameID: More than one value in attribute '.var_export($this->attribute, true).

                ' on user - not generating persistent NameID.'

            );

            return null;

        }

        $uid = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0

        $uid = $uid[0];


        if (empty($uid)) {

            SimpleSAML\Logger::warning(

                'Empty value in attribute '.var_export($this->attribute, true).

                ' on user - not generating persistent NameID.'

            );

            return null;

        }


        $value = sspmod_saml_IdP_SQLNameID::get($idpEntityId, $spEntityId, $uid);

        if ($value !== null) {

            SimpleSAML\Logger::debug(

                'SQLPersistentNameID: Found persistent NameID '.var_export($value, true).' for user '.

                var_export($uid, true).'.'

            );

            return $value;

        }


        if ((!isset($state['saml:AllowCreate']) || !$state['saml:AllowCreate']) && !$this->alwaysCreate) {

            SimpleSAML\Logger::warning(

                'SQLPersistentNameID: Did not find persistent NameID for user, and not allowed to create new NameID.'

            );

            throw new sspmod_saml_Error(

                \SAML2\Constants::STATUS_RESPONDER,

                'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'

            );

        }


        $value = bin2hex(openssl_random_pseudo_bytes(20));

        SimpleSAML\Logger::debug(

            'SQLPersistentNameID: Created persistent NameID '.var_export($value, true).' for user '.

            var_export($uid, true).'.'

        );

        sspmod_saml_IdP_SQLNameID::add($idpEntityId, $spEntityId, $uid, $value);


        return $value;

    }

}

$spEntityId
$spEntityId
Definition: attributeserver.php:14

$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10

php
An exception for terminatinating execution or to throw for unit testing.

SAML2\Constants\NAMEID_PERSISTENT
const NAMEID_PERSISTENT
Persistent NameID format.
Definition: Constants.php:190

SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179

SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213

SimpleSAML_Error_Exception
Definition: Exception.php:13

sspmod_saml_Auth_Process_SQLPersistentNameID
Definition: SQLPersistentNameID.php:10

sspmod_saml_Auth_Process_SQLPersistentNameID\$allowDifferent
$allowDifferent
Definition: SQLPersistentNameID.php:31

sspmod_saml_Auth_Process_SQLPersistentNameID\__construct
__construct($config, $reserved)
Initialize this filter, parse configuration.
Definition: SQLPersistentNameID.php:49

sspmod_saml_Auth_Process_SQLPersistentNameID\$allowUnspecified
$allowUnspecified
Definition: SQLPersistentNameID.php:24

sspmod_saml_Auth_Process_SQLPersistentNameID\getValue
getValue(array &$state)
Get the NameID value.
Definition: SQLPersistentNameID.php:83

sspmod_saml_Auth_Process_SQLPersistentNameID\$attribute
$attribute
Definition: SQLPersistentNameID.php:17

sspmod_saml_Auth_Process_SQLPersistentNameID\$alwaysCreate
$alwaysCreate
Definition: SQLPersistentNameID.php:38

sspmod_saml_BaseNameIDGenerator
Definition: BaseNameIDGenerator.php:8

sspmod_saml_Error
Definition: Error.php:8

sspmod_saml_IdP_SQLNameID\add
static add($idpEntityId, $spEntityId, $user, $value)
Add a NameID into the database.
Definition: SQLNameID.php:66

sspmod_saml_IdP_SQLNameID\get
static get($idpEntityId, $spEntityId, $user)
Retrieve a NameID into from database.
Definition: SQLNameID.php:95

$config
$config
Definition: flush-definition-cache.php:23

SAML2
Definition: ArtifactResolve.php:3

$idpEntityId
$idpEntityId
Definition: prp.php:12