ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Data Fields | Static Private Member Functions | Private Attributes
SimpleSAML_Auth_ProcessingChain Class Reference
+ Collaboration diagram for SimpleSAML_Auth_ProcessingChain:

Public Member Functions

 __construct ($idpMetadata, $spMetadata, $mode='idp')
 Initialize an authentication processing chain for the given service provider and identity provider. More...
 
 processState (&$state)
 Process the given state. More...
 
 processStatePassive (&$state)
 Process the given state passivly. More...
 

Static Public Member Functions

static resumeProcessing ($state)
 Continues processing of the state. More...
 
static fetchProcessedState ($id)
 Retrieve a state which has finished processing. More...
 

Data Fields

const FILTERS_INDEX = 'SimpleSAML_Auth_ProcessingChain.filters'
 The list of remaining filters which should be applied to the state. More...
 
const COMPLETED_STAGE = 'SimpleSAML_Auth_ProcessingChain.completed'
 The stage we use for completed requests. More...
 
const AUTHPARAM = 'AuthProcId'
 The request parameter we will use to pass the state identifier when we redirect after having completed processing of the state. More...
 

Static Private Member Functions

static addFilters (&$target, $src)
 Sort & merge filter configuration. More...
 
static parseFilterList ($filterSrc)
 Parse an array of authentication processing filters. More...
 
static parseFilter ($config, $priority)
 Parse an authentication processing filter. More...
 
static addUserID (&$state)
 

Private Attributes

 $filters
 All authentication processing filters, in the order they should be applied. More...
 

Detailed Description

Definition at line 13 of file ProcessingChain.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Auth_ProcessingChain::__construct (   $idpMetadata,
  $spMetadata,
  $mode = 'idp' 
)

Initialize an authentication processing chain for the given service provider and identity provider.

Parameters
array$idpMetadataThe metadata for the IdP.
array$spMetadataThe metadata for the SP.

Definition at line 48 of file ProcessingChain.php.

References $config, $idpMetadata, $spMetadata, array, SimpleSAML\Logger\debug(), and SimpleSAML_Configuration\getInstance().

48  {
49  assert('is_array($idpMetadata)');
50  assert('is_array($spMetadata)');
51 
52  $this->filters = array();
53 
54  $config = SimpleSAML_Configuration::getInstance();
55  $configauthproc = $config->getArray('authproc.' . $mode, NULL);
56 
57  if (!empty($configauthproc)) {
58  $configfilters = self::parseFilterList($configauthproc);
59  self::addFilters($this->filters, $configfilters);
60  }
61 
62  if (array_key_exists('authproc', $idpMetadata)) {
63  $idpFilters = self::parseFilterList($idpMetadata['authproc']);
64  self::addFilters($this->filters, $idpFilters);
65  }
66 
67  if (array_key_exists('authproc', $spMetadata)) {
68  $spFilters = self::parseFilterList($spMetadata['authproc']);
69  self::addFilters($this->filters, $spFilters);
70  }
71 
72 
73  SimpleSAML\Logger::debug('Filter config for ' . $idpMetadata['entityid'] . '->' .
74  $spMetadata['entityid'] . ': ' . str_replace("\n", '', var_export($this->filters, TRUE)));
75 
76  }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
$spMetadata
$spMetadata
Definition: logout-iframe-post.php:27
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$idpMetadata
$idpMetadata
Definition: logout-iframe-post.php:26
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:297
+ Here is the call graph for this function:

Member Function Documentation

◆ addFilters()

static SimpleSAML_Auth_ProcessingChain::addFilters ( $target,
  $src 
)
staticprivate

Sort & merge filter configuration.

Inserts unsorted filters into sorted filter list. This sort operation is stable.

Parameters
array&$targetTarget filter list. This list must be sorted.
array$srcSource filters. May be unsorted.

Definition at line 87 of file ProcessingChain.php.

References $i, $target, and array.

87  {
88  assert('is_array($target)');
89  assert('is_array($src)');
90 
91  foreach ($src as $filter) {
92  $fp = $filter->priority;
93 
94  // Find insertion position for filter
95  for($i = count($target)-1; $i >= 0; $i--) {
96  if ($target[$i]->priority <= $fp) {
97  // The new filter should be inserted after this one
98  break;
99  }
100  }
101  /* $i now points to the filter which should preceede the current filter. */
102  array_splice($target, $i+1, 0, array($filter));
103  }
104 
105  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$i
$i
Definition: disco.tpl.php:19

◆ addUserID()

static SimpleSAML_Auth_ProcessingChain::addUserID ( $state)
staticprivate
Deprecated:
This method will be removed in SSP 2.0.

Definition at line 320 of file ProcessingChain.php.

References $state, and SimpleSAML\Logger\warning().

320  {
321  assert('is_array($state)');
322  assert('array_key_exists("Attributes", $state)');
323 
324  if (isset($state['Destination']['userid.attribute'])) {
325  $attributeName = $state['Destination']['userid.attribute'];
326  SimpleSAML\Logger::warning("The 'userid.attribute' option has been deprecated.");
327  } elseif (isset($state['Source']['userid.attribute'])) {
328  $attributeName = $state['Source']['userid.attribute'];
329  SimpleSAML\Logger::warning("The 'userid.attribute' option has been deprecated.");
330  } else {
331  // Default attribute
332  $attributeName = 'eduPersonPrincipalName';
333  }
334 
335  if (!array_key_exists($attributeName, $state['Attributes'])) {
336  return;
337  }
338 
339  $uid = $state['Attributes'][$attributeName];
340  if (count($uid) === 0) {
341  SimpleSAML\Logger::warning('Empty user id attribute [' . $attributeName . '].');
342  return;
343  }
344 
345  if (count($uid) > 1) {
346  SimpleSAML\Logger::warning('Multiple attribute values for user id attribute [' . $attributeName . '].');
347  return;
348  }
349 
350  // TODO: the attribute value should be trimmed
351  $uid = $uid[0];
352 
353  if (empty($uid)) {
354  SimpleSAML\Logger::warning('Empty value in attribute '.$attributeName.". on user. Cannot set UserID.");
355  return;
356  }
357  $state['UserID'] = $uid;
358  }
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
+ Here is the call graph for this function:

◆ fetchProcessedState()

static SimpleSAML_Auth_ProcessingChain::fetchProcessedState (   $id)
static

Retrieve a state which has finished processing.

Parameters
string$idThe state identifier.
See also
SimpleSAML_Auth_State::parseStateID()
Returns
Array The state referenced by the $id parameter.

Definition at line 310 of file ProcessingChain.php.

References $id, and SimpleSAML_Auth_State\loadState().

310  {
311  assert('is_string($id)');
312 
313  return SimpleSAML_Auth_State::loadState($id, self::COMPLETED_STAGE);
314  }
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
+ Here is the call graph for this function:

◆ parseFilter()

static SimpleSAML_Auth_ProcessingChain::parseFilter (   $config,
  $priority 
)
staticprivate

Parse an authentication processing filter.

Parameters
array$configArray with the authentication processing filter configuration.
int$priorityThe priority of the current filter, (not included in the filter definition.)
Returns
SimpleSAML_Auth_ProcessingFilter The parsed filter.

Definition at line 145 of file ProcessingChain.php.

References $config, and SimpleSAML\Module\resolveClass().

145  {
146  assert('is_array($config)');
147 
148  if (!array_key_exists('class', $config))
149  throw new Exception('Authentication processing filter without name given.');
150 
151  $className = SimpleSAML\Module::resolveClass($config['class'], 'Auth_Process', 'SimpleSAML_Auth_ProcessingFilter');
152  $config['%priority'] = $priority;
153  unset($config['class']);
154  return new $className($config, NULL);
155  }
SimpleSAML\Module\resolveClass
static resolveClass($id, $type, $subclass=null)
Resolve module class.
Definition: Module.php:252
+ Here is the call graph for this function:

◆ parseFilterList()

static SimpleSAML_Auth_ProcessingChain::parseFilterList (   $filterSrc)
staticprivate

Parse an array of authentication processing filters.

Parameters
array$filterSrcArray with filter configuration.
Returns
array Array of SimpleSAML_Auth_ProcessingFilter objects.

Definition at line 114 of file ProcessingChain.php.

References array.

114  {
115  assert('is_array($filterSrc)');
116 
117  $parsedFilters = array();
118 
119  foreach ($filterSrc as $priority => $filter) {
120 
121  if (is_string($filter)) {
122  $filter = array('class' => $filter);
123  }
124 
125  if (!is_array($filter)) {
126  throw new Exception('Invalid authentication processing filter configuration: ' .
127  'One of the filters wasn\'t a string or an array.');
128  }
129 
130  $parsedFilters[] = self::parseFilter($filter, $priority);
131  }
132 
133  return $parsedFilters;
134  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ processState()

SimpleSAML_Auth_ProcessingChain::processState ( $state)

Process the given state.

This function will only return if processing completes. If processing requires showing a page to the user, we will not be able to return from this function. There are two ways this can be handled:

  • Redirect to a URL: We will redirect to the URL set in $state['ReturnURL'].
  • Call a function: We will call the function set in $state['ReturnCall'].

If an exception is thrown during processing, it should be handled by the caller of this function. If the user has redirected to a different page, the exception will be returned through the exception handler defined on the state array. See SimpleSAML_Auth_State for more information.

See also
SimpleSAML_Auth_State
SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL
SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC
Parameters
array&$stateThe state we are processing.

Definition at line 178 of file ProcessingChain.php.

References $filters, and $state.

178  {
179  assert('is_array($state)');
180  assert('array_key_exists("ReturnURL", $state) || array_key_exists("ReturnCall", $state)');
181  assert('!array_key_exists("ReturnURL", $state) || !array_key_exists("ReturnCall", $state)');
182 
183  $state[self::FILTERS_INDEX] = $this->filters;
184 
185  try {
186 
187  // TODO: remove this in SSP 2.0
188  if (!array_key_exists('UserID', $state)) {
189  // No unique user ID present. Attempt to add one.
190  self::addUserID($state);
191  }
192 
193  while (count($state[self::FILTERS_INDEX]) > 0) {
194  $filter = array_shift($state[self::FILTERS_INDEX]);
195  $filter->process($state);
196  }
197 
198  } catch (SimpleSAML_Error_Exception $e) {
199  // No need to convert the exception
200  throw $e;
201  } catch (Exception $e) {
202  /*
203  * To be consistent with the exception we return after an redirect,
204  * we convert this exception before returning it.
205  */
206  throw new SimpleSAML_Error_UnserializableException($e);
207  }
208 
209  // Completed
210  }
SimpleSAML_Error_Exception
Definition: Exception.php:12
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Auth_ProcessingChain\$filters
$filters
All authentication processing filters, in the order they should be applied.
Definition: ProcessingChain.php:38
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:15

◆ processStatePassive()

SimpleSAML_Auth_ProcessingChain::processStatePassive ( $state)

Process the given state passivly.

Modules with user interaction are expected to throw an SimpleSAML_Error_NoPassive exception which are silently ignored. Exceptions of other types are passed further up the call stack.

This function will only return if processing completes.

Parameters
array&$stateThe state we are processing.

Definition at line 277 of file ProcessingChain.php.

References $filters, and $state.

277  {
278  assert('is_array($state)');
279  // Should not be set when calling this method
280  assert('!array_key_exists("ReturnURL", $state)');
281 
282  // Notify filters about passive request
283  $state['isPassive'] = TRUE;
284 
285  $state[self::FILTERS_INDEX] = $this->filters;
286 
287  // TODO: remove this in SSP 2.0
288  if (!array_key_exists('UserID', $state)) {
289  // No unique user ID present. Attempt to add one.
290  self::addUserID($state);
291  }
292 
293  while (count($state[self::FILTERS_INDEX]) > 0) {
294  $filter = array_shift($state[self::FILTERS_INDEX]);
295  try {
296  $filter->process($state);
297 
298  // Ignore SimpleSAML_Error_NoPassive exceptions
299  } catch (SimpleSAML_Error_NoPassive $e) { }
300  }
301  }
SimpleSAML_Error_NoPassive
Class SimpleSAML_Error_NoPassive.
Definition: NoPassive.php:12
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Auth_ProcessingChain\$filters
$filters
All authentication processing filters, in the order they should be applied.
Definition: ProcessingChain.php:38

◆ resumeProcessing()

static SimpleSAML_Auth_ProcessingChain::resumeProcessing (   $state)
static

Continues processing of the state.

This function is used to resume processing by filters which for example needed to show a page to the user.

This function will never return. Exceptions thrown during processing will be passed to whatever exception handler is defined in the state array.

Parameters
array$stateThe state we are processing.

Definition at line 224 of file ProcessingChain.php.

References $id, $state, array, SimpleSAML_Auth_State\deleteState(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), SimpleSAML_Auth_State\saveState(), and SimpleSAML_Auth_State\throwException().

224  {
225  assert('is_array($state)');
226 
227  while (count($state[self::FILTERS_INDEX]) > 0) {
228  $filter = array_shift($state[self::FILTERS_INDEX]);
229  try {
230  $filter->process($state);
231  } catch (SimpleSAML_Error_Exception $e) {
232  SimpleSAML_Auth_State::throwException($state, $e);
233  } catch (Exception $e) {
234  $e = new SimpleSAML_Error_UnserializableException($e);
235  SimpleSAML_Auth_State::throwException($state, $e);
236  }
237  }
238 
239  // Completed
240 
241  assert('array_key_exists("ReturnURL", $state) || array_key_exists("ReturnCall", $state)');
242  assert('!array_key_exists("ReturnURL", $state) || !array_key_exists("ReturnCall", $state)');
243 
244 
245  if (array_key_exists('ReturnURL', $state)) {
246  /*
247  * Save state information, and redirect to the URL specified
248  * in $state['ReturnURL'].
249  */
250  $id = SimpleSAML_Auth_State::saveState($state, self::COMPLETED_STAGE);
251  \SimpleSAML\Utils\HTTP::redirectTrustedURL($state['ReturnURL'], array(self::AUTHPARAM => $id));
252  } else {
253  /* Pass the state to the function defined in $state['ReturnCall']. */
254 
255  // We are done with the state array in the session. Delete it.
256  SimpleSAML_Auth_State::deleteState($state);
257 
258  $func = $state['ReturnCall'];
259  assert('is_callable($func)');
260 
261  call_user_func($func, $state);
262  assert(FALSE);
263  }
264  }
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Error_Exception
Definition: Exception.php:12
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:15
SimpleSAML_Auth_State\deleteState
static deleteState(&$state)
Delete state.
Definition: State.php:319
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

Field Documentation

◆ $filters

SimpleSAML_Auth_ProcessingChain::$filters
private

All authentication processing filters, in the order they should be applied.

Definition at line 38 of file ProcessingChain.php.

Referenced by processState(), and processStatePassive().

◆ AUTHPARAM

const SimpleSAML_Auth_ProcessingChain::AUTHPARAM = 'AuthProcId'

The request parameter we will use to pass the state identifier when we redirect after having completed processing of the state.

Definition at line 32 of file ProcessingChain.php.

◆ COMPLETED_STAGE

const SimpleSAML_Auth_ProcessingChain::COMPLETED_STAGE = 'SimpleSAML_Auth_ProcessingChain.completed'

The stage we use for completed requests.

Definition at line 25 of file ProcessingChain.php.

◆ FILTERS_INDEX

const SimpleSAML_Auth_ProcessingChain::FILTERS_INDEX = 'SimpleSAML_Auth_ProcessingChain.filters'

The list of remaining filters which should be applied to the state.

Definition at line 19 of file ProcessingChain.php.

The documentation for this class was generated from the following file: