SimpleSAML_Auth_ProcessingChain Class Reference

Collaboration diagram for SimpleSAML_Auth_ProcessingChain:

Public Member Functions
	__construct ($idpMetadata, $spMetadata, $mode='idp')
	Initialize an authentication processing chain for the given service provider and identity provider. More...
	processState (&$state)
	Process the given state. More...
	processStatePassive (&$state)
	Process the given state passivly. More...

Static Public Member Functions
static	resumeProcessing ($state)
	Continues processing of the state. More...
static	fetchProcessedState ($id)

Data Fields
const	FILTERS_INDEX = 'SimpleSAML_Auth_ProcessingChain.filters'
	The list of remaining filters which should be applied to the state. More...
const	COMPLETED_STAGE = 'SimpleSAML_Auth_ProcessingChain.completed'
	The stage we use for completed requests. More...
const	AUTHPARAM = 'AuthProcId'
	The request parameter we will use to pass the state identifier when we redirect after having completed processing of the state. More...

Static Private Member Functions
static	addFilters (&$target, $src)
	Sort & merge filter configuration. More...
static	parseFilterList ($filterSrc)
	Parse an array of authentication processing filters. More...
static	parseFilter ($config, $priority)
	Parse an authentication processing filter. More...
static	addUserID (&$state)

Private Attributes
	$filters
	All authentication processing filters, in the order they should be applied. More...

Detailed Description

Definition at line 13 of file ProcessingChain.php.

Constructor & Destructor Documentation

__construct()

SimpleSAML_Auth_ProcessingChain::__construct	(		$idpMetadata,
			$spMetadata,
			$mode = 'idp'
	)

Initialize an authentication processing chain for the given service provider and identity provider.

Parameters

array	$idpMetadata	The metadata for the IdP.
array	$spMetadata	The metadata for the SP.

Definition at line 48 of file ProcessingChain.php.

                                                                              {
                assert('is_array($idpMetadata)');
                assert('is_array($spMetadata)');
 
                $this->filters = array();
                
                $config = SimpleSAML_Configuration::getInstance();
                $configauthproc = $config->getArray('authproc.' . $mode, NULL);
                
                if (!empty($configauthproc)) {
                        $configfilters = self::parseFilterList($configauthproc);
                        self::addFilters($this->filters, $configfilters);
                }
 
                if (array_key_exists('authproc', $idpMetadata)) {
                        $idpFilters = self::parseFilterList($idpMetadata['authproc']);
                        self::addFilters($this->filters, $idpFilters);
                }
 
                if (array_key_exists('authproc', $spMetadata)) {
                        $spFilters = self::parseFilterList($spMetadata['authproc']);
                        self::addFilters($this->filters, $spFilters);
                }
 
 
                SimpleSAML\Logger::debug('Filter config for ' . $idpMetadata['entityid'] . '->' .
                        $spMetadata['entityid'] . ': ' . str_replace("\n", '', var_export($this->filters, TRUE)));
 
        }

References $config, $idpMetadata, $spMetadata, addFilters(), SimpleSAML\Logger\debug(), SimpleSAML_Configuration\getInstance(), and parseFilterList().

Here is the call graph for this function:

Member Function Documentation

addFilters()

static SimpleSAML_Auth_ProcessingChain::addFilters ( &  $target,   $src  )

staticprivate

Sort & merge filter configuration.

Inserts unsorted filters into sorted filter list. This sort operation is stable.

Parameters

array	&$target	Target filter list. This list must be sorted.
array	$src	Source filters. May be unsorted.

Definition at line 87 of file ProcessingChain.php.

                                                           {
                assert('is_array($target)');
                assert('is_array($src)');
 
                foreach ($src as $filter) {
                        $fp = $filter->priority;
 
                        // Find insertion position for filter
                        for($i = count($target)-1; $i >= 0; $i--) {
                                if ($target[$i]->priority <= $fp) {
                                        // The new filter should be inserted after this one
                                        break;
                                }
                        }
                        /* $i now points to the filter which should preceede the current filter. */
                        array_splice($target, $i+1, 0, array($filter));
                }
 
        }

References $i, and $target.

Referenced by __construct().

Here is the caller graph for this function:

addUserID()

static SimpleSAML_Auth_ProcessingChain::addUserID ( &  $state )

staticprivate

Deprecated:

This method will be removed in SSP 2.0.

Definition at line 320 of file ProcessingChain.php.

                                                   {
                assert('is_array($state)');
                assert('array_key_exists("Attributes", $state)');
 
                if (isset($state['Destination']['userid.attribute'])) {
                        $attributeName = $state['Destination']['userid.attribute'];
                        SimpleSAML\Logger::warning("The 'userid.attribute' option has been deprecated.");
                } elseif (isset($state['Source']['userid.attribute'])) {
                        $attributeName = $state['Source']['userid.attribute'];
                        SimpleSAML\Logger::warning("The 'userid.attribute' option has been deprecated.");
                } else {
                        // Default attribute
                        $attributeName = 'eduPersonPrincipalName';
                }
 
                if (!array_key_exists($attributeName, $state['Attributes'])) {
                        return;
                }
 
                $uid = $state['Attributes'][$attributeName];
                if (count($uid) === 0) {
                        SimpleSAML\Logger::warning('Empty user id attribute [' . $attributeName . '].');
                        return;
                }
 
                if (count($uid) > 1) {
                        SimpleSAML\Logger::warning('Multiple attribute values for user id attribute [' . $attributeName . '].');
                        return;
                }
 
                // TODO: the attribute value should be trimmed
                $uid = $uid[0];
 
                if (empty($uid)) {
                        SimpleSAML\Logger::warning('Empty value in attribute '.$attributeName.". on user. Cannot set UserID.");
                        return;
                }
                $state['UserID'] = $uid;
        }

References $state, and SimpleSAML\Logger\warning().

Referenced by processState(), and processStatePassive().

Here is the call graph for this function:

Here is the caller graph for this function:

fetchProcessedState()

static SimpleSAML_Auth_ProcessingChain::fetchProcessedState (   $id )

static

Retrieve a state which has finished processing.

@param string $id The state identifier.

See also

SimpleSAML_Auth_State::parseStateID()

Returns

Array The state referenced by the $id parameter.

Definition at line 310 of file ProcessingChain.php.

                                                        {
                assert('is_string($id)');
 
                return SimpleSAML_Auth_State::loadState($id, self::COMPLETED_STAGE);
        }

References $id, and SimpleSAML_Auth_State\loadState().

Here is the call graph for this function:

parseFilter()

static SimpleSAML_Auth_ProcessingChain::parseFilter (   $config,   $priority  )

staticprivate

Parse an authentication processing filter.

Parameters

array	$config	Array with the authentication processing filter configuration.
int	$priority	The priority of the current filter, (not included in the filter definition.)

Returns

SimpleSAML_Auth_ProcessingFilter The parsed filter.

Definition at line 145 of file ProcessingChain.php.

                                                                {
                assert('is_array($config)');
 
                if (!array_key_exists('class', $config)) 
                        throw new Exception('Authentication processing filter without name given.');
 
                $className = SimpleSAML\Module::resolveClass($config['class'], 'Auth_Process', 'SimpleSAML_Auth_ProcessingFilter');
                $config['%priority'] = $priority;
                unset($config['class']);
                return new $className($config, NULL);
        }

References $config, and SimpleSAML\Module\resolveClass().

Referenced by parseFilterList().

Here is the call graph for this function:

Here is the caller graph for this function:

parseFilterList()

static SimpleSAML_Auth_ProcessingChain::parseFilterList (   $filterSrc )

staticprivate

Parse an array of authentication processing filters.

Parameters

array

$filterSrc

Array with filter configuration.

Returns

array Array of SimpleSAML_Auth_ProcessingFilter objects.

Definition at line 114 of file ProcessingChain.php.

                                                            {
                assert('is_array($filterSrc)');
 
                $parsedFilters = array();
 
                foreach ($filterSrc as $priority => $filter) {
 
                        if (is_string($filter)) {
                                $filter = array('class' => $filter);
                        }
 
                        if (!is_array($filter)) {
                                throw new Exception('Invalid authentication processing filter configuration: ' .
                                        'One of the filters wasn\'t a string or an array.');
                        }
 
                        $parsedFilters[] = self::parseFilter($filter, $priority);
                }
 
                return $parsedFilters;
        }

References parseFilter().

Referenced by __construct().

Here is the call graph for this function:

Here is the caller graph for this function:

processState()

SimpleSAML_Auth_ProcessingChain::processState

(

&

$state

)

Process the given state.

This function will only return if processing completes. If processing requires showing a page to the user, we will not be able to return from this function. There are two ways this can be handled:

• Redirect to a URL: We will redirect to the URL set in $state['ReturnURL'].
• Call a function: We will call the function set in $state['ReturnCall'].

If an exception is thrown during processing, it should be handled by the caller of this function. If the user has redirected to a different page, the exception will be returned through the exception handler defined on the state array. See SimpleSAML_Auth_State for more information.

See also

SimpleSAML_Auth_State

SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL

SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC

Parameters

array

&$state

The state we are processing.

Definition at line 178 of file ProcessingChain.php.

                                              {
                assert('is_array($state)');
                assert('array_key_exists("ReturnURL", $state) || array_key_exists("ReturnCall", $state)');
                assert('!array_key_exists("ReturnURL", $state) || !array_key_exists("ReturnCall", $state)');
 
                $state[self::FILTERS_INDEX] = $this->filters;
 
                try {
 
                        // TODO: remove this in SSP 2.0
                        if (!array_key_exists('UserID', $state)) {
                                // No unique user ID present. Attempt to add one.
                                self::addUserID($state);
                        }
 
                        while (count($state[self::FILTERS_INDEX]) > 0) {
                                $filter = array_shift($state[self::FILTERS_INDEX]);
                                $filter->process($state);
                        }
 
                } catch (SimpleSAML_Error_Exception $e) {
                        // No need to convert the exception
                        throw $e;
                } catch (Exception $e) {
                        /*
                         * To be consistent with the exception we return after an redirect,
                         * we convert this exception before returning it.
                         */
                        throw new SimpleSAML_Error_UnserializableException($e);
                }
 
                // Completed
        }

References $filters, $state, addUserID(), and FILTERS_INDEX.

Here is the call graph for this function:

processStatePassive()

SimpleSAML_Auth_ProcessingChain::processStatePassive

(

&

$state

)

Process the given state passivly.

Modules with user interaction are expected to throw an SimpleSAML_Error_NoPassive exception which are silently ignored. Exceptions of other types are passed further up the call stack.

This function will only return if processing completes.

Parameters

array

&$state

The state we are processing.

Definition at line 277 of file ProcessingChain.php.

                                                     {
                assert('is_array($state)');
                // Should not be set when calling this method
                assert('!array_key_exists("ReturnURL", $state)');
 
                // Notify filters about passive request
                $state['isPassive'] = TRUE;
 
                $state[self::FILTERS_INDEX] = $this->filters;
 
                // TODO: remove this in SSP 2.0
                if (!array_key_exists('UserID', $state)) {
                        // No unique user ID present. Attempt to add one.
                        self::addUserID($state);
                }
 
                while (count($state[self::FILTERS_INDEX]) > 0) {
                        $filter = array_shift($state[self::FILTERS_INDEX]);
                        try {
                                $filter->process($state);
 
                        // Ignore SimpleSAML_Error_NoPassive exceptions
                        } catch (SimpleSAML_Error_NoPassive $e) { }
                }
        }

References $filters, $state, addUserID(), and FILTERS_INDEX.

Here is the call graph for this function:

resumeProcessing()

static SimpleSAML_Auth_ProcessingChain::resumeProcessing (   $state )

static

Continues processing of the state.

This function is used to resume processing by filters which for example needed to show a page to the user.

This function will never return. Exceptions thrown during processing will be passed to whatever exception handler is defined in the state array.

Parameters

array

$state

The state we are processing.

Definition at line 224 of file ProcessingChain.php.

                                                        {
                assert('is_array($state)');
 
                while (count($state[self::FILTERS_INDEX]) > 0) {
                        $filter = array_shift($state[self::FILTERS_INDEX]);
                        try {
                                $filter->process($state);
                        } catch (SimpleSAML_Error_Exception $e) {
                                SimpleSAML_Auth_State::throwException($state, $e);
                        } catch (Exception $e) {
                                $e = new SimpleSAML_Error_UnserializableException($e);
                                SimpleSAML_Auth_State::throwException($state, $e);
                        }
                }
 
                // Completed
 
                assert('array_key_exists("ReturnURL", $state) || array_key_exists("ReturnCall", $state)');
                assert('!array_key_exists("ReturnURL", $state) || !array_key_exists("ReturnCall", $state)');
 
 
                if (array_key_exists('ReturnURL', $state)) {
                        /*
                         * Save state information, and redirect to the URL specified
                         * in $state['ReturnURL'].
                         */
                        $id = SimpleSAML_Auth_State::saveState($state, self::COMPLETED_STAGE);
                        \SimpleSAML\Utils\HTTP::redirectTrustedURL($state['ReturnURL'], array(self::AUTHPARAM => $id));
                } else {
                        /* Pass the state to the function defined in $state['ReturnCall']. */
 
                        // We are done with the state array in the session. Delete it.
                        SimpleSAML_Auth_State::deleteState($state);
 
                        $func = $state['ReturnCall'];
                        assert('is_callable($func)');
 
                        call_user_func($func, $state);
                        assert(FALSE);
                }
        }

References $id, $state, SimpleSAML_Auth_State\deleteState(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), SimpleSAML_Auth_State\saveState(), and SimpleSAML_Auth_State\throwException().

Here is the call graph for this function:

Field Documentation

$filters

SimpleSAML_Auth_ProcessingChain::$filters

private

All authentication processing filters, in the order they should be applied.

Definition at line 38 of file ProcessingChain.php.

Referenced by processState(), and processStatePassive().

AUTHPARAM

const SimpleSAML_Auth_ProcessingChain::AUTHPARAM = 'AuthProcId'

The request parameter we will use to pass the state identifier when we redirect after having completed processing of the state.

Definition at line 32 of file ProcessingChain.php.

COMPLETED_STAGE

const SimpleSAML_Auth_ProcessingChain::COMPLETED_STAGE = 'SimpleSAML_Auth_ProcessingChain.completed'

The stage we use for completed requests.

Definition at line 25 of file ProcessingChain.php.

FILTERS_INDEX

const SimpleSAML_Auth_ProcessingChain::FILTERS_INDEX = 'SimpleSAML_Auth_ProcessingChain.filters'

The list of remaining filters which should be applied to the state.

Definition at line 19 of file ProcessingChain.php.

Referenced by processState(), and processStatePassive().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Auth/ProcessingChain.php