ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Member Functions | Private Attributes
sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef Class Reference
+ Inheritance diagram for sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef:
+ Collaboration diagram for sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef:

Public Member Functions

 __construct ($config, $reserved)
 Initialize this filter, parse configuration. More...
 
 process (&$request)
 
- Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
 __construct (&$config, $reserved)
 Constructor for a processing filter. More...
 
 process (&$request)
 Process a request. More...
 

Protected Member Functions

 unauthorized (&$request)
 When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page. More...
 

Private Attributes

 $accepted
 
 $AuthnContextClassRef
 

Additional Inherited Members

- Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
 $priority = 50
 Priority of this filter. More...
 

Detailed Description

Definition at line 19 of file ExpectedAuthnContextClassRef.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::__construct (   $config,
  $reserved 
)

Initialize this filter, parse configuration.

Parameters
array$configConfiguration information about this filter.
mixed$reservedFor future use.
Exceptions
SimpleSAML_Error_Exceptionif the mandatory 'accepted' configuration option is missing.

Definition at line 44 of file ExpectedAuthnContextClassRef.php.

References $config, and SimpleSAML\Logger\error().

45  {
46  parent::__construct($config, $reserved);
47 
48  assert('is_array($config)');
49  if (empty($config['accepted'])) {
50  SimpleSAML\Logger::error(
51  'ExpectedAuthnContextClassRef: Configuration error. There is no accepted AuthnContextClassRef.'
52  );
53  throw new SimpleSAML_Error_Exception(
54  'ExpectedAuthnContextClassRef: Configuration error. There is no accepted AuthnContextClassRef.'
55  );
56  }
57  $this->accepted = $config['accepted'];
58  }
SimpleSAML_Error_Exception
Definition: Exception.php:12
SimpleSAML\Logger\error
static error($string)
Definition: Logger.php:168
+ Here is the call graph for this function:

Member Function Documentation

◆ process()

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::process ( $request)
Parameters
array&$requestThe current request

Definition at line 65 of file ExpectedAuthnContextClassRef.php.

References unauthorized().

66  {
67  assert('is_array($request)');
68  assert('array_key_exists("Attributes", $request)');
69 
70  $this->AuthnContextClassRef = $request['saml:sp:State']['saml:sp:AuthnContext'];
71 
72  if (!in_array($this->AuthnContextClassRef, $this->accepted, true)) {
73  $this->unauthorized($request);
74  }
75  }
sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef\unauthorized
unauthorized(&$request)
When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page.
Definition: ExpectedAuthnContextClassRef.php:90
+ Here is the call graph for this function:

◆ unauthorized()

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::unauthorized ( $request)
protected

When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page.

Separated this code into its own method so that child classes can override it and change the action. Forward thinking in case a "chained" ACL is needed, more complex permission logic.

Parameters
array$request

Definition at line 90 of file ExpectedAuthnContextClassRef.php.

References $id, $url, array, SimpleSAML\Logger\error(), SimpleSAML\Module\getModuleURL(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

Referenced by process().

91  {
92  SimpleSAML\Logger::error(
93  'ExpectedAuthnContextClassRef: Invalid authentication context: '.$this->AuthnContextClassRef.
94  '. Accepted values are: '.var_export($this->accepted, true)
95  );
96 
97  $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
98  $url = SimpleSAML\Module::getModuleURL(
99  'saml/sp/wrong_authncontextclassref.php'
100  );
101  \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
102  }
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
SimpleSAML\Logger\error
static error($string)
Definition: Logger.php:168
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$url
$url
Definition: proxy_ylocal.php:28
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $accepted

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::$accepted
private

Definition at line 26 of file ExpectedAuthnContextClassRef.php.

◆ $AuthnContextClassRef

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::$AuthnContextClassRef
private

Definition at line 33 of file ExpectedAuthnContextClassRef.php.

The documentation for this class was generated from the following file: