ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
SP.php
Go to the documentation of this file.
1<?php
2
3class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
4
10 private $entityId;
11
12
18 private $metadata;
19
20
26 private $idp;
27
28
34 private $discoURL;
35
36
43 public function __construct($info, $config) {
44 assert('is_array($info)');
45 assert('is_array($config)');
46
47 // Call the parent constructor first, as required by the interface
48 parent::__construct($info, $config);
49
50 if (!isset($config['entityID'])) {
51 $config['entityID'] = $this->getMetadataURL();
52 }
53
54 /* For compatibility with code that assumes that $metadata->getString('entityid') gives the entity id. */
55 $config['entityid'] = $config['entityID'];
56
57 $this->metadata = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']');
58 $this->entityId = $this->metadata->getString('entityID');
59 $this->idp = $this->metadata->getString('idp', NULL);
60 $this->discoURL = $this->metadata->getString('discoURL', NULL);
61
62 if (empty($this->discoURL) && SimpleSAML\Module::isModuleEnabled('discojuice')) {
63 $this->discoURL = SimpleSAML\Module::getModuleURL('discojuice/central.php');
64 }
65 }
66
67
73 public function getMetadataURL() {
74
75 return SimpleSAML\Module::getModuleURL('saml/sp/metadata.php/' . urlencode($this->authId));
76 }
77
78
84 public function getEntityId() {
85
86 return $this->entityId;
87 }
88
89
95 public function getMetadata() {
96
97 return $this->metadata;
98
99 }
100
101
108 public function getIdPMetadata($entityId) {
109 assert('is_string($entityId)');
110
111 if ($this->idp !== NULL && $this->idp !== $entityId) {
112 throw new SimpleSAML_Error_Exception('Cannot retrieve metadata for IdP ' . var_export($entityId, TRUE) .
113 ' because it isn\'t a valid IdP for this SP.');
114 }
115
116 $metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
117
118 // First, look in saml20-idp-remote.
119 try {
120 return $metadataHandler->getMetaDataConfig($entityId, 'saml20-idp-remote');
121 } catch (Exception $e) {
122 /* Metadata wasn't found. */
123 SimpleSAML\Logger::debug('getIdpMetadata: ' . $e->getMessage());
124 }
125
126 /* Not found in saml20-idp-remote, look in shib13-idp-remote. */
127 try {
128 return $metadataHandler->getMetaDataConfig($entityId, 'shib13-idp-remote');
129 } catch (Exception $e) {
130 /* Metadata wasn't found. */
131 SimpleSAML\Logger::debug('getIdpMetadata: ' . $e->getMessage());
132 }
133
134 /* Not found. */
135 throw new SimpleSAML_Error_Exception('Could not find the metadata of an IdP with entity ID ' . var_export($entityId, TRUE));
136 }
137
138
145 private function startSSO1(SimpleSAML_Configuration $idpMetadata, array $state) {
146
147 $idpEntityId = $idpMetadata->getString('entityid');
148
149 $state['saml:idp'] = $idpEntityId;
150
151 $ar = new \SimpleSAML\XML\Shib13\AuthnRequest();
152 $ar->setIssuer($this->entityId);
153
154 $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
155 $ar->setRelayState($id);
156
157 $useArtifact = $idpMetadata->getBoolean('saml1.useartifact', NULL);
158 if ($useArtifact === NULL) {
159 $useArtifact = $this->metadata->getBoolean('saml1.useartifact', FALSE);
160 }
161
162 if ($useArtifact) {
163 $shire = SimpleSAML\Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId . '/artifact');
164 } else {
165 $shire = SimpleSAML\Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId);
166 }
167
168 $url = $ar->createRedirect($idpEntityId, $shire);
169
170 SimpleSAML\Logger::debug('Starting SAML 1 SSO to ' . var_export($idpEntityId, TRUE) .
171 ' from ' . var_export($this->entityId, TRUE) . '.');
172 \SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
173 }
174
175
182 private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state) {
183
184 if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] < 0) {
185 SimpleSAML_Auth_State::throwException(
186 $state,
187 new \SimpleSAML\Module\saml\Error\ProxyCountExceeded(\SAML2\Constants::STATUS_RESPONDER)
188 );
189 }
190
191 $ar = sspmod_saml_Message::buildAuthnRequest($this->metadata, $idpMetadata);
192 // ilias-patch: begin
193 // see: https://bugs.launchpad.net/mahara/+bug/1689685
194 // see: https://github.com/simplesamlphp/simplesamlphp/issues/503
195 $ar->setAssertionConsumerServiceURL(ILIAS_HTTP_PATH . '/Services/Saml/lib/saml2-acs.php/default-sp/' . CLIENT_ID);
196 // ilias-patch: end
197
198 if (isset($state['SimpleSAML_Auth_Source.ReturnURL'])) {
199 $ar->setRelayState($state['SimpleSAML_Auth_Source.ReturnURL']);
200 }
201
202 if (isset($state['saml:AuthnContextClassRef'])) {
203 $accr = SimpleSAML\Utils\Arrays::arrayize($state['saml:AuthnContextClassRef']);
204 $comp = SAML2\Constants::COMPARISON_EXACT;
205 if (isset($state['saml:AuthnContextComparison']) && in_array($state['AuthnContextComparison'], array(
206 SAML2\Constants::COMPARISON_EXACT,
207 SAML2\Constants::COMPARISON_MINIMUM,
208 SAML2\Constants::COMPARISON_MAXIMUM,
209 SAML2\Constants::COMPARISON_BETTER,
210 ), true)) {
211 $comp = $state['saml:AuthnContextComparison'];
212 }
213 $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr, 'Comparison' => $comp));
214 }
215
216 if (isset($state['ForceAuthn'])) {
217 $ar->setForceAuthn((bool)$state['ForceAuthn']);
218 }
219
220 if (isset($state['isPassive'])) {
221 $ar->setIsPassive((bool)$state['isPassive']);
222 }
223
224 if (isset($state['saml:NameID'])) {
225 if (!is_array($state['saml:NameID']) && !is_a($state['saml:NameID'], '\SAML2\XML\saml\NameID')) {
226 throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameID\'].');
227 }
228 $ar->setNameId($state['saml:NameID']);
229 }
230
231 if (isset($state['saml:NameIDPolicy'])) {
232 if (is_string($state['saml:NameIDPolicy'])) {
233 $policy = array(
234 'Format' => (string)$state['saml:NameIDPolicy'],
235 'AllowCreate' => TRUE,
236 );
237 } elseif (is_array($state['saml:NameIDPolicy'])) {
238 $policy = $state['saml:NameIDPolicy'];
239 } else {
240 throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameIDPolicy\'].');
241 }
242 $ar->setNameIdPolicy($policy);
243 }
244
245 if (isset($state['saml:IDPList'])) {
246 $IDPList = $state['saml:IDPList'];
247 } else {
248 $IDPList = array();
249 }
250
251 $ar->setIDPList(array_unique(array_merge($this->metadata->getArray('IDPList', array()),
252 $idpMetadata->getArray('IDPList', array()),
253 (array) $IDPList)));
254
255 if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] !== null) {
256 $ar->setProxyCount($state['saml:ProxyCount']);
257 } elseif ($idpMetadata->getInteger('ProxyCount', null) !== null) {
258 $ar->setProxyCount($idpMetadata->getInteger('ProxyCount', null));
259 } elseif ($this->metadata->getInteger('ProxyCount', null) !== null) {
260 $ar->setProxyCount($this->metadata->getInteger('ProxyCount', null));
261 }
262
263 $requesterID = array();
264 if (isset($state['saml:RequesterID'])) {
265 $requesterID = $state['saml:RequesterID'];
266 }
267
268 if (isset($state['core:SP'])) {
269 $requesterID[] = $state['core:SP'];
270 }
271
272 $ar->setRequesterID($requesterID);
273
274 if (isset($state['saml:Extensions'])) {
275 $ar->setExtensions($state['saml:Extensions']);
276 }
277
278 // save IdP entity ID as part of the state
279 $state['ExpectedIssuer'] = $idpMetadata->getString('entityid');
280
281 $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', TRUE);
282 $ar->setId($id);
283
284 SimpleSAML\Logger::debug('Sending SAML 2 AuthnRequest to ' . var_export($idpMetadata->getString('entityid'), TRUE));
285
286 /* Select appropriate SSO endpoint */
287 if ($ar->getProtocolBinding() === \SAML2\Constants::BINDING_HOK_SSO) {
288 $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(
289 \SAML2\Constants::BINDING_HOK_SSO)
290 );
291 } else {
292 $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(
293 \SAML2\Constants::BINDING_HTTP_REDIRECT,
294 \SAML2\Constants::BINDING_HTTP_POST)
295 );
296 }
297 $ar->setDestination($dst['Location']);
298
299 $b = \SAML2\Binding::getBinding($dst['Binding']);
300
301 $this->sendSAML2AuthnRequest($state, $b, $ar);
302
303 assert('FALSE');
304 }
305
306
316 public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar) {
317 $binding->send($ar);
318 assert('FALSE');
319 }
320
321
328 public function startSSO($idp, array $state) {
329 assert('is_string($idp)');
330
331 $idpMetadata = $this->getIdPMetadata($idp);
332
333 $type = $idpMetadata->getString('metadata-set');
334 switch ($type) {
335 case 'shib13-idp-remote':
336 $this->startSSO1($idpMetadata, $state);
337 assert('FALSE'); /* Should not return. */
338 case 'saml20-idp-remote':
339 $this->startSSO2($idpMetadata, $state);
340 assert('FALSE'); /* Should not return. */
341 default:
342 /* Should only be one of the known types. */
343 assert('FALSE');
344 }
345 }
346
347
353 private function startDisco(array $state) {
354
355 $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
356
357 $config = SimpleSAML_Configuration::getInstance();
358
359 $discoURL = $this->discoURL;
360 if ($discoURL === NULL) {
361 /* Fallback to internal discovery service. */
362 $discoURL = SimpleSAML\Module::getModuleURL('saml/disco.php');
363 }
364
365 $returnTo = SimpleSAML\Module::getModuleURL('saml/sp/discoresp.php', array('AuthID' => $id));
366
367 $params = array(
368 'entityID' => $this->entityId,
369 'return' => $returnTo,
370 'returnIDParam' => 'idpentityid'
371 );
372
373 if(isset($state['saml:IDPList'])) {
374 $params['IDPList'] = $state['saml:IDPList'];
375 }
376
377 if (isset($state['isPassive']) && $state['isPassive']) {
378 $params['isPassive'] = 'true';
379 }
380
381 \SimpleSAML\Utils\HTTP::redirectTrustedURL($discoURL, $params);
382 }
383
384
392 public function authenticate(&$state) {
393 assert('is_array($state)');
394
395 /* We are going to need the authId in order to retrieve this authentication source later. */
396 $state['saml:sp:AuthId'] = $this->authId;
397
398 $idp = $this->idp;
399
400 if (isset($state['saml:idp'])) {
401 $idp = (string)$state['saml:idp'];
402 }
403
404 if (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0) {
405 // we have a SAML IDPList (we are a proxy): filter the list of IdPs available
406 $mdh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
407 $known_idps = $mdh->getList();
408 $intersection = array_intersect($state['saml:IDPList'], array_keys($known_idps));
409
410 if (empty($intersection)) { // all requested IdPs are unknown
411 throw new SimpleSAML\Module\saml\Error\NoSupportedIDP(
412 \SAML2\Constants::STATUS_REQUESTER,
413 'None of the IdPs requested are supported by this proxy.'
414 );
415 }
416
417 if (!is_null($idp) && !in_array($idp, $intersection, true)) { // the IdP is enforced but not in the IDPList
418 throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(
419 \SAML2\Constants::STATUS_REQUESTER,
420 'None of the IdPs requested are available to this proxy.'
421 );
422 }
423
424 if (is_null($idp) && sizeof($intersection) === 1) { // only one IdP requested or valid
425 $idp = current($state['saml:IDPList']);
426 }
427 }
428
429 if ($idp === NULL) {
430 $this->startDisco($state);
431 assert('FALSE');
432 }
433
434 $this->startSSO($idp, $state);
435 assert('FALSE');
436 }
437
438
447 public function reauthenticate(array &$state) {
448 assert('is_array($state)');
449
450 $session = SimpleSAML_Session::getSessionFromRequest();
451 $data = $session->getAuthState($this->authId);
452 foreach ($data as $k => $v) {
453 $state[$k] = $v;
454 }
455
456 // check if we have an IDPList specified in the request
457 if (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0 &&
458 !in_array($state['saml:sp:IdP'], $state['saml:IDPList'], true))
459 {
460 /*
461 * The user has an existing, valid session. However, the SP provided a list of IdPs it accepts for
462 * authentication, and the IdP the existing session is related to is not in that list.
463 *
464 * First, check if we recognize any of the IdPs requested.
465 */
466
467 $mdh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
468 $known_idps = $mdh->getList();
469 $intersection = array_intersect($state['saml:IDPList'], array_keys($known_idps));
470
471 if (empty($intersection)) { // all requested IdPs are unknown
472 throw new SimpleSAML\Module\saml\Error\NoSupportedIDP(
473 \SAML2\Constants::STATUS_REQUESTER,
474 'None of the IdPs requested are supported by this proxy.'
475 );
476 }
477
478 /*
479 * We have at least one IdP in the IDPList that we recognize, and it's not the one currently in use. Let's
480 * see if this proxy enforces the use of one single IdP.
481 */
482 if (!is_null($this->idp) && !in_array($this->idp, $intersection, true)) { // an IdP is enforced but not requested
483 throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(
484 \SAML2\Constants::STATUS_REQUESTER,
485 'None of the IdPs requested are available to this proxy.'
486 );
487 }
488
489 /*
490 * We need to inform the user, and ask whether we should logout before starting the authentication process
491 * again with a different IdP, or cancel the current SSO attempt.
492 */
493 SimpleSAML\Logger::warning(
494 "Reauthentication after logout is needed. The IdP '${state['saml:sp:IdP']}' is not in the IDPList ".
495 "provided by the Service Provider '${state['core:SP']}'."
496 );
497
498 $state['saml:sp:IdPMetadata'] = $this->getIdPMetadata($state['saml:sp:IdP']);
499 $state['saml:sp:AuthId'] = $this->authId;
500 self::askForIdPChange($state);
501 }
502 }
503
504
521 public static function askForIdPChange(array &$state)
522 {
523 assert('array_key_exists("saml:sp:IdPMetadata", $state)');
524 assert('array_key_exists("saml:sp:AuthId", $state)');
525 assert('array_key_exists("core:IdP", $state)');
526 assert('array_key_exists("SPMetadata", $state)');
527
528 if (isset($state['isPassive']) && (bool)$state['isPassive']) {
529 // passive request, we cannot authenticate the user
530 throw new SimpleSAML_Error_NoPassive('Reauthentication required');
531 }
532
533 // save the state WITHOUT a restart URL, so that we don't try an IdP-initiated login if something goes wrong
534 $id = SimpleSAML_Auth_State::saveState($state, 'saml:proxy:invalid_idp', true);
535 $url = SimpleSAML\Module::getModuleURL('saml/proxy/invalid_session.php');
536 SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));
537 assert('false');
538 }
539
540
548 public static function reauthLogout(array $state)
549 {
550 SimpleSAML\Logger::debug('Proxy: logging the user out before re-authentication.');
551
552 if (isset($state['Responder'])) {
553 $state['saml:proxy:reauthLogout:PrevResponder'] = $state['Responder'];
554 }
555 $state['Responder'] = array('sspmod_saml_Auth_Source_SP', 'reauthPostLogout');
556
557 $idp = SimpleSAML_IdP::getByState($state);
558 $idp->handleLogoutRequest($state, null);
559 assert('false');
560 }
561
562
568 public static function reauthPostLogin(array $state) {
569 assert('isset($state["ReturnCallback"])');
570
571 // Update session state
572 $session = SimpleSAML_Session::getSessionFromRequest();
573 $authId = $state['saml:sp:AuthId'];
574 $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
575
576 // resume the login process
577 call_user_func($state['ReturnCallback'], $state);
578 assert('FALSE');
579 }
580
581
590 public static function reauthPostLogout(SimpleSAML_IdP $idp, array $state) {
591 assert('isset($state["saml:sp:AuthId"])');
592
593 SimpleSAML\Logger::debug('Proxy: logout completed.');
594
595 if (isset($state['saml:proxy:reauthLogout:PrevResponder'])) {
596 $state['Responder'] = $state['saml:proxy:reauthLogout:PrevResponder'];
597 }
598
599 $sp = SimpleSAML_Auth_Source::getById($state['saml:sp:AuthId'], 'sspmod_saml_Auth_Source_SP');
601 SimpleSAML\Logger::debug('Proxy: logging in again.');
602 $sp->authenticate($state);
603 assert('false');
604 }
605
606
612 public function startSLO2(&$state) {
613 assert('is_array($state)');
614 assert('array_key_exists("saml:logout:IdP", $state)');
615 assert('array_key_exists("saml:logout:NameID", $state)');
616 assert('array_key_exists("saml:logout:SessionIndex", $state)');
617
618 $id = SimpleSAML_Auth_State::saveState($state, 'saml:slosent');
619
620 $idp = $state['saml:logout:IdP'];
621 $nameId = $state['saml:logout:NameID'];
622 $sessionIndex = $state['saml:logout:SessionIndex'];
623
624 $idpMetadata = $this->getIdPMetadata($idp);
625
626 $endpoint = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
627 \SAML2\Constants::BINDING_HTTP_REDIRECT,
628 \SAML2\Constants::BINDING_HTTP_POST), FALSE);
629 if ($endpoint === FALSE) {
630 SimpleSAML\Logger::info('No logout endpoint for IdP ' . var_export($idp, TRUE) . '.');
631 return;
632 }
633
634 $lr = sspmod_saml_Message::buildLogoutRequest($this->metadata, $idpMetadata);
635 $lr->setNameId($nameId);
636 $lr->setSessionIndex($sessionIndex);
637 $lr->setRelayState($id);
638 $lr->setDestination($endpoint['Location']);
639
640 $encryptNameId = $idpMetadata->getBoolean('nameid.encryption', NULL);
641 if ($encryptNameId === NULL) {
642 $encryptNameId = $this->metadata->getBoolean('nameid.encryption', FALSE);
643 }
644 if ($encryptNameId) {
645 $lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($idpMetadata));
646 }
647
648 $b = \SAML2\Binding::getBinding($endpoint['Binding']);
649 $b->send($lr);
650
651 assert('FALSE');
652 }
653
654
660 public function logout(&$state) {
661 assert('is_array($state)');
662 assert('array_key_exists("saml:logout:Type", $state)');
663
664 $logoutType = $state['saml:logout:Type'];
665 switch ($logoutType) {
666 case 'saml1':
667 /* Nothing to do. */
668 return;
669 case 'saml2':
670 $this->startSLO2($state);
671 return;
672 default:
673 /* Should never happen. */
674 assert('FALSE');
675 }
676 }
677
678
686 public function handleResponse(array $state, $idp, array $attributes) {
687 assert('is_string($idp)');
688 assert('array_key_exists("LogoutState", $state)');
689 assert('array_key_exists("saml:logout:Type", $state["LogoutState"])');
690
691 $idpMetadata = $this->getIdpMetadata($idp);
692
693 $spMetadataArray = $this->metadata->toArray();
694 $idpMetadataArray = $idpMetadata->toArray();
695
696 /* Save the IdP in the state array. */
697 $state['saml:sp:IdP'] = $idp;
698 $state['PersistentAuthData'][] = 'saml:sp:IdP';
699
700 $authProcState = array(
701 'saml:sp:IdP' => $idp,
702 'saml:sp:State' => $state,
703 'ReturnCall' => array('sspmod_saml_Auth_Source_SP', 'onProcessingCompleted'),
704
705 'Attributes' => $attributes,
706 'Destination' => $spMetadataArray,
707 'Source' => $idpMetadataArray,
708 );
709
710 if (isset($state['saml:sp:NameID'])) {
711 $authProcState['saml:sp:NameID'] = $state['saml:sp:NameID'];
712 }
713 if (isset($state['saml:sp:SessionIndex'])) {
714 $authProcState['saml:sp:SessionIndex'] = $state['saml:sp:SessionIndex'];
715 }
716
717 $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadataArray, $spMetadataArray, 'sp');
718 $pc->processState($authProcState);
719
720 self::onProcessingCompleted($authProcState);
721 }
722
723
729 public function handleLogout($idpEntityId) {
730 assert('is_string($idpEntityId)');
731
732 /* Call the logout callback we registered in onProcessingCompleted(). */
733 $this->callLogoutCallback($idpEntityId);
734 }
735
736
749 public static function handleUnsolicitedAuth($authId, array $state, $redirectTo) {
750 assert('is_string($authId)');
751 assert('is_string($redirectTo)');
752
753 $session = SimpleSAML_Session::getSessionFromRequest();
754 $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
755
756 \SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
757 }
758
759
765 public static function onProcessingCompleted(array $authProcState) {
766 assert('array_key_exists("saml:sp:IdP", $authProcState)');
767 assert('array_key_exists("saml:sp:State", $authProcState)');
768 assert('array_key_exists("Attributes", $authProcState)');
769
770 $idp = $authProcState['saml:sp:IdP'];
771 $state = $authProcState['saml:sp:State'];
772
773 $sourceId = $state['saml:sp:AuthId'];
774 $source = SimpleSAML_Auth_Source::getById($sourceId);
775 if ($source === NULL) {
776 throw new Exception('Could not find authentication source with id ' . $sourceId);
777 }
778
779 /* Register a callback that we can call if we receive a logout request from the IdP. */
780 $source->addLogoutCallback($idp, $state);
781
782 $state['Attributes'] = $authProcState['Attributes'];
783
784 if (isset($state['saml:sp:isUnsolicited']) && (bool)$state['saml:sp:isUnsolicited']) {
785 if (!empty($state['saml:sp:RelayState'])) {
786 $redirectTo = $state['saml:sp:RelayState'];
787 } else {
788 $redirectTo = $source->getMetadata()->getString('RelayState', '/');
789 }
790 self::handleUnsolicitedAuth($sourceId, $state, $redirectTo);
791 }
792
793 SimpleSAML_Auth_Source::completeAuth($state);
794 }
795
796}
$endpoint
$endpoint
Definition: attributeserver.php:23
$sourceId
if(!array_key_exists(sspmod_authfacebook_Auth_Source_Facebook::AUTHID, $state)) $sourceId
Definition: linkback.php:20
$source
$source
Definition: linkback.php:22
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
$returnTo
if(!isset($_REQUEST['ReturnTo'])) $returnTo
Definition: authpage.php:16
php
An exception for terminatinating execution or to throw for unit testing.
SAML2\Binding\getBinding
static getBinding($urn)
Retrieve a binding with the given URN.
Definition: Binding.php:28
SAML2\Constants\COMPARISON_EXACT
const COMPARISON_EXACT
Request Authentication Context Comparison indicating that the resulting authentication context in the...
Definition: Constants.php:78
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
SimpleSAML\Utils\Arrays\arrayize
static arrayize($data, $index=0)
Put a non-array variable into an array.
Definition: Arrays.php:24
SimpleSAML\Utils\HTTP\redirectUntrustedURL
static redirectUntrustedURL($url, $parameters=array())
This function redirects to the specified URL after performing the appropriate security checks on it.
Definition: HTTP.php:994
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML_Auth_ProcessingChain
Definition: ProcessingChain.php:13
SimpleSAML_Auth_Source
Definition: Source.php:13
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
SimpleSAML_Auth_Source\callLogoutCallback
callLogoutCallback($assoc)
Call a logout callback based on association.
Definition: Source.php:439
SimpleSAML_Auth_State\getPersistentAuthData
static getPersistentAuthData(array $state)
Get the persistent authentication state from the state array.
Definition: State.php:103
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
SimpleSAML_Configuration
Definition: Configuration.php:11
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:297
SimpleSAML_Configuration\loadFromArray
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
Definition: Configuration.php:269
SimpleSAML_Error_Exception
Definition: Exception.php:13
SimpleSAML_Error_NoPassive
Class SimpleSAML_Error_NoPassive.
Definition: NoPassive.php:12
SimpleSAML_IdP
Definition: IdP.php:12
SimpleSAML_IdP\getByState
static getByState(array &$state)
Retrieve the IdP "owning" the state.
Definition: IdP.php:152
SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:243
sspmod_saml_Auth_Source_SP
Definition: SP.php:3
sspmod_saml_Auth_Source_SP\handleResponse
handleResponse(array $state, $idp, array $attributes)
Handle a response from a SSO operation.
Definition: SP.php:686
sspmod_saml_Auth_Source_SP\askForIdPChange
static askForIdPChange(array &$state)
Ask the user to log out before being able to log in again with a different identity provider.
Definition: SP.php:521
sspmod_saml_Auth_Source_SP\handleLogout
handleLogout($idpEntityId)
Handle a logout request from an IdP.
Definition: SP.php:729
sspmod_saml_Auth_Source_SP\logout
logout(&$state)
Start logout operation.
Definition: SP.php:660
sspmod_saml_Auth_Source_SP\handleUnsolicitedAuth
static handleUnsolicitedAuth($authId, array $state, $redirectTo)
Handle an unsolicited login operations.
Definition: SP.php:749
sspmod_saml_Auth_Source_SP\authenticate
authenticate(&$state)
Start login.
Definition: SP.php:392
sspmod_saml_Auth_Source_SP\getIdPMetadata
getIdPMetadata($entityId)
Retrieve the metadata of an IdP.
Definition: SP.php:108
sspmod_saml_Auth_Source_SP\reauthLogout
static reauthLogout(array $state)
Log the user out before logging in again.
Definition: SP.php:548
sspmod_saml_Auth_Source_SP\startSLO2
startSLO2(&$state)
Start a SAML 2 logout operation.
Definition: SP.php:612
sspmod_saml_Auth_Source_SP\startSSO2
startSSO2(SimpleSAML_Configuration $idpMetadata, array $state)
Send a SAML2 SSO request to an IdP.
Definition: SP.php:182
sspmod_saml_Auth_Source_SP\__construct
__construct($info, $config)
Constructor for SAML SP authentication source.
Definition: SP.php:43
sspmod_saml_Auth_Source_SP\getEntityId
getEntityId()
Retrieve the entity id of this SP.
Definition: SP.php:84
sspmod_saml_Auth_Source_SP\reauthenticate
reauthenticate(array &$state)
Re-authenticate an user.
Definition: SP.php:447
sspmod_saml_Auth_Source_SP\$metadata
$metadata
Definition: SP.php:18
sspmod_saml_Auth_Source_SP\$entityId
$entityId
Definition: SP.php:10
sspmod_saml_Auth_Source_SP\startSSO
startSSO($idp, array $state)
Send a SSO request to an IdP.
Definition: SP.php:328
sspmod_saml_Auth_Source_SP\sendSAML2AuthnRequest
sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar)
Function to actually send the authentication request.
Definition: SP.php:316
sspmod_saml_Auth_Source_SP\reauthPostLogin
static reauthPostLogin(array $state)
Complete login operation after re-authenticating the user on another IdP.
Definition: SP.php:568
sspmod_saml_Auth_Source_SP\startDisco
startDisco(array $state)
Start an IdP discovery service operation.
Definition: SP.php:353
sspmod_saml_Auth_Source_SP\getMetadataURL
getMetadataURL()
Retrieve the URL to the metadata of this SP.
Definition: SP.php:73
sspmod_saml_Auth_Source_SP\$discoURL
$discoURL
Definition: SP.php:34
sspmod_saml_Auth_Source_SP\getMetadata
getMetadata()
Retrieve the metadata of this SP.
Definition: SP.php:95
sspmod_saml_Auth_Source_SP\$idp
$idp
Definition: SP.php:26
sspmod_saml_Auth_Source_SP\onProcessingCompleted
static onProcessingCompleted(array $authProcState)
Called when we have completed the procssing chain.
Definition: SP.php:765
sspmod_saml_Auth_Source_SP\startSSO1
startSSO1(SimpleSAML_Configuration $idpMetadata, array $state)
Send a SAML1 SSO request to an IdP.
Definition: SP.php:145
sspmod_saml_Message\buildLogoutRequest
static buildLogoutRequest(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata)
Build a logout request based on information in the metadata.
Definition: Message.php:501
sspmod_saml_Message\buildAuthnRequest
static buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
Build an authentication request based on information in the metadata.
Definition: Message.php:431
sspmod_saml_Message\getEncryptionKey
static getEncryptionKey(SimpleSAML_Configuration $metadata)
Retrieve the encryption key for the given entity.
Definition: Message.php:829
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$nameId
$nameId
Definition: saml2-acs.php:138
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
$info
$info
Definition: index.php:5
$lr
$lr
Definition: logout-iframe-post.php:29
$binding
$binding
Definition: logout-iframe-post.php:55
$dst
$dst
Definition: logout-iframe-post.php:54
$idpMetadata
$idpMetadata
Definition: logout-iframe-post.php:26
$encryptNameId
$encryptNameId
Definition: logout-iframe-post.php:39
SimpleSAML
Attribute-related utility methods.
$type
$type
Definition: proxy_ylocal.php:10
$session
$session
Definition: proxy_ylocal.php:32
$url
$url
Definition: proxy_ylocal.php:28
$idpEntityId
$idpEntityId
Definition: prp.php:12
$attributes
$attributes
Definition: serviceValidate.php:33
$params
$params
Definition: disable.php:11
$mdh
$mdh
Definition: logout-iframe.php:23