ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes
SimpleSAML_IdP Class Reference
+ Collaboration diagram for SimpleSAML_IdP:

Public Member Functions

 getId ()
 Retrieve the ID of this IdP. More...
 
 getConfig ()
 Retrieve the configuration for this IdP. More...
 
 getSPName ($assocId)
 Get SP name. More...
 
 addAssociation (array $association)
 Add an SP association. More...
 
 getAssociations ()
 Retrieve list of SP associations. More...
 
 terminateAssociation ($assocId)
 Remove an SP association. More...
 
 isAuthenticated ()
 Is the current user authenticated? More...
 
 handleAuthenticationRequest (array &$state)
 Process authentication requests. More...
 
 getLogoutHandler ()
 Find the logout handler of this IdP. More...
 
 finishLogout (array &$state)
 Finish the logout operation. More...
 
 handleLogoutRequest (array &$state, $assocId)
 Process a logout request. More...
 
 handleLogoutResponse ($assocId, $relayState, SimpleSAML_Error_Exception $error=null)
 Process a logout response. More...
 
 doLogoutRedirect ($url)
 Log out, then redirect to a URL. More...
 

Static Public Member Functions

static getById ($id)
 Retrieve an IdP by ID. More...
 
static getByState (array &$state)
 Retrieve the IdP "owning" the state. More...
 
static postAuthProc (array $state)
 Called after authproc has run. More...
 
static postAuth (array $state)
 The user is authenticated. More...
 
static finishLogoutRedirect (SimpleSAML_IdP $idp, array $state)
 Redirect to a URL after logout. More...
 

Private Member Functions

 __construct ($id)
 Initialize an IdP. More...
 
 authenticate (array &$state)
 Authenticate the user. More...
 
 reauthenticate (array &$state)
 Re-authenticate the user. More...
 

Private Attributes

 $id
 
 $associationGroup
 
 $config
 
 $authSource
 

Static Private Attributes

static $idpCache = array()
 

Detailed Description

Definition at line 11 of file IdP.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_IdP::__construct (   $id)
private

Initialize an IdP.

Parameters
string$idThe identifier of this IdP.
Exceptions
SimpleSAML_Error_ExceptionIf the IdP is disabled or no such auth source was found.

Definition at line 64 of file IdP.php.

65 {
66 assert('is_string($id)');
67
68 $this->id = $id;
69
70 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
71 $globalConfig = SimpleSAML_Configuration::getInstance();
72
73 if (substr($id, 0, 6) === 'saml2:') {
74 if (!$globalConfig->getBoolean('enable.saml20-idp', false)) {
75 throw new SimpleSAML_Error_Exception('enable.saml20-idp disabled in config.php.');
76 }
77 $this->config = $metadata->getMetaDataConfig(substr($id, 6), 'saml20-idp-hosted');
78 } elseif (substr($id, 0, 6) === 'saml1:') {
79 if (!$globalConfig->getBoolean('enable.shib13-idp', false)) {
80 throw new SimpleSAML_Error_Exception('enable.shib13-idp disabled in config.php.');
81 }
82 $this->config = $metadata->getMetaDataConfig(substr($id, 6), 'shib13-idp-hosted');
83 } elseif (substr($id, 0, 5) === 'adfs:') {
84 if (!$globalConfig->getBoolean('enable.adfs-idp', false)) {
85 throw new SimpleSAML_Error_Exception('enable.adfs-idp disabled in config.php.');
86 }
87 $this->config = $metadata->getMetaDataConfig(substr($id, 5), 'adfs-idp-hosted');
88
89 try {
90 // this makes the ADFS IdP use the same SP associations as the SAML 2.0 IdP
91 $saml2EntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
92 $this->associationGroup = 'saml2:'.$saml2EntityId;
93 } catch (Exception $e) {
94 // probably no SAML 2 IdP configured for this host. Ignore the error
95 }
96 } else {
97 assert(false);
98 }
99
100 if ($this->associationGroup === null) {
101 $this->associationGroup = $this->id;
102 }
103
104 $auth = $this->config->getString('auth');
105 if (SimpleSAML_Auth_Source::getById($auth) !== null) {
106 $this->authSource = new \SimpleSAML\Auth\Simple($auth);
107 } else {
108 throw new SimpleSAML_Error_Exception('No such "'.$auth.'" auth source found.');
109 }
110 }
$auth
$auth
Definition: metadata.php:48
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:297
SimpleSAML_Error_Exception
Definition: Exception.php:13
SimpleSAML_IdP\$id
$id
Definition: IdP.php:27
SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40
$globalConfig
$globalConfig
Definition: authorize_403.php:13

References $auth, $globalConfig, $id, $metadata, SimpleSAML_Auth_Source\getById(), SimpleSAML_Configuration\getInstance(), and SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler().

+ Here is the call graph for this function:

Member Function Documentation

◆ addAssociation()

SimpleSAML_IdP::addAssociation ( array  $association)

Add an SP association.

Parameters
array$associationThe SP association.

Definition at line 219 of file IdP.php.

220 {
221 assert('isset($association["id"])');
222 assert('isset($association["Handler"])');
223
224 $association['core:IdP'] = $this->id;
225
226 $session = SimpleSAML_Session::getSessionFromRequest();
227 $session->addAssociation($this->associationGroup, $association);
228 }
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:243
$association
if(!isset($associations[$assocId])) $association
Definition: logout-iframe-post.php:23
$session
$session
Definition: proxy_ylocal.php:32

References $association, $id, $session, and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ authenticate()

SimpleSAML_IdP::authenticate ( array &  $state)
private

Authenticate the user.

This function authenticates the user.

Parameters
array&$stateThe authentication request state.
Exceptions
SimpleSAML_Error_NoPassiveIf we were asked to do passive authentication.

Definition at line 346 of file IdP.php.

347 {
348 if (isset($state['isPassive']) && (bool) $state['isPassive']) {
349 throw new SimpleSAML_Error_NoPassive('Passive authentication not supported.');
350 }
351
352 $this->authSource->login($state);
353 }
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Error_NoPassive
Class SimpleSAML_Error_NoPassive.
Definition: NoPassive.php:12

References $state.

Referenced by handleAuthenticationRequest().

+ Here is the caller graph for this function:

◆ doLogoutRedirect()

SimpleSAML_IdP::doLogoutRedirect (   $url)

Log out, then redirect to a URL.

This function never returns.

Parameters
string$urlThe URL the user should be returned to after logout.

Definition at line 536 of file IdP.php.

537 {
538 assert('is_string($url)');
539
540 $state = array(
541 'Responder' => array('SimpleSAML_IdP', 'finishLogoutRedirect'),
542 'core:Logout:URL' => $url,
543 );
544
545 $this->handleLogoutRequest($state, null);
546 assert('false');
547 }
SimpleSAML_IdP\handleLogoutRequest
handleLogoutRequest(array &$state, $assocId)
Process a logout request.
Definition: IdP.php:479
$url
$url
Definition: proxy_ylocal.php:28

References $state, $url, and handleLogoutRequest().

+ Here is the call graph for this function:

◆ finishLogout()

SimpleSAML_IdP::finishLogout ( array &  $state)

Finish the logout operation.

This function will never return.

Parameters
array&$stateThe logout request state.

Definition at line 460 of file IdP.php.

461 {
462 assert('isset($state["Responder"])');
463
464 $idp = SimpleSAML_IdP::getByState($state);
465 call_user_func($state['Responder'], $idp, $state);
466 assert('false');
467 }
SimpleSAML_IdP\getByState
static getByState(array &$state)
Retrieve the IdP "owning" the state.
Definition: IdP.php:152
$idp
$idp
Definition: prp.php:13

References $idp, $state, and getByState().

+ Here is the call graph for this function:

◆ finishLogoutRedirect()

static SimpleSAML_IdP::finishLogoutRedirect ( SimpleSAML_IdP  $idp,
array  $state 
)
static

Redirect to a URL after logout.

This function never returns.

Parameters
SimpleSAML_IdP$idpDeprecated. Will be removed.
array&$stateThe logout state from doLogoutRedirect().

Definition at line 558 of file IdP.php.

559 {
560 assert('isset($state["core:Logout:URL"])');
561
562 \SimpleSAML\Utils\HTTP::redirectTrustedURL($state['core:Logout:URL']);
563 assert('false');
564 }
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962

References $state, and SimpleSAML\Utils\HTTP\redirectTrustedURL().

+ Here is the call graph for this function:

◆ getAssociations()

SimpleSAML_IdP::getAssociations ( )

Retrieve list of SP associations.

Returns
array List of SP associations.

Definition at line 236 of file IdP.php.

237 {
238 $session = SimpleSAML_Session::getSessionFromRequest();
239 return $session->getAssociations($this->associationGroup);
240 }

References $session, and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ getById()

static SimpleSAML_IdP::getById (   $id)
static

Retrieve an IdP by ID.

Parameters
string$idThe identifier of the IdP.
Returns
SimpleSAML_IdP The IdP.

Definition at line 131 of file IdP.php.

132 {
133 assert('is_string($id)');
134
135 if (isset(self::$idpCache[$id])) {
136 return self::$idpCache[$id];
137 }
138
139 $idp = new self($id);
140 self::$idpCache[$id] = $idp;
141 return $idp;
142 }

References $id, and $idp.

Referenced by getByState().

+ Here is the caller graph for this function:

◆ getByState()

static SimpleSAML_IdP::getByState ( array &  $state)
static

Retrieve the IdP "owning" the state.

Parameters
array&$stateThe state array.
Returns
SimpleSAML_IdP The IdP.

Definition at line 152 of file IdP.php.

153 {
154 assert('isset($state["core:IdP"])');
155
156 return self::getById($state['core:IdP']);
157 }
SimpleSAML_IdP\getById
static getById($id)
Retrieve an IdP by ID.
Definition: IdP.php:131

References $state, and getById().

Referenced by finishLogout(), sspmod_saml_IdP_SAML2\handleAuthError(), SimpleSAML\IdP\TraditionalLogoutHandler\logoutNextSP(), postAuth(), sspmod_saml_Auth_Source_SP\reauthLogout(), sspmod_adfs_IdP_ADFS\sendResponse(), sspmod_saml_IdP_SAML1\sendResponse(), sspmod_saml_IdP_SAML2\sendResponse(), and SimpleSAML\IdP\IFrameLogoutHandler\startLogout().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getConfig()

SimpleSAML_IdP::getConfig ( )

Retrieve the configuration for this IdP.

Returns
SimpleSAML_Configuration The configuration object.

Definition at line 165 of file IdP.php.

166 {
167 return $this->config;
168 }
SimpleSAML_IdP\$config
$config
Definition: IdP.php:46

References $config.

Referenced by getLogoutHandler(), and handleAuthenticationRequest().

+ Here is the caller graph for this function:

◆ getId()

SimpleSAML_IdP::getId ( )

Retrieve the ID of this IdP.

Returns
string The ID of this IdP.

Definition at line 118 of file IdP.php.

119 {
120 return $this->id;
121 }

References $id.

◆ getLogoutHandler()

SimpleSAML_IdP::getLogoutHandler ( )

Find the logout handler of this IdP.

Returns
\SimpleSAML\IdP\LogoutHandlerInterface The logout handler class.
Exceptions
SimpleSAML_Error_ExceptionIf we cannot find a logout handler.

Definition at line 434 of file IdP.php.

435 {
436 // find the logout handler
437 $logouttype = $this->getConfig()->getString('logouttype', 'traditional');
438 switch ($logouttype) {
439 case 'traditional':
440 $handler = 'SimpleSAML\IdP\TraditionalLogoutHandler';
441 break;
442 case 'iframe':
443 $handler = 'SimpleSAML\IdP\IFrameLogoutHandler';
444 break;
445 default:
446 throw new SimpleSAML_Error_Exception('Unknown logout handler: '.var_export($logouttype, true));
447 }
448
449 return new $handler($this);
450 }
SimpleSAML_IdP\getConfig
getConfig()
Retrieve the configuration for this IdP.
Definition: IdP.php:165
$handler
$handler
Definition: resumelogout.php:11

References $handler, and getConfig().

Referenced by handleLogoutRequest(), and handleLogoutResponse().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSPName()

SimpleSAML_IdP::getSPName (   $assocId)

Get SP name.

Parameters
string$assocIdThe association identifier.
Returns
array|null The name of the SP, as an associative array of language => text, or null if this isn't an SP.

Definition at line 178 of file IdP.php.

179 {
180 assert('is_string($assocId)');
181
182 $prefix = substr($assocId, 0, 4);
183 $spEntityId = substr($assocId, strlen($prefix) + 1);
184 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
185
186 if ($prefix === 'saml') {
187 try {
188 $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
189 } catch (Exception $e) {
190 try {
191 $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
192 } catch (Exception $e) {
193 return null;
194 }
195 }
196 } else {
197 if ($prefix === 'adfs') {
198 $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'adfs-sp-remote');
199 } else {
200 return null;
201 }
202 }
203
204 if ($spMetadata->hasValue('name')) {
205 return $spMetadata->getLocalizedString('name');
206 } elseif ($spMetadata->hasValue('OrganizationDisplayName')) {
207 return $spMetadata->getLocalizedString('OrganizationDisplayName');
208 } else {
209 return array('en' => $spEntityId);
210 }
211 }
$spEntityId
$spEntityId
Definition: attributeserver.php:14
$assocId
if(!isset($_REQUEST['association'])) $assocId
Definition: logout-iframe-post.php:12
$spMetadata
$spMetadata
Definition: logout-iframe-post.php:27

References $assocId, $metadata, $spEntityId, $spMetadata, and SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler().

+ Here is the call graph for this function:

◆ handleAuthenticationRequest()

SimpleSAML_IdP::handleAuthenticationRequest ( array &  $state)

Process authentication requests.

Parameters
array&$stateThe authentication request state.

Definition at line 384 of file IdP.php.

385 {
386 assert('isset($state["Responder"])');
387
388 $state['core:IdP'] = $this->id;
389
390 if (isset($state['SPMetadata']['entityid'])) {
391 $spEntityId = $state['SPMetadata']['entityid'];
392 } elseif (isset($state['SPMetadata']['entityID'])) {
393 $spEntityId = $state['SPMetadata']['entityID'];
394 } else {
395 $spEntityId = null;
396 }
397 $state['core:SP'] = $spEntityId;
398
399 // first, check whether we need to authenticate the user
400 if (isset($state['ForceAuthn']) && (bool) $state['ForceAuthn']) {
401 // force authentication is in effect
402 $needAuth = true;
403 } else {
404 $needAuth = !$this->isAuthenticated();
405 }
406
407 $state['IdPMetadata'] = $this->getConfig()->toArray();
408 $state['ReturnCallback'] = array('SimpleSAML_IdP', 'postAuth');
409
410 try {
411 if ($needAuth) {
412 $this->authenticate($state);
413 assert('FALSE');
414 } else {
415 $this->reauthenticate($state);
416 }
417 $this->postAuth($state);
418 } catch (SimpleSAML_Error_Exception $e) {
419 SimpleSAML_Auth_State::throwException($state, $e);
420 } catch (Exception $e) {
421 $e = new SimpleSAML_Error_UnserializableException($e);
422 SimpleSAML_Auth_State::throwException($state, $e);
423 }
424 }
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:15
SimpleSAML_IdP\authenticate
authenticate(array &$state)
Authenticate the user.
Definition: IdP.php:346
SimpleSAML_IdP\isAuthenticated
isAuthenticated()
Is the current user authenticated?
Definition: IdP.php:262
SimpleSAML_IdP\postAuth
static postAuth(array $state)
The user is authenticated.
Definition: IdP.php:299
SimpleSAML_IdP\reauthenticate
reauthenticate(array &$state)
Re-authenticate the user.
Definition: IdP.php:368

References $id, $spEntityId, $state, authenticate(), getConfig(), isAuthenticated(), postAuth(), reauthenticate(), and SimpleSAML_Auth_State\throwException().

+ Here is the call graph for this function:

◆ handleLogoutRequest()

SimpleSAML_IdP::handleLogoutRequest ( array &  $state,
  $assocId 
)

Process a logout request.

This function will never return.

Parameters
array&$stateThe logout request state.
string | null$assocIdThe association we received the logout request from, or null if there was no association.

Definition at line 479 of file IdP.php.

480 {
481 assert('isset($state["Responder"])');
482 assert('is_string($assocId) || is_null($assocId)');
483
484 $state['core:IdP'] = $this->id;
485 $state['core:TerminatedAssocId'] = $assocId;
486
487 if ($assocId !== null) {
488 $this->terminateAssociation($assocId);
489 $session = SimpleSAML_Session::getSessionFromRequest();
490 $session->deleteData('core:idp-ssotime', $this->id.':'.$state['saml:SPEntityId']);
491 }
492
493 // terminate the local session
494 $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout:afterbridge');
495 $returnTo = SimpleSAML\Module::getModuleURL('core/idp/resumelogout.php', array('id' => $id));
496
497 $this->authSource->logout($returnTo);
498
499 $handler = $this->getLogoutHandler();
500 $handler->startLogout($state, $assocId);
501 assert('false');
502 }
$returnTo
if(!isset($_REQUEST['ReturnTo'])) $returnTo
Definition: authpage.php:16
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
SimpleSAML_IdP\terminateAssociation
terminateAssociation($assocId)
Remove an SP association.
Definition: IdP.php:248
SimpleSAML_IdP\getLogoutHandler
getLogoutHandler()
Find the logout handler of this IdP.
Definition: IdP.php:434

References $assocId, $handler, $id, $returnTo, $session, $state, getLogoutHandler(), SimpleSAML\Module\getModuleURL(), SimpleSAML_Session\getSessionFromRequest(), SimpleSAML_Auth_State\saveState(), and terminateAssociation().

Referenced by doLogoutRedirect().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleLogoutResponse()

SimpleSAML_IdP::handleLogoutResponse (   $assocId,
  $relayState,
SimpleSAML_Error_Exception  $error = null 
)

Process a logout response.

This function will never return.

Parameters
string$assocIdThe association that is terminated.
string | null$relayStateThe RelayState from the start of the logout.
SimpleSAML_Error_Exception | null$errorThe error that occurred during session termination (if any).

Definition at line 514 of file IdP.php.

515 {
516 assert('is_string($assocId)');
517 assert('is_string($relayState) || is_null($relayState)');
518
519 $session = SimpleSAML_Session::getSessionFromRequest();
520 $session->deleteData('core:idp-ssotime', $this->id.';'.substr($assocId, strpos($assocId, ':') + 1));
521
522 $handler = $this->getLogoutHandler();
523 $handler->onResponse($assocId, $relayState, $error);
524
525 assert('false');
526 }
$relayState
$relayState
Definition: logout-iframe-post.php:14

References $assocId, $error, $handler, $relayState, $session, getLogoutHandler(), and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ isAuthenticated()

SimpleSAML_IdP::isAuthenticated ( )

Is the current user authenticated?

Returns
boolean True if the user is authenticated, false otherwise.

Definition at line 262 of file IdP.php.

263 {
264 return $this->authSource->isAuthenticated();
265 }

Referenced by handleAuthenticationRequest().

+ Here is the caller graph for this function:

◆ postAuth()

static SimpleSAML_IdP::postAuth ( array  $state)
static

The user is authenticated.

Parameters
array$stateThe authentication request state array.
Exceptions
SimpleSAML_Error_ExceptionIf we are not authenticated.

Definition at line 299 of file IdP.php.

300 {
301 $idp = SimpleSAML_IdP::getByState($state);
302
303 if (!$idp->isAuthenticated()) {
304 throw new SimpleSAML_Error_Exception('Not authenticated.');
305 }
306
307 $state['Attributes'] = $idp->authSource->getAttributes();
308
309 if (isset($state['SPMetadata'])) {
310 $spMetadata = $state['SPMetadata'];
311 } else {
312 $spMetadata = array();
313 }
314
315 if (isset($state['core:SP'])) {
316 $session = SimpleSAML_Session::getSessionFromRequest();
317 $previousSSOTime = $session->getData('core:idp-ssotime', $state['core:IdP'].';'.$state['core:SP']);
318 if ($previousSSOTime !== null) {
319 $state['PreviousSSOTimestamp'] = $previousSSOTime;
320 }
321 }
322
323 $idpMetadata = $idp->getConfig()->toArray();
324
325 $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadata, $spMetadata, 'idp');
326
327 $state['ReturnCall'] = array('SimpleSAML_IdP', 'postAuthProc');
328 $state['Destination'] = $spMetadata;
329 $state['Source'] = $idpMetadata;
330
331 $pc->processState($state);
332
333 self::postAuthProc($state);
334 }
SimpleSAML_Auth_ProcessingChain
Definition: ProcessingChain.php:13
SimpleSAML_IdP\postAuthProc
static postAuthProc(array $state)
Called after authproc has run.
Definition: IdP.php:273
$idpMetadata
$idpMetadata
Definition: logout-iframe-post.php:26

References $idp, $idpMetadata, $session, $spMetadata, $state, getByState(), SimpleSAML_Session\getSessionFromRequest(), and postAuthProc().

Referenced by handleAuthenticationRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ postAuthProc()

static SimpleSAML_IdP::postAuthProc ( array  $state)
static

Called after authproc has run.

Parameters
array$stateThe authentication request state array.

Definition at line 273 of file IdP.php.

274 {
275 assert('is_callable($state["Responder"])');
276
277 if (isset($state['core:SP'])) {
278 $session = SimpleSAML_Session::getSessionFromRequest();
279 $session->setData(
280 'core:idp-ssotime',
281 $state['core:IdP'].';'.$state['core:SP'],
282 time(),
283 SimpleSAML_Session::DATA_TIMEOUT_SESSION_END
284 );
285 }
286
287 call_user_func($state['Responder'], $state);
288 assert('FALSE');
289 }
SimpleSAML_Session\DATA_TIMEOUT_SESSION_END
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
Definition: Session.php:26

References $session, $state, SimpleSAML_Session\DATA_TIMEOUT_SESSION_END, and SimpleSAML_Session\getSessionFromRequest().

Referenced by postAuth().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ reauthenticate()

SimpleSAML_IdP::reauthenticate ( array &  $state)
private

Re-authenticate the user.

This function re-authenticates an user with an existing session. This gives the authentication source a chance to do additional work when re-authenticating for SSO.

Note: This function is not used when ForceAuthn=true.

Parameters
array&$stateThe authentication request state.
Exceptions
SimpleSAML_Error_ExceptionIf there is no auth source defined for this IdP.

Definition at line 368 of file IdP.php.

369 {
370 $sourceImpl = $this->authSource->getAuthSource();
371 if ($sourceImpl === null) {
372 throw new SimpleSAML_Error_Exception('No such auth source defined.');
373 }
374
375 $sourceImpl->reauthenticate($state);
376 }

References $state.

Referenced by handleAuthenticationRequest().

+ Here is the caller graph for this function:

◆ terminateAssociation()

SimpleSAML_IdP::terminateAssociation (   $assocId)

Remove an SP association.

Parameters
string$assocIdThe association id.

Definition at line 248 of file IdP.php.

249 {
250 assert('is_string($assocId)');
251
252 $session = SimpleSAML_Session::getSessionFromRequest();
253 $session->terminateAssociation($this->associationGroup, $assocId);
254 }

References $assocId, $session, and SimpleSAML_Session\getSessionFromRequest().

Referenced by handleLogoutRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $associationGroup

SimpleSAML_IdP::$associationGroup
private

Definition at line 38 of file IdP.php.

◆ $authSource

SimpleSAML_IdP::$authSource
private

Definition at line 54 of file IdP.php.

◆ $config

SimpleSAML_IdP::$config
private

Definition at line 46 of file IdP.php.

Referenced by getConfig().

◆ $id

SimpleSAML_IdP::$id
private

Definition at line 27 of file IdP.php.

Referenced by __construct(), addAssociation(), getById(), getId(), handleAuthenticationRequest(), and handleLogoutRequest().

◆ $idpCache

SimpleSAML_IdP::$idpCache = array()
staticprivate

Definition at line 19 of file IdP.php.

The documentation for this class was generated from the following file: