ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Private Member Functions
sspmod_exampleauth_Auth_Source_External Class Reference
+ Inheritance diagram for sspmod_exampleauth_Auth_Source_External:
+ Collaboration diagram for sspmod_exampleauth_Auth_Source_External:

Public Member Functions

 __construct ($info, $config)
 Constructor for this authentication source. More...
 
 authenticate (&$state)
 Log in using an external authentication helper. More...
 
 logout (&$state)
 This function is called when the user start a logout operation, for example by logging out of a SP that supports single logout. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_Source
 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Static Public Member Functions

static resume ()
 Resume authentication process. More...
 
- Static Public Member Functions inherited from SimpleSAML_Auth_Source
static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 

Private Member Functions

 getUser ()
 Retrieve attributes for the user. More...
 

Additional Inherited Members

- Protected Member Functions inherited from SimpleSAML_Auth_Source
 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 
- Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 
- Protected Attributes inherited from SimpleSAML_Auth_Source
 $authId
 

Detailed Description

Definition at line 23 of file External.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_exampleauth_Auth_Source_External::__construct (   $info,
  $config 
)

Constructor for this authentication source.

Parameters
array$infoInformation about this authentication source.
array$configConfiguration.

Definition at line 31 of file External.php.

References $config, and $info.

31  {
32  assert('is_array($info)');
33  assert('is_array($config)');
34 
35  // Call the parent constructor first, as required by the interface
36  parent::__construct($info, $config);
37 
38  // Do any other configuration we need here
39  }
$info
$info
Definition: index.php:5

Member Function Documentation

◆ authenticate()

sspmod_exampleauth_Auth_Source_External::authenticate ( $state)

Log in using an external authentication helper.

Parameters
array&$stateInformation about the current authentication.

Definition at line 92 of file External.php.

References $attributes, SimpleSAML_Auth_Source\$authId, $returnTo, $state, $stateId, array, SimpleSAML\Module\getModuleURL(), getUser(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

92  {
93  assert('is_array($state)');
94 
95  $attributes = $this->getUser();
96  if ($attributes !== NULL) {
97  /*
98  * The user is already authenticated.
99  *
100  * Add the users attributes to the $state-array, and return control
101  * to the authentication process.
102  */
103  $state['Attributes'] = $attributes;
104  return;
105  }
106 
107  /*
108  * The user isn't authenticated. We therefore need to
109  * send the user to the login page.
110  */
111 
112  /*
113  * First we add the identifier of this authentication source
114  * to the state array, so that we know where to resume.
115  */
116  $state['exampleauth:AuthID'] = $this->authId;
117 
118 
119  /*
120  * We need to save the $state-array, so that we can resume the
121  * login process after authentication.
122  *
123  * Note the second parameter to the saveState-function. This is a
124  * unique identifier for where the state was saved, and must be used
125  * again when we retrieve the state.
126  *
127  * The reason for it is to prevent
128  * attacks where the user takes a $state-array saved in one location
129  * and restores it in another location, and thus bypasses steps in
130  * the authentication process.
131  */
132  $stateId = SimpleSAML_Auth_State::saveState($state, 'exampleauth:External');
133 
134  /*
135  * Now we generate a URL the user should return to after authentication.
136  * We assume that whatever authentication page we send the user to has an
137  * option to return the user to a specific page afterwards.
138  */
139  $returnTo = SimpleSAML\Module::getModuleURL('exampleauth/resume.php', array(
140  'State' => $stateId,
141  ));
142 
143  /*
144  * Get the URL of the authentication page.
145  *
146  * Here we use the getModuleURL function again, since the authentication page
147  * is also part of this module, but in a real example, this would likely be
148  * the absolute URL of the login page for the site.
149  */
150  $authPage = SimpleSAML\Module::getModuleURL('exampleauth/authpage.php');
151 
152  /*
153  * The redirect to the authentication page.
154  *
155  * Note the 'ReturnTo' parameter. This must most likely be replaced with
156  * the real name of the parameter for the login page.
157  */
158  \SimpleSAML\Utils\HTTP::redirectTrustedURL($authPage, array(
159  'ReturnTo' => $returnTo,
160  ));
161 
162  /*
163  * The redirect function never returns, so we never get this far.
164  */
165  assert('FALSE');
166  }
$returnTo
if(!isset($_REQUEST['ReturnTo'])) $returnTo
Definition: authpage.php:16
sspmod_exampleauth_Auth_Source_External\getUser
getUser()
Retrieve attributes for the user.
Definition: External.php:47
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
$stateId
$stateId
Definition: saml2-acs.php:76
$attributes
$attributes
Definition: serviceValidate.php:33
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

◆ getUser()

sspmod_exampleauth_Auth_Source_External::getUser ( )
private

Retrieve attributes for the user.

Returns
array|NULL The user's attributes, or NULL if the user isn't authenticated.

Definition at line 47 of file External.php.

References $_SESSION, $attributes, and array.

Referenced by authenticate().

47  {
48 
49  /*
50  * In this example we assume that the attributes are
51  * stored in the users PHP session, but this could be replaced
52  * with anything.
53  */
54 
55  if (!session_id()) {
56  /* session_start not called before. Do it here. */
57  session_start();
58  }
59 
60  if (!isset($_SESSION['uid'])) {
61  /* The user isn't authenticated. */
62  return NULL;
63  }
64 
65  /*
66  * Find the attributes for the user.
67  * Note that all attributes in SimpleSAMLphp are multivalued, so we need
68  * to store them as arrays.
69  */
70 
71  $attributes = array(
72  'uid' => array($_SESSION['uid']),
73  'displayName' => array($_SESSION['name']),
74  'mail' => array($_SESSION['mail']),
75  );
76 
77  /* Here we generate a multivalued attribute based on the account type. */
78  $attributes['eduPersonAffiliation'] = array(
79  $_SESSION['type'], /* In this example, either 'student' or 'employee'. */
80  'member',
81  );
82 
83  return $attributes;
84  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
$attributes
$attributes
Definition: serviceValidate.php:33
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the caller graph for this function:

◆ logout()

sspmod_exampleauth_Auth_Source_External::logout ( $state)

This function is called when the user start a logout operation, for example by logging out of a SP that supports single logout.

Parameters
array&$stateThe logout state array.

Definition at line 253 of file External.php.

References $_SESSION.

253  {
254  assert('is_array($state)');
255 
256  if (!session_id()) {
257  /* session_start not called before. Do it here. */
258  session_start();
259  }
260 
261  /*
262  * In this example we simply remove the 'uid' from the session.
263  */
264  unset($_SESSION['uid']);
265 
266  /*
267  * If we need to do a redirect to a different page, we could do this
268  * here, but in this example we don't need to do this.
269  */
270  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10

◆ resume()

static sspmod_exampleauth_Auth_Source_External::resume ( )
static

Resume authentication process.

This function resumes the authentication process after the user has entered his or her credentials.

Parameters
array&$stateThe authentication state.

Definition at line 177 of file External.php.

References $attributes, $source, $state, SimpleSAML_Auth_Source\completeAuth(), SimpleSAML_Auth_Source\getById(), and SimpleSAML_Auth_State\loadState().

177  {
178 
179  /*
180  * First we need to restore the $state-array. We should have the identifier for
181  * it in the 'State' request parameter.
182  */
183  if (!isset($_REQUEST['State'])) {
184  throw new SimpleSAML_Error_BadRequest('Missing "State" parameter.');
185  }
186 
187  /*
188  * Once again, note the second parameter to the loadState function. This must
189  * match the string we used in the saveState-call above.
190  */
191  $state = SimpleSAML_Auth_State::loadState($_REQUEST['State'], 'exampleauth:External');
192 
193  /*
194  * Now we have the $state-array, and can use it to locate the authentication
195  * source.
196  */
197  $source = SimpleSAML_Auth_Source::getById($state['exampleauth:AuthID']);
198  if ($source === NULL) {
199  /*
200  * The only way this should fail is if we remove or rename the authentication source
201  * while the user is at the login page.
202  */
203  throw new SimpleSAML_Error_Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
204  }
205 
206  /*
207  * Make sure that we haven't switched the source type while the
208  * user was at the authentication page. This can only happen if we
209  * change config/authsources.php while an user is logging in.
210  */
211  if (! ($source instanceof self)) {
212  throw new SimpleSAML_Error_Exception('Authentication source type changed.');
213  }
214 
215 
216  /*
217  * OK, now we know that our current state is sane. Time to actually log the user in.
218  *
219  * First we check that the user is acutally logged in, and didn't simply skip the login page.
220  */
221  $attributes = $source->getUser();
222  if ($attributes === NULL) {
223  /*
224  * The user isn't authenticated.
225  *
226  * Here we simply throw an exception, but we could also redirect the user back to the
227  * login page.
228  */
229  throw new SimpleSAML_Error_Exception('User not authenticated after login page.');
230  }
231 
232  /*
233  * So, we have a valid user. Time to resume the authentication process where we
234  * paused it in the authenticate()-function above.
235  */
236 
237  $state['Attributes'] = $attributes;
238  SimpleSAML_Auth_Source::completeAuth($state);
239 
240  /*
241  * The completeAuth-function never returns, so we never get this far.
242  */
243  assert('FALSE');
244  }
SimpleSAML_Error_Exception
Definition: Exception.php:12
$attributes
$attributes
Definition: serviceValidate.php:33
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Error_BadRequest
Definition: BadRequest.php:12
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
$source
$source
Definition: linkback.php:22
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
+ Here is the call graph for this function:
The documentation for this class was generated from the following file: