ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilShibbolethWAYF.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
35{
36
40 public $is_selection = false;
44 public $is_valid_selection = false;
48 public $selected_idp = '-';
52 public $idp_list = false;
53
54
55 public function __construct()
56 {
57 // Was the WAYF form submitted?
58 if (isset($_POST['home_organization_selection'])) {
59 $this->is_selection = true;
60 } else {
61 $this->is_selection = false;
62 }
63 // Was selected IdP a valid
64 $this->idp_list = $this->getIdplist();
65 if (isset($_POST['idp_selection']) and
66 $_POST['idp_selection'] != '-' and isset($this->idp_list[$_POST['idp_selection']])
67 ) {
68 $this->is_valid_selection = true;
69 $this->selected_idp = $_POST['idp_selection'];
70 } else {
71 $this->is_valid_selection = false;
72 }
73 }
74
75
79 public function is_selection()
80 {
81 return $this->isSelection();
82 }
83
84
88 public function isSelection()
89 {
91 }
92
93
97 public function is_valid_selection()
98 {
99 return $this->isValidSelection();
100 }
101
102
106 public function isValidSelection()
107 {
109 }
110
111
115 public function generateSelection()
116 {
117 if (!$this->idp_list) {
118 $arr_idp_list = $this->getIdplist();
119 } else {
120 $arr_idp_list = $this->idp_list;
121 }
122 $idp_cookie = $this->generateCookieArray($_COOKIE['_saml_idp']);
123 $lng = new ilLanguage($_GET["lang"]);
124 if (count($idp_cookie) > 0 and isset($arr_idp_list[end($idp_cookie)])) {
125 $selectedIDP = end($idp_cookie);
126 $selectElement = '
127 <select name="idp_selection">
128 <option value="-">' . $lng->txt("shib_member_of") . '</option>';
129 } else {
130 $selectElement = '
131 <select name="idp_selection">
132 <option value="-" selected="selected">' . $lng->txt("shib_member_of") . '</option>';
133 }
134 foreach ($arr_idp_list as $idp_id => $idp_data) {
135 if ($idp_id == $selectedIDP) {
136 $selectElement .= '<option value="' . $idp_id . '" selected="selected">' . $idp_data[0] . '</option>';
137 } else {
138 $selectElement .= '<option value="' . $idp_id . '">' . $idp_data[0] . '</option>';
139 }
140 }
141 $selectElement .= '
142 </select>';
143
144 return $selectElement;
145 }
146
147
151 public function redirect()
152 {
153 if (!$this->idp_list) {
154 $arr_idp_list = $this->getIdplist();
155 } else {
156 $arr_idp_list = $this->idp_list;
157 }
158 // Where to return after the authentication process
159 $target = trim(ILIAS_HTTP_PATH, '/') . '/shib_login.php?target=' . $_POST["il_target"];
160 $idp_data = $arr_idp_list[$this->selected_idp];
161 if (isset($idp_data[1])) {
162 ilUtil::redirect($idp_data[1] . '?providerId=' . urlencode($this->selected_idp) . '&target='
163 . urlencode($target));
164 } else {
165 // TODO: This has to be changed to /Shibboleth.sso/DS?entityId= for
166 // Shibbolet 2.x sometime...
167 ilUtil::redirect('/Shibboleth.sso?providerId=' . urlencode($this->selected_idp) . '&target='
168 . urlencode($target));
169 }
170 }
171
172
176 public function setSAMLCookie()
177 {
178 if (isset($_COOKIE['_saml_idp'])) {
179 $arr_idps = $this->generateCookieArray($_COOKIE['_saml_idp']);
180 } else {
181 $arr_idps = array();
182 }
183 $arr_idps = $this->appendCookieValue($this->selected_idp, $arr_idps);
184 setcookie('_saml_idp', $this->generateCookieValue($arr_idps), time() + (100 * 24 * 3600), '/');
185 }
186
187
192 public function showNotice()
193 {
194 $lng = new ilLanguage($_GET["lang"]);
195 if (!$this->is_selection() or $this->is_valid_selection()) {
196 return '';
197 } else {
198 return $lng->txt("shib_invalid_home_organization");
199 }
200 }
201
202
207 public function getIdplist()
208 {
209 global $DIC;
210 $ilSetting = $DIC['ilSetting'];
211 $idp_list = array();
212 $idp_raw_list = explode("\n", $ilSetting->get("shib_idp_list"));
213 foreach ($idp_raw_list as $idp_line) {
214 $idp_data = explode(',', $idp_line);
215 if (isset($idp_data[2])) {
216 $idp_list[trim($idp_data[0])] = array( trim($idp_data[1]), trim($idp_data[2]) );
217 } elseif (isset($idp_data[1])) {
218 $idp_list[trim($idp_data[0])] = array( trim($idp_data[1]) );
219 }
220 }
221
222 return $idp_list;
223 }
224
225
233 public function generateCookieArray($value)
234 {
235 $arr_cookie = explode(' ', $value);
236 $arr_cookie = array_map('base64_decode', $arr_cookie);
237
238 return $arr_cookie;
239 }
240
241
249 public function generateCookieValue(array $arr_cookie)
250 {
251 $arr_cookie = array_map('base64_encode', $arr_cookie);
252 $value = implode(' ', $arr_cookie);
253
254 return $value;
255 }
256
257
266 public function appendCookieValue($value, array $arr_cookie)
267 {
268 array_push($arr_cookie, $value);
269 $arr_cookie = array_reverse($arr_cookie);
270 $arr_cookie = array_unique($arr_cookie);
271 $arr_cookie = array_reverse($arr_cookie);
272
273 return $arr_cookie;
274 }
275}
$_COOKIE['client_id']
Definition: server.php:9
$_GET["client_id"]
$_POST["username"]
An exception for terminatinating execution or to throw for unit testing.
Class ShibbolethWAYF.
redirect()
@description Redirects user to the local Shibboleth session initatiotor with already set GET argument...
generateCookieValue(array $arr_cookie)
setSAMLCookie()
@description Sets the standard SAML domain cookie that is also used to preselect the right entry on t...
appendCookieValue($value, array $arr_cookie)
generateCookieArray($value)
language handling
static redirect($a_script)
global $lng
Definition: privfeed.php:17
global $ilSetting
Definition: privfeed.php:17
global $DIC
Definition: saml.php:7