ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Member Functions | Private Attributes
sspmod_saml_Auth_Process_SQLPersistentNameID Class Reference
+ Inheritance diagram for sspmod_saml_Auth_Process_SQLPersistentNameID:
+ Collaboration diagram for sspmod_saml_Auth_Process_SQLPersistentNameID:

Public Member Functions

 __construct ($config, $reserved)
 Initialize this filter, parse configuration. More...
 
- Public Member Functions inherited from sspmod_saml_BaseNameIDGenerator
 __construct ($config, $reserved)
 Initialize this filter, parse configuration. More...
 
 process (&$state)
 Generate transient NameID. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
 __construct (&$config, $reserved)
 Constructor for a processing filter. More...
 
 process (&$request)
 Process a request. More...
 

Protected Member Functions

 getValue (array &$state)
 Get the NameID value. More...
 
 getValue (array &$state)
 Get the NameID value. More...
 

Private Attributes

 $attribute
 
 $allowUnspecified = false
 
 $allowDifferent = false
 
 $alwaysCreate = false
 

Additional Inherited Members

- Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
 $priority = 50
 Priority of this filter. More...
 
- Protected Attributes inherited from sspmod_saml_BaseNameIDGenerator
 $format
 

Detailed Description

Definition at line 9 of file SQLPersistentNameID.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_saml_Auth_Process_SQLPersistentNameID::__construct (   $config,
  $reserved 
)

Initialize this filter, parse configuration.

Parameters
array$configConfiguration information about this filter.
mixed$reservedFor future use.
Exceptions
SimpleSAML_Error_ExceptionIf the 'attribute' option is not specified.

Reimplemented from sspmod_saml_BaseNameIDGenerator.

Definition at line 49 of file SQLPersistentNameID.php.

50 {
51 parent::__construct($config, $reserved);
52 assert('is_array($config)');
53
54 $this->format = \SAML2\Constants::NAMEID_PERSISTENT;
55
56 if (!isset($config['attribute'])) {
57 throw new SimpleSAML_Error_Exception("PersistentNameID: Missing required option 'attribute'.");
58 }
59 $this->attribute = $config['attribute'];
60
61 if (isset($config['allowUnspecified'])) {
62 $this->allowUnspecified = (bool) $config['allowUnspecified'];
63 }
64
65 if (isset($config['allowDifferent'])) {
66 $this->allowDifferent = (bool) $config['allowDifferent'];
67 }
68
69 if (isset($config['alwaysCreate'])) {
70 $this->alwaysCreate = (bool) $config['alwaysCreate'];
71 }
72 }
SAML2\Constants\NAMEID_PERSISTENT
const NAMEID_PERSISTENT
Persistent NameID format.
Definition: Constants.php:190
SimpleSAML_Error_Exception
Definition: Exception.php:13

References $config, and SAML2\Constants\NAMEID_PERSISTENT.

Member Function Documentation

◆ getValue()

sspmod_saml_Auth_Process_SQLPersistentNameID::getValue ( array &  $state)
protected

Get the NameID value.

Parameters
array$stateThe state array.
Returns
string|null The NameID value.
Exceptions
sspmod_saml_Errorif the NameID creation policy is invalid.

Reimplemented from sspmod_saml_BaseNameIDGenerator.

Definition at line 83 of file SQLPersistentNameID.php.

84 {
85
86 if (!isset($state['saml:NameIDFormat']) && !$this->allowUnspecified) {
87 SimpleSAML\Logger::debug(
88 'SQLPersistentNameID: Request did not specify persistent NameID format, '.
89 'not generating persistent NameID.'
90 );
91 return null;
92 }
93
94 $validNameIdFormats = @array_filter(array(
95 $state['saml:NameIDFormat'],
96 $state['SPMetadata']['NameIDPolicy'],
97 $state['SPMetadata']['NameIDFormat']
98 ));
99 if (count($validNameIdFormats) && !in_array($this->format, $validNameIdFormats, true) &&
100 !$this->allowDifferent
101 ) {
102 SimpleSAML\Logger::debug(
103 'SQLPersistentNameID: SP expects different NameID format ('.
104 implode(', ', $validNameIdFormats).'), not generating persistent NameID.'
105 );
106 return null;
107 }
108
109 if (!isset($state['Destination']['entityid'])) {
110 SimpleSAML\Logger::warning('SQLPersistentNameID: No SP entity ID - not generating persistent NameID.');
111 return null;
112 }
113 $spEntityId = $state['Destination']['entityid'];
114
115 if (!isset($state['Source']['entityid'])) {
116 SimpleSAML\Logger::warning('SQLPersistentNameID: No IdP entity ID - not generating persistent NameID.');
117 return null;
118 }
119 $idpEntityId = $state['Source']['entityid'];
120
121 if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
122 SimpleSAML\Logger::warning(
123 'SQLPersistentNameID: Missing attribute '.var_export($this->attribute, true).
124 ' on user - not generating persistent NameID.'
125 );
126 return null;
127 }
128 if (count($state['Attributes'][$this->attribute]) > 1) {
129 SimpleSAML\Logger::warning(
130 'SQLPersistentNameID: More than one value in attribute '.var_export($this->attribute, true).
131 ' on user - not generating persistent NameID.'
132 );
133 return null;
134 }
135 $uid = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
136 $uid = $uid[0];
137
138 if (empty($uid)) {
139 SimpleSAML\Logger::warning(
140 'Empty value in attribute '.var_export($this->attribute, true).
141 ' on user - not generating persistent NameID.'
142 );
143 return null;
144 }
145
146 $value = sspmod_saml_IdP_SQLNameID::get($idpEntityId, $spEntityId, $uid);
147 if ($value !== null) {
148 SimpleSAML\Logger::debug(
149 'SQLPersistentNameID: Found persistent NameID '.var_export($value, true).' for user '.
150 var_export($uid, true).'.'
151 );
152 return $value;
153 }
154
155 if ((!isset($state['saml:AllowCreate']) || !$state['saml:AllowCreate']) && !$this->alwaysCreate) {
156 SimpleSAML\Logger::warning(
157 'SQLPersistentNameID: Did not find persistent NameID for user, and not allowed to create new NameID.'
158 );
159 throw new sspmod_saml_Error(
160 \SAML2\Constants::STATUS_RESPONDER,
161 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'
162 );
163 }
164
165 $value = bin2hex(openssl_random_pseudo_bytes(20));
166 SimpleSAML\Logger::debug(
167 'SQLPersistentNameID: Created persistent NameID '.var_export($value, true).' for user '.
168 var_export($uid, true).'.'
169 );
170 sspmod_saml_IdP_SQLNameID::add($idpEntityId, $spEntityId, $uid, $value);
171
172 return $value;
173 }
$spEntityId
$spEntityId
Definition: attributeserver.php:14
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
sspmod_saml_Error
Definition: Error.php:8
sspmod_saml_IdP_SQLNameID\add
static add($idpEntityId, $spEntityId, $user, $value)
Add a NameID into the database.
Definition: SQLNameID.php:66
sspmod_saml_IdP_SQLNameID\get
static get($idpEntityId, $spEntityId, $user)
Retrieve a NameID into from database.
Definition: SQLNameID.php:95
$idpEntityId
$idpEntityId
Definition: prp.php:12

References $idpEntityId, $spEntityId, $state, sspmod_saml_IdP_SQLNameID\add(), SimpleSAML\Logger\debug(), sspmod_saml_IdP_SQLNameID\get(), and SimpleSAML\Logger\warning().

+ Here is the call graph for this function:

Field Documentation

◆ $allowDifferent

sspmod_saml_Auth_Process_SQLPersistentNameID::$allowDifferent = false
private

Definition at line 31 of file SQLPersistentNameID.php.

◆ $allowUnspecified

sspmod_saml_Auth_Process_SQLPersistentNameID::$allowUnspecified = false
private

Definition at line 24 of file SQLPersistentNameID.php.

◆ $alwaysCreate

sspmod_saml_Auth_Process_SQLPersistentNameID::$alwaysCreate = false
private

Definition at line 38 of file SQLPersistentNameID.php.

◆ $attribute

sspmod_saml_Auth_Process_SQLPersistentNameID::$attribute
private

Definition at line 17 of file SQLPersistentNameID.php.

The documentation for this class was generated from the following file: