Inheritance diagram for sspmod_saml_Auth_Process_SQLPersistentNameID:

Collaboration diagram for sspmod_saml_Auth_Process_SQLPersistentNameID:

Public Member Functions
	__construct ($config, $reserved)
	Initialize this filter, parse configuration. More...

Public Member Functions inherited from sspmod_saml_BaseNameIDGenerator
	__construct ($config, $reserved)
	Initialize this filter, parse configuration. More...

	process (&$state)
	Generate transient NameID. More...

Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
	__construct (&$config, $reserved)
	Constructor for a processing filter. More...

	process (&$request)
	Process a request. More...

Protected Member Functions
	getValue (array &$state)
	Get the NameID value. More...

Protected Member Functions inherited from sspmod_saml_BaseNameIDGenerator
	getValue (array &$state)
	Get the NameID value. More...

Private Attributes
	$attribute

	$allowUnspecified = false

	$allowDifferent = false

	$alwaysCreate = false

Additional Inherited Members
Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
	$priority = 50
	Priority of this filter. More...

Protected Attributes inherited from sspmod_saml_BaseNameIDGenerator
	$format

Detailed Description

Definition at line 9 of file SQLPersistentNameID.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_saml_Auth_Process_SQLPersistentNameID::__construct	(	$config,
		$reserved
	)

Initialize this filter, parse configuration.

Parameters

array	$config	Configuration information about this filter.
mixed	$reserved	For future use.

Exceptions

SimpleSAML_Error_Exception If the 'attribute' option is not specified.

Definition at line 49 of file SQLPersistentNameID.php.

References $config, format, and SAML2\Constants\NAMEID_PERSISTENT.

     {
         parent::__construct($config, $reserved);
         assert('is_array($config)');
 
         $this->format = \SAML2\Constants::NAMEID_PERSISTENT;
 
         if (!isset($config['attribute'])) {
             throw new SimpleSAML_Error_Exception("PersistentNameID: Missing required option 'attribute'.");
         }
         $this->attribute = $config['attribute'];
 
         if (isset($config['allowUnspecified'])) {
             $this->allowUnspecified = (bool) $config['allowUnspecified'];
         }
 
         if (isset($config['allowDifferent'])) {
             $this->allowDifferent = (bool) $config['allowDifferent'];
         }
 
         if (isset($config['alwaysCreate'])) {
             $this->alwaysCreate = (bool) $config['alwaysCreate'];
         }
     }

Member Function Documentation

◆ getValue()

sspmod_saml_Auth_Process_SQLPersistentNameID::getValue ( array & $state )

protected

Get the NameID value.

Parameters

array $state The state array.

Returns: string|null The NameID value.

Exceptions

sspmod_saml_Error if the NameID creation policy is invalid.

Definition at line 83 of file SQLPersistentNameID.php.

References $idpEntityId, $spEntityId, sspmod_saml_IdP_SQLNameID\add(), array, SimpleSAML\Logger\debug(), format, sspmod_saml_IdP_SQLNameID\get(), and SimpleSAML\Logger\warning().

     {
 
         if (!isset($state['saml:NameIDFormat']) && !$this->allowUnspecified) {
             SimpleSAML\Logger::debug(
                 'SQLPersistentNameID: Request did not specify persistent NameID format, '.
                 'not generating persistent NameID.'
             );
             return null;
         }
 
         $validNameIdFormats = @array_filter(array(
             $state['saml:NameIDFormat'],
             $state['SPMetadata']['NameIDPolicy'],
             $state['SPMetadata']['NameIDFormat']
         ));
         if (count($validNameIdFormats) && !in_array($this->format, $validNameIdFormats, true) &&
             !$this->allowDifferent
         ) {
             SimpleSAML\Logger::debug(
                 'SQLPersistentNameID: SP expects different NameID format ('.
                 implode(', ', $validNameIdFormats).'),  not generating persistent NameID.'
             );
             return null;
         }
 
         if (!isset($state['Destination']['entityid'])) {
             SimpleSAML\Logger::warning('SQLPersistentNameID: No SP entity ID - not generating persistent NameID.');
             return null;
         }
         $spEntityId = $state['Destination']['entityid'];
 
         if (!isset($state['Source']['entityid'])) {
             SimpleSAML\Logger::warning('SQLPersistentNameID: No IdP entity ID - not generating persistent NameID.');
             return null;
         }
         $idpEntityId = $state['Source']['entityid'];
 
         if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
             SimpleSAML\Logger::warning(
                 'SQLPersistentNameID: Missing attribute '.var_export($this->attribute, true).
                 ' on user - not generating persistent NameID.'
             );
             return null;
         }
         if (count($state['Attributes'][$this->attribute]) > 1) {
             SimpleSAML\Logger::warning(
                 'SQLPersistentNameID: More than one value in attribute '.var_export($this->attribute, true).
                 ' on user - not generating persistent NameID.'
             );
             return null;
         }
         $uid = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
         $uid = $uid[0];
 
         if (empty($uid)) {
             SimpleSAML\Logger::warning(
                 'Empty value in attribute '.var_export($this->attribute, true).
                 ' on user - not generating persistent NameID.'
             );
             return null;
         }
 
         $value = sspmod_saml_IdP_SQLNameID::get($idpEntityId, $spEntityId, $uid);
         if ($value !== null) {
             SimpleSAML\Logger::debug(
                 'SQLPersistentNameID: Found persistent NameID '.var_export($value, true).' for user '.
                 var_export($uid, true).'.'
             );
             return $value;
         }
 
         if ((!isset($state['saml:AllowCreate']) || !$state['saml:AllowCreate']) && !$this->alwaysCreate) {
             SimpleSAML\Logger::warning(
                 'SQLPersistentNameID: Did not find persistent NameID for user, and not allowed to create new NameID.'
             );
             throw new sspmod_saml_Error(
                 \SAML2\Constants::STATUS_RESPONDER,
                 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'
             );
         }
 
         $value = bin2hex(openssl_random_pseudo_bytes(20));
         SimpleSAML\Logger::debug(
             'SQLPersistentNameID: Created persistent NameID '.var_export($value, true).' for user '.
             var_export($uid, true).'.'
         );
         sspmod_saml_IdP_SQLNameID::add($idpEntityId, $spEntityId, $uid, $value);
 
         return $value;
     }

Here is the call graph for this function:

Field Documentation

◆ $allowDifferent

sspmod_saml_Auth_Process_SQLPersistentNameID::$allowDifferent = false

private

Definition at line 31 of file SQLPersistentNameID.php.

◆ $allowUnspecified

sspmod_saml_Auth_Process_SQLPersistentNameID::$allowUnspecified = false

private

Definition at line 24 of file SQLPersistentNameID.php.

◆ $alwaysCreate

sspmod_saml_Auth_Process_SQLPersistentNameID::$alwaysCreate = false

private

Definition at line 38 of file SQLPersistentNameID.php.

◆ $attribute

sspmod_saml_Auth_Process_SQLPersistentNameID::$attribute

private

Definition at line 17 of file SQLPersistentNameID.php.

The documentation for this class was generated from the following file:

libs/composer/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/Auth/Process/SQLPersistentNameID.php

Public Member Functions

Protected Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ getValue()

Field Documentation

◆ $allowDifferent

◆ $allowUnspecified

◆ $alwaysCreate

◆ $attribute