ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
MultiAuth.php
Go to the documentation of this file.
1<?php
2
11class sspmod_multiauth_Auth_Source_MultiAuth extends SimpleSAML_Auth_Source {
12
16 const AUTHID = 'sspmod_multiauth_Auth_Source_MultiAuth.AuthId';
17
21 const STAGEID = 'sspmod_multiauth_Auth_Source_MultiAuth.StageId';
22
26 const SOURCESID = 'sspmod_multiauth_Auth_Source_MultiAuth.SourceId';
27
31 const SESSION_SOURCE = 'multiauth:selectedSource';
32
36 private $sources;
37
44 public function __construct($info, $config) {
45 assert('is_array($info)');
46 assert('is_array($config)');
47
48 // Call the parent constructor first, as required by the interface
49 parent::__construct($info, $config);
50
51 if (!array_key_exists('sources', $config)) {
52 throw new Exception('The required "sources" config option was not found');
53 }
54
55 $globalConfiguration = SimpleSAML_Configuration::getInstance();
56 $defaultLanguage = $globalConfiguration->getString('language.default', 'en');
57 $authsources = SimpleSAML_Configuration::getConfig('authsources.php');
58 $this->sources = array();
59 foreach($config['sources'] as $source => $info) {
60
61 if (is_int($source)) { // Backwards compatibility
62 $source = $info;
63 $info = array();
64 }
65
66 if (array_key_exists('text', $info)) {
67 $text = $info['text'];
68 } else {
69 $text = array($defaultLanguage => $source);
70 }
71
72 if (array_key_exists('css-class', $info)) {
73 $css_class = $info['css-class'];
74 } else {
75 // Use the authtype as the css class
76 $authconfig = $authsources->getArray($source, NULL);
77 if (!array_key_exists(0, $authconfig) || !is_string($authconfig[0])) {
78 $css_class = "";
79 } else {
80 $css_class = str_replace(":", "-", $authconfig[0]);
81 }
82 }
83
84 $this->sources[] = array(
85 'source' => $source,
86 'text' => $text,
87 'css_class' => $css_class,
88 );
89 }
90 }
91
104 public function authenticate(&$state) {
105 assert('is_array($state)');
106
107 $state[self::AUTHID] = $this->authId;
108 $state[self::SOURCESID] = $this->sources;
109
110 /* Save the $state array, so that we can restore if after a redirect */
111 $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
112
113 /* Redirect to the select source page. We include the identifier of the
114 saved state array as a parameter to the login form */
115 $url = SimpleSAML\Module::getModuleURL('multiauth/selectsource.php');
116 $params = array('AuthState' => $id);
117
118 // Allowes the user to specify the auth souce to be used
119 if(isset($_GET['source'])) {
120 $params['source'] = $_GET['source'];
121 }
122
123 \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
124
125 /* The previous function never returns, so this code is never
126 executed */
127 assert('FALSE');
128 }
129
141 public static function delegateAuthentication($authId, $state) {
142 assert('is_string($authId)');
143 assert('is_array($state)');
144
145 $as = SimpleSAML_Auth_Source::getById($authId);
146 $valid_sources = array_map(
147 function($src) {
148 return $src['source'];
149 },
150 $state[self::SOURCESID]
151 );
152 if ($as === NULL || !in_array($authId, $valid_sources, true)) {
153 throw new Exception('Invalid authentication source: ' . $authId);
154 }
155
156 /* Save the selected authentication source for the logout process. */
157 $session = SimpleSAML_Session::getSessionFromRequest();
158 $session->setData(self::SESSION_SOURCE, $state[self::AUTHID], $authId, SimpleSAML_Session::DATA_TIMEOUT_SESSION_END);
159
160 try {
161 $as->authenticate($state);
162 } catch (SimpleSAML_Error_Exception $e) {
163 SimpleSAML_Auth_State::throwException($state, $e);
164 } catch (Exception $e) {
165 $e = new SimpleSAML_Error_UnserializableException($e);
166 SimpleSAML_Auth_State::throwException($state, $e);
167 }
168 SimpleSAML_Auth_Source::completeAuth($state);
169 }
170
179 public function logout(&$state) {
180 assert('is_array($state)');
181
182 /* Get the source that was used to authenticate */
183 $session = SimpleSAML_Session::getSessionFromRequest();
184 $authId = $session->getData(self::SESSION_SOURCE, $this->authId);
185
186 $source = SimpleSAML_Auth_Source::getById($authId);
187 if ($source === NULL) {
188 throw new Exception('Invalid authentication source during logout: ' . $source);
189 }
190 /* Then, do the logout on it */
191 $source->logout($state);
192 }
193
202 public function setPreviousSource($source) {
203 assert('is_string($source)');
204
205 $cookieName = 'multiauth_source_' . $this->authId;
206
207 $config = SimpleSAML_Configuration::getInstance();
208 $params = array(
209 /* We save the cookies for 90 days. */
210 'lifetime' => (60*60*24*90),
211 /* The base path for cookies.
212 This should be the installation directory for SimpleSAMLphp. */
213 'path' => $config->getBasePath(),
214 'httponly' => FALSE,
215 );
216
217 \SimpleSAML\Utils\HTTP::setCookie($cookieName, $source, $params, FALSE);
218 }
219
226 public function getPreviousSource() {
227 $cookieName = 'multiauth_source_' . $this->authId;
228 if(array_key_exists($cookieName, $_COOKIE)) {
229 return $_COOKIE[$cookieName];
230 } else {
231 return NULL;
232 }
233 }
234}
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
$source
$source
Definition: linkback.php:22
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
SimpleSAML\Utils\HTTP\setCookie
static setCookie($name, $value, $params=null, $throw=true)
Set a cookie.
Definition: HTTP.php:1107
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML_Auth_Source
Definition: Source.php:13
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:297
SimpleSAML_Configuration\getConfig
static getConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:209
SimpleSAML_Error_Exception
Definition: Exception.php:13
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:15
SimpleSAML_Session\DATA_TIMEOUT_SESSION_END
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
Definition: Session.php:26
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:243
sspmod_multiauth_Auth_Source_MultiAuth
Definition: MultiAuth.php:11
sspmod_multiauth_Auth_Source_MultiAuth\SOURCESID
const SOURCESID
The key where the sources is saved in the state.
Definition: MultiAuth.php:26
sspmod_multiauth_Auth_Source_MultiAuth\authenticate
authenticate(&$state)
Prompt the user with a list of authentication sources.
Definition: MultiAuth.php:104
sspmod_multiauth_Auth_Source_MultiAuth\logout
logout(&$state)
Log out from this authentication source.
Definition: MultiAuth.php:179
sspmod_multiauth_Auth_Source_MultiAuth\$sources
$sources
Array of sources we let the user chooses among.
Definition: MultiAuth.php:36
sspmod_multiauth_Auth_Source_MultiAuth\AUTHID
const AUTHID
The key of the AuthId field in the state.
Definition: MultiAuth.php:16
sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication
static delegateAuthentication($authId, $state)
Delegate authentication.
Definition: MultiAuth.php:141
sspmod_multiauth_Auth_Source_MultiAuth\getPreviousSource
getPreviousSource()
Get the previous authentication source.
Definition: MultiAuth.php:226
sspmod_multiauth_Auth_Source_MultiAuth\setPreviousSource
setPreviousSource($source)
Set the previous authentication source.
Definition: MultiAuth.php:202
sspmod_multiauth_Auth_Source_MultiAuth\STAGEID
const STAGEID
The string used to identify our states.
Definition: MultiAuth.php:21
sspmod_multiauth_Auth_Source_MultiAuth\SESSION_SOURCE
const SESSION_SOURCE
The key where the selected source is saved in the session.
Definition: MultiAuth.php:31
sspmod_multiauth_Auth_Source_MultiAuth\__construct
__construct($info, $config)
Constructor for this authentication source.
Definition: MultiAuth.php:44
$as
$as
Definition: consentAdmin.php:73
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$info
$info
Definition: index.php:5
$session
$session
Definition: proxy_ylocal.php:32
$url
$url
Definition: proxy_ylocal.php:28
$cookieName
$cookieName
Definition: authmemcookie.php:37
$params
$params
Definition: disable.php:11
$text
$text
Definition: errorreport.php:18