ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
SimpleSAML_Auth_Source Class Reference
+ Inheritance diagram for SimpleSAML_Auth_Source:
+ Collaboration diagram for SimpleSAML_Auth_Source:

Public Member Functions

 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Static Public Member Functions

static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 

Protected Member Functions

 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 

Static Protected Member Functions

static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 

Protected Attributes

 $authId
 

Static Private Member Functions

static parseAuthSource ($authId, $config)
 Create authentication source object from configuration array. More...
 

Detailed Description

Definition at line 12 of file Source.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Auth_Source::__construct (   $info,
$config 
)

Constructor for an authentication source.

Any authentication source which implements its own constructor must call this constructor first.

Parameters
array$infoInformation about this authentication source.
array&$configConfiguration for this authentication source.

Reimplemented in sspmod_authX509_Auth_Source_X509userCert, sspmod_core_Auth_UserPassBase, and sspmod_core_Auth_UserPassOrgBase.

Definition at line 34 of file Source.php.

35 {
36 assert('is_array($info)');
37 assert('is_array($config)');
38
39 assert('array_key_exists("AuthId", $info)');
40 $this->authId = $info['AuthId'];
41 }
$info
Definition: index.php:5

References $info.

Member Function Documentation

◆ addLogoutCallback()

SimpleSAML_Auth_Source::addLogoutCallback (   $assoc,
  $state 
)
protected

Add a logout callback association.

This function adds a logout callback association, which allows us to initiate a logout later based on the $assoc-value.

Note that logout-associations exists per authentication source. A logout association from one authentication source cannot be called from a different authentication source.

Parameters
string$assocThe identifier for this logout association.
array$stateThe state array passed to the authenticate-function.

Definition at line 395 of file Source.php.

396 {
397 assert('is_string($assoc)');
398 assert('is_array($state)');
399
400 if (!array_key_exists('LogoutCallback', $state)) {
401 // the authentication requester doesn't have a logout callback
402 return;
403 }
404 $callback = $state['LogoutCallback'];
405
406 if (array_key_exists('LogoutCallbackState', $state)) {
407 $callbackState = $state['LogoutCallbackState'];
408 } else {
409 $callbackState = array();
410 }
411
412 $id = strlen($this->authId).':'.$this->authId.$assoc;
413
414 $data = array(
415 'callback' => $callback,
416 'state' => $callbackState,
417 );
418
420 $session->setData(
421 'SimpleSAML_Auth_Source.LogoutCallbacks',
422 $id,
423 $data,
425 );
426 }
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
Definition: Session.php:26
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:243
if(!array_key_exists('StateId', $_REQUEST)) $id
$session

References $data, $id, $session, $state, SimpleSAML_Session\DATA_TIMEOUT_SESSION_END, and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ authenticate()

SimpleSAML_Auth_Source::authenticate ( $state)
abstract

Process a request.

If an authentication source returns from this function, it is assumed to have authenticated the user, and should have set elements in $state with the attributes of the user.

If the authentication process requires additional steps which make it impossible to complete before returning from this function, the authentication source should save the state, and at a later stage, load the state, update it with the authentication information about the user, and call completeAuth with the state array.

Parameters
array&$stateInformation about the current authentication.

Reimplemented in sspmod_authfacebook_Auth_Source_Facebook, sspmod_authlinkedin_Auth_Source_LinkedIn, sspmod_authmyspace_Auth_Source_MySpace, sspmod_authtwitter_Auth_Source_Twitter, sspmod_authwindowslive_Auth_Source_LiveID, sspmod_authX509_Auth_Source_X509userCert, sspmod_authYubiKey_Auth_Source_YubiKey, sspmod_cas_Auth_Source_CAS, sspmod_core_Auth_UserPassBase, sspmod_core_Auth_UserPassOrgBase, sspmod_exampleauth_Auth_Source_External, sspmod_exampleauth_Auth_Source_Static, sspmod_multiauth_Auth_Source_MultiAuth, sspmod_negotiate_Auth_Source_Negotiate, and sspmod_saml_Auth_Source_SP.

Referenced by initLogin().

+ Here is the caller graph for this function:

◆ callLogoutCallback()

SimpleSAML_Auth_Source::callLogoutCallback (   $assoc)
protected

Call a logout callback based on association.

This function calls a logout callback based on an association saved with addLogoutCallback(...).

This function always returns.

Parameters
string$assocThe logout association which should be called.

Definition at line 439 of file Source.php.

440 {
441 assert('is_string($assoc)');
442
443 $id = strlen($this->authId).':'.$this->authId.$assoc;
444
446
447 $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
448 if ($data === null) {
449 // FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure
450 $session->doLogout($this->authId);
451
452 return;
453 }
454
455 assert('is_array($data)');
456 assert('array_key_exists("callback", $data)');
457 assert('array_key_exists("state", $data)');
458
459 $callback = $data['callback'];
460 $callbackState = $data['state'];
461
462 $session->deleteData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
463 call_user_func($callback, $callbackState);
464 }

References $data, $id, $session, and SimpleSAML_Session\getSessionFromRequest().

Referenced by sspmod_saml_Auth_Source_SP\handleLogout().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ completeAuth()

static SimpleSAML_Auth_Source::completeAuth ( $state)
static

Complete authentication.

This function should be called if authentication has completed. It will never return, except in the case of exceptions. Exceptions thrown from this page should not be caught, but should instead be passed to the top-level exception handler.

Parameters
array&$stateInformation about the current authentication.

Definition at line 135 of file Source.php.

136 {
137 assert('is_array($state)');
138 assert('array_key_exists("LoginCompletedHandler", $state)');
139
141
142 $func = $state['LoginCompletedHandler'];
143 assert('is_callable($func)');
144
145 call_user_func($func, $state);
146 assert(false);
147 }
static deleteState(&$state)
Delete state.
Definition: State.php:319

References $state, and SimpleSAML_Auth_State\deleteState().

Referenced by sspmod_negotiate_Auth_Source_Negotiate\authenticate(), sspmod_authX509_Auth_Source_X509userCert\authSuccesful(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), sspmod_cas_Auth_Source_CAS\finalStep(), sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin(), sspmod_core_Auth_UserPassOrgBase\handleLogin(), sspmod_saml_Auth_Source_SP\onProcessingCompleted(), and sspmod_exampleauth_Auth_Source_External\resume().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ completeLogout()

static SimpleSAML_Auth_Source::completeLogout ( $state)
static

Complete logout.

This function should be called after logout has completed. It will never return, except in the case of exceptions. Exceptions thrown from this page should not be caught, but should instead be passed to the top-level exception handler.

Parameters
array&$stateInformation about the current authentication.

Definition at line 264 of file Source.php.

265 {
266 assert('is_array($state)');
267 assert('array_key_exists("LogoutCompletedHandler", $state)');
268
270
271 $func = $state['LogoutCompletedHandler'];
272 assert('is_callable($func)');
273
274 call_user_func($func, $state);
275 assert(false);
276 }

References $state, and SimpleSAML_Auth_State\deleteState().

+ Here is the call graph for this function:

◆ getAuthId()

SimpleSAML_Auth_Source::getAuthId ( )

Retrieve the ID of this authentication source.

Returns
string The ID of this authentication source.

Definition at line 82 of file Source.php.

83 {
84 return $this->authId;
85 }

References $authId.

◆ getById()

static SimpleSAML_Auth_Source::getById (   $authId,
  $type = null 
)
static

Retrieve authentication source.

This function takes an id of an authentication source, and returns the AuthSource object. If no authentication source with the given id can be found, NULL will be returned.

If the $type parameter is specified, this function will return an authentication source of the given type. If no authentication source or if an authentication source of a different type is found, an exception will be thrown.

Parameters
string$authIdThe authentication source identifier.
string | NULL$typeThe type of authentication source. If NULL, any type will be accepted.
Returns
SimpleSAML_Auth_Source|NULL The AuthSource object, or NULL if no authentication source with the given identifier is found.
Exceptions
SimpleSAML_Error_ExceptionIf no such authentication source is found or it is invalid.

Definition at line 324 of file Source.php.

325 {
326 assert('is_string($authId)');
327 assert('is_null($type) || is_string($type)');
328
329 // for now - load and parse config file
330 $config = SimpleSAML_Configuration::getConfig('authsources.php');
331
332 $authConfig = $config->getArray($authId, null);
333 if ($authConfig === null) {
334 if ($type !== null) {
336 'No authentication source with id '.
337 var_export($authId, true).' found.'
338 );
339 }
340 return null;
341 }
342
343 $ret = self::parseAuthSource($authId, $authConfig);
344
345 if ($type === null || $ret instanceof $type) {
346 return $ret;
347 }
348
349 // the authentication source doesn't have the correct type
351 'Invalid type of authentication source '.
352 var_export($authId, true).'. Was '.var_export(get_class($ret), true).
353 ', should be '.var_export($type, true).'.'
354 );
355 }
static parseAuthSource($authId, $config)
Create authentication source object from configuration array.
Definition: Source.php:291
static getConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
$ret
Definition: parser.php:6
$type

References $authId, $config, $ret, $type, SimpleSAML_Configuration\getConfig(), and parseAuthSource().

Referenced by SimpleSAML_IdP\__construct(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), sspmod_negotiate_Auth_Source_Negotiate\fallBack(), SimpleSAML_Auth_Default\getAuthSource(), sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin(), sspmod_core_Auth_UserPassBase\handleLogin(), sspmod_core_Auth_UserPassOrgBase\handleLogin(), SimpleSAML_Auth_Default\initLogoutReturn(), sspmod_core_Auth_UserPassOrgBase\listOrganizations(), sspmod_multiauth_Auth_Source_MultiAuth\logout(), sspmod_negotiate_Auth_Source_Negotiate\logout(), sspmod_saml_Auth_Source_SP\onProcessingCompleted(), SimpleSAML\Utils\Auth\requireAdmin(), and sspmod_exampleauth_Auth_Source_External\resume().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSources()

static SimpleSAML_Auth_Source::getSources ( )
static

Retrieve list of authentication sources.

Returns
array The id of all authentication sources.

Definition at line 472 of file Source.php.

473 {
475
476 return $config->getOptions();
477 }
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.

References $config, and SimpleSAML_Configuration\getOptionalConfig().

+ Here is the call graph for this function:

◆ getSourcesOfType()

static SimpleSAML_Auth_Source::getSourcesOfType (   $type)
static

Get sources of a specific type.

Parameters
string$typeThe type of the authentication source.
Returns
SimpleSAML_Auth_Source[] Array of SimpleSAML_Auth_Source objects of the specified type.
Exceptions
ExceptionIf the authentication source is invalid.

Definition at line 52 of file Source.php.

53 {
54 assert('is_string($type)');
55
57
58 $ret = array();
59
60 $sources = $config->getOptions();
61 foreach ($sources as $id) {
62 $source = $config->getArray($id);
63
65
66 if ($source[0] !== $type) {
67 continue;
68 }
69
71 }
72
73 return $ret;
74 }
$source
Definition: linkback.php:22
static validateSource($source, $id)
Make sure that the first element of an auth source is its identifier.
Definition: Source.php:488

References $config, $id, $ret, $source, $type, SimpleSAML_Configuration\getConfig(), parseAuthSource(), and validateSource().

Referenced by saml_hook_metadata_hosted().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initLogin()

SimpleSAML_Auth_Source::initLogin (   $return,
  $errorURL = null,
array  $params = array() 
)

Start authentication.

This method never returns.

Parameters
string | array$returnThe URL or function we should direct the user to after authentication. If using a URL obtained from user input, please make sure to check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed().
string | null$errorURLThe URL we should direct the user to after failed authentication. Can be null, in which case a standard error page will be shown. If using a URL obtained from user input, please make sure to check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed().
array$paramsExtra information about the login. Different authentication requestors may provide different information. Optional, will default to an empty array.

Definition at line 163 of file Source.php.

164 {
165 assert('is_string($return) || is_array($return)');
166 assert('is_string($errorURL) || is_null($errorURL)');
167
168 $state = array_merge($params, array(
169 'SimpleSAML_Auth_Default.id' => $this->authId, // TODO: remove in 2.0
170 'SimpleSAML_Auth_Source.id' => $this->authId,
171 'SimpleSAML_Auth_Default.Return' => $return, // TODO: remove in 2.0
172 'SimpleSAML_Auth_Source.Return' => $return,
173 'SimpleSAML_Auth_Default.ErrorURL' => $errorURL, // TODO: remove in 2.0
174 'SimpleSAML_Auth_Source.ErrorURL' => $errorURL,
175 'LoginCompletedHandler' => array(get_class(), 'loginCompleted'),
176 'LogoutCallback' => array(get_class(), 'logoutCallback'),
177 'LogoutCallbackState' => array(
178 'SimpleSAML_Auth_Default.logoutSource' => $this->authId, // TODO: remove in 2.0
179 'SimpleSAML_Auth_Source.logoutSource' => $this->authId,
180 ),
181 ));
182
183 if (is_string($return)) {
184 $state['SimpleSAML_Auth_Default.ReturnURL'] = $return; // TODO: remove in 2.0
185 $state['SimpleSAML_Auth_Source.ReturnURL'] = $return;
186 }
187
188 if ($errorURL !== null) {
190 }
191
192 try {
193 $this->authenticate($state);
194 } catch (SimpleSAML_Error_Exception $e) {
196 } catch (Exception $e) {
199 }
201 }
authenticate(&$state)
Process a request.
static loginCompleted($state)
Called when a login operation has finished.
Definition: Source.php:211
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
const EXCEPTION_HANDLER_URL
The index in the state array which contains the exception handler URL.
Definition: State.php:63
$params
Definition: disable.php:11

References $params, $state, authenticate(), SimpleSAML_Auth_State\EXCEPTION_HANDLER_URL, loginCompleted(), and SimpleSAML_Auth_State\throwException().

+ Here is the call graph for this function:

◆ loginCompleted()

static SimpleSAML_Auth_Source::loginCompleted (   $state)
static

Called when a login operation has finished.

This method never returns.

Parameters
array$stateThe state after the login has completed.

Definition at line 211 of file Source.php.

212 {
213 assert('is_array($state)');
214 assert('array_key_exists("SimpleSAML_Auth_Source.Return", $state)');
215 assert('array_key_exists("SimpleSAML_Auth_Source.id", $state)');
216 assert('array_key_exists("Attributes", $state)');
217 assert('!array_key_exists("LogoutState", $state) || is_array($state["LogoutState"])');
218
219 $return = $state['SimpleSAML_Auth_Source.Return'];
220
221 // save session state
223 $authId = $state['SimpleSAML_Auth_Source.id'];
225
226 if (is_string($return)) { // redirect...
228 } else {
229 call_user_func($return, $state);
230 }
231 assert('false');
232 }
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
static getPersistentAuthData(array $state)
Get the persistent authentication state from the state array.
Definition: State.php:103

References $authId, $session, $state, SimpleSAML_Auth_State\getPersistentAuthData(), SimpleSAML_Session\getSessionFromRequest(), and SimpleSAML\Utils\HTTP\redirectTrustedURL().

Referenced by sspmod_negotiate_Auth_Source_Negotiate\fallBack(), initLogin(), and SimpleSAML_Auth_Default\loginCompleted().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ logout()

SimpleSAML_Auth_Source::logout ( $state)

Log out from this authentication source.

This function should be overridden if the authentication source requires special steps to complete a logout operation.

If the logout process requires a redirect, the state should be saved. Once the logout operation is completed, the state should be restored, and completeLogout should be called with the state. If this operation can be completed without showing the user a page, or redirecting, this function should return.

Parameters
array&$stateInformation about the current logout operation.

Reimplemented in sspmod_cas_Auth_Source_CAS, sspmod_exampleauth_Auth_Source_External, sspmod_multiauth_Auth_Source_MultiAuth, sspmod_negotiate_Auth_Source_Negotiate, and sspmod_saml_Auth_Source_SP.

Definition at line 248 of file Source.php.

249 {
250 assert('is_array($state)');
251 // default logout handler which doesn't do anything
252 }

◆ logoutCallback()

static SimpleSAML_Auth_Source::logoutCallback (   $state)
static

Called when the authentication source receives an external logout request.

Parameters
array$stateState array for the logout operation.

Definition at line 363 of file Source.php.

364 {
365 assert('is_array($state)');
366 assert('array_key_exists("SimpleSAML_Auth_Source.logoutSource", $state)');
367
368 $source = $state['SimpleSAML_Auth_Source.logoutSource'];
369
371 if (!$session->isValid($source)) {
373 'Received logout from an invalid authentication source '.
374 var_export($source, true)
375 );
376
377 return;
378 }
379 $session->doLogout($source);
380 }
static warning($string)
Definition: Logger.php:179

References $session, $source, $state, SimpleSAML_Session\getSessionFromRequest(), and SimpleSAML\Logger\warning().

Referenced by SimpleSAML_Auth_Default\logoutCallback().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseAuthSource()

static SimpleSAML_Auth_Source::parseAuthSource (   $authId,
  $config 
)
staticprivate

Create authentication source object from configuration array.

This function takes an array with the configuration for an authentication source object, and returns the object.

Parameters
string$authIdThe authentication source identifier.
array$configThe configuration.
Returns
SimpleSAML_Auth_Source The parsed authentication source.
Exceptions
ExceptionIf the authentication source is invalid.

Definition at line 291 of file Source.php.

292 {
293 assert('is_string($authId)');
294 assert('is_array($config)');
295
297
298 $className = SimpleSAML\Module::resolveClass($config[0], 'Auth_Source', 'SimpleSAML_Auth_Source');
299
300 $info = array('AuthId' => $authId);
301 unset($config[0]);
302 return new $className($info, $config);
303 }
static resolveClass($id, $type, $subclass=null)
Resolve module class.
Definition: Module.php:252

References $authId, $config, $info, SimpleSAML\Module\resolveClass(), and validateSource().

Referenced by getById(), and getSourcesOfType().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ reauthenticate()

SimpleSAML_Auth_Source::reauthenticate ( array &  $state)

Reauthenticate an user.

This function is called by the IdP to give the authentication source a chance to interact with the user even in the case when the user is already authenticated.

Parameters
array&$stateInformation about the current authentication.

Reimplemented in sspmod_saml_Auth_Source_SP.

Definition at line 113 of file Source.php.

114 {
115 assert('isset($state["ReturnCallback"])');
116
117 // the default implementation just copies over the previous authentication data
119 $data = $session->getAuthState($this->authId);
120 foreach ($data as $k => $v) {
121 $state[$k] = $v;
122 }
123 }

References $data, $session, $state, and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ validateSource()

static SimpleSAML_Auth_Source::validateSource (   $source,
  $id 
)
staticprotected

Make sure that the first element of an auth source is its identifier.

Parameters
array$sourceAn array with the auth source configuration.
string$idThe auth source identifier.
Exceptions
ExceptionIf the first element of $source is not an identifier for the auth source.

Definition at line 488 of file Source.php.

489 {
490 if (!array_key_exists(0, $source) || !is_string($source[0])) {
491 throw new Exception(
492 'Invalid authentication source \''.$id.
493 '\': First element must be a string which identifies the authentication source.'
494 );
495 }
496 }

References $id, and $source.

Referenced by getSourcesOfType(), and parseAuthSource().

+ Here is the caller graph for this function:

Field Documentation

◆ $authId


The documentation for this class was generated from the following file: