Inheritance diagram for SimpleSAML_Auth_Source:

Collaboration diagram for SimpleSAML_Auth_Source:

Public Member Functions
	__construct ($info, &$config)
	Constructor for an authentication source. More...

	getAuthId ()
	Retrieve the ID of this authentication source. More...

	authenticate (&$state)
	Process a request. More...

	reauthenticate (array &$state)
	Reauthenticate an user. More...

	initLogin ($return, $errorURL=null, array $params=array())
	Start authentication. More...

	logout (&$state)
	Log out from this authentication source. More...

Static Public Member Functions
static	getSourcesOfType ($type)
	Get sources of a specific type. More...

static	completeAuth (&$state)
	Complete authentication. More...

static	loginCompleted ($state)
	Called when a login operation has finished. More...

static	completeLogout (&$state)
	Complete logout. More...

static	getById ($authId, $type=null)
	Retrieve authentication source. More...

static	logoutCallback ($state)
	Called when the authentication source receives an external logout request. More...

static	getSources ()
	Retrieve list of authentication sources. More...

Protected Member Functions
	addLogoutCallback ($assoc, $state)
	Add a logout callback association. More...

	callLogoutCallback ($assoc)
	Call a logout callback based on association. More...

Static Protected Member Functions
static	validateSource ($source, $id)
	Make sure that the first element of an auth source is its identifier. More...

Protected Attributes
	$authId

Static Private Member Functions
static	parseAuthSource ($authId, $config)
	Create authentication source object from configuration array. More...

Detailed Description

Definition at line 12 of file Source.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Auth_Source::__construct	(		$info,
		&	$config
	)

Constructor for an authentication source.

Any authentication source which implements its own constructor must call this constructor first.

Parameters

array	$info	Information about this authentication source.
array	&$config	Configuration for this authentication source.

Reimplemented in sspmod_authX509_Auth_Source_X509userCert, sspmod_core_Auth_UserPassBase, and sspmod_core_Auth_UserPassOrgBase.

Definition at line 34 of file Source.php.

    {
        assert('is_array($info)');
        assert('is_array($config)');
 
        assert('array_key_exists("AuthId", $info)');
        $this->authId = $info['AuthId'];
    }

References $info.

Member Function Documentation

◆ addLogoutCallback()

SimpleSAML_Auth_Source::addLogoutCallback	(	$assoc,
		$state
	)

protected

Add a logout callback association.

This function adds a logout callback association, which allows us to initiate a logout later based on the $assoc-value.

Note that logout-associations exists per authentication source. A logout association from one authentication source cannot be called from a different authentication source.

Parameters

string	$assoc	The identifier for this logout association.
array	$state	The state array passed to the authenticate-function.

Definition at line 395 of file Source.php.

    {
        assert('is_string($assoc)');
        assert('is_array($state)');
 
        if (!array_key_exists('LogoutCallback', $state)) {
            // the authentication requester doesn't have a logout callback
            return;
        }
        $callback = $state['LogoutCallback'];
 
        if (array_key_exists('LogoutCallbackState', $state)) {
            $callbackState = $state['LogoutCallbackState'];
        } else {
            $callbackState = array();
        }
 
        $id = strlen($this->authId).':'.$this->authId.$assoc;
 
        $data = array(
            'callback' => $callback,
            'state'    => $callbackState,
        );
 
        $session = SimpleSAML_Session::getSessionFromRequest();
        $session->setData(
            'SimpleSAML_Auth_Source.LogoutCallbacks',
            $id,
            $data,
            SimpleSAML_Session::DATA_TIMEOUT_SESSION_END
        );
    }

References $data, $id, $session, $state, SimpleSAML_Session\DATA_TIMEOUT_SESSION_END, and SimpleSAML_Session\getSessionFromRequest().

Here is the call graph for this function:

◆ authenticate()

SimpleSAML_Auth_Source::authenticate ( & $state )

abstract

Process a request.

If an authentication source returns from this function, it is assumed to have authenticated the user, and should have set elements in $state with the attributes of the user.

If the authentication process requires additional steps which make it impossible to complete before returning from this function, the authentication source should save the state, and at a later stage, load the state, update it with the authentication information about the user, and call completeAuth with the state array.

Parameters

array &$state Information about the current authentication.

Reimplemented in sspmod_authfacebook_Auth_Source_Facebook, sspmod_authlinkedin_Auth_Source_LinkedIn, sspmod_authmyspace_Auth_Source_MySpace, sspmod_authtwitter_Auth_Source_Twitter, sspmod_authwindowslive_Auth_Source_LiveID, sspmod_authX509_Auth_Source_X509userCert, sspmod_authYubiKey_Auth_Source_YubiKey, sspmod_cas_Auth_Source_CAS, sspmod_core_Auth_UserPassBase, sspmod_core_Auth_UserPassOrgBase, sspmod_exampleauth_Auth_Source_External, sspmod_exampleauth_Auth_Source_Static, sspmod_multiauth_Auth_Source_MultiAuth, sspmod_negotiate_Auth_Source_Negotiate, and sspmod_saml_Auth_Source_SP.

Referenced by initLogin().

Here is the caller graph for this function:

◆ callLogoutCallback()

SimpleSAML_Auth_Source::callLogoutCallback ( $assoc )

protected

Call a logout callback based on association.

This function calls a logout callback based on an association saved with addLogoutCallback(...).

This function always returns.

Parameters

string $assoc The logout association which should be called.

Definition at line 439 of file Source.php.

    {
        assert('is_string($assoc)');
 
        $id = strlen($this->authId).':'.$this->authId.$assoc;
 
        $session = SimpleSAML_Session::getSessionFromRequest();
 
        $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
        if ($data === null) {
            // FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure
            $session->doLogout($this->authId);
 
            return;
        }
 
        assert('is_array($data)');
        assert('array_key_exists("callback", $data)');
        assert('array_key_exists("state", $data)');
 
        $callback = $data['callback'];
        $callbackState = $data['state'];
 
        $session->deleteData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
        call_user_func($callback, $callbackState);
    }

References $data, $id, $session, and SimpleSAML_Session\getSessionFromRequest().

Referenced by sspmod_saml_Auth_Source_SP\handleLogout().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ completeAuth()

static SimpleSAML_Auth_Source::completeAuth ( & $state )

static

Complete authentication.

This function should be called if authentication has completed. It will never return, except in the case of exceptions. Exceptions thrown from this page should not be caught, but should instead be passed to the top-level exception handler.

Parameters

array &$state Information about the current authentication.

Definition at line 135 of file Source.php.

    {
        assert('is_array($state)');
        assert('array_key_exists("LoginCompletedHandler", $state)');
 
        SimpleSAML_Auth_State::deleteState($state);
 
        $func = $state['LoginCompletedHandler'];
        assert('is_callable($func)');
 
        call_user_func($func, $state);
        assert(false);
    }

References $state, and SimpleSAML_Auth_State\deleteState().

Referenced by sspmod_negotiate_Auth_Source_Negotiate\authenticate(), sspmod_authX509_Auth_Source_X509userCert\authSuccesful(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), sspmod_cas_Auth_Source_CAS\finalStep(), sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin(), sspmod_core_Auth_UserPassOrgBase\handleLogin(), sspmod_saml_Auth_Source_SP\onProcessingCompleted(), and sspmod_exampleauth_Auth_Source_External\resume().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ completeLogout()

static SimpleSAML_Auth_Source::completeLogout ( & $state )

static

Complete logout.

This function should be called after logout has completed. It will never return, except in the case of exceptions. Exceptions thrown from this page should not be caught, but should instead be passed to the top-level exception handler.

Parameters

array &$state Information about the current authentication.

Definition at line 264 of file Source.php.

    {
        assert('is_array($state)');
        assert('array_key_exists("LogoutCompletedHandler", $state)');
 
        SimpleSAML_Auth_State::deleteState($state);
 
        $func = $state['LogoutCompletedHandler'];
        assert('is_callable($func)');
 
        call_user_func($func, $state);
        assert(false);
    }

References $state, and SimpleSAML_Auth_State\deleteState().

Here is the call graph for this function:

◆ getAuthId()

SimpleSAML_Auth_Source::getAuthId ( )

Retrieve the ID of this authentication source.

Returns: string The ID of this authentication source.

Definition at line 82 of file Source.php.

    {
        return $this->authId;
    }

References $authId.

◆ getById()

static SimpleSAML_Auth_Source::getById	(	$authId,
		$type = `null`
	)

static

Retrieve authentication source.

This function takes an id of an authentication source, and returns the AuthSource object. If no authentication source with the given id can be found, NULL will be returned.

If the $type parameter is specified, this function will return an authentication source of the given type. If no authentication source or if an authentication source of a different type is found, an exception will be thrown.

Parameters

string	$authId	The authentication source identifier.
string \| NULL	$type	The type of authentication source. If NULL, any type will be accepted.

Returns: SimpleSAML_Auth_Source|NULL The AuthSource object, or NULL if no authentication source with the given identifier is found.

Exceptions

SimpleSAML_Error_Exception If no such authentication source is found or it is invalid.

Definition at line 324 of file Source.php.

    {
        assert('is_string($authId)');
        assert('is_null($type) || is_string($type)');
 
        // for now - load and parse config file
        $config = SimpleSAML_Configuration::getConfig('authsources.php');
 
        $authConfig = $config->getArray($authId, null);
        if ($authConfig === null) {
            if ($type !== null) {
                throw new SimpleSAML_Error_Exception(
                    'No authentication source with id '.
                    var_export($authId, true).' found.'
                );
            }
            return null;
        }
 
        $ret = self::parseAuthSource($authId, $authConfig);
 
        if ($type === null || $ret instanceof $type) {
            return $ret;
        }
 
        // the authentication source doesn't have the correct type
        throw new SimpleSAML_Error_Exception(
            'Invalid type of authentication source '.
            var_export($authId, true).'. Was '.var_export(get_class($ret), true).
            ', should be '.var_export($type, true).'.'
        );
    }

References $authId, $config, $ret, $type, SimpleSAML_Configuration\getConfig(), and parseAuthSource().

Referenced by SimpleSAML_IdP\__construct(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), sspmod_negotiate_Auth_Source_Negotiate\fallBack(), SimpleSAML_Auth_Default\getAuthSource(), sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin(), sspmod_core_Auth_UserPassBase\handleLogin(), sspmod_core_Auth_UserPassOrgBase\handleLogin(), SimpleSAML_Auth_Default\initLogoutReturn(), sspmod_core_Auth_UserPassOrgBase\listOrganizations(), sspmod_multiauth_Auth_Source_MultiAuth\logout(), sspmod_negotiate_Auth_Source_Negotiate\logout(), sspmod_saml_Auth_Source_SP\onProcessingCompleted(), SimpleSAML\Utils\Auth\requireAdmin(), and sspmod_exampleauth_Auth_Source_External\resume().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getSources()

static SimpleSAML_Auth_Source::getSources ( )

static

Retrieve list of authentication sources.

Returns: array The id of all authentication sources.

Definition at line 472 of file Source.php.

    {
        $config = SimpleSAML_Configuration::getOptionalConfig('authsources.php');
 
        return $config->getOptions();
    }

References $config, and SimpleSAML_Configuration\getOptionalConfig().

Here is the call graph for this function:

◆ getSourcesOfType()

static SimpleSAML_Auth_Source::getSourcesOfType ( $type )

static

Get sources of a specific type.

Parameters

string $type The type of the authentication source.

Returns: SimpleSAML_Auth_Source[] Array of SimpleSAML_Auth_Source objects of the specified type.

Exceptions

Exception If the authentication source is invalid.

Definition at line 52 of file Source.php.

    {
        assert('is_string($type)');
 
        $config = SimpleSAML_Configuration::getConfig('authsources.php');
 
        $ret = array();
 
        $sources = $config->getOptions();
        foreach ($sources as $id) {
            $source = $config->getArray($id);
 
            self::validateSource($source, $id);
 
            if ($source[0] !== $type) {
                continue;
            }
 
            $ret[] = self::parseAuthSource($id, $source);
        }
 
        return $ret;
    }

References $config, $id, $ret, $source, $type, SimpleSAML_Configuration\getConfig(), parseAuthSource(), and validateSource().

Referenced by saml_hook_metadata_hosted().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ initLogin()

SimpleSAML_Auth_Source::initLogin	(		$return,
			$errorURL = `null`,
		array	$params = `array()`
	)

Start authentication.

This method never returns.

Parameters

string \| array	$return	The URL or function we should direct the user to after authentication. If using a URL obtained from user input, please make sure to check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed().
string \| null	$errorURL	The URL we should direct the user to after failed authentication. Can be null, in which case a standard error page will be shown. If using a URL obtained from user input, please make sure to check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed().
array	$params	Extra information about the login. Different authentication requestors may provide different information. Optional, will default to an empty array.

Definition at line 163 of file Source.php.

    {
        assert('is_string($return) || is_array($return)');
        assert('is_string($errorURL) || is_null($errorURL)');
 
        $state = array_merge($params, array(
            'SimpleSAML_Auth_Default.id' => $this->authId, // TODO: remove in 2.0
            'SimpleSAML_Auth_Source.id' => $this->authId,
            'SimpleSAML_Auth_Default.Return' => $return, // TODO: remove in 2.0
            'SimpleSAML_Auth_Source.Return' => $return,
            'SimpleSAML_Auth_Default.ErrorURL' => $errorURL, // TODO: remove in 2.0
            'SimpleSAML_Auth_Source.ErrorURL' => $errorURL,
            'LoginCompletedHandler' => array(get_class(), 'loginCompleted'),
            'LogoutCallback' => array(get_class(), 'logoutCallback'),
            'LogoutCallbackState' => array(
                'SimpleSAML_Auth_Default.logoutSource' => $this->authId, // TODO: remove in 2.0
                'SimpleSAML_Auth_Source.logoutSource' => $this->authId,
            ),
        ));
 
        if (is_string($return)) {
            $state['SimpleSAML_Auth_Default.ReturnURL'] = $return; // TODO: remove in 2.0
            $state['SimpleSAML_Auth_Source.ReturnURL'] = $return;
        }
 
        if ($errorURL !== null) {
            $state[SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL] = $errorURL;
        }
 
        try {
            $this->authenticate($state);
        } catch (SimpleSAML_Error_Exception $e) {
            SimpleSAML_Auth_State::throwException($state, $e);
        } catch (Exception $e) {
            $e = new SimpleSAML_Error_UnserializableException($e);
            SimpleSAML_Auth_State::throwException($state, $e);
        }
        self::loginCompleted($state);
    }

References $params, $state, authenticate(), SimpleSAML_Auth_State\EXCEPTION_HANDLER_URL, loginCompleted(), and SimpleSAML_Auth_State\throwException().

Here is the call graph for this function:

◆ loginCompleted()

static SimpleSAML_Auth_Source::loginCompleted ( $state )

static

Called when a login operation has finished.

This method never returns.

Parameters

array $state The state after the login has completed.

Definition at line 211 of file Source.php.

    {
        assert('is_array($state)');
        assert('array_key_exists("SimpleSAML_Auth_Source.Return", $state)');
        assert('array_key_exists("SimpleSAML_Auth_Source.id", $state)');
        assert('array_key_exists("Attributes", $state)');
        assert('!array_key_exists("LogoutState", $state) || is_array($state["LogoutState"])');
 
        $return = $state['SimpleSAML_Auth_Source.Return'];
 
        // save session state
        $session = SimpleSAML_Session::getSessionFromRequest();
        $authId = $state['SimpleSAML_Auth_Source.id'];
        $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
 
        if (is_string($return)) { // redirect...
            \SimpleSAML\Utils\HTTP::redirectTrustedURL($return);
        } else {
            call_user_func($return, $state);
        }
        assert('false');
    }

References $authId, $session, $state, SimpleSAML_Auth_State\getPersistentAuthData(), SimpleSAML_Session\getSessionFromRequest(), and SimpleSAML\Utils\HTTP\redirectTrustedURL().

Referenced by sspmod_negotiate_Auth_Source_Negotiate\fallBack(), initLogin(), and SimpleSAML_Auth_Default\loginCompleted().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ logout()

SimpleSAML_Auth_Source::logout ( & $state )

Log out from this authentication source.

This function should be overridden if the authentication source requires special steps to complete a logout operation.

If the logout process requires a redirect, the state should be saved. Once the logout operation is completed, the state should be restored, and completeLogout should be called with the state. If this operation can be completed without showing the user a page, or redirecting, this function should return.

Parameters

array &$state Information about the current logout operation.

Reimplemented in sspmod_cas_Auth_Source_CAS, sspmod_exampleauth_Auth_Source_External, sspmod_multiauth_Auth_Source_MultiAuth, sspmod_negotiate_Auth_Source_Negotiate, and sspmod_saml_Auth_Source_SP.

Definition at line 248 of file Source.php.

    {
        assert('is_array($state)');
        // default logout handler which doesn't do anything
    }

◆ logoutCallback()

static SimpleSAML_Auth_Source::logoutCallback ( $state )

static

Called when the authentication source receives an external logout request.

Parameters

array $state State array for the logout operation.

Definition at line 363 of file Source.php.

    {
        assert('is_array($state)');
        assert('array_key_exists("SimpleSAML_Auth_Source.logoutSource", $state)');
 
        $source = $state['SimpleSAML_Auth_Source.logoutSource'];
 
        $session = SimpleSAML_Session::getSessionFromRequest();
        if (!$session->isValid($source)) {
            SimpleSAML\Logger::warning(
                'Received logout from an invalid authentication source '.
                var_export($source, true)
            );
 
            return;
        }
        $session->doLogout($source);
    }

References $session, $source, $state, SimpleSAML_Session\getSessionFromRequest(), and SimpleSAML\Logger\warning().

Referenced by SimpleSAML_Auth_Default\logoutCallback().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ parseAuthSource()

static SimpleSAML_Auth_Source::parseAuthSource	(	$authId,
		$config
	)

staticprivate

Create authentication source object from configuration array.

This function takes an array with the configuration for an authentication source object, and returns the object.

Parameters

string	$authId	The authentication source identifier.
array	$config	The configuration.

Returns: SimpleSAML_Auth_Source The parsed authentication source.

Exceptions

Exception If the authentication source is invalid.

Definition at line 291 of file Source.php.

    {
        assert('is_string($authId)');
        assert('is_array($config)');
 
        self::validateSource($config, $authId);
 
        $className = SimpleSAML\Module::resolveClass($config[0], 'Auth_Source', 'SimpleSAML_Auth_Source');
 
        $info = array('AuthId' => $authId);
        unset($config[0]);
        return new $className($info, $config);
    }

References $authId, $config, $info, SimpleSAML\Module\resolveClass(), and validateSource().

Referenced by getById(), and getSourcesOfType().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ reauthenticate()

SimpleSAML_Auth_Source::reauthenticate ( array & $state )

Reauthenticate an user.

This function is called by the IdP to give the authentication source a chance to interact with the user even in the case when the user is already authenticated.

Parameters

array &$state Information about the current authentication.

Reimplemented in sspmod_saml_Auth_Source_SP.

Definition at line 113 of file Source.php.

    {
        assert('isset($state["ReturnCallback"])');
 
        // the default implementation just copies over the previous authentication data
        $session = SimpleSAML_Session::getSessionFromRequest();
        $data = $session->getAuthState($this->authId);
        foreach ($data as $k => $v) {
            $state[$k] = $v;
        }
    }

References $data, $session, $state, and SimpleSAML_Session\getSessionFromRequest().

Here is the call graph for this function:

◆ validateSource()

static SimpleSAML_Auth_Source::validateSource	(	$source,
		$id
	)

staticprotected

Make sure that the first element of an auth source is its identifier.

Parameters

array	$source	An array with the auth source configuration.
string	$id	The auth source identifier.

Exceptions

Exception If the first element of $source is not an identifier for the auth source.

Definition at line 488 of file Source.php.

    {
        if (!array_key_exists(0, $source) || !is_string($source[0])) {
            throw new Exception(
                'Invalid authentication source \''.$id.
                '\': First element must be a string which identifies the authentication source.'
            );
        }
    }

References $id, and $source.

Referenced by getSourcesOfType(), and parseAuthSource().

Here is the caller graph for this function:

Field Documentation

◆ $authId

SimpleSAML_Auth_Source::$authId

protected

Definition at line 22 of file Source.php.

The documentation for this class was generated from the following file:

libs/composer/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Auth/Source.php

Public Member Functions

Static Public Member Functions

Protected Member Functions

Static Protected Member Functions

Protected Attributes

Static Private Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ addLogoutCallback()

◆ authenticate()

◆ callLogoutCallback()

◆ completeAuth()

◆ completeLogout()

◆ getAuthId()

◆ getById()

◆ getSources()

◆ getSourcesOfType()

◆ initLogin()

◆ loginCompleted()

◆ logout()

◆ logoutCallback()

◆ parseAuthSource()

◆ reauthenticate()

◆ validateSource()

Field Documentation

◆ $authId