ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
ExpectedAuthnContextClassRef.php
Go to the documentation of this file.
1<?php
2
3
20{
21
26 private $accepted;
27
28
34
35
44 public function __construct($config, $reserved)
45 {
46 parent::__construct($config, $reserved);
47
48 assert('is_array($config)');
49 if (empty($config['accepted'])) {
51 'ExpectedAuthnContextClassRef: Configuration error. There is no accepted AuthnContextClassRef.'
52 );
54 'ExpectedAuthnContextClassRef: Configuration error. There is no accepted AuthnContextClassRef.'
55 );
56 }
57 $this->accepted = $config['accepted'];
58 }
59
60
65 public function process(&$request)
66 {
67 assert('is_array($request)');
68 assert('array_key_exists("Attributes", $request)');
69
70 $this->AuthnContextClassRef = $request['saml:sp:State']['saml:sp:AuthnContext'];
71
72 if (!in_array($this->AuthnContextClassRef, $this->accepted, true)) {
73 $this->unauthorized($request);
74 }
75 }
76
77
90 protected function unauthorized(&$request)
91 {
93 'ExpectedAuthnContextClassRef: Invalid authentication context: '.$this->AuthnContextClassRef.
94 '. Accepted values are: '.var_export($this->accepted, true)
95 );
96
97 $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
99 'saml/sp/wrong_authncontextclassref.php'
100 );
102 }
103}
An exception for terminatinating execution or to throw for unit testing.
static error($string)
Definition: Logger.php:168
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
unauthorized(&$request)
When the process logic determines that the user is not authorized for this service,...
__construct($config, $reserved)
Initialize this filter, parse configuration.
if(!array_key_exists('StateId', $_REQUEST)) $id
$url