ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Public Member Functions | Data Fields | Static Private Member Functions | Private Attributes
SimpleSAML_Auth_ProcessingChain Class Reference
+ Collaboration diagram for SimpleSAML_Auth_ProcessingChain:

Public Member Functions

 __construct ($idpMetadata, $spMetadata, $mode='idp')
 Initialize an authentication processing chain for the given service provider and identity provider. More...
 
 processState (&$state)
 Process the given state. More...
 
 processStatePassive (&$state)
 Process the given state passivly. More...
 

Static Public Member Functions

static resumeProcessing ($state)
 Continues processing of the state. More...
 
static fetchProcessedState ($id)
 Retrieve a state which has finished processing. More...
 

Data Fields

const FILTERS_INDEX = 'SimpleSAML_Auth_ProcessingChain.filters'
 The list of remaining filters which should be applied to the state. More...
 
const COMPLETED_STAGE = 'SimpleSAML_Auth_ProcessingChain.completed'
 The stage we use for completed requests. More...
 
const AUTHPARAM = 'AuthProcId'
 The request parameter we will use to pass the state identifier when we redirect after having completed processing of the state. More...
 

Static Private Member Functions

static addFilters (&$target, $src)
 Sort & merge filter configuration. More...
 
static parseFilterList ($filterSrc)
 Parse an array of authentication processing filters. More...
 
static parseFilter ($config, $priority)
 Parse an authentication processing filter. More...
 
static addUserID (&$state)
 

Private Attributes

 $filters
 All authentication processing filters, in the order they should be applied. More...
 

Detailed Description

Definition at line 13 of file ProcessingChain.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Auth_ProcessingChain::__construct (   $idpMetadata,
  $spMetadata,
  $mode = 'idp' 
)

Initialize an authentication processing chain for the given service provider and identity provider.

Parameters
array$idpMetadataThe metadata for the IdP.
array$spMetadataThe metadata for the SP.

Definition at line 49 of file ProcessingChain.php.

References $config, $idpMetadata, $spMetadata, SimpleSAML\Logger\debug(), and SimpleSAML_Configuration\getInstance().

50  {
51  assert(is_array($idpMetadata));
52  assert(is_array($spMetadata));
53 
54  $this->filters = array();
55 
56  $config = SimpleSAML_Configuration::getInstance();
57  $configauthproc = $config->getArray('authproc.' . $mode, null);
58 
59  if (!empty($configauthproc)) {
60  $configfilters = self::parseFilterList($configauthproc);
61  self::addFilters($this->filters, $configfilters);
62  }
63 
64  if (array_key_exists('authproc', $idpMetadata)) {
65  $idpFilters = self::parseFilterList($idpMetadata['authproc']);
66  self::addFilters($this->filters, $idpFilters);
67  }
68 
69  if (array_key_exists('authproc', $spMetadata)) {
70  $spFilters = self::parseFilterList($spMetadata['authproc']);
71  self::addFilters($this->filters, $spFilters);
72  }
73 
74 
75  SimpleSAML\Logger::debug('Filter config for ' . $idpMetadata['entityid'] . '->' .
76  $spMetadata['entityid'] . ': ' . str_replace("\n", '', var_export($this->filters, true)));
77  }
$config
$config
Definition: bootstrap.php:15
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
$spMetadata
$spMetadata
Definition: logout-iframe-post.php:27
$idpMetadata
$idpMetadata
Definition: logout-iframe-post.php:26
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325
+ Here is the call graph for this function:

Member Function Documentation

◆ addFilters()

static SimpleSAML_Auth_ProcessingChain::addFilters ( $target,
  $src 
)
staticprivate

Sort & merge filter configuration.

Inserts unsorted filters into sorted filter list. This sort operation is stable.

Parameters
array&$targetTarget filter list. This list must be sorted.
array$srcSource filters. May be unsorted.

Definition at line 88 of file ProcessingChain.php.

References $i, and $target.

89  {
90  assert(is_array($target));
91  assert(is_array($src));
92 
93  foreach ($src as $filter) {
94  $fp = $filter->priority;
95 
96  // Find insertion position for filter
97  for ($i = count($target)-1; $i >= 0; $i--) {
98  if ($target[$i]->priority <= $fp) {
99  // The new filter should be inserted after this one
100  break;
101  }
102  }
103  /* $i now points to the filter which should preceede the current filter. */
104  array_splice($target, $i+1, 0, array($filter));
105  }
106  }
$i
$i
Definition: disco.tpl.php:19
$target
$target
Definition: test.php:19

◆ addUserID()

static SimpleSAML_Auth_ProcessingChain::addUserID ( $state)
staticprivate
Deprecated:
This method will be removed in SSP 2.0.

Definition at line 329 of file ProcessingChain.php.

References $state, and SimpleSAML\Logger\warning().

330  {
331  assert(is_array($state));
332  assert(array_key_exists('Attributes', $state));
333 
334  if (isset($state['Destination']['userid.attribute'])) {
335  $attributeName = $state['Destination']['userid.attribute'];
336  SimpleSAML\Logger::warning("The 'userid.attribute' option has been deprecated.");
337  } elseif (isset($state['Source']['userid.attribute'])) {
338  $attributeName = $state['Source']['userid.attribute'];
339  SimpleSAML\Logger::warning("The 'userid.attribute' option has been deprecated.");
340  } else {
341  // Default attribute
342  $attributeName = 'eduPersonPrincipalName';
343  }
344 
345  if (!array_key_exists($attributeName, $state['Attributes'])) {
346  return;
347  }
348 
349  $uid = $state['Attributes'][$attributeName];
350  if (count($uid) === 0) {
351  SimpleSAML\Logger::warning('Empty user id attribute [' . $attributeName . '].');
352  return;
353  }
354 
355  if (count($uid) > 1) {
356  SimpleSAML\Logger::warning('Multiple attribute values for user id attribute [' . $attributeName . '].');
357  return;
358  }
359 
360  // TODO: the attribute value should be trimmed
361  $uid = $uid[0];
362 
363  if (empty($uid)) {
364  SimpleSAML\Logger::warning('Empty value in attribute '.$attributeName.". on user. Cannot set UserID.");
365  return;
366  }
367  $state['UserID'] = $uid;
368  }
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177
+ Here is the call graph for this function:

◆ fetchProcessedState()

static SimpleSAML_Auth_ProcessingChain::fetchProcessedState (   $id)
static

Retrieve a state which has finished processing.

Parameters
string$idThe state identifier.
See also
SimpleSAML_Auth_State::parseStateID()
Returns
Array The state referenced by the $id parameter.

Definition at line 318 of file ProcessingChain.php.

References $id, and SimpleSAML_Auth_State\loadState().

319  {
320  assert(is_string($id));
321 
322  return SimpleSAML_Auth_State::loadState($id, self::COMPLETED_STAGE);
323  }
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
+ Here is the call graph for this function:

◆ parseFilter()

static SimpleSAML_Auth_ProcessingChain::parseFilter (   $config,
  $priority 
)
staticprivate

Parse an authentication processing filter.

Parameters
array$configArray with the authentication processing filter configuration.
int$priorityThe priority of the current filter, (not included in the filter definition.)
Returns
SimpleSAML_Auth_ProcessingFilter The parsed filter.

Definition at line 146 of file ProcessingChain.php.

References $config, and SimpleSAML\Module\resolveClass().

147  {
148  assert(is_array($config));
149 
150  if (!array_key_exists('class', $config)) {
151  throw new Exception('Authentication processing filter without name given.');
152  }
153 
154  $className = SimpleSAML\Module::resolveClass($config['class'], 'Auth_Process', 'SimpleSAML_Auth_ProcessingFilter');
155  $config['%priority'] = $priority;
156  unset($config['class']);
157  return new $className($config, null);
158  }
$config
$config
Definition: bootstrap.php:15
SimpleSAML\Module\resolveClass
static resolveClass($id, $type, $subclass=null)
Resolve module class.
Definition: Module.php:169
+ Here is the call graph for this function:

◆ parseFilterList()

static SimpleSAML_Auth_ProcessingChain::parseFilterList (   $filterSrc)
staticprivate

Parse an array of authentication processing filters.

Parameters
array$filterSrcArray with filter configuration.
Returns
array Array of SimpleSAML_Auth_ProcessingFilter objects.

Definition at line 115 of file ProcessingChain.php.

116  {
117  assert(is_array($filterSrc));
118 
119  $parsedFilters = array();
120 
121  foreach ($filterSrc as $priority => $filter) {
122  if (is_string($filter)) {
123  $filter = array('class' => $filter);
124  }
125 
126  if (!is_array($filter)) {
127  throw new Exception('Invalid authentication processing filter configuration: ' .
128  'One of the filters wasn\'t a string or an array.');
129  }
130 
131  $parsedFilters[] = self::parseFilter($filter, $priority);
132  }
133 
134  return $parsedFilters;
135  }

◆ processState()

SimpleSAML_Auth_ProcessingChain::processState ( $state)

Process the given state.

This function will only return if processing completes. If processing requires showing a page to the user, we will not be able to return from this function. There are two ways this can be handled:

  • Redirect to a URL: We will redirect to the URL set in $state['ReturnURL'].
  • Call a function: We will call the function set in $state['ReturnCall'].

If an exception is thrown during processing, it should be handled by the caller of this function. If the user has redirected to a different page, the exception will be returned through the exception handler defined on the state array. See SimpleSAML_Auth_State for more information.

See also
SimpleSAML_Auth_State
SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL
SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC
Parameters
array&$stateThe state we are processing.

Definition at line 181 of file ProcessingChain.php.

References $filters, and $state.

182  {
183  assert(is_array($state));
184  assert(array_key_exists('ReturnURL', $state) || array_key_exists('ReturnCall', $state));
185  assert(!array_key_exists('ReturnURL', $state) || !array_key_exists('ReturnCall', $state));
186 
187  $state[self::FILTERS_INDEX] = $this->filters;
188 
189  try {
190  // TODO: remove this in SSP 2.0
191  if (!array_key_exists('UserID', $state)) {
192  // No unique user ID present. Attempt to add one.
193  self::addUserID($state);
194  }
195 
196  while (count($state[self::FILTERS_INDEX]) > 0) {
197  $filter = array_shift($state[self::FILTERS_INDEX]);
198  $filter->process($state);
199  }
200  } catch (SimpleSAML_Error_Exception $e) {
201  // No need to convert the exception
202  throw $e;
203  } catch (Exception $e) {
204  /*
205  * To be consistent with the exception we return after an redirect,
206  * we convert this exception before returning it.
207  */
208  throw new SimpleSAML_Error_UnserializableException($e);
209  }
210 
211  // Completed
212  }
SimpleSAML_Error_Exception
Definition: Exception.php:12
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Auth_ProcessingChain\$filters
$filters
All authentication processing filters, in the order they should be applied.
Definition: ProcessingChain.php:39
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:15

◆ processStatePassive()

SimpleSAML_Auth_ProcessingChain::processStatePassive ( $state)

Process the given state passivly.

Modules with user interaction are expected to throw an exception which are silently ignored. Exceptions of other types are passed further up the call stack.

This function will only return if processing completes.

Parameters
array&$stateThe state we are processing.

Definition at line 280 of file ProcessingChain.php.

References $filters, and $state.

281  {
282  assert(is_array($state));
283  // Should not be set when calling this method
284  assert(!array_key_exists('ReturnURL', $state));
285 
286  // Notify filters about passive request
287  $state['isPassive'] = true;
288 
289  $state[self::FILTERS_INDEX] = $this->filters;
290 
291  // TODO: remove this in SSP 2.0
292  if (!array_key_exists('UserID', $state)) {
293  // No unique user ID present. Attempt to add one.
294  self::addUserID($state);
295  }
296 
297  while (count($state[self::FILTERS_INDEX]) > 0) {
298  $filter = array_shift($state[self::FILTERS_INDEX]);
299  try {
300  $filter->process($state);
301  // Ignore SimpleSAML_Error_NoPassive exceptions
302  } catch (SimpleSAML_Error_NoPassive $e) {
303  // @deprecated will be removed in 2.0
304  // Ignore \SimpleSAML\Error\NoPassive exceptions
305  } catch (\SimpleSAML\Module\saml\Error\NoPassive $e) {
306  // Ignore \SimpleSAML\Module\saml\Error\NoPassive exceptions
307  }
308  }
309  }
SimpleSAML_Error_NoPassive
Class SimpleSAML_Error_NoPassive.
Definition: NoPassive.php:12
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML
Attribute-related utility methods.
SimpleSAML_Auth_ProcessingChain\$filters
$filters
All authentication processing filters, in the order they should be applied.
Definition: ProcessingChain.php:39

◆ resumeProcessing()

static SimpleSAML_Auth_ProcessingChain::resumeProcessing (   $state)
static

Continues processing of the state.

This function is used to resume processing by filters which for example needed to show a page to the user.

This function will never return. Exceptions thrown during processing will be passed to whatever exception handler is defined in the state array.

Parameters
array$stateThe state we are processing.

Definition at line 226 of file ProcessingChain.php.

References $id, $state, SimpleSAML_Auth_State\deleteState(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), SimpleSAML_Auth_State\saveState(), and SimpleSAML_Auth_State\throwException().

227  {
228  assert(is_array($state));
229 
230  while (count($state[self::FILTERS_INDEX]) > 0) {
231  $filter = array_shift($state[self::FILTERS_INDEX]);
232  try {
233  $filter->process($state);
234  } catch (SimpleSAML_Error_Exception $e) {
235  SimpleSAML_Auth_State::throwException($state, $e);
236  } catch (Exception $e) {
237  $e = new SimpleSAML_Error_UnserializableException($e);
238  SimpleSAML_Auth_State::throwException($state, $e);
239  }
240  }
241 
242  // Completed
243 
244  assert(array_key_exists('ReturnURL', $state) || array_key_exists('ReturnCall', $state));
245  assert(!array_key_exists('ReturnURL', $state) || !array_key_exists('ReturnCall', $state));
246 
247 
248  if (array_key_exists('ReturnURL', $state)) {
249  /*
250  * Save state information, and redirect to the URL specified
251  * in $state['ReturnURL'].
252  */
253  $id = SimpleSAML_Auth_State::saveState($state, self::COMPLETED_STAGE);
254  \SimpleSAML\Utils\HTTP::redirectTrustedURL($state['ReturnURL'], array(self::AUTHPARAM => $id));
255  } else {
256  /* Pass the state to the function defined in $state['ReturnCall']. */
257 
258  // We are done with the state array in the session. Delete it.
259  SimpleSAML_Auth_State::deleteState($state);
260 
261  $func = $state['ReturnCall'];
262  assert(is_callable($func));
263 
264  call_user_func($func, $state);
265  assert(false);
266  }
267  }
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Error_Exception
Definition: Exception.php:12
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:15
SimpleSAML_Auth_State\deleteState
static deleteState(&$state)
Delete state.
Definition: State.php:319
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

Field Documentation

◆ $filters

SimpleSAML_Auth_ProcessingChain::$filters
private

All authentication processing filters, in the order they should be applied.

Definition at line 39 of file ProcessingChain.php.

Referenced by processState(), and processStatePassive().

◆ AUTHPARAM

const SimpleSAML_Auth_ProcessingChain::AUTHPARAM = 'AuthProcId'

The request parameter we will use to pass the state identifier when we redirect after having completed processing of the state.

Definition at line 33 of file ProcessingChain.php.

◆ COMPLETED_STAGE

const SimpleSAML_Auth_ProcessingChain::COMPLETED_STAGE = 'SimpleSAML_Auth_ProcessingChain.completed'

The stage we use for completed requests.

Definition at line 26 of file ProcessingChain.php.

◆ FILTERS_INDEX

const SimpleSAML_Auth_ProcessingChain::FILTERS_INDEX = 'SimpleSAML_Auth_ProcessingChain.filters'

The list of remaining filters which should be applied to the state.

Definition at line 20 of file ProcessingChain.php.

The documentation for this class was generated from the following file: