ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions | Private Attributes
sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef Class Reference
+ Inheritance diagram for sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef:
+ Collaboration diagram for sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef:

Public Member Functions

 __construct ($config, $reserved)
 Initialize this filter, parse configuration. More...
 
 process (&$request)
 
- Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
 __construct (&$config, $reserved)
 Constructor for a processing filter. More...
 
 process (&$request)
 Process a request. More...
 

Protected Member Functions

 unauthorized (&$request)
 When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page. More...
 

Private Attributes

 $accepted
 
 $AuthnContextClassRef
 

Additional Inherited Members

- Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
 $priority = 50
 Priority of this filter. More...
 

Detailed Description

Definition at line 19 of file ExpectedAuthnContextClassRef.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::__construct (   $config,
  $reserved 
)

Initialize this filter, parse configuration.

Parameters
array$configConfiguration information about this filter.
mixed$reservedFor future use.
Exceptions
SimpleSAML_Error_Exceptionif the mandatory 'accepted' configuration option is missing.

Definition at line 44 of file ExpectedAuthnContextClassRef.php.

45 {
46 parent::__construct($config, $reserved);
47
48 assert(is_array($config));
49 if (empty($config['accepted'])) {
50 SimpleSAML\Logger::error(
51 'ExpectedAuthnContextClassRef: Configuration error. There is no accepted AuthnContextClassRef.'
52 );
53 throw new SimpleSAML_Error_Exception(
54 'ExpectedAuthnContextClassRef: Configuration error. There is no accepted AuthnContextClassRef.'
55 );
56 }
57 $this->accepted = $config['accepted'];
58 }
SimpleSAML\Logger\error
static error($string)
Definition: Logger.php:166
SimpleSAML_Error_Exception
Definition: Exception.php:13
$config
$config
Definition: bootstrap.php:15

References $config, and SimpleSAML\Logger\error().

+ Here is the call graph for this function:

Member Function Documentation

◆ process()

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::process ( $request)
Parameters
array&$requestThe current request

Reimplemented from SimpleSAML_Auth_ProcessingFilter.

Definition at line 65 of file ExpectedAuthnContextClassRef.php.

66 {
67 assert(is_array($request));
68 assert(array_key_exists('Attributes', $request));
69
70 $this->AuthnContextClassRef = $request['saml:sp:State']['saml:sp:AuthnContext'];
71
72 if (!in_array($this->AuthnContextClassRef, $this->accepted, true)) {
73 $this->unauthorized($request);
74 }
75 }
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef\unauthorized
unauthorized(&$request)
When the process logic determines that the user is not authorized for this service,...
Definition: ExpectedAuthnContextClassRef.php:90

References $request, and unauthorized().

+ Here is the call graph for this function:

◆ unauthorized()

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::unauthorized ( $request)
protected

When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page.

Separated this code into its own method so that child classes can override it and change the action. Forward thinking in case a "chained" ACL is needed, more complex permission logic.

Parameters
array$request

Definition at line 90 of file ExpectedAuthnContextClassRef.php.

91 {
92 SimpleSAML\Logger::error(
93 'ExpectedAuthnContextClassRef: Invalid authentication context: '.$this->AuthnContextClassRef.
94 '. Accepted values are: '.var_export($this->accepted, true)
95 );
96
97 $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
98 $url = SimpleSAML\Module::getModuleURL(
99 'saml/sp/wrong_authncontextclassref.php'
100 );
101 \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
102 }
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$url
$url
Definition: proxy_ylocal.php:28

References $id, $request, $url, SimpleSAML\Logger\error(), SimpleSAML\Module\getModuleURL(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

Referenced by process().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $accepted

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::$accepted
private

Definition at line 26 of file ExpectedAuthnContextClassRef.php.

◆ $AuthnContextClassRef

sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef::$AuthnContextClassRef
private

Definition at line 33 of file ExpectedAuthnContextClassRef.php.

The documentation for this class was generated from the following file: