ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
SP.php
Go to the documentation of this file.
1<?php
2
3class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source
4{
10 private $entityId;
11
17 private $metadata;
18
24 private $idp;
25
31 private $discoURL;
32
39 public function __construct($info, $config)
40 {
41 assert(is_array($info));
42 assert(is_array($config));
43
44 // Call the parent constructor first, as required by the interface
45 parent::__construct($info, $config);
46
47 if (!isset($config['entityID'])) {
48 $config['entityID'] = $this->getMetadataURL();
49 }
50
51 /* For compatibility with code that assumes that $metadata->getString('entityid')
52 * gives the entity id. */
53 $config['entityid'] = $config['entityID'];
54
55 $this->metadata = SimpleSAML_Configuration::loadFromArray($config,
56 'authsources[' . var_export($this->authId, true) . ']');
57 $this->entityId = $this->metadata->getString('entityID');
58 $this->idp = $this->metadata->getString('idp', null);
59 $this->discoURL = $this->metadata->getString('discoURL', null);
60
61 if (empty($this->discoURL) && SimpleSAML\Module::isModuleEnabled('discojuice')) {
62 $this->discoURL = SimpleSAML\Module::getModuleURL('discojuice/central.php');
63 }
64 }
65
71 public function getMetadataURL()
72 {
73 return SimpleSAML\Module::getModuleURL('saml/sp/metadata.php/' . urlencode($this->authId));
74 }
75
81 public function getEntityId()
82 {
83 return $this->entityId;
84 }
85
91 public function getMetadata()
92 {
93 return $this->metadata;
94 }
95
102 public function getIdPMetadata($entityId)
103 {
104 assert(is_string($entityId));
105
106 if ($this->idp !== null && $this->idp !== $entityId) {
107 throw new SimpleSAML_Error_Exception('Cannot retrieve metadata for IdP ' .
108 var_export($entityId, true) .
109 ' because it isn\'t a valid IdP for this SP.');
110 }
111
112 $metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
113
114 // First, look in saml20-idp-remote.
115 try {
116 return $metadataHandler->getMetaDataConfig($entityId, 'saml20-idp-remote');
117 } catch (Exception $e) {
118 /* Metadata wasn't found. */
119 SimpleSAML\Logger::debug('getIdpMetadata: ' . $e->getMessage());
120 }
121
122 /* Not found in saml20-idp-remote, look in shib13-idp-remote. */
123 try {
124 return $metadataHandler->getMetaDataConfig($entityId, 'shib13-idp-remote');
125 } catch (Exception $e) {
126 /* Metadata wasn't found. */
127 SimpleSAML\Logger::debug('getIdpMetadata: ' . $e->getMessage());
128 }
129
130 /* Not found. */
131 throw new SimpleSAML_Error_Exception('Could not find the metadata of an IdP with entity ID ' .
132 var_export($entityId, true));
133 }
134
141 private function startSSO1(SimpleSAML_Configuration $idpMetadata, array $state)
142 {
143 $idpEntityId = $idpMetadata->getString('entityid');
144
145 $state['saml:idp'] = $idpEntityId;
146
147 $ar = new \SimpleSAML\XML\Shib13\AuthnRequest();
148 $ar->setIssuer($this->entityId);
149
150 $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
151 $ar->setRelayState($id);
152
153 $useArtifact = $idpMetadata->getBoolean('saml1.useartifact', null);
154 if ($useArtifact === null) {
155 $useArtifact = $this->metadata->getBoolean('saml1.useartifact', false);
156 }
157
158 if ($useArtifact) {
159 $shire = SimpleSAML\Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId . '/artifact');
160 } else {
161 $shire = SimpleSAML\Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId);
162 }
163
164 $url = $ar->createRedirect($idpEntityId, $shire);
165
166 SimpleSAML\Logger::debug('Starting SAML 1 SSO to ' . var_export($idpEntityId, true) .
167 ' from ' . var_export($this->entityId, true) . '.');
168 \SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
169 }
170
177 private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state)
178 {
179 if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] < 0) {
180 SimpleSAML_Auth_State::throwException(
181 $state,
182 new \SimpleSAML\Module\saml\Error\ProxyCountExceeded(\SAML2\Constants::STATUS_RESPONDER)
183 );
184 }
185
186 $ar = sspmod_saml_Message::buildAuthnRequest($this->metadata, $idpMetadata);
187
188 // ilias-patch: begin
189 // see: https://bugs.launchpad.net/mahara/+bug/1689685
190 // see: https://github.com/simplesamlphp/simplesamlphp/issues/503
191 //$ar->setAssertionConsumerServiceURL(SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId));
192 $ar->setAssertionConsumerServiceURL(ILIAS_HTTP_PATH . '/Services/Saml/lib/saml2-acs.php/default-sp/' . CLIENT_ID);
193 // ilias-patch: end
194
195 if (isset($state['SimpleSAML_Auth_Source.ReturnURL'])) {
196 $ar->setRelayState($state['SimpleSAML_Auth_Source.ReturnURL']);
197 }
198
199 if (isset($state['saml:AuthnContextClassRef'])) {
200 $accr = SimpleSAML\Utils\Arrays::arrayize($state['saml:AuthnContextClassRef']);
201 $comp = SAML2\Constants::COMPARISON_EXACT;
202 if (isset($state['saml:AuthnContextComparison']) && in_array($state['AuthnContextComparison'], array(
203 SAML2\Constants::COMPARISON_EXACT,
204 SAML2\Constants::COMPARISON_MINIMUM,
205 SAML2\Constants::COMPARISON_MAXIMUM,
206 SAML2\Constants::COMPARISON_BETTER,
207 ), true)) {
208 $comp = $state['saml:AuthnContextComparison'];
209 }
210 $ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr, 'Comparison' => $comp));
211 }
212
213 if (isset($state['ForceAuthn'])) {
214 $ar->setForceAuthn((bool)$state['ForceAuthn']);
215 }
216
217 if (isset($state['isPassive'])) {
218 $ar->setIsPassive((bool)$state['isPassive']);
219 }
220
221 if (isset($state['saml:NameID'])) {
222 if (!is_array($state['saml:NameID']) && !is_a($state['saml:NameID'], '\SAML2\XML\saml\NameID')) {
223 throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameID\'].');
224 }
225 $ar->setNameId($state['saml:NameID']);
226 }
227
228 if (isset($state['saml:NameIDPolicy'])) {
229 if (is_string($state['saml:NameIDPolicy'])) {
230 $policy = array(
231 'Format' => (string)$state['saml:NameIDPolicy'],
232 'AllowCreate' => true,
233 );
234 } elseif (is_array($state['saml:NameIDPolicy'])) {
235 $policy = $state['saml:NameIDPolicy'];
236 } else {
237 throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameIDPolicy\'].');
238 }
239 $ar->setNameIdPolicy($policy);
240 }
241
242 if (isset($state['saml:IDPList'])) {
243 $IDPList = $state['saml:IDPList'];
244 } else {
245 $IDPList = array();
246 }
247
248 $ar->setIDPList(array_unique(array_merge($this->metadata->getArray('IDPList', array()),
249 $idpMetadata->getArray('IDPList', array()),
250 (array) $IDPList)));
251
252 if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] !== null) {
253 $ar->setProxyCount($state['saml:ProxyCount']);
254 } elseif ($idpMetadata->getInteger('ProxyCount', null) !== null) {
255 $ar->setProxyCount($idpMetadata->getInteger('ProxyCount', null));
256 } elseif ($this->metadata->getInteger('ProxyCount', null) !== null) {
257 $ar->setProxyCount($this->metadata->getInteger('ProxyCount', null));
258 }
259
260 $requesterID = array();
261 if (isset($state['saml:RequesterID'])) {
262 $requesterID = $state['saml:RequesterID'];
263 }
264
265 if (isset($state['core:SP'])) {
266 $requesterID[] = $state['core:SP'];
267 }
268
269 $ar->setRequesterID($requesterID);
270
271 if (isset($state['saml:Extensions'])) {
272 $ar->setExtensions($state['saml:Extensions']);
273 }
274
275 // save IdP entity ID as part of the state
276 $state['ExpectedIssuer'] = $idpMetadata->getString('entityid');
277
278 $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', true);
279 $ar->setId($id);
280
281 SimpleSAML\Logger::debug('Sending SAML 2 AuthnRequest to ' .
282 var_export($idpMetadata->getString('entityid'), true));
283
284 /* Select appropriate SSO endpoint */
285 if ($ar->getProtocolBinding() === \SAML2\Constants::BINDING_HOK_SSO) {
286 $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(
287 \SAML2\Constants::BINDING_HOK_SSO)
288 );
289 } else {
290 $dst = $idpMetadata->getEndpointPrioritizedByBinding('SingleSignOnService', [
291 \SAML2\Constants::BINDING_HTTP_REDIRECT,
292 \SAML2\Constants::BINDING_HTTP_POST,
293 ]);
294 }
295 $ar->setDestination($dst['Location']);
296
297 $b = \SAML2\Binding::getBinding($dst['Binding']);
298
299 $this->sendSAML2AuthnRequest($state, $b, $ar);
300
301 assert(false);
302 }
303
313 public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar)
314 {
315 $binding->send($ar);
316 assert(false);
317 }
318
325 public function startSSO($idp, array $state)
326 {
327 assert(is_string($idp));
328
329 $idpMetadata = $this->getIdPMetadata($idp);
330
331 $type = $idpMetadata->getString('metadata-set');
332 switch ($type) {
333 case 'shib13-idp-remote':
334 $this->startSSO1($idpMetadata, $state);
335 assert(false); /* Should not return. */
336 case 'saml20-idp-remote':
337 $this->startSSO2($idpMetadata, $state);
338 assert(false); /* Should not return. */
339 default:
340 /* Should only be one of the known types. */
341 assert(false);
342 }
343 }
344
350 private function startDisco(array $state)
351 {
352 $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
353
354 $discoURL = $this->discoURL;
355 if ($discoURL === null) {
356 /* Fallback to internal discovery service. */
357 $discoURL = SimpleSAML\Module::getModuleURL('saml/disco.php');
358 }
359
360 $returnTo = SimpleSAML\Module::getModuleURL('saml/sp/discoresp.php', array('AuthID' => $id));
361
362 $params = array(
363 'entityID' => $this->entityId,
364 'return' => $returnTo,
365 'returnIDParam' => 'idpentityid'
366 );
367
368 if(isset($state['saml:IDPList'])) {
369 $params['IDPList'] = $state['saml:IDPList'];
370 }
371
372 if (isset($state['isPassive']) && $state['isPassive']) {
373 $params['isPassive'] = 'true';
374 }
375
376 \SimpleSAML\Utils\HTTP::redirectTrustedURL($discoURL, $params);
377 }
378
386 public function authenticate(&$state)
387 {
388 assert(is_array($state));
389
390 /* We are going to need the authId in order to retrieve this authentication source later. */
391 $state['saml:sp:AuthId'] = $this->authId;
392
393 $idp = $this->idp;
394
395 if (isset($state['saml:idp'])) {
396 $idp = (string)$state['saml:idp'];
397 }
398
399 if (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0) {
400 // we have a SAML IDPList (we are a proxy): filter the list of IdPs available
401 $mdh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
402 $known_idps = $mdh->getList();
403 $intersection = array_intersect($state['saml:IDPList'], array_keys($known_idps));
404
405 if (empty($intersection)) {
406 // all requested IdPs are unknown
407 throw new SimpleSAML\Module\saml\Error\NoSupportedIDP(
408 \SAML2\Constants::STATUS_REQUESTER,
409 'None of the IdPs requested are supported by this proxy.'
410 );
411 }
412
413 if (!is_null($idp) && !in_array($idp, $intersection, true)) {
414 // the IdP is enforced but not in the IDPList
415 throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(
416 \SAML2\Constants::STATUS_REQUESTER,
417 'None of the IdPs requested are available to this proxy.'
418 );
419 }
420
421 if (is_null($idp) && sizeof($intersection) === 1) {
422 // only one IdP requested or valid
423 $idp = current($state['saml:IDPList']);
424 }
425 }
426
427 if ($idp === null) {
428 $this->startDisco($state);
429 assert(false);
430 }
431
432 $this->startSSO($idp, $state);
433 assert(false);
434 }
435
444 public function reauthenticate(array &$state)
445 {
446 assert(is_array($state));
447
448 $session = SimpleSAML_Session::getSessionFromRequest();
449 $data = $session->getAuthState($this->authId);
450 foreach ($data as $k => $v) {
451 $state[$k] = $v;
452 }
453
454 // check if we have an IDPList specified in the request
455 if (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0 &&
456 !in_array($state['saml:sp:IdP'], $state['saml:IDPList'], true))
457 {
458 /*
459 * The user has an existing, valid session. However, the SP
460 * provided a list of IdPs it accepts for authentication, and
461 * the IdP the existing session is related to is not in that list.
462 *
463 * First, check if we recognize any of the IdPs requested.
464 */
465
466 $mdh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
467 $known_idps = $mdh->getList();
468 $intersection = array_intersect($state['saml:IDPList'], array_keys($known_idps));
469
470 if (empty($intersection)) {
471 // all requested IdPs are unknown
472 throw new SimpleSAML\Module\saml\Error\NoSupportedIDP(
473 \SAML2\Constants::STATUS_REQUESTER,
474 'None of the IdPs requested are supported by this proxy.'
475 );
476 }
477
478 /*
479 * We have at least one IdP in the IDPList that we recognize, and
480 * it's not the one currently in use. Let's see if this proxy
481 * enforces the use of one single IdP.
482 */
483 if (!is_null($this->idp) && !in_array($this->idp, $intersection, true)) {
484 // an IdP is enforced but not requested
485 throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(
486 \SAML2\Constants::STATUS_REQUESTER,
487 'None of the IdPs requested are available to this proxy.'
488 );
489 }
490
491 /*
492 * We need to inform the user, and ask whether we should logout before
493 * starting the authentication process again with a different IdP, or
494 * cancel the current SSO attempt.
495 */
496 SimpleSAML\Logger::warning(
497 "Reauthentication after logout is needed. The IdP '${state['saml:sp:IdP']}' is not in the IDPList ".
498 "provided by the Service Provider '${state['core:SP']}'."
499 );
500
501 $state['saml:sp:IdPMetadata'] = $this->getIdPMetadata($state['saml:sp:IdP']);
502 $state['saml:sp:AuthId'] = $this->authId;
503 self::askForIdPChange($state);
504 }
505 }
506
507
527 public static function askForIdPChange(array &$state)
528 {
529 assert(array_key_exists('saml:sp:IdPMetadata', $state));
530 assert(array_key_exists('saml:sp:AuthId', $state));
531 assert(array_key_exists('core:IdP', $state));
532 assert(array_key_exists('SPMetadata', $state));
533
534 if (isset($state['isPassive']) && (bool)$state['isPassive']) {
535 // passive request, we cannot authenticate the user
536 throw new SimpleSAML\Module\saml\Error\NoPassive(
537 \SAML2\Constants::STATUS_REQUESTER,
538 'Reauthentication required'
539 );
540 }
541
542 // save the state WITHOUT a restart URL, so that we don't try an IdP-initiated login if something goes wrong
543 $id = SimpleSAML_Auth_State::saveState($state, 'saml:proxy:invalid_idp', true);
544 $url = SimpleSAML\Module::getModuleURL('saml/proxy/invalid_session.php');
545 SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));
546 assert(false);
547 }
548
556 public static function reauthLogout(array $state)
557 {
558 SimpleSAML\Logger::debug('Proxy: logging the user out before re-authentication.');
559
560 if (isset($state['Responder'])) {
561 $state['saml:proxy:reauthLogout:PrevResponder'] = $state['Responder'];
562 }
563 $state['Responder'] = array('sspmod_saml_Auth_Source_SP', 'reauthPostLogout');
564
565 $idp = SimpleSAML_IdP::getByState($state);
566 $idp->handleLogoutRequest($state, null);
567 assert(false);
568 }
569
575 public static function reauthPostLogin(array $state)
576 {
577 assert(isset($state['ReturnCallback']));
578
579 // Update session state
580 $session = SimpleSAML_Session::getSessionFromRequest();
581 $authId = $state['saml:sp:AuthId'];
582 $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
583
584 // resume the login process
585 call_user_func($state['ReturnCallback'], $state);
586 assert(false);
587 }
588
597 public static function reauthPostLogout(SimpleSAML_IdP $idp, array $state)
598 {
599 assert(isset($state['saml:sp:AuthId']));
600
601 SimpleSAML\Logger::debug('Proxy: logout completed.');
602
603 if (isset($state['saml:proxy:reauthLogout:PrevResponder'])) {
604 $state['Responder'] = $state['saml:proxy:reauthLogout:PrevResponder'];
605 }
606
607 $sp = SimpleSAML_Auth_Source::getById($state['saml:sp:AuthId'], 'sspmod_saml_Auth_Source_SP');
609 SimpleSAML\Logger::debug('Proxy: logging in again.');
610 $sp->authenticate($state);
611 assert(false);
612 }
613
619 public function startSLO2(&$state)
620 {
621 assert(is_array($state));
622 assert(array_key_exists('saml:logout:IdP', $state));
623 assert(array_key_exists('saml:logout:NameID', $state));
624 assert(array_key_exists('saml:logout:SessionIndex', $state));
625
626 $id = SimpleSAML_Auth_State::saveState($state, 'saml:slosent');
627
628 $idp = $state['saml:logout:IdP'];
629 $nameId = $state['saml:logout:NameID'];
630 $sessionIndex = $state['saml:logout:SessionIndex'];
631
632 $idpMetadata = $this->getIdPMetadata($idp);
633
634 $endpoint = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
635 \SAML2\Constants::BINDING_HTTP_REDIRECT,
636 \SAML2\Constants::BINDING_HTTP_POST), false);
637 if ($endpoint === false) {
638 SimpleSAML\Logger::info('No logout endpoint for IdP ' . var_export($idp, true) . '.');
639 return;
640 }
641
642 $lr = sspmod_saml_Message::buildLogoutRequest($this->metadata, $idpMetadata);
643 $lr->setNameId($nameId);
644 $lr->setSessionIndex($sessionIndex);
645 $lr->setRelayState($id);
646 $lr->setDestination($endpoint['Location']);
647
648 $encryptNameId = $idpMetadata->getBoolean('nameid.encryption', null);
649 if ($encryptNameId === null) {
650 $encryptNameId = $this->metadata->getBoolean('nameid.encryption', false);
651 }
652 if ($encryptNameId) {
653 $lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($idpMetadata));
654 }
655
656 $b = \SAML2\Binding::getBinding($endpoint['Binding']);
657 $b->send($lr);
658
659 assert(false);
660 }
661
667 public function logout(&$state)
668 {
669 assert(is_array($state));
670 assert(array_key_exists('saml:logout:Type', $state));
671
672 $logoutType = $state['saml:logout:Type'];
673 switch ($logoutType) {
674 case 'saml1':
675 /* Nothing to do. */
676 return;
677 case 'saml2':
678 $this->startSLO2($state);
679 return;
680 default:
681 /* Should never happen. */
682 assert(false);
683 }
684 }
685
693 public function handleResponse(array $state, $idp, array $attributes)
694 {
695 assert(is_string($idp));
696 assert(array_key_exists('LogoutState', $state));
697 assert(array_key_exists('saml:logout:Type', $state['LogoutState']));
698
699 $idpMetadata = $this->getIdpMetadata($idp);
700
701 $spMetadataArray = $this->metadata->toArray();
702 $idpMetadataArray = $idpMetadata->toArray();
703
704 /* Save the IdP in the state array. */
705 $state['saml:sp:IdP'] = $idp;
706 $state['PersistentAuthData'][] = 'saml:sp:IdP';
707
708 $authProcState = array(
709 'saml:sp:IdP' => $idp,
710 'saml:sp:State' => $state,
711 'ReturnCall' => array('sspmod_saml_Auth_Source_SP', 'onProcessingCompleted'),
712
713 'Attributes' => $attributes,
714 'Destination' => $spMetadataArray,
715 'Source' => $idpMetadataArray,
716 );
717
718 if (isset($state['saml:sp:NameID'])) {
719 $authProcState['saml:sp:NameID'] = $state['saml:sp:NameID'];
720 }
721 if (isset($state['saml:sp:SessionIndex'])) {
722 $authProcState['saml:sp:SessionIndex'] = $state['saml:sp:SessionIndex'];
723 }
724
725 $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadataArray, $spMetadataArray, 'sp');
726 $pc->processState($authProcState);
727
728 self::onProcessingCompleted($authProcState);
729 }
730
736 public function handleLogout($idpEntityId)
737 {
738 assert(is_string($idpEntityId));
739
740 /* Call the logout callback we registered in onProcessingCompleted(). */
741 $this->callLogoutCallback($idpEntityId);
742 }
743
758 public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
759 {
760 assert(is_string($authId));
761 assert(is_string($redirectTo));
762
763 $session = SimpleSAML_Session::getSessionFromRequest();
764 $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
765
766 \SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
767 }
768
774 public static function onProcessingCompleted(array $authProcState)
775 {
776 assert(array_key_exists('saml:sp:IdP', $authProcState));
777 assert(array_key_exists('saml:sp:State', $authProcState));
778 assert(array_key_exists('Attributes', $authProcState));
779
780 $idp = $authProcState['saml:sp:IdP'];
781 $state = $authProcState['saml:sp:State'];
782
783 $sourceId = $state['saml:sp:AuthId'];
784 $source = SimpleSAML_Auth_Source::getById($sourceId);
785 if ($source === null) {
786 throw new Exception('Could not find authentication source with id ' . $sourceId);
787 }
788
789 /* Register a callback that we can call if we receive a logout request from the IdP. */
790 $source->addLogoutCallback($idp, $state);
791
792 $state['Attributes'] = $authProcState['Attributes'];
793
794 if (isset($state['saml:sp:isUnsolicited']) && (bool)$state['saml:sp:isUnsolicited']) {
795 if (!empty($state['saml:sp:RelayState'])) {
796 $redirectTo = $state['saml:sp:RelayState'];
797 } else {
798 $redirectTo = $source->getMetadata()->getString('RelayState', '/');
799 }
800 self::handleUnsolicitedAuth($sourceId, $state, $redirectTo);
801 }
802
803 SimpleSAML_Auth_Source::completeAuth($state);
804 }
805}
$endpoint
$endpoint
Definition: attributeserver.php:23
$sourceId
if(!array_key_exists(sspmod_authfacebook_Auth_Source_Facebook::AUTHID, $state)) $sourceId
Definition: linkback.php:20
$source
$source
Definition: linkback.php:22
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
$returnTo
if(!isset($_REQUEST['ReturnTo'])) $returnTo
Definition: authpage.php:16
php
An exception for terminatinating execution or to throw for unit testing.
SAML2\Binding\getBinding
static getBinding($urn)
Retrieve a binding with the given URN.
Definition: Binding.php:28
SAML2\Constants\COMPARISON_EXACT
const COMPARISON_EXACT
Request Authentication Context Comparison indicating that the resulting authentication context in the...
Definition: Constants.php:83
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:199
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
SimpleSAML\Utils\Arrays\arrayize
static arrayize($data, $index=0)
Put a non-array variable into an array.
Definition: Arrays.php:24
SimpleSAML\Utils\HTTP\redirectUntrustedURL
static redirectUntrustedURL($url, $parameters=array())
This function redirects to the specified URL after performing the appropriate security checks on it.
Definition: HTTP.php:991
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
SimpleSAML_Auth_ProcessingChain
Definition: ProcessingChain.php:14
SimpleSAML_Auth_Source
Definition: Source.php:14
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:340
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:136
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:23
SimpleSAML_Auth_Source\callLogoutCallback
callLogoutCallback($assoc)
Call a logout callback based on association.
Definition: Source.php:455
SimpleSAML_Auth_State\getPersistentAuthData
static getPersistentAuthData(array $state)
Get the persistent authentication state from the state array.
Definition: State.php:103
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
SimpleSAML_Configuration
Definition: Configuration.php:12
SimpleSAML_Configuration\loadFromArray
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
Definition: Configuration.php:297
SimpleSAML_Error_Exception
Definition: Exception.php:13
SimpleSAML_IdP
Definition: IdP.php:11
SimpleSAML_IdP\getByState
static getByState(array &$state)
Retrieve the IdP "owning" the state.
Definition: IdP.php:145
SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:241
sspmod_saml_Auth_Source_SP
Definition: SP.php:4
sspmod_saml_Auth_Source_SP\handleResponse
handleResponse(array $state, $idp, array $attributes)
Handle a response from a SSO operation.
Definition: SP.php:693
sspmod_saml_Auth_Source_SP\askForIdPChange
static askForIdPChange(array &$state)
Ask the user to log out before being able to log in again with a different identity provider.
Definition: SP.php:527
sspmod_saml_Auth_Source_SP\handleLogout
handleLogout($idpEntityId)
Handle a logout request from an IdP.
Definition: SP.php:736
sspmod_saml_Auth_Source_SP\logout
logout(&$state)
Start logout operation.
Definition: SP.php:667
sspmod_saml_Auth_Source_SP\handleUnsolicitedAuth
static handleUnsolicitedAuth($authId, array $state, $redirectTo)
Handle an unsolicited login operations.
Definition: SP.php:758
sspmod_saml_Auth_Source_SP\authenticate
authenticate(&$state)
Start login.
Definition: SP.php:386
sspmod_saml_Auth_Source_SP\getIdPMetadata
getIdPMetadata($entityId)
Retrieve the metadata of an IdP.
Definition: SP.php:102
sspmod_saml_Auth_Source_SP\reauthLogout
static reauthLogout(array $state)
Log the user out before logging in again.
Definition: SP.php:556
sspmod_saml_Auth_Source_SP\startSLO2
startSLO2(&$state)
Start a SAML 2 logout operation.
Definition: SP.php:619
sspmod_saml_Auth_Source_SP\startSSO2
startSSO2(SimpleSAML_Configuration $idpMetadata, array $state)
Send a SAML2 SSO request to an IdP.
Definition: SP.php:177
sspmod_saml_Auth_Source_SP\__construct
__construct($info, $config)
Constructor for SAML SP authentication source.
Definition: SP.php:39
sspmod_saml_Auth_Source_SP\getEntityId
getEntityId()
Retrieve the entity id of this SP.
Definition: SP.php:81
sspmod_saml_Auth_Source_SP\reauthenticate
reauthenticate(array &$state)
Re-authenticate an user.
Definition: SP.php:444
sspmod_saml_Auth_Source_SP\$metadata
$metadata
Definition: SP.php:17
sspmod_saml_Auth_Source_SP\$entityId
$entityId
Definition: SP.php:10
sspmod_saml_Auth_Source_SP\startSSO
startSSO($idp, array $state)
Send a SSO request to an IdP.
Definition: SP.php:325
sspmod_saml_Auth_Source_SP\sendSAML2AuthnRequest
sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar)
Function to actually send the authentication request.
Definition: SP.php:313
sspmod_saml_Auth_Source_SP\reauthPostLogin
static reauthPostLogin(array $state)
Complete login operation after re-authenticating the user on another IdP.
Definition: SP.php:575
sspmod_saml_Auth_Source_SP\startDisco
startDisco(array $state)
Start an IdP discovery service operation.
Definition: SP.php:350
sspmod_saml_Auth_Source_SP\getMetadataURL
getMetadataURL()
Retrieve the URL to the metadata of this SP.
Definition: SP.php:71
sspmod_saml_Auth_Source_SP\$discoURL
$discoURL
Definition: SP.php:31
sspmod_saml_Auth_Source_SP\getMetadata
getMetadata()
Retrieve the metadata of this SP.
Definition: SP.php:91
sspmod_saml_Auth_Source_SP\$idp
$idp
Definition: SP.php:24
sspmod_saml_Auth_Source_SP\onProcessingCompleted
static onProcessingCompleted(array $authProcState)
Called when we have completed the procssing chain.
Definition: SP.php:774
sspmod_saml_Auth_Source_SP\startSSO1
startSSO1(SimpleSAML_Configuration $idpMetadata, array $state)
Send a SAML1 SSO request to an IdP.
Definition: SP.php:141
sspmod_saml_Message\buildLogoutRequest
static buildLogoutRequest(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata)
Build a logout request based on information in the metadata.
Definition: Message.php:536
sspmod_saml_Message\buildAuthnRequest
static buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
Build an authentication request based on information in the metadata.
Definition: Message.php:466
sspmod_saml_Message\getEncryptionKey
static getEncryptionKey(SimpleSAML_Configuration $metadata)
Retrieve the encryption key for the given entity.
Definition: Message.php:865
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
$config
$config
Definition: bootstrap.php:15
$nameId
$nameId
Definition: saml2-acs.php:138
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
$info
$info
Definition: index.php:5
$lr
$lr
Definition: logout-iframe-post.php:29
$binding
$binding
Definition: logout-iframe-post.php:55
$dst
$dst
Definition: logout-iframe-post.php:54
$idpMetadata
$idpMetadata
Definition: logout-iframe-post.php:26
$encryptNameId
$encryptNameId
Definition: logout-iframe-post.php:39
SimpleSAML
Attribute-related utility methods.
$type
$type
Definition: proxy_ylocal.php:10
$session
$session
Definition: proxy_ylocal.php:32
$url
$url
Definition: proxy_ylocal.php:28
$idpEntityId
$idpEntityId
Definition: prp.php:12
$data
$data
Definition: bench.php:6
$mdh
$mdh
Definition: logout-iframe.php:23