- Generated on Thu Jan 16 2025 19:07:55 for ILIAS by
1.8.13 (using Doxyfile)
|
ILIAS
release_5-4 Revision v5.4.26-12-gabc799a52e6
|
Temporary autoloader to ensure compatibility with old, non-PSR-2 compliant classes. More...
Temporary autoloader to ensure compatibility with old, non-PSR-2 compliant classes.
The SSOService is part of the Shibboleth 1.3 IdP code, and it receives incoming Authentication Requests from a Shibboleth 1.3 SP, parses, and process it, and then authenticates the user and sends the user back to the SP with an Authentication Response.
The SSOService is part of the SAML 2.0 IdP code, and it receives incoming Authentication Requests from a SAML 2.0 SP, parses, and process it, and then authenticates the user and sends the user back to the SP with an Authentication Response.
This SAML 2.0 endpoint can receive incoming LogoutRequests.
The ArtifactResolutionService receives the samlart from the sp.
Handler for module requests.
Class implementing the access checker function for the statistics module.
Simple SQL authentication source.
Filter to set name in a smart way, based on available name attributes.
This file will handle the case of a user with an existing session that's not valid for a specific Service Provider, since the authenticating IdP is not in the list of IdPs allowed by the SP.
A directory over logout information.
Common code for building SAML 2 messages based on the available metadata.
Helper class for working with persistent NameIDs stored in SQL datastore.
IdP implementation for SAML 2.0 protocol.
IdP implementation for SAML 1.1 protocol.
Class for representing a SAML 2 error.
A SAML error indicating that the maximum amount of proxies traversed has been reached.
A SAML error indicating that none of the IdPs requested are supported.
A SAML error indicating that passive authentication cannot be used.
A SAML error indicating that none of the requested IdPs can be used.
A SAML error indicating that none of the requested Authentication Contexts can be used.
Base filter for generating NameID values.
Authentication processing filter to generate a transient NameID.
Authentication processing filter to create the eduPersonTargetedID attribute from the persistent NameID.
Authentication processing filter to generate a persistent NameID.
Authentication processing filter to create an attribute from a NameID.
Filter to remove attribute values which are not properly scoped.
Attribute filter to validate AuthnContextClassRef values.
Filter for setting the AuthnContextClassRef in the response.
Authentication processing filter to create a NameID from an attribute.
RADIUS authentication source.
Give a warning that the user is accessing a test system, not a production system.
Editor for OAuth Client Registry.
OAuth Store.
OAuth Provider implementation.
OAuth Consumer.
Provide a URL for the module to statically link to.
The Negotiate module.
This page shows a list of authentication sources.
Authentication source which let the user chooses among a list of other authentication sources.
LDAP authentication source configuration parser.
LDAP authentication source.
This base LDAP filter class can be extended to enable real filter classes direct access to the authsource ldap config and connects to the ldap server.
Does a reverse membership lookup on the logged in user, looking for groups it is a member of and adds them to a defined attribute, in DN format.
Filter to add attributes to the identity by executing a query against an LDAP directory.
about2expire.php
Filter which show "about to expire" warning or deny access if netid is expired.
This page serves as the point where the user's authentication process is resumed after the login page.
Request handler for redirect filter test.
This page serves as a dummy login page.
Example authentication source - username & password.
Example authentication source.
Example external authentication source.
Show a warning to an user about the SP requesting SSO a short time after doing it previously.
This page provides a way to create a redirect to a POST request.
This page shows a username/password/organization login form, and passes information from itto the sspmod_core_Auth_UserPassBase class, which is a generic class for username/password/organization authentication.
Show a 403 Forbidden page when an attribute violates a cardinality rule.
Endpoint for logging out in with an authentication source.
Endpoint for logging in with an authentication source.
Template which is shown when when an attribute violates a cardinality rule.
SQLPermanentStorage.
Statistics logger that writes to the default logging handler.
Statistics logger that writes to a set of log files.
Helper class for username/password/organization authentication.
Helper class for username/password authentication.
Authentication source which verifies the password against the 'auth.adminpassword' configuration option.
Give a warning to the user if we receive multiple requests in a short time.
Filter to generate the eduPersonTargetedID attribute.
Log a line in the STAT log with one attribute.
Add a scoped variant of an attribute.
Attribute filter for running arbitrary PHP code.
Filter to set and get language settings from attributes.
Filter to generate a groups attribute based on many of the attributes of the user.
Filter to ensure correct cardinality of single-valued attributes.
Filter to ensure correct cardinality of attributes.
Filter to create target attribute based on value(s) in source attribute.
Filter that will take the user ID on the format 'andreas@uninett.no' and create a new attribute 'realm' that includes the value after the '@' sign.
A filter for limiting which attributes are passed on.
Attribute filter for renaming attributes.
Filter to modify attributes using regular expressions.
Filter to add attributes.
Generic library for access control lists.
Config file for consentAdmin.
This is the page the user lands on when choosing "no" in the consent form.
This is the handler for logout completed from the consent page.
This is the handler for logout started from the consent page.
Consent script.
Template form for giving consent.
Base class for consent storage handlers.
Class defining the logout completed handler for the consent page.
Store consent in database.
Cookie storage for consent.
Consent Authentication Processing filter.
CDC server class.
CDC client class.
Filter for setting the SAML 2 common domain cookie.
Authenticate using CAS.
This page shows a username/password login form, and passes information from it to the sspmod_core_Auth_UserPassBase class, which is a generic class for username/password authentication.
YubiKey authentication module, see http://www.yubico.com/developers/intro/
This script warns a user that his/her certificate is about to expire.
Template form for X509 warnings.
This class implements x509 certificate authentication with certificate validation against an LDAP directory.
Filter which shows a warning if the user's client certificate is about to expire.
Authenticate using LiveID.
Authenticate using Twitter.
Show a 403 Forbidden page about not authorized to access an application.
Template which is shown when there is only a short interval since the user was last authenticated.
Filter to authorize only certain users.
Authenticate using LinkedIn.
Authenticate using Facebook Platform.
Authentication source for Apache 'htpasswd' files.
Authentication source for username & hashed password.
ADFS PRP IDP protocol support for SimpleSAMLphp.
Class representing fed TokenTypesOffered.
Class representing SecurityTokenServiceType RoleDescriptor.
Class representing fed Endpoint.
Class representing fed Constants.
This class implements helper functions for XML validation.
A helper class for signing XML.
A Shibboleth 1.3 authentication response.
The Shibboleth 1.3 Authentication Request.
This file will help doing XPath queries in SAML 2 XML documents.
This class defines an interface for accessing errors from the XML library.
Interface that allows modules to run several hooks for templates.
A minimalistic XHTML PHP based template system implemented for SimpleSAMLphp.
This class implements a generic IdP discovery service, for use in various IdP discovery service pages.
A minimalistic Emailer class.
Utility class for XML and DOM manipulation.
Time-related utility methods.
System-related utility methods.
Utility class for random data generation and manipulation.
Net-related utility methods.
HTTP-related utility methods.
A class for cryptography-related functions.
Utility class for SimpleSAMLphp configuration management and manipulation.
Class with utilities to fetch different configuration objects from metadata configuration arrays.
Auth-related utility methods.
Array-related utility methods.
Misc static functions that is used several places.in example parsing and id generation.
Base class for data stores.
A data store using a RDBMS to keep the data.
A data store using Redis to keep the data.
A memcache based data store.
Statistics handler class.
Interface for statistics outputs.
Session storage in the data store.
This file is part of SimpleSAMLphp.
The Session class holds information about a user session, and everything attached to it.
Helper class for accessing information about modules.
This class implements SAML Metadata Query Protocol.
This class implements a helper function for signing of metadata.
Class for generating SAML 2.0 metadata from SimpleSAMLphp metadata arrays.
This abstract class defines an interface for metadata storage sources.
This class implements a metadata source which loads metadata from XML files.
Class for handling metadata files in serialized format.
Class for handling metadata files stored in a database.
This file defines a flat file metadata source.
This file defines a class for metadata handling.
This file implements functions to read and write to a group of memcache servers.
The main logger class for SimpleSAMLphp.
A logger that sends messages to syslog.
A logging handler that outputs all messages to standard error.
The interface that must be implemented by any log handler.
A logging handler that dumps logs to files.
A class for logging to the default php error log.
The translation-relevant bits from our original minimalistic XHTML PHP based template system.
Glue to connect one or more translation/locale systems to the rest.
Choosing the language to localize to for our minimalistic XHTML PHP based template system.
IdP class.
Class that handles traditional logout.
Interface that all logout handlers must implement.
Class that handles iframe logout.
Exception indicating user aborting the authentication process.
Class for saving normal exceptions for serialization.
Exception which will show a 404 Not Found error page.
Exception which will show a page telling the user that we don't know what to do.
Error for missing metadata.
Base class for SimpleSAMLphp Exceptions.
Class that maps SimpleSAMLphp error codes to translateable strings.
Class that wraps SimpleSAMLphp errors in exceptions.
This exception represents a configuration error that we cannot recover from.
This exception represents a configuration error.
Exception to indicate that we cannot set a cookie.
Exception which will show a 400 Bad Request error page.
Class for creating exceptions from assertion failures.
This file implements functions to read and write to a group of database servers.
Configuration of SimpleSAMLphp.
Implementation of the Shibboleth 1.3 HTTP-POST binding.
Implementation of the Shibboleth 1.3 Artifact binding.
This is a helper class for the Auth MemCookie module.
This is a helper class for saving and loading state information.
This class defines a base class for authentication source.
Helper class for simple authentication applications.
Base class for authentication processing filters.
Class for implementing authentication processing chains for IdPs.
The LDAP class holds helper functions to access an LDAP database.
Implements the default behaviour for authentication.
This file registers an autoloader for SimpleSAMLphp modules.
This file is a backwards compatible autoloader for SimpleSAMLphp.
Class which represents the Scope element found in Shibboleth metadata.
Class for handling SAML2 extensions.
Class representing SAML 2 SubjectConfirmationData element.
Class representing SAML 2 SubjectConfirmation element.
Class representing the saml:NameID element.
Serializable class representing an AttributeValue.
Class representing SAML 2 Attribute.
Class for handling the Logo metadata extensions for login and discovery user interface.
Class for handling the Keywords metadata extensions for login and discovery user interface.
Class for handling the metadata extensions for login and discovery user interface.
Class for handling the mdrpi:RegistrationInfo element.
Class for handling the mdrpi:PublicationInfo element.
Common definitions for the mdrpi metadata extension.
Class for handling the EntityAttributes metadata extension.
Class representing unknown RoleDescriptors.
Class representing SAML 2 SSODescriptorType.
Class representing SAML 2 SPSSODescriptor.
Class representing SAML 2 RoleDescriptor element.
Class representing SAML 2 metadata RequestedAttribute.
Class representing SAML 2 metadata PDPDescriptor.
Class representing SAML 2 Organization element.
Class representing a KeyDescriptor element.
Class representing SAML 2 IndexedEndpointType.
Class representing SAML 2 IDPSSODescriptor.
Class for handling SAML2 metadata extensions.
Class representing SAML 2 EntityDescriptor element.
Class representing SAML 2 EntitiesDescriptor element.
Class representing SAML 2 EndpointType.
Class representing SAML 2 ContactPerson.
Class representing SAML 2 metadata AuthnAuthorityDescriptor.
Class representing SAML 2 Metadata AttributeConsumingService element.
Class representing SAML 2 metadata AttributeAuthorityDescriptor.
Class representing SAML 2 AffiliationDescriptor element.
Class representing SAML 2 metadata AdditionalMetadataLocation element.
Class representing a ds:X509Data element.
Class representing a ds:X509Certificate element.
Class representing a ds:KeyName element.
Class representing a ds:KeyInfo element.
Serializable class used to hold an XML element.
Helper functions for the SAML2 library.
Base class for SAML 2 subject query messages.
Base class for all SAML 2 response messages.
Implementation of the SAML 2.0 SOAP binding.
Class which implements the SOAP binding.
Helper class for processing signed elements.
Interface to a SAML 2 element which may be signed.
Class for SAML 2 Response messages.
Base class for all SAML 2 request messages.
Class for SAML 2 LogoutResponse messages.
Class for SAML 2 logout request messages.
Class which implements the HTTP-Redirect binding.
Class which implements the HTTP-POST binding.
Class which implements the HTTP-Artifact binding.
Class handling encrypted assertions.
Various SAML 2 constants.
Base class for SAML 2 bindings.
Class for SAML 2 authentication request messages.
Class for SAML 2 attribute query messages.
Class representing a SAML 2 assertion.
The , is the response to the .
The Artifact is part of the SAML 2.0 IdP code, and it builds an artifact object.
I am using strings, because I find them easier to work with. I want to use this, to be consistent with the other saml2_requests
An attribute query asks for a set of attributes. The following rules apply:
(PHPMD.CouplingBetweenObjects)
Implements samlp:RequestAbstractType. All of the elements in that type is stored in the class, and this class is therefore empty. It is included mainly to make it easy to separate requests from responses.
Can either be inherited from, or can be used by proxy.
Implements samlp:StatusResponseType. All of the elements in that type is stored in the class, and this class is therefore more or less empty. It is included mainly to make it easy to separate requests from responses.
The status code is represented as an array on the following form: array( 'Code' => '<top-level status code>', 'SubCode' => '<second-level status code>', 'Message' => '<status message>="">', )
Only the 'Code' field is required. The others will be set to null if they aren't present.
This base class can be used for various requests which ask for information about a particular subject.
Note that this class currently only handles the simple case - where the subject doesn't contain any sort of subject confirmation requirements.
http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr-cs-01.pdf
http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/saml-metadata-rpi-v1.0.pdf
Loads the Composer autoloader. Olav Morken, UNINETT AS. Boy Baukema, SURFnet Jaime Perez jaime.perez@uninett.no, UNINETT This class contains an implementation for default behaviour when authenticating. It will save the session information it got from the authentication client in the users session. Olav Morken, UNINETT AS. deprecated 74. Andreas Aakre Solberg, UNINETT AS. andreas.solberg@uninett.no Anders Lund, UNINETT AS. anders.lund@uninett.no This class implements a system for additional steps which should be taken by an IdP before submitting a response to a SP. Examples of additional steps can be additional authentication checks, or attribute consent requirements. Olav Morken, UNINETT AS. All authentication processing filters must support serialization. The current request is stored in an associative array. It has the following defined attributes:'Attributes' The attributes of the user.'Destination' Metadata of the destination (SP).'Source' Metadata of the source (IdP). It may also contain other attributes. If an authentication processing filter wishes to store other information in it, it should have a name on the form 'module:filter:attributename', to avoid name collisions. Olav Morken, UNINETT AS. An authentication source is any system which somehow authenticate the user. Olav Morken, UNINETT AS. The state must be an associative array. This class will add additional keys to this array. These keys will always start with 'SimpleSAML_Auth_State.'. It is also possible to add a restart URL to the state. If state information is lost, for example because it timed out, or the user loaded a bookmarked page, the loadState function will redirect to this URL. To use this, set $state[SimpleSAML_Auth_State::RESTART] to this URL. Both the saveState and the loadState function takes in a $stage parameter. This parameter is a security feature, and is used to prevent the user from taking a state saved one place and using it as input a different place. The $stage parameter must be a unique string. To maintain uniqueness, it must be on the form "<classname>.<identifier>" or "<module>:<identifier>". There is also support for passing exceptions through the state. By defining an exception handler when creating the state array, users of the state array can call throwException with the state and the exception. This exception will be passed to the handler defined by the EXCEPTION_HANDLER_URL or EXCEPTION_HANDLER_FUNC elements of the state array. Olav Morken, UNINETT AS. It handles the configuration, and implements the logout handler. Olav Morken, UNINETT AS. deprecated 86. Andreas Åkre Solberg, UNINETT AS. andreas.solberg@uninett.no Andreas Aakre Solberg, UNINETT AS. andreas.solberg@uninett.no This database class supports a single database, or a master/slave configuration with as many defined slaves as a user would like. The goal of this class is to provide a single mechanism to connect to a database that can be reused by any component within SimpleSAMLphp including modules. When using this class, the global configuration should be passed here, but in the case of a module that has a good reason to use a different database, such as sqlauth, an alternative config file can be provided. Tyler Antonio, University of Alberta. tantonio@ualberta.ca Olav Morken, UNINETT AS. This exception can be thrown from within an module page handler. The user will then be shown a 400 Bad Request error page. Olav Morken, UNINETT AS. Jaime Perez Crespo, UNINETT AS jaime.perez@uninett.no Throwing a critical configuration error indicates that the configuration available is not usable, and as such SimpleSAMLphp should not try to use it. However, in certain situations we might find a specific configuration error that makes part of the configuration unusable, while the rest we can still use. In those cases, we can just pass a configuration array to the constructor, making sure the offending configuration options are removed, reset to defaults or guessed to some usable value. If, for example, we have an error in the 'baseurlpath' configuration option, we can still load the configuration and substitute the value of that option with one guessed from the environment, using ::guessPath(). Doing so, the error is still critical, but at least we can recover up to a certain point and inform about the error in an ordered manner, without blank pages, logs out of place or even segfaults. Jaime Perez Crespo, UNINETT AS jaime.perez@uninett.no Hanne Moa, UNINETT AS. hanne.moa@uninett.no This class tries to make sure that every exception is serializable. Thomas Graff thomas.graff@uninett.no This exception can be thrown from within a module page handler. The user will then be shown a 404 Not Found error page. Olav Morken, UNINETT AS. This class is used by the SimpleSAML_Auth_State class when it needs to serialize an exception which doesn't subclass the SimpleSAML_Error_Exception class. It creates a new exception which contains the backtrace and message of the original exception. This class implements the various functions used by IdP. Andreas Åkre Solberg, UNINETT AS. andreas.solberg@uninett.no Hanne Moa, UNINETT AS. hanne.moa@uninett.no Lasse Birnbaum Jensen, SDU. Andreas Åkre Solberg, UNINETT AS. andreas.solberg@uninett.no Olav Morken, UNINETT AS. Lasse Birnbaum Jensen, SDU. Andreas Åkre Solberg, UNINETT AS. andreas.solberg@uninett.no Jaime Perez Crespo, UNINETT AS. Lasse Birnbaum Jensen, SDU. Andreas Åkre Solberg, UNINETT AS. andreas.solberg@uninett.no Jaime Pérez Crespo, UNINETT AS jaime.perez@uninett.no The goals of this storage class is to provide failover, redudancy and load balancing. This is accomplished by storing the data object to several groups of memcache servers. Each data object is replicated to every group of memcache servers, but it is only stored to one server in each group. For this code to work correctly, all web servers accessing the data must have the same clock (as measured by the time()-function). Different clock values will lead to incorrect behaviour. Olav Morken, UNINETT AS. Instantiation of session handler objects should be done through the class method getMetadataHandler(). Andreas Åkre Solberg, UNINETT AS. andreas.solberg@uninett.no This class has been based off a previous version written by mooknarf@gmail.com and patched to work with the latest version of SimpleSAMLphp The XML files should be in the SAML 2.0 metadata format. Olav Morken, UNINETT AS. It also contains the overview of the different metadata storage sources. A metadata storage source can be loaded by passing the configuration of it to the getSource static function. Olav Morken, UNINETT AS. Andreas Aakre Solberg, UNINETT AS. This class builds SAML 2.0 metadata for an entity by examining the metadata for the entity. Andreas Åkre Solberg, UNINETT AS. Olav Morken, UNINETT AS. Tamas Frank, NIIFI Olav Morken olav.morken@uninett.no, UNINETT AS. Boy Baukema, SURFnet. Jaime Perez jaime.perez@uninett.no, UNINETT AS. The session will have a duration and validity, and also cache information about the different federation protocols, as Shibboleth and SAML 2.0. On the IdP side the Session class holds information about all the currently logged in SPs. This is used when the user initiates a Single-Log-Out. Bear in mind that the session object implements the Serializable interface, and as such, all its contents MUST be serializable. If you need to store something in the session object that is not serializable, make sure to convert it first to a representation that can be serialized. Andreas Åkre Solberg, UNINETT AS. andreas.solberg@uninett.no Jaime Pérez Crespo, UNINETT AS jaime.perez@uninett.no See the file COPYING in the root of the distribution for licence information. This file defines a base class for session handling. Instantiation of session handler objects should be done through the class method getSessionHandler(). Olav Morken, UNINETT AS. andreas.solberg@uninett.no See the file COPYING in the root of the distribution for licence information. This file defines a base class for session handlers that need to store the session id in a cookie. It takes care of storing and retrieving the session id. Olav Morken, UNINETT AS. andreas.solberg@uninett.no See the file COPYING in the root of the distribution for licence information. This file defines a session handler which uses the default php session handler for storage. Olav Morken, UNINETT AS. andreas.solberg@uninett.no This class is responsible for taking a statistics event and logging it. Andreas Åkre Solberg, UNINETT AS. andreas.solberg@uninett.no deprecated 93. Creates and sends HTML emails. Andreas kre Solberg, UNINETT AS. andreas.solberg@uninett.no This should reduce code duplication. Experimental support added for Extended IdP Metadata Discovery Protocol by Andreas 2008-08-28 More information: https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.pdf Jaime Pérez jaime.perez@uninett.no, UNINETT AS. Olav Morken, UNINETT AS. Andreas Åkre Solberg andreas@uninett.no, UNINETT AS. In PHP versions which doesn't support accessing error information, this class will hide that, and pretend that no errors were logged. Olav Morken, UNINETT AS. Not part of SAML 1.1, but an extension using query paramters no XML. Andreas Åkre Solberg, UNINETT AS. andreas.solberg@uninett.no This is a helper class for signing XML documents. Olav Morken, UNINETT AS. Hans Zandbelt, SURFnet bv, hans.zandbelt@surfnet.nl This class is an authentication source which stores all username/hashes in an array, and authenticates users against this array. Dyonisius Visser, TERENA. Dyonisius (Dick) Visser, TERENA. Andreas Åkre Solberg, UNINETT AS. Brook Schofield, TERENA. See docs directory. Ernesto Revilla, Yaco Sistemas SL., Ryan Panning Parameters:'target': Target URL.'params': Parameters which should be included in the request. Brook Schofield, TERENA. Guy Halse, TENET. // show about2xpire warning if client certificate is about to expire 10 => array( 'class' => 'authX509:ExpiryWarning', 'warndaysbefore' => '30', ), Joost van Dijk, SURFnet. Joost.vanDijk@surfnet.nl Emmanuel Dreyfus manu@netbsd.org Parameters:'target': Target URL for the continue-button.'data': Parameters which should be included in the request. 'yubikey' => array( 'authYubiKey:YubiKey', 'id' => 997, 'key' => 'b64hmackey', ), To generate your own client id/key you will need one YubiKey, and then go to http://yubico.com/developers/api/ Based on www/auth/login-cas.php by Mads Freek, RUC. Danny Bollaert, UGent. Filter for requesting the user to give consent before attributes are released to the SP. This class implements a consent store which stores the consent information in cookies on the users computer. Example - Consent module with cookie store: 'authproc' => array( array( 'consent:Consent', 'store' => 'consent:Cookie', ), ), Olav Morken olav.morken@uninett.no This class implements a consent store which stores the consent information in a database. It is tested, and should work against MySQL, PostgreSQL and SQLite. It has the following options:dsn: The DSN which should be used to connect to the database server. See the PHP Manual for supported drivers and DSN formats.username: The username used for database connection.password: The password used for database connection.table: The name of the table used. Optional, defaults to 'consent'. Olav Morken olav.morken@uninett.no Olav Morken olav.morken@uninett.no JAcob Christiansen jach@wayf.dk Parameters:'yesTarget': Target URL for the yes-button. This URL will receive a POST request.'noTarget': Target URL for the no-button. This URL will receive a GET request.'sppp': URL to the privacy policy of the destination, or FALSE. This script displays a page to the user, which requests that the user authorizes the release of attributes. Jacob Christiansen, jach@wayf.dk This filter allows you to add attributes to the attribute set being processed. Olav Morken, UNINETT AS. This filter can modify or replace attributes given a regular expression. Jacob Christiansen, WAYF Gyula Szabo MTA SZTAKI You just follow the 'source' => 'destination' schema. In this example user's * cn will be the user's displayName. 5 => array( 'class' => 'core:AttributeCopy', 'cn' => 'displayName', 'uid' => 'username', ), Andreas Åkre Solberg, UNINETT AS. deprecated 174. Martin van Es, m7 Guy Halse, http://orcid.org/0000-0002-9388-8592 This filter implements a special case of the core:Cardinality filter, and allows for optional corrections to be made when cardinality errors are encountered. Guy Halse, http://orcid.org/0000-0002-9388-8592 By default, this filter will generate the ID based on the UserID of the current user. This is by default generated from the attribute configured in 'userid.attribute' in the metadata. If this attribute isn't present, the userid will be generated from the eduPersonPrincipalName attribute, if it is present. It is possible to generate this attribute from another attribute by specifying this attribute in this configuration. Example - generate from user ID: 'authproc' => array( 50 => 'core:TargetedID', ) Example - generate from mail-attribute: 'authproc' => array( 50 => array('class' => 'core:TargetedID' , 'attributename' => 'mail'), ), Olav Morken, UNINETT AS. This helper class allows for implementations of username/password authentication by implementing a single function: login($username, $password) Olav Morken, UNINETT AS. This helper class allows for implementations of username/password/organization authentication by implementing two functions:login($username, $password, $organization)getOrganizations() Olav Morken, UNINETT AS. Generic SQL Store to store key value pairs. To be used in several other modules that needs to store data permanently. Andreas Åkre Solberg andreas@uninett.no, UNINETT AS. This should reduce code duplication. This module extends the basic IdP disco handler, and add features like filtering and tabs. Andreas Åkre Solberg andreas@uninett.no, UNINETT AS. This class is an example authentication source which is designed to hook into an external authentication system. To adapt this to your own web site, you should:Create your own module directory.Add a file "default-enable" to that directory.Copy this file and modules/exampleauth/www/resume.php to their corresponding location in the new module.Replace all occurrences of "exampleauth" in this file and in resume.php with the name of your module.Adapt the getUser()-function, the authenticate()-function and the logout()-function to your site.Add an entry in config/authsources.php referencing your module. E.g.: 'myauth' => array( ':External', ),
This class is an example authentication source which will always return a user with a static set of attributes.
This class is an example authentication source which stores all username/passwords in an array, and authenticates users against this array.
Note that we don't actually validate the user in this example. This page just serves to make the example work out of the box.
It simply passes control back to the class.
Based on preprodwarning module by rnd.feide.no
// show about2xpire warning or deny access if netid is expired 10 => array( 'class' => 'expirycheck:ExpiryDate', 'netid_attr' => 'eduPersonPrincipalName', 'expirydate_attr' => 'schacExpiryDate', 'warndaysbefore' => '60', 'date_format' => 'd.m.Y', # php date syntax ),
Parameters:
Original Author: Steve Moitozo II steve_moitozo@jaars.org Created: 20100513 Updated: 20100920 Steve Moitozo II
Updated: 20161223 Remy Blom
See the ldap-entry in config-templates/authsources.php for information about configuration of this authentication source.
This class is based on www/auth/login.php.
See the ldap-entry in config-templates/authsources.php for information about configuration of these options.
When the user selects one of them if pass this information to the sspmod_multiauth_Auth_Source_MultiAuth class and call the delegateAuthentication method on it.
Allows for password-less, secure login by Kerberos and Negotiate.
Updated version, works with consumer-callbacks, certificates and 1.0-RevA protocol behaviour (requestToken-callbacks and verifiers)
This class is based on www/auth/login-radius.php.
Example configuration:
91 => array( 'class' => 'saml:ExpectedAuthnContextClassRef', 'accepted' => array( 'urn:oasis:names:tc:SAML:2.0:post:ac:classes:nist-800-63:3', 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password', ), ),
This class is an example authentication source which authenticates an user against a SQL database.
This web page receives requests for web-pages hosted by modules, and directs them to the RequestHandler in the module.
And when the artifact is found, it sends a .
It will also send LogoutResponses, and LogoutRequests and also receive LogoutResponses. It is implemeting SLO at the SAML 2.0 IdP.
1.8.13 (using Doxyfile)