ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes
SimpleSAML_IdP Class Reference
+ Collaboration diagram for SimpleSAML_IdP:

Public Member Functions

 getId ()
 Retrieve the ID of this IdP. More...
 
 getConfig ()
 Retrieve the configuration for this IdP. More...
 
 getSPName ($assocId)
 Get SP name. More...
 
 addAssociation (array $association)
 Add an SP association. More...
 
 getAssociations ()
 Retrieve list of SP associations. More...
 
 terminateAssociation ($assocId)
 Remove an SP association. More...
 
 isAuthenticated ()
 Is the current user authenticated? More...
 
 handleAuthenticationRequest (array &$state)
 Process authentication requests. More...
 
 getLogoutHandler ()
 Find the logout handler of this IdP. More...
 
 finishLogout (array &$state)
 Finish the logout operation. More...
 
 handleLogoutRequest (array &$state, $assocId)
 Process a logout request. More...
 
 handleLogoutResponse ($assocId, $relayState, SimpleSAML_Error_Exception $error=null)
 Process a logout response. More...
 
 doLogoutRedirect ($url)
 Log out, then redirect to a URL. More...
 

Static Public Member Functions

static getById ($id)
 Retrieve an IdP by ID. More...
 
static getByState (array &$state)
 Retrieve the IdP "owning" the state. More...
 
static postAuthProc (array $state)
 Called after authproc has run. More...
 
static postAuth (array $state)
 The user is authenticated. More...
 
static finishLogoutRedirect (SimpleSAML_IdP $idp, array $state)
 Redirect to a URL after logout. More...
 

Private Member Functions

 __construct ($id)
 Initialize an IdP. More...
 
 authenticate (array &$state)
 Authenticate the user. More...
 
 reauthenticate (array &$state)
 Re-authenticate the user. More...
 

Private Attributes

 $id
 
 $associationGroup
 
 $config
 
 $authSource
 

Static Private Attributes

static $idpCache = array()
 

Detailed Description

Definition at line 10 of file IdP.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_IdP::__construct (   $id)
private

Initialize an IdP.

Parameters
string$idThe identifier of this IdP.
Exceptions
SimpleSAML_Error_ExceptionIf the IdP is disabled or no such auth source was found.

Definition at line 57 of file IdP.php.

58 {
59 assert(is_string($id));
60
61 $this->id = $id;
62
63 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
64 $globalConfig = SimpleSAML_Configuration::getInstance();
65
66 if (substr($id, 0, 6) === 'saml2:') {
67 if (!$globalConfig->getBoolean('enable.saml20-idp', false)) {
68 throw new SimpleSAML_Error_Exception('enable.saml20-idp disabled in config.php.');
69 }
70 $this->config = $metadata->getMetaDataConfig(substr($id, 6), 'saml20-idp-hosted');
71 } elseif (substr($id, 0, 6) === 'saml1:') {
72 if (!$globalConfig->getBoolean('enable.shib13-idp', false)) {
73 throw new SimpleSAML_Error_Exception('enable.shib13-idp disabled in config.php.');
74 }
75 $this->config = $metadata->getMetaDataConfig(substr($id, 6), 'shib13-idp-hosted');
76 } elseif (substr($id, 0, 5) === 'adfs:') {
77 if (!$globalConfig->getBoolean('enable.adfs-idp', false)) {
78 throw new SimpleSAML_Error_Exception('enable.adfs-idp disabled in config.php.');
79 }
80 $this->config = $metadata->getMetaDataConfig(substr($id, 5), 'adfs-idp-hosted');
81
82 try {
83 // this makes the ADFS IdP use the same SP associations as the SAML 2.0 IdP
84 $saml2EntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
85 $this->associationGroup = 'saml2:'.$saml2EntityId;
86 } catch (Exception $e) {
87 // probably no SAML 2 IdP configured for this host. Ignore the error
88 }
89 } else {
90 assert(false);
91 }
92
93 if ($this->associationGroup === null) {
94 $this->associationGroup = $this->id;
95 }
96
97 $auth = $this->config->getString('auth');
98 if (SimpleSAML_Auth_Source::getById($auth) !== null) {
99 $this->authSource = new \SimpleSAML\Auth\Simple($auth);
100 } else {
101 throw new SimpleSAML_Error_Exception('No such "'.$auth.'" auth source found.');
102 }
103 }
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:340
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325
SimpleSAML_Error_Exception
Definition: Exception.php:13
SimpleSAML_IdP\$id
$id
Definition: IdP.php:24
SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40
$auth
$auth
Definition: fileserver.php:48
$globalConfig
$globalConfig
Definition: authorize_403.php:13

References $auth, $globalConfig, $id, $metadata, SimpleSAML_Auth_Source\getById(), SimpleSAML_Configuration\getInstance(), and SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler().

+ Here is the call graph for this function:

Member Function Documentation

◆ addAssociation()

SimpleSAML_IdP::addAssociation ( array  $association)

Add an SP association.

Parameters
array$associationThe SP association.

Definition at line 212 of file IdP.php.

213 {
214 assert(isset($association['id']));
215 assert(isset($association['Handler']));
216
217 $association['core:IdP'] = $this->id;
218
219 $session = SimpleSAML_Session::getSessionFromRequest();
220 $session->addAssociation($this->associationGroup, $association);
221 }
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:241
$association
if(!isset($associations[$assocId])) $association
Definition: logout-iframe-post.php:23
$session
$session
Definition: proxy_ylocal.php:32

References $association, $id, $session, and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ authenticate()

SimpleSAML_IdP::authenticate ( array &  $state)
private

Authenticate the user.

This function authenticates the user.

Parameters
array&$stateThe authentication request state.
Exceptions

SimpleSAML\Module\saml\Error\NoPassive If we were asked to do passive authentication.

Definition at line 339 of file IdP.php.

340 {
341 if (isset($state['isPassive']) && (bool) $state['isPassive']) {
342 throw new \SimpleSAML\Module\saml\Error\NoPassive('Passive authentication not supported.');
343 }
344
345 $this->authSource->login($state);
346 }
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10

References $state.

Referenced by handleAuthenticationRequest().

+ Here is the caller graph for this function:

◆ doLogoutRedirect()

SimpleSAML_IdP::doLogoutRedirect (   $url)

Log out, then redirect to a URL.

This function never returns.

Parameters
string$urlThe URL the user should be returned to after logout.

Definition at line 529 of file IdP.php.

530 {
531 assert(is_string($url));
532
533 $state = array(
534 'Responder' => array('SimpleSAML_IdP', 'finishLogoutRedirect'),
535 'core:Logout:URL' => $url,
536 );
537
538 $this->handleLogoutRequest($state, null);
539 assert(false);
540 }
SimpleSAML_IdP\handleLogoutRequest
handleLogoutRequest(array &$state, $assocId)
Process a logout request.
Definition: IdP.php:472
$url
$url
Definition: proxy_ylocal.php:28

References $state, $url, and handleLogoutRequest().

+ Here is the call graph for this function:

◆ finishLogout()

SimpleSAML_IdP::finishLogout ( array &  $state)

Finish the logout operation.

This function will never return.

Parameters
array&$stateThe logout request state.

Definition at line 453 of file IdP.php.

454 {
455 assert(isset($state['Responder']));
456
457 $idp = SimpleSAML_IdP::getByState($state);
458 call_user_func($state['Responder'], $idp, $state);
459 assert(false);
460 }
SimpleSAML_IdP\getByState
static getByState(array &$state)
Retrieve the IdP "owning" the state.
Definition: IdP.php:145
$idp
$idp
Definition: prp.php:13

References $idp, $state, and getByState().

+ Here is the call graph for this function:

◆ finishLogoutRedirect()

static SimpleSAML_IdP::finishLogoutRedirect ( SimpleSAML_IdP  $idp,
array  $state 
)
static

Redirect to a URL after logout.

This function never returns.

Parameters
SimpleSAML_IdP$idpDeprecated. Will be removed.
array&$stateThe logout state from doLogoutRedirect().

Definition at line 551 of file IdP.php.

552 {
553 assert(isset($state['core:Logout:URL']));
554
555 \SimpleSAML\Utils\HTTP::redirectTrustedURL($state['core:Logout:URL']);
556 assert(false);
557 }
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959

References $state, and SimpleSAML\Utils\HTTP\redirectTrustedURL().

+ Here is the call graph for this function:

◆ getAssociations()

SimpleSAML_IdP::getAssociations ( )

Retrieve list of SP associations.

Returns
array List of SP associations.

Definition at line 229 of file IdP.php.

230 {
231 $session = SimpleSAML_Session::getSessionFromRequest();
232 return $session->getAssociations($this->associationGroup);
233 }

References $session, and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ getById()

static SimpleSAML_IdP::getById (   $id)
static

Retrieve an IdP by ID.

Parameters
string$idThe identifier of the IdP.
Returns
SimpleSAML_IdP The IdP.

Definition at line 124 of file IdP.php.

125 {
126 assert(is_string($id));
127
128 if (isset(self::$idpCache[$id])) {
129 return self::$idpCache[$id];
130 }
131
132 $idp = new self($id);
133 self::$idpCache[$id] = $idp;
134 return $idp;
135 }

References $id, and $idp.

Referenced by getByState().

+ Here is the caller graph for this function:

◆ getByState()

static SimpleSAML_IdP::getByState ( array &  $state)
static

Retrieve the IdP "owning" the state.

Parameters
array&$stateThe state array.
Returns
SimpleSAML_IdP The IdP.

Definition at line 145 of file IdP.php.

146 {
147 assert(isset($state['core:IdP']));
148
149 return self::getById($state['core:IdP']);
150 }
SimpleSAML_IdP\getById
static getById($id)
Retrieve an IdP by ID.
Definition: IdP.php:124

References $state, and getById().

Referenced by finishLogout(), sspmod_saml_IdP_SAML2\handleAuthError(), SimpleSAML\IdP\TraditionalLogoutHandler\logoutNextSP(), postAuth(), sspmod_saml_Auth_Source_SP\reauthLogout(), sspmod_adfs_IdP_ADFS\sendResponse(), sspmod_saml_IdP_SAML1\sendResponse(), sspmod_saml_IdP_SAML2\sendResponse(), and SimpleSAML\IdP\IFrameLogoutHandler\startLogout().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getConfig()

SimpleSAML_IdP::getConfig ( )

Retrieve the configuration for this IdP.

Returns
SimpleSAML_Configuration The configuration object.

Definition at line 158 of file IdP.php.

159 {
160 return $this->config;
161 }
SimpleSAML_IdP\$config
$config
Definition: IdP.php:41

References $config.

Referenced by getLogoutHandler(), and handleAuthenticationRequest().

+ Here is the caller graph for this function:

◆ getId()

SimpleSAML_IdP::getId ( )

Retrieve the ID of this IdP.

Returns
string The ID of this IdP.

Definition at line 111 of file IdP.php.

112 {
113 return $this->id;
114 }

References $id.

◆ getLogoutHandler()

SimpleSAML_IdP::getLogoutHandler ( )

Find the logout handler of this IdP.

Returns
\SimpleSAML\IdP\LogoutHandlerInterface The logout handler class.
Exceptions
SimpleSAML_Error_ExceptionIf we cannot find a logout handler.

Definition at line 427 of file IdP.php.

428 {
429 // find the logout handler
430 $logouttype = $this->getConfig()->getString('logouttype', 'traditional');
431 switch ($logouttype) {
432 case 'traditional':
433 $handler = 'SimpleSAML\IdP\TraditionalLogoutHandler';
434 break;
435 case 'iframe':
436 $handler = 'SimpleSAML\IdP\IFrameLogoutHandler';
437 break;
438 default:
439 throw new SimpleSAML_Error_Exception('Unknown logout handler: '.var_export($logouttype, true));
440 }
441
442 return new $handler($this);
443 }
SimpleSAML_IdP\getConfig
getConfig()
Retrieve the configuration for this IdP.
Definition: IdP.php:158
$handler
$handler
Definition: resumelogout.php:11

References $handler, and getConfig().

Referenced by handleLogoutRequest(), and handleLogoutResponse().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSPName()

SimpleSAML_IdP::getSPName (   $assocId)

Get SP name.

Parameters
string$assocIdThe association identifier.
Returns
array|null The name of the SP, as an associative array of language => text, or null if this isn't an SP.

Definition at line 171 of file IdP.php.

172 {
173 assert(is_string($assocId));
174
175 $prefix = substr($assocId, 0, 4);
176 $spEntityId = substr($assocId, strlen($prefix) + 1);
177 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
178
179 if ($prefix === 'saml') {
180 try {
181 $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
182 } catch (Exception $e) {
183 try {
184 $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
185 } catch (Exception $e) {
186 return null;
187 }
188 }
189 } else {
190 if ($prefix === 'adfs') {
191 $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'adfs-sp-remote');
192 } else {
193 return null;
194 }
195 }
196
197 if ($spMetadata->hasValue('name')) {
198 return $spMetadata->getLocalizedString('name');
199 } elseif ($spMetadata->hasValue('OrganizationDisplayName')) {
200 return $spMetadata->getLocalizedString('OrganizationDisplayName');
201 } else {
202 return array('en' => $spEntityId);
203 }
204 }
$spEntityId
$spEntityId
Definition: attributeserver.php:14
$assocId
if(!isset($_REQUEST['association'])) $assocId
Definition: logout-iframe-post.php:12
$spMetadata
$spMetadata
Definition: logout-iframe-post.php:27

References $assocId, $metadata, $spEntityId, $spMetadata, and SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler().

+ Here is the call graph for this function:

◆ handleAuthenticationRequest()

SimpleSAML_IdP::handleAuthenticationRequest ( array &  $state)

Process authentication requests.

Parameters
array&$stateThe authentication request state.

Definition at line 377 of file IdP.php.

378 {
379 assert(isset($state['Responder']));
380
381 $state['core:IdP'] = $this->id;
382
383 if (isset($state['SPMetadata']['entityid'])) {
384 $spEntityId = $state['SPMetadata']['entityid'];
385 } elseif (isset($state['SPMetadata']['entityID'])) {
386 $spEntityId = $state['SPMetadata']['entityID'];
387 } else {
388 $spEntityId = null;
389 }
390 $state['core:SP'] = $spEntityId;
391
392 // first, check whether we need to authenticate the user
393 if (isset($state['ForceAuthn']) && (bool) $state['ForceAuthn']) {
394 // force authentication is in effect
395 $needAuth = true;
396 } else {
397 $needAuth = !$this->isAuthenticated();
398 }
399
400 $state['IdPMetadata'] = $this->getConfig()->toArray();
401 $state['ReturnCallback'] = array('SimpleSAML_IdP', 'postAuth');
402
403 try {
404 if ($needAuth) {
405 $this->authenticate($state);
406 assert(false);
407 } else {
408 $this->reauthenticate($state);
409 }
410 $this->postAuth($state);
411 } catch (SimpleSAML_Error_Exception $e) {
412 SimpleSAML_Auth_State::throwException($state, $e);
413 } catch (Exception $e) {
414 $e = new SimpleSAML_Error_UnserializableException($e);
415 SimpleSAML_Auth_State::throwException($state, $e);
416 }
417 }
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:16
SimpleSAML_IdP\authenticate
authenticate(array &$state)
Authenticate the user.
Definition: IdP.php:339
SimpleSAML_IdP\isAuthenticated
isAuthenticated()
Is the current user authenticated?
Definition: IdP.php:255
SimpleSAML_IdP\postAuth
static postAuth(array $state)
The user is authenticated.
Definition: IdP.php:292
SimpleSAML_IdP\reauthenticate
reauthenticate(array &$state)
Re-authenticate the user.
Definition: IdP.php:361

References $id, $spEntityId, $state, authenticate(), getConfig(), isAuthenticated(), postAuth(), reauthenticate(), and SimpleSAML_Auth_State\throwException().

+ Here is the call graph for this function:

◆ handleLogoutRequest()

SimpleSAML_IdP::handleLogoutRequest ( array &  $state,
  $assocId 
)

Process a logout request.

This function will never return.

Parameters
array&$stateThe logout request state.
string | null$assocIdThe association we received the logout request from, or null if there was no association.

Definition at line 472 of file IdP.php.

473 {
474 assert(isset($state['Responder']));
475 assert(is_string($assocId) || $assocId === null);
476
477 $state['core:IdP'] = $this->id;
478 $state['core:TerminatedAssocId'] = $assocId;
479
480 if ($assocId !== null) {
481 $this->terminateAssociation($assocId);
482 $session = SimpleSAML_Session::getSessionFromRequest();
483 $session->deleteData('core:idp-ssotime', $this->id.':'.$state['saml:SPEntityId']);
484 }
485
486 // terminate the local session
487 $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout:afterbridge');
488 $returnTo = SimpleSAML\Module::getModuleURL('core/idp/resumelogout.php', array('id' => $id));
489
490 $this->authSource->logout($returnTo);
491
492 $handler = $this->getLogoutHandler();
493 $handler->startLogout($state, $assocId);
494 assert(false);
495 }
$returnTo
if(!isset($_REQUEST['ReturnTo'])) $returnTo
Definition: authpage.php:16
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
SimpleSAML_IdP\terminateAssociation
terminateAssociation($assocId)
Remove an SP association.
Definition: IdP.php:241
SimpleSAML_IdP\getLogoutHandler
getLogoutHandler()
Find the logout handler of this IdP.
Definition: IdP.php:427

References $assocId, $handler, $id, $returnTo, $session, $state, getLogoutHandler(), SimpleSAML\Module\getModuleURL(), SimpleSAML_Session\getSessionFromRequest(), SimpleSAML_Auth_State\saveState(), and terminateAssociation().

Referenced by doLogoutRedirect().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleLogoutResponse()

SimpleSAML_IdP::handleLogoutResponse (   $assocId,
  $relayState,
SimpleSAML_Error_Exception  $error = null 
)

Process a logout response.

This function will never return.

Parameters
string$assocIdThe association that is terminated.
string | null$relayStateThe RelayState from the start of the logout.
SimpleSAML_Error_Exception | null$errorThe error that occurred during session termination (if any).

Definition at line 507 of file IdP.php.

508 {
509 assert(is_string($assocId));
510 assert(is_string($relayState) || $relayState === null);
511
512 $session = SimpleSAML_Session::getSessionFromRequest();
513 $session->deleteData('core:idp-ssotime', $this->id.';'.substr($assocId, strpos($assocId, ':') + 1));
514
515 $handler = $this->getLogoutHandler();
516 $handler->onResponse($assocId, $relayState, $error);
517
518 assert(false);
519 }
$relayState
$relayState
Definition: logout-iframe-post.php:14

References $assocId, $handler, $relayState, $session, getLogoutHandler(), and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ isAuthenticated()

SimpleSAML_IdP::isAuthenticated ( )

Is the current user authenticated?

Returns
boolean True if the user is authenticated, false otherwise.

Definition at line 255 of file IdP.php.

256 {
257 return $this->authSource->isAuthenticated();
258 }

Referenced by handleAuthenticationRequest().

+ Here is the caller graph for this function:

◆ postAuth()

static SimpleSAML_IdP::postAuth ( array  $state)
static

The user is authenticated.

Parameters
array$stateThe authentication request state array.
Exceptions
SimpleSAML_Error_ExceptionIf we are not authenticated.

Definition at line 292 of file IdP.php.

293 {
294 $idp = SimpleSAML_IdP::getByState($state);
295
296 if (!$idp->isAuthenticated()) {
297 throw new SimpleSAML_Error_Exception('Not authenticated.');
298 }
299
300 $state['Attributes'] = $idp->authSource->getAttributes();
301
302 if (isset($state['SPMetadata'])) {
303 $spMetadata = $state['SPMetadata'];
304 } else {
305 $spMetadata = array();
306 }
307
308 if (isset($state['core:SP'])) {
309 $session = SimpleSAML_Session::getSessionFromRequest();
310 $previousSSOTime = $session->getData('core:idp-ssotime', $state['core:IdP'].';'.$state['core:SP']);
311 if ($previousSSOTime !== null) {
312 $state['PreviousSSOTimestamp'] = $previousSSOTime;
313 }
314 }
315
316 $idpMetadata = $idp->getConfig()->toArray();
317
318 $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadata, $spMetadata, 'idp');
319
320 $state['ReturnCall'] = array('SimpleSAML_IdP', 'postAuthProc');
321 $state['Destination'] = $spMetadata;
322 $state['Source'] = $idpMetadata;
323
324 $pc->processState($state);
325
326 self::postAuthProc($state);
327 }
SimpleSAML_Auth_ProcessingChain
Definition: ProcessingChain.php:14
SimpleSAML_IdP\postAuthProc
static postAuthProc(array $state)
Called after authproc has run.
Definition: IdP.php:266
$idpMetadata
$idpMetadata
Definition: logout-iframe-post.php:26

References $idp, $idpMetadata, $session, $spMetadata, $state, getByState(), SimpleSAML_Session\getSessionFromRequest(), and postAuthProc().

Referenced by handleAuthenticationRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ postAuthProc()

static SimpleSAML_IdP::postAuthProc ( array  $state)
static

Called after authproc has run.

Parameters
array$stateThe authentication request state array.

Definition at line 266 of file IdP.php.

267 {
268 assert(is_callable($state['Responder']));
269
270 if (isset($state['core:SP'])) {
271 $session = SimpleSAML_Session::getSessionFromRequest();
272 $session->setData(
273 'core:idp-ssotime',
274 $state['core:IdP'].';'.$state['core:SP'],
275 time(),
276 SimpleSAML_Session::DATA_TIMEOUT_SESSION_END
277 );
278 }
279
280 call_user_func($state['Responder'], $state);
281 assert(false);
282 }
SimpleSAML_Session\DATA_TIMEOUT_SESSION_END
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
Definition: Session.php:26

References $session, $state, SimpleSAML_Session\DATA_TIMEOUT_SESSION_END, and SimpleSAML_Session\getSessionFromRequest().

Referenced by postAuth().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ reauthenticate()

SimpleSAML_IdP::reauthenticate ( array &  $state)
private

Re-authenticate the user.

This function re-authenticates an user with an existing session. This gives the authentication source a chance to do additional work when re-authenticating for SSO.

Note: This function is not used when ForceAuthn=true.

Parameters
array&$stateThe authentication request state.
Exceptions
SimpleSAML_Error_ExceptionIf there is no auth source defined for this IdP.

Definition at line 361 of file IdP.php.

362 {
363 $sourceImpl = $this->authSource->getAuthSource();
364 if ($sourceImpl === null) {
365 throw new SimpleSAML_Error_Exception('No such auth source defined.');
366 }
367
368 $sourceImpl->reauthenticate($state);
369 }

References $state.

Referenced by handleAuthenticationRequest().

+ Here is the caller graph for this function:

◆ terminateAssociation()

SimpleSAML_IdP::terminateAssociation (   $assocId)

Remove an SP association.

Parameters
string$assocIdThe association id.

Definition at line 241 of file IdP.php.

242 {
243 assert(is_string($assocId));
244
245 $session = SimpleSAML_Session::getSessionFromRequest();
246 $session->terminateAssociation($this->associationGroup, $assocId);
247 }

References $assocId, $session, and SimpleSAML_Session\getSessionFromRequest().

Referenced by handleLogoutRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $associationGroup

SimpleSAML_IdP::$associationGroup
private

Definition at line 34 of file IdP.php.

◆ $authSource

SimpleSAML_IdP::$authSource
private

Definition at line 48 of file IdP.php.

◆ $config

SimpleSAML_IdP::$config
private

Definition at line 41 of file IdP.php.

Referenced by getConfig().

◆ $id

SimpleSAML_IdP::$id
private

Definition at line 24 of file IdP.php.

Referenced by __construct(), addAssociation(), getById(), getId(), handleAuthenticationRequest(), and handleLogoutRequest().

◆ $idpCache

SimpleSAML_IdP::$idpCache = array()
staticprivate

Definition at line 17 of file IdP.php.

The documentation for this class was generated from the following file: