sspmod_exampleauth_Auth_Source_External Class Reference
Inheritance diagram for sspmod_exampleauth_Auth_Source_External:
Collaboration diagram for sspmod_exampleauth_Auth_Source_External:
Public Member Functions | |
| __construct ($info, $config) | |
| Constructor for this authentication source. More... | |
| authenticate (&$state) | |
| Log in using an external authentication helper. More... | |
| logout (&$state) | |
| This function is called when the user start a logout operation, for example by logging out of a SP that supports single logout. More... | |
| Public Member Functions inherited from SimpleSAML_Auth_Source | |
| __construct ($info, &$config) | |
| Constructor for an authentication source. More... | |
| getAuthId () | |
| Retrieve the ID of this authentication source. More... | |
| authenticate (&$state) | |
| Process a request. More... | |
| reauthenticate (array &$state) | |
| Reauthenticate an user. More... | |
| initLogin ($return, $errorURL=null, array $params=array()) | |
| Start authentication. More... | |
| logout (&$state) | |
| Log out from this authentication source. More... | |
Static Public Member Functions | |
| static | resume () |
| Resume authentication process. More... | |
| Static Public Member Functions inherited from SimpleSAML_Auth_Source | |
| static | getSourcesOfType ($type) |
| Get sources of a specific type. More... | |
| static | completeAuth (&$state) |
| Complete authentication. More... | |
| static | loginCompleted ($state) |
| Called when a login operation has finished. More... | |
| static | completeLogout (&$state) |
| Complete logout. More... | |
| static | getById ($authId, $type=null) |
| Retrieve authentication source. More... | |
| static | logoutCallback ($state) |
| Called when the authentication source receives an external logout request. More... | |
| static | getSources () |
| Retrieve list of authentication sources. More... | |
Private Member Functions | |
| getUser () | |
| Retrieve attributes for the user. More... | |
Additional Inherited Members | |
| Protected Member Functions inherited from SimpleSAML_Auth_Source | |
| addLogoutCallback ($assoc, $state) | |
| Add a logout callback association. More... | |
| callLogoutCallback ($assoc) | |
| Call a logout callback based on association. More... | |
| Static Protected Member Functions inherited from SimpleSAML_Auth_Source | |
| static | validateSource ($source, $id) |
| Make sure that the first element of an auth source is its identifier. More... | |
| Protected Attributes inherited from SimpleSAML_Auth_Source | |
| $authId | |
Detailed Description
Definition at line 23 of file External.php.
Constructor & Destructor Documentation
◆ __construct()
| sspmod_exampleauth_Auth_Source_External::__construct | ( | $info, | |
| $config | |||
| ) |
Constructor for this authentication source.
- Parameters
-
array $info Information about this authentication source. array $config Configuration.
Definition at line 31 of file External.php.
Member Function Documentation
◆ authenticate()
| sspmod_exampleauth_Auth_Source_External::authenticate | ( | & | $state | ) |
Log in using an external authentication helper.
- Parameters
-
array &$state Information about the current authentication.
Reimplemented from SimpleSAML_Auth_Source.
Definition at line 92 of file External.php.
92 {
93 assert(is_array($state));
94
97 /*
98 * The user is already authenticated.
99 *
100 * Add the users attributes to the $state-array, and return control
101 * to the authentication process.
102 */
104 return;
105 }
106
107 /*
108 * The user isn't authenticated. We therefore need to
109 * send the user to the login page.
110 */
111
112 /*
113 * First we add the identifier of this authentication source
114 * to the state array, so that we know where to resume.
115 */
117
118
119 /*
120 * We need to save the $state-array, so that we can resume the
121 * login process after authentication.
122 *
123 * Note the second parameter to the saveState-function. This is a
124 * unique identifier for where the state was saved, and must be used
125 * again when we retrieve the state.
126 *
127 * The reason for it is to prevent
128 * attacks where the user takes a $state-array saved in one location
129 * and restores it in another location, and thus bypasses steps in
130 * the authentication process.
131 */
133
134 /*
135 * Now we generate a URL the user should return to after authentication.
136 * We assume that whatever authentication page we send the user to has an
137 * option to return the user to a specific page afterwards.
138 */
141 ));
142
143 /*
144 * Get the URL of the authentication page.
145 *
146 * Here we use the getModuleURL function again, since the authentication page
147 * is also part of this module, but in a real example, this would likely be
148 * the absolute URL of the login page for the site.
149 */
151
152 /*
153 * The redirect to the authentication page.
154 *
155 * Note the 'ReturnTo' parameter. This must most likely be replaced with
156 * the real name of the parameter for the login page.
157 */
158 \SimpleSAML\Utils\HTTP::redirectTrustedURL($authPage, array(
160 ));
161
162 /*
163 * The redirect function never returns, so we never get this far.
164 */
165 assert(false);
166 }
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
References $attributes, SimpleSAML_Auth_Source\$authId, $returnTo, $state, $stateId, SimpleSAML\Module\getModuleURL(), getUser(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().
Here is the call graph for this function:
◆ getUser()
|
private |
Retrieve attributes for the user.
- Returns
- array|NULL The user's attributes, or NULL if the user isn't authenticated.
Definition at line 47 of file External.php.
47 {
48
49 /*
50 * In this example we assume that the attributes are
51 * stored in the users PHP session, but this could be replaced
52 * with anything.
53 */
54
55 if (!session_id()) {
56 /* session_start not called before. Do it here. */
57 session_start();
58 }
59
61 /* The user isn't authenticated. */
62 return NULL;
63 }
64
65 /*
66 * Find the attributes for the user.
67 * Note that all attributes in SimpleSAMLphp are multivalued, so we need
68 * to store them as arrays.
69 */
70
71 $attributes = array(
75 );
76
77 /* Here we generate a multivalued attribute based on the account type. */
80 'member',
81 );
82
84 }
References $_SESSION, and $attributes.
Referenced by authenticate().
Here is the caller graph for this function:
◆ logout()
| sspmod_exampleauth_Auth_Source_External::logout | ( | & | $state | ) |
This function is called when the user start a logout operation, for example by logging out of a SP that supports single logout.
- Parameters
-
array &$state The logout state array.
Reimplemented from SimpleSAML_Auth_Source.
Definition at line 253 of file External.php.
253 {
254 assert(is_array($state));
255
256 if (!session_id()) {
257 /* session_start not called before. Do it here. */
258 session_start();
259 }
260
261 /*
262 * In this example we simply remove the 'uid' from the session.
263 */
265
266 /*
267 * If we need to do a redirect to a different page, we could do this
268 * here, but in this example we don't need to do this.
269 */
270 }
◆ resume()
|
static |
Resume authentication process.
This function resumes the authentication process after the user has entered his or her credentials.
- Parameters
-
array &$state The authentication state.
Definition at line 177 of file External.php.
177 {
178
179 /*
180 * First we need to restore the $state-array. We should have the identifier for
181 * it in the 'State' request parameter.
182 */
183 if (!isset($_REQUEST['State'])) {
185 }
186
187 /*
188 * Once again, note the second parameter to the loadState function. This must
189 * match the string we used in the saveState-call above.
190 */
192
193 /*
194 * Now we have the $state-array, and can use it to locate the authentication
195 * source.
196 */
199 /*
200 * The only way this should fail is if we remove or rename the authentication source
201 * while the user is at the login page.
202 */
203 throw new SimpleSAML_Error_Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
204 }
205
206 /*
207 * Make sure that we haven't switched the source type while the
208 * user was at the authentication page. This can only happen if we
209 * change config/authsources.php while an user is logging in.
210 */
213 }
214
215
216 /*
217 * OK, now we know that our current state is sane. Time to actually log the user in.
218 *
219 * First we check that the user is acutally logged in, and didn't simply skip the login page.
220 */
223 /*
224 * The user isn't authenticated.
225 *
226 * Here we simply throw an exception, but we could also redirect the user back to the
227 * login page.
228 */
230 }
231
232 /*
233 * So, we have a valid user. Time to resume the authentication process where we
234 * paused it in the authenticate()-function above.
235 */
236
239
240 /*
241 * The completeAuth-function never returns, so we never get this far.
242 */
243 assert(false);
244 }
Definition: BadRequest.php:13
Definition: Exception.php:13
References $attributes, $source, $state, SimpleSAML_Auth_Source\completeAuth(), SimpleSAML_Auth_Source\getById(), and SimpleSAML_Auth_State\loadState().
Here is the call graph for this function:
The documentation for this class was generated from the following file:
- libs/composer/vendor/simplesamlphp/simplesamlphp/modules/exampleauth/lib/Auth/Source/External.php
