ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilShibbolethWAYF.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
34 class ShibWAYF
35 {
36 
40  public $is_selection = false;
44  public $is_valid_selection = false;
48  public $selected_idp = '-';
52  public $idp_list = false;
53 
54 
55  public function __construct()
56  {
57  // Was the WAYF form submitted?
58  if (isset($_POST['home_organization_selection'])) {
59  $this->is_selection = true;
60  } else {
61  $this->is_selection = false;
62  }
63  // Was selected IdP a valid
64  $this->idp_list = $this->getIdplist();
65  if (isset($_POST['idp_selection']) and
66  $_POST['idp_selection'] != '-' and isset($this->idp_list[$_POST['idp_selection']])
67  ) {
68  $this->is_valid_selection = true;
69  $this->selected_idp = $_POST['idp_selection'];
70  } else {
71  $this->is_valid_selection = false;
72  }
73  }
74 
75 
79  public function is_selection()
80  {
81  return $this->isSelection();
82  }
83 
84 
88  public function isSelection()
89  {
90  return $this->is_selection;
91  }
92 
93 
97  public function is_valid_selection()
98  {
99  return $this->isValidSelection();
100  }
101 
102 
106  public function isValidSelection()
107  {
108  return $this->is_valid_selection;
109  }
110 
111 
115  public function generateSelection()
116  {
117  if (!$this->idp_list) {
118  $arr_idp_list = $this->getIdplist();
119  } else {
120  $arr_idp_list = $this->idp_list;
121  }
122  $idp_cookie = $this->generateCookieArray($_COOKIE['_saml_idp']);
123  $lng = new ilLanguage($_GET["lang"]);
124  if (count($idp_cookie) > 0 and isset($arr_idp_list[end($idp_cookie)])) {
125  $selectedIDP = end($idp_cookie);
126  $selectElement = '
127  <select name="idp_selection">
128  <option value="-">' . $lng->txt("shib_member_of") . '</option>';
129  } else {
130  $selectElement = '
131  <select name="idp_selection">
132  <option value="-" selected="selected">' . $lng->txt("shib_member_of") . '</option>';
133  }
134  foreach ($arr_idp_list as $idp_id => $idp_data) {
135  if ($idp_id == $selectedIDP) {
136  $selectElement .= '<option value="' . $idp_id . '" selected="selected">' . $idp_data[0] . '</option>';
137  } else {
138  $selectElement .= '<option value="' . $idp_id . '">' . $idp_data[0] . '</option>';
139  }
140  }
141  $selectElement .= '
142  </select>';
143 
144  return $selectElement;
145  }
146 
147 
151  public function redirect()
152  {
153  if (!$this->idp_list) {
154  $arr_idp_list = $this->getIdplist();
155  } else {
156  $arr_idp_list = $this->idp_list;
157  }
158  // Where to return after the authentication process
159  $target = trim(ILIAS_HTTP_PATH, '/') . '/shib_login.php?target=' . $_POST["il_target"];
160  $idp_data = $arr_idp_list[$this->selected_idp];
161  if (isset($idp_data[1])) {
162  ilUtil::redirect($idp_data[1] . '?providerId=' . urlencode($this->selected_idp) . '&target='
163  . urlencode($target));
164  } else {
165  // TODO: This has to be changed to /Shibboleth.sso/DS?entityId= for
166  // Shibbolet 2.x sometime...
167  ilUtil::redirect('/Shibboleth.sso?providerId=' . urlencode($this->selected_idp) . '&target='
168  . urlencode($target));
169  }
170  }
171 
172 
176  public function setSAMLCookie()
177  {
178  if (isset($_COOKIE['_saml_idp'])) {
179  $arr_idps = $this->generateCookieArray($_COOKIE['_saml_idp']);
180  } else {
181  $arr_idps = array();
182  }
183  $arr_idps = $this->appendCookieValue($this->selected_idp, $arr_idps);
184  setcookie('_saml_idp', $this->generateCookieValue($arr_idps), time() + (100 * 24 * 3600), '/');
185  }
186 
187 
192  public function showNotice()
193  {
194  $lng = new ilLanguage($_GET["lang"]);
195  if (!$this->is_selection() or $this->is_valid_selection()) {
196  return '';
197  } else {
198  return $lng->txt("shib_invalid_home_organization");
199  }
200  }
201 
202 
207  public function getIdplist()
208  {
209  global $DIC;
210  $ilSetting = $DIC['ilSetting'];
211  $idp_list = array();
212  $idp_raw_list = explode("\n", $ilSetting->get("shib_idp_list"));
213  foreach ($idp_raw_list as $idp_line) {
214  $idp_data = explode(',', $idp_line);
215  if (isset($idp_data[2])) {
216  $idp_list[trim($idp_data[0])] = array( trim($idp_data[1]), trim($idp_data[2]) );
217  } elseif (isset($idp_data[1])) {
218  $idp_list[trim($idp_data[0])] = array( trim($idp_data[1]) );
219  }
220  }
221 
222  return $idp_list;
223  }
224 
225 
233  public function generateCookieArray($value)
234  {
235  $arr_cookie = explode(' ', $value);
236  $arr_cookie = array_map('base64_decode', $arr_cookie);
237 
238  return $arr_cookie;
239  }
240 
241 
249  public function generateCookieValue(array $arr_cookie)
250  {
251  $arr_cookie = array_map('base64_encode', $arr_cookie);
252  $value = implode(' ', $arr_cookie);
253 
254  return $value;
255  }
256 
257 
266  public function appendCookieValue($value, array $arr_cookie)
267  {
268  array_push($arr_cookie, $value);
269  $arr_cookie = array_reverse($arr_cookie);
270  $arr_cookie = array_unique($arr_cookie);
271  $arr_cookie = array_reverse($arr_cookie);
272 
273  return $arr_cookie;
274  }
275 }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
ShibWAYF\setSAMLCookie
setSAMLCookie()
Sets the standard SAML domain cookie that is also used to preselect the right entry on the local wayf...
Definition: class.ilShibbolethWAYF.php:176
$DIC
global $DIC
Definition: saml.php:7
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ShibWAYF
Class ShibbolethWAYF.
Definition: class.ilShibbolethWAYF.php:34
ShibWAYF\generateCookieArray
generateCookieArray($value)
Definition: class.ilShibbolethWAYF.php:233
$lng
$lng
Definition: save_question_post_data.php:23
ShibWAYF\generateCookieValue
generateCookieValue(array $arr_cookie)
Definition: class.ilShibbolethWAYF.php:249
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilLanguage
language handling
Definition: class.ilLanguage.php:26
ilUtil\redirect
static redirect($a_script)
Definition: class.ilUtil.php:3318
ShibWAYF\redirect
redirect()
Redirects user to the local Shibboleth session initatiotor with already set GET arguments for the rig...
Definition: class.ilShibbolethWAYF.php:151
$target
$target
Definition: test.php:19
ShibWAYF\appendCookieValue
appendCookieValue($value, array $arr_cookie)
Definition: class.ilShibbolethWAYF.php:266
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11