ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions | Private Attributes
sspmod_saml_Auth_Process_SQLPersistentNameID Class Reference
+ Inheritance diagram for sspmod_saml_Auth_Process_SQLPersistentNameID:
+ Collaboration diagram for sspmod_saml_Auth_Process_SQLPersistentNameID:

Public Member Functions

 __construct ($config, $reserved)
 Initialize this filter, parse configuration. More...
 
- Public Member Functions inherited from sspmod_saml_BaseNameIDGenerator
 __construct ($config, $reserved)
 Initialize this filter, parse configuration. More...
 
 process (&$state)
 Generate transient NameID. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
 __construct (&$config, $reserved)
 Constructor for a processing filter. More...
 
 process (&$request)
 Process a request. More...
 

Protected Member Functions

 getValue (array &$state)
 Get the NameID value. More...
 
- Protected Member Functions inherited from sspmod_saml_BaseNameIDGenerator
 getValue (array &$state)
 Get the NameID value. More...
 

Private Attributes

 $attribute
 
 $allowUnspecified = false
 
 $allowDifferent = false
 
 $alwaysCreate = false
 

Additional Inherited Members

- Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
 $priority = 50
 Priority of this filter. More...
 
- Protected Attributes inherited from sspmod_saml_BaseNameIDGenerator
 $format
 

Detailed Description

Definition at line 9 of file SQLPersistentNameID.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_saml_Auth_Process_SQLPersistentNameID::__construct (   $config,
  $reserved 
)

Initialize this filter, parse configuration.

Parameters
array$configConfiguration information about this filter.
mixed$reservedFor future use.
Exceptions
SimpleSAML_Error_ExceptionIf the 'attribute' option is not specified.

Definition at line 49 of file SQLPersistentNameID.php.

References $config, and SAML2\Constants\NAMEID_PERSISTENT.

50  {
51  parent::__construct($config, $reserved);
52  assert(is_array($config));
53 
54  $this->format = \SAML2\Constants::NAMEID_PERSISTENT;
55 
56  if (!isset($config['attribute'])) {
57  throw new SimpleSAML_Error_Exception("PersistentNameID: Missing required option 'attribute'.");
58  }
59  $this->attribute = $config['attribute'];
60 
61  if (isset($config['allowUnspecified'])) {
62  $this->allowUnspecified = (bool) $config['allowUnspecified'];
63  }
64 
65  if (isset($config['allowDifferent'])) {
66  $this->allowDifferent = (bool) $config['allowDifferent'];
67  }
68 
69  if (isset($config['alwaysCreate'])) {
70  $this->alwaysCreate = (bool) $config['alwaysCreate'];
71  }
72  }
$config
$config
Definition: bootstrap.php:15
SimpleSAML_Error_Exception
Definition: Exception.php:12
SAML2\Constants\NAMEID_PERSISTENT
const NAMEID_PERSISTENT
Persistent NameID format.
Definition: Constants.php:195

Member Function Documentation

◆ getValue()

sspmod_saml_Auth_Process_SQLPersistentNameID::getValue ( array &  $state)
protected

Get the NameID value.

Parameters
array$stateThe state array.
Returns
string|null The NameID value.
Exceptions
sspmod_saml_Errorif the NameID creation policy is invalid.

Definition at line 83 of file SQLPersistentNameID.php.

References $idpEntityId, $spEntityId, sspmod_saml_IdP_SQLNameID\add(), SimpleSAML\Logger\debug(), sspmod_saml_IdP_SQLNameID\get(), and SimpleSAML\Logger\warning().

84  {
85 
86  if (!isset($state['saml:NameIDFormat']) && !$this->allowUnspecified) {
87  SimpleSAML\Logger::debug(
88  'SQLPersistentNameID: Request did not specify persistent NameID format, '.
89  'not generating persistent NameID.'
90  );
91  return null;
92  }
93 
94  $validNameIdFormats = @array_filter(array(
95  $state['saml:NameIDFormat'],
96  $state['SPMetadata']['NameIDPolicy'],
97  $state['SPMetadata']['NameIDFormat']
98  ));
99  if (count($validNameIdFormats) && !in_array($this->format, $validNameIdFormats, true) &&
100  !$this->allowDifferent
101  ) {
102  SimpleSAML\Logger::debug(
103  'SQLPersistentNameID: SP expects different NameID format ('.
104  implode(', ', $validNameIdFormats).'), not generating persistent NameID.'
105  );
106  return null;
107  }
108 
109  if (!isset($state['Destination']['entityid'])) {
110  SimpleSAML\Logger::warning('SQLPersistentNameID: No SP entity ID - not generating persistent NameID.');
111  return null;
112  }
113  $spEntityId = $state['Destination']['entityid'];
114 
115  if (!isset($state['Source']['entityid'])) {
116  SimpleSAML\Logger::warning('SQLPersistentNameID: No IdP entity ID - not generating persistent NameID.');
117  return null;
118  }
119  $idpEntityId = $state['Source']['entityid'];
120 
121  if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
122  SimpleSAML\Logger::warning(
123  'SQLPersistentNameID: Missing attribute '.var_export($this->attribute, true).
124  ' on user - not generating persistent NameID.'
125  );
126  return null;
127  }
128  if (count($state['Attributes'][$this->attribute]) > 1) {
129  SimpleSAML\Logger::warning(
130  'SQLPersistentNameID: More than one value in attribute '.var_export($this->attribute, true).
131  ' on user - not generating persistent NameID.'
132  );
133  return null;
134  }
135  $uid = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
136  $uid = $uid[0];
137 
138  if (empty($uid)) {
139  SimpleSAML\Logger::warning(
140  'Empty value in attribute '.var_export($this->attribute, true).
141  ' on user - not generating persistent NameID.'
142  );
143  return null;
144  }
145 
146  $value = sspmod_saml_IdP_SQLNameID::get($idpEntityId, $spEntityId, $uid);
147  if ($value !== null) {
148  SimpleSAML\Logger::debug(
149  'SQLPersistentNameID: Found persistent NameID '.var_export($value, true).' for user '.
150  var_export($uid, true).'.'
151  );
152  return $value;
153  }
154 
155  if ((!isset($state['saml:AllowCreate']) || !$state['saml:AllowCreate']) && !$this->alwaysCreate) {
156  SimpleSAML\Logger::warning(
157  'SQLPersistentNameID: Did not find persistent NameID for user, and not allowed to create new NameID.'
158  );
159  throw new sspmod_saml_Error(
160  \SAML2\Constants::STATUS_RESPONDER,
161  'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'
162  );
163  }
164 
165  $value = bin2hex(openssl_random_pseudo_bytes(20));
166  SimpleSAML\Logger::debug(
167  'SQLPersistentNameID: Created persistent NameID '.var_export($value, true).' for user '.
168  var_export($uid, true).'.'
169  );
170  sspmod_saml_IdP_SQLNameID::add($idpEntityId, $spEntityId, $uid, $value);
171 
172  return $value;
173  }
sspmod_saml_IdP_SQLNameID\get
static get($idpEntityId, $spEntityId, $user)
Retrieve a NameID into from database.
Definition: SQLNameID.php:96
$idpEntityId
$idpEntityId
Definition: prp.php:12
sspmod_saml_IdP_SQLNameID\add
static add($idpEntityId, $spEntityId, $user, $value)
Add a NameID into the database.
Definition: SQLNameID.php:66
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
$spEntityId
$spEntityId
Definition: attributeserver.php:14
sspmod_saml_Error
Definition: Error.php:8
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177
+ Here is the call graph for this function:

Field Documentation

◆ $allowDifferent

sspmod_saml_Auth_Process_SQLPersistentNameID::$allowDifferent = false
private

Definition at line 31 of file SQLPersistentNameID.php.

◆ $allowUnspecified

sspmod_saml_Auth_Process_SQLPersistentNameID::$allowUnspecified = false
private

Definition at line 24 of file SQLPersistentNameID.php.

◆ $alwaysCreate

sspmod_saml_Auth_Process_SQLPersistentNameID::$alwaysCreate = false
private

Definition at line 38 of file SQLPersistentNameID.php.

◆ $attribute

sspmod_saml_Auth_Process_SQLPersistentNameID::$attribute
private

Definition at line 17 of file SQLPersistentNameID.php.

The documentation for this class was generated from the following file: