ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
MultiAuth.php
Go to the documentation of this file.
1 <?php
2 
11 class sspmod_multiauth_Auth_Source_MultiAuth extends SimpleSAML_Auth_Source {
12 
16  const AUTHID = 'sspmod_multiauth_Auth_Source_MultiAuth.AuthId';
17 
21  const STAGEID = 'sspmod_multiauth_Auth_Source_MultiAuth.StageId';
22 
26  const SOURCESID = 'sspmod_multiauth_Auth_Source_MultiAuth.SourceId';
27 
31  const SESSION_SOURCE = 'multiauth:selectedSource';
32 
36  private $sources;
37 
44  public function __construct($info, $config) {
45  assert(is_array($info));
46  assert(is_array($config));
47 
48  // Call the parent constructor first, as required by the interface
49  parent::__construct($info, $config);
50 
51  if (!array_key_exists('sources', $config)) {
52  throw new Exception('The required "sources" config option was not found');
53  }
54 
55  $globalConfiguration = SimpleSAML_Configuration::getInstance();
56  $defaultLanguage = $globalConfiguration->getString('language.default', 'en');
57  $authsources = SimpleSAML_Configuration::getConfig('authsources.php');
58  $this->sources = array();
59  foreach($config['sources'] as $source => $info) {
60 
61  if (is_int($source)) { // Backwards compatibility
62  $source = $info;
63  $info = array();
64  }
65 
66  if (array_key_exists('text', $info)) {
67  $text = $info['text'];
68  } else {
69  $text = array($defaultLanguage => $source);
70  }
71 
72  if (array_key_exists('css-class', $info)) {
73  $css_class = $info['css-class'];
74  } else {
75  // Use the authtype as the css class
76  $authconfig = $authsources->getArray($source, NULL);
77  if (!array_key_exists(0, $authconfig) || !is_string($authconfig[0])) {
78  $css_class = "";
79  } else {
80  $css_class = str_replace(":", "-", $authconfig[0]);
81  }
82  }
83 
84  $this->sources[] = array(
85  'source' => $source,
86  'text' => $text,
87  'css_class' => $css_class,
88  );
89  }
90  }
91 
104  public function authenticate(&$state) {
105  assert(is_array($state));
106 
107  $state[self::AUTHID] = $this->authId;
108  $state[self::SOURCESID] = $this->sources;
109 
110  /* Save the $state array, so that we can restore if after a redirect */
111  $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
112 
113  /* Redirect to the select source page. We include the identifier of the
114  saved state array as a parameter to the login form */
115  $url = SimpleSAML\Module::getModuleURL('multiauth/selectsource.php');
116  $params = array('AuthState' => $id);
117 
118  // Allowes the user to specify the auth souce to be used
119  if(isset($_GET['source'])) {
120  $params['source'] = $_GET['source'];
121  }
122 
123  \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
124 
125  /* The previous function never returns, so this code is never
126  executed */
127  assert(false);
128  }
129 
141  public static function delegateAuthentication($authId, $state) {
142  assert(is_string($authId));
143  assert(is_array($state));
144 
145  $as = SimpleSAML_Auth_Source::getById($authId);
146  $valid_sources = array_map(
147  function($src) {
148  return $src['source'];
149  },
150  $state[self::SOURCESID]
151  );
152  if ($as === NULL || !in_array($authId, $valid_sources, true)) {
153  throw new Exception('Invalid authentication source: ' . $authId);
154  }
155 
156  /* Save the selected authentication source for the logout process. */
157  $session = SimpleSAML_Session::getSessionFromRequest();
158  $session->setData(self::SESSION_SOURCE, $state[self::AUTHID], $authId, SimpleSAML_Session::DATA_TIMEOUT_SESSION_END);
159 
160  try {
161  $as->authenticate($state);
162  } catch (SimpleSAML_Error_Exception $e) {
163  SimpleSAML_Auth_State::throwException($state, $e);
164  } catch (Exception $e) {
165  $e = new SimpleSAML_Error_UnserializableException($e);
166  SimpleSAML_Auth_State::throwException($state, $e);
167  }
168  SimpleSAML_Auth_Source::completeAuth($state);
169  }
170 
179  public function logout(&$state) {
180  assert(is_array($state));
181 
182  /* Get the source that was used to authenticate */
183  $session = SimpleSAML_Session::getSessionFromRequest();
184  $authId = $session->getData(self::SESSION_SOURCE, $this->authId);
185 
186  $source = SimpleSAML_Auth_Source::getById($authId);
187  if ($source === NULL) {
188  throw new Exception('Invalid authentication source during logout: ' . $source);
189  }
190  /* Then, do the logout on it */
191  $source->logout($state);
192  }
193 
202  public function setPreviousSource($source) {
203  assert(is_string($source));
204 
205  $cookieName = 'multiauth_source_' . $this->authId;
206 
207  $config = SimpleSAML_Configuration::getInstance();
208  $params = array(
209  /* We save the cookies for 90 days. */
210  'lifetime' => (60*60*24*90),
211  /* The base path for cookies.
212  This should be the installation directory for SimpleSAMLphp. */
213  'path' => $config->getBasePath(),
214  'httponly' => FALSE,
215  );
216 
217  \SimpleSAML\Utils\HTTP::setCookie($cookieName, $source, $params, FALSE);
218  }
219 
226  public function getPreviousSource() {
227  $cookieName = 'multiauth_source_' . $this->authId;
228  if(array_key_exists($cookieName, $_COOKIE)) {
229  return $_COOKIE[$cookieName];
230  } else {
231  return NULL;
232  }
233  }
234 }
sspmod_multiauth_Auth_Source_MultiAuth\SESSION_SOURCE
const SESSION_SOURCE
The key where the selected source is saved in the session.
Definition: MultiAuth.php:31
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
$config
$config
Definition: bootstrap.php:15
sspmod_multiauth_Auth_Source_MultiAuth\authenticate
authenticate(&$state)
Prompt the user with a list of authentication sources.
Definition: MultiAuth.php:104
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
sspmod_multiauth_Auth_Source_MultiAuth\getPreviousSource
getPreviousSource()
Get the previous authentication source.
Definition: MultiAuth.php:226
SimpleSAML_Auth_Source
$defaultLanguage
$defaultLanguage
Definition: frontpage_federation.php:121
SimpleSAML_Error_Exception
Definition: Exception.php:12
$session
$session
Definition: proxy_ylocal.php:32
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:23
sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication
static delegateAuthentication($authId, $state)
Delegate authentication.
Definition: MultiAuth.php:141
sspmod_multiauth_Auth_Source_MultiAuth\logout
logout(&$state)
Log out from this authentication source.
Definition: MultiAuth.php:179
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
sspmod_multiauth_Auth_Source_MultiAuth\AUTHID
const AUTHID
The key of the AuthId field in the state.
Definition: MultiAuth.php:16
$cookieName
$cookieName
Definition: authmemcookie.php:37
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML\Utils\HTTP\setCookie
static setCookie($name, $value, $params=null, $throw=true)
Set a cookie.
Definition: HTTP.php:1104
sspmod_multiauth_Auth_Source_MultiAuth\setPreviousSource
setPreviousSource($source)
Set the previous authentication source.
Definition: MultiAuth.php:202
SimpleSAML_Session\DATA_TIMEOUT_SESSION_END
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted...
Definition: Session.php:26
$text
$text
Definition: errorreport.php:18
$as
$as
Definition: consentAdmin.php:86
sspmod_multiauth_Auth_Source_MultiAuth
Definition: MultiAuth.php:11
SimpleSAML_Configuration\getConfig
static getConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:237
sspmod_multiauth_Auth_Source_MultiAuth\SOURCESID
const SOURCESID
The key where the sources is saved in the state.
Definition: MultiAuth.php:26
sspmod_multiauth_Auth_Source_MultiAuth\STAGEID
const STAGEID
The string used to identify our states.
Definition: MultiAuth.php:21
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:15
$url
$url
Definition: proxy_ylocal.php:28
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:136
$source
$source
Definition: linkback.php:22
sspmod_multiauth_Auth_Source_MultiAuth\$sources
$sources
Array of sources we let the user chooses among.
Definition: MultiAuth.php:36
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:340
$info
$info
Definition: index.php:5
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:241
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325
sspmod_multiauth_Auth_Source_MultiAuth\__construct
__construct($info, $config)
Constructor for this authentication source.
Definition: MultiAuth.php:44