SimpleSAML_Auth_Source Class Reference

Inheritance diagram for SimpleSAML_Auth_Source:

Collaboration diagram for SimpleSAML_Auth_Source:

Public Member Functions
	__construct ($info, &$config)
	Constructor for an authentication source. More...
	getAuthId ()
	Retrieve the ID of this authentication source. More...
	authenticate (&$state)
	Process a request. More...
	reauthenticate (array &$state)
	Reauthenticate an user. More...
	initLogin ($return, $errorURL=null, array $params=array())
	Start authentication. More...
	logout (&$state)
	Log out from this authentication source. More...

Static Public Member Functions
static	getSourcesOfType ($type)
	Get sources of a specific type. More...
static	completeAuth (&$state)
	Complete authentication. More...
static	loginCompleted ($state)
	Called when a login operation has finished. More...
static	completeLogout (&$state)
	Complete logout. More...
static	getById ($authId, $type=null)
	Retrieve authentication source. More...
static	logoutCallback ($state)
	Called when the authentication source receives an external logout request. More...
static	getSources ()
	Retrieve list of authentication sources. More...

Protected Member Functions
	addLogoutCallback ($assoc, $state)
	Add a logout callback association. More...
	callLogoutCallback ($assoc)
	Call a logout callback based on association. More...

Static Protected Member Functions
static	validateSource ($source, $id)
	Make sure that the first element of an auth source is its identifier. More...

Protected Attributes
	$authId

Detailed Description

Definition at line 13 of file Source.php.

Constructor & Destructor Documentation

__construct()

SimpleSAML_Auth_Source::__construct	(		$info,
		&	$config
	)

Constructor for an authentication source.

Any authentication source which implements its own constructor must call this constructor first.

Parameters

array	$info	Information about this authentication source.
array	&$config	Configuration for this authentication source.

Definition at line 35 of file Source.php.

References $config, and $info.

    {
        assert(is_array($info));
        assert(is_array($config));

        assert(array_key_exists('AuthId', $info));
        $this->authId = $info['AuthId'];
    }

Member Function Documentation

addLogoutCallback()

SimpleSAML_Auth_Source::addLogoutCallback (   $assoc,   $state  )

protected

Add a logout callback association.

This function adds a logout callback association, which allows us to initiate a logout later based on the $assoc-value.

Note that logout-associations exists per authentication source. A logout association from one authentication source cannot be called from a different authentication source.

Parameters

string	$assoc	The identifier for this logout association.
array	$state	The state array passed to the authenticate-function.

Definition at line 411 of file Source.php.

References $data, $id, $session, $state, SimpleSAML_Session\DATA_TIMEOUT_SESSION_END, and SimpleSAML_Session\getSessionFromRequest().

    {
        assert(is_string($assoc));
        assert(is_array($state));

        if (!array_key_exists('LogoutCallback', $state)) {
            // the authentication requester doesn't have a logout callback
            return;
        }
        $callback = $state['LogoutCallback'];

        if (array_key_exists('LogoutCallbackState', $state)) {
            $callbackState = $state['LogoutCallbackState'];
        } else {
            $callbackState = array();
        }

        $id = strlen($this->authId).':'.$this->authId.$assoc;

        $data = array(
            'callback' => $callback,
            'state'    => $callbackState,
        );

        $session = SimpleSAML_Session::getSessionFromRequest();
        $session->setData(
            'SimpleSAML_Auth_Source.LogoutCallbacks',
            $id,
            $data,
            SimpleSAML_Session::DATA_TIMEOUT_SESSION_END
        );
    }

Here is the call graph for this function:

authenticate()

SimpleSAML_Auth_Source::authenticate ( &  $state )

abstract

Process a request.

If an authentication source returns from this function, it is assumed to have authenticated the user, and should have set elements in $state with the attributes of the user.

If the authentication process requires additional steps which make it impossible to complete before returning from this function, the authentication source should save the state, and at a later stage, load the state, update it with the authentication information about the user, and call completeAuth with the state array.

Parameters

array

&$state

Information about the current authentication.

Referenced by getAuthId(), and initLogin().

Here is the caller graph for this function:

callLogoutCallback()

SimpleSAML_Auth_Source::callLogoutCallback (   $assoc )

protected

Call a logout callback based on association.

This function calls a logout callback based on an association saved with addLogoutCallback(...).

This function always returns.

Parameters

string

$assoc

The logout association which should be called.

Definition at line 455 of file Source.php.

References $data, $id, $session, and SimpleSAML_Session\getSessionFromRequest().

Referenced by sspmod_saml_Auth_Source_SP\handleLogout().

    {
        assert(is_string($assoc));

        $id = strlen($this->authId).':'.$this->authId.$assoc;

        $session = SimpleSAML_Session::getSessionFromRequest();

        $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
        if ($data === null) {
            // FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure
            $session->doLogout($this->authId);

            return;
        }

        assert(is_array($data));
        assert(array_key_exists('callback', $data));
        assert(array_key_exists('state', $data));

        $callback = $data['callback'];
        $callbackState = $data['state'];

        $session->deleteData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
        call_user_func($callback, $callbackState);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

completeAuth()

static SimpleSAML_Auth_Source::completeAuth ( &  $state )

static

Complete authentication.

This function should be called if authentication has completed. It will never return, except in the case of exceptions. Exceptions thrown from this page should not be caught, but should instead be passed to the top-level exception handler.

Parameters

array

&$state

Information about the current authentication.

Definition at line 136 of file Source.php.

References $state, and SimpleSAML_Auth_State\deleteState().

Referenced by sspmod_negotiate_Auth_Source_Negotiate\authenticate(), sspmod_authX509_Auth_Source_X509userCert\authSuccesful(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), sspmod_cas_Auth_Source_CAS\finalStep(), sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin(), sspmod_core_Auth_UserPassOrgBase\handleLogin(), sspmod_saml_Auth_Source_SP\onProcessingCompleted(), and sspmod_exampleauth_Auth_Source_External\resume().

    {
        assert(is_array($state));
        assert(array_key_exists('LoginCompletedHandler', $state));

        SimpleSAML_Auth_State::deleteState($state);

        $func = $state['LoginCompletedHandler'];
        assert(is_callable($func));

        call_user_func($func, $state);
        assert(false);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

completeLogout()

static SimpleSAML_Auth_Source::completeLogout ( &  $state )

static

Complete logout.

This function should be called after logout has completed. It will never return, except in the case of exceptions. Exceptions thrown from this page should not be caught, but should instead be passed to the top-level exception handler.

Parameters

array

&$state

Information about the current authentication.

Definition at line 265 of file Source.php.

References $authId, $config, $factory, $id, $info, $state, SimpleSAML_Auth_State\deleteState(), and SimpleSAML\Module\resolveClass().

    {
        assert(is_array($state));
        assert(array_key_exists('LogoutCompletedHandler', $state));

        SimpleSAML_Auth_State::deleteState($state);

        $func = $state['LogoutCompletedHandler'];
        assert(is_callable($func));

        call_user_func($func, $state);
        assert(false);
    }

Here is the call graph for this function:

getAuthId()

SimpleSAML_Auth_Source::getAuthId

(

)

Retrieve the ID of this authentication source.

Returns

string The ID of this authentication source.

Definition at line 83 of file Source.php.

References $authId, $state, and authenticate().

    {
        return $this->authId;
    }

Here is the call graph for this function:

getById()

static SimpleSAML_Auth_Source::getById (   $authId,   $type = null  )

static

Retrieve authentication source.

This function takes an id of an authentication source, and returns the AuthSource object. If no authentication source with the given id can be found, NULL will be returned.

If the $type parameter is specified, this function will return an authentication source of the given type. If no authentication source or if an authentication source of a different type is found, an exception will be thrown.

Parameters

string	$authId	The authentication source identifier.
string | NULL	$type	The type of authentication source. If NULL, any type will be accepted.

Returns

SimpleSAML_Auth_Source|NULL The AuthSource object, or NULL if no authentication source with the given identifier is found.

Exceptions

SimpleSAML_Error_Exception

If no such authentication source is found or it is invalid.

Definition at line 340 of file Source.php.

References $authId, $config, $ret, $type, and SimpleSAML_Configuration\getConfig().

Referenced by SimpleSAML_IdP\__construct(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), sspmod_negotiate_Auth_Source_Negotiate\fallBack(), SimpleSAML_Auth_Default\getAuthSource(), sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin(), sspmod_core_Auth_UserPassOrgBase\handleLogin(), sspmod_core_Auth_UserPassBase\handleLogin(), SimpleSAML_Auth_Default\initLogoutReturn(), sspmod_core_Auth_UserPassOrgBase\listOrganizations(), sspmod_multiauth_Auth_Source_MultiAuth\logout(), sspmod_negotiate_Auth_Source_Negotiate\logout(), sspmod_saml_Auth_Source_SP\onProcessingCompleted(), sspmod_saml_Auth_Source_SP\reauthPostLogin(), SimpleSAML\Utils\Auth\requireAdmin(), and sspmod_exampleauth_Auth_Source_External\resume().

    {
        assert(is_string($authId));
        assert($type === null || is_string($type));

        // for now - load and parse config file
        $config = SimpleSAML_Configuration::getConfig('authsources.php');

        $authConfig = $config->getArray($authId, null);
        if ($authConfig === null) {
            if ($type !== null) {
                throw new SimpleSAML_Error_Exception(
                    'No authentication source with id '.
                    var_export($authId, true).' found.'
                );
            }
            return null;
        }

        $ret = self::parseAuthSource($authId, $authConfig);

        if ($type === null || $ret instanceof $type) {
            return $ret;
        }

        // the authentication source doesn't have the correct type
        throw new SimpleSAML_Error_Exception(
            'Invalid type of authentication source '.
            var_export($authId, true).'. Was '.var_export(get_class($ret), true).
            ', should be '.var_export($type, true).'.'
        );
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getSources()

static SimpleSAML_Auth_Source::getSources ( )

static

Retrieve list of authentication sources.

Returns

array The id of all authentication sources.

Definition at line 488 of file Source.php.

References $config, and SimpleSAML_Configuration\getOptionalConfig().

    {
        $config = SimpleSAML_Configuration::getOptionalConfig('authsources.php');

        return $config->getOptions();
    }

Here is the call graph for this function:

getSourcesOfType()

static SimpleSAML_Auth_Source::getSourcesOfType (   $type )

static

Get sources of a specific type.

Parameters

string

$type

The type of the authentication source.

Returns

SimpleSAML_Auth_Source[] Array of SimpleSAML_Auth_Source objects of the specified type.

Exceptions

Exception

If the authentication source is invalid.

Definition at line 53 of file Source.php.

References $config, $id, $ret, $source, $type, and SimpleSAML_Configuration\getConfig().

Referenced by saml_hook_metadata_hosted().

    {
        assert(is_string($type));

        $config = SimpleSAML_Configuration::getConfig('authsources.php');

        $ret = array();

        $sources = $config->getOptions();
        foreach ($sources as $id) {
            $source = $config->getArray($id);

            self::validateSource($source, $id);

            if ($source[0] !== $type) {
                continue;
            }

            $ret[] = self::parseAuthSource($id, $source);
        }

        return $ret;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

initLogin()

SimpleSAML_Auth_Source::initLogin	(		$return,
			$errorURL = null,
		array	$params = array()
	)

Start authentication.

This method never returns.

Parameters

string | array	$return	The URL or function we should direct the user to after authentication. If using a URL obtained from user input, please make sure to check it by calling ::checkURLAllowed().
string | null	$errorURL	The URL we should direct the user to after failed authentication. Can be null, in which case a standard error page will be shown. If using a URL obtained from user input, please make sure to check it by calling ::checkURLAllowed().
array	$params	Extra information about the login. Different authentication requestors may provide different information. Optional, will default to an empty array.

Definition at line 164 of file Source.php.

References PHPMailer\PHPMailer\$params, $state, authenticate(), SimpleSAML_Auth_State\EXCEPTION_HANDLER_URL, and SimpleSAML_Auth_State\throwException().

    {
        assert(is_string($return) || is_array($return));
        assert(is_string($errorURL) || $errorURL === null);

        $state = array_merge($params, array(
            'SimpleSAML_Auth_Default.id' => $this->authId, // TODO: remove in 2.0
            'SimpleSAML_Auth_Source.id' => $this->authId,
            'SimpleSAML_Auth_Default.Return' => $return, // TODO: remove in 2.0
            'SimpleSAML_Auth_Source.Return' => $return,
            'SimpleSAML_Auth_Default.ErrorURL' => $errorURL, // TODO: remove in 2.0
            'SimpleSAML_Auth_Source.ErrorURL' => $errorURL,
            'LoginCompletedHandler' => array(get_class(), 'loginCompleted'),
            'LogoutCallback' => array(get_class(), 'logoutCallback'),
            'LogoutCallbackState' => array(
                'SimpleSAML_Auth_Default.logoutSource' => $this->authId, // TODO: remove in 2.0
                'SimpleSAML_Auth_Source.logoutSource' => $this->authId,
            ),
        ));

        if (is_string($return)) {
            $state['SimpleSAML_Auth_Default.ReturnURL'] = $return; // TODO: remove in 2.0
            $state['SimpleSAML_Auth_Source.ReturnURL'] = $return;
        }

        if ($errorURL !== null) {
            $state[SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL] = $errorURL;
        }

        try {
            $this->authenticate($state);
        } catch (SimpleSAML_Error_Exception $e) {
            SimpleSAML_Auth_State::throwException($state, $e);
        } catch (Exception $e) {
            $e = new SimpleSAML_Error_UnserializableException($e);
            SimpleSAML_Auth_State::throwException($state, $e);
        }
        self::loginCompleted($state);
    }

Here is the call graph for this function:

loginCompleted()

static SimpleSAML_Auth_Source::loginCompleted (   $state )

static

Called when a login operation has finished.

This method never returns.

Parameters

array

$state

The state after the login has completed.

Definition at line 212 of file Source.php.

References $authId, $session, $state, SimpleSAML_Auth_State\getPersistentAuthData(), SimpleSAML_Session\getSessionFromRequest(), and SimpleSAML\Utils\HTTP\redirectTrustedURL().

Referenced by SimpleSAML_Auth_Default\loginCompleted().

    {
        assert(is_array($state));
        assert(array_key_exists('SimpleSAML_Auth_Source.Return', $state));
        assert(array_key_exists('SimpleSAML_Auth_Source.id', $state));
        assert(array_key_exists('Attributes', $state));
        assert(!array_key_exists('LogoutState', $state) || is_array($state['LogoutState']));

        $return = $state['SimpleSAML_Auth_Source.Return'];

        // save session state
        $session = SimpleSAML_Session::getSessionFromRequest();
        $authId = $state['SimpleSAML_Auth_Source.id'];
        $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));

        if (is_string($return)) { // redirect...
            \SimpleSAML\Utils\HTTP::redirectTrustedURL($return);
        } else {
            call_user_func($return, $state);
        }
        assert(false);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

logout()

SimpleSAML_Auth_Source::logout

(

&

$state

)

Log out from this authentication source.

This function should be overridden if the authentication source requires special steps to complete a logout operation.

If the logout process requires a redirect, the state should be saved. Once the logout operation is completed, the state should be restored, and completeLogout should be called with the state. If this operation can be completed without showing the user a page, or redirecting, this function should return.

Parameters

array

&$state

Information about the current logout operation.

Definition at line 249 of file Source.php.

References $state.

    {
        assert(is_array($state));
        // default logout handler which doesn't do anything
    }

logoutCallback()

static SimpleSAML_Auth_Source::logoutCallback (   $state )

static

Called when the authentication source receives an external logout request.

Parameters

array

$state

State array for the logout operation.

Definition at line 379 of file Source.php.

References $session, $source, $state, SimpleSAML_Session\getSessionFromRequest(), and SimpleSAML\Logger\warning().

Referenced by SimpleSAML_Auth_Default\logoutCallback().

    {
        assert(is_array($state));
        assert(array_key_exists('SimpleSAML_Auth_Source.logoutSource', $state));

        $source = $state['SimpleSAML_Auth_Source.logoutSource'];

        $session = SimpleSAML_Session::getSessionFromRequest();
        if (!$session->isValid($source)) {
            SimpleSAML\Logger::warning(
                'Received logout from an invalid authentication source '.
                var_export($source, true)
            );

            return;
        }
        $session->doLogout($source);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

reauthenticate()

SimpleSAML_Auth_Source::reauthenticate

(

array &

$state

)

Reauthenticate an user.

This function is called by the IdP to give the authentication source a chance to interact with the user even in the case when the user is already authenticated.

Parameters

array

&$state

Information about the current authentication.

Definition at line 114 of file Source.php.

References $data, $session, and SimpleSAML_Session\getSessionFromRequest().

    {
        assert(isset($state['ReturnCallback']));

        // the default implementation just copies over the previous authentication data
        $session = SimpleSAML_Session::getSessionFromRequest();
        $data = $session->getAuthState($this->authId);
        foreach ($data as $k => $v) {
            $state[$k] = $v;
        }
    }

Here is the call graph for this function:

validateSource()

static SimpleSAML_Auth_Source::validateSource (   $source,   $id  )

staticprotected

Make sure that the first element of an auth source is its identifier.

Parameters

array	$source	An array with the auth source configuration.
string	$id	The auth source identifier.

Exceptions

Exception

If the first element of $source is not an identifier for the auth source.

Definition at line 504 of file Source.php.

References $id, and $source.

    {
        if (!array_key_exists(0, $source) || !is_string($source[0])) {
            throw new Exception(
                'Invalid authentication source \''.$id.
                '\': First element must be a string which identifies the authentication source.'
            );
        }
    }

Field Documentation

$authId

SimpleSAML_Auth_Source::$authId

protected

Definition at line 23 of file Source.php.

Referenced by sspmod_authwindowslive_Auth_Source_LiveID\authenticate(), sspmod_authlinkedin_Auth_Source_LinkedIn\authenticate(), sspmod_authtwitter_Auth_Source_Twitter\authenticate(), sspmod_negotiate_Auth_Source_Negotiate\authenticate(), sspmod_authfacebook_Auth_Source_Facebook\authenticate(), sspmod_exampleauth_Auth_Source_External\authenticate(), sspmod_authYubiKey_Auth_Source_YubiKey\authenticate(), sspmod_multiauth_Auth_Source_MultiAuth\authenticate(), sspmod_core_Auth_UserPassOrgBase\authenticate(), sspmod_core_Auth_UserPassBase\authenticate(), sspmod_cas_Auth_Source_CAS\authenticate(), sspmod_saml_Auth_Source_SP\authenticate(), completeLogout(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), sspmod_negotiate_Auth_Source_Negotiate\fallBack(), getAuthId(), getById(), sspmod_multiauth_Auth_Source_MultiAuth\getPreviousSource(), sspmod_saml_Auth_Source_SP\handleUnsolicitedAuth(), loginCompleted(), sspmod_multiauth_Auth_Source_MultiAuth\logout(), sspmod_negotiate_Auth_Source_Negotiate\logout(), sspmod_saml_Auth_Source_SP\reauthenticate(), sspmod_saml_Auth_Source_SP\reauthPostLogin(), and sspmod_multiauth_Auth_Source_MultiAuth\setPreviousSource().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Auth/Source.php