ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
SimpleSAML_Auth_Source Class Reference
+ Inheritance diagram for SimpleSAML_Auth_Source:
+ Collaboration diagram for SimpleSAML_Auth_Source:

Public Member Functions

 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Static Public Member Functions

static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 

Protected Member Functions

 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 

Static Protected Member Functions

static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 

Protected Attributes

 $authId
 

Detailed Description

Definition at line 13 of file Source.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Auth_Source::__construct (   $info,
$config 
)

Constructor for an authentication source.

Any authentication source which implements its own constructor must call this constructor first.

Parameters
array$infoInformation about this authentication source.
array&$configConfiguration for this authentication source.

Reimplemented in sspmod_authX509_Auth_Source_X509userCert, sspmod_core_Auth_UserPassBase, and sspmod_core_Auth_UserPassOrgBase.

Definition at line 35 of file Source.php.

36 {
37 assert(is_array($info));
38 assert(is_array($config));
39
40 assert(array_key_exists('AuthId', $info));
41 $this->authId = $info['AuthId'];
42 }
$config
Definition: bootstrap.php:15
$info
Definition: index.php:5

References $config, and $info.

Member Function Documentation

◆ addLogoutCallback()

SimpleSAML_Auth_Source::addLogoutCallback (   $assoc,
  $state 
)
protected

Add a logout callback association.

This function adds a logout callback association, which allows us to initiate a logout later based on the $assoc-value.

Note that logout-associations exists per authentication source. A logout association from one authentication source cannot be called from a different authentication source.

Parameters
string$assocThe identifier for this logout association.
array$stateThe state array passed to the authenticate-function.

Definition at line 411 of file Source.php.

412 {
413 assert(is_string($assoc));
414 assert(is_array($state));
415
416 if (!array_key_exists('LogoutCallback', $state)) {
417 // the authentication requester doesn't have a logout callback
418 return;
419 }
420 $callback = $state['LogoutCallback'];
421
422 if (array_key_exists('LogoutCallbackState', $state)) {
423 $callbackState = $state['LogoutCallbackState'];
424 } else {
425 $callbackState = array();
426 }
427
428 $id = strlen($this->authId).':'.$this->authId.$assoc;
429
430 $data = array(
431 'callback' => $callback,
432 'state' => $callbackState,
433 );
434
436 $session->setData(
437 'SimpleSAML_Auth_Source.LogoutCallbacks',
438 $id,
439 $data,
441 );
442 }
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
Definition: Session.php:26
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:241
if(!array_key_exists('StateId', $_REQUEST)) $id
$session
$data
Definition: bench.php:6

References $data, $id, $session, $state, SimpleSAML_Session\DATA_TIMEOUT_SESSION_END, and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ authenticate()

SimpleSAML_Auth_Source::authenticate ( $state)
abstract

Process a request.

If an authentication source returns from this function, it is assumed to have authenticated the user, and should have set elements in $state with the attributes of the user.

If the authentication process requires additional steps which make it impossible to complete before returning from this function, the authentication source should save the state, and at a later stage, load the state, update it with the authentication information about the user, and call completeAuth with the state array.

Parameters
array&$stateInformation about the current authentication.

Reimplemented in sspmod_authfacebook_Auth_Source_Facebook, sspmod_authlinkedin_Auth_Source_LinkedIn, sspmod_authtwitter_Auth_Source_Twitter, sspmod_authwindowslive_Auth_Source_LiveID, sspmod_authX509_Auth_Source_X509userCert, sspmod_authYubiKey_Auth_Source_YubiKey, sspmod_cas_Auth_Source_CAS, sspmod_core_Auth_UserPassBase, sspmod_core_Auth_UserPassOrgBase, sspmod_exampleauth_Auth_Source_External, sspmod_exampleauth_Auth_Source_Static, sspmod_multiauth_Auth_Source_MultiAuth, sspmod_negotiate_Auth_Source_Negotiate, and sspmod_saml_Auth_Source_SP.

Referenced by initLogin().

+ Here is the caller graph for this function:

◆ callLogoutCallback()

SimpleSAML_Auth_Source::callLogoutCallback (   $assoc)
protected

Call a logout callback based on association.

This function calls a logout callback based on an association saved with addLogoutCallback(...).

This function always returns.

Parameters
string$assocThe logout association which should be called.

Definition at line 455 of file Source.php.

456 {
457 assert(is_string($assoc));
458
459 $id = strlen($this->authId).':'.$this->authId.$assoc;
460
462
463 $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
464 if ($data === null) {
465 // FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure
466 $session->doLogout($this->authId);
467
468 return;
469 }
470
471 assert(is_array($data));
472 assert(array_key_exists('callback', $data));
473 assert(array_key_exists('state', $data));
474
475 $callback = $data['callback'];
476 $callbackState = $data['state'];
477
478 $session->deleteData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
479 call_user_func($callback, $callbackState);
480 }

References $data, $id, $session, and SimpleSAML_Session\getSessionFromRequest().

Referenced by sspmod_saml_Auth_Source_SP\handleLogout().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ completeAuth()

static SimpleSAML_Auth_Source::completeAuth ( $state)
static

Complete authentication.

This function should be called if authentication has completed. It will never return, except in the case of exceptions. Exceptions thrown from this page should not be caught, but should instead be passed to the top-level exception handler.

Parameters
array&$stateInformation about the current authentication.

Definition at line 136 of file Source.php.

137 {
138 assert(is_array($state));
139 assert(array_key_exists('LoginCompletedHandler', $state));
140
142
143 $func = $state['LoginCompletedHandler'];
144 assert(is_callable($func));
145
146 call_user_func($func, $state);
147 assert(false);
148 }
static deleteState(&$state)
Delete state.
Definition: State.php:319

References $state, and SimpleSAML_Auth_State\deleteState().

Referenced by sspmod_negotiate_Auth_Source_Negotiate\authenticate(), sspmod_authX509_Auth_Source_X509userCert\authSuccesful(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), sspmod_cas_Auth_Source_CAS\finalStep(), sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin(), sspmod_core_Auth_UserPassOrgBase\handleLogin(), sspmod_saml_Auth_Source_SP\onProcessingCompleted(), and sspmod_exampleauth_Auth_Source_External\resume().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ completeLogout()

static SimpleSAML_Auth_Source::completeLogout ( $state)
static

Complete logout.

This function should be called after logout has completed. It will never return, except in the case of exceptions. Exceptions thrown from this page should not be caught, but should instead be passed to the top-level exception handler.

Parameters
array&$stateInformation about the current authentication.

Definition at line 265 of file Source.php.

266 {
267 assert(is_array($state));
268 assert(array_key_exists('LogoutCompletedHandler', $state));
269
271
272 $func = $state['LogoutCompletedHandler'];
273 assert(is_callable($func));
274
275 call_user_func($func, $state);
276 assert(false);
277 }

References $state, and SimpleSAML_Auth_State\deleteState().

+ Here is the call graph for this function:

◆ getAuthId()

SimpleSAML_Auth_Source::getAuthId ( )

Retrieve the ID of this authentication source.

Returns
string The ID of this authentication source.

Definition at line 83 of file Source.php.

84 {
85 return $this->authId;
86 }

References $authId.

◆ getById()

static SimpleSAML_Auth_Source::getById (   $authId,
  $type = null 
)
static

Retrieve authentication source.

This function takes an id of an authentication source, and returns the AuthSource object. If no authentication source with the given id can be found, NULL will be returned.

If the $type parameter is specified, this function will return an authentication source of the given type. If no authentication source or if an authentication source of a different type is found, an exception will be thrown.

Parameters
string$authIdThe authentication source identifier.
string | NULL$typeThe type of authentication source. If NULL, any type will be accepted.
Returns
SimpleSAML_Auth_Source|NULL The AuthSource object, or NULL if no authentication source with the given identifier is found.
Exceptions
SimpleSAML_Error_ExceptionIf no such authentication source is found or it is invalid.

Definition at line 340 of file Source.php.

341 {
342 assert(is_string($authId));
343 assert($type === null || is_string($type));
344
345 // for now - load and parse config file
346 $config = SimpleSAML_Configuration::getConfig('authsources.php');
347
348 $authConfig = $config->getArray($authId, null);
349 if ($authConfig === null) {
350 if ($type !== null) {
352 'No authentication source with id '.
353 var_export($authId, true).' found.'
354 );
355 }
356 return null;
357 }
358
359 $ret = self::parseAuthSource($authId, $authConfig);
360
361 if ($type === null || $ret instanceof $type) {
362 return $ret;
363 }
364
365 // the authentication source doesn't have the correct type
367 'Invalid type of authentication source '.
368 var_export($authId, true).'. Was '.var_export(get_class($ret), true).
369 ', should be '.var_export($type, true).'.'
370 );
371 }
static getConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
$ret
Definition: parser.php:6
$type

References $authId, $config, $ret, $type, and SimpleSAML_Configuration\getConfig().

Referenced by SimpleSAML_IdP\__construct(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), sspmod_negotiate_Auth_Source_Negotiate\fallBack(), SimpleSAML_Auth_Default\getAuthSource(), sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin(), sspmod_core_Auth_UserPassBase\handleLogin(), sspmod_core_Auth_UserPassOrgBase\handleLogin(), SimpleSAML_Auth_Default\initLogoutReturn(), sspmod_core_Auth_UserPassOrgBase\listOrganizations(), sspmod_multiauth_Auth_Source_MultiAuth\logout(), sspmod_negotiate_Auth_Source_Negotiate\logout(), sspmod_saml_Auth_Source_SP\onProcessingCompleted(), SimpleSAML\Utils\Auth\requireAdmin(), and sspmod_exampleauth_Auth_Source_External\resume().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSources()

static SimpleSAML_Auth_Source::getSources ( )
static

Retrieve list of authentication sources.

Returns
array The id of all authentication sources.

Definition at line 488 of file Source.php.

489 {
491
492 return $config->getOptions();
493 }
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.

References $config, and SimpleSAML_Configuration\getOptionalConfig().

+ Here is the call graph for this function:

◆ getSourcesOfType()

static SimpleSAML_Auth_Source::getSourcesOfType (   $type)
static

Get sources of a specific type.

Parameters
string$typeThe type of the authentication source.
Returns
SimpleSAML_Auth_Source[] Array of SimpleSAML_Auth_Source objects of the specified type.
Exceptions
ExceptionIf the authentication source is invalid.

Definition at line 53 of file Source.php.

54 {
55 assert(is_string($type));
56
58
59 $ret = array();
60
61 $sources = $config->getOptions();
62 foreach ($sources as $id) {
63 $source = $config->getArray($id);
64
66
67 if ($source[0] !== $type) {
68 continue;
69 }
70
71 $ret[] = self::parseAuthSource($id, $source);
72 }
73
74 return $ret;
75 }
$source
Definition: linkback.php:22
static validateSource($source, $id)
Make sure that the first element of an auth source is its identifier.
Definition: Source.php:504

References $config, $id, $ret, $source, $type, SimpleSAML_Configuration\getConfig(), and validateSource().

Referenced by saml_hook_metadata_hosted().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initLogin()

SimpleSAML_Auth_Source::initLogin (   $return,
  $errorURL = null,
array  $params = array() 
)

Start authentication.

This method never returns.

Parameters
string | array$returnThe URL or function we should direct the user to after authentication. If using a URL obtained from user input, please make sure to check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed().
string | null$errorURLThe URL we should direct the user to after failed authentication. Can be null, in which case a standard error page will be shown. If using a URL obtained from user input, please make sure to check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed().
array$paramsExtra information about the login. Different authentication requestors may provide different information. Optional, will default to an empty array.

Definition at line 164 of file Source.php.

165 {
166 assert(is_string($return) || is_array($return));
167 assert(is_string($errorURL) || $errorURL === null);
168
169 $state = array_merge($params, array(
170 'SimpleSAML_Auth_Default.id' => $this->authId, // TODO: remove in 2.0
171 'SimpleSAML_Auth_Source.id' => $this->authId,
172 'SimpleSAML_Auth_Default.Return' => $return, // TODO: remove in 2.0
173 'SimpleSAML_Auth_Source.Return' => $return,
174 'SimpleSAML_Auth_Default.ErrorURL' => $errorURL, // TODO: remove in 2.0
175 'SimpleSAML_Auth_Source.ErrorURL' => $errorURL,
176 'LoginCompletedHandler' => array(get_class(), 'loginCompleted'),
177 'LogoutCallback' => array(get_class(), 'logoutCallback'),
178 'LogoutCallbackState' => array(
179 'SimpleSAML_Auth_Default.logoutSource' => $this->authId, // TODO: remove in 2.0
180 'SimpleSAML_Auth_Source.logoutSource' => $this->authId,
181 ),
182 ));
183
184 if (is_string($return)) {
185 $state['SimpleSAML_Auth_Default.ReturnURL'] = $return; // TODO: remove in 2.0
186 $state['SimpleSAML_Auth_Source.ReturnURL'] = $return;
187 }
188
189 if ($errorURL !== null) {
191 }
192
193 try {
194 $this->authenticate($state);
195 } catch (SimpleSAML_Error_Exception $e) {
197 } catch (Exception $e) {
200 }
202 }
authenticate(&$state)
Process a request.
static loginCompleted($state)
Called when a login operation has finished.
Definition: Source.php:212
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
const EXCEPTION_HANDLER_URL
The index in the state array which contains the exception handler URL.
Definition: State.php:63

References PHPMailer\PHPMailer\$params, $state, authenticate(), SimpleSAML_Auth_State\EXCEPTION_HANDLER_URL, loginCompleted(), and SimpleSAML_Auth_State\throwException().

+ Here is the call graph for this function:

◆ loginCompleted()

static SimpleSAML_Auth_Source::loginCompleted (   $state)
static

Called when a login operation has finished.

This method never returns.

Parameters
array$stateThe state after the login has completed.

Definition at line 212 of file Source.php.

213 {
214 assert(is_array($state));
215 assert(array_key_exists('SimpleSAML_Auth_Source.Return', $state));
216 assert(array_key_exists('SimpleSAML_Auth_Source.id', $state));
217 assert(array_key_exists('Attributes', $state));
218 assert(!array_key_exists('LogoutState', $state) || is_array($state['LogoutState']));
219
220 $return = $state['SimpleSAML_Auth_Source.Return'];
221
222 // save session state
224 $authId = $state['SimpleSAML_Auth_Source.id'];
226
227 if (is_string($return)) { // redirect...
229 } else {
230 call_user_func($return, $state);
231 }
232 assert(false);
233 }
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
static getPersistentAuthData(array $state)
Get the persistent authentication state from the state array.
Definition: State.php:103

References $authId, $session, $state, SimpleSAML_Auth_State\getPersistentAuthData(), SimpleSAML_Session\getSessionFromRequest(), and SimpleSAML\Utils\HTTP\redirectTrustedURL().

Referenced by sspmod_negotiate_Auth_Source_Negotiate\fallBack(), initLogin(), and SimpleSAML_Auth_Default\loginCompleted().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ logout()

SimpleSAML_Auth_Source::logout ( $state)

Log out from this authentication source.

This function should be overridden if the authentication source requires special steps to complete a logout operation.

If the logout process requires a redirect, the state should be saved. Once the logout operation is completed, the state should be restored, and completeLogout should be called with the state. If this operation can be completed without showing the user a page, or redirecting, this function should return.

Parameters
array&$stateInformation about the current logout operation.

Reimplemented in sspmod_cas_Auth_Source_CAS, sspmod_exampleauth_Auth_Source_External, sspmod_multiauth_Auth_Source_MultiAuth, sspmod_negotiate_Auth_Source_Negotiate, and sspmod_saml_Auth_Source_SP.

Definition at line 249 of file Source.php.

250 {
251 assert(is_array($state));
252 // default logout handler which doesn't do anything
253 }

References $state.

◆ logoutCallback()

static SimpleSAML_Auth_Source::logoutCallback (   $state)
static

Called when the authentication source receives an external logout request.

Parameters
array$stateState array for the logout operation.

Definition at line 379 of file Source.php.

380 {
381 assert(is_array($state));
382 assert(array_key_exists('SimpleSAML_Auth_Source.logoutSource', $state));
383
384 $source = $state['SimpleSAML_Auth_Source.logoutSource'];
385
387 if (!$session->isValid($source)) {
389 'Received logout from an invalid authentication source '.
390 var_export($source, true)
391 );
392
393 return;
394 }
395 $session->doLogout($source);
396 }
static warning($string)
Definition: Logger.php:177

References $session, $source, $state, SimpleSAML_Session\getSessionFromRequest(), and SimpleSAML\Logger\warning().

Referenced by SimpleSAML_Auth_Default\logoutCallback().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ reauthenticate()

SimpleSAML_Auth_Source::reauthenticate ( array &  $state)

Reauthenticate an user.

This function is called by the IdP to give the authentication source a chance to interact with the user even in the case when the user is already authenticated.

Parameters
array&$stateInformation about the current authentication.

Reimplemented in sspmod_saml_Auth_Source_SP.

Definition at line 114 of file Source.php.

115 {
116 assert(isset($state['ReturnCallback']));
117
118 // the default implementation just copies over the previous authentication data
120 $data = $session->getAuthState($this->authId);
121 foreach ($data as $k => $v) {
122 $state[$k] = $v;
123 }
124 }

References $data, $session, $state, and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ validateSource()

static SimpleSAML_Auth_Source::validateSource (   $source,
  $id 
)
staticprotected

Make sure that the first element of an auth source is its identifier.

Parameters
array$sourceAn array with the auth source configuration.
string$idThe auth source identifier.
Exceptions
ExceptionIf the first element of $source is not an identifier for the auth source.

Definition at line 504 of file Source.php.

505 {
506 if (!array_key_exists(0, $source) || !is_string($source[0])) {
507 throw new Exception(
508 'Invalid authentication source \''.$id.
509 '\': First element must be a string which identifies the authentication source.'
510 );
511 }
512 }

References $id, and $source.

Referenced by getSourcesOfType().

+ Here is the caller graph for this function:

Field Documentation

◆ $authId


The documentation for this class was generated from the following file: