SimpleSAML_XHTML_IdPDisco Class Reference

Inheritance diagram for SimpleSAML_XHTML_IdPDisco:

Collaboration diagram for SimpleSAML_XHTML_IdPDisco:

Public Member Functions
	__construct (array $metadataSets, $instance)
	Initializes this discovery service. More...
	handleRequest ()
	Handles a request to this discovery service. More...

Protected Member Functions
	log ($message)
	Log a message. More...
	getCookie ($name)
	Retrieve cookie with the given name. More...
	setCookie ($name, $value)
	Save cookie with the given name and value. More...
	validateIdP ($idp)
	Validates the given IdP entity id. More...
	getSelectedIdP ()
	Retrieve the users choice of IdP. More...
	getSavedIdP ()
	Retrieve the users saved choice of IdP. More...
	getPreviousIdP ()
	Retrieve the previous IdP the user used. More...
	getFromCIDRhint ()
	Retrieve a recommended IdP based on the IP address of the client. More...
	getRecommendedIdP ()
	Try to determine which IdP the user should most likely use. More...
	setPreviousIdP ($idp)
	Save the current IdP choice to a cookie. More...
	saveIdP ()
	Determine whether the choice of IdP should be saved. More...
	getTargetIdP ()
	Determine which IdP the user should go to, if any. More...
	getIdPList ()
	Retrieve the list of IdPs which are stored in the metadata. More...
	getScopedIDPList ()
	Return the list of scoped idp. More...
	filterList ($list)
	Filter the list of IdPs. More...
	start ()
	Check if an IdP is set or if the request is passive, and redirect accordingly. More...

Protected Attributes
	$config
	$instance
	$metadata
	$session
	$metadataSets
	$spEntityId
	$isPassive
	$setIdPentityID = null
	$returnIdParam
	$scopedIDPList = array()
	$returnURL

Detailed Description

Definition at line 16 of file IdPDisco.php.

Constructor & Destructor Documentation

__construct()

SimpleSAML_XHTML_IdPDisco::__construct	(	array	$metadataSets,
			$instance
	)

Initializes this discovery service.

The constructor does the parsing of the request. If this is an invalid request, it will throw an exception.

Parameters

array	$metadataSets	Array with metadata sets we find remote entities in.
string	$instance	The name of this instance of the discovery service.

Exceptions

Exception

If the request is invalid.

Definition at line 116 of file IdPDisco.php.

References $_GET, $instance, $metadataSets, SimpleSAML\Utils\HTTP\checkURLAllowed(), SimpleSAML_Configuration\getInstance(), SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler(), SimpleSAML_Session\getSessionFromRequest(), Sabre\Event\Loop\instance(), and log().

    {
        assert(is_string($instance));

        // initialize standard classes
        $this->config = SimpleSAML_Configuration::getInstance();
        $this->metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
        $this->session = SimpleSAML_Session::getSessionFromRequest();
        $this->instance = $instance;
        $this->metadataSets = $metadataSets;

        $this->log('Accessing discovery service.');

        // standard discovery service parameters
        if (!array_key_exists('entityID', $_GET)) {
            throw new Exception('Missing parameter: entityID');
        } else {
            $this->spEntityId = $_GET['entityID'];
        }

        if (!array_key_exists('returnIDParam', $_GET)) {
            $this->returnIdParam = 'entityID';
        } else {
            $this->returnIdParam = $_GET['returnIDParam'];
        }

        $this->log('returnIdParam initially set to ['.$this->returnIdParam.']');

        if (!array_key_exists('return', $_GET)) {
            throw new Exception('Missing parameter: return');
        } else {
            $this->returnURL = \SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['return']);
        }

        $this->isPassive = false;
        if (array_key_exists('isPassive', $_GET)) {
            if ($_GET['isPassive'] === 'true') {
                $this->isPassive = true;
            }
        }
        $this->log('isPassive initially set to ['.($this->isPassive ? 'TRUE' : 'FALSE').']');

        if (array_key_exists('IdPentityID', $_GET)) {
            $this->setIdPentityID = $_GET['IdPentityID'];
        }

        if (array_key_exists('IDPList', $_REQUEST)) {
            $this->scopedIDPList = $_REQUEST['IDPList'];
        }
    }

Here is the call graph for this function:

Member Function Documentation

filterList()

SimpleSAML_XHTML_IdPDisco::filterList (   $list )

protected

Filter the list of IdPs.

This method returns the IdPs that comply with the following conditions:

• The IdP does not have the 'hide.from.discovery' configuration option.

Parameters

array

$list

An associative array containing metadata for the IdPs to apply the filtering to.

Returns

array An associative array containing metadata for the IdPs that were not filtered out.

Definition at line 496 of file IdPDisco.php.

References $list, and $metadata.

Referenced by handleRequest().

    {
        foreach ($list as $entity => $metadata) {
            if (array_key_exists('hide.from.discovery', $metadata) && $metadata['hide.from.discovery'] === true) {
                unset($list[$entity]);
            }
        }
        return $list;
    }

Here is the caller graph for this function:

getCookie()

SimpleSAML_XHTML_IdPDisco::getCookie (   $name )

protected

Retrieve cookie with the given name.

This function will retrieve a cookie with the given name for the current discovery service type.

Parameters

string

$name

The name of the cookie.

Returns

string The value of the cookie with the given name, or null if no cookie with that name exists.

Definition at line 192 of file IdPDisco.php.

References $_COOKIE, and $name.

Referenced by getPreviousIdP(), and getSavedIdP().

    {
        $prefixedName = 'idpdisco_'.$this->instance.'_'.$name;
        if (array_key_exists($prefixedName, $_COOKIE)) {
            return $_COOKIE[$prefixedName];
        } else {
            return null;
        }
    }

Here is the caller graph for this function:

getFromCIDRhint()

SimpleSAML_XHTML_IdPDisco::getFromCIDRhint ( )

protected

Retrieve a recommended IdP based on the IP address of the client.

Returns

string|null The entity ID of the IdP if one is found, or null if not.

Definition at line 344 of file IdPDisco.php.

References $_SERVER, and $idp.

Referenced by getRecommendedIdP().

    {
        foreach ($this->metadataSets as $metadataSet) {
            $idp = $this->metadata->getPreferredEntityIdFromCIDRhint($metadataSet, $_SERVER['REMOTE_ADDR']);
            if (!empty($idp)) {
                return $idp;
            }
        }

        return null;
    }

Here is the caller graph for this function:

getIdPList()

SimpleSAML_XHTML_IdPDisco::getIdPList ( )

protected

Retrieve the list of IdPs which are stored in the metadata.

Returns

array An array with entityid => metadata mappings.

Definition at line 459 of file IdPDisco.php.

Referenced by ilSimpleSAMLphplIdpDiscovery\getList(), sspmod_discopower_PowerIdPDisco\handleRequest(), and handleRequest().

    {
        $idpList = array();
        foreach ($this->metadataSets as $metadataSet) {
            $newList = $this->metadata->getList($metadataSet);
            /*
             * Note that we merge the entities in reverse order. This ensures that it is the entity in the first
             * metadata set that "wins" if two metadata sets have the same entity.
             */
            $idpList = array_merge($newList, $idpList);
        }

        return $idpList;
    }

Here is the caller graph for this function:

getPreviousIdP()

SimpleSAML_XHTML_IdPDisco::getPreviousIdP ( )

protected

Retrieve the previous IdP the user used.

Returns

string The entity id of the previous IdP the user used, or null if this is the first time.

Definition at line 333 of file IdPDisco.php.

References getCookie(), and validateIdP().

Referenced by getRecommendedIdP(), and getSavedIdP().

    {
        return $this->validateIdP($this->getCookie('lastidp'));
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getRecommendedIdP()

SimpleSAML_XHTML_IdPDisco::getRecommendedIdP ( )

protected

Try to determine which IdP the user should most likely use.

This function will first look at the previous IdP the user has chosen. If the user hasn't chosen an IdP before, it will look at the IP address.

Returns

string The entity id of the IdP the user should most likely use.

Definition at line 365 of file IdPDisco.php.

References $idp, getFromCIDRhint(), getPreviousIdP(), and log().

Referenced by sspmod_discopower_PowerIdPDisco\handleRequest(), and handleRequest().

    {
        $idp = $this->getPreviousIdP();
        if ($idp !== null) {
            $this->log('Preferred IdP from previous use ['.$idp.'].');
            return $idp;
        }

        $idp = $this->getFromCIDRhint();

        if (!empty($idp)) {
            $this->log('Preferred IdP from CIDR hint ['.$idp.'].');
            return $idp;
        }

        return null;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getSavedIdP()

SimpleSAML_XHTML_IdPDisco::getSavedIdP ( )

protected

Retrieve the users saved choice of IdP.

Returns

string The entity id of the IdP the user has saved, or null if the user hasn't saved any choice.

Definition at line 307 of file IdPDisco.php.

References getCookie(), getPreviousIdP(), and log().

Referenced by getTargetIdP().

    {
        if (!$this->config->getBoolean('idpdisco.enableremember', false)) {
            // saving of IdP choices is disabled
            return null;
        }

        if ($this->getCookie('remember') === '1') {
            $this->log('Return previously saved IdP because of remember cookie set to 1');
            return $this->getPreviousIdP();
        }

        if ($this->isPassive) {
            $this->log('Return previously saved IdP because of isPassive');
            return $this->getPreviousIdP();
        }

        return null;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getScopedIDPList()

SimpleSAML_XHTML_IdPDisco::getScopedIDPList ( )

protected

Return the list of scoped idp.

Returns

array An array of IdP entities

Definition at line 480 of file IdPDisco.php.

References $scopedIDPList.

Referenced by handleRequest().

    {
        return $this->scopedIDPList;
    }

Here is the caller graph for this function:

getSelectedIdP()

SimpleSAML_XHTML_IdPDisco::getSelectedIdP ( )

protected

Retrieve the users choice of IdP.

This function finds out which IdP the user has manually chosen, if any.

Returns

string The entity id of the IdP the user has chosen, or null if the user has made no choice.

Definition at line 271 of file IdPDisco.php.

References $_GET, $_SERVER, and validateIdP().

Referenced by getTargetIdP().

    {
        /* Parameter set from the Extended IdP Metadata Discovery Service Protocol, indicating that the user prefers
         * this IdP.
         */
        if (!empty($this->setIdPentityID)) {
            return $this->validateIdP($this->setIdPentityID);
        }

        // user has clicked on a link, or selected the IdP from a drop-down list
        if (array_key_exists('idpentityid', $_GET)) {
            return $this->validateIdP($_GET['idpentityid']);
        }

        /* Search for the IdP selection from the form used by the links view. This form uses a name which equals
         * idp_<entityid>, so we search for that.
         *
         * Unfortunately, php replaces periods in the name with underscores, and there is no reliable way to get them
         * back. Therefore we do some quick and dirty parsing of the query string.
         */
        $qstr = $_SERVER['QUERY_STRING'];
        $matches = array();
        if (preg_match('/(?:^|&)idp_([^=]+)=/', $qstr, $matches)) {
            return $this->validateIdP(urldecode($matches[1]));
        }

        // no IdP chosen
        return null;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getTargetIdP()

SimpleSAML_XHTML_IdPDisco::getTargetIdP ( )

protected

Determine which IdP the user should go to, if any.

Returns

string The entity id of the IdP the user should be sent to, or null if the user should choose.

Definition at line 423 of file IdPDisco.php.

References $idp, getSavedIdP(), getSelectedIdP(), log(), saveIdP(), setCookie(), and setPreviousIdP().

    {
        // first, check if the user has chosen an IdP
        $idp = $this->getSelectedIdP();
        if ($idp !== null) {
            // the user selected this IdP. Save the choice in a cookie
            $this->setPreviousIdP($idp);

            if ($this->saveIdP()) {
                $this->setCookie('remember', '1');
            } else {
                $this->setCookie('remember', '0');
            }

            return $idp;
        }

        $this->log('getSelectedIdP() returned null');

        // check if the user has saved an choice earlier
        $idp = $this->getSavedIdP();
        if ($idp !== null) {
            $this->log('Using saved choice ['.$idp.'].');
            return $idp;
        }

        // the user has made no choice
        return null;
    }

Here is the call graph for this function:

handleRequest()

SimpleSAML_XHTML_IdPDisco::handleRequest

(

)

Handles a request to this discovery service.

The IdP disco parameters should be set before calling this function.

Definition at line 546 of file IdPDisco.php.

References $returnIdParam, $returnURL, $spEntityId, $t, filterList(), getIdPList(), getRecommendedIdP(), getScopedIDPList(), log(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and start().

    {
        $this->start();

        // no choice made. Show discovery service page
        $idpList = $this->getIdPList();
        $idpList = $this->filterList($idpList);
        $preferredIdP = $this->getRecommendedIdP();

        $idpintersection = array_intersect(array_keys($idpList), $this->getScopedIDPList());
        if (sizeof($idpintersection) > 0) {
            $idpList = array_intersect_key($idpList, array_fill_keys($idpintersection, null));
        }

        $idpintersection = array_values($idpintersection);

        if (sizeof($idpintersection) == 1) {
            $this->log(
                'Choice made ['.$idpintersection[0].'] (Redirecting the user back. returnIDParam='.
                $this->returnIdParam.')'
            );
            \SimpleSAML\Utils\HTTP::redirectTrustedURL(
                $this->returnURL,
                array($this->returnIdParam => $idpintersection[0])
            );
        }

        /*
         * Make use of an XHTML template to present the select IdP choice to the user. Currently the supported options
         * is either a drop down menu or a list view.
         */
        switch ($this->config->getString('idpdisco.layout', 'links')) {
            case 'dropdown':
                $templateFile = 'selectidp-dropdown.php';
                break;
            case 'links':
                $templateFile = 'selectidp-links.php';
                break;
            default:
                throw new Exception('Invalid value for the \'idpdisco.layout\' option.');
        }

        $t = new SimpleSAML_XHTML_Template($this->config, $templateFile, 'disco');
        $t->data['idplist'] = $idpList;
        $t->data['preferredidp'] = $preferredIdP;
        $t->data['return'] = $this->returnURL;
        $t->data['returnIDParam'] = $this->returnIdParam;
        $t->data['entityID'] = $this->spEntityId;
        $t->data['urlpattern'] = htmlspecialchars(\SimpleSAML\Utils\HTTP::getSelfURLNoQuery());
        $t->data['rememberenabled'] = $this->config->getBoolean('idpdisco.enableremember', false);
        $t->show();
    }

Here is the call graph for this function:

log()

SimpleSAML_XHTML_IdPDisco::log (   $message )

protected

Log a message.

This is an helper function for logging messages. It will prefix the messages with our discovery service type.

Parameters

string

$message

The message which should be logged.

Definition at line 176 of file IdPDisco.php.

References $message, SimpleSAML\Logger\info(), and Sabre\Event\Loop\instance().

Referenced by __construct(), getRecommendedIdP(), getSavedIdP(), getTargetIdP(), handleRequest(), setPreviousIdP(), start(), and validateIdP().

    {
        SimpleSAML\Logger::info('idpDisco.'.$this->instance.': '.$message);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

saveIdP()

SimpleSAML_XHTML_IdPDisco::saveIdP ( )

protected

Determine whether the choice of IdP should be saved.

Returns

boolean True if the choice should be saved, false otherwise.

Definition at line 403 of file IdPDisco.php.

References $_GET.

Referenced by getTargetIdP().

    {
        if (!$this->config->getBoolean('idpdisco.enableremember', false)) {
            // saving of IdP choices is disabled
            return false;
        }

        if (array_key_exists('remember', $_GET)) {
            return true;
        }

        return false;
    }

Here is the caller graph for this function:

setCookie()

SimpleSAML_XHTML_IdPDisco::setCookie (   $name,   $value  )

protected

Save cookie with the given name and value.

This function will save a cookie with the given name and value for the current discovery service type.

Parameters

string	$name	The name of the cookie.
string	$value	The value of the cookie.

Definition at line 212 of file IdPDisco.php.

References $name, PHPMailer\PHPMailer\$params, and SimpleSAML\Utils\HTTP\setCookie().

Referenced by getTargetIdP(), and setPreviousIdP().

    {
        $prefixedName = 'idpdisco_'.$this->instance.'_'.$name;

        $params = array(
            // we save the cookies for 90 days
            'lifetime' => (60 * 60 * 24 * 90),
            // the base path for cookies. This should be the installation directory for SimpleSAMLphp
            'path'     => $this->config->getBasePath(),
            'httponly' => false,
        );

        \SimpleSAML\Utils\HTTP::setCookie($prefixedName, $value, $params, false);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

setPreviousIdP()

SimpleSAML_XHTML_IdPDisco::setPreviousIdP (   $idp )

protected

Save the current IdP choice to a cookie.

Parameters

string

$idp

The entityID of the IdP.

Definition at line 389 of file IdPDisco.php.

References $idp, log(), and setCookie().

Referenced by getTargetIdP().

    {
        assert(is_string($idp));

        $this->log('Choice made ['.$idp.'] Setting cookie.');
        $this->setCookie('lastidp', $idp);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

start()

SimpleSAML_XHTML_IdPDisco::start ( )

protected

Check if an IdP is set or if the request is passive, and redirect accordingly.

Returns

void If there is no IdP targeted and this is not a passive request.

Definition at line 512 of file IdPDisco.php.

References $idp, log(), and SimpleSAML\Utils\HTTP\redirectTrustedURL().

Referenced by sspmod_discopower_PowerIdPDisco\handleRequest(), and handleRequest().

    {
        $idp = $this->getTargetIdp();
        if ($idp !== null) {
            $extDiscoveryStorage = $this->config->getString('idpdisco.extDiscoveryStorage', null);
            if ($extDiscoveryStorage !== null) {
                $this->log('Choice made ['.$idp.'] (Forwarding to external discovery storage)');
                \SimpleSAML\Utils\HTTP::redirectTrustedURL($extDiscoveryStorage, array(
                    'entityID'      => $this->spEntityId,
                    'IdPentityID'   => $idp,
                    'returnIDParam' => $this->returnIdParam,
                    'isPassive'     => 'true',
                    'return'        => $this->returnURL
                ));
            } else {
                $this->log(
                    'Choice made ['.$idp.'] (Redirecting the user back. returnIDParam='.$this->returnIdParam.')'
                );
                \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->returnURL, array($this->returnIdParam => $idp));
            }
        }

        if ($this->isPassive) {
            $this->log('Choice not made. (Redirecting the user back without answer)');
            \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->returnURL);
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

validateIdP()

SimpleSAML_XHTML_IdPDisco::validateIdP (   $idp )

protected

Validates the given IdP entity id.

Takes a string with the IdP entity id, and returns the entity id if it is valid, or null if not.

Parameters

string | null

$idp

The entity id we want to validate. This can be null, in which case we will return null.

Returns

string|null The entity id if it is valid, null if not.

Definition at line 238 of file IdPDisco.php.

References $idp, and log().

Referenced by getPreviousIdP(), sspmod_discopower_PowerIdPDisco\getPreviousIdP(), and getSelectedIdP().

    {
        if ($idp === null) {
            return null;
        }

        if (!$this->config->getBoolean('idpdisco.validate', true)) {
            return $idp;
        }

        foreach ($this->metadataSets as $metadataSet) {
            try {
                $this->metadata->getMetaData($idp, $metadataSet);
                return $idp;
            } catch (Exception $e) {
                // continue
            }
        }

        $this->log('Unable to validate IdP entity id ['.$idp.'].');

        // the entity id wasn't valid
        return null;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

Field Documentation

$config

SimpleSAML_XHTML_IdPDisco::$config

protected

Definition at line 24 of file IdPDisco.php.

$instance

SimpleSAML_XHTML_IdPDisco::$instance

protected

Definition at line 31 of file IdPDisco.php.

Referenced by sspmod_discopower_PowerIdPDisco\__construct(), and __construct().

$isPassive

SimpleSAML_XHTML_IdPDisco::$isPassive

protected

Definition at line 71 of file IdPDisco.php.

$metadata

SimpleSAML_XHTML_IdPDisco::$metadata

protected

Definition at line 39 of file IdPDisco.php.

Referenced by filterList(), and ilSimpleSAMLphplIdpDiscovery\storeIdpMetadata().

$metadataSets

SimpleSAML_XHTML_IdPDisco::$metadataSets

protected

Definition at line 55 of file IdPDisco.php.

Referenced by __construct().

$returnIdParam

SimpleSAML_XHTML_IdPDisco::$returnIdParam

protected

Definition at line 87 of file IdPDisco.php.

Referenced by sspmod_discopower_PowerIdPDisco\handleRequest(), and handleRequest().

$returnURL

SimpleSAML_XHTML_IdPDisco::$returnURL

protected

Definition at line 103 of file IdPDisco.php.

Referenced by sspmod_discopower_PowerIdPDisco\handleRequest(), and handleRequest().

$scopedIDPList

SimpleSAML_XHTML_IdPDisco::$scopedIDPList = array()

protected

Definition at line 96 of file IdPDisco.php.

Referenced by getScopedIDPList().

$session

SimpleSAML_XHTML_IdPDisco::$session

protected

Definition at line 47 of file IdPDisco.php.

$setIdPentityID

SimpleSAML_XHTML_IdPDisco::$setIdPentityID = null

protected

Definition at line 78 of file IdPDisco.php.

$spEntityId

SimpleSAML_XHTML_IdPDisco::$spEntityId

protected

Definition at line 63 of file IdPDisco.php.

Referenced by sspmod_discopower_PowerIdPDisco\handleRequest(), and handleRequest().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/XHTML/IdPDisco.php