ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilShibbolethWAYF.php
Go to the documentation of this file.
1 <?php
2 
19 use ILIAS\HTTP\Wrapper\WrapperFactory;
20 
31 class ilShibbolethWAYF
32 {
33  public const COOKIE_NAME_SAML_IDP = '_saml_idp';
34  public bool $is_selection = false;
35  public bool $is_valid_selection = false;
36  public string $selected_idp = '-';
37  public array $idp_list = [];
38  protected WrapperFactory $wrapper;
39  protected ilLanguage $lng;
40  protected ilSetting $settings;
41  protected \ILIAS\Refinery\Factory $refinery;
42 
43  public function __construct()
44  {
45  global $DIC;
46 
47  // Was the WAYF form submitted?
48  $this->wrapper = $DIC->http()->wrapper();
49  $this->refinery = $DIC->refinery();
50  $this->settings = $DIC->settings();
51  $this->is_selection = $this->wrapper->post()->has('home_organization_selection');
52  $this->lng = $DIC->isDependencyAvailable('language')
53  ? $DIC->language()
54  : new ilLanguage(
55  $this->wrapper->query()->has('lang')
56  ? $this->wrapper->query()->retrieve('lang', $DIC->refinery()->to()->string())
57  : null
58  );
59 
60  // Was selected IdP a valid
61  $this->idp_list = $this->getIdplist();
62  $idp_selection = $this->wrapper->post()->has('idp_selection')
63  ? $this->wrapper->post()->retrieve('idp_selection', $DIC->refinery()->to()->string())
64  : null;
65  if ($idp_selection !== null
66  && $idp_selection !== '-'
67  && isset($this->idp_list[$idp_selection])
68  ) {
69  $this->is_valid_selection = true;
70  $this->selected_idp = $idp_selection;
71  } else {
72  $this->is_valid_selection = false;
73  }
74  }
75 
76  public function isSelection(): bool
77  {
78  return $this->is_selection;
79  }
80 
81  public function isValidSelection(): bool
82  {
83  return $this->is_valid_selection;
84  }
85 
86  public function generateSelection(): string
87  {
88  $_saml_idp = $this->wrapper->cookie()->has(self::COOKIE_NAME_SAML_IDP)
89  ? $this->wrapper->cookie()->retrieve(
90  self::COOKIE_NAME_SAML_IDP,
91  $this->refinery->kindlyTo()->string()
92  )
93  : null;
94  $idp_cookie = $this->generateCookieArray($_saml_idp);
95 
96  $selectedIDP = null;
97  if ($idp_cookie !== [] && isset($this->idp_list[end($idp_cookie)])) {
98  $selectedIDP = end($idp_cookie);
99  $selectElement = '
100  <select name="idp_selection">
101  <option value="-">' . $this->lng->txt("shib_member_of") . '</option>';
102  } else {
103  $selectElement = '
104  <select name="idp_selection">
105  <option value="-" selected="selected">' . $this->lng->txt("shib_member_of") . '</option>';
106  }
107 
108  foreach ($this->idp_list as $idp_id => $idp_data) {
109  if ($idp_id == $selectedIDP) {
110  $selectElement .= '<option value="' . $idp_id . '" selected="selected">' . $idp_data[0] . '</option>';
111  } else {
112  $selectElement .= '<option value="' . $idp_id . '">' . $idp_data[0] . '</option>';
113  }
114  }
115 
116  return $selectElement . '
117  </select>';
118  }
119 
123  public function redirect(): void
124  {
125  // Where to return after the authentication process
126  $target = $this->wrapper->post()->has('il_target')
127  ? $this->wrapper->post()->retrieve('il_target', $this->refinery->kindlyTo()->string())
128  : '';
129  $target = trim(ILIAS_HTTP_PATH, '/') . '/shib_login.php?target=' . $target;
130  $idp_data = $this->idp_list[$this->selected_idp];
131  if (isset($idp_data[1])) {
132  ilUtil::redirect($idp_data[1] . '?providerId=' . urlencode($this->selected_idp) . '&target='
133  . urlencode($target));
134  } else {
135  // TODO: This has to be changed to /Shibboleth.sso/DS?entityId= for
136  // Shibbolet 2.x sometime...
137  ilUtil::redirect('/Shibboleth.sso?providerId=' . urlencode($this->selected_idp) . '&target='
138  . urlencode($target));
139  }
140  }
141 
145  public function setSAMLCookie(): void
146  {
147  $_saml_idp = $this->wrapper->cookie()->retrieve(self::COOKIE_NAME_SAML_IDP, $this->refinery->kindlyTo()->string());
148  $arr_idps = $_saml_idp ? $this->generateCookieArray($_saml_idp) : [];
149  $arr_idps = $this->appendCookieValue($this->selected_idp, $arr_idps);
150  setcookie(self::COOKIE_NAME_SAML_IDP, $this->generateCookieValue($arr_idps), time() + (100 * 24 * 3600), '/');
151  }
152 
156  public function showNotice(): string
157  {
158  if (!$this->isSelection() || $this->isValidSelection()) {
159  return '';
160  }
161 
162  return $this->lng->txt("shib_invalid_home_organization");
163  }
164 
169  public function getIdplist(): array
170  {
171  $idp_list = [];
172  $idp_raw_list = explode("\n", $this->settings->get("shib_idp_list"));
173  foreach ($idp_raw_list as $idp_line) {
174  $idp_data = explode(',', $idp_line);
175  if (isset($idp_data[2])) {
176  $idp_list[trim($idp_data[0])] = array(trim($idp_data[1]), trim($idp_data[2]));
177  } elseif (isset($idp_data[1])) {
178  $idp_list[trim($idp_data[0])] = array(trim($idp_data[1]));
179  }
180  }
181 
182  return $idp_list;
183  }
184 
189  public function generateCookieArray(?string $value): array
190  {
191  if (null === $value) {
192  return [];
193  }
194  $arr_cookie = explode(' ', $value);
195  return array_map('base64_decode', $arr_cookie);
196  }
197 
201  public function generateCookieValue(array $arr_cookie): string
202  {
203  $arr_cookie = array_map('base64_encode', $arr_cookie);
204  return implode(' ', $arr_cookie);
205  }
206 
211  public function appendCookieValue(string $value, array $arr_cookie): array
212  {
213  $arr_cookie[] = $value;
214  $arr_cookie = array_reverse($arr_cookie);
215  $arr_cookie = array_unique($arr_cookie);
216  return array_reverse($arr_cookie);
217  }
218 }
ilShibbolethWAYF\generateCookieValue
generateCookieValue(array $arr_cookie)
Generate the value that is stored in the cookie using the list of IDPs
Definition: class.ilShibbolethWAYF.php:201
ilShibbolethWAYF\redirect
redirect()
Redirects user to the local Shibboleth session initatiotor with already set GET arguments for the rig...
Definition: class.ilShibbolethWAYF.php:123
ilShibbolethWAYF\generateCookieArray
generateCookieArray(?string $value)
Generates an array of IDPs using the cookie value
Definition: class.ilShibbolethWAYF.php:189
ilShibbolethWAYF\appendCookieValue
appendCookieValue(string $value, array $arr_cookie)
Append a value to the array of IDPs
Definition: class.ilShibbolethWAYF.php:211
ilShibbolethWAYF\showNotice
showNotice()
Show notice in case no IdP was selected
Definition: class.ilShibbolethWAYF.php:156
ilShibbolethWAYF\getIdplist
getIdplist()
Generate array of IdPs from ILIAS Shibboleth settings
Definition: class.ilShibbolethWAYF.php:169
$DIC
global $DIC
Definition: feed.php:28
ilShibbolethWAYF\$refinery
ILIAS Refinery Factory $refinery
Definition: class.ilShibbolethWAYF.php:41
ilShibbolethWAYF
Class ShibbolethWAYF.
Definition: class.ilShibbolethWAYF.php:31
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:948
WrapperFactory
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
ilShibbolethWAYF\setSAMLCookie
setSAMLCookie()
Sets the standard SAML domain cookie that is also used to preselect the right entry on the local wayf...
Definition: class.ilShibbolethWAYF.php:145