PHP SimpleSAML_Auth_Source类代码示例

 /**
  * Require admin access to the current page.
  *
  * This is a helper function for limiting a page to those with administrative access. It will redirect the user to
  * a login page if the current user doesn't have admin access.
  *
  * @return void This function will only return if the user is admin.
  * @throws \SimpleSAML_Error_Exception If no "admin" authentication source was configured.
  *
  * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
  * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
  */
 public static function requireAdmin()
 {
     if (self::isAdmin()) {
         return;
     }
     // not authenticated as admin user, start authentication
     if (\SimpleSAML_Auth_Source::getById('admin') !== null) {
         $as = new \SimpleSAML_Auth_Simple('admin');
         $as->login();
     } else {
         throw new \SimpleSAML_Error_Exception('Cannot find "admin" auth source, and admin privileges are required.');
     }
 }

/**
 * Hook to add the metadata for hosted entities to the frontpage.
 *
 * @param array &$metadataHosted  The metadata links for hosted metadata on the frontpage.
 */
function saml_hook_metadata_hosted(&$metadataHosted)
{
    assert('is_array($metadataHosted)');
    $sources = SimpleSAML_Auth_Source::getSourcesOfType('saml:SP');
    foreach ($sources as $source) {
        $metadata = $source->getMetadata();
        $name = $metadata->getValue('name', NULL);
        if ($name === NULL) {
            $name = $source->getAuthID();
        }
        $md = array('entityid' => $source->getEntityId(), 'metadata-index' => $source->getEntityId(), 'metadata-set' => 'saml20-sp-hosted', 'metadata-url' => $source->getMetadataURL() . '?output=xhtml', 'name' => $name);
        $metadataHosted[] = $md;
    }
}

 public static function handleLogin($authStateId, $xmlToken)
 {
     assert('is_string($authStateId)');
     $config = SimpleSAML_Configuration::getInstance();
     $autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
     $idp_key = $autoconfig->getValue('idp_key');
     $idp_pass = $autoconfig->getValue('idp_key_pass', NULL);
     $sts_crt = $autoconfig->getValue('sts_crt');
     $Infocard = $autoconfig->getValue('InfoCard');
     $infocard = new sspmod_InfoCard_RP_InfoCard();
     $infocard->addIDPKey($idp_key, $idp_pass);
     $infocard->addSTSCertificate($sts_crt);
     if (!$xmlToken) {
         SimpleSAML_Logger::debug("XMLtoken: " . $xmlToken);
     } else {
         SimpleSAML_Logger::debug("NOXMLtoken: " . $xmlToken);
     }
     $claims = $infocard->process($xmlToken);
     if ($claims->isValid()) {
         $attributes = array();
         foreach ($Infocard['requiredClaims'] as $claim => $data) {
             $attributes[$claim] = array($claims->{$claim});
         }
         foreach ($Infocard['optionalClaims'] as $claim => $data) {
             $attributes[$claim] = array($claims->{$claim});
         }
         // sanitize the input
         $sid = SimpleSAML_Utilities::parseStateID($authStateId);
         if (!is_null($sid['url'])) {
             SimpleSAML_Utilities::checkURLAllowed($sid['url']);
         }
         /* Retrieve the authentication state. */
         $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
         /* Find authentication source. */
         assert('array_key_exists(self::AUTHID, $state)');
         $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
         if ($source === NULL) {
             throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
         }
         $state['Attributes'] = $attributes;
         unset($infocard);
         unset($claims);
         SimpleSAML_Auth_Source::completeAuth($state);
     } else {
         unset($infocard);
         unset($claims);
         return 'wrong_IC';
     }
 }

 /**
  * Start logout.
  *
  * This function starts a logout operation from the current authentication
  * source. This function will return if the logout operation does not
  * require a redirect.
  *
  * @param string $returnURL The URL we should redirect the user to after
  * logging out. No checking is performed on the URL, so make sure to verify
  * it on beforehand if the URL is obtained from user input. Refer to
  * \SimpleSAML\Utils\HTTP::checkURLAllowed() for more information.
  * @param string $authority The authentication source we are logging
  * out from.
  */
 public static function initLogoutReturn($returnURL, $authority)
 {
     assert('is_string($returnURL)');
     assert('is_string($authority)');
     $session = SimpleSAML_Session::getSessionFromRequest();
     $state = $session->getAuthData($authority, 'LogoutState');
     $session->doLogout($authority);
     $state['SimpleSAML_Auth_Default.ReturnURL'] = $returnURL;
     $state['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted');
     $as = SimpleSAML_Auth_Source::getById($authority);
     if ($as === NULL) {
         /* The authority wasn't an authentication source... */
         self::logoutCompleted($state);
     }
     $as->logout($state);
 }

/**
 * Check the credentials that the user got from the A-Select server.
 * This function is called after the user returns from the A-Select server.
 *
 * @author Wessel Dankers, Tilburg University
 */
function check_credentials()
{
    if (!array_key_exists('ssp_state', $_REQUEST)) {
        SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing ssp_state parameter"));
    }
    $id = $_REQUEST['ssp_state'];
    // sanitize the input
    $sid = SimpleSAML_Utilities::parseStateID($id);
    if (!is_null($sid['url'])) {
        SimpleSAML_Utilities::checkURLAllowed($sid['url']);
    }
    $state = SimpleSAML_Auth_State::loadState($id, 'aselect:login');
    if (!array_key_exists('a-select-server', $_REQUEST)) {
        SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing a-select-server parameter"));
    }
    $server_id = $_REQUEST['a-select-server'];
    if (!array_key_exists('aselect_credentials', $_REQUEST)) {
        SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter"));
    }
    $credentials = $_REQUEST['aselect_credentials'];
    if (!array_key_exists('rid', $_REQUEST)) {
        SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter"));
    }
    $rid = $_REQUEST['rid'];
    try {
        if (!array_key_exists('aselect::authid', $state)) {
            throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state");
        }
        $authid = $state['aselect::authid'];
        $aselect = SimpleSAML_Auth_Source::getById($authid);
        if (is_null($aselect)) {
            throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}");
        }
        $creds = $aselect->verify_credentials($server_id, $credentials, $rid);
        if (array_key_exists('attributes', $creds)) {
            $state['Attributes'] = $creds['attributes'];
        } else {
            $res = $creds['res'];
            $state['Attributes'] = array('uid' => array($res['uid']), 'organization' => array($res['organization']));
        }
    } catch (Exception $e) {
        SimpleSAML_Auth_State::throwException($state, $e);
    }
    SimpleSAML_Auth_Source::completeAuth($state);
    SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component"));
}

 public static function isAuthenticated()
 {
     require_once SamlAuth::LIB_AUTOLOAD;
     $source = null;
     $config = SimpleSAML_Configuration::getInstance();
     $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php');
     $t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-sp');
     foreach ($t->data['sources'] as &$_source) {
         $as = new SimpleSAML_Auth_Simple($_source);
         if ($as->isAuthenticated()) {
             $source = $as;
             break;
         }
     }
     if ($source === null) {
         return false;
     }
     return $source;
 }

 /**
  * Initialize an IdP.
  *
  * @param string $id  The identifier of this IdP.
  */
 private function __construct($id)
 {
     assert('is_string($id)');
     $this->id = $id;
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $globalConfig = SimpleSAML_Configuration::getInstance();
     if (substr($id, 0, 6) === 'saml2:') {
         if (!$globalConfig->getBoolean('enable.saml20-idp', FALSE)) {
             throw new SimpleSAML_Error_Exception('enable.saml20-idp disabled in config.php.');
         }
         $this->config = $metadata->getMetaDataConfig(substr($id, 6), 'saml20-idp-hosted');
     } elseif (substr($id, 0, 6) === 'saml1:') {
         if (!$globalConfig->getBoolean('enable.shib13-idp', FALSE)) {
             throw new SimpleSAML_Error_Exception('enable.shib13-idp disabled in config.php.');
         }
         $this->config = $metadata->getMetaDataConfig(substr($id, 6), 'shib13-idp-hosted');
     } elseif (substr($id, 0, 5) === 'adfs:') {
         if (!$globalConfig->getBoolean('enable.adfs-idp', FALSE)) {
             throw new SimpleSAML_Error_Exception('enable.adfs-idp disabled in config.php.');
         }
         $this->config = $metadata->getMetaDataConfig(substr($id, 5), 'adfs-idp-hosted');
         try {
             /* This makes the ADFS IdP use the same SP associations as the SAML 2.0 IdP. */
             $saml2EntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
             $this->associationGroup = 'saml2:' . $saml2EntityId;
         } catch (Exception $e) {
             /* Probably no SAML 2 IdP configured for this host. Ignore the error. */
         }
     } else {
         assert(FALSE);
     }
     if ($this->associationGroup === NULL) {
         $this->associationGroup = $this->id;
     }
     $auth = $this->config->getString('auth');
     if (SimpleSAML_Auth_Source::getById($auth) !== NULL) {
         $this->authSource = new SimpleSAML_Auth_Simple($auth);
     } else {
         $this->authSource = new SimpleSAML_Auth_BWC($auth, $this->config->getString('authority', NULL));
     }
 }

 /**
  * Constructor for this authentication source.
  *
  * @param array $info  Information about this authentication source.
  * @param array $config  Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     /* Call the parent constructor first, as required by the interface. */
     parent::__construct($info, $config);
 }

 /**
  * Constructor for Google authentication source.
  *
  * @param array $info Information about this authentication source.
  * @param array $config Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     /* Call the parent constructor first, as required by the interface. */
     parent::__construct($info, $config);
     if (!array_key_exists('key', $config)) {
         throw new Exception('Google authentication source is not properly configured: missing [key]');
     }
     $this->key = $config['key'];
     if (!array_key_exists('secret', $config)) {
         throw new Exception('Google authentication source is not properly configured: missing [secret]');
     }
     $this->secret = $config['secret'];
     $this->linkback = SimpleSAML_Module::getModuleURL('authgoogleOIDC') . '/linkback.php';
     // Create Client
     $this->client = new Google_Client();
     $this->client->setApplicationName('Google gateway');
     $this->client->setClientId($this->key);
     $this->client->setClientSecret($this->secret);
     $this->client->setRedirectUri($this->linkback);
     $this->client->addScope('openid');
     $this->client->addScope('profile');
     $this->client->addScope('email');
 }

 /**
  * Constructor for this authentication source.
  *
  * @param array $info  Information about this authentication source.
  * @param array $config  Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     /* Call the parent constructor first, as required by the interface. */
     parent::__construct($info, $config);
     $cfgParse = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']');
     $this->api_key = $cfgParse->getString('api_key');
     $this->secret = $cfgParse->getString('secret');
     $this->req_perms = $cfgParse->getString('req_perms', NULL);
 }

 /**
  * Constructor for this authentication source.
  *
  * @param array $info  Information about this authentication source.
  * @param array $config  Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     /* Call the parent constructor first, as required by the interface. */
     parent::__construct($info, $config);
     $configObject = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']');
     $this->key = $configObject->getString('key');
     $this->secret = $configObject->getString('secret');
     $this->force_login = $configObject->getBoolean('force_login', FALSE);
 }

 /**
  * Constructor for this authentication source.
  *
  * @param array $info   Information about this authentication source.
  * @param array $config Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     /* Call the parent constructor first, as required by the interface. */
     parent::__construct($info, $config);
     if (!array_key_exists('uid', $config) || !is_string($config['uid'])) {
         throw new SimpleSAML_Error_Exception("AA configuration error, 'uid' not found or not a string.");
     }
     SimpleSAML_Logger::debug('[aa] auth source Bypass: config uid: ' . $config['uid']);
     $this->uid = $config['uid'];
 }

 /**
  * Constructor for this authentication source.
  *
  * @param array $info  Information about this authentication source.
  * @param array $config  Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     /* Call the parent constructor first, as required by the interface. */
     parent::__construct($info, $config);
     /* Parse attributes. */
     try {
         $this->attributes = SimpleSAML\Utils\Arrays::normalizeAttributesArray($config);
     } catch (Exception $e) {
         throw new Exception('Invalid attributes for authentication source ' . $this->authId . ': ' . $e->getMessage());
     }
 }

 /**
  * Constructor for this authentication source.
  *
  * @param array $info  Information about this authentication source.
  * @param array $config  Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     /* Call the parent constructor first, as required by the interface. */
     parent::__construct($info, $config);
     if (!array_key_exists('site', $config)) {
         throw new Exception('PAPI authentication source is not properly configured: missing [site]');
     }
     $this->_poa = new PoA($config['site']);
     if (array_key_exists('hli', $config)) {
         $this->_hli = $config['hli'];
     }
 }

 /**
  * Constructor for this authentication source.
  *
  * @param array $info  Information about this authentication source.
  * @param array $config  Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     // Call the parent constructor first, as required by the interface
     parent::__construct($info, $config);
     if (!array_key_exists('key', $config)) {
         throw new Exception('LinkedIn authentication source is not properly configured: missing [key]');
     }
     $this->key = $config['key'];
     if (!array_key_exists('secret', $config)) {
         throw new Exception('LinkedIn authentication source is not properly configured: missing [secret]');
     }
     $this->secret = $config['secret'];
 }