本文整理汇总了PHP中SimpleSAML_Metadata_MetaDataStorageHandler类的典型用法代码示例。如果您正苦于以下问题:PHP SimpleSAML_Metadata_MetaDataStorageHandler类的具体用法?PHP SimpleSAML_Metadata_MetaDataStorageHandler怎么用?PHP SimpleSAML_Metadata_MetaDataStorageHandler使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了SimpleSAML_Metadata_MetaDataStorageHandler类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: getMetadataHandler
/**
* This function retrieves the current instance of the metadata handler.
* The metadata handler will be instantiated if this is the first call
* to this function.
*
* @return SimpleSAML_Metadata_MetaDataStorageHandler The current metadata handler instance.
*/
public static function getMetadataHandler()
{
if (self::$metadataHandler === null) {
self::$metadataHandler = new SimpleSAML_Metadata_MetaDataStorageHandler();
}
return self::$metadataHandler;
}
示例2: actionSso
public function actionSso()
{
$metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
\sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
assert('FALSE');
}
示例3: actionSso
public function actionSso()
{
//logout previous sso session
\utilities\Registry::clearRegistry();
$isRequestPost = $this->_request->isPost();
if ($isRequestPost) {
// check if every required parameter is set or not
$username = $this->_request->getParam('username', null);
$password = $this->_request->getParam('password', null);
$referrer = $this->_request->getParam('spentityid', null);
if (!$username) {
$this->_response->renderJson(array('message' => 'Username is not set'));
}
if (!$password) {
$this->_response->renderJson(array('message' => 'Password is not set'));
}
if (!$referrer) {
$this->_response->renderJson(array('message' => 'Referrer not set'));
}
$objDbUserauth = new \models\Users();
// check if user is authenticated or not
$userAuthenticationStatus = $objDbUserauth->authenticate($username, $password);
// user locked due to 5 invalid attempts
if (\models\Users::ERROR_USER_LOCKED === $userAuthenticationStatus) {
$this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => $userAuthenticationStatus));
}
//user password is expired
if (\models\Users::ERROR_USER_PWD_EXPIRED === $userAuthenticationStatus) {
$this->_response->renderJson(array('message' => 'Your password is expired', 'authstatus' => $userAuthenticationStatus));
}
//user authentication is successfull
if ($userAuthenticationStatus === true) {
$metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
\sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
assert('FALSE');
} else {
//handle invalid attempts
$objInvalidAttempts = new \models\UserLoginAttempts();
$loginAttemptsLeft = $objInvalidAttempts->handleInvalidLoginAttempts($username);
$invalidAttempt = false;
// if attempt is invalid username is wrong
$message = "Invalid credentials";
if ($loginAttemptsLeft !== false) {
// if last attempt was hit then show that account is locked
if ($loginAttemptsLeft === 0) {
$this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => \models\Users::ERROR_USER_LOCKED));
}
$invalidAttempt = true;
$message = "Incorrect Password.You have {$loginAttemptsLeft} attempts left";
}
$this->_response->renderJson(array('message' => $message, 'invalidAttempt' => $invalidAttempt));
exit;
}
}
$this->_response->renderJson(array('message' => 'Only post request are accepted'));
}
示例4: createRedirect
public function createRedirect($destination, $shire)
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpmetadata = $metadata->getMetaDataConfig($destination, 'shib13-idp-remote');
$desturl = $idpmetadata->getDefaultEndpoint('SingleSignOnService', array('urn:mace:shibboleth:1.0:profiles:AuthnRequest'));
$desturl = $desturl['Location'];
$target = $this->getRelayState();
$url = $desturl . '?' . 'providerId=' . urlencode($this->getIssuer()) . '&shire=' . urlencode($shire) . (isset($target) ? '&target=' . urlencode($target) : '');
return $url;
}
示例5: receive
/**
* Receive a SAML 2 message sent using the HTTP-Artifact binding.
*
* Throws an exception if it is unable receive the message.
*
* @return SAML2_Message The received message.
* @throws Exception
*/
public function receive()
{
if (array_key_exists('SAMLart', $_REQUEST)) {
$artifact = base64_decode($_REQUEST['SAMLart']);
$endpointIndex = bin2hex(substr($artifact, 2, 2));
$sourceId = bin2hex(substr($artifact, 4, 20));
} else {
throw new Exception('Missing SAMLArt parameter.');
}
$metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $metadataHandler->getMetaDataConfigForSha1($sourceId, 'saml20-idp-remote');
if ($idpMetadata === NULL) {
throw new Exception('No metadata found for remote provider with SHA1 ID: ' . var_export($sourceId, TRUE));
}
$endpoint = NULL;
foreach ($idpMetadata->getEndpoints('ArtifactResolutionService') as $ep) {
if ($ep['index'] === hexdec($endpointIndex)) {
$endpoint = $ep;
break;
}
}
if ($endpoint === NULL) {
throw new Exception('No ArtifactResolutionService with the correct index.');
}
SAML2_Utils::getContainer()->getLogger()->debug("ArtifactResolutionService endpoint being used is := " . $endpoint['Location']);
//Construct the ArtifactResolve Request
$ar = new SAML2_ArtifactResolve();
/* Set the request attributes */
$ar->setIssuer($this->spMetadata->getString('entityid'));
$ar->setArtifact($_REQUEST['SAMLart']);
$ar->setDestination($endpoint['Location']);
require_once realpath(__DIR__ . '/../../../simplesamlphp/modules/saml/lib/Message.php');
/* Sign the request */
sspmod_saml_Message::addSign($this->spMetadata, $idpMetadata, $ar);
// Shoaib - moved from the SOAPClient.
$soap = new SAML2_SOAPClient();
// Send message through SoapClient
/** @var SAML2_ArtifactResponse $artifactResponse */
$artifactResponse = $soap->send($ar, $this->spMetadata);
if (!$artifactResponse->isSuccess()) {
return false;
}
$xml = $artifactResponse->getAny();
if ($xml === NULL) {
/* Empty ArtifactResponse - possibly because of Artifact replay? */
return NULL;
}
$samlResponse = SAML2_Message::fromXML($xml);
$samlResponse->addValidator(array(get_class($this), 'validateSignature'), $artifactResponse);
if (isset($_REQUEST['RelayState'])) {
$samlResponse->setRelayState($_REQUEST['RelayState']);
}
return $samlResponse;
}
示例6: getPresentation
public function getPresentation()
{
$mh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$metadata = $mh->getList($this->config);
$translation = array('_' => 'All services');
foreach ($this->fields as $field) {
if (array_key_exists($field, $metadata)) {
if (array_key_exists('name', $metadata[$field])) {
$translation[$field] = $this->template->t($metadata[$field]['name'], array(), FALSE);
}
}
}
return $translation;
}
示例7: createRedirect
public function createRedirect($destination, $shire = NULL)
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpmetadata = $metadata->getMetaData($destination, 'shib13-idp-remote');
if ($shire === NULL) {
$shire = $metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted');
}
if (!isset($idpmetadata['SingleSignOnService'])) {
throw new Exception('Could not find the SingleSignOnService parameter in the Shib 1.3 IdP Remote metadata. This parameter has changed name from an earlier version of simpleSAMLphp, when it was called SingleSignOnUrl. Please check your shib13-sp-remote.php configuration the IdP with entity id ' . $destination . ' and make sure the SingleSignOnService parameter is set.');
}
$desturl = $idpmetadata['SingleSignOnService'];
$target = $this->getRelayState();
$url = $desturl . '?' . 'providerId=' . urlencode($this->getIssuer()) . '&shire=' . urlencode($shire) . (isset($target) ? '&target=' . urlencode($target) : '');
return $url;
}
示例8: receiveAuthnRequest
/**
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int) $_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
\SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL());
}
}
if (!isset($_REQUEST['providerId'])) {
throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');
}
$spEntityId = (string) $_REQUEST['providerId'];
if (!isset($_REQUEST['shire'])) {
throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');
}
$shire = (string) $_REQUEST['shire'];
if (isset($_REQUEST['target'])) {
$target = $_REQUEST['target'];
} else {
$target = NULL;
}
SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.');
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
$found = FALSE;
foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {
continue;
}
if ($ep['Location'] !== $shire) {
continue;
}
$found = TRUE;
break;
}
if (!$found) {
throw new Exception('Invalid AssertionConsumerService for SP ' . var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));
}
SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'protocol' => 'saml1'));
$sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(\SimpleSAML\Utils\HTTP::getSelfURL(), array('cookieTime' => time()));
$state = array('Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'), 'SPMetadata' => $spMetadata->toArray(), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'saml:shire' => $shire, 'saml:target' => $target, 'saml:AuthnRequestReceivedAt' => microtime(TRUE));
$idp->handleAuthenticationRequest($state);
}
示例9: __construct
/**
* Initializes this discovery service.
*
* The constructor does the parsing of the request. If this is an invalid request, it will
* throw an exception.
*
* @param array $metadataSets Array with metadata sets we find remote entities in.
* @param string $instance The name of this instance of the discovery service.
*/
public function __construct(array $metadataSets, $instance)
{
assert('is_string($instance)');
/* Initialize standard classes. */
$this->config = SimpleSAML_Configuration::getInstance();
$this->metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$this->session = SimpleSAML_Session::getSessionFromRequest();
$this->instance = $instance;
$this->metadataSets = $metadataSets;
$this->log('Accessing discovery service.');
/* Standard discovery service parameters. */
if (!array_key_exists('entityID', $_GET)) {
throw new Exception('Missing parameter: entityID');
} else {
$this->spEntityId = $_GET['entityID'];
}
if (!array_key_exists('returnIDParam', $_GET)) {
$this->returnIdParam = 'entityID';
} else {
$this->returnIdParam = $_GET['returnIDParam'];
}
$this->log('returnIdParam initially set to [' . $this->returnIdParam . ']');
if (!array_key_exists('return', $_GET)) {
throw new Exception('Missing parameter: return');
} else {
$this->returnURL = SimpleSAML_Utilities::checkURLAllowed($_GET['return']);
}
$this->isPassive = FALSE;
if (array_key_exists('isPassive', $_GET)) {
if ($_GET['isPassive'] === 'true') {
$this->isPassive = TRUE;
}
}
$this->log('isPassive initially set to [' . ($this->isPassive ? 'TRUE' : 'FALSE') . ']');
if (array_key_exists('IdPentityID', $_GET)) {
$this->setIdPentityID = $_GET['IdPentityID'];
} else {
$this->setIdPentityID = NULL;
}
if (array_key_exists('IDPList', $_REQUEST)) {
$this->scopedIDPList = $_REQUEST['IDPList'];
}
}
示例10: process
/**
* Process a authentication response
*
* This function saves the state, and redirects the user to the page where
* the user can log in with their second factor.
*
* @param array &$state The state of the response.
*
* @return void
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Destination", $state)');
assert('array_key_exists("entityid", $state["Destination"])');
assert('array_key_exists("metadata-set", $state["Destination"])');
assert('array_key_exists("Source", $state)');
assert('array_key_exists("entityid", $state["Source"])');
assert('array_key_exists("metadata-set", $state["Source"])');
$spEntityId = $state['Destination']['entityid'];
$idpEntityId = $state['Source']['entityid'];
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/**
* If the Duo Security module is active on a bridge $state['saml:sp:IdP']
* will contain an entry id for the remote IdP. If not, then
* it is active on a local IdP and nothing needs to be
* done.
*/
if (isset($state['saml:sp:IdP'])) {
$idpEntityId = $state['saml:sp:IdP'];
$idpmeta = $metadata->getMetaData($idpEntityId, 'saml20-idp-remote');
$state['Source'] = $idpmeta;
}
if (isset($state['duo_complete'])) {
return;
}
// Set Keys for Duo SDK
$state['duosecurity:akey'] = $this->_akey;
$state['duosecurity:ikey'] = $this->_ikey;
$state['duosecurity:skey'] = $this->_skey;
$state['duosecurity:host'] = $this->_host;
$state['duosecurity:authSources'] = $this->_authSources;
$state['duosecurity:usernameAttribute'] = $this->_usernameAttribute;
// User interaction nessesary. Throw exception on isPassive request
if (isset($state['isPassive']) && $state['isPassive'] == true) {
throw new SimpleSAML_Error_NoPassive('Unable to login with passive request.');
}
// Save state and redirect
$id = SimpleSAML_Auth_State::saveState($state, 'duosecurity:request');
$url = SimpleSAML_Module::getModuleURL('duosecurity/getduo.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
}
示例11: configure
public function configure()
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$entitylist = $metadata->getList('saml20-sp-remote');
foreach ($entitylist as $key => $value) {
$spidlist[$key] = $key;
}
$i18n = sfContext::getInstance()->getI18N();
$this->widgetSchema['description'] = new sfWidgetFormTextarea();
$this->widgetSchema['entityId'] = new sfWidgetFormChoice(array('choices' => $spidlist));
$this->widgetSchema->setLabel('description', $i18n->__('Service description'));
$this->widgetSchema->setLabel('url', $i18n->__('Service homepage'));
$this->widgetSchema->setLabel('entityId', $i18n->__('SAML SP entity id'));
$this->widgetSchema->setLabel('name', $i18n->__('Service name'));
//$this->widgetSchema->setLabel('type', $i18n->__('Registration type'));
unset($this['type']);
unset($this['organization_list']);
unset($this['principal_id']);
unset($this['created_at']);
unset($this['updated_at']);
unset($this['token']);
}
示例12: get_sp_list
/**
* Get a list of associated SAML 2 SPs.
*
* This function is just for backwards-compatibility. New code should
* use the SimpleSAML_IdP::getAssociations()-function.
*
* @return array Array of SAML 2 entityIDs.
* @deprecated Will be removed in the future.
*/
public function get_sp_list()
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
try {
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
} catch (Exception $e) {
/* No SAML 2 IdP configured? */
return array();
}
$ret = array();
foreach ($idp->getAssociations() as $assoc) {
if (isset($assoc['saml:entityID'])) {
$ret[] = $assoc['saml:entityID'];
}
}
return $ret;
}
示例13: process
/**
* Process a authentication response
*
* This function saves the state, and redirects the user to the page where
* the user can authorize the release of the attributes.
* If storage is used and the consent has already been given the user is
* passed on.
*
* @param array &$state The state of the response.
*
* @return void
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("UserID", $state)');
assert('array_key_exists("Destination", $state)');
assert('array_key_exists("entityid", $state["Destination"])');
assert('array_key_exists("metadata-set", $state["Destination"])');
assert('array_key_exists("entityid", $state["Source"])');
assert('array_key_exists("metadata-set", $state["Source"])');
$spEntityId = $state['Destination']['entityid'];
$idpEntityId = $state['Source']['entityid'];
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/**
* If the consent module is active on a bridge $state['saml:sp:IdP']
* will contain an entry id for the remote IdP. If not, then the
* consent module is active on a local IdP and nothing needs to be
* done.
*/
if (isset($state['saml:sp:IdP'])) {
$idpEntityId = $state['saml:sp:IdP'];
$idpmeta = $metadata->getMetaData($idpEntityId, 'saml20-idp-remote');
$state['Source'] = $idpmeta;
}
$statsData = array('spEntityID' => $spEntityId);
// Do not use consent if disabled
if (isset($state['Source']['consent.disable']) && self::checkDisable($state['Source']['consent.disable'], $spEntityId)) {
SimpleSAML_Logger::debug('Consent: Consent disabled for entity ' . $spEntityId . ' with IdP ' . $idpEntityId);
SimpleSAML_Stats::log('consent:disabled', $statsData);
return;
}
if (isset($state['Destination']['consent.disable']) && self::checkDisable($state['Destination']['consent.disable'], $idpEntityId)) {
SimpleSAML_Logger::debug('Consent: Consent disabled for entity ' . $spEntityId . ' with IdP ' . $idpEntityId);
SimpleSAML_Stats::log('consent:disabled', $statsData);
return;
}
if ($this->_store !== null) {
$source = $state['Source']['metadata-set'] . '|' . $idpEntityId;
$destination = $state['Destination']['metadata-set'] . '|' . $spEntityId;
$attributes = $state['Attributes'];
// Remove attributes that do not require consent
foreach ($attributes as $attrkey => $attrval) {
if (in_array($attrkey, $this->_noconsentattributes)) {
unset($attributes[$attrkey]);
}
}
SimpleSAML_Logger::debug('Consent: userid: ' . $state['UserID']);
SimpleSAML_Logger::debug('Consent: source: ' . $source);
SimpleSAML_Logger::debug('Consent: destination: ' . $destination);
$userId = self::getHashedUserID($state['UserID'], $source);
$targetedId = self::getTargetedID($state['UserID'], $source, $destination);
$attributeSet = self::getAttributeHash($attributes, $this->_includeValues);
SimpleSAML_Logger::debug('Consent: hasConsent() [' . $userId . '|' . $targetedId . '|' . $attributeSet . ']');
try {
if ($this->_store->hasConsent($userId, $targetedId, $attributeSet)) {
// Consent already given
SimpleSAML_Logger::stats('Consent: Consent found');
SimpleSAML_Stats::log('consent:found', $statsData);
return;
}
SimpleSAML_Logger::stats('Consent: Consent notfound');
SimpleSAML_Stats::log('consent:notfound', $statsData);
$state['consent:store'] = $this->_store;
$state['consent:store.userId'] = $userId;
$state['consent:store.destination'] = $targetedId;
$state['consent:store.attributeSet'] = $attributeSet;
} catch (Exception $e) {
SimpleSAML_Logger::error('Consent: Error reading from storage: ' . $e->getMessage());
SimpleSAML_Logger::stats('Consent: Failed');
SimpleSAML_Stats::log('consent:failed', $statsData);
}
} else {
SimpleSAML_Logger::stats('Consent: No storage');
SimpleSAML_Stats::log('consent:nostorage', $statsData);
}
$state['consent:focus'] = $this->_focus;
$state['consent:checked'] = $this->_checked;
$state['consent:hiddenAttributes'] = $this->_hiddenAttributes;
$state['consent:noconsentattributes'] = $this->_noconsentattributes;
$state['consent:showNoConsentAboutService'] = $this->_showNoConsentAboutService;
// User interaction nessesary. Throw exception on isPassive request
if (isset($state['isPassive']) && $state['isPassive'] == true) {
SimpleSAML_Stats::log('consent:nopassive', $statsData);
throw new SimpleSAML_Error_NoPassive('Unable to give consent on passive request.');
}
// Save state and redirect
$id = SimpleSAML_Auth_State::saveState($state, 'consent:request');
$url = SimpleSAML_Module::getModuleURL('consent/getconsent.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
//.........这里部分代码省略.........
示例14: process
/**
* Process a authentication response.
*
* This function saves the state, and redirects the user to the page where the user
* can authorize the release of the attributes.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("UserID", $state)');
assert('array_key_exists("Destination", $state)');
assert('array_key_exists("entityid", $state["Destination"])');
assert('array_key_exists("metadata-set", $state["Destination"])');
assert('array_key_exists("entityid", $state["Source"])');
assert('array_key_exists("metadata-set", $state["Source"])');
$session = SimpleSAML_Session::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/* If the consent module is active on a bridge $state['saml:sp:IdP'] will contain
* an entry id for the remote IdP. If not, then the
* consent module is active on a local IdP and nothing needs to be done.
*/
if (isset($state['saml:sp:IdP'])) {
$idpmeta = $metadata->getMetaData($state['saml:sp:IdP'], 'saml20-idp-remote');
$state['Source'] = $idpmeta;
} elseif ($session->getIdP() !== NULL) {
/* For backwards compatibility. TODO: Remove in version 1.8. */
$idpmeta = $metadata->getMetaData($session->getIdP(), 'saml20-idp-remote');
$state['Source'] = $idpmeta;
}
if ($this->store !== NULL) {
// Do not use consent if disabled on source entity
if (isset($state['Source']['consent.disable']) && in_array($state['Destination']['entityid'], $state['Source']['consent.disable'])) {
SimpleSAML_Logger::debug('Consent - Consent disabled for entity ' . $state['Destination']['entityid']);
return;
}
$source = $state['Source']['metadata-set'] . '|' . $state['Source']['entityid'];
$destination = $state['Destination']['metadata-set'] . '|' . $state['Destination']['entityid'];
SimpleSAML_Logger::debug('Consent - userid : ' . $state['UserID']);
SimpleSAML_Logger::debug('Consent - source : ' . $source);
SimpleSAML_Logger::debug('Consent - destination : ' . $destination);
$userId = self::getHashedUserID($state['UserID'], $source);
$targetedId = self::getTargetedID($state['UserID'], $source, $destination);
$attributeSet = self::getAttributeHash($state['Attributes'], $this->includeValues);
SimpleSAML_Logger::debug('Consent - hasConsent() : [' . $userId . '|' . $targetedId . '|' . $attributeSet . ']');
if ($this->store->hasConsent($userId, $targetedId, $attributeSet)) {
SimpleSAML_Logger::stats('consent found');
/* Consent already given. */
return;
}
SimpleSAML_Logger::stats('consent notfound');
$state['consent:store'] = $this->store;
$state['consent:store.userId'] = $userId;
$state['consent:store.destination'] = $targetedId;
$state['consent:store.attributeSet'] = $attributeSet;
} else {
SimpleSAML_Logger::stats('consent nostorage');
}
$state['consent:focus'] = $this->focus;
$state['consent:checked'] = $this->checked;
$state['consent:hiddenAttributes'] = $this->hiddenAttributes;
/* User interaction nessesary. Throw exception on isPassive request */
if (isset($state['isPassive']) && $state['isPassive'] == TRUE) {
throw new SimpleSAML_Error_NoPassive('Unable to give consent on passive request.');
}
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'consent:request');
$url = SimpleSAML_Module::getModuleURL('consent/getconsent.php');
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
}
示例15: reauthenticate
/**
* Re-authenticate an user.
*
* This function is called by the IdP to give the authentication source a chance to
* interact with the user even in the case when the user is already authenticated.
*
* @param array &$state Information about the current authentication.
*/
public function reauthenticate(array &$state)
{
assert('is_array($state)');
$session = SimpleSAML_Session::getSessionFromRequest();
$data = $session->getAuthState($this->authId);
foreach ($data as $k => $v) {
$state[$k] = $v;
}
// check if we have an IDPList specified in the request
if (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0 && !in_array($state['saml:sp:IdP'], $state['saml:IDPList'], true)) {
/*
* The user has an existing, valid session. However, the SP provided a list of IdPs it accepts for
* authentication, and the IdP the existing session is related to is not in that list.
*
* First, check if we recognize any of the IdPs requested.
*/
$mdh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$known_idps = $mdh->getList();
$intersection = array_intersect($state['saml:IDPList'], array_keys($known_idps));
if (empty($intersection)) {
// all requested IdPs are unknown
throw new SimpleSAML\Module\saml\Error\NoSupportedIDP(\SAML2\Constants::STATUS_REQUESTER, 'None of the IdPs requested are supported by this proxy.');
}
/*
* We have at least one IdP in the IDPList that we recognize, and it's not the one currently in use. Let's
* see if this proxy enforces the use of one single IdP.
*/
if (!is_null($this->idp) && !in_array($this->idp, $intersection)) {
// an IdP is enforced but not requested
throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(\SAML2\Constants::STATUS_REQUESTER, 'None of the IdPs requested are available to this proxy.');
}
/*
* We need to inform the user, and ask whether we should logout before starting the authentication process
* again with a different IdP, or cancel the current SSO attempt.
*/
SimpleSAML\Logger::warning("Reauthentication after logout is needed. The IdP '{$state['saml:sp:IdP']}' is not in the IDPList " . "provided by the Service Provider '{$state['core:SP']}'.");
$state['saml:sp:IdPMetadata'] = $this->getIdPMetadata($state['saml:sp:IdP']);
$state['saml:sp:AuthId'] = $this->authId;
self::askForIdPChange($state);
}
}