当前位置: 首页>>代码示例>>PHP>>正文


PHP SimpleSAML_Metadata_MetaDataStorageHandler类代码示例

本文整理汇总了PHP中SimpleSAML_Metadata_MetaDataStorageHandler的典型用法代码示例。如果您正苦于以下问题:PHP SimpleSAML_Metadata_MetaDataStorageHandler类的具体用法?PHP SimpleSAML_Metadata_MetaDataStorageHandler怎么用?PHP SimpleSAML_Metadata_MetaDataStorageHandler使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了SimpleSAML_Metadata_MetaDataStorageHandler类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: getMetadataHandler

 /**
  * This function retrieves the current instance of the metadata handler.
  * The metadata handler will be instantiated if this is the first call
  * to this function.
  *
  * @return SimpleSAML_Metadata_MetaDataStorageHandler The current metadata handler instance.
  */
 public static function getMetadataHandler()
 {
     if (self::$metadataHandler === null) {
         self::$metadataHandler = new SimpleSAML_Metadata_MetaDataStorageHandler();
     }
     return self::$metadataHandler;
 }
开发者ID:PitcherAG,项目名称:simplesamlphp,代码行数:14,代码来源:MetaDataStorageHandler.php

示例2: actionSso

 public function actionSso()
 {
     $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
     $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
     \sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
     assert('FALSE');
 }
开发者ID:samiksha-singla,项目名称:Api-Framework,代码行数:8,代码来源:Ssoservice.php

示例3: actionSso

 public function actionSso()
 {
     //logout previous sso session
     \utilities\Registry::clearRegistry();
     $isRequestPost = $this->_request->isPost();
     if ($isRequestPost) {
         // check if every required parameter is set or not
         $username = $this->_request->getParam('username', null);
         $password = $this->_request->getParam('password', null);
         $referrer = $this->_request->getParam('spentityid', null);
         if (!$username) {
             $this->_response->renderJson(array('message' => 'Username is not set'));
         }
         if (!$password) {
             $this->_response->renderJson(array('message' => 'Password is not set'));
         }
         if (!$referrer) {
             $this->_response->renderJson(array('message' => 'Referrer not set'));
         }
         $objDbUserauth = new \models\Users();
         // check if user is authenticated or not
         $userAuthenticationStatus = $objDbUserauth->authenticate($username, $password);
         // user locked due to 5 invalid attempts
         if (\models\Users::ERROR_USER_LOCKED === $userAuthenticationStatus) {
             $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => $userAuthenticationStatus));
         }
         //user password is expired
         if (\models\Users::ERROR_USER_PWD_EXPIRED === $userAuthenticationStatus) {
             $this->_response->renderJson(array('message' => 'Your password is expired', 'authstatus' => $userAuthenticationStatus));
         }
         //user authentication is successfull
         if ($userAuthenticationStatus === true) {
             $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
             $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
             $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
             \sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
             assert('FALSE');
         } else {
             //handle invalid attempts
             $objInvalidAttempts = new \models\UserLoginAttempts();
             $loginAttemptsLeft = $objInvalidAttempts->handleInvalidLoginAttempts($username);
             $invalidAttempt = false;
             // if attempt is invalid username is wrong
             $message = "Invalid credentials";
             if ($loginAttemptsLeft !== false) {
                 // if last attempt was hit then show that account is locked
                 if ($loginAttemptsLeft === 0) {
                     $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => \models\Users::ERROR_USER_LOCKED));
                 }
                 $invalidAttempt = true;
                 $message = "Incorrect Password.You have {$loginAttemptsLeft} attempts left";
             }
             $this->_response->renderJson(array('message' => $message, 'invalidAttempt' => $invalidAttempt));
             exit;
         }
     }
     $this->_response->renderJson(array('message' => 'Only post request are accepted'));
 }
开发者ID:samiksha-singla,项目名称:Api-Framework,代码行数:58,代码来源:Users.php

示例4: createRedirect

 public function createRedirect($destination, $shire)
 {
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $idpmetadata = $metadata->getMetaDataConfig($destination, 'shib13-idp-remote');
     $desturl = $idpmetadata->getDefaultEndpoint('SingleSignOnService', array('urn:mace:shibboleth:1.0:profiles:AuthnRequest'));
     $desturl = $desturl['Location'];
     $target = $this->getRelayState();
     $url = $desturl . '?' . 'providerId=' . urlencode($this->getIssuer()) . '&shire=' . urlencode($shire) . (isset($target) ? '&target=' . urlencode($target) : '');
     return $url;
 }
开发者ID:palantirnet,项目名称:simplesamlphp,代码行数:10,代码来源:AuthnRequest.php

示例5: receive

 /**
  * Receive a SAML 2 message sent using the HTTP-Artifact binding.
  *
  * Throws an exception if it is unable receive the message.
  *
  * @return SAML2_Message The received message.
  * @throws Exception
  */
 public function receive()
 {
     if (array_key_exists('SAMLart', $_REQUEST)) {
         $artifact = base64_decode($_REQUEST['SAMLart']);
         $endpointIndex = bin2hex(substr($artifact, 2, 2));
         $sourceId = bin2hex(substr($artifact, 4, 20));
     } else {
         throw new Exception('Missing SAMLArt parameter.');
     }
     $metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $idpMetadata = $metadataHandler->getMetaDataConfigForSha1($sourceId, 'saml20-idp-remote');
     if ($idpMetadata === NULL) {
         throw new Exception('No metadata found for remote provider with SHA1 ID: ' . var_export($sourceId, TRUE));
     }
     $endpoint = NULL;
     foreach ($idpMetadata->getEndpoints('ArtifactResolutionService') as $ep) {
         if ($ep['index'] === hexdec($endpointIndex)) {
             $endpoint = $ep;
             break;
         }
     }
     if ($endpoint === NULL) {
         throw new Exception('No ArtifactResolutionService with the correct index.');
     }
     SAML2_Utils::getContainer()->getLogger()->debug("ArtifactResolutionService endpoint being used is := " . $endpoint['Location']);
     //Construct the ArtifactResolve Request
     $ar = new SAML2_ArtifactResolve();
     /* Set the request attributes */
     $ar->setIssuer($this->spMetadata->getString('entityid'));
     $ar->setArtifact($_REQUEST['SAMLart']);
     $ar->setDestination($endpoint['Location']);
     require_once realpath(__DIR__ . '/../../../simplesamlphp/modules/saml/lib/Message.php');
     /* Sign the request */
     sspmod_saml_Message::addSign($this->spMetadata, $idpMetadata, $ar);
     // Shoaib - moved from the SOAPClient.
     $soap = new SAML2_SOAPClient();
     // Send message through SoapClient
     /** @var SAML2_ArtifactResponse $artifactResponse */
     $artifactResponse = $soap->send($ar, $this->spMetadata);
     if (!$artifactResponse->isSuccess()) {
         return false;
     }
     $xml = $artifactResponse->getAny();
     if ($xml === NULL) {
         /* Empty ArtifactResponse - possibly because of Artifact replay? */
         return NULL;
     }
     $samlResponse = SAML2_Message::fromXML($xml);
     $samlResponse->addValidator(array(get_class($this), 'validateSignature'), $artifactResponse);
     if (isset($_REQUEST['RelayState'])) {
         $samlResponse->setRelayState($_REQUEST['RelayState']);
     }
     return $samlResponse;
 }
开发者ID:dutchbridge,项目名称:saml2,代码行数:62,代码来源:HTTPArtifact.php

示例6: getPresentation

 public function getPresentation()
 {
     $mh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $metadata = $mh->getList($this->config);
     $translation = array('_' => 'All services');
     foreach ($this->fields as $field) {
         if (array_key_exists($field, $metadata)) {
             if (array_key_exists('name', $metadata[$field])) {
                 $translation[$field] = $this->template->t($metadata[$field]['name'], array(), FALSE);
             }
         }
     }
     return $translation;
 }
开发者ID:PitcherAG,项目名称:simplesamlphp,代码行数:14,代码来源:Entity.php

示例7: createRedirect

 public function createRedirect($destination, $shire = NULL)
 {
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $idpmetadata = $metadata->getMetaData($destination, 'shib13-idp-remote');
     if ($shire === NULL) {
         $shire = $metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted');
     }
     if (!isset($idpmetadata['SingleSignOnService'])) {
         throw new Exception('Could not find the SingleSignOnService parameter in the Shib 1.3 IdP Remote metadata. This parameter has changed name from an earlier version of simpleSAMLphp, when it was called SingleSignOnUrl. Please check your shib13-sp-remote.php configuration the IdP with entity id ' . $destination . ' and make sure the SingleSignOnService parameter is set.');
     }
     $desturl = $idpmetadata['SingleSignOnService'];
     $target = $this->getRelayState();
     $url = $desturl . '?' . 'providerId=' . urlencode($this->getIssuer()) . '&shire=' . urlencode($shire) . (isset($target) ? '&target=' . urlencode($target) : '');
     return $url;
 }
开发者ID:hukumonline,项目名称:yii,代码行数:15,代码来源:AuthnRequest.php

示例8: receiveAuthnRequest

 /**
  * Receive an authentication request.
  *
  * @param SimpleSAML_IdP $idp  The IdP we are receiving it for.
  */
 public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
 {
     if (isset($_REQUEST['cookieTime'])) {
         $cookieTime = (int) $_REQUEST['cookieTime'];
         if ($cookieTime + 5 > time()) {
             /*
              * Less than five seconds has passed since we were
              * here the last time. Cookies are probably disabled.
              */
             \SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL());
         }
     }
     if (!isset($_REQUEST['providerId'])) {
         throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');
     }
     $spEntityId = (string) $_REQUEST['providerId'];
     if (!isset($_REQUEST['shire'])) {
         throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');
     }
     $shire = (string) $_REQUEST['shire'];
     if (isset($_REQUEST['target'])) {
         $target = $_REQUEST['target'];
     } else {
         $target = NULL;
     }
     SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.');
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
     $found = FALSE;
     foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
         if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {
             continue;
         }
         if ($ep['Location'] !== $shire) {
             continue;
         }
         $found = TRUE;
         break;
     }
     if (!$found) {
         throw new Exception('Invalid AssertionConsumerService for SP ' . var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));
     }
     SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'protocol' => 'saml1'));
     $sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(\SimpleSAML\Utils\HTTP::getSelfURL(), array('cookieTime' => time()));
     $state = array('Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'), 'SPMetadata' => $spMetadata->toArray(), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'saml:shire' => $shire, 'saml:target' => $target, 'saml:AuthnRequestReceivedAt' => microtime(TRUE));
     $idp->handleAuthenticationRequest($state);
 }
开发者ID:SysBind,项目名称:simplesamlphp,代码行数:52,代码来源:SAML1.php

示例9: __construct

 /**
  * Initializes this discovery service.
  *
  * The constructor does the parsing of the request. If this is an invalid request, it will
  * throw an exception.
  *
  * @param array $metadataSets  Array with metadata sets we find remote entities in.
  * @param string $instance  The name of this instance of the discovery service.
  */
 public function __construct(array $metadataSets, $instance)
 {
     assert('is_string($instance)');
     /* Initialize standard classes. */
     $this->config = SimpleSAML_Configuration::getInstance();
     $this->metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $this->session = SimpleSAML_Session::getSessionFromRequest();
     $this->instance = $instance;
     $this->metadataSets = $metadataSets;
     $this->log('Accessing discovery service.');
     /* Standard discovery service parameters. */
     if (!array_key_exists('entityID', $_GET)) {
         throw new Exception('Missing parameter: entityID');
     } else {
         $this->spEntityId = $_GET['entityID'];
     }
     if (!array_key_exists('returnIDParam', $_GET)) {
         $this->returnIdParam = 'entityID';
     } else {
         $this->returnIdParam = $_GET['returnIDParam'];
     }
     $this->log('returnIdParam initially set to [' . $this->returnIdParam . ']');
     if (!array_key_exists('return', $_GET)) {
         throw new Exception('Missing parameter: return');
     } else {
         $this->returnURL = SimpleSAML_Utilities::checkURLAllowed($_GET['return']);
     }
     $this->isPassive = FALSE;
     if (array_key_exists('isPassive', $_GET)) {
         if ($_GET['isPassive'] === 'true') {
             $this->isPassive = TRUE;
         }
     }
     $this->log('isPassive initially set to [' . ($this->isPassive ? 'TRUE' : 'FALSE') . ']');
     if (array_key_exists('IdPentityID', $_GET)) {
         $this->setIdPentityID = $_GET['IdPentityID'];
     } else {
         $this->setIdPentityID = NULL;
     }
     if (array_key_exists('IDPList', $_REQUEST)) {
         $this->scopedIDPList = $_REQUEST['IDPList'];
     }
 }
开发者ID:Stony-Brook-University,项目名称:doitsbu,代码行数:52,代码来源:IdPDisco.php

示例10: process

 /**
  * Process a authentication response
  *
  * This function saves the state, and redirects the user to the page where
  * the user can log in with their second factor.
  *
  * @param array &$state The state of the response.
  *
  * @return void
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     assert('array_key_exists("Destination", $state)');
     assert('array_key_exists("entityid", $state["Destination"])');
     assert('array_key_exists("metadata-set", $state["Destination"])');
     assert('array_key_exists("Source", $state)');
     assert('array_key_exists("entityid", $state["Source"])');
     assert('array_key_exists("metadata-set", $state["Source"])');
     $spEntityId = $state['Destination']['entityid'];
     $idpEntityId = $state['Source']['entityid'];
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     /**
      * If the Duo Security module is active on a bridge $state['saml:sp:IdP']
      * will contain an entry id for the remote IdP. If not, then
      * it is active on a local IdP and nothing needs to be
      * done.
      */
     if (isset($state['saml:sp:IdP'])) {
         $idpEntityId = $state['saml:sp:IdP'];
         $idpmeta = $metadata->getMetaData($idpEntityId, 'saml20-idp-remote');
         $state['Source'] = $idpmeta;
     }
     if (isset($state['duo_complete'])) {
         return;
     }
     // Set Keys for Duo SDK
     $state['duosecurity:akey'] = $this->_akey;
     $state['duosecurity:ikey'] = $this->_ikey;
     $state['duosecurity:skey'] = $this->_skey;
     $state['duosecurity:host'] = $this->_host;
     $state['duosecurity:authSources'] = $this->_authSources;
     $state['duosecurity:usernameAttribute'] = $this->_usernameAttribute;
     // User interaction nessesary. Throw exception on isPassive request
     if (isset($state['isPassive']) && $state['isPassive'] == true) {
         throw new SimpleSAML_Error_NoPassive('Unable to login with passive request.');
     }
     // Save state and redirect
     $id = SimpleSAML_Auth_State::saveState($state, 'duosecurity:request');
     $url = SimpleSAML_Module::getModuleURL('duosecurity/getduo.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }
开发者ID:scottcarlson,项目名称:simplesamlphp-duosecurity,代码行数:52,代码来源:Duosecurity.php

示例11: configure

 public function configure()
 {
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $entitylist = $metadata->getList('saml20-sp-remote');
     foreach ($entitylist as $key => $value) {
         $spidlist[$key] = $key;
     }
     $i18n = sfContext::getInstance()->getI18N();
     $this->widgetSchema['description'] = new sfWidgetFormTextarea();
     $this->widgetSchema['entityId'] = new sfWidgetFormChoice(array('choices' => $spidlist));
     $this->widgetSchema->setLabel('description', $i18n->__('Service description'));
     $this->widgetSchema->setLabel('url', $i18n->__('Service homepage'));
     $this->widgetSchema->setLabel('entityId', $i18n->__('SAML SP entity id'));
     $this->widgetSchema->setLabel('name', $i18n->__('Service name'));
     //$this->widgetSchema->setLabel('type', $i18n->__('Registration type'));
     unset($this['type']);
     unset($this['organization_list']);
     unset($this['principal_id']);
     unset($this['created_at']);
     unset($this['updated_at']);
     unset($this['token']);
 }
开发者ID:br00k,项目名称:yavom,代码行数:22,代码来源:ServiceForm.class.php

示例12: get_sp_list

 /**
  * Get a list of associated SAML 2 SPs.
  *
  * This function is just for backwards-compatibility. New code should
  * use the SimpleSAML_IdP::getAssociations()-function.
  *
  * @return array  Array of SAML 2 entityIDs.
  * @deprecated  Will be removed in the future.
  */
 public function get_sp_list()
 {
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     try {
         $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
         $idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
     } catch (Exception $e) {
         /* No SAML 2 IdP configured? */
         return array();
     }
     $ret = array();
     foreach ($idp->getAssociations() as $assoc) {
         if (isset($assoc['saml:entityID'])) {
             $ret[] = $assoc['saml:entityID'];
         }
     }
     return $ret;
 }
开发者ID:jerrcs,项目名称:simplesamlphp,代码行数:27,代码来源:Session.php

示例13: process

 /**
  * Process a authentication response
  *
  * This function saves the state, and redirects the user to the page where
  * the user can authorize the release of the attributes.
  * If storage is used and the consent has already been given the user is 
  * passed on.
  *
  * @param array &$state The state of the response.
  *
  * @return void
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     assert('array_key_exists("UserID", $state)');
     assert('array_key_exists("Destination", $state)');
     assert('array_key_exists("entityid", $state["Destination"])');
     assert('array_key_exists("metadata-set", $state["Destination"])');
     assert('array_key_exists("entityid", $state["Source"])');
     assert('array_key_exists("metadata-set", $state["Source"])');
     $spEntityId = $state['Destination']['entityid'];
     $idpEntityId = $state['Source']['entityid'];
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     /**
      * If the consent module is active on a bridge $state['saml:sp:IdP']
      * will contain an entry id for the remote IdP. If not, then the
      * consent module is active on a local IdP and nothing needs to be
      * done.
      */
     if (isset($state['saml:sp:IdP'])) {
         $idpEntityId = $state['saml:sp:IdP'];
         $idpmeta = $metadata->getMetaData($idpEntityId, 'saml20-idp-remote');
         $state['Source'] = $idpmeta;
     }
     $statsData = array('spEntityID' => $spEntityId);
     // Do not use consent if disabled
     if (isset($state['Source']['consent.disable']) && self::checkDisable($state['Source']['consent.disable'], $spEntityId)) {
         SimpleSAML_Logger::debug('Consent: Consent disabled for entity ' . $spEntityId . ' with IdP ' . $idpEntityId);
         SimpleSAML_Stats::log('consent:disabled', $statsData);
         return;
     }
     if (isset($state['Destination']['consent.disable']) && self::checkDisable($state['Destination']['consent.disable'], $idpEntityId)) {
         SimpleSAML_Logger::debug('Consent: Consent disabled for entity ' . $spEntityId . ' with IdP ' . $idpEntityId);
         SimpleSAML_Stats::log('consent:disabled', $statsData);
         return;
     }
     if ($this->_store !== null) {
         $source = $state['Source']['metadata-set'] . '|' . $idpEntityId;
         $destination = $state['Destination']['metadata-set'] . '|' . $spEntityId;
         $attributes = $state['Attributes'];
         // Remove attributes that do not require consent
         foreach ($attributes as $attrkey => $attrval) {
             if (in_array($attrkey, $this->_noconsentattributes)) {
                 unset($attributes[$attrkey]);
             }
         }
         SimpleSAML_Logger::debug('Consent: userid: ' . $state['UserID']);
         SimpleSAML_Logger::debug('Consent: source: ' . $source);
         SimpleSAML_Logger::debug('Consent: destination: ' . $destination);
         $userId = self::getHashedUserID($state['UserID'], $source);
         $targetedId = self::getTargetedID($state['UserID'], $source, $destination);
         $attributeSet = self::getAttributeHash($attributes, $this->_includeValues);
         SimpleSAML_Logger::debug('Consent: hasConsent() [' . $userId . '|' . $targetedId . '|' . $attributeSet . ']');
         try {
             if ($this->_store->hasConsent($userId, $targetedId, $attributeSet)) {
                 // Consent already given
                 SimpleSAML_Logger::stats('Consent: Consent found');
                 SimpleSAML_Stats::log('consent:found', $statsData);
                 return;
             }
             SimpleSAML_Logger::stats('Consent: Consent notfound');
             SimpleSAML_Stats::log('consent:notfound', $statsData);
             $state['consent:store'] = $this->_store;
             $state['consent:store.userId'] = $userId;
             $state['consent:store.destination'] = $targetedId;
             $state['consent:store.attributeSet'] = $attributeSet;
         } catch (Exception $e) {
             SimpleSAML_Logger::error('Consent: Error reading from storage: ' . $e->getMessage());
             SimpleSAML_Logger::stats('Consent: Failed');
             SimpleSAML_Stats::log('consent:failed', $statsData);
         }
     } else {
         SimpleSAML_Logger::stats('Consent: No storage');
         SimpleSAML_Stats::log('consent:nostorage', $statsData);
     }
     $state['consent:focus'] = $this->_focus;
     $state['consent:checked'] = $this->_checked;
     $state['consent:hiddenAttributes'] = $this->_hiddenAttributes;
     $state['consent:noconsentattributes'] = $this->_noconsentattributes;
     $state['consent:showNoConsentAboutService'] = $this->_showNoConsentAboutService;
     // User interaction nessesary. Throw exception on isPassive request
     if (isset($state['isPassive']) && $state['isPassive'] == true) {
         SimpleSAML_Stats::log('consent:nopassive', $statsData);
         throw new SimpleSAML_Error_NoPassive('Unable to give consent on passive request.');
     }
     // Save state and redirect
     $id = SimpleSAML_Auth_State::saveState($state, 'consent:request');
     $url = SimpleSAML_Module::getModuleURL('consent/getconsent.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
//.........这里部分代码省略.........
开发者ID:danielkjfrog,项目名称:docker,代码行数:101,代码来源:Consent.php

示例14: process

 /**
  * Process a authentication response.
  *
  * This function saves the state, and redirects the user to the page where the user
  * can authorize the release of the attributes.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     assert('array_key_exists("UserID", $state)');
     assert('array_key_exists("Destination", $state)');
     assert('array_key_exists("entityid", $state["Destination"])');
     assert('array_key_exists("metadata-set", $state["Destination"])');
     assert('array_key_exists("entityid", $state["Source"])');
     assert('array_key_exists("metadata-set", $state["Source"])');
     $session = SimpleSAML_Session::getInstance();
     $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     /* If the consent module is active on a bridge $state['saml:sp:IdP'] will contain
      * an entry id for the remote IdP. If not, then the
      * consent module is active on a local IdP and nothing needs to be done.
      */
     if (isset($state['saml:sp:IdP'])) {
         $idpmeta = $metadata->getMetaData($state['saml:sp:IdP'], 'saml20-idp-remote');
         $state['Source'] = $idpmeta;
     } elseif ($session->getIdP() !== NULL) {
         /* For backwards compatibility. TODO: Remove in version 1.8. */
         $idpmeta = $metadata->getMetaData($session->getIdP(), 'saml20-idp-remote');
         $state['Source'] = $idpmeta;
     }
     if ($this->store !== NULL) {
         // Do not use consent if disabled on source entity
         if (isset($state['Source']['consent.disable']) && in_array($state['Destination']['entityid'], $state['Source']['consent.disable'])) {
             SimpleSAML_Logger::debug('Consent - Consent disabled for entity ' . $state['Destination']['entityid']);
             return;
         }
         $source = $state['Source']['metadata-set'] . '|' . $state['Source']['entityid'];
         $destination = $state['Destination']['metadata-set'] . '|' . $state['Destination']['entityid'];
         SimpleSAML_Logger::debug('Consent - userid : ' . $state['UserID']);
         SimpleSAML_Logger::debug('Consent - source : ' . $source);
         SimpleSAML_Logger::debug('Consent - destination : ' . $destination);
         $userId = self::getHashedUserID($state['UserID'], $source);
         $targetedId = self::getTargetedID($state['UserID'], $source, $destination);
         $attributeSet = self::getAttributeHash($state['Attributes'], $this->includeValues);
         SimpleSAML_Logger::debug('Consent - hasConsent() : [' . $userId . '|' . $targetedId . '|' . $attributeSet . ']');
         if ($this->store->hasConsent($userId, $targetedId, $attributeSet)) {
             SimpleSAML_Logger::stats('consent found');
             /* Consent already given. */
             return;
         }
         SimpleSAML_Logger::stats('consent notfound');
         $state['consent:store'] = $this->store;
         $state['consent:store.userId'] = $userId;
         $state['consent:store.destination'] = $targetedId;
         $state['consent:store.attributeSet'] = $attributeSet;
     } else {
         SimpleSAML_Logger::stats('consent nostorage');
     }
     $state['consent:focus'] = $this->focus;
     $state['consent:checked'] = $this->checked;
     $state['consent:hiddenAttributes'] = $this->hiddenAttributes;
     /* User interaction nessesary. Throw exception on isPassive request */
     if (isset($state['isPassive']) && $state['isPassive'] == TRUE) {
         throw new SimpleSAML_Error_NoPassive('Unable to give consent on passive request.');
     }
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'consent:request');
     $url = SimpleSAML_Module::getModuleURL('consent/getconsent.php');
     SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
 }
开发者ID:filonuse,项目名称:fedlab,代码行数:71,代码来源:Consent.php

示例15: reauthenticate

 /**
  * Re-authenticate an user.
  *
  * This function is called by the IdP to give the authentication source a chance to
  * interact with the user even in the case when the user is already authenticated.
  *
  * @param array &$state  Information about the current authentication.
  */
 public function reauthenticate(array &$state)
 {
     assert('is_array($state)');
     $session = SimpleSAML_Session::getSessionFromRequest();
     $data = $session->getAuthState($this->authId);
     foreach ($data as $k => $v) {
         $state[$k] = $v;
     }
     // check if we have an IDPList specified in the request
     if (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0 && !in_array($state['saml:sp:IdP'], $state['saml:IDPList'], true)) {
         /*
          * The user has an existing, valid session. However, the SP provided a list of IdPs it accepts for
          * authentication, and the IdP the existing session is related to is not in that list.
          *
          * First, check if we recognize any of the IdPs requested.
          */
         $mdh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
         $known_idps = $mdh->getList();
         $intersection = array_intersect($state['saml:IDPList'], array_keys($known_idps));
         if (empty($intersection)) {
             // all requested IdPs are unknown
             throw new SimpleSAML\Module\saml\Error\NoSupportedIDP(\SAML2\Constants::STATUS_REQUESTER, 'None of the IdPs requested are supported by this proxy.');
         }
         /*
          * We have at least one IdP in the IDPList that we recognize, and it's not the one currently in use. Let's
          * see if this proxy enforces the use of one single IdP.
          */
         if (!is_null($this->idp) && !in_array($this->idp, $intersection)) {
             // an IdP is enforced but not requested
             throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(\SAML2\Constants::STATUS_REQUESTER, 'None of the IdPs requested are available to this proxy.');
         }
         /*
          * We need to inform the user, and ask whether we should logout before starting the authentication process
          * again with a different IdP, or cancel the current SSO attempt.
          */
         SimpleSAML\Logger::warning("Reauthentication after logout is needed. The IdP '{$state['saml:sp:IdP']}' is not in the IDPList " . "provided by the Service Provider '{$state['core:SP']}'.");
         $state['saml:sp:IdPMetadata'] = $this->getIdPMetadata($state['saml:sp:IdP']);
         $state['saml:sp:AuthId'] = $this->authId;
         self::askForIdPChange($state);
     }
 }
开发者ID:simplesamlphp,项目名称:simplesamlphp,代码行数:49,代码来源:SP.php


注:本文中的SimpleSAML_Metadata_MetaDataStorageHandler类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。