getSessionFromRequest() public static method

Retrieves the current session. Creates a new session if there's not one.
public static getSessionFromRequest ( ) : SimpleSAML_Session
return SimpleSAML_Session The current session.
 public function process(&$state)
 {
     assert('is_array($state)');
     if (empty($state['Expire']) || empty($state['Authority'])) {
         return;
     }
     $now = time();
     $delta = $state['Expire'] - $now;
     $globalConfig = SimpleSAML_Configuration::getInstance();
     $sessionDuration = $globalConfig->getInteger('session.duration', 8 * 60 * 60);
     /* Extend only if half of session duration already passed */
     if ($delta >= $sessionDuration * 0.5) {
         return;
     }
     /* Update authority expire time */
     $session = SimpleSAML_Session::getSessionFromRequest();
     $session->setAuthorityExpire($state['Authority']);
     /* Update session cookies duration */
     /* If remember me is active */
     $rememberMeExpire = $session->getRememberMeExpire();
     if (!empty($state['RememberMe']) && $rememberMeExpire !== NULL && $globalConfig->getBoolean('session.rememberme.enable', FALSE)) {
         $session->setRememberMeExpire();
         return;
     }
     /* Or if session lifetime is more than zero */
     $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
     $cookieParams = $sessionHandler->getCookieParams();
     if ($cookieParams['lifetime'] > 0) {
         $session->updateSessionCookies();
     }
 }
 public static function checkLoggedAndSameAuth()
 {
     $session = SimpleSAML_Session::getSessionFromRequest();
     $uregconf = SimpleSAML_Configuration::getConfig('module_selfregister.php');
     $asId = $uregconf->getString('auth');
     $as = new SimpleSAML_Auth_Simple($asId);
     if ($as->isAuthenticated()) {
         return $as;
     }
     return false;
 }
Beispiel #3
0
 /**
  * @deprecated This method will be removed in SSP 2.0.
  */
 public static function initLogoutReturn($returnURL, $authority)
 {
     assert('is_string($returnURL)');
     assert('is_string($authority)');
     $session = SimpleSAML_Session::getSessionFromRequest();
     $state = $session->getAuthData($authority, 'LogoutState');
     $session->doLogout($authority);
     $state['SimpleSAML_Auth_Default.ReturnURL'] = $returnURL;
     $state['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted');
     $as = SimpleSAML_Auth_Source::getById($authority);
     if ($as === NULL) {
         // The authority wasn't an authentication source...
         self::logoutCompleted($state);
     }
     $as->logout($state);
 }
 /**
  * Initializes this discovery service.
  *
  * The constructor does the parsing of the request. If this is an invalid request, it will
  * throw an exception.
  *
  * @param array $metadataSets  Array with metadata sets we find remote entities in.
  * @param string $instance  The name of this instance of the discovery service.
  */
 public function __construct(array $metadataSets, $instance)
 {
     assert('is_string($instance)');
     /* Initialize standard classes. */
     $this->config = SimpleSAML_Configuration::getInstance();
     $this->metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
     $this->session = SimpleSAML_Session::getSessionFromRequest();
     $this->instance = $instance;
     $this->metadataSets = $metadataSets;
     $this->log('Accessing discovery service.');
     /* Standard discovery service parameters. */
     if (!array_key_exists('entityID', $_GET)) {
         throw new Exception('Missing parameter: entityID');
     } else {
         $this->spEntityId = $_GET['entityID'];
     }
     if (!array_key_exists('returnIDParam', $_GET)) {
         $this->returnIdParam = 'entityID';
     } else {
         $this->returnIdParam = $_GET['returnIDParam'];
     }
     $this->log('returnIdParam initially set to [' . $this->returnIdParam . ']');
     if (!array_key_exists('return', $_GET)) {
         throw new Exception('Missing parameter: return');
     } else {
         $this->returnURL = SimpleSAML_Utilities::checkURLAllowed($_GET['return']);
     }
     $this->isPassive = FALSE;
     if (array_key_exists('isPassive', $_GET)) {
         if ($_GET['isPassive'] === 'true') {
             $this->isPassive = TRUE;
         }
     }
     $this->log('isPassive initially set to [' . ($this->isPassive ? 'TRUE' : 'FALSE') . ']');
     if (array_key_exists('IdPentityID', $_GET)) {
         $this->setIdPentityID = $_GET['IdPentityID'];
     } else {
         $this->setIdPentityID = NULL;
     }
     if (array_key_exists('IDPList', $_REQUEST)) {
         $this->scopedIDPList = $_REQUEST['IDPList'];
     }
 }
Beispiel #5
0
 /**
  * Process a logout response.
  *
  * This function will never return.
  *
  * @param string                          $assocId The association that is terminated.
  * @param string|null                     $relayState The RelayState from the start of the logout.
  * @param SimpleSAML_Error_Exception|null $error The error that occurred during session termination (if any).
  */
 public function handleLogoutResponse($assocId, $relayState, SimpleSAML_Error_Exception $error = null)
 {
     assert('is_string($assocId)');
     assert('is_string($relayState) || is_null($relayState)');
     $session = SimpleSAML_Session::getSessionFromRequest();
     $session->deleteData('core:idp-ssotime', $this->id . ';' . substr($assocId, strpos($assocId, ':') + 1));
     $handler = $this->getLogoutHandler();
     $handler->onResponse($assocId, $relayState, $error);
     assert('false');
 }
Beispiel #6
0
 /**
  * Check whether the current user is admin.
  *
  * @return boolean True if the current user is an admin user, false otherwise.
  *
  * @author Olav Morken, UNINETT AS <*****@*****.**>
  */
 public static function isAdmin()
 {
     $session = \SimpleSAML_Session::getSessionFromRequest();
     return $session->isValid('admin') || $session->isValid('login-admin');
 }
Beispiel #7
0
 /**
  * Handle a unsolicited login operations.
  *
  * This function creates a session from the received information. It
  * will then redirect to the given URL.
  *
  * This is used to handle IdP initiated SSO.
  *
  * @param string $authId The id of the authentication source that received
  * the request.
  * @param array $state A state array.
  * @param string $redirectTo The URL we should redirect the user to after
  * updating the session. The function will check if the URL is allowed, so
  * there is no need to manually check the URL on beforehand. Please refer
  * to the 'trusted.url.domains' configuration directive for more
  * information about allowing (or disallowing) URLs.
  */
 public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
 {
     assert('is_string($authId)');
     assert('is_string($redirectTo)');
     $session = SimpleSAML_Session::getSessionFromRequest();
     $session->doLogin($authId, self::extractPersistentAuthState($state));
     SimpleSAML_Utilities::redirectUntrustedURL($redirectTo);
 }
 /**
  * Log out from this authentication source.
  *
  * This method retrieves the authentication source used for this
  * session and then call the logout method on it.
  *
  * @param array &$state	 Information about the current logout operation.
  */
 public function logout(&$state)
 {
     assert('is_array($state)');
     /* Get the source that was used to authenticate */
     $session = SimpleSAML_Session::getSessionFromRequest();
     $authId = $session->getData(self::SESSION_SOURCE, $this->authId);
     $source = SimpleSAML_Auth_Source::getById($authId);
     if ($source === NULL) {
         throw new Exception('Invalid authentication source during logout: ' . $source);
     }
     /* Then, do the logout on it */
     $source->logout($state);
 }
 /**
  * Logout. 
  * 
  * @see SimpleSAML_Auth_Source::logout()
  */
 public function logout(&$state)
 {
     parent::logout($state);
     $server = sspmod_authTiqr_Auth_Tiqr::getServer(false);
     $session = SimpleSAML_Session::getSessionFromRequest();
     $sessionId = $session->getSessionId();
     $server->logout($sessionId);
 }
Beispiel #10
0
 /**
  * Delete state.
  *
  * This function deletes the given state to prevent the user from reusing it later.
  *
  * @param array &$state  The state which should be deleted.
  */
 public static function deleteState(&$state)
 {
     assert('is_array($state)');
     if (!array_key_exists(self::ID, $state)) {
         /* This state hasn't been saved. */
         return;
     }
     SimpleSAML_Logger::debug('Deleting state: ' . var_export($state[self::ID], TRUE));
     $session = SimpleSAML_Session::getSessionFromRequest();
     $session->deleteData('SimpleSAML_Auth_State', $state[self::ID]);
 }
Beispiel #11
0
 /**
  * Create a link which will POST data.
  *
  * @param string $destination The destination URL.
  * @param array  $data The name-value pairs which will be posted to the destination.
  *
  * @return string  A URL which can be accessed to post the data.
  * @throws \InvalidArgumentException If $destination is not a string or $data is not an array.
  *
  * @author Andjelko Horvat
  * @author Jaime Perez, UNINETT AS <*****@*****.**>
  */
 public static function getPOSTRedirectURL($destination, $data)
 {
     if (!is_string($destination) || !is_array($data)) {
         throw new \InvalidArgumentException('Invalid input parameters.');
     }
     $config = \SimpleSAML_Configuration::getInstance();
     $allowed = $config->getBoolean('enable.http_post', false);
     if ($allowed && preg_match("#^http:#", $destination) && self::isHTTPS()) {
         // we need to post the data to HTTP
         $url = self::getSecurePOSTRedirectURL($destination, $data);
     } else {
         // post the data directly
         $session = \SimpleSAML_Session::getSessionFromRequest();
         $id = self::savePOSTData($session, $destination, $data);
         $url = \SimpleSAML_Module::getModuleURL('core/postredirect.php', array('RedirId' => $id));
     }
     return $url;
 }
Beispiel #12
0
 /**
  * Log out from this authentication source.
  *
  * This method either logs the user out from Negotiate or passes the
  * logout call to the fallback module.
  *
  * @param array &$state Information about the current logout operation.
  */
 public function logout(&$state)
 {
     assert('is_array($state)');
     // get the source that was used to authenticate
     $authId = $state['negotiate:backend'];
     SimpleSAML_Logger::debug('Negotiate - logout has the following authId: "' . $authId . '"');
     if ($authId === null) {
         $session = SimpleSAML_Session::getSessionFromRequest();
         $session->setData('negotiate:disable', 'session', true, 24 * 60 * 60);
         parent::logout($state);
     } else {
         $source = SimpleSAML_Auth_Source::getById($authId);
         $source->logout($state);
     }
 }
Beispiel #13
0
 /**
  * Register a new session in the datastore.
  *
  * @param string $authId  The authsource ID.
  * @param array $nameId  The NameID of the user.
  * @param string|NULL $sessionIndex  The SessionIndex of the user.
  */
 public static function addSession($authId, array $nameId, $sessionIndex, $expire)
 {
     assert('is_string($authId)');
     assert('is_string($sessionIndex) || is_null($sessionIndex)');
     assert('is_int($expire)');
     if ($sessionIndex === NULL) {
         /* This IdP apparently did not include a SessionIndex, and thus probably does not
          * support SLO. We still want to add the session to the data store just in case
          * it supports SLO, but we don't want an LogoutRequest with a specific
          * SessionIndex to match this session. We therefore generate our own session index.
          */
         $sessionIndex = SimpleSAML\Utils\Random::generateID();
     }
     $store = SimpleSAML_Store::getInstance();
     if ($store === FALSE) {
         // We don't have a datastore.
         return;
     }
     /* Normalize NameID. */
     ksort($nameId);
     $strNameId = serialize($nameId);
     $strNameId = sha1($strNameId);
     /* Normalize SessionIndex. */
     if (strlen($sessionIndex) > 50) {
         $sessionIndex = sha1($sessionIndex);
     }
     $session = SimpleSAML_Session::getSessionFromRequest();
     $sessionId = $session->getSessionId();
     if ($store instanceof SimpleSAML_Store_SQL) {
         self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId);
     } else {
         $store->set('saml.LogoutStore', $strNameId . ':' . $sessionIndex, $sessionId, $expire);
     }
 }
Beispiel #14
0
 /**
  * Start a logout operation.
  *
  * @param string|NULL $url  The URL the user should be redirected to after logging out.
  *                          Defaults to the current page.
  * @deprecated
  */
 public function logout($url = NULL)
 {
     if ($url === NULL) {
         $url = SimpleSAML_Utilities::selfURL();
     }
     $session = SimpleSAML_Session::getSessionFromRequest();
     if (!$session->isValid($this->authority)) {
         /* Not authenticated to this authentication source. */
         SimpleSAML_Utilities::redirectTrustedURL($url);
         assert('FALSE');
     }
     if ($this->authority === 'saml2') {
         $config = SimpleSAML_Configuration::getInstance();
         SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php', array('RelayState' => $url));
     }
     $session->doLogout($this->authority);
     SimpleSAML_Utilities::redirectTrustedURL($url);
 }
Beispiel #15
0
 /**
  * Display this error.
  *
  * This method displays a standard simpleSAMLphp error page and exits.
  */
 public function show()
 {
     $this->setHTTPCode();
     /* Log the error message. */
     $this->logError();
     $errorData = $this->saveError();
     $config = SimpleSAML_Configuration::getInstance();
     $data['showerrors'] = $config->getBoolean('showerrors', true);
     $data['error'] = $errorData;
     $data['errorCode'] = $this->errorCode;
     $data['parameters'] = $this->parameters;
     $data['module'] = $this->module;
     $data['dictTitle'] = $this->dictTitle;
     $data['dictDescr'] = $this->dictDescr;
     $data['includeTemplate'] = $this->includeTemplate;
     /* Check if there is a valid technical contact email address. */
     if ($config->getBoolean('errorreporting', TRUE) && $config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') {
         /* Enable error reporting. */
         $baseurl = SimpleSAML_Utilities::getBaseURL();
         $data['errorReportAddress'] = $baseurl . 'errorreport.php';
     }
     $session = SimpleSAML_Session::getSessionFromRequest();
     $attributes = $session->getAttributes();
     if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
         $data['email'] = $attributes['mail'][0];
     } else {
         $data['email'] = '';
     }
     $show_function = $config->getArray('errors.show_function', NULL);
     if (isset($show_function)) {
         assert('is_callable($show_function)');
         call_user_func($show_function, $config, $data);
         assert('FALSE');
     } else {
         $t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
         $t->data = array_merge($t->data, $data);
         $t->show();
     }
     exit;
 }
 * @author     Cory Collier <*****@*****.**>
 * @license    http://opensource.org/licenses/MIT  MIT License
 * @version    git: $Id$
 * @link       https://github.com/corycollier/simplesamlphp-module-themes
 * @see        https://github.com/simplesamlphp/simplesamlphp/
 * @since      File available since Release 1.3.0
 */
$dir = SimpleSAML_Module::getModuleDir('themes');
require $dir . '/lib/functions.php';
// Define variables.
$url_path = SimpleSAML_Module::getModuleURL('themes');
$css_path = $url_path . '/css';
$js_path = $url_path . '/js';
$img_path = $url_path . '/img';
$language = $this->getLanguage();
$this->data['isadmin'] = (bool) SimpleSAML_Session::getSessionFromRequest()->getAuthState('admin');
$login_url = isset($this->data['loginurl']) ? $this->data['loginurl'] : '';
$title = isset($this->data['header']) ? $this->data['header'] : 'SimpleSAMLphp';
$alert_msg = $this->data['isadmin'] ? $this->t('{core:frontpage:loggedin_as_admin}') : '<a href="' . $login_url . '">' . $this->t('{core:frontpage:login_as_admin}') . '</a>';
if (array_key_exists('pageid', $this->data)) {
    $hookinfo = array('pre' => &$this->data['htmlinject']['htmlContentPre'], 'post' => &$this->data['htmlinject']['htmlContentPost'], 'head' => &$this->data['htmlinject']['htmlContentHead'], 'jquery' => &$jquery, 'page' => $this->data['pageid']);
    SimpleSAML_Module::callHooks('htmlinject', $hookinfo);
}
?>

<!doctype html>
<html class="" lang="<?php 
echo $language;
?>
">
  <head>
 /**
  * Retrieve the track ID we should use for logging. It is used to avoid infinite recursion between the logger class
  * and the session class.
  *
  * @return string The track ID we should use for logging, or 'NA' if we detect recursion.
  */
 private static function getTrackId()
 {
     if (self::$trackid === self::$TRACKID_FETCHING) {
         // recursion detected!
         return 'NA';
     }
     if (self::$trackid === NULL) {
         // no track ID yet, fetch it from the session class
         // mark it as currently being fetched
         self::$trackid = self::$TRACKID_FETCHING;
         // get the current session. This could cause recursion back to the logger class
         $session = SimpleSAML_Session::getSessionFromRequest();
         // update the track ID
         self::$trackid = $session->getTrackID();
     }
     assert('is_string(self::$trackid)');
     return self::$trackid;
 }
Beispiel #18
0
    <form action="#" method="post" name="f">

        <p><?php 
    echo $this->t('{authTiqr:tiqr:intro_enrollment}');
    ?>
</p>
        <?php 
    if (!array_key_exists('AuthState', $_REQUEST)) {
        $id = SimpleSAML_Auth_State::saveState($state, sspmod_authTiqr_Auth_Tiqr::STAGEID);
        $_REQUEST['AuthState'] = $id;
        $this->data['stateparams'] = array('AuthState' => $_REQUEST['AuthState']);
    }
    ?>

        <?php 
    $sid = SimpleSAML_Session::getSessionFromRequest()->getSessionId();
    ?>
        <input type="hidden" name="SessionId" value="<?php 
    echo 'Session id: [' . $sid . ']';
    ?>
" id="SessionId"/>

        <p>
            <label style="width: 7em; float:left;" for="userId">
                <?php 
    echo $this->t('{authTiqr:tiqr:label_userid}');
    ?>
: </label>
            <input id="userId" type="text" tabindex="1" name="userId"
                   value="<?php 
    echo isset($this->data['userId']) ? htmlspecialchars($this->data['userId']) : '';
Beispiel #19
0
 /**
  * Display this error.
  *
  * This method displays a standard SimpleSAMLphp error page and exits.
  */
 public function show()
 {
     $this->setHTTPCode();
     // log the error message
     $this->logError();
     $errorData = $this->saveError();
     $config = SimpleSAML_Configuration::getInstance();
     $data['showerrors'] = $config->getBoolean('showerrors', true);
     $data['error'] = $errorData;
     $data['errorCode'] = $this->errorCode;
     $data['parameters'] = $this->parameters;
     $data['module'] = $this->module;
     $data['dictTitle'] = $this->dictTitle;
     $data['dictDescr'] = $this->dictDescr;
     $data['includeTemplate'] = $this->includeTemplate;
     $data['clipboard.js'] = true;
     // check if there is a valid technical contact email address
     if ($config->getBoolean('errorreporting', true) && $config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') {
         // enable error reporting
         $baseurl = \SimpleSAML\Utils\HTTP::getBaseURL();
         $data['errorReportAddress'] = $baseurl . 'errorreport.php';
     }
     $data['email'] = '';
     $session = SimpleSAML_Session::getSessionFromRequest();
     $authorities = $session->getAuthorities();
     foreach ($authorities as $authority) {
         $attributes = $session->getAuthData($authority, 'Attributes');
         if ($attributes !== null && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
             $data['email'] = $attributes['mail'][0];
             break;
             // enough, don't need to get all available mails, if more than one
         }
     }
     $show_function = $config->getArray('errors.show_function', null);
     if (isset($show_function)) {
         assert('is_callable($show_function)');
         call_user_func($show_function, $config, $data);
         assert('FALSE');
     } else {
         $t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
         $t->data = array_merge($t->data, $data);
         $t->show();
     }
     exit;
 }
Beispiel #20
0
 /**
  * Complete login operation after re-authenticating the user on another IdP.
  *
  * @param array $state  The authentication state.
  */
 public static function reauthPostLogin(array $state)
 {
     assert('isset($state["ReturnCallback"])');
     // Update session state
     $session = SimpleSAML_Session::getSessionFromRequest();
     $session->doLogin($state['saml:sp:AuthId'], SimpleSAML_Auth_Default::extractPersistentAuthState($state));
     // resume the login process
     call_user_func($state['ReturnCallback'], $state);
     assert('FALSE');
 }
Beispiel #21
0
 /**
  * The user is authenticated.
  *
  * @param array $state  The authentication request state arrray.
  */
 public static function postAuth(array $state)
 {
     $idp = SimpleSAML_IdP::getByState($state);
     if (!$idp->isAuthenticated()) {
         throw new SimpleSAML_Error_Exception('Not authenticated.');
     }
     $state['Attributes'] = $idp->authSource->getAttributes();
     if (isset($state['SPMetadata'])) {
         $spMetadata = $state['SPMetadata'];
     } else {
         $spMetadata = array();
     }
     if (isset($state['core:SP'])) {
         $session = SimpleSAML_Session::getSessionFromRequest();
         $previousSSOTime = $session->getData('core:idp-ssotime', $state['core:IdP'] . ';' . $state['core:SP']);
         if ($previousSSOTime !== NULL) {
             $state['PreviousSSOTimestamp'] = $previousSSOTime;
         }
     }
     $idpMetadata = $idp->getConfig()->toArray();
     $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadata, $spMetadata, 'idp');
     $state['ReturnCall'] = array('SimpleSAML_IdP', 'postAuthProc');
     $state['Destination'] = $spMetadata;
     $state['Source'] = $idpMetadata;
     $pc->processState($state);
     self::postAuthProc($state);
 }
 /**
  * Clear the RealMe credentials from Session, and also remove SimpleSAMLphp session information.
  * @return void
  */
 public function clearLogin()
 {
     Session::clear('RealMeSessionDataSerialized');
     $this->config()->__set('user_data', null);
     $session = SimpleSAML_Session::getSessionFromRequest();
     if ($session instanceof SimpleSAML_Session) {
         $session->doLogout($this->config()->auth_source_name);
     }
 }
Beispiel #23
0
 /**
  * Call a logout callback based on association.
  *
  * This function calls a logout callback based on an association saved with
  * addLogoutCallback(...).
  *
  * This function always returns.
  *
  * @param string $assoc  The logout association which should be called.
  */
 protected function callLogoutCallback($assoc)
 {
     assert('is_string($assoc)');
     $id = strlen($this->authId) . ':' . $this->authId . $assoc;
     $session = SimpleSAML_Session::getSessionFromRequest();
     $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
     if ($data === NULL) {
         /* FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure */
         $session->doLogout($this->authId);
         return;
     }
     assert('is_array($data)');
     assert('array_key_exists("callback", $data)');
     assert('array_key_exists("state", $data)');
     $callback = $data['callback'];
     $callbackState = $data['state'];
     call_user_func($callback, $callbackState);
 }
Beispiel #24
0
 /**
  * Flush any pending log messages to the logging handler.
  *
  * This method is intended to be registered as a shutdown handler, so that any pending messages that weren't sent
  * to the logging handler at that point, can still make it. It is therefore not intended to be called manually.
  *
  */
 public static function flush()
 {
     $s = SimpleSAML_Session::getSessionFromRequest();
     self::$trackid = $s->getTrackID();
     self::$shuttingDown = true;
     foreach (self::$earlyLog as $msg) {
         self::log($msg['level'], $msg['string'], $msg['statsLog']);
     }
 }
Beispiel #25
0
 /**
  * Retrieve all authentication data.
  *
  * @return array|NULL  All persistent authentication data, or NULL if we aren't authenticated.
  */
 public function getAuthDataArray()
 {
     if (!$this->isAuthenticated()) {
         return NULL;
     }
     $session = SimpleSAML_Session::getSessionFromRequest();
     return $session->getAuthState($this->authSource);
 }
Beispiel #26
0
 /**
  * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getPOSTRedirectURL() instead.
  */
 public static function createHttpPostRedirectLink($destination, $post)
 {
     assert('is_string($destination)');
     assert('is_array($post)');
     $postId = SimpleSAML\Utils\Random::generateID();
     $postData = array('post' => $post, 'url' => $destination);
     $session = SimpleSAML_Session::getSessionFromRequest();
     $session->setData('core_postdatalink', $postId, $postData);
     $redirInfo = base64_encode(SimpleSAML\Utils\Crypto::aesEncrypt($session->getSessionId() . ':' . $postId));
     $url = SimpleSAML_Module::getModuleURL('core/postredirect.php', array('RedirInfo' => $redirInfo));
     $url = preg_replace("#^https:#", "http:", $url);
     return $url;
 }
Beispiel #27
0
 /**
  * Check for session cookie, and show missing-cookie page if it is missing.
  *
  * @param string|NULL $retryURL  The URL the user should access to retry the operation.
  */
 public static function checkCookie($retryURL = NULL)
 {
     assert('is_string($retryURL) || is_null($retryURL)');
     $session = SimpleSAML_Session::getSessionFromRequest();
     if ($session->hasSessionCookie()) {
         return;
     }
     /* We didn't have a session cookie. Redirect to the no-cookie page. */
     $url = SimpleSAML_Module::getModuleURL('core/no_cookie.php');
     if ($retryURL !== NULL) {
         $url = self::addURLParameter($url, array('retryURL' => $retryURL));
     }
     self::redirectTrustedURL($url);
 }
Beispiel #28
0
 /**
  * Handle an unsolicited login operations.
  *
  * This method creates a session from the information received. It will then redirect to the given URL. This is used
  * to handle IdP initiated SSO. This method will never return.
  *
  * @param string $authId The id of the authentication source that received the request.
  * @param array $state A state array.
  * @param string $redirectTo The URL we should redirect the user to after updating the session. The function will
  * check if the URL is allowed, so there is no need to manually check the URL on beforehand. Please refer to the
  * 'trusted.url.domains' configuration directive for more information about allowing (or disallowing) URLs.
  */
 public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
 {
     assert('is_string($authId)');
     assert('is_string($redirectTo)');
     $session = SimpleSAML_Session::getSessionFromRequest();
     $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
     \SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
 }
<?php

/**
 * Show a warning to an user about the SP requesting SSO a short time after
 * doing it previously.
 *
 * @package SimpleSAMLphp
 */
if (!array_key_exists('StateId', $_REQUEST)) {
    throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
$id = $_REQUEST['StateId'];
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
$session = SimpleSAML_Session::getSessionFromRequest();
if (array_key_exists('continue', $_REQUEST)) {
    // The user has pressed the continue/retry-button
    SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php');
$t->data['target'] = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php');
$t->data['params'] = array('StateId' => $id);
$t->data['trackId'] = $session->getTrackID();
$t->show();
function simplesamlphp_get_authentication_nav($view)
{
    $session = SimpleSAML_Session::getSessionFromRequest();
    $is_admin = (bool) $session->getAuthState('admin');
    $text = $view->t('{core:frontpage:login_as_admin}');
    $params = array('as' => 'admin');
    if ($is_admin) {
        $text = $view->t('{status:logout}');
        $params['logout'] = '';
    }
    $url = SimpleSAML_Module::getModuleURL('core/authenticate.php', $params);
    return '<li><a href="' . $url . '">' . $text . '</a></li>';
    //core/authenticate.php?as=admin
    //core/authenticate.php?as=admin&logout
}