Retrieves the current session. Creates a new session if there's not one.
| public static getSessionFromRequest ( ) : SimpleSAML_Session | ||
| return | SimpleSAML_Session | The current session. |
public function process(&$state)
{
assert('is_array($state)');
if (empty($state['Expire']) || empty($state['Authority'])) {
return;
}
$now = time();
$delta = $state['Expire'] - $now;
$globalConfig = SimpleSAML_Configuration::getInstance();
$sessionDuration = $globalConfig->getInteger('session.duration', 8 * 60 * 60);
/* Extend only if half of session duration already passed */
if ($delta >= $sessionDuration * 0.5) {
return;
}
/* Update authority expire time */
$session = SimpleSAML_Session::getSessionFromRequest();
$session->setAuthorityExpire($state['Authority']);
/* Update session cookies duration */
/* If remember me is active */
$rememberMeExpire = $session->getRememberMeExpire();
if (!empty($state['RememberMe']) && $rememberMeExpire !== NULL && $globalConfig->getBoolean('session.rememberme.enable', FALSE)) {
$session->setRememberMeExpire();
return;
}
/* Or if session lifetime is more than zero */
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$cookieParams = $sessionHandler->getCookieParams();
if ($cookieParams['lifetime'] > 0) {
$session->updateSessionCookies();
}
}
public static function checkLoggedAndSameAuth()
{
$session = SimpleSAML_Session::getSessionFromRequest();
$uregconf = SimpleSAML_Configuration::getConfig('module_selfregister.php');
$asId = $uregconf->getString('auth');
$as = new SimpleSAML_Auth_Simple($asId);
if ($as->isAuthenticated()) {
return $as;
}
return false;
}
/**
* @deprecated This method will be removed in SSP 2.0.
*/
public static function initLogoutReturn($returnURL, $authority)
{
assert('is_string($returnURL)');
assert('is_string($authority)');
$session = SimpleSAML_Session::getSessionFromRequest();
$state = $session->getAuthData($authority, 'LogoutState');
$session->doLogout($authority);
$state['SimpleSAML_Auth_Default.ReturnURL'] = $returnURL;
$state['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted');
$as = SimpleSAML_Auth_Source::getById($authority);
if ($as === NULL) {
// The authority wasn't an authentication source...
self::logoutCompleted($state);
}
$as->logout($state);
}
/**
* Initializes this discovery service.
*
* The constructor does the parsing of the request. If this is an invalid request, it will
* throw an exception.
*
* @param array $metadataSets Array with metadata sets we find remote entities in.
* @param string $instance The name of this instance of the discovery service.
*/
public function __construct(array $metadataSets, $instance)
{
assert('is_string($instance)');
/* Initialize standard classes. */
$this->config = SimpleSAML_Configuration::getInstance();
$this->metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$this->session = SimpleSAML_Session::getSessionFromRequest();
$this->instance = $instance;
$this->metadataSets = $metadataSets;
$this->log('Accessing discovery service.');
/* Standard discovery service parameters. */
if (!array_key_exists('entityID', $_GET)) {
throw new Exception('Missing parameter: entityID');
} else {
$this->spEntityId = $_GET['entityID'];
}
if (!array_key_exists('returnIDParam', $_GET)) {
$this->returnIdParam = 'entityID';
} else {
$this->returnIdParam = $_GET['returnIDParam'];
}
$this->log('returnIdParam initially set to [' . $this->returnIdParam . ']');
if (!array_key_exists('return', $_GET)) {
throw new Exception('Missing parameter: return');
} else {
$this->returnURL = SimpleSAML_Utilities::checkURLAllowed($_GET['return']);
}
$this->isPassive = FALSE;
if (array_key_exists('isPassive', $_GET)) {
if ($_GET['isPassive'] === 'true') {
$this->isPassive = TRUE;
}
}
$this->log('isPassive initially set to [' . ($this->isPassive ? 'TRUE' : 'FALSE') . ']');
if (array_key_exists('IdPentityID', $_GET)) {
$this->setIdPentityID = $_GET['IdPentityID'];
} else {
$this->setIdPentityID = NULL;
}
if (array_key_exists('IDPList', $_REQUEST)) {
$this->scopedIDPList = $_REQUEST['IDPList'];
}
}
/**
* Process a logout response.
*
* This function will never return.
*
* @param string $assocId The association that is terminated.
* @param string|null $relayState The RelayState from the start of the logout.
* @param SimpleSAML_Error_Exception|null $error The error that occurred during session termination (if any).
*/
public function handleLogoutResponse($assocId, $relayState, SimpleSAML_Error_Exception $error = null)
{
assert('is_string($assocId)');
assert('is_string($relayState) || is_null($relayState)');
$session = SimpleSAML_Session::getSessionFromRequest();
$session->deleteData('core:idp-ssotime', $this->id . ';' . substr($assocId, strpos($assocId, ':') + 1));
$handler = $this->getLogoutHandler();
$handler->onResponse($assocId, $relayState, $error);
assert('false');
}
/**
* Check whether the current user is admin.
*
* @return boolean True if the current user is an admin user, false otherwise.
*
* @author Olav Morken, UNINETT AS <*****@*****.**>
*/
public static function isAdmin()
{
$session = \SimpleSAML_Session::getSessionFromRequest();
return $session->isValid('admin') || $session->isValid('login-admin');
}
/**
* Handle a unsolicited login operations.
*
* This function creates a session from the received information. It
* will then redirect to the given URL.
*
* This is used to handle IdP initiated SSO.
*
* @param string $authId The id of the authentication source that received
* the request.
* @param array $state A state array.
* @param string $redirectTo The URL we should redirect the user to after
* updating the session. The function will check if the URL is allowed, so
* there is no need to manually check the URL on beforehand. Please refer
* to the 'trusted.url.domains' configuration directive for more
* information about allowing (or disallowing) URLs.
*/
public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
{
assert('is_string($authId)');
assert('is_string($redirectTo)');
$session = SimpleSAML_Session::getSessionFromRequest();
$session->doLogin($authId, self::extractPersistentAuthState($state));
SimpleSAML_Utilities::redirectUntrustedURL($redirectTo);
}
/**
* Log out from this authentication source.
*
* This method retrieves the authentication source used for this
* session and then call the logout method on it.
*
* @param array &$state Information about the current logout operation.
*/
public function logout(&$state)
{
assert('is_array($state)');
/* Get the source that was used to authenticate */
$session = SimpleSAML_Session::getSessionFromRequest();
$authId = $session->getData(self::SESSION_SOURCE, $this->authId);
$source = SimpleSAML_Auth_Source::getById($authId);
if ($source === NULL) {
throw new Exception('Invalid authentication source during logout: ' . $source);
}
/* Then, do the logout on it */
$source->logout($state);
}
/**
* Logout.
*
* @see SimpleSAML_Auth_Source::logout()
*/
public function logout(&$state)
{
parent::logout($state);
$server = sspmod_authTiqr_Auth_Tiqr::getServer(false);
$session = SimpleSAML_Session::getSessionFromRequest();
$sessionId = $session->getSessionId();
$server->logout($sessionId);
}
/**
* Delete state.
*
* This function deletes the given state to prevent the user from reusing it later.
*
* @param array &$state The state which should be deleted.
*/
public static function deleteState(&$state)
{
assert('is_array($state)');
if (!array_key_exists(self::ID, $state)) {
/* This state hasn't been saved. */
return;
}
SimpleSAML_Logger::debug('Deleting state: ' . var_export($state[self::ID], TRUE));
$session = SimpleSAML_Session::getSessionFromRequest();
$session->deleteData('SimpleSAML_Auth_State', $state[self::ID]);
}
/**
* Create a link which will POST data.
*
* @param string $destination The destination URL.
* @param array $data The name-value pairs which will be posted to the destination.
*
* @return string A URL which can be accessed to post the data.
* @throws \InvalidArgumentException If $destination is not a string or $data is not an array.
*
* @author Andjelko Horvat
* @author Jaime Perez, UNINETT AS <*****@*****.**>
*/
public static function getPOSTRedirectURL($destination, $data)
{
if (!is_string($destination) || !is_array($data)) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
$config = \SimpleSAML_Configuration::getInstance();
$allowed = $config->getBoolean('enable.http_post', false);
if ($allowed && preg_match("#^http:#", $destination) && self::isHTTPS()) {
// we need to post the data to HTTP
$url = self::getSecurePOSTRedirectURL($destination, $data);
} else {
// post the data directly
$session = \SimpleSAML_Session::getSessionFromRequest();
$id = self::savePOSTData($session, $destination, $data);
$url = \SimpleSAML_Module::getModuleURL('core/postredirect.php', array('RedirId' => $id));
}
return $url;
}
/**
* Log out from this authentication source.
*
* This method either logs the user out from Negotiate or passes the
* logout call to the fallback module.
*
* @param array &$state Information about the current logout operation.
*/
public function logout(&$state)
{
assert('is_array($state)');
// get the source that was used to authenticate
$authId = $state['negotiate:backend'];
SimpleSAML_Logger::debug('Negotiate - logout has the following authId: "' . $authId . '"');
if ($authId === null) {
$session = SimpleSAML_Session::getSessionFromRequest();
$session->setData('negotiate:disable', 'session', true, 24 * 60 * 60);
parent::logout($state);
} else {
$source = SimpleSAML_Auth_Source::getById($authId);
$source->logout($state);
}
}
/**
* Register a new session in the datastore.
*
* @param string $authId The authsource ID.
* @param array $nameId The NameID of the user.
* @param string|NULL $sessionIndex The SessionIndex of the user.
*/
public static function addSession($authId, array $nameId, $sessionIndex, $expire)
{
assert('is_string($authId)');
assert('is_string($sessionIndex) || is_null($sessionIndex)');
assert('is_int($expire)');
if ($sessionIndex === NULL) {
/* This IdP apparently did not include a SessionIndex, and thus probably does not
* support SLO. We still want to add the session to the data store just in case
* it supports SLO, but we don't want an LogoutRequest with a specific
* SessionIndex to match this session. We therefore generate our own session index.
*/
$sessionIndex = SimpleSAML\Utils\Random::generateID();
}
$store = SimpleSAML_Store::getInstance();
if ($store === FALSE) {
// We don't have a datastore.
return;
}
/* Normalize NameID. */
ksort($nameId);
$strNameId = serialize($nameId);
$strNameId = sha1($strNameId);
/* Normalize SessionIndex. */
if (strlen($sessionIndex) > 50) {
$sessionIndex = sha1($sessionIndex);
}
$session = SimpleSAML_Session::getSessionFromRequest();
$sessionId = $session->getSessionId();
if ($store instanceof SimpleSAML_Store_SQL) {
self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId);
} else {
$store->set('saml.LogoutStore', $strNameId . ':' . $sessionIndex, $sessionId, $expire);
}
}
/**
* Start a logout operation.
*
* @param string|NULL $url The URL the user should be redirected to after logging out.
* Defaults to the current page.
* @deprecated
*/
public function logout($url = NULL)
{
if ($url === NULL) {
$url = SimpleSAML_Utilities::selfURL();
}
$session = SimpleSAML_Session::getSessionFromRequest();
if (!$session->isValid($this->authority)) {
/* Not authenticated to this authentication source. */
SimpleSAML_Utilities::redirectTrustedURL($url);
assert('FALSE');
}
if ($this->authority === 'saml2') {
$config = SimpleSAML_Configuration::getInstance();
SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php', array('RelayState' => $url));
}
$session->doLogout($this->authority);
SimpleSAML_Utilities::redirectTrustedURL($url);
}
/**
* Display this error.
*
* This method displays a standard simpleSAMLphp error page and exits.
*/
public function show()
{
$this->setHTTPCode();
/* Log the error message. */
$this->logError();
$errorData = $this->saveError();
$config = SimpleSAML_Configuration::getInstance();
$data['showerrors'] = $config->getBoolean('showerrors', true);
$data['error'] = $errorData;
$data['errorCode'] = $this->errorCode;
$data['parameters'] = $this->parameters;
$data['module'] = $this->module;
$data['dictTitle'] = $this->dictTitle;
$data['dictDescr'] = $this->dictDescr;
$data['includeTemplate'] = $this->includeTemplate;
/* Check if there is a valid technical contact email address. */
if ($config->getBoolean('errorreporting', TRUE) && $config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') {
/* Enable error reporting. */
$baseurl = SimpleSAML_Utilities::getBaseURL();
$data['errorReportAddress'] = $baseurl . 'errorreport.php';
}
$session = SimpleSAML_Session::getSessionFromRequest();
$attributes = $session->getAttributes();
if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
$data['email'] = $attributes['mail'][0];
} else {
$data['email'] = '';
}
$show_function = $config->getArray('errors.show_function', NULL);
if (isset($show_function)) {
assert('is_callable($show_function)');
call_user_func($show_function, $config, $data);
assert('FALSE');
} else {
$t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
$t->data = array_merge($t->data, $data);
$t->show();
}
exit;
}
* @author Cory Collier <*****@*****.**>
* @license http://opensource.org/licenses/MIT MIT License
* @version git: $Id$
* @link https://github.com/corycollier/simplesamlphp-module-themes
* @see https://github.com/simplesamlphp/simplesamlphp/
* @since File available since Release 1.3.0
*/
$dir = SimpleSAML_Module::getModuleDir('themes');
require $dir . '/lib/functions.php';
// Define variables.
$url_path = SimpleSAML_Module::getModuleURL('themes');
$css_path = $url_path . '/css';
$js_path = $url_path . '/js';
$img_path = $url_path . '/img';
$language = $this->getLanguage();
$this->data['isadmin'] = (bool) SimpleSAML_Session::getSessionFromRequest()->getAuthState('admin');
$login_url = isset($this->data['loginurl']) ? $this->data['loginurl'] : '';
$title = isset($this->data['header']) ? $this->data['header'] : 'SimpleSAMLphp';
$alert_msg = $this->data['isadmin'] ? $this->t('{core:frontpage:loggedin_as_admin}') : '<a href="' . $login_url . '">' . $this->t('{core:frontpage:login_as_admin}') . '</a>';
if (array_key_exists('pageid', $this->data)) {
$hookinfo = array('pre' => &$this->data['htmlinject']['htmlContentPre'], 'post' => &$this->data['htmlinject']['htmlContentPost'], 'head' => &$this->data['htmlinject']['htmlContentHead'], 'jquery' => &$jquery, 'page' => $this->data['pageid']);
SimpleSAML_Module::callHooks('htmlinject', $hookinfo);
}
?>
<!doctype html>
<html class="" lang="<?php
echo $language;
?>
">
<head>
/**
* Retrieve the track ID we should use for logging. It is used to avoid infinite recursion between the logger class
* and the session class.
*
* @return string The track ID we should use for logging, or 'NA' if we detect recursion.
*/
private static function getTrackId()
{
if (self::$trackid === self::$TRACKID_FETCHING) {
// recursion detected!
return 'NA';
}
if (self::$trackid === NULL) {
// no track ID yet, fetch it from the session class
// mark it as currently being fetched
self::$trackid = self::$TRACKID_FETCHING;
// get the current session. This could cause recursion back to the logger class
$session = SimpleSAML_Session::getSessionFromRequest();
// update the track ID
self::$trackid = $session->getTrackID();
}
assert('is_string(self::$trackid)');
return self::$trackid;
}
<form action="#" method="post" name="f">
<p><?php
echo $this->t('{authTiqr:tiqr:intro_enrollment}');
?>
</p>
<?php
if (!array_key_exists('AuthState', $_REQUEST)) {
$id = SimpleSAML_Auth_State::saveState($state, sspmod_authTiqr_Auth_Tiqr::STAGEID);
$_REQUEST['AuthState'] = $id;
$this->data['stateparams'] = array('AuthState' => $_REQUEST['AuthState']);
}
?>
<?php
$sid = SimpleSAML_Session::getSessionFromRequest()->getSessionId();
?>
<input type="hidden" name="SessionId" value="<?php
echo 'Session id: [' . $sid . ']';
?>
" id="SessionId"/>
<p>
<label style="width: 7em; float:left;" for="userId">
<?php
echo $this->t('{authTiqr:tiqr:label_userid}');
?>
: </label>
<input id="userId" type="text" tabindex="1" name="userId"
value="<?php
echo isset($this->data['userId']) ? htmlspecialchars($this->data['userId']) : '';
/**
* Display this error.
*
* This method displays a standard SimpleSAMLphp error page and exits.
*/
public function show()
{
$this->setHTTPCode();
// log the error message
$this->logError();
$errorData = $this->saveError();
$config = SimpleSAML_Configuration::getInstance();
$data['showerrors'] = $config->getBoolean('showerrors', true);
$data['error'] = $errorData;
$data['errorCode'] = $this->errorCode;
$data['parameters'] = $this->parameters;
$data['module'] = $this->module;
$data['dictTitle'] = $this->dictTitle;
$data['dictDescr'] = $this->dictDescr;
$data['includeTemplate'] = $this->includeTemplate;
$data['clipboard.js'] = true;
// check if there is a valid technical contact email address
if ($config->getBoolean('errorreporting', true) && $config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') {
// enable error reporting
$baseurl = \SimpleSAML\Utils\HTTP::getBaseURL();
$data['errorReportAddress'] = $baseurl . 'errorreport.php';
}
$data['email'] = '';
$session = SimpleSAML_Session::getSessionFromRequest();
$authorities = $session->getAuthorities();
foreach ($authorities as $authority) {
$attributes = $session->getAuthData($authority, 'Attributes');
if ($attributes !== null && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
$data['email'] = $attributes['mail'][0];
break;
// enough, don't need to get all available mails, if more than one
}
}
$show_function = $config->getArray('errors.show_function', null);
if (isset($show_function)) {
assert('is_callable($show_function)');
call_user_func($show_function, $config, $data);
assert('FALSE');
} else {
$t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
$t->data = array_merge($t->data, $data);
$t->show();
}
exit;
}
/**
* Complete login operation after re-authenticating the user on another IdP.
*
* @param array $state The authentication state.
*/
public static function reauthPostLogin(array $state)
{
assert('isset($state["ReturnCallback"])');
// Update session state
$session = SimpleSAML_Session::getSessionFromRequest();
$session->doLogin($state['saml:sp:AuthId'], SimpleSAML_Auth_Default::extractPersistentAuthState($state));
// resume the login process
call_user_func($state['ReturnCallback'], $state);
assert('FALSE');
}
/**
* The user is authenticated.
*
* @param array $state The authentication request state arrray.
*/
public static function postAuth(array $state)
{
$idp = SimpleSAML_IdP::getByState($state);
if (!$idp->isAuthenticated()) {
throw new SimpleSAML_Error_Exception('Not authenticated.');
}
$state['Attributes'] = $idp->authSource->getAttributes();
if (isset($state['SPMetadata'])) {
$spMetadata = $state['SPMetadata'];
} else {
$spMetadata = array();
}
if (isset($state['core:SP'])) {
$session = SimpleSAML_Session::getSessionFromRequest();
$previousSSOTime = $session->getData('core:idp-ssotime', $state['core:IdP'] . ';' . $state['core:SP']);
if ($previousSSOTime !== NULL) {
$state['PreviousSSOTimestamp'] = $previousSSOTime;
}
}
$idpMetadata = $idp->getConfig()->toArray();
$pc = new SimpleSAML_Auth_ProcessingChain($idpMetadata, $spMetadata, 'idp');
$state['ReturnCall'] = array('SimpleSAML_IdP', 'postAuthProc');
$state['Destination'] = $spMetadata;
$state['Source'] = $idpMetadata;
$pc->processState($state);
self::postAuthProc($state);
}
/**
* Clear the RealMe credentials from Session, and also remove SimpleSAMLphp session information.
* @return void
*/
public function clearLogin()
{
Session::clear('RealMeSessionDataSerialized');
$this->config()->__set('user_data', null);
$session = SimpleSAML_Session::getSessionFromRequest();
if ($session instanceof SimpleSAML_Session) {
$session->doLogout($this->config()->auth_source_name);
}
}
/**
* Call a logout callback based on association.
*
* This function calls a logout callback based on an association saved with
* addLogoutCallback(...).
*
* This function always returns.
*
* @param string $assoc The logout association which should be called.
*/
protected function callLogoutCallback($assoc)
{
assert('is_string($assoc)');
$id = strlen($this->authId) . ':' . $this->authId . $assoc;
$session = SimpleSAML_Session::getSessionFromRequest();
$data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
if ($data === NULL) {
/* FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure */
$session->doLogout($this->authId);
return;
}
assert('is_array($data)');
assert('array_key_exists("callback", $data)');
assert('array_key_exists("state", $data)');
$callback = $data['callback'];
$callbackState = $data['state'];
call_user_func($callback, $callbackState);
}
/**
* Flush any pending log messages to the logging handler.
*
* This method is intended to be registered as a shutdown handler, so that any pending messages that weren't sent
* to the logging handler at that point, can still make it. It is therefore not intended to be called manually.
*
*/
public static function flush()
{
$s = SimpleSAML_Session::getSessionFromRequest();
self::$trackid = $s->getTrackID();
self::$shuttingDown = true;
foreach (self::$earlyLog as $msg) {
self::log($msg['level'], $msg['string'], $msg['statsLog']);
}
}
/**
* Retrieve all authentication data.
*
* @return array|NULL All persistent authentication data, or NULL if we aren't authenticated.
*/
public function getAuthDataArray()
{
if (!$this->isAuthenticated()) {
return NULL;
}
$session = SimpleSAML_Session::getSessionFromRequest();
return $session->getAuthState($this->authSource);
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getPOSTRedirectURL() instead.
*/
public static function createHttpPostRedirectLink($destination, $post)
{
assert('is_string($destination)');
assert('is_array($post)');
$postId = SimpleSAML\Utils\Random::generateID();
$postData = array('post' => $post, 'url' => $destination);
$session = SimpleSAML_Session::getSessionFromRequest();
$session->setData('core_postdatalink', $postId, $postData);
$redirInfo = base64_encode(SimpleSAML\Utils\Crypto::aesEncrypt($session->getSessionId() . ':' . $postId));
$url = SimpleSAML_Module::getModuleURL('core/postredirect.php', array('RedirInfo' => $redirInfo));
$url = preg_replace("#^https:#", "http:", $url);
return $url;
}
/**
* Check for session cookie, and show missing-cookie page if it is missing.
*
* @param string|NULL $retryURL The URL the user should access to retry the operation.
*/
public static function checkCookie($retryURL = NULL)
{
assert('is_string($retryURL) || is_null($retryURL)');
$session = SimpleSAML_Session::getSessionFromRequest();
if ($session->hasSessionCookie()) {
return;
}
/* We didn't have a session cookie. Redirect to the no-cookie page. */
$url = SimpleSAML_Module::getModuleURL('core/no_cookie.php');
if ($retryURL !== NULL) {
$url = self::addURLParameter($url, array('retryURL' => $retryURL));
}
self::redirectTrustedURL($url);
}
/**
* Handle an unsolicited login operations.
*
* This method creates a session from the information received. It will then redirect to the given URL. This is used
* to handle IdP initiated SSO. This method will never return.
*
* @param string $authId The id of the authentication source that received the request.
* @param array $state A state array.
* @param string $redirectTo The URL we should redirect the user to after updating the session. The function will
* check if the URL is allowed, so there is no need to manually check the URL on beforehand. Please refer to the
* 'trusted.url.domains' configuration directive for more information about allowing (or disallowing) URLs.
*/
public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
{
assert('is_string($authId)');
assert('is_string($redirectTo)');
$session = SimpleSAML_Session::getSessionFromRequest();
$session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
}
<?php
/**
* Show a warning to an user about the SP requesting SSO a short time after
* doing it previously.
*
* @package SimpleSAMLphp
*/
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
$id = $_REQUEST['StateId'];
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
$session = SimpleSAML_Session::getSessionFromRequest();
if (array_key_exists('continue', $_REQUEST)) {
// The user has pressed the continue/retry-button
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php');
$t->data['target'] = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php');
$t->data['params'] = array('StateId' => $id);
$t->data['trackId'] = $session->getTrackID();
$t->show();
function simplesamlphp_get_authentication_nav($view)
{
$session = SimpleSAML_Session::getSessionFromRequest();
$is_admin = (bool) $session->getAuthState('admin');
$text = $view->t('{core:frontpage:login_as_admin}');
$params = array('as' => 'admin');
if ($is_admin) {
$text = $view->t('{status:logout}');
$params['logout'] = '';
}
$url = SimpleSAML_Module::getModuleURL('core/authenticate.php', $params);
return '<li><a href="' . $url . '">' . $text . '</a></li>';
//core/authenticate.php?as=admin
//core/authenticate.php?as=admin&logout
}
