Retrieves the current session. Creates a new session if there's not one.
public static getSessionFromRequest ( ) : SimpleSAML_Session | ||
return | SimpleSAML_Session | The current session. |
public function process(&$state) { assert('is_array($state)'); if (empty($state['Expire']) || empty($state['Authority'])) { return; } $now = time(); $delta = $state['Expire'] - $now; $globalConfig = SimpleSAML_Configuration::getInstance(); $sessionDuration = $globalConfig->getInteger('session.duration', 8 * 60 * 60); /* Extend only if half of session duration already passed */ if ($delta >= $sessionDuration * 0.5) { return; } /* Update authority expire time */ $session = SimpleSAML_Session::getSessionFromRequest(); $session->setAuthorityExpire($state['Authority']); /* Update session cookies duration */ /* If remember me is active */ $rememberMeExpire = $session->getRememberMeExpire(); if (!empty($state['RememberMe']) && $rememberMeExpire !== NULL && $globalConfig->getBoolean('session.rememberme.enable', FALSE)) { $session->setRememberMeExpire(); return; } /* Or if session lifetime is more than zero */ $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler(); $cookieParams = $sessionHandler->getCookieParams(); if ($cookieParams['lifetime'] > 0) { $session->updateSessionCookies(); } }
public static function checkLoggedAndSameAuth() { $session = SimpleSAML_Session::getSessionFromRequest(); $uregconf = SimpleSAML_Configuration::getConfig('module_selfregister.php'); $asId = $uregconf->getString('auth'); $as = new SimpleSAML_Auth_Simple($asId); if ($as->isAuthenticated()) { return $as; } return false; }
/** * @deprecated This method will be removed in SSP 2.0. */ public static function initLogoutReturn($returnURL, $authority) { assert('is_string($returnURL)'); assert('is_string($authority)'); $session = SimpleSAML_Session::getSessionFromRequest(); $state = $session->getAuthData($authority, 'LogoutState'); $session->doLogout($authority); $state['SimpleSAML_Auth_Default.ReturnURL'] = $returnURL; $state['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted'); $as = SimpleSAML_Auth_Source::getById($authority); if ($as === NULL) { // The authority wasn't an authentication source... self::logoutCompleted($state); } $as->logout($state); }
/** * Initializes this discovery service. * * The constructor does the parsing of the request. If this is an invalid request, it will * throw an exception. * * @param array $metadataSets Array with metadata sets we find remote entities in. * @param string $instance The name of this instance of the discovery service. */ public function __construct(array $metadataSets, $instance) { assert('is_string($instance)'); /* Initialize standard classes. */ $this->config = SimpleSAML_Configuration::getInstance(); $this->metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $this->session = SimpleSAML_Session::getSessionFromRequest(); $this->instance = $instance; $this->metadataSets = $metadataSets; $this->log('Accessing discovery service.'); /* Standard discovery service parameters. */ if (!array_key_exists('entityID', $_GET)) { throw new Exception('Missing parameter: entityID'); } else { $this->spEntityId = $_GET['entityID']; } if (!array_key_exists('returnIDParam', $_GET)) { $this->returnIdParam = 'entityID'; } else { $this->returnIdParam = $_GET['returnIDParam']; } $this->log('returnIdParam initially set to [' . $this->returnIdParam . ']'); if (!array_key_exists('return', $_GET)) { throw new Exception('Missing parameter: return'); } else { $this->returnURL = SimpleSAML_Utilities::checkURLAllowed($_GET['return']); } $this->isPassive = FALSE; if (array_key_exists('isPassive', $_GET)) { if ($_GET['isPassive'] === 'true') { $this->isPassive = TRUE; } } $this->log('isPassive initially set to [' . ($this->isPassive ? 'TRUE' : 'FALSE') . ']'); if (array_key_exists('IdPentityID', $_GET)) { $this->setIdPentityID = $_GET['IdPentityID']; } else { $this->setIdPentityID = NULL; } if (array_key_exists('IDPList', $_REQUEST)) { $this->scopedIDPList = $_REQUEST['IDPList']; } }
/** * Process a logout response. * * This function will never return. * * @param string $assocId The association that is terminated. * @param string|null $relayState The RelayState from the start of the logout. * @param SimpleSAML_Error_Exception|null $error The error that occurred during session termination (if any). */ public function handleLogoutResponse($assocId, $relayState, SimpleSAML_Error_Exception $error = null) { assert('is_string($assocId)'); assert('is_string($relayState) || is_null($relayState)'); $session = SimpleSAML_Session::getSessionFromRequest(); $session->deleteData('core:idp-ssotime', $this->id . ';' . substr($assocId, strpos($assocId, ':') + 1)); $handler = $this->getLogoutHandler(); $handler->onResponse($assocId, $relayState, $error); assert('false'); }
/** * Check whether the current user is admin. * * @return boolean True if the current user is an admin user, false otherwise. * * @author Olav Morken, UNINETT AS <*****@*****.**> */ public static function isAdmin() { $session = \SimpleSAML_Session::getSessionFromRequest(); return $session->isValid('admin') || $session->isValid('login-admin'); }
/** * Handle a unsolicited login operations. * * This function creates a session from the received information. It * will then redirect to the given URL. * * This is used to handle IdP initiated SSO. * * @param string $authId The id of the authentication source that received * the request. * @param array $state A state array. * @param string $redirectTo The URL we should redirect the user to after * updating the session. The function will check if the URL is allowed, so * there is no need to manually check the URL on beforehand. Please refer * to the 'trusted.url.domains' configuration directive for more * information about allowing (or disallowing) URLs. */ public static function handleUnsolicitedAuth($authId, array $state, $redirectTo) { assert('is_string($authId)'); assert('is_string($redirectTo)'); $session = SimpleSAML_Session::getSessionFromRequest(); $session->doLogin($authId, self::extractPersistentAuthState($state)); SimpleSAML_Utilities::redirectUntrustedURL($redirectTo); }
/** * Log out from this authentication source. * * This method retrieves the authentication source used for this * session and then call the logout method on it. * * @param array &$state Information about the current logout operation. */ public function logout(&$state) { assert('is_array($state)'); /* Get the source that was used to authenticate */ $session = SimpleSAML_Session::getSessionFromRequest(); $authId = $session->getData(self::SESSION_SOURCE, $this->authId); $source = SimpleSAML_Auth_Source::getById($authId); if ($source === NULL) { throw new Exception('Invalid authentication source during logout: ' . $source); } /* Then, do the logout on it */ $source->logout($state); }
/** * Logout. * * @see SimpleSAML_Auth_Source::logout() */ public function logout(&$state) { parent::logout($state); $server = sspmod_authTiqr_Auth_Tiqr::getServer(false); $session = SimpleSAML_Session::getSessionFromRequest(); $sessionId = $session->getSessionId(); $server->logout($sessionId); }
/** * Delete state. * * This function deletes the given state to prevent the user from reusing it later. * * @param array &$state The state which should be deleted. */ public static function deleteState(&$state) { assert('is_array($state)'); if (!array_key_exists(self::ID, $state)) { /* This state hasn't been saved. */ return; } SimpleSAML_Logger::debug('Deleting state: ' . var_export($state[self::ID], TRUE)); $session = SimpleSAML_Session::getSessionFromRequest(); $session->deleteData('SimpleSAML_Auth_State', $state[self::ID]); }
/** * Create a link which will POST data. * * @param string $destination The destination URL. * @param array $data The name-value pairs which will be posted to the destination. * * @return string A URL which can be accessed to post the data. * @throws \InvalidArgumentException If $destination is not a string or $data is not an array. * * @author Andjelko Horvat * @author Jaime Perez, UNINETT AS <*****@*****.**> */ public static function getPOSTRedirectURL($destination, $data) { if (!is_string($destination) || !is_array($data)) { throw new \InvalidArgumentException('Invalid input parameters.'); } $config = \SimpleSAML_Configuration::getInstance(); $allowed = $config->getBoolean('enable.http_post', false); if ($allowed && preg_match("#^http:#", $destination) && self::isHTTPS()) { // we need to post the data to HTTP $url = self::getSecurePOSTRedirectURL($destination, $data); } else { // post the data directly $session = \SimpleSAML_Session::getSessionFromRequest(); $id = self::savePOSTData($session, $destination, $data); $url = \SimpleSAML_Module::getModuleURL('core/postredirect.php', array('RedirId' => $id)); } return $url; }
/** * Log out from this authentication source. * * This method either logs the user out from Negotiate or passes the * logout call to the fallback module. * * @param array &$state Information about the current logout operation. */ public function logout(&$state) { assert('is_array($state)'); // get the source that was used to authenticate $authId = $state['negotiate:backend']; SimpleSAML_Logger::debug('Negotiate - logout has the following authId: "' . $authId . '"'); if ($authId === null) { $session = SimpleSAML_Session::getSessionFromRequest(); $session->setData('negotiate:disable', 'session', true, 24 * 60 * 60); parent::logout($state); } else { $source = SimpleSAML_Auth_Source::getById($authId); $source->logout($state); } }
/** * Register a new session in the datastore. * * @param string $authId The authsource ID. * @param array $nameId The NameID of the user. * @param string|NULL $sessionIndex The SessionIndex of the user. */ public static function addSession($authId, array $nameId, $sessionIndex, $expire) { assert('is_string($authId)'); assert('is_string($sessionIndex) || is_null($sessionIndex)'); assert('is_int($expire)'); if ($sessionIndex === NULL) { /* This IdP apparently did not include a SessionIndex, and thus probably does not * support SLO. We still want to add the session to the data store just in case * it supports SLO, but we don't want an LogoutRequest with a specific * SessionIndex to match this session. We therefore generate our own session index. */ $sessionIndex = SimpleSAML\Utils\Random::generateID(); } $store = SimpleSAML_Store::getInstance(); if ($store === FALSE) { // We don't have a datastore. return; } /* Normalize NameID. */ ksort($nameId); $strNameId = serialize($nameId); $strNameId = sha1($strNameId); /* Normalize SessionIndex. */ if (strlen($sessionIndex) > 50) { $sessionIndex = sha1($sessionIndex); } $session = SimpleSAML_Session::getSessionFromRequest(); $sessionId = $session->getSessionId(); if ($store instanceof SimpleSAML_Store_SQL) { self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId); } else { $store->set('saml.LogoutStore', $strNameId . ':' . $sessionIndex, $sessionId, $expire); } }
/** * Start a logout operation. * * @param string|NULL $url The URL the user should be redirected to after logging out. * Defaults to the current page. * @deprecated */ public function logout($url = NULL) { if ($url === NULL) { $url = SimpleSAML_Utilities::selfURL(); } $session = SimpleSAML_Session::getSessionFromRequest(); if (!$session->isValid($this->authority)) { /* Not authenticated to this authentication source. */ SimpleSAML_Utilities::redirectTrustedURL($url); assert('FALSE'); } if ($this->authority === 'saml2') { $config = SimpleSAML_Configuration::getInstance(); SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php', array('RelayState' => $url)); } $session->doLogout($this->authority); SimpleSAML_Utilities::redirectTrustedURL($url); }
/** * Display this error. * * This method displays a standard simpleSAMLphp error page and exits. */ public function show() { $this->setHTTPCode(); /* Log the error message. */ $this->logError(); $errorData = $this->saveError(); $config = SimpleSAML_Configuration::getInstance(); $data['showerrors'] = $config->getBoolean('showerrors', true); $data['error'] = $errorData; $data['errorCode'] = $this->errorCode; $data['parameters'] = $this->parameters; $data['module'] = $this->module; $data['dictTitle'] = $this->dictTitle; $data['dictDescr'] = $this->dictDescr; $data['includeTemplate'] = $this->includeTemplate; /* Check if there is a valid technical contact email address. */ if ($config->getBoolean('errorreporting', TRUE) && $config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') { /* Enable error reporting. */ $baseurl = SimpleSAML_Utilities::getBaseURL(); $data['errorReportAddress'] = $baseurl . 'errorreport.php'; } $session = SimpleSAML_Session::getSessionFromRequest(); $attributes = $session->getAttributes(); if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) { $data['email'] = $attributes['mail'][0]; } else { $data['email'] = ''; } $show_function = $config->getArray('errors.show_function', NULL); if (isset($show_function)) { assert('is_callable($show_function)'); call_user_func($show_function, $config, $data); assert('FALSE'); } else { $t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors'); $t->data = array_merge($t->data, $data); $t->show(); } exit; }
* @author Cory Collier <*****@*****.**> * @license http://opensource.org/licenses/MIT MIT License * @version git: $Id$ * @link https://github.com/corycollier/simplesamlphp-module-themes * @see https://github.com/simplesamlphp/simplesamlphp/ * @since File available since Release 1.3.0 */ $dir = SimpleSAML_Module::getModuleDir('themes'); require $dir . '/lib/functions.php'; // Define variables. $url_path = SimpleSAML_Module::getModuleURL('themes'); $css_path = $url_path . '/css'; $js_path = $url_path . '/js'; $img_path = $url_path . '/img'; $language = $this->getLanguage(); $this->data['isadmin'] = (bool) SimpleSAML_Session::getSessionFromRequest()->getAuthState('admin'); $login_url = isset($this->data['loginurl']) ? $this->data['loginurl'] : ''; $title = isset($this->data['header']) ? $this->data['header'] : 'SimpleSAMLphp'; $alert_msg = $this->data['isadmin'] ? $this->t('{core:frontpage:loggedin_as_admin}') : '<a href="' . $login_url . '">' . $this->t('{core:frontpage:login_as_admin}') . '</a>'; if (array_key_exists('pageid', $this->data)) { $hookinfo = array('pre' => &$this->data['htmlinject']['htmlContentPre'], 'post' => &$this->data['htmlinject']['htmlContentPost'], 'head' => &$this->data['htmlinject']['htmlContentHead'], 'jquery' => &$jquery, 'page' => $this->data['pageid']); SimpleSAML_Module::callHooks('htmlinject', $hookinfo); } ?> <!doctype html> <html class="" lang="<?php echo $language; ?> "> <head>
/** * Retrieve the track ID we should use for logging. It is used to avoid infinite recursion between the logger class * and the session class. * * @return string The track ID we should use for logging, or 'NA' if we detect recursion. */ private static function getTrackId() { if (self::$trackid === self::$TRACKID_FETCHING) { // recursion detected! return 'NA'; } if (self::$trackid === NULL) { // no track ID yet, fetch it from the session class // mark it as currently being fetched self::$trackid = self::$TRACKID_FETCHING; // get the current session. This could cause recursion back to the logger class $session = SimpleSAML_Session::getSessionFromRequest(); // update the track ID self::$trackid = $session->getTrackID(); } assert('is_string(self::$trackid)'); return self::$trackid; }
<form action="#" method="post" name="f"> <p><?php echo $this->t('{authTiqr:tiqr:intro_enrollment}'); ?> </p> <?php if (!array_key_exists('AuthState', $_REQUEST)) { $id = SimpleSAML_Auth_State::saveState($state, sspmod_authTiqr_Auth_Tiqr::STAGEID); $_REQUEST['AuthState'] = $id; $this->data['stateparams'] = array('AuthState' => $_REQUEST['AuthState']); } ?> <?php $sid = SimpleSAML_Session::getSessionFromRequest()->getSessionId(); ?> <input type="hidden" name="SessionId" value="<?php echo 'Session id: [' . $sid . ']'; ?> " id="SessionId"/> <p> <label style="width: 7em; float:left;" for="userId"> <?php echo $this->t('{authTiqr:tiqr:label_userid}'); ?> : </label> <input id="userId" type="text" tabindex="1" name="userId" value="<?php echo isset($this->data['userId']) ? htmlspecialchars($this->data['userId']) : '';
/** * Display this error. * * This method displays a standard SimpleSAMLphp error page and exits. */ public function show() { $this->setHTTPCode(); // log the error message $this->logError(); $errorData = $this->saveError(); $config = SimpleSAML_Configuration::getInstance(); $data['showerrors'] = $config->getBoolean('showerrors', true); $data['error'] = $errorData; $data['errorCode'] = $this->errorCode; $data['parameters'] = $this->parameters; $data['module'] = $this->module; $data['dictTitle'] = $this->dictTitle; $data['dictDescr'] = $this->dictDescr; $data['includeTemplate'] = $this->includeTemplate; $data['clipboard.js'] = true; // check if there is a valid technical contact email address if ($config->getBoolean('errorreporting', true) && $config->getString('technicalcontact_email', '*****@*****.**') !== '*****@*****.**') { // enable error reporting $baseurl = \SimpleSAML\Utils\HTTP::getBaseURL(); $data['errorReportAddress'] = $baseurl . 'errorreport.php'; } $data['email'] = ''; $session = SimpleSAML_Session::getSessionFromRequest(); $authorities = $session->getAuthorities(); foreach ($authorities as $authority) { $attributes = $session->getAuthData($authority, 'Attributes'); if ($attributes !== null && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) { $data['email'] = $attributes['mail'][0]; break; // enough, don't need to get all available mails, if more than one } } $show_function = $config->getArray('errors.show_function', null); if (isset($show_function)) { assert('is_callable($show_function)'); call_user_func($show_function, $config, $data); assert('FALSE'); } else { $t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors'); $t->data = array_merge($t->data, $data); $t->show(); } exit; }
/** * Complete login operation after re-authenticating the user on another IdP. * * @param array $state The authentication state. */ public static function reauthPostLogin(array $state) { assert('isset($state["ReturnCallback"])'); // Update session state $session = SimpleSAML_Session::getSessionFromRequest(); $session->doLogin($state['saml:sp:AuthId'], SimpleSAML_Auth_Default::extractPersistentAuthState($state)); // resume the login process call_user_func($state['ReturnCallback'], $state); assert('FALSE'); }
/** * The user is authenticated. * * @param array $state The authentication request state arrray. */ public static function postAuth(array $state) { $idp = SimpleSAML_IdP::getByState($state); if (!$idp->isAuthenticated()) { throw new SimpleSAML_Error_Exception('Not authenticated.'); } $state['Attributes'] = $idp->authSource->getAttributes(); if (isset($state['SPMetadata'])) { $spMetadata = $state['SPMetadata']; } else { $spMetadata = array(); } if (isset($state['core:SP'])) { $session = SimpleSAML_Session::getSessionFromRequest(); $previousSSOTime = $session->getData('core:idp-ssotime', $state['core:IdP'] . ';' . $state['core:SP']); if ($previousSSOTime !== NULL) { $state['PreviousSSOTimestamp'] = $previousSSOTime; } } $idpMetadata = $idp->getConfig()->toArray(); $pc = new SimpleSAML_Auth_ProcessingChain($idpMetadata, $spMetadata, 'idp'); $state['ReturnCall'] = array('SimpleSAML_IdP', 'postAuthProc'); $state['Destination'] = $spMetadata; $state['Source'] = $idpMetadata; $pc->processState($state); self::postAuthProc($state); }
/** * Clear the RealMe credentials from Session, and also remove SimpleSAMLphp session information. * @return void */ public function clearLogin() { Session::clear('RealMeSessionDataSerialized'); $this->config()->__set('user_data', null); $session = SimpleSAML_Session::getSessionFromRequest(); if ($session instanceof SimpleSAML_Session) { $session->doLogout($this->config()->auth_source_name); } }
/** * Call a logout callback based on association. * * This function calls a logout callback based on an association saved with * addLogoutCallback(...). * * This function always returns. * * @param string $assoc The logout association which should be called. */ protected function callLogoutCallback($assoc) { assert('is_string($assoc)'); $id = strlen($this->authId) . ':' . $this->authId . $assoc; $session = SimpleSAML_Session::getSessionFromRequest(); $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id); if ($data === NULL) { /* FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure */ $session->doLogout($this->authId); return; } assert('is_array($data)'); assert('array_key_exists("callback", $data)'); assert('array_key_exists("state", $data)'); $callback = $data['callback']; $callbackState = $data['state']; call_user_func($callback, $callbackState); }
/** * Flush any pending log messages to the logging handler. * * This method is intended to be registered as a shutdown handler, so that any pending messages that weren't sent * to the logging handler at that point, can still make it. It is therefore not intended to be called manually. * */ public static function flush() { $s = SimpleSAML_Session::getSessionFromRequest(); self::$trackid = $s->getTrackID(); self::$shuttingDown = true; foreach (self::$earlyLog as $msg) { self::log($msg['level'], $msg['string'], $msg['statsLog']); } }
/** * Retrieve all authentication data. * * @return array|NULL All persistent authentication data, or NULL if we aren't authenticated. */ public function getAuthDataArray() { if (!$this->isAuthenticated()) { return NULL; } $session = SimpleSAML_Session::getSessionFromRequest(); return $session->getAuthState($this->authSource); }
/** * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getPOSTRedirectURL() instead. */ public static function createHttpPostRedirectLink($destination, $post) { assert('is_string($destination)'); assert('is_array($post)'); $postId = SimpleSAML\Utils\Random::generateID(); $postData = array('post' => $post, 'url' => $destination); $session = SimpleSAML_Session::getSessionFromRequest(); $session->setData('core_postdatalink', $postId, $postData); $redirInfo = base64_encode(SimpleSAML\Utils\Crypto::aesEncrypt($session->getSessionId() . ':' . $postId)); $url = SimpleSAML_Module::getModuleURL('core/postredirect.php', array('RedirInfo' => $redirInfo)); $url = preg_replace("#^https:#", "http:", $url); return $url; }
/** * Check for session cookie, and show missing-cookie page if it is missing. * * @param string|NULL $retryURL The URL the user should access to retry the operation. */ public static function checkCookie($retryURL = NULL) { assert('is_string($retryURL) || is_null($retryURL)'); $session = SimpleSAML_Session::getSessionFromRequest(); if ($session->hasSessionCookie()) { return; } /* We didn't have a session cookie. Redirect to the no-cookie page. */ $url = SimpleSAML_Module::getModuleURL('core/no_cookie.php'); if ($retryURL !== NULL) { $url = self::addURLParameter($url, array('retryURL' => $retryURL)); } self::redirectTrustedURL($url); }
/** * Handle an unsolicited login operations. * * This method creates a session from the information received. It will then redirect to the given URL. This is used * to handle IdP initiated SSO. This method will never return. * * @param string $authId The id of the authentication source that received the request. * @param array $state A state array. * @param string $redirectTo The URL we should redirect the user to after updating the session. The function will * check if the URL is allowed, so there is no need to manually check the URL on beforehand. Please refer to the * 'trusted.url.domains' configuration directive for more information about allowing (or disallowing) URLs. */ public static function handleUnsolicitedAuth($authId, array $state, $redirectTo) { assert('is_string($authId)'); assert('is_string($redirectTo)'); $session = SimpleSAML_Session::getSessionFromRequest(); $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state)); \SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo); }
<?php /** * Show a warning to an user about the SP requesting SSO a short time after * doing it previously. * * @package SimpleSAMLphp */ if (!array_key_exists('StateId', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.'); } $id = $_REQUEST['StateId']; $state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval'); $session = SimpleSAML_Session::getSessionFromRequest(); if (array_key_exists('continue', $_REQUEST)) { // The user has pressed the continue/retry-button SimpleSAML_Auth_ProcessingChain::resumeProcessing($state); } $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php'); $t->data['target'] = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php'); $t->data['params'] = array('StateId' => $id); $t->data['trackId'] = $session->getTrackID(); $t->show();
function simplesamlphp_get_authentication_nav($view) { $session = SimpleSAML_Session::getSessionFromRequest(); $is_admin = (bool) $session->getAuthState('admin'); $text = $view->t('{core:frontpage:login_as_admin}'); $params = array('as' => 'admin'); if ($is_admin) { $text = $view->t('{status:logout}'); $params['logout'] = ''; } $url = SimpleSAML_Module::getModuleURL('core/authenticate.php', $params); return '<li><a href="' . $url . '">' . $text . '</a></li>'; //core/authenticate.php?as=admin //core/authenticate.php?as=admin&logout }