saveState() public static method

This function saves the state, and returns an id which can be used to retrieve it later. It will also update the $state array with the identifier.
public static saveState ( &$state, string $stage, boolean $rawId = false ) : string
$stage string The current stage in the login process.
$rawId boolean Return a raw ID, without a restart URL.
return string Identifier which can be used to retrieve the state later.
 /**
  * Log in using an external authentication helper.
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     $state['openidconnect:AuthID'] = $this->authId;
     $stateId = SimpleSAML_Auth_State::saveState($state, 'openidconnect:Connect', TRUE);
     $info = $this->getConfig($stateId);
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($info["client_info"]["authorization_endpoint"], array("client_id" => $info["client_info"]["client_id"], "redirect_uri" => $info["client_info"]["redirect_uri"], "response_type" => "code", "scope" => $this->scope, "state" => $stateId));
 }
 /**
  * Log in using an external authentication helper
  *
  * @param array &$state Information about the current authentication
  */
 public function authenticate(&$state)
 {
     $state['dataportenoauth2:AuthID'] = $this->authId;
     $state_id = SimpleSAML_Auth_State::saveState($state, 'dataportenoauth2:Connect', TRUE);
     $info = $this->getConfig($state_id);
     HTTP::redirectTrustedURL($info['auth'], array("client_id" => $info["client_id"], "redirect_uri" => $info["redirect_uri"], "response_type" => "code", "state" => $state_id));
 }
Ejemplo n.º 3
0
 /**
  * Initialize login.
  *
  * This function saves the information about the login, and redirects to a
  * login page.
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /*
      * Save the identifier of this authentication source, so that we can
      * retrieve it later. This allows us to call the login()-function on
      * the current object.
      */
     $state[self::AUTHID] = $this->authId;
     /* What username we should force, if any. */
     if ($this->forcedUsername !== NULL) {
         /*
          * This is accessed by the login form, to determine if the user
          * is allowed to change the username.
          */
         $state['forcedUsername'] = $this->forcedUsername;
     }
     /* Save the $state-array, so that we can restore it after a redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
     /*
      * Redirect to the login form. We include the identifier of the saved
      * state array as a parameter to the login form.
      */
     $url = SimpleSAML_Module::getModuleURL('core/loginuserpass.php');
     $params = array('AuthState' => $id);
     SimpleSAML_Utilities::redirect($url, $params);
     /* The previous function never returns, so this code is never executed. */
     assert('FALSE');
 }
Ejemplo n.º 4
0
 /**
  * Log-in using Facebook cronus
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     SimpleSAML_Logger::debug('facebook auth state id = ' . $stateID);
     $facebook = new Facebook($this->api_key, $this->secret);
     $u = $facebook->require_login(SimpleSAML_Module::getModuleUrl('authfacebook') . '/linkback.php?next=' . $stateID);
     # http://developers.facebook.com/documentation.php?v=1.0&method=users.getInfo
     /* Causes an notice / warning...
     		if ($facebook->api_client->error_code) {
     			throw new Exception('Unable to load profile from facebook');
     		}
     		*/
     // http://developers.facebook.com/docs/reference/rest/users.getInfo
     $info = $facebook->api_client->users_getInfo($u, array('uid', 'first_name', 'middle_name', 'last_name', 'name', 'locale', 'current_location', 'affiliations', 'pic_square', 'profile_url', 'sex', 'email', 'pic', 'username', 'about_me', 'status', 'profile_blurb'));
     $attributes = array();
     foreach ($info[0] as $key => $value) {
         if (is_string($value) && !empty($value)) {
             $attributes['facebook.' . $key] = array((string) $value);
         }
     }
     if (array_key_exists('username', $info[0])) {
         $attributes['facebook_user'] = array($info[0]['username'] . '@facebook.com');
     } else {
         $attributes['facebook_user'] = array($u . '@facebook.com');
     }
     $attributes['facebook_targetedID'] = array('http://facebook.com!' . $u);
     $attributes['facebook_cn'] = array($info[0]['name']);
     SimpleSAML_Logger::debug('Facebook Returned Attributes: ' . implode(", ", array_keys($attributes)));
     $state['Attributes'] = $attributes;
 }
Ejemplo n.º 5
0
 /**
  * Start the logout operation.
  *
  * @param array &$state  The logout state.
  * @param string|NULL $assocId  The SP we are logging out from.
  */
 public function startLogout(array &$state, $assocId)
 {
     assert('is_string($assocId) || is_null($assocId)');
     $associations = $this->idp->getAssociations();
     if (count($associations) === 0) {
         $this->idp->finishLogout($state);
     }
     foreach ($associations as $id => &$association) {
         $idp = SimpleSAML_IdP::getByState($association);
         $association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
         $association['core:Logout-IFrame:State'] = 'onhold';
     }
     $state['core:Logout-IFrame:Associations'] = $associations;
     if (!is_null($assocId)) {
         $spName = $this->idp->getSPName($assocId);
         if ($spName === NULL) {
             $spName = array('en' => $assocId);
         }
         $state['core:Logout-IFrame:From'] = $spName;
     } else {
         $state['core:Logout-IFrame:From'] = NULL;
     }
     $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame');
     $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id));
     SimpleSAML_Utilities::redirect($url);
 }
Ejemplo n.º 6
0
 /**
  * Process a authentication response.
  *
  * This function checks how long it is since the last time the user was authenticated.
  * If it is to short a while since, we will show a warning to the user.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (!array_key_exists('PreviousSSOTimestamp', $state)) {
         /*
          * No timestamp from the previous SSO to this SP. This is the first
          * time during this session.
          */
         return;
     }
     $timeDelta = time() - $state['PreviousSSOTimestamp'];
     if ($timeDelta >= 10) {
         /* At least 10 seconds since last attempt. */
         return;
     }
     if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) {
         $entityId = $state['Destination']['entityid'];
     } else {
         $entityId = 'UNKNOWN';
     }
     SimpleSAML_Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE));
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
     $url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }
Ejemplo n.º 7
0
 /**
  * Start the logout operation.
  *
  * @param array       &$state The logout state.
  * @param string|null $assocId The SP we are logging out from.
  */
 public function startLogout(array &$state, $assocId)
 {
     assert('is_string($assocId) || is_null($assocId)');
     $associations = $this->idp->getAssociations();
     if (count($associations) === 0) {
         $this->idp->finishLogout($state);
     }
     foreach ($associations as $id => &$association) {
         $idp = SimpleSAML_IdP::getByState($association);
         $association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
         $association['core:Logout-IFrame:State'] = 'onhold';
     }
     $state['core:Logout-IFrame:Associations'] = $associations;
     if (!is_null($assocId)) {
         $spName = $this->idp->getSPName($assocId);
         if ($spName === null) {
             $spName = array('en' => $assocId);
         }
         $state['core:Logout-IFrame:From'] = $spName;
     } else {
         $state['core:Logout-IFrame:From'] = null;
     }
     $params = array('id' => SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'));
     if (isset($state['core:Logout-IFrame:InitType'])) {
         $params['type'] = $state['core:Logout-IFrame:InitType'];
     }
     $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', $params);
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
 }
Ejemplo n.º 8
0
 /**
  * Process a authentication response.
  *
  * This function saves the state, and redirects the user to the page where the user
  * can authorize the release of the attributes.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     $session = SimpleSAML_Session::getSessionFromRequest();
     // Register a logout handler so we can later log ourselves out when needed.
     // @todo, this doesn't work; simplesamlphp mailinglist has been notified
     $session->registerLogoutHandler('sspmod_authTiqr_Auth_Process_Tiqr', 'logout');
     $sessionId = $session->getSessionId();
     $server = sspmod_authTiqr_Auth_Tiqr::getServer(false);
     $user = $server->getAuthenticatedUser($sessionId);
     if (!empty($user)) {
         // User is already authenticated
         return;
     }
     /* User interaction nessesary. Throw exception on isPassive request */
     if (isset($state['isPassive']) && $state['isPassive'] == TRUE) {
         throw new SimpleSAML_Error_NoPassive('Unable to perform mobile authentication on passive request.');
     }
     if (!isset($state["Attributes"][$this->_uidAttribute])) {
         throw new SimpleSAML_Error_Exception('No user id present, is first factor authentication properly set up?');
     }
     $userId = $state["Attributes"][$this->_uidAttribute][0];
     $displayName = $state["Attributes"][$this->_cnAttribute][0];
     $state["tiqrUser"] = array("userId" => $userId, "displayName" => $displayName);
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, sspmod_authTiqr_Auth_Tiqr::STAGEID);
     $url = SimpleSAML_Module::getModuleURL('authTiqr/login.php');
     SimpleSAML_Utilities::redirect($url, array('AuthState' => $id));
 }
Ejemplo n.º 9
0
 /**
  * Apply filter to validate attributes.
  *
  * @param array &$request  The current request
  */
 public function process(&$request)
 {
     $authorize = FALSE;
     assert('is_array($request)');
     assert('array_key_exists("Attributes", $request)');
     $attributes =& $request['Attributes'];
     foreach ($this->valid_attribute_values as $name => $patterns) {
         if (array_key_exists($name, $attributes)) {
             foreach ($patterns as $pattern) {
                 $values = $attributes[$name];
                 if (!is_array($values)) {
                     $values = array($values);
                 }
                 foreach ($values as $value) {
                     if (preg_match($pattern, $value)) {
                         $authorize = TRUE;
                         break 3;
                     }
                 }
             }
         }
     }
     if (!$authorize) {
         /* Save state and redirect to 403 page. */
         $id = SimpleSAML_Auth_State::saveState($request, 'authorize:Authorize');
         $url = SimpleSAML_Module::getModuleURL('authorize/authorize_403.php');
         SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
     }
 }
 /**
  * When the process logic determines that the user is not
  * authorized for this service, then forward the user to
  * an 403 unauthorized page.
  *
  * Separated this code into its own method so that child
  * classes can override it and change the action. Forward
  * thinking in case a "chained" ACL is needed, more complex
  * permission logic.
  *
  * @param array $request
  */
 protected function unauthorized(&$request)
 {
     SimpleSAML_Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, true));
     $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
     $url = SimpleSAML_Module::getModuleURL('saml/sp/wrong_authncontextclassref.php');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
 }
Ejemplo n.º 11
0
 /**
  * Process an authentication response.
  *
  * This function saves the state, and if necessary redirects the user to the page where the user
  * is informed about the expiry date of his/her certificate.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
         // We have a passive request. Skip the warning
         return;
     }
     if (!isset($_SERVER['SSL_CLIENT_CERT']) || $_SERVER['SSL_CLIENT_CERT'] == '') {
         return;
     }
     $client_cert = $_SERVER['SSL_CLIENT_CERT'];
     $client_cert_data = openssl_x509_parse($client_cert);
     if ($client_cert_data == FALSE) {
         SimpleSAML\Logger::error('authX509: invalid cert');
         return;
     }
     $validTo = $client_cert_data['validTo_time_t'];
     $now = time();
     $daysleft = (int) (($validTo - $now) / (24 * 60 * 60));
     if ($daysleft > $this->warndaysbefore) {
         // We have a certificate that will be valid for some time. Skip the warning
         return;
     }
     SimpleSAML\Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
     $state['daysleft'] = $daysleft;
     $state['renewurl'] = $this->renewurl;
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
     $url = SimpleSAML\Module::getModuleURL('authX509/expirywarning.php');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
 }
Ejemplo n.º 12
0
 /**
  * Log-in using Google OAuth2Login (OpenID Connect) platform
  * Documentation at : https://developers.google.com/accounts/docs/OAuth2Login
  *
  * @param array &$state Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     $this->client->getAuth()->setState($stateID);
     $authUrl = $this->client->createAuthUrl();
     SimpleSAML_Utilities::redirectTrustedURL($authUrl);
 }
Ejemplo n.º 13
0
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
     $url = SimpleSAML_Module::getModuleURL('InfoCard/login-infocard.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('AuthState' => $id));
 }
Ejemplo n.º 14
0
 /**
  * Initialize processing of the redirect test.
  *
  * @param array &$state  The state we should update.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     assert('array_key_exists("Attributes", $state)');
     /* To check whether the state is saved correctly. */
     $state['Attributes']['RedirectTest1'] = array('OK');
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test');
     $url = SimpleSAML_Module::getModuleURL('exampleauth/redirecttest.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }
Ejemplo n.º 15
0
    /**
     * Initialize login.
     *
     * This function saves the information about the login, and redirects to a
     * login page.
     *
     * @param array &$state  Information about the current authentication.
     */
    public function authenticate(&$state) {
        assert('is_array($state)');

        /* We are going to need the authId in order to retrieve this authentication source later. */
        $state[self::AUTHID] = $this->authId;

        $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);

        $url = SimpleSAML_Module::getModuleURL('gepiauth/loginuserpassorg.php');
        $params = array('AuthState' => $id);
        SimpleSAML_Utilities::redirect($url, $params);
    }
Ejemplo n.º 16
0
 /**
  * Log-in using LiveID platform
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     // We are going to need the authId in order to retrieve this authentication source later
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     SimpleSAML_Logger::debug('authwindowslive auth state id = ' . $stateID);
     // Authenticate the user
     // Documentation at: http://msdn.microsoft.com/en-us/library/ff749771.aspx
     $authorizeURL = 'https://consent.live.com/Connect.aspx' . '?wrap_client_id=' . $this->key . '&wrap_callback=' . urlencode(SimpleSAML_Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&wrap_client_state=' . urlencode($stateID) . '&wrap_scope=WL_Profiles.View,Messenger.SignIn';
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($authorizeURL);
 }
Ejemplo n.º 17
0
 /**
  * Process a authentication response.
  *
  * This function saves the state, and redirects the user to the page where the user
  * can authorize the release of the attributes.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
         /* We have a passive request. Skip the warning. */
         return;
     }
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'warning:request');
     $url = SimpleSAML_Module::getModuleURL('preprodwarning/showwarning.php');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
 }
Ejemplo n.º 18
0
 /**
  * Redirect to page setting CDC.
  *
  * @param array &$state  The request state.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (!isset($state['Source']['entityid'])) {
         SimpleSAML_Logger::warning('saml:CDC: Could not find IdP entityID.');
         return;
     }
     /* Save state and build request. */
     $id = SimpleSAML_Auth_State::saveState($state, 'cdc:resume');
     $returnTo = SimpleSAML_Module::getModuleURL('cdc/resume.php', array('domain' => $this->domain));
     $params = array('id' => $id, 'entityID' => $state['Source']['entityid']);
     $this->client->sendRequest($returnTo, 'append', $params);
 }
Ejemplo n.º 19
0
 /**
  * Initiate authentication.
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     $state['aselect::authid'] = $this->authId;
     $id = SimpleSAML_Auth_State::saveState($state, 'aselect:login', true);
     try {
         $app_url = SimpleSAML_Module::getModuleURL('aselect/credentials.php', array('ssp_state' => $id));
         $as_url = $this->request_authentication($app_url);
         SimpleSAML_Utilities::redirect($as_url);
     } catch (Exception $e) {
         // attach the exception to the state
         SimpleSAML_Auth_State::throwException($state, $e);
     }
 }
Ejemplo n.º 20
0
 /**
  * Log-in using LiveID platform
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     // we are going to need the authId in order to retrieve this authentication source later
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     SimpleSAML\Logger::debug('authwindowslive auth state id = ' . $stateID);
     // authenticate the user
     // documentation at:
     // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/
     $authorizeURL = 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize' . '?client_id=' . $this->key . '&response_type=code' . '&response_mode=query' . '&redirect_uri=' . urlencode(SimpleSAML\Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&state=' . urlencode($stateID) . '&scope=' . urlencode('openid https://graph.microsoft.com/user.read');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($authorizeURL);
 }
Ejemplo n.º 21
0
 /**
  * Log-in using Facebook platform
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     $facebook = new sspmod_authfacebook_Facebook(array('appId' => $this->api_key, 'secret' => $this->secret), $state);
     $facebook->destroySession();
     $linkback = SimpleSAML_Module::getModuleURL('authfacebook/linkback.php', array('AuthState' => $stateID));
     $url = $facebook->getLoginUrl(array('redirect_uri' => $linkback, 'scope' => $this->req_perms));
     SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     SimpleSAML_Utilities::redirect($url);
 }
 /**
  * The inner workings of the module. Check client's subnet and redirect
  * to an authentication page protected with "HTTP Negotiate" authentication
  * or a fallback authentication source.
  *
  * @param array &$state Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     $state['negotiateserver:AuthID'] = $this->authId;
     $state['negotiateserver:AuthFallback'] = $this->auth_fallback;
     if (!$this->checkClientSubnet()) {
         $this->fallback($state);
     }
     $stateId = SimpleSAML_Auth_State::saveState($state, 'negotiateserver:Negotiate');
     $returnTo = SimpleSAML\Module::getModuleURL('negotiateserver/resume.php', array('State' => $stateId));
     $authPage = SimpleSAML\Module::getModuleURL('negotiateserver/preauth.php');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($authPage, array('State' => $stateId, 'ReturnTo' => $returnTo));
     assert('FALSE');
 }
Ejemplo n.º 23
0
 /**
  * Log-in using MySpace platform
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     $consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
     // Get the request token
     $requestToken = $consumer->getRequestToken('http://api.myspace.com/request_token');
     SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]");
     $state['authmyspace:requestToken'] = $requestToken;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     SimpleSAML_Logger::debug('authmyspace auth state id = ' . $stateID);
     // Authorize the request token
     $consumer->getAuthorizeRequest('http://api.myspace.com/authorize', $requestToken, TRUE, SimpleSAML_Module::getModuleUrl('authmyspace') . '/linkback.php?stateid=' . $stateID);
 }
Ejemplo n.º 24
0
 /**
  * Prompt the user with a list of authentication sources.
  *
  * This method saves the information about the configured sources,
  * and redirects to a page where the user must select one of these
  * authentication sources.
  *
  * This method never return. The authentication process is finished
  * in the delegateAuthentication method.
  *
  * @param array &$state	 Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     $state[self::AUTHID] = $this->authId;
     $state[self::SOURCESID] = $this->sources;
     /* Save the $state array, so that we can restore if after a redirect */
     $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
     /* Redirect to the select source page. We include the identifier of the
     		saved state array as a parameter to the login form */
     $url = SimpleSAML_Module::getModuleURL('multiauth/selectsource.php');
     $params = array('AuthState' => $id);
     SimpleSAML_Utilities::redirect($url, $params);
     /* The previous function never returns, so this code is never
     		executed */
     assert('FALSE');
 }
Ejemplo n.º 25
0
 /**
  * Log-in using Twitter platform
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     $consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
     // Get the request token
     $linkback = SimpleSAML_Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID));
     $requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback));
     SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]");
     $state['authtwitter:authdata:requestToken'] = $requestToken;
     SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     // Authorize the request token
     $consumer->getAuthorizeRequest('https://api.twitter.com/oauth/authenticate', $requestToken);
 }
Ejemplo n.º 26
0
	/**
	 * Called by linkback, to finish validate/ finish logging in.
	 * @param state $state
	 * @return list username, casattributes/ldap attributes
	 */
	public function finalStep(&$state) {
global $mysqli;
		$ticket = $state['cas:ticket'];
		$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
		$service =  SimpleSAML_Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
		list($username, $casattributes) = $this->casValidation($ticket, $service);

		//recherche du login gepi
		$path = dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__))))))));
		require_once($path."/secure/connect.inc.php");
		// Database connection
		require_once($path."/lib/mysql.inc");
		
		if ($this->_champ_cas_uid_retour == 'username') {
			$uid = $username;
		} else {
			$uid = $casattributes['uid'];
		}

		$requete = 'SELECT '.$this->_search_table_gepi_login_column.' FROM '.$this->_search_table_name.' WHERE '.$this->_search_table_cas_uid_column.'=\''.$uid.'\'';
		$result = $mysqli->query($requete);
		
		$valeur = $result->fetch_array(MYSQLI_NUM);
		if (!$valeur) {
			//utilisateur non trouvé dans la base gepi, l'authentification a échoué
				SimpleSAML_Logger::error('gepicas:' . $this->authId .
					': not authenticated. User is in the CAS but not in the gepi local database.');
				throw new SimpleSAML_Error_UserNotFound('Utilisateur non trouve dans la base locale');			
		}
		$attributes['login'] = array($valeur[0]);
		$attributes['login_gepi'] = array($valeur[0]);
		
		# On interroge la base de données pour récupérer des attributs qu'on va retourner
		# Cela ne sert pas à gepi directement mais à des services qui peuvent s'appuyer sur gepi pour l'athentification
		$query = $mysqli->query("SELECT nom, prenom, email, statut FROM utilisateurs WHERE (login = '******'login_gepi'][0]."')");
		$row = $query->fetch_object();
		
		$attributes['nom'] = array($row->nom);
		$attributes['prenom'] = array($row->prenom);
		$attributes['statut'] = array($row->statut);
		$attributes['email'] = array($row->email);
		
		$state['Attributes'] = $attributes;
		
		SimpleSAML_Auth_Source::completeAuth($state);
	}
Ejemplo n.º 27
0
 /**
  * Log-in using Facebook platform
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     // SimpleSAML_Logger::debug('facebook auth state id = ' . $stateID);
     $consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
     // Get the request token
     $requestToken = $consumer->getRequestToken('http://twitter.com/oauth/request_token');
     SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]");
     $oauthState = array('requestToken' => serialize($requestToken), 'stateid' => $stateID);
     $session = SimpleSAML_Session::getInstance();
     $session->setData('oauth', 'oauth', $oauthState);
     // Authorize the request token
     $consumer->getAuthorizeRequest('http://twitter.com/oauth/authenticate', $requestToken);
 }
Ejemplo n.º 28
0
 /**
  * Log-in using LinkedIn platform
  * Documentation at: http://developer.linkedin.com/docs/DOC-1008
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     // We are going to need the authId in order to retrieve this authentication source later
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::getStateId($state);
     SimpleSAML\Logger::debug('authlinkedin auth state id = ' . $stateID);
     $consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
     // Get the request token
     $requestToken = $consumer->getRequestToken('https://api.linkedin.com/uas/oauth/requestToken', array('oauth_callback' => SimpleSAML\Module::getModuleUrl('authlinkedin') . '/linkback.php?stateid=' . $stateID));
     SimpleSAML\Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]");
     $state['authlinkedin:requestToken'] = $requestToken;
     // Update the state
     SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     // Authorize the request token
     $consumer->getAuthorizeRequest('https://www.linkedin.com/uas/oauth/authenticate', $requestToken);
 }
Ejemplo n.º 29
0
 /**
  * Log-in using Bnet OAuth2.0 API
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     $this->state = $state;
     $this->stateID = $stateID;
     // Without scopes you will get access to a users account ID and BattleTag.
     //$scopes = 'wow.profile sc2.profile';
     // Authenticate the user
     // https://dev.battle.net/docs/read/oauth
     $authorizeURL = 'https://eu.battle.net/oauth/authorize?' . 'client_id=' . urlencode($this->key) . '&redirect_uri=' . urlencode($this->linkback) . '&response_type=code' . '&access_type=online' . '&state=' . urlencode($stateID);
     $session = SimpleSAML_Session::getInstance();
     $session->setData('string', 'authStateId', $stateID);
     SimpleSAML_Utilities::redirectTrustedURL($authorizeURL);
 }
Ejemplo n.º 30
0
 /**
  * Log-in using LiveID platform
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     SimpleSAML_Logger::debug('$$$$authwindowslive auth state  = ' . $state['SimpleSAML_Auth_Default.Return']);
     SimpleSAML_Logger::debug('$$$$authwindowslive auth state  = ' . $state['SimpleSAML_Auth_Default.id']);
     SimpleSAML_Logger::debug('$$$$authwindowslive auth state  = ' . $state['SimpleSAML_Auth_Default.ErrorURL']);
     SimpleSAML_Logger::debug('$$$$authwindowslive auth state  = ' . $state['LogoutCallback']);
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     SimpleSAML_Logger::debug('authwindowslive auth state id = ' . $stateID);
     // Authenticate the user
     // Documentation at:  http://msdn.microsoft.com/en-us/library/live/hh243641
     // http://msdn.microsoft.com/en-us/library/live/hh243647.aspx
     $authorizeURL = 'https://login.live.com/oauth20_authorize.srf' . '?client_id=' . $this->key . '&scope=' . urlencode('wl.signin,wl.basic,wl.emails') . '&response_type=code' . '&redirect_uri=' . urlencode(SimpleSAML_Module::getModuleUrl('authwindowslive') . '/linkback.php?wrap_client_state=' . urlencode($stateID)) . '&wrap_client_state=' . urlencode($stateID);
     SimpleSAML_Logger::debug('LIVE state: ' . $state);
     SimpleSAML_Utilities::redirect($authorizeURL);
 }