Retrieve all authentication data.
| public getAuthDataArray ( ) : array | null | ||
| return | array | null | All persistent authentication data, or null if we aren't authenticated. |
/**
* Reuthenticate the user.
*
* This function reauthenticates an user with an existing session. This
* gives the authentication source a chance to do additional work when
* reauthenticating for SSO.
*
* Note: This function is not used when ForceAuthn=true.
*
* @param array &$state The authentication request state.
*/
private function reauthenticate(array &$state)
{
$sourceImpl = $this->authSource->getAuthSource();
if ($sourceImpl === NULL) {
/* Backwards-compatibility with non-authsource IdP. */
foreach ($this->authSource->getAuthDataArray() as $k => $v) {
$state[$k] = $v;
}
return;
}
$sourceImpl->reauthenticate($state);
}
/**
* Process authentication requests.
*
* @param array &$state The authentication request state.
*/
public function handleAuthenticationRequest(array &$state)
{
assert('isset($state["Responder"])');
$state['core:IdP'] = $this->id;
if (isset($state['SPMetadata']['entityid'])) {
$spEntityId = $state['SPMetadata']['entityid'];
} elseif (isset($state['SPMetadata']['entityID'])) {
$spEntityId = $state['SPMetadata']['entityID'];
} else {
$spEntityId = NULL;
}
$state['core:SP'] = $spEntityId;
/* First, check whether we need to authenticate the user. */
if (isset($state['ForceAuthn']) && (bool) $state['ForceAuthn']) {
/* Force authentication is in effect. */
$needAuth = TRUE;
} elseif (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0) {
$needAuth = TRUE;
} else {
$needAuth = !$this->isAuthenticated();
}
try {
if ($needAuth) {
$this->authenticate($state);
assert('FALSE');
} else {
foreach ($this->authSource->getAuthDataArray() as $k => $v) {
$state[$k] = $v;
}
}
$this->postAuth($state);
} catch (SimpleSAML_Error_Exception $e) {
SimpleSAML_Auth_State::throwException($state, $e);
} catch (Exception $e) {
$e = new SimpleSAML_Error_UnserializableException($e);
SimpleSAML_Auth_State::throwException($state, $e);
}
}
/**
* @param SimpleSAML_Auth_Simple $auth The authentication context as returned from RealMe
* @return ArrayData
*/
private function getAuthData(SimpleSAML_Auth_Simple $auth)
{
// returns null if the current auth is invalid or timed out.
$data = $auth->getAuthDataArray();
$returnedData = null;
if (is_array($data) && isset($data['saml:sp:IdP']) && isset($data['saml:sp:NameID']) && is_array($data['saml:sp:NameID']) && isset($data['saml:sp:NameID']['Value']) && isset($data['Expire']) && isset($data['Attributes']) && isset($data['saml:sp:SessionIndex'])) {
$returnedData = new ArrayData(array('NameID' => new ArrayData($data['saml:sp:NameID']), 'UserFlt' => $data['saml:sp:NameID']['Value'], 'Attributes' => new ArrayData($data['Attributes']), 'Expire' => $data['Expire'], 'SessionIndex' => $data['saml:sp:SessionIndex']));
}
return $returnedData;
}
