/**
* Starts the authentication by redirecting to the SSO endpoint
*
* The redirect includes the callback URI (the original URI from the given request)
* the client identifier and a signature of the arguments with the client private key.
*
* @param \TYPO3\Flow\Http\Request $request The current request
* @param \TYPO3\Flow\Http\Response $response The current response
* @return void
*/
public function startAuthentication(Request $request, Response $response)
{
$callbackUri = $request->getUri();
if (!isset($this->options['server'])) {
throw new Exception('Missing "server" option for SingleSignOnRedirect entry point. Please specifiy one using the entryPointOptions setting.', 1351690358);
}
$ssoServer = $this->ssoServerFactory->create($this->options['server']);
$ssoClient = $this->ssoClientFactory->create();
$redirectUri = $ssoServer->buildAuthenticationEndpointUri($ssoClient, $callbackUri);
$response->setStatus(303);
$response->setHeader('Location', $redirectUri);
}
/**
* Notify SSO servers about the logged out client
*
* All active authentication tokens of type SingleSignOnToken will be
* used to get the registered global session id and send a request
* to the session service on the SSO server.
*
* @return void
*/
public function logout()
{
$allConfiguration = $this->configurationManager->getConfiguration(\TYPO3\Flow\Configuration\ConfigurationManager::CONFIGURATION_TYPE_SETTINGS, 'TYPO3.Flow');
$tokens = $this->securityContext->getAuthenticationTokensOfType('Flowpack\\SingleSignOn\\Client\\Security\\SingleSignOnToken');
foreach ($tokens as $token) {
$providerName = $token->getAuthenticationProviderName();
$serverIdentifier = \TYPO3\Flow\Utility\Arrays::getValueByPath($allConfiguration, 'security.authentication.providers.' . $providerName . '.providerOptions.server');
if ($serverIdentifier !== NULL) {
$ssoClient = $this->ssoClientFactory->create();
$ssoServer = $this->ssoServerFactory->create($serverIdentifier);
$ssoServer->destroySession($ssoClient, $token->getGlobalSessionId());
}
}
}
/**
* Touches the global session on the server to synchronize expiration between
* clients and the server
*
* This is only done in a configurable minimal interval to limit the number of calls.
*
* @param \Flowpack\SingleSignOn\Client\Security\SingleSignOnToken $token
* @return void
* @throws \Flowpack\SingleSignOn\Client\Exception\SessionNotFoundException
*/
protected function touchSessionIfNeeded(SingleSignOnToken $token)
{
$currentTime = time();
if ($currentTime - $token->getLastTouchTimestamp() > $this->globalSessionTouchInterval) {
$ssoClient = $this->ssoClientFactory->create();
$ssoServer = $this->createSsoServer();
$sessionId = $token->getGlobalSessionId();
$ssoServer->touchSession($ssoClient, $sessionId);
$token->setLastTouchTimestamp(time());
}
}