/** * @param $state * * @throws Exception */ public function finalStep(&$state) { SimpleSAML\Logger::debug("authwindowslive oauth: Using this verification code [" . $state['authwindowslive:verification_code'] . "]"); // retrieve Access Token // documentation at: // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/#request-an-access-token $postData = 'client_id=' . urlencode($this->key) . '&client_secret=' . urlencode($this->secret) . '&scope=' . urlencode('https://graph.microsoft.com/user.read') . '&grant_type=authorization_code' . '&redirect_uri=' . urlencode(SimpleSAML\Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&code=' . urlencode($state['authwindowslive:verification_code']); $context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postData)); $result = \SimpleSAML\Utils\HTTP::fetch('https://login.microsoftonline.com/common/oauth2/v2.0/token', $context); $response = json_decode($result, true); // error checking of $response to make sure we can proceed if (!array_key_exists('access_token', $response)) { throw new Exception('[' . $response['error'] . '] ' . $response['error_description'] . "\r\nNo access_token returned - cannot proceed\r\n" . implode(', ', $response['error_codes'])); } SimpleSAML\Logger::debug("authwindowslive: Got an access token from the OAuth service provider [" . $response['access_token'] . "]"); // documentation at: http://graph.microsoft.io/en-us/docs/overview/call_api $opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: Bearer " . $response['access_token'] . "\r\n")); $data = \SimpleSAML\Utils\HTTP::fetch('https://graph.microsoft.com/v1.0/me', $opts); $userdata = json_decode($data, true); // this is the simplest case if (!array_key_exists('@odata.context', $userdata) || array_key_exists('error', $userdata)) { throw new Exception('Unable to retrieve userdata from Microsoft Graph [' . $userdata['error']['code'] . '] ' . $userdata['error']['message']); } $attributes = array(); $attributes['windowslive_targetedID'] = array('https://graph.microsoft.com!' . (!empty($userdata['id']) ? $userdata['id'] : 'unknown')); foreach ($userdata as $key => $value) { if (is_string($value)) { $attributes['windowslive.' . $key] = array((string) $value); } } SimpleSAML\Logger::debug('LiveID Returned Attributes: ' . implode(", ", array_keys($attributes))); $state['Attributes'] = $attributes; }
/** * Start the logout operation. * * @param array &$state The logout state. * @param string|null $assocId The SP we are logging out from. */ public function startLogout(array &$state, $assocId) { assert('is_string($assocId) || is_null($assocId)'); $associations = $this->idp->getAssociations(); if (count($associations) === 0) { $this->idp->finishLogout($state); } foreach ($associations as $id => &$association) { $idp = SimpleSAML_IdP::getByState($association); $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; if (!is_null($assocId)) { $spName = $this->idp->getSPName($assocId); if ($spName === null) { $spName = array('en' => $assocId); } $state['core:Logout-IFrame:From'] = $spName; } else { $state['core:Logout-IFrame:From'] = null; } $params = array('id' => SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame')); if (isset($state['core:Logout-IFrame:InitType'])) { $params['type'] = $state['core:Logout-IFrame:InitType']; } $url = SimpleSAML\Module::getModuleURL('core/idp/logout-iframe.php', $params); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url); }
/** * Create an output from a configuration object. * * @param SimpleSAML_Configuration $config The configuration object. * * @return mixed A new instance of the configured class. */ private static function createOutput(SimpleSAML_Configuration $config) { $cls = $config->getString('class'); $cls = SimpleSAML\Module::resolveClass($cls, 'Stats_Output', 'SimpleSAML_Stats_Output'); $output = new $cls($config); return $output; }
/** * Hook to do sanitycheck * * @param array &$hookinfo hookinfo */ function core_hook_sanitycheck(&$hookinfo) { assert('is_array($hookinfo)'); assert('array_key_exists("errors", $hookinfo)'); assert('array_key_exists("info", $hookinfo)'); $config = SimpleSAML_Configuration::getInstance(); if ($config->getString('auth.adminpassword', '123') === '123') { $hookinfo['errors'][] = '[core] Password in config.php is not set properly'; } else { $hookinfo['info'][] = '[core] Password in config.php is set properly'; } if ($config->getString('technicalcontact_email', '*****@*****.**') === '*****@*****.**') { $hookinfo['errors'][] = '[core] In config.php technicalcontact_email is not set properly'; } else { $hookinfo['info'][] = '[core] In config.php technicalcontact_email is set properly'; } if (version_compare(phpversion(), '5.3', '>=')) { $hookinfo['info'][] = '[core] You are running a PHP version suitable for SimpleSAMLphp.'; } else { $hookinfo['errors'][] = '[core] You are running an old PHP installation. Please check the requirements for your SimpleSAMLphp version and upgrade.'; } $info = array(); $mihookinfo = array('info' => &$info); $availmodules = SimpleSAML\Module::getModules(); SimpleSAML\Module::callHooks('moduleinfo', $mihookinfo); foreach ($info as $mi => $i) { if (isset($i['dependencies']) && is_array($i['dependencies'])) { foreach ($i['dependencies'] as $dep) { if (!in_array($dep, $availmodules)) { $hookinfo['errors'][] = '[core] Module dependency not met: ' . $mi . ' requires ' . $dep; } } } } }
/** * Hook to inject HTML content into all pages... * * @param array &$hookinfo hookinfo */ function portal_hook_htmlinject(&$hookinfo) { assert('is_array($hookinfo)'); assert('array_key_exists("pre", $hookinfo)'); assert('array_key_exists("post", $hookinfo)'); assert('array_key_exists("page", $hookinfo)'); $links = array('links' => array()); SimpleSAML\Module::callHooks('frontpage', $links); $portalConfig = SimpleSAML_Configuration::getOptionalConfig('module_portal.php'); $allLinks = array(); foreach ($links as $ls) { $allLinks = array_merge($allLinks, $ls); } $pagesets = $portalConfig->getValue('pagesets', array(array('frontpage_welcome', 'frontpage_config', 'frontpage_auth', 'frontpage_federation'))); SimpleSAML\Module::callHooks('portalextras', $pagesets); $portal = new sspmod_portal_Portal($allLinks, $pagesets); if (!$portal->isPortalized($hookinfo['page'])) { return; } // Include jquery UI CSS files in header $hookinfo['jquery']['css'] = TRUE; // Header $hookinfo['pre'][] = '<div id="portalmenu" class="ui-tabs ui-widget ui-widget-content ui-corner-all">' . $portal->getMenu($hookinfo['page']) . '<div id="portalcontent" class="ui-tabs-panel ui-widget-content ui-corner-bottom">'; // Footer $hookinfo['post'][] = '</div></div>'; }
/** * Hook to add the modinfo module to the frontpage. * * @param array &$links The links on the frontpage, split into sections. */ function statistics_hook_frontpage(&$links) { assert('is_array($links)'); assert('array_key_exists("links", $links)'); $links['config']['statistics'] = array('href' => SimpleSAML\Module::getModuleURL('statistics/showstats.php'), 'text' => array('en' => 'Show statistics', 'no' => 'Vis statistikk'), 'shorttext' => array('en' => 'Statistics', 'no' => 'Statistikk')); $links['config']['statisticsmeta'] = array('href' => SimpleSAML\Module::getModuleURL('statistics/statmeta.php'), 'text' => array('en' => 'Show statistics metadata', 'no' => 'Vis statistikk metadata'), 'shorttext' => array('en' => 'Statistics metadata', 'no' => 'Statistikk metadata')); }
/** * Loads and merges in a file with a attribute map. * * @param string $fileName Name of attribute map file. Expected to be in the attributemap directory in the root * of the SimpleSAMLphp installation, or in the root of a module. * * @throws Exception If the filter could not load the requested attribute map file. */ private function loadMapFile($fileName) { $config = SimpleSAML_Configuration::getInstance(); $m = explode(':', $fileName); if (count($m) === 2) { // we are asked for a file in a module if (!SimpleSAML\Module::isModuleEnabled($m[0])) { throw new Exception("Module '{$m['0']}' is not enabled."); } $filePath = SimpleSAML\Module::getModuleDir($m[0]) . '/attributemap/' . $m[1] . '.php'; } else { $filePath = $config->getPathValue('attributenamemapdir', 'attributemap/') . $fileName . '.php'; } if (!file_exists($filePath)) { throw new Exception('Could not find attribute map file: ' . $filePath); } $attributemap = null; include $filePath; if (!is_array($attributemap)) { throw new Exception('Attribute map file "' . $filePath . '" didn\'t define an attribute map.'); } if ($this->duplicate) { $this->map = array_merge_recursive($this->map, $attributemap); } else { $this->map = array_merge($this->map, $attributemap); } }
/** * Process an authentication response. * * This function saves the state, and if necessary redirects the user to the page where the user * is informed about the expiry date of his/her certificate. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (isset($state['isPassive']) && $state['isPassive'] === TRUE) { // We have a passive request. Skip the warning return; } if (!isset($_SERVER['SSL_CLIENT_CERT']) || $_SERVER['SSL_CLIENT_CERT'] == '') { return; } $client_cert = $_SERVER['SSL_CLIENT_CERT']; $client_cert_data = openssl_x509_parse($client_cert); if ($client_cert_data == FALSE) { SimpleSAML\Logger::error('authX509: invalid cert'); return; } $validTo = $client_cert_data['validTo_time_t']; $now = time(); $daysleft = (int) (($validTo - $now) / (24 * 60 * 60)); if ($daysleft > $this->warndaysbefore) { // We have a certificate that will be valid for some time. Skip the warning return; } SimpleSAML\Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days'); $state['daysleft'] = $daysleft; $state['renewurl'] = $this->renewurl; /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire'); $url = SimpleSAML\Module::getModuleURL('authX509/expirywarning.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Process a authentication response. * * This function checks how long it is since the last time the user was authenticated. * If it is to short a while since, we will show a warning to the user. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (!array_key_exists('PreviousSSOTimestamp', $state)) { /* * No timestamp from the previous SSO to this SP. This is the first * time during this session. */ return; } $timeDelta = time() - $state['PreviousSSOTimestamp']; if ($timeDelta >= 10) { // At least 10 seconds since last attempt return; } if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) { $entityId = $state['Destination']['entityid']; } else { $entityId = 'UNKNOWN'; } SimpleSAML\Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE)); // Save state and redirect $id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval'); $url = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Retrieve our singleton instance. * * @return SimpleSAML_Store|false The data store, or false if it isn't enabled. */ public static function getInstance() { if (self::$instance !== null) { return self::$instance; } $config = SimpleSAML_Configuration::getInstance(); $storeType = $config->getString('store.type', null); if ($storeType === null) { $storeType = $config->getString('session.handler', 'phpsession'); } switch ($storeType) { case 'phpsession': // we cannot support advanced features with the PHP session store self::$instance = false; break; case 'memcache': self::$instance = new SimpleSAML_Store_Memcache(); break; case 'sql': self::$instance = new SimpleSAML_Store_SQL(); break; default: // datastore from module $className = SimpleSAML\Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store'); self::$instance = new $className(); } return self::$instance; }
/** * Retrieve our singleton instance. * * @return SimpleSAML_Store|false The data store, or false if it isn't enabled. */ public static function getInstance() { if (self::$instance !== null) { return self::$instance; } $config = SimpleSAML_Configuration::getInstance(); $storeType = $config->getString('store.type', null); if ($storeType === null) { $storeType = $config->getString('session.handler', 'phpsession'); } switch ($storeType) { case 'phpsession': // we cannot support advanced features with the PHP session store self::$instance = false; break; case 'memcache': self::$instance = new SimpleSAML_Store_Memcache(); break; case 'sql': self::$instance = new SimpleSAML_Store_SQL(); break; default: // datastore from module try { $className = SimpleSAML\Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store'); } catch (Exception $e) { $c = $config->toArray(); $c['store.type'] = 'phpsession'; throw new SimpleSAML\Error\CriticalConfigurationError("Invalid 'store.type' configuration option. Cannot find store '{$storeType}'.", null, $c); } self::$instance = new $className(); } return self::$instance; }
public function finalStep(&$state) { SimpleSAML\Logger::debug("oauth wrap: Using this verification code [" . $state['authwindowslive:wrap_verification_code'] . "]"); // Retrieve Access Token // Documentation at: http://msdn.microsoft.com/en-us/library/ff749686.aspx $postData = 'wrap_client_id=' . urlencode($this->key) . '&wrap_client_secret=' . urlencode($this->secret) . '&wrap_callback=' . urlencode(SimpleSAML\Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&wrap_verification_code=' . urlencode($state['authwindowslive:wrap_verification_code']); $context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postData)); $result = \SimpleSAML\Utils\HTTP::fetch('https://consent.live.com/AccessToken.aspx', $context); parse_str($result, $response); // error checking of $response to make sure we can proceed if (!array_key_exists('wrap_access_token', $response)) { throw new Exception('[' . $response['error_code'] . '] ' . $response['wrap_error_reason'] . "\r\nNo wrap_access_token returned - cannot proceed\r\n" . $response['internal_info']); } SimpleSAML\Logger::debug("Got an access token from the OAuth WRAP service provider [" . $response['wrap_access_token'] . "] for user [" . $response['uid'] . "]"); // Documentation at: http://msdn.microsoft.com/en-us/library/ff751708.aspx $opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: WRAP access_token=" . $response['wrap_access_token'] . "\r\n")); $data = \SimpleSAML\Utils\HTTP::fetch('https://apis.live.net/V4.1/cid-' . $response['uid'] . '/Profiles', $opts); $userdata = json_decode($data, TRUE); $attributes = array(); $attributes['windowslive_uid'] = array($response['uid']); $attributes['windowslive_targetedID'] = array('http://windowslive.com!' . $response['uid']); $attributes['windowslive_user'] = array($response['uid'] . '@windowslive.com'); if (array_key_exists('Entries', $userdata)) { foreach ($userdata['Entries'][0] as $key => $value) { if (is_string($value)) { $attributes['windowslive.' . $key] = array((string) $value); } } if (array_key_exists('Emails', $userdata['Entries'][0])) { $attributes['windowslive_mail'] = array($userdata['Entries'][0]['Emails'][0]['Address']); } } SimpleSAML\Logger::debug('LiveID Returned Attributes: ' . implode(", ", array_keys($attributes))); $state['Attributes'] = $attributes; }
/** * When the process logic determines that the user is not * authorized for this service, then forward the user to * an 403 unauthorized page. * * Separated this code into its own method so that child * classes can override it and change the action. Forward * thinking in case a "chained" ACL is needed, more complex * permission logic. * * @param array $request */ protected function unauthorized(&$request) { SimpleSAML\Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, true)); $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized'); $url = SimpleSAML\Module::getModuleURL('saml/sp/wrong_authncontextclassref.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Hook to run a cron job. * * @param array &$croninfo Output */ function sanitycheck_hook_cron(&$croninfo) { assert('is_array($croninfo)'); assert('array_key_exists("summary", $croninfo)'); assert('array_key_exists("tag", $croninfo)'); SimpleSAML\Logger::info('cron [sanitycheck]: Running cron in cron tag [' . $croninfo['tag'] . '] '); try { $sconfig = SimpleSAML_Configuration::getOptionalConfig('config-sanitycheck.php'); $cronTag = $sconfig->getString('cron_tag', null); if ($cronTag === null || $cronTag !== $croninfo['tag']) { return; } $info = array(); $errors = array(); $hookinfo = array('info' => &$info, 'errors' => &$errors); SimpleSAML\Module::callHooks('sanitycheck', $hookinfo); if (count($errors) > 0) { foreach ($errors as $err) { $croninfo['summary'][] = 'Sanitycheck error: ' . $err; } } } catch (Exception $e) { $croninfo['summary'][] = 'Error executing sanity check: ' . $e->getMessage(); } }
public function authenticate(&$state) { assert('is_array($state)'); // We are going to need the authId in order to retrieve this authentication source later $state[self::AUTHID] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID); $url = SimpleSAML\Module::getModuleURL('InfoCard/login-infocard.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id)); }
/** * Hook to add the modinfo module to the frontpage. * * @param array &$links The links on the frontpage, split into sections. */ function core_hook_frontpage(&$links) { assert('is_array($links)'); assert('array_key_exists("links", $links)'); $links['links']['frontpage_welcome'] = array('href' => SimpleSAML\Module::getModuleURL('core/frontpage_welcome.php'), 'text' => '{core:frontpage:welcome}', 'shorttext' => '{core:frontpage:welcome}'); $links['links']['frontpage_config'] = array('href' => SimpleSAML\Module::getModuleURL('core/frontpage_config.php'), 'text' => '{core:frontpage:configuration}', 'shorttext' => '{core:frontpage:configuration}'); $links['links']['frontpage_auth'] = array('href' => SimpleSAML\Module::getModuleURL('core/frontpage_auth.php'), 'text' => '{core:frontpage:auth}', 'shorttext' => '{core:frontpage:auth}'); $links['links']['frontpage_federation'] = array('href' => SimpleSAML\Module::getModuleURL('core/frontpage_federation.php'), 'text' => '{core:frontpage:federation}', 'shorttext' => '{core:frontpage:federation}'); }
public function getRule($preferRule) { $rule = $this->resolveSelectedRule($preferRule); $statrulesConfig = $this->statconfig->getConfigItem('statrules'); $statruleConfig = $statrulesConfig->getConfigItem($rule); $presenterClass = SimpleSAML\Module::resolveClass($statruleConfig->getValue('presenter', 'statistics:BaseRule'), 'Statistics_Rulesets'); $statrule = new $presenterClass($this->statconfig, $statruleConfig, $rule, $this->available); return $statrule; }
/** * Initialize processing of the redirect test. * * @param array &$state The state we should update. */ public function process(&$state) { assert('is_array($state)'); assert('array_key_exists("Attributes", $state)'); // To check whether the state is saved correctly $state['Attributes']['RedirectTest1'] = array('OK'); // Save state and redirect $id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test'); $url = SimpleSAML\Module::getModuleURL('exampleauth/redirecttest.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Process a authentication response. * * This function saves the state, and redirects the user to the page where the user * can authorize the release of the attributes. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (isset($state['isPassive']) && $state['isPassive'] === TRUE) { // We have a passive request. Skip the warning return; } // Save state and redirect. $id = SimpleSAML_Auth_State::saveState($state, 'warning:request'); $url = SimpleSAML\Module::getModuleURL('preprodwarning/showwarning.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Redirect to page setting CDC. * * @param array &$state The request state. */ public function process(&$state) { assert('is_array($state)'); if (!isset($state['Source']['entityid'])) { SimpleSAML\Logger::warning('saml:CDC: Could not find IdP entityID.'); return; } // Save state and build request $id = SimpleSAML_Auth_State::saveState($state, 'cdc:resume'); $returnTo = SimpleSAML\Module::getModuleURL('cdc/resume.php', array('domain' => $this->domain)); $params = array('id' => $id, 'entityID' => $state['Source']['entityid']); $this->client->sendRequest($returnTo, 'append', $params); }
/** * Log-in using Facebook platform * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); // We are going to need the authId in order to retrieve this authentication source later $state[self::AUTHID] = $this->authId; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $facebook = new sspmod_authfacebook_Facebook(array('appId' => $this->api_key, 'secret' => $this->secret), $state); $facebook->destroySession(); $linkback = SimpleSAML\Module::getModuleURL('authfacebook/linkback.php', array('AuthState' => $stateID)); $url = $facebook->getLoginUrl(array('redirect_uri' => $linkback, 'scope' => $this->req_perms)); SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url); }
/** * The inner workings of the module. Check client's subnet and redirect * to an authentication page protected with "HTTP Negotiate" authentication * or a fallback authentication source. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); $state['negotiateserver:AuthID'] = $this->authId; $state['negotiateserver:AuthFallback'] = $this->auth_fallback; if (!$this->checkClientSubnet()) { $this->fallback($state); } $stateId = SimpleSAML_Auth_State::saveState($state, 'negotiateserver:Negotiate'); $returnTo = SimpleSAML\Module::getModuleURL('negotiateserver/resume.php', array('State' => $stateId)); $authPage = SimpleSAML\Module::getModuleURL('negotiateserver/preauth.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($authPage, array('State' => $stateId, 'ReturnTo' => $returnTo)); assert('FALSE'); }
/** * Log-in using MySpace platform * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); // We are going to need the authId in order to retrieve this authentication source later $state[self::AUTHID] = $this->authId; $consumer = new sspmod_oauth_Consumer($this->key, $this->secret); // Get the request token $requestToken = $consumer->getRequestToken('http://api.myspace.com/request_token'); SimpleSAML\Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]"); $state['authmyspace:requestToken'] = $requestToken; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); SimpleSAML\Logger::debug('authmyspace auth state id = ' . $stateID); // Authorize the request token $consumer->getAuthorizeRequest('http://api.myspace.com/authorize', $requestToken, TRUE, SimpleSAML\Module::getModuleUrl('authmyspace') . '/linkback.php?stateid=' . $stateID); }
function SimpleSAML_exception_handler($exception) { SimpleSAML\Module::callHooks('exception_handler', $exception); if ($exception instanceof SimpleSAML_Error_Error) { $exception->show(); } elseif ($exception instanceof Exception) { $e = new SimpleSAML_Error_Error('UNHANDLEDEXCEPTION', $exception); $e->show(); } else { if (class_exists('Error') && $exception instanceof Error) { $code = $exception->getCode(); $errno = $code > 0 ? $code : E_ERROR; $errstr = $exception->getMessage(); $errfile = $exception->getFile(); $errline = $exception->getLine(); SimpleSAML_error_handler($errno, $errstr, $errfile, $errline); } } }
/** * Log-in using Twitter platform * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); // We are going to need the authId in order to retrieve this authentication source later $state[self::AUTHID] = $this->authId; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $consumer = new sspmod_oauth_Consumer($this->key, $this->secret); // Get the request token $linkback = SimpleSAML\Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID)); $requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback)); SimpleSAML\Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]"); $state['authtwitter:authdata:requestToken'] = $requestToken; SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); // Authorize the request token $url = 'https://api.twitter.com/oauth/authenticate'; if ($this->force_login) { $url = \SimpleSAML\Utils\HTTP::addURLParameters($url, array('force_login' => 'true')); } $consumer->getAuthorizeRequest($url, $requestToken); }
<?php /** * Show a warning to an user about the SP requesting SSO a short time after * doing it previously. * * @package SimpleSAMLphp */ if (!array_key_exists('StateId', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.'); } $id = $_REQUEST['StateId']; $state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval'); $session = SimpleSAML_Session::getSessionFromRequest(); if (array_key_exists('continue', $_REQUEST)) { // The user has pressed the continue/retry-button SimpleSAML_Auth_ProcessingChain::resumeProcessing($state); } $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php'); $t->data['target'] = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php'); $t->data['params'] = array('StateId' => $id); $t->data['trackId'] = $session->getTrackID(); $t->show();
<?php /** * Show a 403 Forbidden page about not authorized to access an application. * * @package SimpleSAMLphp */ if (!array_key_exists('StateId', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.'); } $state = SimpleSAML_Auth_State::loadState($_REQUEST['StateId'], 'authorize:Authorize'); $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'authorize:authorize_403.php'); if (isset($state['Source']['auth'])) { $t->data['LogoutURL'] = SimpleSAML\Module::getModuleURL('core/authenticate.php', array('as' => $state['Source']['auth'])) . "&logout"; } header('HTTP/1.0 403 Forbidden'); $t->show();
/** * Hook to add the modinfo module to the frontpage. * * @param array &$links The links on the frontpage, split into sections. */ function sanitycheck_hook_frontpage(&$links) { assert('is_array($links)'); assert('array_key_exists("links", $links)'); $links['config']['santitycheck'] = array('href' => SimpleSAML\Module::getModuleURL('sanitycheck/index.php'), 'text' => array('en' => 'Sanity check of your SimpleSAMLphp setup'), 'shorttext' => array('en' => 'SanityCheck')); }
/** * Prompt the user with a list of authentication sources. * * This method saves the information about the configured sources, * and redirects to a page where the user must select one of these * authentication sources. * * This method never return. The authentication process is finished * in the delegateAuthentication method. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); $state[self::AUTHID] = $this->authId; $state[self::SOURCESID] = $this->sources; /* Save the $state array, so that we can restore if after a redirect */ $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID); /* Redirect to the select source page. We include the identifier of the saved state array as a parameter to the login form */ $url = SimpleSAML\Module::getModuleURL('multiauth/selectsource.php'); $params = array('AuthState' => $id); // Allowes the user to specify the auth souce to be used if (isset($_GET['source'])) { $params['source'] = $_GET['source']; } \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params); /* The previous function never returns, so this code is never executed */ assert('FALSE'); }
<?php $faventry = NULL; foreach ($this->data['idplist'] as $tab => $slist) { if (!empty($this->data['preferredidp']) && array_key_exists($this->data['preferredidp'], $slist)) { $faventry = $slist[$this->data['preferredidp']]; } } if (!array_key_exists('header', $this->data)) { $this->data['header'] = 'selectidp'; } $this->data['header'] = $this->t($this->data['header']); $this->data['jquery'] = array('core' => TRUE, 'ui' => TRUE, 'css' => TRUE); $this->data['head'] = '<link rel="stylesheet" media="screen" type="text/css" href="' . SimpleSAML\Module::getModuleUrl('discopower/style.css') . '" />'; $this->data['head'] .= '<script type="text/javascript" src="' . SimpleSAML\Module::getModuleUrl('discopower/js/jquery.livesearch.js') . '"></script>'; $this->data['head'] .= '<script type="text/javascript" src="' . SimpleSAML\Module::getModuleUrl('discopower/js/' . $this->data['score'] . '.js') . '"></script>'; $this->data['head'] .= '<script type="text/javascript"> $(document).ready(function() { $("#discotabs").tabs({ selected: ' . $this->data['defaulttab'] . ' }); '; $i = 0; foreach ($this->data['idplist'] as $tab => $slist) { $this->data['head'] .= "\n" . '$("#query_' . $tab . '").liveUpdate("#list_' . $tab . '")' . ($i++ == 0 && empty($faventry) ? '.focus()' : '') . ';'; } $this->data['head'] .= ' }); </script>'; if (!empty($faventry)) { $this->data['autofocus'] = 'favouritesubmit'; }