/**
* Action to create and process the user login form.
*
* If a single sign on (SSO) system is specified, attempt to authenticate
* with that system. Otherwise, perform the parent's login action.
*/
public function loginAction()
{
// This option specifies if SSO should be used.
$sso = get_option('central_auth_sso');
// Store if SSO is required to be used.
$required = $sso === 'required';
// Do not attempt SSO if the user posted a login form.
if ($sso && empty($_POST['submit'])) {
// Get the SSO auth adapter if available.
$adapter = $this->_getAdapter();
if ($adapter) {
// Attempt to authenticate with the SSO auth adapter.
$result = $this->_auth->authenticate($adapter);
// If authenticated, redirect the user to their page.
if ($result->isValid()) {
$session = new Zend_Session_Namespace();
$this->_helper->redirector->gotoUrl($session->redirect);
}
// If SSO unexpectantly failed, do not require SSO.
if ($result->getCode() == Zend_Auth_Result::FAILURE) {
$required = false;
}
// Get the reasons for the failure.
$messages = $result->getMessages();
// If SSO is not required, instruct user to try login form.
if (!$required) {
$messages[] = __('You may try to log in directly below.');
}
// Show error messages to the user.
if ($messages) {
$this->_helper->flashMessenger(implode("\n", $messages), 'error');
}
}
}
// Store to the view if either SSO or LDAP is required.
$this->view->required = $required || get_option('central_auth_ldap') == 'required';
// Perform the normal login form action.
parent::loginAction();
// If SSO is required, provide a blank login form, so the user will not
// be able to login through the normal auth adapter.
if ($required) {
$this->view->form = new Omeka_Form();
}
}