/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); }
/** * Constructor for Google authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!array_key_exists('key', $config)) { throw new Exception('Google authentication source is not properly configured: missing [key]'); } $this->key = $config['key']; if (!array_key_exists('secret', $config)) { throw new Exception('Google authentication source is not properly configured: missing [secret]'); } $this->secret = $config['secret']; $this->linkback = SimpleSAML_Module::getModuleURL('authgoogleOIDC') . '/linkback.php'; // Create Client $this->client = new Google_Client(); $this->client->setApplicationName('Google gateway'); $this->client->setClientId($this->key); $this->client->setClientSecret($this->secret); $this->client->setRedirectUri($this->linkback); $this->client->addScope('openid'); $this->client->addScope('profile'); $this->client->addScope('email'); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); $cfgParse = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']'); $this->api_key = $cfgParse->getString('api_key'); $this->secret = $cfgParse->getString('secret'); $this->req_perms = $cfgParse->getString('req_perms', NULL); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); $configObject = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, TRUE) . ']'); $this->key = $configObject->getString('key'); $this->secret = $configObject->getString('secret'); $this->force_login = $configObject->getBoolean('force_login', FALSE); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!array_key_exists('uid', $config) || !is_string($config['uid'])) { throw new SimpleSAML_Error_Exception("AA configuration error, 'uid' not found or not a string."); } SimpleSAML_Logger::debug('[aa] auth source Bypass: config uid: ' . $config['uid']); $this->uid = $config['uid']; }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); /* Parse attributes. */ try { $this->attributes = SimpleSAML\Utils\Arrays::normalizeAttributesArray($config); } catch (Exception $e) { throw new Exception('Invalid attributes for authentication source ' . $this->authId . ': ' . $e->getMessage()); } }
/** * Require admin access to the current page. * * This is a helper function for limiting a page to those with administrative access. It will redirect the user to * a login page if the current user doesn't have admin access. * * @return void This function will only return if the user is admin. * @throws \SimpleSAML_Error_Exception If no "admin" authentication source was configured. * * @author Olav Morken, UNINETT AS <*****@*****.**> * @author Jaime Perez, UNINETT AS <*****@*****.**> */ public static function requireAdmin() { if (self::isAdmin()) { return; } // not authenticated as admin user, start authentication if (\SimpleSAML_Auth_Source::getById('admin') !== null) { $as = new \SimpleSAML_Auth_Simple('admin'); $as->login(); } else { throw new \SimpleSAML_Error_Exception('Cannot find "admin" auth source, and admin privileges are required.'); } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!array_key_exists('site', $config)) { throw new Exception('PAPI authentication source is not properly configured: missing [site]'); } $this->_poa = new PoA($config['site']); if (array_key_exists('hli', $config)) { $this->_hli = $config['hli']; } }
/** * Hook to add the metadata for hosted entities to the frontpage. * * @param array &$metadataHosted The metadata links for hosted metadata on the frontpage. */ function saml_hook_metadata_hosted(&$metadataHosted) { assert('is_array($metadataHosted)'); $sources = SimpleSAML_Auth_Source::getSourcesOfType('saml:SP'); foreach ($sources as $source) { $metadata = $source->getMetadata(); $name = $metadata->getValue('name', NULL); if ($name === NULL) { $name = $source->getAuthID(); } $md = array('entityid' => $source->getEntityId(), 'metadata-index' => $source->getEntityId(), 'metadata-set' => 'saml20-sp-hosted', 'metadata-url' => $source->getMetadataURL() . '?output=xhtml', 'name' => $name); $metadataHosted[] = $md; } }
public static function handleLogin($authStateId, $xmlToken) { assert('is_string($authStateId)'); $config = SimpleSAML_Configuration::getInstance(); $autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php'); $idp_key = $autoconfig->getValue('idp_key'); $idp_pass = $autoconfig->getValue('idp_key_pass', NULL); $sts_crt = $autoconfig->getValue('sts_crt'); $Infocard = $autoconfig->getValue('InfoCard'); $infocard = new sspmod_InfoCard_RP_InfoCard(); $infocard->addIDPKey($idp_key, $idp_pass); $infocard->addSTSCertificate($sts_crt); if (!$xmlToken) { SimpleSAML_Logger::debug("XMLtoken: " . $xmlToken); } else { SimpleSAML_Logger::debug("NOXMLtoken: " . $xmlToken); } $claims = $infocard->process($xmlToken); if ($claims->isValid()) { $attributes = array(); foreach ($Infocard['requiredClaims'] as $claim => $data) { $attributes[$claim] = array($claims->{$claim}); } foreach ($Infocard['optionalClaims'] as $claim => $data) { $attributes[$claim] = array($claims->{$claim}); } // sanitize the input $sid = SimpleSAML_Utilities::parseStateID($authStateId); if (!is_null($sid['url'])) { SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* Retrieve the authentication state. */ $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID); /* Find authentication source. */ assert('array_key_exists(self::AUTHID, $state)'); $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]); if ($source === NULL) { throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]); } $state['Attributes'] = $attributes; unset($infocard); unset($claims); SimpleSAML_Auth_Source::completeAuth($state); } else { unset($infocard); unset($claims); return 'wrong_IC'; } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); if (!array_key_exists('key', $config)) { throw new Exception('LinkedIn authentication source is not properly configured: missing [key]'); } $this->key = $config['key']; if (!array_key_exists('secret', $config)) { throw new Exception('LinkedIn authentication source is not properly configured: missing [secret]'); } $this->secret = $config['secret']; }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!array_key_exists('key', $config)) { throw new Exception('Bnet authentication source is not properly configured: missing [key]'); } $this->key = $config['key']; if (!array_key_exists('secret', $config)) { throw new Exception('Bnet authentication source is not properly configured: missing [secret]'); } $this->secret = $config['secret']; $this->linkback = SimpleSAML_Module::getModuleURL('authbnet') . '/linkback.php'; }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!array_key_exists('key', $config)) { throw new Exception('Twitter authentication source is not properly configured: missing [key]'); } $this->key = $config['key']; if (!array_key_exists('secret', $config)) { throw new Exception('Twitter authentication source is not properly configured: missing [secret]'); } $this->secret = $config['secret']; // require_once(dirname(dirname(dirname(dirname(__FILE__)))) . '/extlibinc/facebook.php'); }
/** * Start logout. * * This function starts a logout operation from the current authentication * source. This function will return if the logout operation does not * require a redirect. * * @param string $returnURL The URL we should redirect the user to after * logging out. No checking is performed on the URL, so make sure to verify * it on beforehand if the URL is obtained from user input. Refer to * \SimpleSAML\Utils\HTTP::checkURLAllowed() for more information. * @param string $authority The authentication source we are logging * out from. */ public static function initLogoutReturn($returnURL, $authority) { assert('is_string($returnURL)'); assert('is_string($authority)'); $session = SimpleSAML_Session::getSessionFromRequest(); $state = $session->getAuthData($authority, 'LogoutState'); $session->doLogout($authority); $state['SimpleSAML_Auth_Default.ReturnURL'] = $returnURL; $state['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted'); $as = SimpleSAML_Auth_Source::getById($authority); if ($as === NULL) { /* The authority wasn't an authentication source... */ self::logoutCompleted($state); } $as->logout($state); }
/** * Check the credentials that the user got from the A-Select server. * This function is called after the user returns from the A-Select server. * * @author Wessel Dankers, Tilburg University */ function check_credentials() { if (!array_key_exists('ssp_state', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing ssp_state parameter")); } $id = $_REQUEST['ssp_state']; // sanitize the input $sid = SimpleSAML_Utilities::parseStateID($id); if (!is_null($sid['url'])) { SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'aselect:login'); if (!array_key_exists('a-select-server', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing a-select-server parameter")); } $server_id = $_REQUEST['a-select-server']; if (!array_key_exists('aselect_credentials', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter")); } $credentials = $_REQUEST['aselect_credentials']; if (!array_key_exists('rid', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter")); } $rid = $_REQUEST['rid']; try { if (!array_key_exists('aselect::authid', $state)) { throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state"); } $authid = $state['aselect::authid']; $aselect = SimpleSAML_Auth_Source::getById($authid); if (is_null($aselect)) { throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}"); } $creds = $aselect->verify_credentials($server_id, $credentials, $rid); if (array_key_exists('attributes', $creds)) { $state['Attributes'] = $creds['attributes']; } else { $res = $creds['res']; $state['Attributes'] = array('uid' => array($res['uid']), 'organization' => array($res['organization'])); } } catch (Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } SimpleSAML_Auth_Source::completeAuth($state); SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component")); }
public static function isAuthenticated() { require_once SamlAuth::LIB_AUTOLOAD; $source = null; $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php'); $t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-sp'); foreach ($t->data['sources'] as &$_source) { $as = new SimpleSAML_Auth_Simple($_source); if ($as->isAuthenticated()) { $source = $as; break; } } if ($source === null) { return false; } return $source; }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); $cfg = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, true)); $cfg->getValueValidate('type', array('app'), 'app'); $this->app_id = $cfg->getString('app_id'); $this->private_key = $cfg->getString('private_key', null); // accept these arguments with '_' for consistency // accept these arguments without '_' for backwards compatibility $this->server_id = $cfg->getString('serverid', null); if ($this->server_id === null) { $this->server_id = $cfg->getString('server_id'); } $this->server_url = $cfg->getString('serverurl', null); if ($this->server_url === null) { $this->server_url = $cfg->getString('server_url'); } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!array_key_exists('key', $config)) { throw new Exception('Google authentication source is not properly configured: missing [key]'); } $this->key = $config['key']; if (!array_key_exists('secret', $config)) { throw new Exception('Google authentication source is not properly configured: missing [secret]'); } $this->secret = $config['secret']; $this->linkback = SimpleSAML_Module::getModuleURL('authgoogle') . '/linkback.php'; // Google Discovery Document /*$dd = 'https://accounts.google.com/.well-known/openid-configuration'; $xmlddresponse = $this->curl_file_get_contents($dd); SimpleSAML_Logger::debug('Google Response: '.$xmlddresponse);*/ }
/** * Initialize an IdP. * * @param string $id The identifier of this IdP. */ private function __construct($id) { assert('is_string($id)'); $this->id = $id; $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $globalConfig = SimpleSAML_Configuration::getInstance(); if (substr($id, 0, 6) === 'saml2:') { if (!$globalConfig->getBoolean('enable.saml20-idp', FALSE)) { throw new SimpleSAML_Error_Exception('enable.saml20-idp disabled in config.php.'); } $this->config = $metadata->getMetaDataConfig(substr($id, 6), 'saml20-idp-hosted'); } elseif (substr($id, 0, 6) === 'saml1:') { if (!$globalConfig->getBoolean('enable.shib13-idp', FALSE)) { throw new SimpleSAML_Error_Exception('enable.shib13-idp disabled in config.php.'); } $this->config = $metadata->getMetaDataConfig(substr($id, 6), 'shib13-idp-hosted'); } elseif (substr($id, 0, 5) === 'adfs:') { if (!$globalConfig->getBoolean('enable.adfs-idp', FALSE)) { throw new SimpleSAML_Error_Exception('enable.adfs-idp disabled in config.php.'); } $this->config = $metadata->getMetaDataConfig(substr($id, 5), 'adfs-idp-hosted'); try { /* This makes the ADFS IdP use the same SP associations as the SAML 2.0 IdP. */ $saml2EntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $this->associationGroup = 'saml2:' . $saml2EntityId; } catch (Exception $e) { /* Probably no SAML 2 IdP configured for this host. Ignore the error. */ } } else { assert(FALSE); } if ($this->associationGroup === NULL) { $this->associationGroup = $this->id; } $auth = $this->config->getString('auth'); if (SimpleSAML_Auth_Source::getById($auth) !== NULL) { $this->authSource = new SimpleSAML_Auth_Simple($auth); } else { $this->authSource = new SimpleSAML_Auth_BWC($auth, $this->config->getString('authority', NULL)); } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); if (!array_key_exists('key', $config)) { throw new Exception('LinkedIn authentication source is not properly configured: missing [key]'); } $this->key = $config['key']; if (!array_key_exists('secret', $config)) { throw new Exception('LinkedIn authentication source is not properly configured: missing [secret]'); } $this->secret = $config['secret']; if (array_key_exists('attributes', $config)) { $this->attributes = $config['attributes']; } else { // Default values if the attributes are not set in config (ref https://developer.linkedin.com/docs/fields) $this->attributes = 'id,first-name,last-name,headline,summary,specialties,picture-url,email-address'; } }
/** * Attempt to log in using the given username and password. * * On a successful login, this function should return the users attributes. On failure, * it should throw an exception. If the error was caused by the user entering the wrong * username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown. * * Note that both the username and the password are UTF-8 encoded. * * @param string $username The username the user wrote. * @param string $password The password the user wrote. * @return array Associative array with the users attributes. */ protected function login($username, $password) { assert('is_string($username)'); assert('is_string($password)'); $userpass = $username . ':' . $password; $qaLogin = SimpleSAML_Auth_Source::getById('auth2factor'); $uid = $username; foreach (array_keys($this->users) as $user) { $u = explode(':', $user)[0]; // lets see if we matched the username, and if we have a uid! if ($u == $username) { $uid = $this->users[$user]['uid'][0]; } } if (!array_key_exists($userpass, $this->users)) { $qaLogin->failedLoginAttempt($uid, 'login_count', array('name' => $username, 'mail' => $this->users[$user]['mail'][0], 'uid' => $uid)); $failedAttempts = $qaLogin->getFailedAttempts($uid); $loginCount = (int) (!empty($failedAttempts)) ? $failedAttempts[0]['login_count'] : 0; $answerCount = (int) (!empty($failedAttempts)) ? $failedAttempts[0]['answer_count'] : 0; $failCount = $loginCount + $answerCount; $firstFailCount = $qaLogin->getmaxFailLogin() - 2; $secondFailCount = $qaLogin->getmaxFailLogin() - 1; if ($failCount == $firstFailCount) { throw new SimpleSAML_Error_Error('2FAILEDATTEMPTWARNING'); } if ($failCount == $secondFailCount) { throw new SimpleSAML_Error_Error('1FAILEDATTEMPTWARNING'); } if ($qaLogin->isLocked($uid)) { throw new SimpleSAML_Error_Error('ACCOUNTLOCKED'); } // both username and password are wrong throw new SimpleSAML_Error_Error('WRONGUSERPASS'); } // make sure login counter is zero! $qaLogin->resetFailedLoginAttempts($uid); return $this->users[$userpass]; }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); // Call the parent constructor first, as required by the interface. parent::__construct($info, $config); if (array_key_exists('db.dsn', $config)) { $this->db_dsn = $config['db.dsn']; } if (array_key_exists('db.username', $config)) { $this->db_username = $config['db.username']; } if (array_key_exists('db.password', $config)) { $this->db_password = $config['db.password']; } $this->tfa_authencontextclassref = self::TFAAUTHNCONTEXTCLASSREF; try { $this->dbh = new PDO($this->db_dsn, $this->db_username, $this->db_password); } catch (PDOException $e) { var_dump($this->db_dsn, $this->db_username, $this->db_password); echo 'Connection failed: ' . $e->getMessage(); } $this->createTables(); }
/** * Resume authentication process. * * This function resumes the authentication process after the user has * entered his or her credentials. * * @param array &$state The authentication state. */ public static function resume() { /* * First we need to restore the $state-array. We should have the identifier for * it in the 'State' request parameter. */ if (!isset($_REQUEST['State'])) { throw new SimpleSAML_Error_BadRequest('Missing "State" parameter.'); } $stateId = (string) $_REQUEST['State']; /* * Once again, note the second parameter to the loadState function. This must * match the string we used in the saveState-call above. */ $state = SimpleSAML_Auth_State::loadState($stateId, 'drupalauth:External'); /* * Now we have the $state-array, and can use it to locate the authentication * source. */ $source = SimpleSAML_Auth_Source::getById($state['drupalauth:AuthID']); if ($source === NULL) { /* * The only way this should fail is if we remove or rename the authentication source * while the user is at the login page. */ throw new SimpleSAML_Error_Exception('Could not find authentication source with id ' . $state[self::AUTHID]); } /* * Make sure that we haven't switched the source type while the * user was at the authentication page. This can only happen if we * change config/authsources.php while an user is logging in. */ if (!$source instanceof self) { throw new SimpleSAML_Error_Exception('Authentication source type changed.'); } /* * OK, now we know that our current state is sane. Time to actually log the user in. * * First we check that the user is acutally logged in, and didn't simply skip the login page. */ $attributes = $source->getUser(); if ($attributes === NULL) { /* * The user isn't authenticated. * * Here we simply throw an exception, but we could also redirect the user back to the * login page. */ throw new SimpleSAML_Error_Exception('User not authenticated after login page.'); } /* * So, we have a valid user. Time to resume the authentication process where we * paused it in the authenticate()-function above. */ $state['Attributes'] = $attributes; SimpleSAML_Auth_Source::completeAuth($state); /* * The completeAuth-function never returns, so we never get this far. */ assert('FALSE'); }
<?php /** * Handle linkback() response from CAS. */ if (!isset($_GET['stateID'])) { throw new SimpleSAML_Error_BadRequest('Missing stateID parameter.'); } $stateId = (string) $_GET['stateID']; if (!isset($_GET['ticket'])) { throw new SimpleSAML_Error_BadRequest('Missing ticket parameter.'); } // sanitize the input $sid = SimpleSAML_Utilities::parseStateID($stateId); if (!is_null($sid['url'])) { SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($stateId, sspmod_cas_Auth_Source_CAS::STAGE_INIT); $state['cas:ticket'] = (string) $_GET['ticket']; /* Find authentication source. */ assert('array_key_exists(sspmod_cas_Auth_Source_CAS::AUTHID, $state)'); $sourceId = $state[sspmod_cas_Auth_Source_CAS::AUTHID]; $source = SimpleSAML_Auth_Source::getById($sourceId); if ($source === NULL) { throw new Exception('Could not find authentication source with id ' . $sourceId); } $source->finalStep($state);
/** * This page shows a username/password/organization login form, and passes information from * itto the sspmod_core_Auth_UserPassBase class, which is a generic class for * username/password/organization authentication. * * @author Olav Morken, UNINETT AS. * @package simpleSAMLphp * @version $Id$ */ if (!array_key_exists('AuthState', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.'); } $authStateId = $_REQUEST['AuthState']; /* Retrieve the authentication state. */ $state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_core_Auth_UserPassOrgBase::STAGEID); $source = SimpleSAML_Auth_Source::getById($state[sspmod_core_Auth_UserPassOrgBase::AUTHID]); if ($source === NULL) { throw new Exception('Could not find authentication source with id ' . $state[sspmod_core_Auth_UserPassOrgBase::AUTHID]); } $organizations = sspmod_core_Auth_UserPassOrgBase::listOrganizations($authStateId); if (array_key_exists('username', $_REQUEST)) { $username = $_REQUEST['username']; } elseif ($source->getRememberUsernameEnabled() && array_key_exists($source->getAuthId() . '-username', $_COOKIE)) { $username = $_COOKIE[$source->getAuthId() . '-username']; } elseif (isset($state['core:username'])) { $username = (string) $state['core:username']; } else { $username = ''; } if (array_key_exists('password', $_REQUEST)) { $password = $_REQUEST['password'];
/** * Require admin access for current page. * * This is a helper-function for limiting a page to admin access. It will redirect * the user to a login page if the current user doesn't have admin access. */ public static function requireAdmin() { if (self::isAdmin()) { return; } $returnTo = self::selfURL(); /* Not authenticated as admin user. Start authentication. */ if (SimpleSAML_Auth_Source::getById('admin') !== NULL) { $as = new SimpleSAML_Auth_Simple('admin'); $as->login(); } else { /* For backwards-compatibility. */ $config = SimpleSAML_Configuration::getInstance(); self::redirectTrustedURL('/' . $config->getBaseURL() . 'auth/login-admin.php', array('RelayState' => $returnTo)); } }
/** * Finish a succesfull authentication. * * This function can be overloaded by a child authentication * class that wish to perform some operations after login. * * @param array &$state Information about the current authentication. */ public function authSuccesful(&$state) { SimpleSAML_Auth_Source::completeAuth($state); assert('FALSE'); /* NOTREACHED */ return; }
/** * Log the user out. * * This function logs the user out. It will never return. By default, * it will cause a redirect to the current page after logging the user * out, but a different URL can be given with the $params parameter. * * Generic parameters are: * - 'ReturnTo': The URL the user should be returned to after logout. * - 'ReturnCallback': The function that should be called after logout. * - 'ReturnStateParam': The parameter we should return the state in when redirecting. * - 'ReturnStateStage': The stage the state array should be saved with. * * @param string|array|NULL $params Either the URL the user should be redirected to after logging out, * or an array with parameters for the logout. If this parameter is * NULL, we will return to the current page. */ public function logout($params = NULL) { assert('is_array($params) || is_string($params) || is_null($params)'); if ($params === NULL) { $params = SimpleSAML_Utilities::selfURL(); } if (is_string($params)) { $params = array('ReturnTo' => $params); } assert('is_array($params)'); assert('isset($params["ReturnTo"]) || isset($params["ReturnCallback"])'); if (isset($params['ReturnStateParam']) || isset($params['ReturnStateStage'])) { assert('isset($params["ReturnStateParam"]) && isset($params["ReturnStateStage"])'); } $session = SimpleSAML_Session::getSessionFromRequest(); if ($session->isValid($this->authSource)) { $state = $session->getAuthData($this->authSource, 'LogoutState'); if ($state !== NULL) { $params = array_merge($state, $params); } $session->doLogout($this->authSource); $params['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted'); $as = SimpleSAML_Auth_Source::getById($this->authSource); if ($as !== NULL) { $as->logout($params); } } self::logoutCompleted($params); }
sspmod_saml_Message::validateMessage($idpMetadata, $spMetadata, $message); $destination = $message->getDestination(); //if ($destination !== NULL && $destination !== SimpleSAML_Utilities::selfURLNoQuery()) { // throw new SimpleSAML_Error_Exception('Destination in logout message is wrong.'); //} if ($message instanceof SAML2_LogoutResponse) { $relayState = $message->getRelayState(); if ($relayState === NULL) { /* Somehow, our RelayState has been lost. */ throw new SimpleSAML_Error_BadRequest('Missing RelayState in logout response.'); } if (!$message->isSuccess()) { SimpleSAML_Logger::warning('Unsuccessful logout. Status was: ' . sspmod_saml_Message::getResponseError($message)); } $state = SimpleSAML_Auth_State::loadState($relayState, 'saml:slosent'); SimpleSAML_Auth_Source::completeLogout($state); } elseif ($message instanceof SAML2_LogoutRequest) { SimpleSAML_Logger::debug('module/saml2/sp/logout: Request from ' . $idpEntityId); SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId); if ($message->isNameIdEncrypted()) { try { $keys = sspmod_saml_Message::getDecryptionKeys($srcMetadata, $dstMetadata); } catch (Exception $e) { throw new SimpleSAML_Error_Exception('Error decrypting NameID: ' . $e->getMessage()); } $lastException = NULL; foreach ($keys as $i => $key) { try { $message->decryptNameId($key); SimpleSAML_Logger::debug('Decryption with key #' . $i . ' succeeded.'); } catch (Exception $e) {
/** * Log out from this authentication source. * * This method retrieves the authentication source used for this * session and then call the logout method on it. * * @param array &$state Information about the current logout operation. */ public function logout(&$state) { assert('is_array($state)'); /* Get the source that was used to authenticate */ $session = SimpleSAML_Session::getSessionFromRequest(); $authId = $session->getData(self::SESSION_SOURCE, $this->authId); $source = SimpleSAML_Auth_Source::getById($authId); if ($source === NULL) { throw new Exception('Invalid authentication source during logout: ' . $source); } /* Then, do the logout on it */ $source->logout($state); }