/** * Take some actions during the login event of a user * * @param string $event 'login' is the event this function handles * @param string $type 'user' is the type for this event * @param ElggUser $object the current user trying to login * * @return void */ function simplesaml_login_event_handler($event, $type, $object) { if (empty($object) || !elgg_instanceof($object, "user")) { return; } if (!isset($_SESSION["saml_attributes"]) || !isset($_SESSION["saml_source"])) { return; } $saml_attributes = $_SESSION["saml_attributes"]; $source = $_SESSION["saml_source"]; if (!simplesaml_is_enabled_source($source)) { return; } if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) { return; } $saml_uid = elgg_extract("elgg:external_id", $saml_attributes); if (!empty($saml_uid)) { if (is_array($saml_uid)) { $saml_uid = $saml_uid[0]; } // save the external id so the next login will go faster simplesaml_link_user($object, $source, $saml_uid); } // save the attributes to the user simplesaml_save_authentication_attributes($object, $source, $saml_attributes); // save source name for single logout $_SESSION["saml_login_source"] = $source; unset($_SESSION["saml_attributes"]); unset($_SESSION["saml_source"]); }
/** * Take some actions during the login event of a user * * @param string $event the name of the event * @param string $type type of the event * @param ElggUser $object the current user trying to login * * @return void */ public static function loginEvent($event, $type, $object) { if (!$object instanceof \ElggUser) { return; } $saml_attributes = simplesaml_get_from_session('saml_attributes'); $source = simplesaml_get_from_session('saml_source'); // simplesaml login? if (!isset($saml_attributes) || !isset($source)) { return; } // source enabled if (!simplesaml_is_enabled_source($source)) { return; } // validate additional authentication rules if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) { return; } // link the user to this source $saml_uid = elgg_extract('elgg:external_id', $saml_attributes); if (!empty($saml_uid)) { if (is_array($saml_uid)) { $saml_uid = $saml_uid[0]; } // save the external id so the next login will go faster simplesaml_link_user($object, $source, $saml_uid); } // save the attributes to the user simplesaml_save_authentication_attributes($object, $source, $saml_attributes); // save source name for single logout simplesaml_store_in_session('saml_login_source', $source); // cleanup simplesaml_remove_from_session('saml_attributes'); simplesaml_remove_from_session('saml_source'); }
// register user $user = simplesaml_register_user($name, $email, $source, $validate, $username); if (!empty($user)) { // link user to the saml source // make sure we can find hidden (unvalidated) users $hidden = access_get_show_hidden_status(); access_show_hidden_entities(true); $saml_uid = elgg_extract('elgg:external_id', $saml_attributes); if (!empty($saml_uid)) { if (is_array($saml_uid)) { $saml_uid = $saml_uid[0]; } simplesaml_link_user($user, $source, $saml_uid); } // save attributes simplesaml_save_authentication_attributes($user, $source, $saml_attributes); // restore hidden setting access_show_hidden_entities($hidden); // notify user about registration system_message(elgg_echo('registerok', [elgg_get_site_entity()->name])); // cleanup session simplesaml_remove_from_session('saml_source'); simplesaml_remove_from_session('saml_attributes'); // try to login the user try { // check for the persistent login plugin setting $persistent = false; if (elgg_get_plugin_setting($source . '_remember_me', 'simplesaml')) { $persistent = true; } // login the user
/** * Remove an existing link between the user and a Service Provider (SP). * * @param ElggUser $user the user to unlink * @param string $saml_source the name of the SP * * @return bool true is the user is unlinked, false on failure */ function simplesaml_unlink_user(ElggUser $user, $saml_source) { $result = false; if (!empty($user) && elgg_instanceof($user, "user", null, "ElggUser") && !empty($saml_source)) { // cleanup the saml attributes simplesaml_save_authentication_attributes($user, $saml_source); // remove the link to the user $result = elgg_unset_plugin_user_setting($saml_source . "_uid", $user->getGUID(), "simplesaml"); } return $result; }
/** * Remove an existing link between the user and a Service Provider (SP). * * @param ElggUser $user the user to unlink * @param string $saml_source the name of the SP * * @return bool */ function simplesaml_unlink_user(ElggUser $user, $saml_source) { if (!$user instanceof ElggUser || empty($saml_source)) { return false; } // cleanup the saml attributes simplesaml_save_authentication_attributes($user, $saml_source); // remove the link to the user return elgg_unset_plugin_user_setting("{$saml_source}_uid", $user->getGUID(), 'simplesaml'); }