/** * Require the user to be authenticated. * * If the user is authenticated, this function returns immediately. * * If the user isn't authenticated, this function will authenticate the * user with the authentication source, and then return the user to the * current page. * * If $allowPost is set to TRUE, any POST data to the current page is * preserved. If $allowPost is FALSE, the user will be returned to the * current page with a GET request. * * @param array $options Various options to the authentication request. */ public function requireAuth(array $options = array()) { $session = SimpleSAML_Session::getInstance(); if ($session->isValid($this->authSource)) { /* Already authenticated. */ return; } if (array_key_exists('KeepPost', $options)) { $keepPost = (bool) $options['KeepPost']; } else { $keepPost = TRUE; } if (array_key_exists('ReturnTo', $options)) { $returnTo = (string) $options['ReturnTo']; } else { $returnTo = SimpleSAML_Utilities::selfURL(); } if ($keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') { $returnTo = SimpleSAML_Utilities::createPostRedirectLink($returnTo, $_POST); } /* * An URL to restart the authentication, in case the user bookmarks * something, e.g. the discovery service page. */ $restartURL = $this->getLoginURL($returnTo); $hints = array(SimpleSAML_Auth_State::RESTART => $restartURL); SimpleSAML_Auth_Default::initLogin($this->authSource, $returnTo, NULL, $hints); }
/** * Start a login operation. * * @param array $params Various options to the authentication request. * @deprecated */ public function login(array $params = array()) { if (array_key_exists('KeepPost', $params)) { $keepPost = (bool) $params['KeepPost']; } else { $keepPost = TRUE; } if (!isset($params['ReturnTo']) && !isset($params['ReturnCallback'])) { $params['ReturnTo'] = SimpleSAML_Utilities::selfURL(); } if (isset($params['ReturnTo']) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') { $params['ReturnTo'] = SimpleSAML_Utilities::createPostRedirectLink($params['ReturnTo'], $_POST); } $session = SimpleSAML_Session::getSessionFromRequest(); $authnRequest = array('IsPassive' => isset($params['isPassive']) ? $params['isPassive'] : FALSE, 'ForceAuthn' => isset($params['ForceAuthn']) ? $params['ForceAuthn'] : FALSE, 'core:State' => $params, 'core:prevSession' => $session->getAuthData($this->authority, 'AuthnInstant'), 'core:authority' => $this->authority); if (isset($params['saml:RequestId'])) { $authnRequest['RequestID'] = $params['saml:RequestId']; } if (isset($params['SPMetadata']['entityid'])) { $authnRequest['Issuer'] = $params['SPMetadata']['entityid']; } if (isset($params['saml:RelayState'])) { $authnRequest['RelayState'] = $params['saml:RelayState']; } if (isset($params['saml:IDPList'])) { $authnRequest['IDPList'] = $params['saml:IDPList']; } $authId = SimpleSAML_Utilities::generateID(); $session->setAuthnRequest('saml2', $authId, $authnRequest); $relayState = SimpleSAML_Module::getModuleURL('core/bwc_resumeauth.php', array('RequestID' => $authId)); $config = SimpleSAML_Configuration::getInstance(); $authurl = '/' . $config->getBaseURL() . $this->auth; SimpleSAML_Utilities::redirectTrustedURL($authurl, array('RelayState' => $relayState, 'AuthId' => $authId, 'protocol' => 'saml2')); }
/** * Start an authentication process. * * This function never returns. * * This function accepts an array $params, which controls some parts of * the authentication. The accepted parameters depends on the authentication * source being used. Some parameters are generic: * - 'ErrorURL': A URL that should receive errors from the authentication. * - 'KeepPost': If the current request is a POST request, keep the POST * data until after the authentication. * - 'ReturnTo': The URL the user should be returned to after authentication. * - 'ReturnCallback': The function we should call after the user has * finished authentication. * * @param array $params Various options to the authentication request. */ public function login(array $params = array()) { if (array_key_exists('KeepPost', $params)) { $keepPost = (bool) $params['KeepPost']; } else { $keepPost = TRUE; } if (array_key_exists('ReturnTo', $params)) { $returnTo = (string) $params['ReturnTo']; } else { if (array_key_exists('ReturnCallback', $params)) { $returnTo = (array) $params['ReturnCallback']; } else { $returnTo = SimpleSAML_Utilities::selfURL(); } } if (is_string($returnTo) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') { $returnTo = SimpleSAML_Utilities::createPostRedirectLink($returnTo, $_POST); } if (array_key_exists('ErrorURL', $params)) { $errorURL = (string) $params['ErrorURL']; } else { $errorURL = NULL; } if (!isset($params[SimpleSAML_Auth_State::RESTART]) && is_string($returnTo)) { /* * A URL to restart the authentication, in case the user bookmarks * something, e.g. the discovery service page. */ $restartURL = $this->getLoginURL($returnTo); $params[SimpleSAML_Auth_State::RESTART] = $restartURL; } SimpleSAML_Auth_Default::initLogin($this->authSource, $returnTo, $errorURL, $params); assert('FALSE'); }