/**
* @param $state
*
* @throws Exception
*/
public function finalStep(&$state)
{
SimpleSAML\Logger::debug("authwindowslive oauth: Using this verification code [" . $state['authwindowslive:verification_code'] . "]");
// retrieve Access Token
// documentation at:
// https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/#request-an-access-token
$postData = 'client_id=' . urlencode($this->key) . '&client_secret=' . urlencode($this->secret) . '&scope=' . urlencode('https://graph.microsoft.com/user.read') . '&grant_type=authorization_code' . '&redirect_uri=' . urlencode(SimpleSAML\Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&code=' . urlencode($state['authwindowslive:verification_code']);
$context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postData));
$result = \SimpleSAML\Utils\HTTP::fetch('https://login.microsoftonline.com/common/oauth2/v2.0/token', $context);
$response = json_decode($result, true);
// error checking of $response to make sure we can proceed
if (!array_key_exists('access_token', $response)) {
throw new Exception('[' . $response['error'] . '] ' . $response['error_description'] . "\r\nNo access_token returned - cannot proceed\r\n" . implode(', ', $response['error_codes']));
}
SimpleSAML\Logger::debug("authwindowslive: Got an access token from the OAuth service provider [" . $response['access_token'] . "]");
// documentation at: http://graph.microsoft.io/en-us/docs/overview/call_api
$opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: Bearer " . $response['access_token'] . "\r\n"));
$data = \SimpleSAML\Utils\HTTP::fetch('https://graph.microsoft.com/v1.0/me', $opts);
$userdata = json_decode($data, true);
// this is the simplest case
if (!array_key_exists('@odata.context', $userdata) || array_key_exists('error', $userdata)) {
throw new Exception('Unable to retrieve userdata from Microsoft Graph [' . $userdata['error']['code'] . '] ' . $userdata['error']['message']);
}
$attributes = array();
$attributes['windowslive_targetedID'] = array('https://graph.microsoft.com!' . (!empty($userdata['id']) ? $userdata['id'] : 'unknown'));
foreach ($userdata as $key => $value) {
if (is_string($value)) {
$attributes['windowslive.' . $key] = array((string) $value);
}
}
SimpleSAML\Logger::debug('LiveID Returned Attributes: ' . implode(", ", array_keys($attributes)));
$state['Attributes'] = $attributes;
}
/**
* Start the logout operation.
*
* @param array &$state The logout state.
* @param string|null $assocId The SP we are logging out from.
*/
public function startLogout(array &$state, $assocId)
{
assert('is_string($assocId) || is_null($assocId)');
$associations = $this->idp->getAssociations();
if (count($associations) === 0) {
$this->idp->finishLogout($state);
}
foreach ($associations as $id => &$association) {
$idp = SimpleSAML_IdP::getByState($association);
$association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
$association['core:Logout-IFrame:State'] = 'onhold';
}
$state['core:Logout-IFrame:Associations'] = $associations;
if (!is_null($assocId)) {
$spName = $this->idp->getSPName($assocId);
if ($spName === null) {
$spName = array('en' => $assocId);
}
$state['core:Logout-IFrame:From'] = $spName;
} else {
$state['core:Logout-IFrame:From'] = null;
}
$params = array('id' => SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'));
if (isset($state['core:Logout-IFrame:InitType'])) {
$params['type'] = $state['core:Logout-IFrame:InitType'];
}
$url = SimpleSAML\Module::getModuleURL('core/idp/logout-iframe.php', $params);
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
}
/**
* Create an output from a configuration object.
*
* @param SimpleSAML_Configuration $config The configuration object.
*
* @return mixed A new instance of the configured class.
*/
private static function createOutput(SimpleSAML_Configuration $config)
{
$cls = $config->getString('class');
$cls = SimpleSAML\Module::resolveClass($cls, 'Stats_Output', 'SimpleSAML_Stats_Output');
$output = new $cls($config);
return $output;
}
/**
* Hook to do sanitycheck
*
* @param array &$hookinfo hookinfo
*/
function core_hook_sanitycheck(&$hookinfo)
{
assert('is_array($hookinfo)');
assert('array_key_exists("errors", $hookinfo)');
assert('array_key_exists("info", $hookinfo)');
$config = SimpleSAML_Configuration::getInstance();
if ($config->getString('auth.adminpassword', '123') === '123') {
$hookinfo['errors'][] = '[core] Password in config.php is not set properly';
} else {
$hookinfo['info'][] = '[core] Password in config.php is set properly';
}
if ($config->getString('technicalcontact_email', '*****@*****.**') === '*****@*****.**') {
$hookinfo['errors'][] = '[core] In config.php technicalcontact_email is not set properly';
} else {
$hookinfo['info'][] = '[core] In config.php technicalcontact_email is set properly';
}
if (version_compare(phpversion(), '5.3', '>=')) {
$hookinfo['info'][] = '[core] You are running a PHP version suitable for SimpleSAMLphp.';
} else {
$hookinfo['errors'][] = '[core] You are running an old PHP installation. Please check the requirements for your SimpleSAMLphp version and upgrade.';
}
$info = array();
$mihookinfo = array('info' => &$info);
$availmodules = SimpleSAML\Module::getModules();
SimpleSAML\Module::callHooks('moduleinfo', $mihookinfo);
foreach ($info as $mi => $i) {
if (isset($i['dependencies']) && is_array($i['dependencies'])) {
foreach ($i['dependencies'] as $dep) {
if (!in_array($dep, $availmodules)) {
$hookinfo['errors'][] = '[core] Module dependency not met: ' . $mi . ' requires ' . $dep;
}
}
}
}
}
/**
* Hook to inject HTML content into all pages...
*
* @param array &$hookinfo hookinfo
*/
function portal_hook_htmlinject(&$hookinfo)
{
assert('is_array($hookinfo)');
assert('array_key_exists("pre", $hookinfo)');
assert('array_key_exists("post", $hookinfo)');
assert('array_key_exists("page", $hookinfo)');
$links = array('links' => array());
SimpleSAML\Module::callHooks('frontpage', $links);
$portalConfig = SimpleSAML_Configuration::getOptionalConfig('module_portal.php');
$allLinks = array();
foreach ($links as $ls) {
$allLinks = array_merge($allLinks, $ls);
}
$pagesets = $portalConfig->getValue('pagesets', array(array('frontpage_welcome', 'frontpage_config', 'frontpage_auth', 'frontpage_federation')));
SimpleSAML\Module::callHooks('portalextras', $pagesets);
$portal = new sspmod_portal_Portal($allLinks, $pagesets);
if (!$portal->isPortalized($hookinfo['page'])) {
return;
}
// Include jquery UI CSS files in header
$hookinfo['jquery']['css'] = TRUE;
// Header
$hookinfo['pre'][] = '<div id="portalmenu" class="ui-tabs ui-widget ui-widget-content ui-corner-all">' . $portal->getMenu($hookinfo['page']) . '<div id="portalcontent" class="ui-tabs-panel ui-widget-content ui-corner-bottom">';
// Footer
$hookinfo['post'][] = '</div></div>';
}
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function statistics_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['config']['statistics'] = array('href' => SimpleSAML\Module::getModuleURL('statistics/showstats.php'), 'text' => array('en' => 'Show statistics', 'no' => 'Vis statistikk'), 'shorttext' => array('en' => 'Statistics', 'no' => 'Statistikk'));
$links['config']['statisticsmeta'] = array('href' => SimpleSAML\Module::getModuleURL('statistics/statmeta.php'), 'text' => array('en' => 'Show statistics metadata', 'no' => 'Vis statistikk metadata'), 'shorttext' => array('en' => 'Statistics metadata', 'no' => 'Statistikk metadata'));
}
/**
* Loads and merges in a file with a attribute map.
*
* @param string $fileName Name of attribute map file. Expected to be in the attributemap directory in the root
* of the SimpleSAMLphp installation, or in the root of a module.
*
* @throws Exception If the filter could not load the requested attribute map file.
*/
private function loadMapFile($fileName)
{
$config = SimpleSAML_Configuration::getInstance();
$m = explode(':', $fileName);
if (count($m) === 2) {
// we are asked for a file in a module
if (!SimpleSAML\Module::isModuleEnabled($m[0])) {
throw new Exception("Module '{$m['0']}' is not enabled.");
}
$filePath = SimpleSAML\Module::getModuleDir($m[0]) . '/attributemap/' . $m[1] . '.php';
} else {
$filePath = $config->getPathValue('attributenamemapdir', 'attributemap/') . $fileName . '.php';
}
if (!file_exists($filePath)) {
throw new Exception('Could not find attribute map file: ' . $filePath);
}
$attributemap = null;
include $filePath;
if (!is_array($attributemap)) {
throw new Exception('Attribute map file "' . $filePath . '" didn\'t define an attribute map.');
}
if ($this->duplicate) {
$this->map = array_merge_recursive($this->map, $attributemap);
} else {
$this->map = array_merge($this->map, $attributemap);
}
}
/**
* Process an authentication response.
*
* This function saves the state, and if necessary redirects the user to the page where the user
* is informed about the expiry date of his/her certificate.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
// We have a passive request. Skip the warning
return;
}
if (!isset($_SERVER['SSL_CLIENT_CERT']) || $_SERVER['SSL_CLIENT_CERT'] == '') {
return;
}
$client_cert = $_SERVER['SSL_CLIENT_CERT'];
$client_cert_data = openssl_x509_parse($client_cert);
if ($client_cert_data == FALSE) {
SimpleSAML\Logger::error('authX509: invalid cert');
return;
}
$validTo = $client_cert_data['validTo_time_t'];
$now = time();
$daysleft = (int) (($validTo - $now) / (24 * 60 * 60));
if ($daysleft > $this->warndaysbefore) {
// We have a certificate that will be valid for some time. Skip the warning
return;
}
SimpleSAML\Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
$state['daysleft'] = $daysleft;
$state['renewurl'] = $this->renewurl;
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
$url = SimpleSAML\Module::getModuleURL('authX509/expirywarning.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Process a authentication response.
*
* This function checks how long it is since the last time the user was authenticated.
* If it is to short a while since, we will show a warning to the user.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
if (!array_key_exists('PreviousSSOTimestamp', $state)) {
/*
* No timestamp from the previous SSO to this SP. This is the first
* time during this session.
*/
return;
}
$timeDelta = time() - $state['PreviousSSOTimestamp'];
if ($timeDelta >= 10) {
// At least 10 seconds since last attempt
return;
}
if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) {
$entityId = $state['Destination']['entityid'];
} else {
$entityId = 'UNKNOWN';
}
SimpleSAML\Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE));
// Save state and redirect
$id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
$url = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Retrieve our singleton instance.
*
* @return SimpleSAML_Store|false The data store, or false if it isn't enabled.
*/
public static function getInstance()
{
if (self::$instance !== null) {
return self::$instance;
}
$config = SimpleSAML_Configuration::getInstance();
$storeType = $config->getString('store.type', null);
if ($storeType === null) {
$storeType = $config->getString('session.handler', 'phpsession');
}
switch ($storeType) {
case 'phpsession':
// we cannot support advanced features with the PHP session store
self::$instance = false;
break;
case 'memcache':
self::$instance = new SimpleSAML_Store_Memcache();
break;
case 'sql':
self::$instance = new SimpleSAML_Store_SQL();
break;
default:
// datastore from module
$className = SimpleSAML\Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store');
self::$instance = new $className();
}
return self::$instance;
}
/**
* Retrieve our singleton instance.
*
* @return SimpleSAML_Store|false The data store, or false if it isn't enabled.
*/
public static function getInstance()
{
if (self::$instance !== null) {
return self::$instance;
}
$config = SimpleSAML_Configuration::getInstance();
$storeType = $config->getString('store.type', null);
if ($storeType === null) {
$storeType = $config->getString('session.handler', 'phpsession');
}
switch ($storeType) {
case 'phpsession':
// we cannot support advanced features with the PHP session store
self::$instance = false;
break;
case 'memcache':
self::$instance = new SimpleSAML_Store_Memcache();
break;
case 'sql':
self::$instance = new SimpleSAML_Store_SQL();
break;
default:
// datastore from module
try {
$className = SimpleSAML\Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store');
} catch (Exception $e) {
$c = $config->toArray();
$c['store.type'] = 'phpsession';
throw new SimpleSAML\Error\CriticalConfigurationError("Invalid 'store.type' configuration option. Cannot find store '{$storeType}'.", null, $c);
}
self::$instance = new $className();
}
return self::$instance;
}
public function finalStep(&$state)
{
SimpleSAML\Logger::debug("oauth wrap: Using this verification code [" . $state['authwindowslive:wrap_verification_code'] . "]");
// Retrieve Access Token
// Documentation at: http://msdn.microsoft.com/en-us/library/ff749686.aspx
$postData = 'wrap_client_id=' . urlencode($this->key) . '&wrap_client_secret=' . urlencode($this->secret) . '&wrap_callback=' . urlencode(SimpleSAML\Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&wrap_verification_code=' . urlencode($state['authwindowslive:wrap_verification_code']);
$context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postData));
$result = \SimpleSAML\Utils\HTTP::fetch('https://consent.live.com/AccessToken.aspx', $context);
parse_str($result, $response);
// error checking of $response to make sure we can proceed
if (!array_key_exists('wrap_access_token', $response)) {
throw new Exception('[' . $response['error_code'] . '] ' . $response['wrap_error_reason'] . "\r\nNo wrap_access_token returned - cannot proceed\r\n" . $response['internal_info']);
}
SimpleSAML\Logger::debug("Got an access token from the OAuth WRAP service provider [" . $response['wrap_access_token'] . "] for user [" . $response['uid'] . "]");
// Documentation at: http://msdn.microsoft.com/en-us/library/ff751708.aspx
$opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: WRAP access_token=" . $response['wrap_access_token'] . "\r\n"));
$data = \SimpleSAML\Utils\HTTP::fetch('https://apis.live.net/V4.1/cid-' . $response['uid'] . '/Profiles', $opts);
$userdata = json_decode($data, TRUE);
$attributes = array();
$attributes['windowslive_uid'] = array($response['uid']);
$attributes['windowslive_targetedID'] = array('http://windowslive.com!' . $response['uid']);
$attributes['windowslive_user'] = array($response['uid'] . '@windowslive.com');
if (array_key_exists('Entries', $userdata)) {
foreach ($userdata['Entries'][0] as $key => $value) {
if (is_string($value)) {
$attributes['windowslive.' . $key] = array((string) $value);
}
}
if (array_key_exists('Emails', $userdata['Entries'][0])) {
$attributes['windowslive_mail'] = array($userdata['Entries'][0]['Emails'][0]['Address']);
}
}
SimpleSAML\Logger::debug('LiveID Returned Attributes: ' . implode(", ", array_keys($attributes)));
$state['Attributes'] = $attributes;
}
/**
* When the process logic determines that the user is not
* authorized for this service, then forward the user to
* an 403 unauthorized page.
*
* Separated this code into its own method so that child
* classes can override it and change the action. Forward
* thinking in case a "chained" ACL is needed, more complex
* permission logic.
*
* @param array $request
*/
protected function unauthorized(&$request)
{
SimpleSAML\Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, true));
$id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
$url = SimpleSAML\Module::getModuleURL('saml/sp/wrong_authncontextclassref.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Hook to run a cron job.
*
* @param array &$croninfo Output
*/
function sanitycheck_hook_cron(&$croninfo)
{
assert('is_array($croninfo)');
assert('array_key_exists("summary", $croninfo)');
assert('array_key_exists("tag", $croninfo)');
SimpleSAML\Logger::info('cron [sanitycheck]: Running cron in cron tag [' . $croninfo['tag'] . '] ');
try {
$sconfig = SimpleSAML_Configuration::getOptionalConfig('config-sanitycheck.php');
$cronTag = $sconfig->getString('cron_tag', null);
if ($cronTag === null || $cronTag !== $croninfo['tag']) {
return;
}
$info = array();
$errors = array();
$hookinfo = array('info' => &$info, 'errors' => &$errors);
SimpleSAML\Module::callHooks('sanitycheck', $hookinfo);
if (count($errors) > 0) {
foreach ($errors as $err) {
$croninfo['summary'][] = 'Sanitycheck error: ' . $err;
}
}
} catch (Exception $e) {
$croninfo['summary'][] = 'Error executing sanity check: ' . $e->getMessage();
}
}
public function authenticate(&$state)
{
assert('is_array($state)');
// We are going to need the authId in order to retrieve this authentication source later
$state[self::AUTHID] = $this->authId;
$id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
$url = SimpleSAML\Module::getModuleURL('InfoCard/login-infocard.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));
}
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function core_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['links']['frontpage_welcome'] = array('href' => SimpleSAML\Module::getModuleURL('core/frontpage_welcome.php'), 'text' => '{core:frontpage:welcome}', 'shorttext' => '{core:frontpage:welcome}');
$links['links']['frontpage_config'] = array('href' => SimpleSAML\Module::getModuleURL('core/frontpage_config.php'), 'text' => '{core:frontpage:configuration}', 'shorttext' => '{core:frontpage:configuration}');
$links['links']['frontpage_auth'] = array('href' => SimpleSAML\Module::getModuleURL('core/frontpage_auth.php'), 'text' => '{core:frontpage:auth}', 'shorttext' => '{core:frontpage:auth}');
$links['links']['frontpage_federation'] = array('href' => SimpleSAML\Module::getModuleURL('core/frontpage_federation.php'), 'text' => '{core:frontpage:federation}', 'shorttext' => '{core:frontpage:federation}');
}
public function getRule($preferRule)
{
$rule = $this->resolveSelectedRule($preferRule);
$statrulesConfig = $this->statconfig->getConfigItem('statrules');
$statruleConfig = $statrulesConfig->getConfigItem($rule);
$presenterClass = SimpleSAML\Module::resolveClass($statruleConfig->getValue('presenter', 'statistics:BaseRule'), 'Statistics_Rulesets');
$statrule = new $presenterClass($this->statconfig, $statruleConfig, $rule, $this->available);
return $statrule;
}
/**
* Initialize processing of the redirect test.
*
* @param array &$state The state we should update.
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Attributes", $state)');
// To check whether the state is saved correctly
$state['Attributes']['RedirectTest1'] = array('OK');
// Save state and redirect
$id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test');
$url = SimpleSAML\Module::getModuleURL('exampleauth/redirecttest.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Process a authentication response.
*
* This function saves the state, and redirects the user to the page where the user
* can authorize the release of the attributes.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
// We have a passive request. Skip the warning
return;
}
// Save state and redirect.
$id = SimpleSAML_Auth_State::saveState($state, 'warning:request');
$url = SimpleSAML\Module::getModuleURL('preprodwarning/showwarning.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Redirect to page setting CDC.
*
* @param array &$state The request state.
*/
public function process(&$state)
{
assert('is_array($state)');
if (!isset($state['Source']['entityid'])) {
SimpleSAML\Logger::warning('saml:CDC: Could not find IdP entityID.');
return;
}
// Save state and build request
$id = SimpleSAML_Auth_State::saveState($state, 'cdc:resume');
$returnTo = SimpleSAML\Module::getModuleURL('cdc/resume.php', array('domain' => $this->domain));
$params = array('id' => $id, 'entityID' => $state['Source']['entityid']);
$this->client->sendRequest($returnTo, 'append', $params);
}
/**
* Log-in using Facebook platform
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
// We are going to need the authId in order to retrieve this authentication source later
$state[self::AUTHID] = $this->authId;
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
$facebook = new sspmod_authfacebook_Facebook(array('appId' => $this->api_key, 'secret' => $this->secret), $state);
$facebook->destroySession();
$linkback = SimpleSAML\Module::getModuleURL('authfacebook/linkback.php', array('AuthState' => $stateID));
$url = $facebook->getLoginUrl(array('redirect_uri' => $linkback, 'scope' => $this->req_perms));
SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
}
/**
* The inner workings of the module. Check client's subnet and redirect
* to an authentication page protected with "HTTP Negotiate" authentication
* or a fallback authentication source.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
$state['negotiateserver:AuthID'] = $this->authId;
$state['negotiateserver:AuthFallback'] = $this->auth_fallback;
if (!$this->checkClientSubnet()) {
$this->fallback($state);
}
$stateId = SimpleSAML_Auth_State::saveState($state, 'negotiateserver:Negotiate');
$returnTo = SimpleSAML\Module::getModuleURL('negotiateserver/resume.php', array('State' => $stateId));
$authPage = SimpleSAML\Module::getModuleURL('negotiateserver/preauth.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($authPage, array('State' => $stateId, 'ReturnTo' => $returnTo));
assert('FALSE');
}
/**
* Log-in using MySpace platform
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
// We are going to need the authId in order to retrieve this authentication source later
$state[self::AUTHID] = $this->authId;
$consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
// Get the request token
$requestToken = $consumer->getRequestToken('http://api.myspace.com/request_token');
SimpleSAML\Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]");
$state['authmyspace:requestToken'] = $requestToken;
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
SimpleSAML\Logger::debug('authmyspace auth state id = ' . $stateID);
// Authorize the request token
$consumer->getAuthorizeRequest('http://api.myspace.com/authorize', $requestToken, TRUE, SimpleSAML\Module::getModuleUrl('authmyspace') . '/linkback.php?stateid=' . $stateID);
}
function SimpleSAML_exception_handler($exception)
{
SimpleSAML\Module::callHooks('exception_handler', $exception);
if ($exception instanceof SimpleSAML_Error_Error) {
$exception->show();
} elseif ($exception instanceof Exception) {
$e = new SimpleSAML_Error_Error('UNHANDLEDEXCEPTION', $exception);
$e->show();
} else {
if (class_exists('Error') && $exception instanceof Error) {
$code = $exception->getCode();
$errno = $code > 0 ? $code : E_ERROR;
$errstr = $exception->getMessage();
$errfile = $exception->getFile();
$errline = $exception->getLine();
SimpleSAML_error_handler($errno, $errstr, $errfile, $errline);
}
}
}
/**
* Log-in using Twitter platform
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
// We are going to need the authId in order to retrieve this authentication source later
$state[self::AUTHID] = $this->authId;
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
$consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
// Get the request token
$linkback = SimpleSAML\Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID));
$requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback));
SimpleSAML\Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]");
$state['authtwitter:authdata:requestToken'] = $requestToken;
SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
// Authorize the request token
$url = 'https://api.twitter.com/oauth/authenticate';
if ($this->force_login) {
$url = \SimpleSAML\Utils\HTTP::addURLParameters($url, array('force_login' => 'true'));
}
$consumer->getAuthorizeRequest($url, $requestToken);
}
<?php
/**
* Show a warning to an user about the SP requesting SSO a short time after
* doing it previously.
*
* @package SimpleSAMLphp
*/
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
$id = $_REQUEST['StateId'];
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
$session = SimpleSAML_Session::getSessionFromRequest();
if (array_key_exists('continue', $_REQUEST)) {
// The user has pressed the continue/retry-button
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php');
$t->data['target'] = SimpleSAML\Module::getModuleURL('core/short_sso_interval.php');
$t->data['params'] = array('StateId' => $id);
$t->data['trackId'] = $session->getTrackID();
$t->show();
<?php
/**
* Show a 403 Forbidden page about not authorized to access an application.
*
* @package SimpleSAMLphp
*/
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
$state = SimpleSAML_Auth_State::loadState($_REQUEST['StateId'], 'authorize:Authorize');
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'authorize:authorize_403.php');
if (isset($state['Source']['auth'])) {
$t->data['LogoutURL'] = SimpleSAML\Module::getModuleURL('core/authenticate.php', array('as' => $state['Source']['auth'])) . "&logout";
}
header('HTTP/1.0 403 Forbidden');
$t->show();
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function sanitycheck_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['config']['santitycheck'] = array('href' => SimpleSAML\Module::getModuleURL('sanitycheck/index.php'), 'text' => array('en' => 'Sanity check of your SimpleSAMLphp setup'), 'shorttext' => array('en' => 'SanityCheck'));
}
/**
* Prompt the user with a list of authentication sources.
*
* This method saves the information about the configured sources,
* and redirects to a page where the user must select one of these
* authentication sources.
*
* This method never return. The authentication process is finished
* in the delegateAuthentication method.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
$state[self::AUTHID] = $this->authId;
$state[self::SOURCESID] = $this->sources;
/* Save the $state array, so that we can restore if after a redirect */
$id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
/* Redirect to the select source page. We include the identifier of the
saved state array as a parameter to the login form */
$url = SimpleSAML\Module::getModuleURL('multiauth/selectsource.php');
$params = array('AuthState' => $id);
// Allowes the user to specify the auth souce to be used
if (isset($_GET['source'])) {
$params['source'] = $_GET['source'];
}
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
/* The previous function never returns, so this code is never
executed */
assert('FALSE');
}
<?php
$faventry = NULL;
foreach ($this->data['idplist'] as $tab => $slist) {
if (!empty($this->data['preferredidp']) && array_key_exists($this->data['preferredidp'], $slist)) {
$faventry = $slist[$this->data['preferredidp']];
}
}
if (!array_key_exists('header', $this->data)) {
$this->data['header'] = 'selectidp';
}
$this->data['header'] = $this->t($this->data['header']);
$this->data['jquery'] = array('core' => TRUE, 'ui' => TRUE, 'css' => TRUE);
$this->data['head'] = '<link rel="stylesheet" media="screen" type="text/css" href="' . SimpleSAML\Module::getModuleUrl('discopower/style.css') . '" />';
$this->data['head'] .= '<script type="text/javascript" src="' . SimpleSAML\Module::getModuleUrl('discopower/js/jquery.livesearch.js') . '"></script>';
$this->data['head'] .= '<script type="text/javascript" src="' . SimpleSAML\Module::getModuleUrl('discopower/js/' . $this->data['score'] . '.js') . '"></script>';
$this->data['head'] .= '<script type="text/javascript">
$(document).ready(function() {
$("#discotabs").tabs({ selected: ' . $this->data['defaulttab'] . ' }); ';
$i = 0;
foreach ($this->data['idplist'] as $tab => $slist) {
$this->data['head'] .= "\n" . '$("#query_' . $tab . '").liveUpdate("#list_' . $tab . '")' . ($i++ == 0 && empty($faventry) ? '.focus()' : '') . ';';
}
$this->data['head'] .= '
});
</script>';
if (!empty($faventry)) {
$this->data['autofocus'] = 'favouritesubmit';
}
