/**
* Take some actions during the login event of a user
*
* @param string $event 'login' is the event this function handles
* @param string $type 'user' is the type for this event
* @param ElggUser $object the current user trying to login
*
* @return void
*/
function simplesaml_login_event_handler($event, $type, $object)
{
if (empty($object) || !elgg_instanceof($object, "user")) {
return;
}
if (!isset($_SESSION["saml_attributes"]) || !isset($_SESSION["saml_source"])) {
return;
}
$saml_attributes = $_SESSION["saml_attributes"];
$source = $_SESSION["saml_source"];
if (!simplesaml_is_enabled_source($source)) {
return;
}
if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) {
return;
}
$saml_uid = elgg_extract("elgg:external_id", $saml_attributes);
if (!empty($saml_uid)) {
if (is_array($saml_uid)) {
$saml_uid = $saml_uid[0];
}
// save the external id so the next login will go faster
simplesaml_link_user($object, $source, $saml_uid);
}
// save the attributes to the user
simplesaml_save_authentication_attributes($object, $source, $saml_attributes);
// save source name for single logout
$_SESSION["saml_login_source"] = $source;
unset($_SESSION["saml_attributes"]);
unset($_SESSION["saml_source"]);
}
/**
* Take some actions during the login event of a user
*
* @param string $event the name of the event
* @param string $type type of the event
* @param ElggUser $object the current user trying to login
*
* @return void
*/
public static function loginEvent($event, $type, $object)
{
if (!$object instanceof \ElggUser) {
return;
}
$saml_attributes = simplesaml_get_from_session('saml_attributes');
$source = simplesaml_get_from_session('saml_source');
// simplesaml login?
if (!isset($saml_attributes) || !isset($source)) {
return;
}
// source enabled
if (!simplesaml_is_enabled_source($source)) {
return;
}
// validate additional authentication rules
if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) {
return;
}
// link the user to this source
$saml_uid = elgg_extract('elgg:external_id', $saml_attributes);
if (!empty($saml_uid)) {
if (is_array($saml_uid)) {
$saml_uid = $saml_uid[0];
}
// save the external id so the next login will go faster
simplesaml_link_user($object, $source, $saml_uid);
}
// save the attributes to the user
simplesaml_save_authentication_attributes($object, $source, $saml_attributes);
// save source name for single logout
simplesaml_store_in_session('saml_login_source', $source);
// cleanup
simplesaml_remove_from_session('saml_attributes');
simplesaml_remove_from_session('saml_source');
}
// register user
$user = simplesaml_register_user($name, $email, $source, $validate, $username);
if (!empty($user)) {
// link user to the saml source
// make sure we can find hidden (unvalidated) users
$hidden = access_get_show_hidden_status();
access_show_hidden_entities(true);
$saml_uid = elgg_extract('elgg:external_id', $saml_attributes);
if (!empty($saml_uid)) {
if (is_array($saml_uid)) {
$saml_uid = $saml_uid[0];
}
simplesaml_link_user($user, $source, $saml_uid);
}
// save attributes
simplesaml_save_authentication_attributes($user, $source, $saml_attributes);
// restore hidden setting
access_show_hidden_entities($hidden);
// notify user about registration
system_message(elgg_echo('registerok', [elgg_get_site_entity()->name]));
// cleanup session
simplesaml_remove_from_session('saml_source');
simplesaml_remove_from_session('saml_attributes');
// try to login the user
try {
// check for the persistent login plugin setting
$persistent = false;
if (elgg_get_plugin_setting($source . '_remember_me', 'simplesaml')) {
$persistent = true;
}
// login the user
/**
* Remove an existing link between the user and a Service Provider (SP).
*
* @param ElggUser $user the user to unlink
* @param string $saml_source the name of the SP
*
* @return bool true is the user is unlinked, false on failure
*/
function simplesaml_unlink_user(ElggUser $user, $saml_source)
{
$result = false;
if (!empty($user) && elgg_instanceof($user, "user", null, "ElggUser") && !empty($saml_source)) {
// cleanup the saml attributes
simplesaml_save_authentication_attributes($user, $saml_source);
// remove the link to the user
$result = elgg_unset_plugin_user_setting($saml_source . "_uid", $user->getGUID(), "simplesaml");
}
return $result;
}
/**
* Remove an existing link between the user and a Service Provider (SP).
*
* @param ElggUser $user the user to unlink
* @param string $saml_source the name of the SP
*
* @return bool
*/
function simplesaml_unlink_user(ElggUser $user, $saml_source)
{
if (!$user instanceof ElggUser || empty($saml_source)) {
return false;
}
// cleanup the saml attributes
simplesaml_save_authentication_attributes($user, $saml_source);
// remove the link to the user
return elgg_unset_plugin_user_setting("{$saml_source}_uid", $user->getGUID(), 'simplesaml');
}
