示例#1
0
 /**
  * Take some actions during the login event of a user
  *
  * @param string   $event  the name of the event
  * @param string   $type   type of the event
  * @param ElggUser $object the current user trying to login
  *
  * @return void
  */
 public static function loginEvent($event, $type, $object)
 {
     if (!$object instanceof \ElggUser) {
         return;
     }
     $saml_attributes = simplesaml_get_from_session('saml_attributes');
     $source = simplesaml_get_from_session('saml_source');
     // simplesaml login?
     if (!isset($saml_attributes) || !isset($source)) {
         return;
     }
     // source enabled
     if (!simplesaml_is_enabled_source($source)) {
         return;
     }
     // validate additional authentication rules
     if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) {
         return;
     }
     // link the user to this source
     $saml_uid = elgg_extract('elgg:external_id', $saml_attributes);
     if (!empty($saml_uid)) {
         if (is_array($saml_uid)) {
             $saml_uid = $saml_uid[0];
         }
         // save the external id so the next login will go faster
         simplesaml_link_user($object, $source, $saml_uid);
     }
     // save the attributes to the user
     simplesaml_save_authentication_attributes($object, $source, $saml_attributes);
     // save source name for single logout
     simplesaml_store_in_session('saml_login_source', $source);
     // cleanup
     simplesaml_remove_from_session('saml_attributes');
     simplesaml_remove_from_session('saml_source');
 }
示例#2
0
        }
        simplesaml_link_user($user, $source, $saml_uid);
    }
    // save attributes
    simplesaml_save_authentication_attributes($user, $source, $saml_attributes);
    // restore hidden setting
    access_show_hidden_entities($hidden);
    // notify user about registration
    system_message(elgg_echo('registerok', [elgg_get_site_entity()->name]));
    // cleanup session
    simplesaml_remove_from_session('saml_source');
    simplesaml_remove_from_session('saml_attributes');
    // try to login the user
    try {
        // check for the persistent login plugin setting
        $persistent = false;
        if (elgg_get_plugin_setting($source . '_remember_me', 'simplesaml')) {
            $persistent = true;
        }
        // login the user
        login($user);
        // get forward url
        $forward_url = simplesaml_get_from_session('last_forward_from', '');
        simplesaml_remove_from_session('last_forward_from');
    } catch (Exception $e) {
        // make sure we don't force login
        simplesaml_store_in_session('simplesaml_disable_sso', true);
        $forward_url = '';
    }
}
forward($forward_url);
示例#3
0
/**
 * This function checks if authentication needs to be forces over an authentication source.
 *
 * @return void
 */
function simplesaml_check_force_authentication()
{
    if (elgg_is_logged_in()) {
        // no need to do anything if already logged in
        return;
    }
    if (isset($_GET['disable_sso'])) {
        // bypass for sso
        simplesaml_store_in_session('simplesaml_disable_sso', true);
        return;
    }
    $disable_sso = simplesaml_get_from_session('simplesaml_disable_sso', false);
    if ($disable_sso === true) {
        // sso was bypassed on a previous page
        return;
    }
    if (strpos(current_page_url(), elgg_normalize_url('saml/no_linked_account')) === 0) {
        // do not force authentication on the no_linked_account page
        return;
    }
    // get the plugin setting that defines force authentications
    $setting = elgg_get_plugin_setting('force_authentication', 'simplesaml');
    if (empty($setting)) {
        return;
    }
    // check if the authentication source is enabled
    if (!simplesaml_is_enabled_source($setting)) {
        return;
    }
    // make sure we can forward you to the correct url
    $last_forward = simplesaml_get_from_session('last_forward_from');
    if (!isset($last_forward)) {
        simplesaml_store_in_session('last_forward_from', current_page_url());
    }
    forward("saml/login/{$setting}");
}
示例#4
0
}
$label = simplesaml_get_source_label($source);
if (!simplesaml_is_enabled_source($source)) {
    register_error(elgg_echo('simplesaml:error:source_not_enabled', [$label]));
    forward($forward_url);
}
try {
    $saml_auth = new SimpleSAML_Auth_Simple($source);
} catch (Exception $e) {
    register_error(elgg_echo('simplesaml:error:class', [$e->getMessage()]));
    forward($forward_url);
}
// make sure we can forward you to the correct url
$last_forward = simplesaml_get_from_session('last_forward_from');
if (!isset($last_forward)) {
    simplesaml_store_in_session('last_forward_from', $_SERVER['REFERER']);
}
// login with SAML
if (!$saml_auth->isAuthenticated()) {
    // not logged in on IDP, so do that
    $saml_auth->login();
}
// user is authenticated with IDP, so link in Elgg
$saml_attributes = simplesaml_get_authentication_attributes($saml_auth, $source);
if (empty($saml_attributes)) {
    register_error(elgg_echo('simplesaml:authorize:error:attributes', [$label]));
    forward($forward_url);
}
// check for additional authentication rules
if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) {
    // not authorized
示例#5
0
<?php

/**
 * Show the login form to external users, so they can login to the external site using this sites credentials
 *
 * No credentials will be provided to the external site, only a name, email and a generated UID
 */
// where to go after authentication
$returnTo = get_input('ReturnTo');
if (!empty($returnTo)) {
    if (elgg_is_logged_in()) {
        forward($returnTo);
    } else {
        simplesaml_store_in_session('last_forward_from', $returnTo);
    }
}
// unset some extends
simplesaml_unextend_login_form();
// disable registration for this page
elgg_set_config('allow_registration', false);
// get page elements
$title_text = elgg_echo('login');
$body = elgg_view_form('login');
// make the page
$page_data = elgg_view_layout('one_column', ['title' => $title_text, 'content' => $body]);
// draw the page
echo elgg_view_page($title_text, $page_data);