/** * Take some actions during the login event of a user * * @param string $event 'login' is the event this function handles * @param string $type 'user' is the type for this event * @param ElggUser $object the current user trying to login * * @return void */ function simplesaml_login_event_handler($event, $type, $object) { if (empty($object) || !elgg_instanceof($object, "user")) { return; } if (!isset($_SESSION["saml_attributes"]) || !isset($_SESSION["saml_source"])) { return; } $saml_attributes = $_SESSION["saml_attributes"]; $source = $_SESSION["saml_source"]; if (!simplesaml_is_enabled_source($source)) { return; } if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) { return; } $saml_uid = elgg_extract("elgg:external_id", $saml_attributes); if (!empty($saml_uid)) { if (is_array($saml_uid)) { $saml_uid = $saml_uid[0]; } // save the external id so the next login will go faster simplesaml_link_user($object, $source, $saml_uid); } // save the attributes to the user simplesaml_save_authentication_attributes($object, $source, $saml_attributes); // save source name for single logout $_SESSION["saml_login_source"] = $source; unset($_SESSION["saml_attributes"]); unset($_SESSION["saml_source"]); }
/** * Take some actions during the login event of a user * * @param string $event the name of the event * @param string $type type of the event * @param ElggUser $object the current user trying to login * * @return void */ public static function loginEvent($event, $type, $object) { if (!$object instanceof \ElggUser) { return; } $saml_attributes = simplesaml_get_from_session('saml_attributes'); $source = simplesaml_get_from_session('saml_source'); // simplesaml login? if (!isset($saml_attributes) || !isset($source)) { return; } // source enabled if (!simplesaml_is_enabled_source($source)) { return; } // validate additional authentication rules if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) { return; } // link the user to this source $saml_uid = elgg_extract('elgg:external_id', $saml_attributes); if (!empty($saml_uid)) { if (is_array($saml_uid)) { $saml_uid = $saml_uid[0]; } // save the external id so the next login will go faster simplesaml_link_user($object, $source, $saml_uid); } // save the attributes to the user simplesaml_save_authentication_attributes($object, $source, $saml_attributes); // save source name for single logout simplesaml_store_in_session('saml_login_source', $source); // cleanup simplesaml_remove_from_session('saml_attributes'); simplesaml_remove_from_session('saml_source'); }
$session_source = simplesaml_get_from_session('saml_source'); if (empty($source) || empty($session_source)) { register_error(elgg_echo('simplesaml:error:no_source')); forward(REFERER); } $label = simplesaml_get_source_label($source); if (!simplesaml_is_enabled_source($source)) { register_error(elgg_echo('simplesaml:error:source_not_enabled', [$label])); forward(REFERER); } if ($source !== $session_source) { register_error(elgg_echo('simplesaml:error:source_mismatch')); forward(REFERER); } $saml_attributes = simplesaml_get_from_session('saml_attributes'); if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) { // not authorized register_error(elgg_echo('simplesaml:error:attribute_validation', [$label])); forward(REFERER); } $displayname = get_input('displayname'); $user_email = get_input('email'); $forward_url = REFERER; $error = false; // prepare for registration $name = ''; if (!empty($saml_attributes['elgg:firstname']) || !empty($saml_attributes['elgg:lastname'])) { $firstname = elgg_extract('elgg:firstname', $saml_attributes); if (is_array($firstname)) { $firstname = $firstname[0]; }