/**
* Take some actions during the login event of a user
*
* @param string $event 'login' is the event this function handles
* @param string $type 'user' is the type for this event
* @param ElggUser $object the current user trying to login
*
* @return void
*/
function simplesaml_login_event_handler($event, $type, $object)
{
if (empty($object) || !elgg_instanceof($object, "user")) {
return;
}
if (!isset($_SESSION["saml_attributes"]) || !isset($_SESSION["saml_source"])) {
return;
}
$saml_attributes = $_SESSION["saml_attributes"];
$source = $_SESSION["saml_source"];
if (!simplesaml_is_enabled_source($source)) {
return;
}
if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) {
return;
}
$saml_uid = elgg_extract("elgg:external_id", $saml_attributes);
if (!empty($saml_uid)) {
if (is_array($saml_uid)) {
$saml_uid = $saml_uid[0];
}
// save the external id so the next login will go faster
simplesaml_link_user($object, $source, $saml_uid);
}
// save the attributes to the user
simplesaml_save_authentication_attributes($object, $source, $saml_attributes);
// save source name for single logout
$_SESSION["saml_login_source"] = $source;
unset($_SESSION["saml_attributes"]);
unset($_SESSION["saml_source"]);
}
/**
* Take some actions during the login event of a user
*
* @param string $event the name of the event
* @param string $type type of the event
* @param ElggUser $object the current user trying to login
*
* @return void
*/
public static function loginEvent($event, $type, $object)
{
if (!$object instanceof \ElggUser) {
return;
}
$saml_attributes = simplesaml_get_from_session('saml_attributes');
$source = simplesaml_get_from_session('saml_source');
// simplesaml login?
if (!isset($saml_attributes) || !isset($source)) {
return;
}
// source enabled
if (!simplesaml_is_enabled_source($source)) {
return;
}
// validate additional authentication rules
if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) {
return;
}
// link the user to this source
$saml_uid = elgg_extract('elgg:external_id', $saml_attributes);
if (!empty($saml_uid)) {
if (is_array($saml_uid)) {
$saml_uid = $saml_uid[0];
}
// save the external id so the next login will go faster
simplesaml_link_user($object, $source, $saml_uid);
}
// save the attributes to the user
simplesaml_save_authentication_attributes($object, $source, $saml_attributes);
// save source name for single logout
simplesaml_store_in_session('saml_login_source', $source);
// cleanup
simplesaml_remove_from_session('saml_attributes');
simplesaml_remove_from_session('saml_source');
}
$session_source = simplesaml_get_from_session('saml_source');
if (empty($source) || empty($session_source)) {
register_error(elgg_echo('simplesaml:error:no_source'));
forward(REFERER);
}
$label = simplesaml_get_source_label($source);
if (!simplesaml_is_enabled_source($source)) {
register_error(elgg_echo('simplesaml:error:source_not_enabled', [$label]));
forward(REFERER);
}
if ($source !== $session_source) {
register_error(elgg_echo('simplesaml:error:source_mismatch'));
forward(REFERER);
}
$saml_attributes = simplesaml_get_from_session('saml_attributes');
if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) {
// not authorized
register_error(elgg_echo('simplesaml:error:attribute_validation', [$label]));
forward(REFERER);
}
$displayname = get_input('displayname');
$user_email = get_input('email');
$forward_url = REFERER;
$error = false;
// prepare for registration
$name = '';
if (!empty($saml_attributes['elgg:firstname']) || !empty($saml_attributes['elgg:lastname'])) {
$firstname = elgg_extract('elgg:firstname', $saml_attributes);
if (is_array($firstname)) {
$firstname = $firstname[0];
}
