/** * Starts the authentication by redirecting to the SSO endpoint * * The redirect includes the callback URI (the original URI from the given request) * the client identifier and a signature of the arguments with the client private key. * * @param \TYPO3\Flow\Http\Request $request The current request * @param \TYPO3\Flow\Http\Response $response The current response * @return void */ public function startAuthentication(Request $request, Response $response) { $callbackUri = $request->getUri(); if (!isset($this->options['server'])) { throw new Exception('Missing "server" option for SingleSignOnRedirect entry point. Please specifiy one using the entryPointOptions setting.', 1351690358); } $ssoServer = $this->ssoServerFactory->create($this->options['server']); $ssoClient = $this->ssoClientFactory->create(); $redirectUri = $ssoServer->buildAuthenticationEndpointUri($ssoClient, $callbackUri); $response->setStatus(303); $response->setHeader('Location', $redirectUri); }
/** * Notify SSO servers about the logged out client * * All active authentication tokens of type SingleSignOnToken will be * used to get the registered global session id and send a request * to the session service on the SSO server. * * @return void */ public function logout() { $allConfiguration = $this->configurationManager->getConfiguration(\TYPO3\Flow\Configuration\ConfigurationManager::CONFIGURATION_TYPE_SETTINGS, 'TYPO3.Flow'); $tokens = $this->securityContext->getAuthenticationTokensOfType('Flowpack\\SingleSignOn\\Client\\Security\\SingleSignOnToken'); foreach ($tokens as $token) { $providerName = $token->getAuthenticationProviderName(); $serverIdentifier = \TYPO3\Flow\Utility\Arrays::getValueByPath($allConfiguration, 'security.authentication.providers.' . $providerName . '.providerOptions.server'); if ($serverIdentifier !== NULL) { $ssoClient = $this->ssoClientFactory->create(); $ssoServer = $this->ssoServerFactory->create($serverIdentifier); $ssoServer->destroySession($ssoClient, $token->getGlobalSessionId()); } } }
/** * Touches the global session on the server to synchronize expiration between * clients and the server * * This is only done in a configurable minimal interval to limit the number of calls. * * @param \Flowpack\SingleSignOn\Client\Security\SingleSignOnToken $token * @return void * @throws \Flowpack\SingleSignOn\Client\Exception\SessionNotFoundException */ protected function touchSessionIfNeeded(SingleSignOnToken $token) { $currentTime = time(); if ($currentTime - $token->getLastTouchTimestamp() > $this->globalSessionTouchInterval) { $ssoClient = $this->ssoClientFactory->create(); $ssoServer = $this->createSsoServer(); $sessionId = $token->getGlobalSessionId(); $ssoServer->touchSession($ssoClient, $sessionId); $token->setLastTouchTimestamp(time()); } }