diff --git a/CHANGELOG.md b/CHANGELOG.md index 19ffd3bbc44c7e274b934520e873f265bb6fff7b..6dfe9bd3cf39092d036e1d79549e6a1b73ca0a8f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. ## [Unreleased] + [Added] + - Added support for MFA ## [v1.2.2] [Removed] diff --git a/themes/elixir/perun/disco-tpl.php b/themes/elixir/perun/disco-tpl.php index d1618700fc7d3dae149b3a3a916883294241970d..a99edb00da2c429967a83c8981b6b490f774f57a 100644 --- a/themes/elixir/perun/disco-tpl.php +++ b/themes/elixir/perun/disco-tpl.php @@ -23,11 +23,15 @@ const WARNING_USER_CAN_CONTINUE = 'userCanContinue'; const WARNING_TITLE = 'title'; const WARNING_TEXT = 'text'; +const MFA_IDENTIFIER = "https://refeds.org/profile/mfa"; +const MFA_IDP = "https://stepup.elixir-finland.org/idp/shibboleth"; + $warningIsOn = false; $warningUserCanContinue = null; $warningTitle = null; $warningText = null; $config = null; +$authContextClassRef = null; try { $config = SimpleSAML_Configuration::getConfig(WARNING_CONFIG_FILE_NAME); @@ -68,8 +72,22 @@ if ($warningIsOn && !$warningUserCanContinue) { $this->data['header'] = $this->t('{elixir:elixir:warning}'); } +if (isset($this->data['AuthnContextClassRef'])) { + $authContextClassRef = $this->data['AuthnContextClassRef']; +} + $this->includeAtTemplateBase('includes/header.php'); +if ($authContextClassRef != null) { + foreach ($authContextClassRef as $value) { + if (substr($value, 0, strlen(MFA_IDENTIFIER)) === MFA_IDENTIFIER) { + SimpleSAML\Logger::info("Redirecting to " . MFA_IDP); + $url = $this->getContinueUrl(MFA_IDP); + SimpleSAML\Utils\HTTP::redirectTrustedURL($url); + exit; + } + } +} if ($warningIsOn) { if($warningUserCanContinue) {