Skip to content
Snippets Groups Projects
Select Git revision
0 results
Blame Permalink
Code owners
simplesamlphp-authsource.md 5.70 KiB

Creating authentication sources

All authentication sources are located in the lib/Auth/Source/ directory in a module, and the class name is \SimpleSAML\Module\<module>\Auth\Source\<name>. The authentication source must extend the \SimpleSAML\Auth\Source class or one of its subclasses.

The "entry point" of an authentication source is the authenticate()-function. Once that function is called, the authentication module can do whatever it wishes to do. There are only two requirements:

  • Never show any pages to the user directly from within the authenticate()-function. (This will lead to problems if the user decides to reload the page.)

  • Return control to SimpleSAMLphp after authenticating the user. If the module is able to authenticate the user without doing any redirects, it should just update the state-array and return. If the module does a redirect, it must call \SimpleSAML\Auth\Source::completeAuth() with the updated state array.

Everything else is up to the module. If the module needs to redirect the user, for example because it needs to show the user a page asking for credentials, it needs to save the state array. For that we have the \SimpleSAML\Auth\State class. This is only a convenience class, and you are not required to use it (but its use is encouraged, since it handles some potential pitfalls).

Saving state

The \SimpleSAML\Auth\State class has two functions that you should use: saveState($state, $stage), and loadState($id, $stage). The $stage parameter must be an unique identifier for the current position in the authentication. It is used to prevent a malicious user from taking a state you save in one location, and give it to a different location.

The saveState()-function returns an id, which you should pass to the loadState()-function later.

Username/password authentication

Since username/password authentication is quite a common operation, a base class has been created for this. This is the \SimpleSAML\Module\core\Auth\UserPassBase class, which is can be found as modules/core/lib/Auth/UserPassBase.php.