From 0af69a65220e3cf3e7aac9f47dc6e4f7cb5fe0c2 Mon Sep 17 00:00:00 2001
From: Philipp Kolmann <philipp@kolmann.at>
Date: Fri, 3 Apr 2020 14:16:26 +0200
Subject: [PATCH] Use auth sources by default by identifying them as "default"
 in the config. (+3 squashed commits) Squashed commits: [090679e6b]
 authsources must be an array [1778d0c21] only set the AuthSource if it also
 exists, but always remove the config variable. [c09669e32] add the
 possibility to specify one AuthSource to be shown and the rest are used via
 multiauth:MultiAuth

---
 config-templates/authsources.php      | 11 +++++++++++
 modules/core/lib/Controller/Login.php | 19 ++++++++++++++-----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/config-templates/authsources.php b/config-templates/authsources.php
index f2d562163..d909a3881 100644
--- a/config-templates/authsources.php
+++ b/config-templates/authsources.php
@@ -1,6 +1,17 @@
 <?php
 
 $config = [
+    /*
+     * When multiple authentication sources are defined, you can specify one to use by default
+     * in order to authenticate users. In order to do that, you just need to name it "default"
+     * here. That authentication source will be used by default then when a user reaches the
+     * SimpleSAMLphp installation from the web browser, without passing through the API.
+     *
+     * If you already have named your auth source with a different name, you don't need to change
+     * it in order to use it as a default. Just create an alias by the end of this file:
+     *
+     * $config['default'] = &$config['your_auth_source'];
+     */
 
     // This is a authentication source which handles admin authentication.
     'admin' => [
diff --git a/modules/core/lib/Controller/Login.php b/modules/core/lib/Controller/Login.php
index e117cdc2c..32c6b01c5 100644
--- a/modules/core/lib/Controller/Login.php
+++ b/modules/core/lib/Controller/Login.php
@@ -86,7 +86,7 @@ class Login
         }
 
         $attributes = $auth->getAttributes();
-        
+
         $session = Session::getSessionFromRequest();
 
         $t = new Template($this->config, 'auth_status.twig', 'attributes');
@@ -132,11 +132,20 @@ class Login
             $as = key($this->sources);
         }
 
+        $default = false;
+        if (array_key_exists('default', $this->sources) && is_array($this->sources['default'])) {
+            $default = $this->sources['default'];
+        }
+
         if ($as === null) { // no authentication source specified
-            $t = new Template($this->config, 'core:login.twig');
-            $t->data['loginurl'] = Utils\Auth::getAdminLoginURL();
-            $t->data['sources'] = $this->sources;
-            return $t;
+            if (!$default) {
+                $t = new Template($this->config, 'core:login.twig');
+                $t->data['loginurl'] = Utils\Auth::getAdminLoginURL();
+                $t->data['sources'] = $this->sources;
+                return $t;
+            }
+            // we have a default, use that one
+            $as = 'default';
         }
 
         // auth source defined, check if valid
-- 
GitLab