Skip to content
Snippets Groups Projects
Unverified Commit 0c7884ea authored by Thijs Kinkhorst's avatar Thijs Kinkhorst Committed by GitHub
Browse files

Specify language for code blocks

parent e2873a88
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
docs/simplesamlphp-sp-api.md
+ 122
82
View file @ 0c7884ea
...@@ -10,6 +10,7 @@ This is the preferred API for integrating SimpleSAMLphp with other applications. ...@@ -10,6 +10,7 @@ This is the preferred API for integrating SimpleSAMLphp with other applications.
Some SimpleSAMLphp calls replace the current active PHP session. If you previously started a session and wish to write to it, then you must cleanup the SimpleSAMLphp session before you can write to your session. If you do not need to modify your own session, then you can leave the cleanup call out; however, forgetting to call cleanup is a common source of hard to find bugs. Some SimpleSAMLphp calls replace the current active PHP session. If you previously started a session and wish to write to it, then you must cleanup the SimpleSAMLphp session before you can write to your session. If you do not need to modify your own session, then you can leave the cleanup call out; however, forgetting to call cleanup is a common source of hard to find bugs.
```php
session_start(); session_start();
// ... // ...
$auth = new \SimpleSAML\Auth\Simple('default-sp'); $auth = new \SimpleSAML\Auth\Simple('default-sp');
...@@ -18,11 +19,14 @@ Some SimpleSAMLphp calls replace the current active PHP session. If you previous ...@@ -18,11 +19,14 @@ Some SimpleSAMLphp calls replace the current active PHP session. If you previous
SimpleSAML_Session::getSessionFromRequest()->cleanup(); // Reverts to our PHP session SimpleSAML_Session::getSessionFromRequest()->cleanup(); // Reverts to our PHP session
// Save to our session // Save to our session
$_SESSION['key'] = 'value'; $_SESSION['key'] = 'value';
```
Constructor Constructor
----------- -----------
```php
new \SimpleSAML\Auth\Simple(string $authSource) new \SimpleSAML\Auth\Simple(string $authSource)
```
The constructor initializes a \SimpleSAML\Auth\Simple object. The constructor initializes a \SimpleSAML\Auth\Simple object.
...@@ -33,29 +37,36 @@ This authentication source must exist in `config/authsources.php`. ...@@ -33,29 +37,36 @@ This authentication source must exist in `config/authsources.php`.
### Example ### Example
```php
$auth = new \SimpleSAML\Auth\Simple('default-sp'); $auth = new \SimpleSAML\Auth\Simple('default-sp');
```
`isAuthenticated` `isAuthenticated`
----------------- -----------------
```php
bool isAuthenticated() bool isAuthenticated()
```
Check whether the user is authenticated with this authentication source. Check whether the user is authenticated with this authentication source.
`TRUE` is returned if the user is authenticated, `FALSE` if not. `TRUE` is returned if the user is authenticated, `FALSE` if not.
### Example ### Example
```php
if (!$auth->isAuthenticated()) { if (!$auth->isAuthenticated()) {
SimpleSAML_Session::getSessionFromRequest()->cleanup(); SimpleSAML_Session::getSessionFromRequest()->cleanup();
/* Show login link. */ /* Show login link. */
print('<a href="/login">Login</a>'); print('<a href="/login">Login</a>');
} }
```
`requireAuth` `requireAuth`
------------- -------------
```php
void requireAuth(array $params = []) void requireAuth(array $params = [])
```
Make sure that the user is authenticated. Make sure that the user is authenticated.
This function will only return if the user is authenticated. This function will only return if the user is authenticated.
...@@ -69,12 +80,15 @@ See the documentation for the `login`-function for a description of the paramete ...@@ -69,12 +80,15 @@ See the documentation for the `login`-function for a description of the paramete
### Example 1 ### Example 1
```php
$auth->requireAuth(); $auth->requireAuth();
SimpleSAML_Session::getSessionFromRequest()->cleanup(); SimpleSAML_Session::getSessionFromRequest()->cleanup();
print("Hello, authenticated user!"); print("Hello, authenticated user!");
```
### Example 2 ### Example 2
```php
/* /*
* Return the user to the frontpage after authentication, don't post * Return the user to the frontpage after authentication, don't post
* the current POST data. * the current POST data.
...@@ -85,12 +99,14 @@ See the documentation for the `login`-function for a description of the paramete ...@@ -85,12 +99,14 @@ See the documentation for the `login`-function for a description of the paramete
]); ]);
SimpleSAML_Session::getSessionFromRequest()->cleanup(); SimpleSAML_Session::getSessionFromRequest()->cleanup();
print("Hello, authenticated user!"); print("Hello, authenticated user!");
```
`login` `login`
------------- -------------
```php
void login(array $params = []) void login(array $params = [])
```
Start a login operation. Start a login operation.
This function will always start a new authentication process. This function will always start a new authentication process.
...@@ -122,17 +138,21 @@ The [`saml:SP`](./saml:sp) authentication source also defines some parameters. ...@@ -122,17 +138,21 @@ The [`saml:SP`](./saml:sp) authentication source also defines some parameters.
### Example ### Example
```php
# Send a passive authentication request. # Send a passive authentication request.
$auth->login([ $auth->login([
'isPassive' => TRUE, 'isPassive' => TRUE,
'ErrorURL' => 'https://.../error_handler.php', 'ErrorURL' => 'https://.../error_handler.php',
]); ]);
SimpleSAML_Session::getSessionFromRequest()->cleanup(); SimpleSAML_Session::getSessionFromRequest()->cleanup();
```
`logout` `logout`
-------- --------
```php
void logout(mixed $params = NULL) void logout(mixed $params = NULL)
```
Log the user out. Log the user out.
After logging out, the user will either be redirected to another page, or a function will be called. After logging out, the user will either be redirected to another page, or a function will be called.
...@@ -158,22 +178,27 @@ This function never returns. ...@@ -158,22 +178,27 @@ This function never returns.
Logout, and redirect to the specified URL. Logout, and redirect to the specified URL.
```php
$auth->logout('https://sp.example.org/logged_out.php'); $auth->logout('https://sp.example.org/logged_out.php');
SimpleSAML_Session::getSessionFromRequest()->cleanup(); SimpleSAML_Session::getSessionFromRequest()->cleanup();
```
### Example 2 ### Example 2
Same as the previous, but check the result of the logout operation afterwards. Same as the previous, but check the result of the logout operation afterwards.
```php
$auth->logout([ $auth->logout([
'ReturnTo' => 'https://sp.example.org/logged_out.php', 'ReturnTo' => 'https://sp.example.org/logged_out.php',
'ReturnStateParam' => 'LogoutState', 'ReturnStateParam' => 'LogoutState',
'ReturnStateStage' => 'MyLogoutState', 'ReturnStateStage' => 'MyLogoutState',
]); ]);
SimpleSAML_Session::getSessionFromRequest()->cleanup(); SimpleSAML_Session::getSessionFromRequest()->cleanup();
```
And in logged_out.php: And in logged_out.php:
```php
$state = \SimpleSAML\Auth\State::loadState((string)$_REQUEST['LogoutState'], 'MyLogoutState'); $state = \SimpleSAML\Auth\State::loadState((string)$_REQUEST['LogoutState'], 'MyLogoutState');
$ls = $state['saml:sp:LogoutStatus']; /* Only works for SAML SP */ $ls = $state['saml:sp:LogoutStatus']; /* Only works for SAML SP */
if ($ls['Code'] === 'urn:oasis:names:tc:SAML:2.0:status:Success' && !isset($ls['SubCode'])) { if ($ls['Code'] === 'urn:oasis:names:tc:SAML:2.0:status:Success' && !isset($ls['SubCode'])) {
...@@ -183,26 +208,30 @@ And in logged_out.php: ...@@ -183,26 +208,30 @@ And in logged_out.php:
/* Logout failed. Tell the user to close the browser. */ /* Logout failed. Tell the user to close the browser. */
echo("We were unable to log you out of all your sessions. To be completely sure that you are logged out, you need to close your web browser."); echo("We were unable to log you out of all your sessions. To be completely sure that you are logged out, you need to close your web browser.");
} }
```
`getAttributes` `getAttributes`
--------------- ---------------
```php
array getAttributes() array getAttributes()
```
Retrieve the attributes of the current user. Retrieve the attributes of the current user.
If the user isn't authenticated, an empty array will be returned. If the user isn't authenticated, an empty array will be returned.
The attributes will be returned as an associative array with the name of the attribute as the key and the value as an array of one or more strings: The attributes will be returned as an associative array with the name of the attribute as the key and the value as an array of one or more strings:
```php
[ [
'uid' => ['testuser'], 'uid' => ['testuser'],
'eduPersonAffiliation' => ['student', 'member'], 'eduPersonAffiliation' => ['student', 'member'],
] ]
```
### Example ### Example
```php
$attrs = $auth->getAttributes(); $attrs = $auth->getAttributes();
if (!isset($attrs['displayName'][0])) { if (!isset($attrs['displayName'][0])) {
throw new Exception('displayName attribute missing.'); throw new Exception('displayName attribute missing.');
...@@ -210,12 +239,14 @@ The attributes will be returned as an associative array with the name of the att ...@@ -210,12 +239,14 @@ The attributes will be returned as an associative array with the name of the att
$name = $attrs['displayName'][0]; $name = $attrs['displayName'][0];
print('Hello, ' . htmlspecialchars($name)); print('Hello, ' . htmlspecialchars($name));
```
`getAuthData` `getAuthData`
--------------- ---------------
```php
mixed getAuthData(string $name) mixed getAuthData(string $name)
```
Retrieve the specified authentication data for the current session. Retrieve the specified authentication data for the current session.
NULL is returned if the user isn't authenticated. NULL is returned if the user isn't authenticated.
...@@ -225,15 +256,18 @@ See the [`saml:SP`](./saml:sp) reference for information about available SAML au ...@@ -225,15 +256,18 @@ See the [`saml:SP`](./saml:sp) reference for information about available SAML au
### Example ### Example
```php
$idp = $auth->getAuthData('saml:sp:IdP'); $idp = $auth->getAuthData('saml:sp:IdP');
$nameID = $auth->getAuthData('saml:sp:NameID')->getValue(); $nameID = $auth->getAuthData('saml:sp:NameID')->getValue();
printf('You are %s, logged in from %s', htmlspecialchars($nameID), htmlspecialchars($idp)); printf('You are %s, logged in from %s', htmlspecialchars($nameID), htmlspecialchars($idp));
```
`getLoginURL` `getLoginURL`
------------- -------------
```php
string getLoginURL(string $returnTo = NULL) string getLoginURL(string $returnTo = NULL)
```
Retrieve a URL that can be used to start authentication. Retrieve a URL that can be used to start authentication.
...@@ -246,9 +280,11 @@ Retrieve a URL that can be used to start authentication. ...@@ -246,9 +280,11 @@ Retrieve a URL that can be used to start authentication.
### Example ### Example
```php
$url = $auth->getLoginURL(); $url = $auth->getLoginURL();
print('<a href="' . htmlspecialchars($url) . '">Login</a>'); print('<a href="' . htmlspecialchars($url) . '">Login</a>');
```
### Note ### Note
...@@ -262,7 +298,9 @@ The URL should be: ...@@ -262,7 +298,9 @@ The URL should be:
`getLogoutURL` `getLogoutURL`
-------------- --------------
```php
string getLogoutURL(string $returnTo = NULL) string getLogoutURL(string $returnTo = NULL)
```
Retrieve a URL that can be used to trigger logout. Retrieve a URL that can be used to trigger logout.
...@@ -275,9 +313,11 @@ Retrieve a URL that can be used to trigger logout. ...@@ -275,9 +313,11 @@ Retrieve a URL that can be used to trigger logout.
### Example ### Example
```php
$url = $auth->getLogoutURL(); $url = $auth->getLogoutURL();
print('<a href="' . htmlspecialchars($url) . '">Logout</a>'); print('<a href="' . htmlspecialchars($url) . '">Logout</a>');
```
### Note ### Note
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment