Skip to content
Snippets Groups Projects
Commit 67e778cb authored by Jaime Perez Crespo's avatar Jaime Perez Crespo
Browse files

Reformat SimpleSAML_XHTML_IdPDisco and solve a minor bug.

parent c5532e07
No related branches found
No related tags found
No related merge requests found
<?php <?php
/** /**
* This class implements a generic IdP discovery service, for use in various IdP * This class implements a generic IdP discovery service, for use in various IdP
* discovery service pages. This should reduce code duplication. * discovery service pages. This should reduce code duplication.
...@@ -12,560 +13,580 @@ ...@@ -12,560 +13,580 @@
* @author Andreas Åkre Solberg <andreas@uninett.no>, UNINETT AS. * @author Andreas Åkre Solberg <andreas@uninett.no>, UNINETT AS.
* @package SimpleSAMLphp * @package SimpleSAMLphp
*/ */
class SimpleSAML_XHTML_IdPDisco { class SimpleSAML_XHTML_IdPDisco
{
/**
* An instance of the configuration class. /**
* * An instance of the configuration class.
* @var SimpleSAML_Configuration *
*/ * @var SimpleSAML_Configuration
protected $config; */
protected $config;
/**
* The identifier of this discovery service. /**
* * The identifier of this discovery service.
* @var string *
*/ * @var string
protected $instance; */
protected $instance;
/**
* An instance of the metadata handler, which will allow us to fetch metadata about IdPs. /**
* * An instance of the metadata handler, which will allow us to fetch metadata about IdPs.
* @var SimpleSAML_Metadata_MetaDataStorageHandler *
*/ * @var SimpleSAML_Metadata_MetaDataStorageHandler
protected $metadata; */
protected $metadata;
/**
* The users session. /**
* * The users session.
* @var SimpleSAML_Session *
*/ * @var SimpleSAML_Session
protected $session; */
protected $session;
/**
* The metadata sets we find allowed entities in, in prioritized order. /**
* * The metadata sets we find allowed entities in, in prioritized order.
* @var array *
*/ * @var array
protected $metadataSets; */
protected $metadataSets;
/**
* The entity id of the SP which accesses this IdP discovery service. /**
* * The entity id of the SP which accesses this IdP discovery service.
* @var string *
*/ * @var string
protected $spEntityId; */
protected $spEntityId;
/**
* HTTP parameter from the request, indicating whether the discovery service /**
* can interact with the user or not. * HTTP parameter from the request, indicating whether the discovery service
* * can interact with the user or not.
* @var boolean *
*/ * @var boolean
protected $isPassive; */
protected $isPassive;
/**
* The SP request to set the IdPentityID... /**
* * The SP request to set the IdPentityID...
* @var string|null *
*/ * @var string|null
protected $setIdPentityID = NULL; */
protected $setIdPentityID = null;
/**
* The name of the query parameter which should contain the users choice of IdP. /**
* This option default to 'entityID' for Shibboleth compatibility. * The name of the query parameter which should contain the users choice of IdP.
* * This option default to 'entityID' for Shibboleth compatibility.
* @var string *
*/ * @var string
protected $returnIdParam; */
protected $returnIdParam;
/**
* The list of scoped idp's. The intersection between the metadata idpList /**
* and scopedIDPList (given as a $_GET IDPList[] parameter) is presented to * The list of scoped idp's. The intersection between the metadata idpList
* the user. If the intersection is empty the metadata idpList is used. * and scopedIDPList (given as a $_GET IDPList[] parameter) is presented to
* * the user. If the intersection is empty the metadata idpList is used.
* @var array *
*/ * @var array
protected $scopedIDPList = array(); */
protected $scopedIDPList = array();
/**
* The URL the user should be redirected to after choosing an IdP. /**
* * The URL the user should be redirected to after choosing an IdP.
* @var string *
*/ * @var string
protected $returnURL; */
protected $returnURL;
/**
* Initializes this discovery service. /**
* * Initializes this discovery service.
* The constructor does the parsing of the request. If this is an invalid request, it will throw an exception. *
* * The constructor does the parsing of the request. If this is an invalid request, it will throw an exception.
* @param array $metadataSets Array with metadata sets we find remote entities in. *
* @param string $instance The name of this instance of the discovery service. * @param array $metadataSets Array with metadata sets we find remote entities in.
* * @param string $instance The name of this instance of the discovery service.
* @throws Exception If the request is invalid. *
*/ * @throws Exception If the request is invalid.
public function __construct(array $metadataSets, $instance) { */
assert('is_string($instance)'); public function __construct(array $metadataSets, $instance)
{
/* Initialize standard classes. */ assert('is_string($instance)');
$this->config = SimpleSAML_Configuration::getInstance();
$this->metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); // initialize standard classes
$this->session = SimpleSAML_Session::getSessionFromRequest(); $this->config = SimpleSAML_Configuration::getInstance();
$this->instance = $instance; $this->metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$this->metadataSets = $metadataSets; $this->session = SimpleSAML_Session::getSessionFromRequest();
$this->instance = $instance;
$this->log('Accessing discovery service.'); $this->metadataSets = $metadataSets;
$this->log('Accessing discovery service.');
/* Standard discovery service parameters. */
// standard discovery service parameters
if(!array_key_exists('entityID', $_GET)) { if (!array_key_exists('entityID', $_GET)) {
throw new Exception('Missing parameter: entityID'); throw new Exception('Missing parameter: entityID');
} else { } else {
$this->spEntityId = $_GET['entityID']; $this->spEntityId = $_GET['entityID'];
} }
if(!array_key_exists('returnIDParam', $_GET)) { if (!array_key_exists('returnIDParam', $_GET)) {
$this->returnIdParam = 'entityID'; $this->returnIdParam = 'entityID';
} else { } else {
$this->returnIdParam = $_GET['returnIDParam']; $this->returnIdParam = $_GET['returnIDParam'];
} }
$this->log('returnIdParam initially set to [' . $this->returnIdParam . ']'); $this->log('returnIdParam initially set to ['.$this->returnIdParam.']');
if(!array_key_exists('return', $_GET)) { if (!array_key_exists('return', $_GET)) {
throw new Exception('Missing parameter: return'); throw new Exception('Missing parameter: return');
} else { } else {
$this->returnURL = \SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['return']); $this->returnURL = \SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['return']);
} }
$this->isPassive = FALSE; $this->isPassive = false;
if (array_key_exists('isPassive', $_GET)) { if (array_key_exists('isPassive', $_GET)) {
if ($_GET['isPassive'] === 'true') $this->isPassive = TRUE; if ($_GET['isPassive'] === 'true') {
} $this->isPassive = true;
$this->log('isPassive initially set to [' . ($this->isPassive ? 'TRUE' : 'FALSE' ) . ']'); }
}
if (array_key_exists('IdPentityID', $_GET)) { $this->log('isPassive initially set to ['.($this->isPassive ? 'TRUE' : 'FALSE').']');
$this->setIdPentityID = $_GET['IdPentityID'];
} else { if (array_key_exists('IdPentityID', $_GET)) {
$this->setIdPentityID = NULL; $this->setIdPentityID = $_GET['IdPentityID'];
} } else {
$this->setIdPentityID = null;
if (array_key_exists('IDPList', $_REQUEST)) { }
$this->scopedIDPList = $_REQUEST['IDPList'];
} if (array_key_exists('IDPList', $_REQUEST)) {
$this->scopedIDPList = $_REQUEST['IDPList'];
} }
}
/**
* Log a message. /**
* * Log a message.
* This is an helper function for logging messages. It will prefix the messages with our *
* discovery service type. * This is an helper function for logging messages. It will prefix the messages with our
* * discovery service type.
* @param string $message The message which should be logged. *
*/ * @param string $message The message which should be logged.
protected function log($message) { */
SimpleSAML_Logger::info('idpDisco.' . $this->instance . ': ' . $message); protected function log($message)
} {
SimpleSAML_Logger::info('idpDisco.'.$this->instance.': '.$message);
}
/**
* Retrieve cookie with the given name.
* /**
* This function will retrieve a cookie with the given name for the current discovery * Retrieve cookie with the given name.
* service type. *
* * This function will retrieve a cookie with the given name for the current discovery
* @param string $name The name of the cookie. * service type.
* @return string The value of the cookie with the given name, or NULL if no cookie with that name exists. *
*/ * @param string $name The name of the cookie.
protected function getCookie($name) { *
$prefixedName = 'idpdisco_' . $this->instance . '_' . $name; * @return string The value of the cookie with the given name, or null if no cookie with that name exists.
if(array_key_exists($prefixedName, $_COOKIE)) { */
return $_COOKIE[$prefixedName]; protected function getCookie($name)
} else { {
return NULL; $prefixedName = 'idpdisco_'.$this->instance.'_'.$name;
} if (array_key_exists($prefixedName, $_COOKIE)) {
} return $_COOKIE[$prefixedName];
} else {
return null;
/** }
* Save cookie with the given name and value. }
*
* This function will save a cookie with the given name and value for the current discovery
* service type. /**
* * Save cookie with the given name and value.
* @param string $name The name of the cookie. *
* @param string $value The value of the cookie. * This function will save a cookie with the given name and value for the current discovery
*/ * service type.
protected function setCookie($name, $value) { *
$prefixedName = 'idpdisco_' . $this->instance . '_' . $name; * @param string $name The name of the cookie.
* @param string $value The value of the cookie.
$params = array( */
/* We save the cookies for 90 days. */ protected function setCookie($name, $value)
'lifetime' => (60*60*24*90), {
/* The base path for cookies. This should be the installation directory for simpleSAMLphp. */ $prefixedName = 'idpdisco_'.$this->instance.'_'.$name;
'path' => ('/' . $this->config->getBaseUrl()),
'httponly' => FALSE, $params = array(
); // we save the cookies for 90 days
'lifetime' => (60 * 60 * 24 * 90),
\SimpleSAML\Utils\HTTP::setCookie($prefixedName, $value, $params, FALSE); // the base path for cookies. This should be the installation directory for SimpleSAMLphp
} 'path' => ('/'.$this->config->getBaseUrl()),
'httponly' => false,
);
/**
* Validates the given IdP entity id. \SimpleSAML\Utils\HTTP::setCookie($prefixedName, $value, $params, false);
* }
* Takes a string with the IdP entity id, and returns the entity id if it is valid, or
* NULL if not.
* /**
* @param string|null $idp The entity id we want to validate. This can be NULL, in which case we will return NULL. * Validates the given IdP entity id.
* @return string|null The entity id if it is valid, NULL if not. *
*/ * Takes a string with the IdP entity id, and returns the entity id if it is valid, or
protected function validateIdP($idp) { * null if not.
if($idp === NULL) { *
return NULL; * @param string|null $idp The entity id we want to validate. This can be null, in which case we will return null.
} *
* @return string|null The entity id if it is valid, null if not.
if(!$this->config->getBoolean('idpdisco.validate', TRUE)) { */
return $idp; protected function validateIdP($idp)
} {
if ($idp === null) {
foreach ($this->metadataSets AS $metadataSet) { return null;
try { }
$this->metadata->getMetaData($idp, $metadataSet);
return $idp; if (!$this->config->getBoolean('idpdisco.validate', true)) {
} catch(Exception $e) { } return $idp;
} }
$this->log('Unable to validate IdP entity id [' . $idp . '].'); foreach ($this->metadataSets as $metadataSet) {
/* The entity id wasn't valid. */ try {
return NULL; $this->metadata->getMetaData($idp, $metadataSet);
} return $idp;
} catch (Exception $e) {
}
/** }
* Retrieve the users choice of IdP.
* $this->log('Unable to validate IdP entity id ['.$idp.'].');
* This function finds out which IdP the user has manually chosen, if any.
* // the entity id wasn't valid
* @return string The entity id of the IdP the user has chosen, or NULL if the user has made no choice. return null;
*/ }
protected function getSelectedIdP() {
/**
/* Parameter set from the Extended IdP Metadata Discovery Service Protocol, * Retrieve the users choice of IdP.
* indicating that the user prefers this IdP. *
*/ * This function finds out which IdP the user has manually chosen, if any.
if ($this->setIdPentityID) { *
return $this->validateIdP($this->setIdPentityID); * @return string The entity id of the IdP the user has chosen, or null if the user has made no choice.
} */
protected function getSelectedIdP()
/* User has clicked on a link, or selected the IdP from a dropdown list. */ {
if(array_key_exists('idpentityid', $_GET)) { /* Parameter set from the Extended IdP Metadata Discovery Service Protocol, indicating that the user prefers
return $this->validateIdP($_GET['idpentityid']); * this IdP.
} */
if ($this->setIdPentityID) {
/* Search for the IdP selection from the form used by the links view. return $this->validateIdP($this->setIdPentityID);
* This form uses a name which equals idp_<entityid>, so we search for that. }
*
* Unfortunately, php replaces periods in the name with underscores, and there // user has clicked on a link, or selected the IdP from a drop-down list
* is no reliable way to get them back. Therefore we do some quick and dirty if (array_key_exists('idpentityid', $_GET)) {
* parsing of the query string. return $this->validateIdP($_GET['idpentityid']);
*/ }
$qstr = $_SERVER['QUERY_STRING'];
$matches = array(); /* Search for the IdP selection from the form used by the links view. This form uses a name which equals
if(preg_match('/(?:^|&)idp_([^=]+)=/', $qstr, $matches)) { * idp_<entityid>, so we search for that.
return $this->validateIdP(urldecode($matches[1])); *
} * Unfortunately, php replaces periods in the name with underscores, and there is no reliable way to get them
* back. Therefore we do some quick and dirty parsing of the query string.
/* No IdP chosen. */ */
return NULL; $qstr = $_SERVER['QUERY_STRING'];
} $matches = array();
if (preg_match('/(?:^|&)idp_([^=]+)=/', $qstr, $matches)) {
return $this->validateIdP(urldecode($matches[1]));
/** }
* Retrieve the users saved choice of IdP.
* // no IdP chosen
* @return string The entity id of the IdP the user has saved, or NULL if the user hasn't saved any choice. return null;
*/ }
protected function getSavedIdP() {
if(!$this->config->getBoolean('idpdisco.enableremember', FALSE)) {
/* Saving of IdP choices is disabled. */ /**
return NULL; * Retrieve the users saved choice of IdP.
} *
* @return string The entity id of the IdP the user has saved, or null if the user hasn't saved any choice.
if($this->getCookie('remember') === '1') { */
$this->log('Return previously saved IdP because of remember cookie set to 1'); protected function getSavedIdP()
return $this->getPreviousIdP(); {
} if (!$this->config->getBoolean('idpdisco.enableremember', false)) {
// saving of IdP choices is disabled
if( $this->isPassive) { return null;
$this->log('Return previously saved IdP because of isPassive'); }
return $this->getPreviousIdP();
} if ($this->getCookie('remember') === '1') {
$this->log('Return previously saved IdP because of remember cookie set to 1');
return NULL; return $this->getPreviousIdP();
} }
if ($this->isPassive) {
/** $this->log('Return previously saved IdP because of isPassive');
* Retrieve the previous IdP the user used. return $this->getPreviousIdP();
* }
* @return string The entity id of the previous IdP the user used, or NULL if this is the first time.
*/ return null;
protected function getPreviousIdP() { }
return $this->validateIdP($this->getCookie('lastidp'));
}
/**
* Retrieve the previous IdP the user used.
/** *
* Retrieve a recommended IdP based on the IP address of the client. * @return string The entity id of the previous IdP the user used, or null if this is the first time.
* */
* @return string|NULL The entity ID of the IdP if one is found, or NULL if not. protected function getPreviousIdP()
*/ {
protected function getFromCIDRhint() { return $this->validateIdP($this->getCookie('lastidp'));
}
foreach ($this->metadataSets as $metadataSet) {
$idp = $this->metadata->getPreferredEntityIdFromCIDRhint($metadataSet, $_SERVER['REMOTE_ADDR']);
if (!empty($idp)) { /**
return $idp; * Retrieve a recommended IdP based on the IP address of the client.
} *
} * @return string|null The entity ID of the IdP if one is found, or null if not.
*/
return NULL; protected function getFromCIDRhint()
} {
foreach ($this->metadataSets as $metadataSet) {
$idp = $this->metadata->getPreferredEntityIdFromCIDRhint($metadataSet, $_SERVER['REMOTE_ADDR']);
/** if (!empty($idp)) {
* Try to determine which IdP the user should most likely use. return $idp;
* }
* This function will first look at the previous IdP the user has chosen. If the user }
* hasn't chosen an IdP before, it will look at the IP address.
* return null;
* @return string The entity id of the IdP the user should most likely use. }
*/
protected function getRecommendedIdP() {
/**
$idp = $this->getPreviousIdP(); * Try to determine which IdP the user should most likely use.
if($idp !== NULL) { *
$this->log('Preferred IdP from previous use [' . $idp . '].'); * This function will first look at the previous IdP the user has chosen. If the user
return $idp; * hasn't chosen an IdP before, it will look at the IP address.
} *
* @return string The entity id of the IdP the user should most likely use.
$idp = $this->getFromCIDRhint(); */
protected function getRecommendedIdP()
if(!empty($idp)) { {
$this->log('Preferred IdP from CIDR hint [' . $idp . '].'); $idp = $this->getPreviousIdP();
return $idp; if ($idp !== null) {
} $this->log('Preferred IdP from previous use ['.$idp.'].');
return $idp;
return NULL; }
}
$idp = $this->getFromCIDRhint();
/** if (!empty($idp)) {
* Save the current IdP choice to a cookie. $this->log('Preferred IdP from CIDR hint ['.$idp.'].');
* return $idp;
* @param string $idp The entityID of the IdP. }
*/
protected function setPreviousIdP($idp) { return null;
assert('is_string($idp)'); }
$this->log('Choice made [' . $idp . '] Setting cookie.');
$this->setCookie('lastidp', $idp); /**
} * Save the current IdP choice to a cookie.
*
* @param string $idp The entityID of the IdP.
/** */
* Determine whether the choice of IdP should be saved. protected function setPreviousIdP($idp)
* {
* @return boolean True if the choice should be saved, false otherwise. assert('is_string($idp)');
*/
protected function saveIdP() { $this->log('Choice made ['.$idp.'] Setting cookie.');
if(!$this->config->getBoolean('idpdisco.enableremember', FALSE)) { $this->setCookie('lastidp', $idp);
/* Saving of IdP choices is disabled. */ }
return FALSE;
}
/**
if(array_key_exists('remember', $_GET)) { * Determine whether the choice of IdP should be saved.
return TRUE; *
} * @return boolean True if the choice should be saved, false otherwise.
} */
protected function saveIdP()
{
/** if (!$this->config->getBoolean('idpdisco.enableremember', false)) {
* Determine which IdP the user should go to, if any. // saving of IdP choices is disabled
* return false;
* @return string The entity id of the IdP the user should be sent to, or NULL if the user should choose. }
*/
protected function getTargetIdP() { if (array_key_exists('remember', $_GET)) {
return true;
/* First, check if the user has chosen an IdP. */ }
$idp = $this->getSelectedIdP();
if($idp !== NULL) { return false;
/* The user selected this IdP. Save the choice in a cookie. */ }
$this->setPreviousIdP($idp);
if($this->saveIdP()) { /**
$this->setCookie('remember', '1'); * Determine which IdP the user should go to, if any.
} else { *
$this->setCookie('remember', '0'); * @return string The entity id of the IdP the user should be sent to, or null if the user should choose.
} */
protected function getTargetIdP()
return $idp; {
} // first, check if the user has chosen an IdP
$idp = $this->getSelectedIdP();
$this->log('getSelectedIdP() returned NULL'); if ($idp !== null) {
// the user selected this IdP. Save the choice in a cookie
/* Check if the user has saved an choice earlier. */ $this->setPreviousIdP($idp);
$idp = $this->getSavedIdP();
if($idp !== NULL) { if ($this->saveIdP()) {
$this->log('Using saved choice [' . $idp . '].'); $this->setCookie('remember', '1');
return $idp; } else {
} $this->setCookie('remember', '0');
}
/* The user has made no choice. */
return NULL; return $idp;
} }
$this->log('getSelectedIdP() returned null');
/**
* Retrieve the list of IdPs which are stored in the metadata. // check if the user has saved an choice earlier
* $idp = $this->getSavedIdP();
* @return array An array with entityid => metadata mappings. if ($idp !== null) {
*/ $this->log('Using saved choice ['.$idp.'].');
protected function getIdPList() { return $idp;
}
$idpList = array();
foreach ($this->metadataSets AS $metadataSet) { // the user has made no choice
$newList = $this->metadata->getList($metadataSet); return null;
/* }
* Note that we merge the entities in reverse order. This ensuers
* that it is the entity in the first metadata set that "wins" if
* two metadata sets have the same entity. /**
*/ * Retrieve the list of IdPs which are stored in the metadata.
$idpList = array_merge($newList, $idpList); *
} * @return array An array with entityid => metadata mappings.
*/
return $idpList; protected function getIdPList()
} {
$idpList = array();
/** foreach ($this->metadataSets as $metadataSet) {
* Return the list of scoped idp $newList = $this->metadata->getList($metadataSet);
* /*
* @return array An array of IdP entities * Note that we merge the entities in reverse order. This ensures that it is the entity in the first
*/ * metadata set that "wins" if two metadata sets have the same entity.
protected function getScopedIDPList() { */
return $this->scopedIDPList; $idpList = array_merge($newList, $idpList);
} }
return $idpList;
/** }
* Filter the list of IdPs.
*
* This method returns the IdPs that comply with the following conditions: /**
* - The IdP does not have the 'hide.from.discovery' configuration option. * Return the list of scoped idp
* *
* @param array $list An associative array containing metadata for the IdPs to apply the filtering to. * @return array An array of IdP entities
* */
* @return array An associative array containing metadata for the IdPs that were not filtered out. protected function getScopedIDPList()
*/ {
protected function filter($list) return $this->scopedIDPList;
{ }
foreach ($list as $entity => $metadata) {
if (array_key_exists('hide.from.discovery', $metadata) && $metadata['hide.from.discovery'] === true) {
unset($list[$entity]); /**
} * Filter the list of IdPs.
} *
return $list; * This method returns the IdPs that comply with the following conditions:
} * - The IdP does not have the 'hide.from.discovery' configuration option.
*
* @param array $list An associative array containing metadata for the IdPs to apply the filtering to.
/** *
* Handles a request to this discovery service. * @return array An associative array containing metadata for the IdPs that were not filtered out.
* */
* The IdP disco parameters should be set before calling this function. protected function filter($list)
*/ {
public function handleRequest() { foreach ($list as $entity => $metadata) {
if (array_key_exists('hide.from.discovery', $metadata) && $metadata['hide.from.discovery'] === true) {
$idp = $this->getTargetIdp(); unset($list[$entity]);
if($idp !== NULL) { }
}
$extDiscoveryStorage = $this->config->getString('idpdisco.extDiscoveryStorage', NULL); return $list;
if ($extDiscoveryStorage !== NULL) { }
$this->log('Choice made [' . $idp . '] (Forwarding to external discovery storage)');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($extDiscoveryStorage, array(
'entityID' => $this->spEntityId, /**
'IdPentityID' => $idp, * Handles a request to this discovery service.
'returnIDParam' => $this->returnIdParam, *
'isPassive' => 'true', * The IdP disco parameters should be set before calling this function.
'return' => $this->returnURL */
)); public function handleRequest()
{
} else { $idp = $this->getTargetIdp();
$this->log('Choice made [' . $idp . '] (Redirecting the user back. returnIDParam=' . $this->returnIdParam . ')'); if ($idp !== null) {
\SimpleSAML\Utils\HTTP::redirectTrustedURL($this->returnURL, array($this->returnIdParam => $idp));
} $extDiscoveryStorage = $this->config->getString('idpdisco.extDiscoveryStorage', null);
if ($extDiscoveryStorage !== null) {
return; $this->log('Choice made ['.$idp.'] (Forwarding to external discovery storage)');
} \SimpleSAML\Utils\HTTP::redirectTrustedURL($extDiscoveryStorage, array(
'entityID' => $this->spEntityId,
if ($this->isPassive) { 'IdPentityID' => $idp,
$this->log('Choice not made. (Redirecting the user back without answer)'); 'returnIDParam' => $this->returnIdParam,
\SimpleSAML\Utils\HTTP::redirectTrustedURL($this->returnURL); 'isPassive' => 'true',
return; 'return' => $this->returnURL
} ));
} else {
/* No choice made. Show discovery service page. */ $this->log(
'Choice made ['.$idp.'] (Redirecting the user back. returnIDParam='.$this->returnIdParam.')'
$idpList = $this->getIdPList(); );
$idpList = $this->filter($idpList); \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->returnURL, array($this->returnIdParam => $idp));
$preferredIdP = $this->getRecommendedIdP(); }
$idpintersection = array_intersect(array_keys($idpList), $this->getScopedIDPList()); return;
if (sizeof($idpintersection) > 0) { }
$idpList = array_intersect_key($idpList, array_fill_keys($idpintersection, NULL));
} if ($this->isPassive) {
$this->log('Choice not made. (Redirecting the user back without answer)');
$idpintersection = array_values($idpintersection); \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->returnURL);
return;
if(sizeof($idpintersection) == 1) { }
$this->log('Choice made [' . $idpintersection[0] . '] (Redirecting the user back. returnIDParam=' . $this->returnIdParam . ')');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($this->returnURL, array($this->returnIdParam => $idpintersection[0])); // no choice made. Show discovery service page
} $idpList = $this->getIdPList();
$idpList = $this->filter($idpList);
/* $preferredIdP = $this->getRecommendedIdP();
* Make use of an XHTML template to present the select IdP choice to the user.
* Currently the supported options is either a drop down menu or a list view. $idpintersection = array_intersect(array_keys($idpList), $this->getScopedIDPList());
*/ if (sizeof($idpintersection) > 0) {
switch($this->config->getString('idpdisco.layout', 'links')) { $idpList = array_intersect_key($idpList, array_fill_keys($idpintersection, null));
case 'dropdown': }
$templateFile = 'selectidp-dropdown.php';
break; $idpintersection = array_values($idpintersection);
case 'links':
$templateFile = 'selectidp-links.php'; if (sizeof($idpintersection) == 1) {
break; $this->log(
default: 'Choice made ['.$idpintersection[0].'] (Redirecting the user back. returnIDParam='.
throw new Exception('Invalid value for the \'idpdisco.layout\' option.'); $this->returnIdParam.')'
} );
\SimpleSAML\Utils\HTTP::redirectTrustedURL(
$t = new SimpleSAML_XHTML_Template($this->config, $templateFile, 'disco'); $this->returnURL,
$t->data['idplist'] = $idpList; array($this->returnIdParam => $idpintersection[0])
$t->data['preferredidp'] = $preferredIdP; );
$t->data['return'] = $this->returnURL; }
$t->data['returnIDParam'] = $this->returnIdParam;
$t->data['entityID'] = $this->spEntityId; /*
$t->data['urlpattern'] = htmlspecialchars(\SimpleSAML\Utils\HTTP::getSelfURLNoQuery()); * Make use of an XHTML template to present the select IdP choice to the user. Currently the supported options
$t->data['rememberenabled'] = $this->config->getBoolean('idpdisco.enableremember', FALSE); * is either a drop down menu or a list view.
$t->show(); */
} switch ($this->config->getString('idpdisco.layout', 'links')) {
case 'dropdown':
$templateFile = 'selectidp-dropdown.php';
break;
case 'links':
$templateFile = 'selectidp-links.php';
break;
default:
throw new Exception('Invalid value for the \'idpdisco.layout\' option.');
}
$t = new SimpleSAML_XHTML_Template($this->config, $templateFile, 'disco');
$t->data['idplist'] = $idpList;
$t->data['preferredidp'] = $preferredIdP;
$t->data['return'] = $this->returnURL;
$t->data['returnIDParam'] = $this->returnIdParam;
$t->data['entityID'] = $this->spEntityId;
$t->data['urlpattern'] = htmlspecialchars(\SimpleSAML\Utils\HTTP::getSelfURLNoQuery());
$t->data['rememberenabled'] = $this->config->getBoolean('idpdisco.enableremember', false);
$t->show();
}
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment