diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php index 1191d6ec16b78acdb1d44ac662ef940770b73e8f..b8b6adbb5bb7ed2c7f74d1109f45556b05166cb1 100644 --- a/lib/SimpleSAML/Auth/Default.php +++ b/lib/SimpleSAML/Auth/Default.php @@ -66,6 +66,28 @@ class SimpleSAML_Auth_Default { } + /** + * Extract the persistent authentication state from the state array. + * + * @param array $state The state after the login. + * @return array The persistent authentication state. + */ + private static function extractPersistentAuthState(array &$state) { + + /* Save persistent authentication data. */ + $persistentAuthState = array(); + if (isset($state['PersistentAuthData'])) { + foreach ($state['PersistentAuthData'] as $key) { + if (isset($state[$key])) { + $persistentAuthState[$key] = $state[$key]; + } + } + } + + return $persistentAuthState; + } + + /** * Called when a login operation has finished. * @@ -82,7 +104,7 @@ class SimpleSAML_Auth_Default { /* Save session state. */ $session = SimpleSAML_Session::getInstance(); - $session->doLogin($state['SimpleSAML_Auth_Default.id']); + $session->doLogin($state['SimpleSAML_Auth_Default.id'], self::extractPersistentAuthState($state)); $session->setAttributes($state['Attributes']); if(array_key_exists('Expires', $state)) { $session->setSessionDuration($state['Expires'] - time()); @@ -217,7 +239,7 @@ class SimpleSAML_Auth_Default { assert('is_string($redirectTo)'); $session = SimpleSAML_Session::getInstance(); - $session->doLogin($authId); + $session->doLogin($authId, self::extractPersistentAuthState($state)); if (array_key_exists('Attributes', $state)) { $session->setAttributes($state['Attributes']); diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php index f3bd3e1c6be3dcf0c7bb7c48d46674d1aa0aa4f2..2beffb6d4175021aecc322efd2bde27e858fb086 100644 --- a/lib/SimpleSAML/IdP.php +++ b/lib/SimpleSAML/IdP.php @@ -400,6 +400,11 @@ class SimpleSAML_IdP { if ($needAuth) { $this->authenticate($state); assert('FALSE'); + } else { + $session = SimpleSAML_Session::getInstance(); + foreach ($session->getAuthState() as $k => $v) { + $state[$k] = $v; + } } $this->postAuth($state); } catch (SimpleSAML_Error_Exception $e) { diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 806b028ea95088de6b869e3e409e7bab80e732c4..fc8ee3707e4795262c8b80c747701882ddbcfd9a 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -85,6 +85,14 @@ class SimpleSAML_Session { private $logoutState; + /** + * Persistent authentication state. + * + * @array + */ + private $authState; + + /** * The list of IdP-SP associations. * @@ -354,9 +362,10 @@ class SimpleSAML_Session { * * If the user already has logged in, the user will be logged out first. * - * @param @authority The authority the user logged in with. + * @param string $authority The authority the user logged in with. + * @param array|NULL $authState The persistent auth state for this authority. */ - public function doLogin($authority) { + public function doLogin($authority, array $authState = NULL) { assert('is_string($authority)'); SimpleSAML_Logger::debug('Session: doLogin("' . $authority . '")'); @@ -370,6 +379,7 @@ class SimpleSAML_Session { $this->authenticated = TRUE; $this->authority = $authority; + $this->authState = $authState; $this->sessionstarted = time(); @@ -395,6 +405,7 @@ class SimpleSAML_Session { $this->authority = NULL; $this->attributes = NULL; $this->logoutState = NULL; + $this->authState = NULL; $this->idp = NULL; /* Delete data which expires on logout. */ @@ -905,6 +916,25 @@ class SimpleSAML_Session { } + /** + * Get the current persistent authentication state. + * + * @return array The current persistent authentication state, or NULL if not authenticated. + */ + public function getAuthState() { + if (!$this->isAuthenticated()) { + return NULL; + } + + if (!isset($this->authState)) { + /* No AuthState for this login handler. */ + return array(); + } + + return $this->authState; + } + + /** * Check whether the session cookie is set. *