diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php
index 1191d6ec16b78acdb1d44ac662ef940770b73e8f..b8b6adbb5bb7ed2c7f74d1109f45556b05166cb1 100644
--- a/lib/SimpleSAML/Auth/Default.php
+++ b/lib/SimpleSAML/Auth/Default.php
@@ -66,6 +66,28 @@ class SimpleSAML_Auth_Default {
}
+ /**
+ * Extract the persistent authentication state from the state array.
+ *
+ * @param array $state The state after the login.
+ * @return array The persistent authentication state.
+ */
+ private static function extractPersistentAuthState(array &$state) {
+
+ /* Save persistent authentication data. */
+ $persistentAuthState = array();
+ if (isset($state['PersistentAuthData'])) {
+ foreach ($state['PersistentAuthData'] as $key) {
+ if (isset($state[$key])) {
+ $persistentAuthState[$key] = $state[$key];
+ }
+ }
+ }
+
+ return $persistentAuthState;
+ }
+
+
/**
* Called when a login operation has finished.
*
@@ -82,7 +104,7 @@ class SimpleSAML_Auth_Default {
/* Save session state. */
$session = SimpleSAML_Session::getInstance();
- $session->doLogin($state['SimpleSAML_Auth_Default.id']);
+ $session->doLogin($state['SimpleSAML_Auth_Default.id'], self::extractPersistentAuthState($state));
$session->setAttributes($state['Attributes']);
if(array_key_exists('Expires', $state)) {
$session->setSessionDuration($state['Expires'] - time());
@@ -217,7 +239,7 @@ class SimpleSAML_Auth_Default {
assert('is_string($redirectTo)');
$session = SimpleSAML_Session::getInstance();
- $session->doLogin($authId);
+ $session->doLogin($authId, self::extractPersistentAuthState($state));
if (array_key_exists('Attributes', $state)) {
$session->setAttributes($state['Attributes']);
diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php
index f3bd3e1c6be3dcf0c7bb7c48d46674d1aa0aa4f2..2beffb6d4175021aecc322efd2bde27e858fb086 100644
--- a/lib/SimpleSAML/IdP.php
+++ b/lib/SimpleSAML/IdP.php
@@ -400,6 +400,11 @@ class SimpleSAML_IdP {
if ($needAuth) {
$this->authenticate($state);
assert('FALSE');
+ } else {
+ $session = SimpleSAML_Session::getInstance();
+ foreach ($session->getAuthState() as $k => $v) {
+ $state[$k] = $v;
+ }
}
$this->postAuth($state);
} catch (SimpleSAML_Error_Exception $e) {
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 806b028ea95088de6b869e3e409e7bab80e732c4..fc8ee3707e4795262c8b80c747701882ddbcfd9a 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -85,6 +85,14 @@ class SimpleSAML_Session {
private $logoutState;
+ /**
+ * Persistent authentication state.
+ *
+ * @array
+ */
+ private $authState;
+
+
/**
* The list of IdP-SP associations.
*
@@ -354,9 +362,10 @@ class SimpleSAML_Session {
*
* If the user already has logged in, the user will be logged out first.
*
- * @param @authority The authority the user logged in with.
+ * @param string $authority The authority the user logged in with.
+ * @param array|NULL $authState The persistent auth state for this authority.
*/
- public function doLogin($authority) {
+ public function doLogin($authority, array $authState = NULL) {
assert('is_string($authority)');
SimpleSAML_Logger::debug('Session: doLogin("' . $authority . '")');
@@ -370,6 +379,7 @@ class SimpleSAML_Session {
$this->authenticated = TRUE;
$this->authority = $authority;
+ $this->authState = $authState;
$this->sessionstarted = time();
@@ -395,6 +405,7 @@ class SimpleSAML_Session {
$this->authority = NULL;
$this->attributes = NULL;
$this->logoutState = NULL;
+ $this->authState = NULL;
$this->idp = NULL;
/* Delete data which expires on logout. */
@@ -905,6 +916,25 @@ class SimpleSAML_Session {
}
+ /**
+ * Get the current persistent authentication state.
+ *
+ * @return array The current persistent authentication state, or NULL if not authenticated.
+ */
+ public function getAuthState() {
+ if (!$this->isAuthenticated()) {
+ return NULL;
+ }
+
+ if (!isset($this->authState)) {
+ /* No AuthState for this login handler. */
+ return array();
+ }
+
+ return $this->authState;
+ }
+
+
/**
* Check whether the session cookie is set.
*