Add PersistentAuthData option to save a subset of the state array in the session.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2269 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/Auth/Default.php

@@ -66,6 +66,28 @@ class SimpleSAML_Auth_Default {
 	}
 
 
+	/**
+	 * Extract the persistent authentication state from the state array.
+	 *
+	 * @param array $state  The state after the login.
+	 * @return array  The persistent authentication state.
+	 */
+	private static function extractPersistentAuthState(array &$state) {
+
+		/* Save persistent authentication data. */
+		$persistentAuthState = array();
+		if (isset($state['PersistentAuthData'])) {
+			foreach ($state['PersistentAuthData'] as $key) {
+				if (isset($state[$key])) {
+					$persistentAuthState[$key] = $state[$key];
+				}
+			}
+		}
+
+		return $persistentAuthState;
+	}
+
+
 	/**
 	 * Called when a login operation has finished.
 	 *
@@ -82,7 +104,7 @@ class SimpleSAML_Auth_Default {
 
 		/* Save session state. */
 		$session = SimpleSAML_Session::getInstance();
-		$session->doLogin($state['SimpleSAML_Auth_Default.id']);
+		$session->doLogin($state['SimpleSAML_Auth_Default.id'], self::extractPersistentAuthState($state));
 		$session->setAttributes($state['Attributes']);
 		if(array_key_exists('Expires', $state)) {
 			$session->setSessionDuration($state['Expires'] - time());
@@ -217,7 +239,7 @@ class SimpleSAML_Auth_Default {
 		assert('is_string($redirectTo)');
 
 		$session = SimpleSAML_Session::getInstance();
-		$session->doLogin($authId);
+		$session->doLogin($authId, self::extractPersistentAuthState($state));
 
 		if (array_key_exists('Attributes', $state)) {
 			$session->setAttributes($state['Attributes']);

lib/SimpleSAML/IdP.php

@@ -400,6 +400,11 @@ class SimpleSAML_IdP {
 			if ($needAuth) {
 				$this->authenticate($state);
 				assert('FALSE');
+			} else {
+				$session = SimpleSAML_Session::getInstance();
+				foreach ($session->getAuthState() as $k => $v) {
+					$state[$k] = $v;
+				}
 			}
 			$this->postAuth($state);
 		} catch (SimpleSAML_Error_Exception $e) {

lib/SimpleSAML/Session.php

@@ -85,6 +85,14 @@ class SimpleSAML_Session {
 	private $logoutState;
 
 
+	/**
+	 * Persistent authentication state.
+	 *
+	 * @array
+	 */
+	private $authState;
+
+
 	/**
 	 * The list of IdP-SP associations.
 	 *
@@ -354,9 +362,10 @@ class SimpleSAML_Session {
 	 *
 	 * If the user already has logged in, the user will be logged out first.
 	 *
-	 * @param @authority  The authority the user logged in with.
+	 * @param string $authority  The authority the user logged in with.
+	 * @param array|NULL $authState  The persistent auth state for this authority.
 	 */
-	public function doLogin($authority) {
+	public function doLogin($authority, array $authState = NULL) {
 		assert('is_string($authority)');
 
 		SimpleSAML_Logger::debug('Session: doLogin("' . $authority . '")');
@@ -370,6 +379,7 @@ class SimpleSAML_Session {
 
 		$this->authenticated = TRUE;
 		$this->authority = $authority;
+		$this->authState = $authState;
 
 		$this->sessionstarted = time();
 
@@ -395,6 +405,7 @@ class SimpleSAML_Session {
 		$this->authority = NULL;
 		$this->attributes = NULL;
 		$this->logoutState = NULL;
+		$this->authState = NULL;
 		$this->idp = NULL;
 
 		/* Delete data which expires on logout. */
@@ -905,6 +916,25 @@ class SimpleSAML_Session {
 	}
 
 
+	/**
+	 * Get the current persistent authentication state.
+	 *
+	 * @return array  The current persistent authentication state, or NULL if not authenticated.
+	 */
+	public function getAuthState() {
+		if (!$this->isAuthenticated()) {
+			return NULL;
+		}
+
+		if (!isset($this->authState)) {
+			/* No AuthState for this login handler. */
+			return array();
+		}
+
+		return $this->authState;
+	}
+
+
 	/**
 	 * Check whether the session cookie is set.
 	 *