Skip to content
Snippets Groups Projects
Commit 9834a6e7 authored by Olav Morken's avatar Olav Morken
Browse files

saml: Add authentication parameter support. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2000 44740490-163a-0410-bde0-09ae8108e29a
parent 865593da
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/saml/docs/sp.txt
+ 39
1
View file @ 9834a6e7
...@@ -9,11 +9,43 @@ Metadata ...@@ -9,11 +9,43 @@ Metadata
The metadata for your SP will be available from the federation page on your simpleSAMLphp installation. The metadata for your SP will be available from the federation page on your simpleSAMLphp installation.
Options
-------
These are options that can be used at runtime to control the authentication.
All these options override the equivalent option from the configuration.
`saml:AuthnContextClassRef`
: The AuthnContextClassRef that will be sent in the login request.
: *Note*: SAML 2 specific.
`saml:ForceAuthn`
: Force authentication allows you to force re-authentication of users even if the user has a SSO session at the IdP.
: *Note*: SAML 2 specific.
`saml:idp`
: The entity ID this SP should connect to.
`saml:IsPassive`
: IsPassive allows you to enable passive authentication by default for this SP.
: *Note*: SAML 2 specific.
`saml:NameIDPolicy`
: The format of the NameID we request from the IdP.
Defaults to the transient format if unspecified.
: *Note*: SAML 2 specific.
Examples Examples
-------- --------
Here we will list some example configurations for this authentication source. Here we will list some examples for this authentication source.
### Minimal ### Minimal
...@@ -50,6 +82,12 @@ Here we will list some example configurations for this authentication source. ...@@ -50,6 +82,12 @@ Here we will list some example configurations for this authentication source.
), ),
### Requesting passive authentication
$auth = new SimpleSAML_Auth_Simple('default-sp');
$auth->login(array('saml:IsPassive' => TRUE));
Options Options
------- -------
......
modules/saml/lib/Auth/Source/SP.php
+ 29
2
View file @ 9834a6e7
...@@ -185,6 +185,27 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { ...@@ -185,6 +185,27 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
$ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']); $ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']);
} }
if (isset($state['saml:AuthnContextClassRef'])) {
$accr = SimpleSAML_Utilities::arrayize($state['saml:AuthnContextClassRef']);
$ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr));
}
if (isset($state['saml:ForceAuthn'])) {
$ar->setForceAuthn((bool)$state['saml:ForceAuthn']);
}
if (isset($state['saml:IsPassive'])) {
$ar->setIsPassive((bool)$state['saml:IsPassive']);
}
if (isset($state['saml:NameIDPolicy'])) {
$ar->setNameIdPolicy(array(
'Format' => (string)$state['saml:NameIDPolicy'],
'AllowCreate' => TRUE,
));
}
$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', TRUE); $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', TRUE);
$ar->setId($id); $ar->setId($id);
...@@ -263,12 +284,18 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { ...@@ -263,12 +284,18 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
/* We are going to need the authId in order to retrieve this authentication source later. */ /* We are going to need the authId in order to retrieve this authentication source later. */
$state['saml:sp:AuthId'] = $this->authId; $state['saml:sp:AuthId'] = $this->authId;
if ($this->idp === NULL) { $idp = $this->idp;
if (isset($state['saml:idp'])) {
$idp = (string)$state['saml:idp'];
}
if ($idp === NULL) {
$this->startDisco($state); $this->startDisco($state);
assert('FALSE'); assert('FALSE');
} }
$this->startSSO($this->idp, $state); $this->startSSO($idp, $state);
assert('FALSE'); assert('FALSE');
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment