Skip to content
Snippets Groups Projects
Commit beb6ebe0 authored by Olav Morken's avatar Olav Morken
Browse files

IdP: Use the new compatibility class.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2649 44740490-163a-0410-bde0-09ae8108e29a
parent 5e15c4dc
No related branches found
No related tags found
No related merge requests found
......@@ -45,6 +45,14 @@ class SimpleSAML_IdP {
private $config;
/**
* Our authsource.
*
* @var SimpleSAML_Auth_Simple
*/
private $authSource;
/**
* Initialize an IdP.
*
......@@ -90,6 +98,13 @@ class SimpleSAML_IdP {
$this->associationGroup = $this->id;
}
$auth = $this->config->getString('auth');
if (SimpleSAML_Auth_Source::getById($auth) !== NULL) {
$this->authSource = new SimpleSAML_Auth_Simple($auth);
} else {
$this->authSource = new SimpleSAML_Auth_BWC($auth, $this->config->getString('authority', NULL));
}
}
......@@ -226,70 +241,13 @@ class SimpleSAML_IdP {
}
/**
* Retrieve the authority for the given IdP metadata.
*
* This function provides backwards-compatibility with
* previous versions of simpleSAMLphp.
*
* @param array $idpmetadata The IdP metadata.
* @return string The authority that should be used to validate the session.
*/
private function getAuthority() {
if ($this->config->hasValue('authority')) {
return $this->config->getString('authority');
}
$candidates = array(
'auth/login-admin.php' => 'login-admin',
'auth/login-cas-ldap.php' => 'login-cas-ldap',
'auth/login-ldapmulti.php' => 'login-ldapmulti',
'auth/login-radius.php' => 'login-radius',
'auth/login-tlsclient.php' => 'tlsclient',
'auth/login-wayf-ldap.php' => 'login-wayf-ldap',
'auth/login.php' => 'login',
);
$auth = $this->config->getString('auth');
if (isset($candidates[$auth])) {
return $candidates[$auth];
}
if (strpos($auth, '/') !== FALSE) {
/* Probably a file. */
throw new SimpleSAML_Error_Exception('You need to set \'authority\' in the metadata for ' .
var_export($this->id, TRUE) . '.');
} else {
throw new SimpleSAML_Error_Exception('Unknown authsource ' .
var_export($auth, TRUE) . '.');
}
}
/**
* Is the current user authenticated?
*
* @return bool TRUE if the user is authenticated, FALSE if not.
*/
public function isAuthenticated() {
$session = SimpleSAML_Session::getInstance();
$authority = $this->config->getString('auth');
if ($session->isValid($authority)) {
return TRUE;
}
/* Maybe the 'auth' option didn't point to an authentication source? */
if (SimpleSAML_Auth_Source::getById($authority) !== NULL) {
/* It was an authentication source - the user is therefore not authenticated. */
return FALSE;
}
/* It wasn't an authentication source. */
$authority = $this->getAuthority();
return $session->isValid($authority);
return $this->authSource->isAuthenticated();
}
......@@ -325,8 +283,7 @@ class SimpleSAML_IdP {
throw new SimpleSAML_Error_Exception('Not authenticated.');
}
$session = SimpleSAML_Session::getInstance();
$state['Attributes'] = $session->getAttributes();
$state['Attributes'] = $idp->authSource->getAttributes();
if (isset($state['SPMetadata'])) {
$spMetadata = $state['SPMetadata'];
......@@ -335,6 +292,7 @@ class SimpleSAML_IdP {
}
if (isset($state['core:SP'])) {
$session = SimpleSAML_Session::getInstance();
$previousSSOTime = $session->getData('core:idp-ssotime', $state['core:IdP'] . ';' . $state['core:SP']);
if ($previousSSOTime !== NULL) {
$state['PreviousSSOTimestamp'] = $previousSSOTime;
......@@ -368,49 +326,10 @@ class SimpleSAML_IdP {
throw new SimpleSAML_Error_NoPassive('Passive authentication not supported.');
}
$auth = $this->config->getString('auth');
$authSource = SimpleSAML_Auth_Source::getById($auth);
if ($authSource === NULL) {
$session = SimpleSAML_Session::getInstance();
$config = SimpleSAML_Configuration::getInstance();
$authurl = '/' . $config->getBaseURL() . $auth;
$authnRequest = array(
'IsPassive' => isset($state['isPassive']) ? $state['isPassive'] : FALSE,
'ForceAuthn' => isset($state['ForceAuthn']) ? $state['ForceAuthn'] : FALSE,
'State' => $state,
'core:prevSession' => $session->getAuthnInstant(),
);
if (isset($state['saml:RequestId'])) {
$authnRequest['RequestID'] = $state['saml:RequestId'];
}
if (isset($state['SPMetadata']['entityid'])) {
$authnRequest['Issuer'] = $state['SPMetadata']['entityid'];
}
if (isset($state['saml:RelayState'])) {
$authnRequest['RelayState'] = $state['saml:RelayState'];
}
if (isset($state['saml:IDPList'])) {
$authnRequest['IDPList'] = $state['saml:IDPList'];
}
$authId = SimpleSAML_Utilities::generateID();
$session->setAuthnRequest('saml2', $authId, $authnRequest);
$relayState = SimpleSAML_Module::getModuleURL('core/idp/resumeauth.php', array('RequestID' => $authId));
SimpleSAML_Utilities::redirect($authurl, array(
'RelayState' => $relayState,
'AuthId' => $authId,
'protocol' => 'saml2',
));
}
$state['IdPMetadata'] = $this->getConfig()->toArray();
$state['ReturnCallback'] = array('SimpleSAML_IdP', 'postAuth');
$as = new SimpleSAML_Auth_Simple($auth);
$as->login($state);
$this->authSource->login($state);
}
......@@ -448,8 +367,7 @@ class SimpleSAML_IdP {
$this->authenticate($state);
assert('FALSE');
} else {
$session = SimpleSAML_Session::getInstance();
foreach ($session->getAuthState() as $k => $v) {
foreach ($this->authSource->getAuthDataArray() as $k => $v) {
$state[$k] = $v;
}
}
......@@ -524,31 +442,12 @@ class SimpleSAML_IdP {
}
/* Terminate the local session. */
$session = SimpleSAML_Session::getInstance();
$authority = $session->getAuthority();
if ($authority !== NULL) {
/* We are logged in. */
$id = SimpleSAML_Auth_State::saveState($state, 'core:Logout:afterbridge');
$returnTo = SimpleSAML_Module::getModuleURL('core/idp/resumelogout.php',
array('id' => $id)
);
if ($authority === $this->config->getString('auth')) {
/* This is probably an authentication source. */
$as = new SimpleSAML_Auth_Simple($authority);
$as->logout($returnTo);
} elseif ($authority === 'saml2') {
/* SAML 2 SP which isn't an authentication source. */
$config = SimpleSAML_Configuration::getInstance();
SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php',
array('RelayState' => $returnTo)
);
} else {
/* A different old-style authentication file. */
$session->doLogout();
}
}
$id = SimpleSAML_Auth_State::saveState($state, 'core:Logout:afterbridge');
$returnTo = SimpleSAML_Module::getModuleURL('core/idp/resumelogout.php',
array('id' => $id)
);
$this->authSource->logout($returnTo);
$handler = $this->getLogoutHandler();
$handler->startLogout($state, $assocId);
......
<?php
/* TODO: Delete this file in version 1.8. */
if (!isset($_REQUEST['RequestID'])) {
throw new SimpleSAML_Error_BadRequest('Missing required URL parameter.');
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment