Add reauthentication infrastructure.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2847 44740490-163a-0410-bde0-09ae8108e29a

Add reauthentication infrastructure.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2847 44740490-163a-0410-bde0-09ae8108e29a
c8be6c60 · Olav Morken · 7c35d8e1 · c8be6c60 · c8be6c60
Commit c8be6c60 authored 13 years ago by Olav Morken
--- a/lib/SimpleSAML/Auth/Source.php
+++ b/lib/SimpleSAML/Auth/Source.php
@@ -99,6 +99,26 @@ abstract class SimpleSAML_Auth_Source {
 	abstract public function authenticate(&$state);


+	/**
+	 * Reauthenticate an user.
+	 *
+	 * This function is called by the IdP to give the authentication source a chance to
+	 * interact with the user even in the case when the user is already authenticated.
+	 *
+	 * @param array &$state  Information about the current authentication.
+	 */
+	public function reauthenticate(array &$state) {
+		assert('isset($state["ReturnCallback"])');
+
+		/* The default implementation just copies over the previous authentication data. */
+		$session = SimpleSAML_Session::getInstance();
+		$data = $session->getAuthState($this->authId);
+		foreach ($data as $k => $v) {
+			$state[$k] = $v;
+		}
+	}
+
+
 	/**
 	 * Complete authentication.
 	 *

--- a/lib/SimpleSAML/IdP.php
+++ b/lib/SimpleSAML/IdP.php
@@ -326,13 +326,36 @@ class SimpleSAML_IdP {
 			throw new SimpleSAML_Error_NoPassive('Passive authentication not supported.');
 		}

-		$state['IdPMetadata'] = $this->getConfig()->toArray();
-		$state['ReturnCallback'] = array('SimpleSAML_IdP', 'postAuth');
-
 		$this->authSource->login($state);
 	}


+	/**
+	 * Reuthenticate the user.
+	 *
+	 * This function reauthenticates an user with an existing session. This
+	 * gives the authentication source a chance to do additional work when
+	 * reauthenticating for SSO.
+	 *
+	 * Note: This function is not used when ForceAuthn=true.
+	 *
+	 * @param array &$state  The authentication request state.
+	 */
+	private function reauthenticate(array &$state) {
+
+		$sourceImpl = $this->authSource->getAuthSource();
+		if ($sourceImpl === NULL) {
+			/* Backwards-compatibility with non-authsource IdP. */
+			foreach ($this->authSource->getAuthDataArray() as $k => $v) {
+				$state[$k] = $v;
+			}
+			return;
+		}
+
+		$sourceImpl->reauthenticate($state);
+	}
+
+
 	/**
 	 * Process authentication requests.
 	 *
@@ -362,14 +385,15 @@ class SimpleSAML_IdP {
 			$needAuth = !$this->isAuthenticated();
 		}

+		$state['IdPMetadata'] = $this->getConfig()->toArray();
+		$state['ReturnCallback'] = array('SimpleSAML_IdP', 'postAuth');
+
 		try {
 			if ($needAuth) {
 				$this->authenticate($state);
 				assert('FALSE');
 			} else {
-				foreach ($this->authSource->getAuthDataArray() as $k => $v) {
-					$state[$k] = $v;
-				}
+				$this->reauthenticate($state);
 			}
 			$this->postAuth($state);
 		} catch (SimpleSAML_Error_Exception $e) {