Skip to content
Snippets Groups Projects
Commit fed8d8b5 authored by Olav Morken's avatar Olav Morken
Browse files

core:WarnShortSSOInterval: New processing filter which shows a warning if...

core:WarnShortSSOInterval: New processing filter which shows a warning if there is a very short interval between SSOs for the same user from an SP.


git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1421 44740490-163a-0410-bde0-09ae8108e29a
parent 0bd25bf4
No related branches found
No related tags found
No related merge requests found
<?php
$lang = array(
'warning' => array (
'en' => 'We have detected that there is only a few seconds since you last authenticated with this service provider, and therefore assume that there is a problem with this SP.',
),
'warning_header' => array (
'en' => 'To short interval between single sign on events.',
),
'retry' => array (
'en' => 'Retry login',
),
);
?>
\ No newline at end of file
<?php
/**
* Give a warning to the user if we receive multiple requests in a short time.
*
* @package simpleSAMLphp
* @version $Id$
*/
class sspmod_core_Auth_Process_WarnShortSSOInterval extends SimpleSAML_Auth_ProcessingFilter {
/**
* Process a authentication response.
*
* This function checks how long it is since the last time the user was authenticated.
* If it is to short a while since, we will show a warning to the user.
*
* @param array $state The state of the response.
*/
public function process(&$state) {
assert('is_array($state)');
if (!array_key_exists('PreviousSSOTimestamp', $state)) {
/*
* No timestamp from the previous SSO to this SP. This is the first
* time during this session.
*/
return;
}
$timeDelta = time() - $state['PreviousSSOTimestamp'];
if ($timeDelta >= 10) {
/* At least 10 seconds since last attempt. */
return;
}
if (array_key_exists('Destination', $state)
&& array_key_exists('entityid', $state['Destination'])) {
$entityId = $state['Destination']['entityid'];
} else {
$entityId = 'UNKNOWN';
}
SimpleSAML_Logger::warn('WarnShortSSOInterval: Only ' . $timeDelta .
' seconds since last SSO for this user from the SP ' .
var_export($entityId, TRUE));
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
$url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
}
}
?>
\ No newline at end of file
<?php
/**
* Template which is shown when there is only a short interval since the user was last authenticated.
*
* Parameters:
* - 'target': Target URL.
* - 'params': Parameters which should be included in the request.
*
* @package simpleSAMLphp
* @version $Id$
*/
$this->data['header'] = $this->t('{core:short_sso_interval:warning_header}');
$this->data['autofocus'] = 'contbutton';
$this->includeAtTemplateBase('includes/header.php');
?>
<h1><?php echo $this->data['header']; ?></h1>
<form style="display: inline; margin: 0px; padding: 0px" action="<?php echo htmlspecialchars($this->data['target']); ?>">
<?php
// Embed hidden fields...
foreach ($this->data['params'] as $name => $value) {
echo('<input type="hidden" name="' . htmlspecialchars($name) . '" value="' . htmlspecialchars($value) . '" />');
}
?>
<p><?php echo $this->t('{core:short_sso_interval:warning}'); ?></p>
<input type="submit" name="continue" id="contbutton" value="<?php echo htmlspecialchars($this->t('{core:short_sso_interval:retry}')) ?>" />
</form>
<?php
$this->includeAtTemplateBase('includes/footer.php');
?>
<?php
/**
* Show a warning to an user about the SP requesting SSO a short time after
* doing it previously.
*
* @package simpleSAMLphp
* @version $Id$
*/
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
$id = $_REQUEST['StateId'];
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
if (array_key_exists('continue', $_REQUEST)) {
/* The user has pressed the continue/retry-button. */
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php');
$t->data['target'] = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
$t->data['params'] = array('StateId' => $id);
$t->show();
?>
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment