• Home
  • SimpleSAML_XHTML_IdPDisco

PHP Class SimpleSAML_XHTML_IdPDisco, simplesamlphp

Experimental support added for Extended IdP Metadata Discovery Protocol by Andreas 2008-08-28 More information: http://rnd.feide.no/content/extended-identity-provider-discovery-service-protocol
Author: Olav Morken, UNINETT AS.
Datei anzeigen Open project: simplesamlphp/simplesamlphp Class Usage Examples

Protected Properties

Property Type Description
$config SimpleSAML_Configuration An instance of the configuration class.
$instance string The identifier of this discovery service.
$isPassive boolean HTTP parameter from the request, indicating whether the discovery service can interact with the user or not.
$metadata SimpleSAML_Metadata_MetaDataStorageHandler An instance of the metadata handler, which will allow us to fetch metadata about IdPs.
$metadataSets array The metadata sets we find allowed entities in, in prioritized order.
$returnIdParam string This option default to 'entityID' for Shibboleth compatibility.
$returnURL string The URL the user should be redirected to after choosing an IdP.
$scopedIDPList array The list of scoped idp's. The intersection between the metadata idpList and scopedIDPList (given as a $_GET IDPList[] parameter) is presented to the user. If the intersection is empty the metadata idpList is used.
$session SimpleSAML_Session The users session.
$setIdPentityID string | null ..
$spEntityId string The entity id of the SP which accesses this IdP discovery service.

Public Methods

Method Description
__construct ( array $metadataSets, string $instance ) Initializes this discovery service.
handleRequest ( ) Handles a request to this discovery service.

Protected Methods

Method Description
filterList ( array $list ) : array Filter the list of IdPs.
getCookie ( string $name ) : string Retrieve cookie with the given name.
getFromCIDRhint ( ) : string | null Retrieve a recommended IdP based on the IP address of the client.
getIdPList ( ) : array Retrieve the list of IdPs which are stored in the metadata.
getPreviousIdP ( ) : string Retrieve the previous IdP the user used.
getRecommendedIdP ( ) : string Try to determine which IdP the user should most likely use.
getSavedIdP ( ) : string Retrieve the users saved choice of IdP.
getScopedIDPList ( ) : array Return the list of scoped idp
getSelectedIdP ( ) : string Retrieve the users choice of IdP.
getTargetIdP ( ) : string Determine which IdP the user should go to, if any.
log ( string $message ) Log a message.
saveIdP ( ) : boolean Determine whether the choice of IdP should be saved.
setCookie ( string $name, string $value ) Save cookie with the given name and value.
setPreviousIdP ( string $idp ) Save the current IdP choice to a cookie.
start ( ) : void Check if an IdP is set or if the request is passive, and redirect accordingly.
validateIdP ( string | null $idp ) : string | null Validates the given IdP entity id.

Method Details

__construct() public method

The constructor does the parsing of the request. If this is an invalid request, it will throw an exception.
public __construct ( array $metadataSets, string $instance )
$metadataSets array Array with metadata sets we find remote entities in.
$instance string The name of this instance of the discovery service.

filterList() protected method

This method returns the IdPs that comply with the following conditions: - The IdP does not have the 'hide.from.discovery' configuration option.
protected filterList ( array $list ) : array
$list array An associative array containing metadata for the IdPs to apply the filtering to.
return array An associative array containing metadata for the IdPs that were not filtered out.

getCookie() protected method

This function will retrieve a cookie with the given name for the current discovery service type.
protected getCookie ( string $name ) : string
$name string The name of the cookie.
return string The value of the cookie with the given name, or null if no cookie with that name exists.

getFromCIDRhint() protected method

Retrieve a recommended IdP based on the IP address of the client.
protected getFromCIDRhint ( ) : string | null
return string | null The entity ID of the IdP if one is found, or null if not.

getIdPList() protected method

Retrieve the list of IdPs which are stored in the metadata.
protected getIdPList ( ) : array
return array An array with entityid => metadata mappings.

getPreviousIdP() protected method

Retrieve the previous IdP the user used.
protected getPreviousIdP ( ) : string
return string The entity id of the previous IdP the user used, or null if this is the first time.

getRecommendedIdP() protected method

This function will first look at the previous IdP the user has chosen. If the user hasn't chosen an IdP before, it will look at the IP address.
protected getRecommendedIdP ( ) : string
return string The entity id of the IdP the user should most likely use.

getSavedIdP() protected method

Retrieve the users saved choice of IdP.
protected getSavedIdP ( ) : string
return string The entity id of the IdP the user has saved, or null if the user hasn't saved any choice.

getScopedIDPList() protected method

Return the list of scoped idp
protected getScopedIDPList ( ) : array
return array An array of IdP entities

getSelectedIdP() protected method

This function finds out which IdP the user has manually chosen, if any.
protected getSelectedIdP ( ) : string
return string The entity id of the IdP the user has chosen, or null if the user has made no choice.

getTargetIdP() protected method

Determine which IdP the user should go to, if any.
protected getTargetIdP ( ) : string
return string The entity id of the IdP the user should be sent to, or null if the user should choose.

handleRequest() public method

The IdP disco parameters should be set before calling this function.
public handleRequest ( )

log() protected method

This is an helper function for logging messages. It will prefix the messages with our discovery service type.
protected log ( string $message )
$message string The message which should be logged.

saveIdP() protected method

Determine whether the choice of IdP should be saved.
protected saveIdP ( ) : boolean
return boolean True if the choice should be saved, false otherwise.

setCookie() protected method

This function will save a cookie with the given name and value for the current discovery service type.
protected setCookie ( string $name, string $value )
$name string The name of the cookie.
$value string The value of the cookie.

setPreviousIdP() protected method

Save the current IdP choice to a cookie.
protected setPreviousIdP ( string $idp )
$idp string The entityID of the IdP.

start() protected method

Check if an IdP is set or if the request is passive, and redirect accordingly.
protected start ( ) : void
return void If there is no IdP targeted and this is not a passive request.

validateIdP() protected method

Takes a string with the IdP entity id, and returns the entity id if it is valid, or null if not.
protected validateIdP ( string | null $idp ) : string | null
$idp string | null The entity id we want to validate. This can be null, in which case we will return null.
return string | null The entity id if it is valid, null if not.

Property Details

$config protected_oe property

An instance of the configuration class.
protected SimpleSAML_Configuration $config
return SimpleSAML_Configuration

$instance protected_oe property

The identifier of this discovery service.
protected string $instance
return string

$isPassive protected_oe property

HTTP parameter from the request, indicating whether the discovery service can interact with the user or not.
protected bool $isPassive
return boolean

$metadata protected_oe property

An instance of the metadata handler, which will allow us to fetch metadata about IdPs.
protected SimpleSAML_Metadata_MetaDataStorageHandler $metadata
return SimpleSAML_Metadata_MetaDataStorageHandler

$metadataSets protected_oe property

The metadata sets we find allowed entities in, in prioritized order.
protected array $metadataSets
return array

$returnIdParam protected_oe property

This option default to 'entityID' for Shibboleth compatibility.
protected string $returnIdParam
return string

$returnURL protected_oe property

The URL the user should be redirected to after choosing an IdP.
protected string $returnURL
return string

$scopedIDPList protected_oe property

The list of scoped idp's. The intersection between the metadata idpList and scopedIDPList (given as a $_GET IDPList[] parameter) is presented to the user. If the intersection is empty the metadata idpList is used.
protected array $scopedIDPList
return array

$session protected_oe property

The users session.
protected SimpleSAML_Session $session
return SimpleSAML_Session

$setIdPentityID protected_oe property

..
protected string|null $setIdPentityID
return string | null

$spEntityId protected_oe property

The entity id of the SP which accesses this IdP discovery service.
protected string $spEntityId
return string