Class: auth_saml
Source Location: /security/class.auth_saml.incClass auth_saml
Class Overview
|
Driver for SAML authentication, for SAML based Single Sign On systems. It uses the SimpleSAMLphp library for the actual SAML handling To use this driver you need to specify a number of config options: Required: $config_auth_saml_simplesaml_path = path to your simplesamlphp installation, relative to your application, with trailing slash. Example: $config_auth_saml_simplesaml_path = "../simplesamlphp/"; Optional: $config_auth_userid_field = "uid"; The name of the field in the SSO system that contains the id of the logged in user. Defaults to 'uid'. $config_auth_saml_authsource = "default-sp"; The name of the authsource in simplesamlphp. Defaults to 'default-sp'. Located in /security/class.auth_saml.inc [line 41] auth_interface | --auth_samlAuthor(s):
|
Inherited from parent
| Inherited Properties | Inherited Methods |
|---|---|
|
Inherited From auth_interface |
Inherited From auth_interface
|
Property Summary
Method Summary
| boolean | canMd5() | Does this authentication method support md5 encoding of passwords? |
| void | getUser() | Retrieve the user. We ignore $user since a saml user is managed in a separate system. We return the user as we retrieved it from the SSO system during login in validateUser. |
| void | logout() | Logout through the SSO system. The default logout handler destroys the session, but we can't do that, since simplesamlphp needs the session to be able to perform the logout. |
| int | validateUser() | Authenticate a user. |
Properties
| Internal: | This value is static because atkSecurityManager has 2 instances of this class if authorization and authentication are both saml. |
| Access: | protected |
Methods
|
Does this authentication method support md5 encoding of passwords?
API Tags:
| Return: | false |
| Access: | public |
- auth_interface::canMd5()
- Does the authentication method support md5 encoding of passwords?
|
Retrieve the user. We ignore $user since a saml user is managed in a separate system. We return the user as we retrieved it from the SSO system during login in validateUser.
All the user data we retrieved from the SSO system is present as sub array $user["attributes"];
Parameters:| $user: |
API Tags:
| Access: | public |
- auth_interface::getUser()
- This function returns information about a user in an associative array with the following elements: "name" -> the userid (should normally be the same as the $user variable that gets passed to it.
|
Logout through the SSO system. The default logout handler destroys the session, but we can't do that, since simplesamlphp needs the session to be able to perform the logout.
Parameters:| $user: |
API Tags:
| Access: | public |
- auth_interface::logout()
- Logout handling. The default implementation does simple session destruction and recreates a new session.
|
Authenticate a user.
$user and $passwd are ignored by the saml plugin since we perform login elsewhere (in the SSO system). Note: if the user is not logged in in the SSO system, this method will never return as we redirect to the SSO system.
Parameters:| $user: | ||
| $passwd: |
API Tags:
| Return: | AUTH_SUCCESS - Authentication succesful |
| Access: | public |
- auth_interface::validateUser()
- Authenticate a user.