This repository has been archived by the owner on Dec 21, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
/
SAMLSecurityExtension.php
58 lines (53 loc) · 1.91 KB
/
SAMLSecurityExtension.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?php
/**
* Class SAMLSecurityExtension
*
* Extensions to the {@link Security} controller to support {@link SAMLAuthenticator}
*/
class SAMLSecurityExtension extends Extension
{
/**
* Will redirect the user directly to the IdP login endpoint if:
*
* 1) the 'SAMLAuthenticator' is the default authenticator
* 2) there isn't a GET param showloginform set to 1
* 3) the member is not currently logged in
* 4) there are no form messages (errors or notices)
*
* @return void
*/
public function onBeforeSecurityLogin()
{
if (Authenticator::get_default_authenticator() != 'SAMLAuthenticator') {
return;
}
// by going to the URL Security/login?showloginform=1 we bypass the auto sign on
if ($this->owner->request->getVar('showloginform') == 1) {
return;
}
// if member is already logged in, don't auto-sign-on, this is most likely because
// of unsufficient permissions.
$member = Member::currentUser();
if ($member && $member->exists()) {
return;
}
// if there are form messages, don't auto-sign-on, this is most likely because of
// login errors / failures or other notices.
if (Session::get('FormInfo')) {
// since FormInfo can be a "nulled" array, we have to check
foreach (Session::get('FormInfo') as $form => $info) {
foreach ($info as $name => $value) {
if ($value !== null) {
return;
}
}
}
}
$backURL = Session::get('BackURL');
if ($this->owner->request->getVar('BackURL')) {
$backURL = $this->owner->request->getVar('BackURL');
}
$authenticator = Injector::inst()->create('SAMLAuthenticator');
$authenticator->authenticate(["BackURL" => $backURL]);
}
}