public function LoginValidator::testSsoCredentials in Lightweight Directory Access Protocol (LDAP) 8.3
Test the SSO credentials.
Return value
int Returns the authentication result.
1 call to LoginValidator::testSsoCredentials()
- LoginValidator::processSsoLogin in ldap_authentication/
src/ Controller/ LoginValidator.php - Processes an SSO login.
File
- ldap_authentication/
src/ Controller/ LoginValidator.php, line 429
Class
- LoginValidator
- Handles the actual testing of credentials and authentication of users.
Namespace
Drupal\ldap_authentication\ControllerCode
public function testSsoCredentials($authName) {
// TODO: Verify if MODE_EXCLUSIVE check is a regression.
$authenticationResult = self::AUTHENTICATION_FAILURE_GENERIC;
foreach (LdapAuthenticationConfiguration::getEnabledAuthenticationServers() as $server) {
$authenticationResult = self::AUTHENTICATION_FAILURE_GENERIC;
$this->serverDrupalUser = Server::load($server);
$this->detailLog
->log('%username: Trying server %id where bind_method = %bind_method', [
'%username' => $authName,
'%id' => $this->serverDrupalUser
->id(),
'%bind_method' => $this->serverDrupalUser
->get('bind_method'),
], 'ldap_authentication');
if (!$this
->connectToServer()) {
continue;
}
$bindResult = $this
->bindToServerSso();
if ($bindResult != 'success') {
$authenticationResult = $bindResult;
// If bind fails, onto next server.
continue;
}
$this->ldapUser = $this->serverDrupalUser
->matchUsernameToExistingLdapEntry($authName);
if (!$this->ldapUser) {
$this->detailLog
->log('%username: Trying server %id where bind_method = %bind_method. Error: %err_text', [
'%username' => $authName,
'%bind_method' => $this->serverDrupalUser
->get('bind_method'),
'%err_text' => $this->serverDrupalUser
->formattedError($this->serverDrupalUser
->ldapErrorNumber()),
], 'ldap_authentication');
if ($this->serverDrupalUser
->hasError()) {
$authenticationResult = self::AUTHENTICATION_FAILURE_SERVER;
break;
}
$authenticationResult = self::AUTHENTICATION_FAILURE_FIND;
// Next server, please.
continue;
}
if (!$this
->checkAllowedExcluded($this->authName, $this->ldapUser)) {
$authenticationResult = self::AUTHENTICATION_FAILURE_DISALLOWED;
// Regardless of how many servers, disallowed user fails.
break;
}
$authenticationResult = self::AUTHENTICATION_SUCCESS;
if ($this->serverDrupalUser
->get('bind_method') == 'anon_user') {
// After successful bind, lookup user again to get private attributes.
$this->ldapUser = $this->serverDrupalUser
->matchUsernameToExistingLdapEntry($authName);
}
if ($this->serverDrupalUser
->get('bind_method') == 'service_account' || $this->serverDrupalUser
->get('bind_method') == 'anon_user') {
$this->serverDrupalUser
->disconnect();
}
// Success.
break;
// End loop through servers.
}
$this->detailLog
->log('Authentication result for %username is: %err_text', [
'%username' => $authName,
'%err_text' => $this
->authenticationHelpText($authenticationResult) . ' ' . $this
->additionalDebuggingResponse($authenticationResult),
], 'ldap_authentication');
return $authenticationResult;
}