saml_sp_drupal_login.module in SAML Service Provider 7

<?php

/**
 * @file
 * SAML Drupal Login
 *
 * Uses the SAML Service Provider module to provide a Drupal-login
 * authentication module.
 */

/**
 * Implements hook_menu().
 */
function saml_sp_drupal_login_menu() {
  $items = array();

  // Admin form to configure which IDP to use.
  $items['admin/config/people/saml_sp/drupal_login'] = array(
    'title' => 'Drupal login',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'saml_sp_drupal_login__admin_config_form',
    ),
    'access arguments' => array(
      'configure saml sp',
    ),
    'file' => 'saml_sp_drupal_login.admin.inc',
    'type' => MENU_LOCAL_TASK,
  );

  // URL to trigger the authentication process.
  $items['saml/drupal_login'] = array(
    'page callback' => 'saml_sp_drupal_login__start',
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );
  return $items;
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function saml_sp_drupal_login_form_user_login_block_alter(&$form, &$form_state) {

  // Add a "Log in using SAML" link to the user-login form.
  $items = array();
  $items[] = array(
    'data' => l(t('Log in using SAML'), 'saml/drupal_login', array(
      'external' => TRUE,
    )),
    'class' => array(
      'saml-link',
    ),
  );
  $form['saml_sp_drupal_login_links'] = array(
    '#theme' => 'item_list',
    '#items' => $items,
    '#attributes' => array(
      'class' => array(
        'saml_sp_drupal_login-links',
      ),
    ),
    '#weight' => 1,
  );
}

/**
 * Start the SAML authentication process.
 */
function saml_sp_drupal_login__start() {

  // Load the IDP to authenticate against.
  $idp = saml_sp_drupal_login__get_idp();

  // Start the authentication process; invoke
  // saml_sp_drupal_login__saml_authenticate() when done.
  saml_sp_start($idp, 'saml_sp_drupal_login__saml_authenticate');
}

/**
 * Get the IDP configuration to use for Drupal Login via SAML.
 *
 * @return Object
 */
function saml_sp_drupal_login__get_idp() {
  $idp_machine_name = variable_get('saml_sp_drupal_login__idp', '');
  return saml_sp_idp_load($idp_machine_name);
}

/**
 * SAML authentication callback.
 */
function saml_sp_drupal_login__saml_authenticate($is_valid, OneLogin_Saml_Response $samlResponse) {
  if ($is_valid) {
    $email = $samlResponse
      ->getNameId();
    if ($uid = saml_sp_drupal_login__get_authmap($email)) {

      // Existing user, try to login.
      $account = user_load($uid);
    }
    else {

      // New user, register.
      $account = NULL;
      $new_user = array(
        'name' => $email,
        'mail' => $email,
        'status' => variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) == USER_REGISTER_VISITORS,
      );
      $account = user_save($account, $new_user);
      db_insert('authmap')
        ->fields(array(
        'uid' => $account->uid,
        'authname' => $email,
        'module' => 'saml_sp_drupal_login',
      ))
        ->execute();
    }

    // @see user_login_name_validate().
    if (user_is_blocked($account->name)) {
      drupal_set_message(t('The username %name has not been activated or is blocked.', array(
        '%name' => $account->name,
      )));
      return FALSE;
    }

    // Reset any flood control.
    // @see user_login_final_validate().
    if (variable_get('user_failed_login_identifier_uid_only', FALSE)) {
      $identifier = $account->uid;
    }
    else {
      $identifier = $account->uid . '-' . ip_address();
    }
    flood_clear_event('failed_login_attempt_user', $identifier);

    // @see user_login_submit().
    global $user;
    $user = user_load($account->uid);
    $edit = array();
    user_login_finalize($edit);
  }
  drupal_goto();
}

/**
 * Lookup the user ID using the authmap table.
 */
function saml_sp_drupal_login__get_authmap($email) {
  return db_query("SELECT uid FROM {authmap} WHERE authname = :authname AND module = :module", array(
    ':authname' => $email,
    ':module' => 'saml_sp_drupal_login',
  ))
    ->fetchField();
}