You are here

public function IdpForm::form in SAML Service Provider 4.x

Same name and namespace in other branches
  1. 8.3 src/Form/IdpForm.php \Drupal\saml_sp\Form\IdpForm::form()
  2. 8.2 src/Form/IdpForm.php \Drupal\saml_sp\Form\IdpForm::form()
  3. 3.x src/Form/IdpForm.php \Drupal\saml_sp\Form\IdpForm::form()

Gets the actual form array to be built.

Overrides EntityForm::form

See also

\Drupal\Core\Entity\EntityForm::processForm()

\Drupal\Core\Entity\EntityForm::afterBuild()

File

src/Form/IdpForm.php, line 18

Class

IdpForm
Provides the form to configure the IdP.

Namespace

Drupal\saml_sp\Form

Code

public function form(array $form, FormStateInterface $form_state) {
  $form = parent::form($form, $form_state);
  $idp = $this->entity;
  $form['idp_metadata'] = [
    '#type' => 'textarea',
    '#title' => t('XML Metadata'),
    '#description' => t('Paste in the metadata provided by the Identity Provider here and the form will be automatically filled out, or you can manually enter the information.'),
  ];
  $form['#attached']['library'][] = 'saml_sp/idp_form';
  $form['idp'] = [
    '#type' => 'fieldset',
    '#tree' => TRUE,
  ];
  $form['idp']['label'] = [
    '#type' => 'textfield',
    '#title' => t('Name'),
    '#default_value' => $idp
      ->label(),
    '#description' => t('The human-readable name of this IdP. This text will be displayed to administrators who can configure SAML.'),
    '#required' => TRUE,
    '#size' => 30,
    '#maxlength' => 30,
  ];
  $form['idp']['id'] = [
    '#type' => 'machine_name',
    '#default_value' => $idp
      ->id(),
    '#maxlength' => 32,
    '#machine_name' => [
      'exists' => 'saml_sp_idp_load',
      'source' => [
        'idp',
        'label',
      ],
    ],
    '#description' => t('A unique machine-readable name for this IdP. It must only contain lowercase letters, numbers, and underscores.'),
  ];
  $form['idp']['entity_id'] = [
    '#type' => 'textfield',
    '#title' => t('Entity ID'),
    '#description' => t('The entityID identifier which the Identity Provider will use to identiy itself by, this may sometimes be a URL.'),
    '#default_value' => $idp
      ->getEntityId(),
    '#maxlength' => 255,
  ];
  $form['idp']['app_name'] = [
    '#type' => 'textfield',
    '#title' => t('App name'),
    '#description' => t('The app name is provided to the Identiy Provider, to identify the origin of the request.'),
    '#default_value' => $idp
      ->getAppName(),
    '#maxlength' => 255,
  ];
  $fields = [
    'mail' => t('Email'),
  ];

  // TODO: Add extra fields to config.

  /*
      // @codingStandardsIgnoreStart
      if (!empty($extra_fields)) {
        foreach ($extra_fields as $value) {
          $fields[$value] = $value;
        }
      }
      // @codingStandardsIgnoreEnd
      /**/
  $form['idp']['nameid_field'] = [
    '#type' => 'select',
    '#title' => t('NameID field'),
    '#description' => t('Mail is usually used between IdP and SP, but if you want to let users change the email address in IdP, you need to use a custom field to store the ID.'),
    '#options' => $fields,
    '#default_value' => $idp
      ->getNameIdField(),
  ];

  // The SAML login URL and X.509 certificate must match the details provided
  // by the IdP.
  $form['idp']['login_url'] = [
    '#type' => 'textfield',
    '#title' => t('IdP login URL'),
    '#description' => t('Login URL of the Identity Provider server.'),
    '#default_value' => $idp
      ->getLoginUrl(),
    '#required' => TRUE,
    '#max_length' => 255,
  ];
  $form['idp']['logout_url'] = [
    '#type' => 'textfield',
    '#title' => t('IdP logout URL'),
    '#description' => t('Logout URL of the Identity Provider server.'),
    '#default_value' => $idp
      ->getLogoutUrl(),
    '#required' => TRUE,
    '#max_length' => 255,
  ];
  $form['idp']['x509_cert'] = $this
    ->createCertsFieldset($form_state);
  $form_state
    ->setCached(FALSE);
  $refs = saml_sp_authn_context_class_refs();
  $authn_context_class_ref_options = [
    $refs[Constants::AC_PASSWORD] => t('User Name and Password'),
    $refs[Constants::AC_PASSWORD_PROTECTED] => t('Password Protected Transport'),
    $refs[Constants::AC_TLS] => t('Transport Layer Security (TLS) Client'),
    $refs[Constants::AC_X509] => t('X.509 Certificate'),
    $refs[Constants::AC_WINDOWS] => t('Integrated Windows Authentication'),
    $refs[Constants::AC_KERBEROS] => t('Kerberos'),
  ];
  $default_auth = [];
  foreach ($refs as $key => $value) {
    $default_auth[$value] = $value;
  }
  $form['idp']['authn_context_class_ref'] = [
    '#type' => 'checkboxes',
    '#title' => t('Authentication methods'),
    '#description' => t('What authentication methods would you like to use with this IdP? If left empty all methods from the provider will be allowed.'),
    '#default_value' => $idp
      ->id() ? $idp
      ->getAuthnContextClassRef() : $default_auth,
    '#options' => $authn_context_class_ref_options,
    '#required' => FALSE,
  ];
  return $form;
}