samlauth.module in SAML Authentication 8
Same filename and directory in other branches
Contains samlauth.module.
File
samlauth.moduleView source
<?php
/**
* @file
* Contains samlauth.module.
*/
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RouteMatchInterface;
/**
* Implements hook_help().
*/
function samlauth_help($route_name, RouteMatchInterface $route_match) {
switch ($route_name) {
// Main module help for the samlauth module.
case 'help.page.samlauth':
$output = '';
$output .= '<h3>' . t('About') . '</h3>';
$output .= '<p>' . t('Allows users to authenticate against an external SAML identity provider.') . '</p>';
return $output;
default:
}
}
/**
* Returns configuration array for SAML SP.
*/
function samlauth_get_config() {
$config = \Drupal::config('samlauth.authentication');
return array(
'sp' => array(
'entityId' => $config
->get('sp_entity_id'),
'assertionConsumerService' => array(
'url' => \Drupal::urlGenerator()
->generateFromRoute('samlauth.saml_controller_acs', array(), array(
'absolute' => TRUE,
)),
),
'singleLogoutService' => array(
'url' => \Drupal::urlGenerator()
->generateFromRoute('samlauth.saml_controller_sls', array(), array(
'absolute' => TRUE,
)),
),
'NameIDFormat' => $config
->get('sp_name_id_format'),
'x509cert' => $config
->get('sp_x509_certificate'),
'privateKey' => $config
->get('sp_private_key'),
),
'idp' => array(
'entityId' => $config
->get('idp_entity_id'),
'singleSignOnService' => array(
'url' => $config
->get('idp_single_sign_on_service'),
),
'singleLogoutService' => array(
'url' => $config
->get('idp_single_log_out_service'),
),
'x509cert' => $config
->get('idp_x509_certificate'),
),
'security' => array(
'authnRequestsSigned' => $config
->get('security_authn_requests_sign') ? TRUE : FALSE,
'wantMessagesSigned' => $config
->get('security_messages_sign') ? TRUE : FALSE,
'wantNameIdSigned' => $config
->get('security_name_id_sign') ? TRUE : FALSE,
'requestedAuthnContext' => $config
->get('security_request_authn_context') ? TRUE : FALSE,
),
);
}
/**
* Implements hook_form_FORM_ID_alter().
*/
function samlauth_form_user_login_form_alter(&$form, FormStateInterface $form_state) {
$form['#validate'][] = 'samlauth_check_saml_user';
}
/**
* Validation callback for SAML users logging in through the normal methods.
*/
function samlauth_check_saml_user($form, FormStateInterface $form_state) {
if (!\Drupal::config('samlauth.authentication')
->get('drupal_saml_login')) {
if ($form_state
->hasAnyErrors()) {
// If previous validation has already failed (name/pw incorrect or blocked),
// bail out so we don't disclose any details about a user that otherwise
// wouldn't be authenticated.
return;
}
if ($account = user_load_by_name($form_state
->getValue('name'))) {
$user_data = \Drupal::service('user.data');
$saml_id = $user_data
->get('samlauth', $account
->id(), 'saml_id');
if (!is_null($saml_id)) {
$form_state
->setErrorByName('name', t('SAML users must sign in with SSO'));
}
}
}
}Functions
Name |
Description |
|---|---|
| samlauth_check_saml_user | Validation callback for SAML users logging in through the normal methods. |
| samlauth_form_user_login_form_alter | Implements hook_form_FORM_ID_alter(). |
| samlauth_get_config | Returns configuration array for SAML SP. |
| samlauth_help | Implements hook_help(). |