You are here

Home » API reference » SAML Authentication 8 » SamlauthConfigureForm.php » SamlauthConfigureForm

public function SamlauthConfigureForm::buildForm in SAML Authentication 8

Same name and namespace in other branches
  1. 8.3 src/Form/SamlauthConfigureForm.php \Drupal\samlauth\Form\SamlauthConfigureForm::buildForm()
  2. 8.2 src/Form/SamlauthConfigureForm.php \Drupal\samlauth\Form\SamlauthConfigureForm::buildForm()
  3. 4.x src/Form/SamlauthConfigureForm.php \Drupal\samlauth\Form\SamlauthConfigureForm::buildForm()

Form constructor.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Return value

array The form structure.

Overrides ConfigFormBase::buildForm

File

src/Form/SamlauthConfigureForm.php, line 39
Contains Drupal\samlauth\Form\SamlauthConfigureForm.

Class

SamlauthConfigureForm
Class SamlauthConfigureForm.

Namespace

Drupal\samlauth\Form

Code

public function buildForm(array $form, FormStateInterface $form_state) {
  $config = $this
    ->config('samlauth.authentication');
  $config_array = samlauth_get_config();
  $form['saml_requirements'] = array(
    '#type' => 'fieldset',
    '#title' => $this
      ->t('SAML Requirements'),
  );
  $form['saml_requirements']['drupal_saml_login'] = array(
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Allow SAML users to login directly with Drupal'),
    '#description' => $this
      ->t('If this option is enabled, users that have a remote SAML ID will also be allowed to login through the normal Drupal process (without the intervention of the configured identity provider). Note that if Drupal login is hidden, this option will have no effect.'),
    '#default_value' => $config
      ->get('drupal_saml_login'),
  );
  $form['service_provider'] = array(
    '#type' => 'fieldset',
    '#title' => $this
      ->t('Service Provider Configuration'),
  );
  $form['service_provider']['config_info'] = array(
    '#theme' => 'item_list',
    '#items' => array(
      $this
        ->t('Metadata URL') . ': ' . \Drupal::urlGenerator()
        ->generateFromRoute('samlauth.saml_controller_metadata', array(), array(
        'absolute' => TRUE,
      )),
      $this
        ->t('Assertion Consumer Service') . ': ' . $config_array['sp']['assertionConsumerService']['url'],
      $this
        ->t('Single Logout Service') . ': ' . $config_array['sp']['singleLogoutService']['url'],
    ),
    '#empty' => array(),
    '#list_type' => 'ul',
  );
  $form['service_provider']['sp_entity_id'] = array(
    '#type' => 'textfield',
    '#title' => $this
      ->t('Entity ID'),
    '#description' => $this
      ->t('Specifies the identifier to be used to represent the SP.'),
    '#default_value' => $config
      ->get('sp_entity_id'),
  );
  $form['service_provider']['sp_name_id_format'] = array(
    '#type' => 'textfield',
    '#title' => $this
      ->t('Name ID Format'),
    '#description' => $this
      ->t('Specify the NameIDFormat attribute to request from the identity provider'),
    '#default_value' => $config
      ->get('sp_name_id_format'),
  );
  $form['service_provider']['sp_x509_certificate'] = array(
    '#type' => 'textarea',
    '#title' => $this
      ->t('x509 Certificate'),
    '#description' => $this
      ->t('Public x509 certificate of the SP. No line breaks or BEGIN CERTIFICATE or END CERTIFICATE lines.'),
    '#default_value' => $config
      ->get('sp_x509_certificate'),
  );
  $form['service_provider']['sp_private_key'] = array(
    '#type' => 'textarea',
    '#title' => $this
      ->t('Private Key'),
    '#description' => $this
      ->t('Private key for SP. No line breaks or BEGIN CERTIFICATE or END CERTIFICATE lines.'),
    '#default_value' => $config
      ->get('sp_private_key'),
  );
  $form['identity_provider'] = array(
    '#type' => 'fieldset',
    '#title' => $this
      ->t('Identity Provider Configuration'),
  );

  // @TODO: Allow a user to automagically populate this by providing a metadata URL for the iDP.
  //    $form['identity_provider']['idp_metadata_url'] = array(
  //      '#type' => 'url',
  //      '#title' => $this->t('Metadata URL'),
  //      '#description' => $this->t('URL of the XML metadata for the identity provider'),
  //      '#default_value' => $config->get('idp_metadata_url'),
  //    );
  $form['identity_provider']['idp_entity_id'] = array(
    '#type' => 'textfield',
    '#title' => $this
      ->t('Entity ID'),
    '#description' => $this
      ->t('Specifies the identifier to be used to represent the IDP.'),
    '#default_value' => $config
      ->get('idp_entity_id'),
  );
  $form['identity_provider']['idp_single_sign_on_service'] = array(
    '#type' => 'url',
    '#title' => $this
      ->t('Single Sign On Service'),
    '#description' => $this
      ->t('URL where the SP will send the authentication request message.'),
    '#default_value' => $config
      ->get('idp_single_sign_on_service'),
  );
  $form['identity_provider']['idp_single_log_out_service'] = array(
    '#type' => 'url',
    '#title' => $this
      ->t('Single Log Out Service'),
    '#description' => $this
      ->t('URL where the SP will send the logout request message.'),
    '#default_value' => $config
      ->get('idp_single_log_out_service'),
  );
  $form['identity_provider']['idp_change_password_service'] = array(
    '#type' => 'url',
    '#title' => $this
      ->t('Change Password Service'),
    '#description' => $this
      ->t('URL where users will be redirected to change their password.'),
    '#default_value' => $config
      ->get('idp_change_password_service'),
  );
  $form['identity_provider']['idp_x509_certificate'] = array(
    '#type' => 'textarea',
    '#title' => $this
      ->t('x509 Certificate'),
    '#description' => $this
      ->t('Public x509 certificate of the IdP'),
    '#default_value' => $config
      ->get('idp_x509_certificate'),
  );
  $form['user_info'] = array(
    '#title' => $this
      ->t('User Info and Syncing'),
    '#type' => 'fieldset',
  );
  $form['user_info']['unique_id_attribute'] = array(
    '#type' => 'textfield',
    '#title' => $this
      ->t('Unique identifier attribute'),
    '#description' => $this
      ->t('Specify a SAML attribute that is always going to be unique on a per-user basis. This will be used to identify local users (and create new ones if the option is enabled.<br />Example: <em>eduPersonPrincipalName</em> or <em>eduPersonTargetedID</em>'),
    '#default_value' => $config
      ->get('unique_id_attribute') ?: 'eduPersonTargetedID',
  );
  $form['user_info']['map_users'] = array(
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Attempt to map SAML users to existing local users?'),
    '#description' => $this
      ->t('If this option is enabled and a SAML authentication response is received for a user that already exists locally, and the user\'s email matches the configured attribute, the SAML user will be mapped to the local user and then logged in.'),
    '#default_value' => $config
      ->get('map_users'),
  );
  $form['user_info']['map_users_email'] = array(
    '#type' => 'textfield',
    '#title' => $this
      ->t('Email attribute (for mapping)'),
    '#description' => $this
      ->t('This attribute will be used for mapping SAML users to local Drupal users.'),
    '#default_value' => $config
      ->get('map_users_email'),
    '#states' => array(
      'invisible' => array(
        ':input[name="map_users"]' => array(
          'checked' => FALSE,
        ),
      ),
    ),
  );
  $form['user_info']['create_users'] = array(
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Create users specified by SAML server?'),
    '#description' => $this
      ->t('If this option is enabled, users that do not exist in the Drupal database will be created if specified by a successful SAML authentication response.'),
    '#default_value' => $config
      ->get('create_users'),
  );
  $form['user_info']['user_name_attribute'] = array(
    '#type' => 'textfield',
    '#title' => $this
      ->t('User name attribute'),
    '#description' => $this
      ->t('When SAML users are created, this field specifies which SAML attribute should be used for the Drupal user name.<br />Example: <em>cn</em> or <em>eduPersonPrincipalName</em>'),
    '#default_value' => $config
      ->get('user_name_attribute') ?: 'cn',
    '#states' => array(
      'invisible' => array(
        ':input[name="create_users"]' => array(
          'checked' => FALSE,
        ),
      ),
    ),
  );
  $form['user_info']['user_mail_attribute'] = array(
    '#type' => 'textfield',
    '#title' => $this
      ->t('User email attribute'),
    '#description' => $this
      ->t('When SAML users are created, this field specifies which SAML attribute should be used for the Drupal email address.<br />Example: <em>mail</em>'),
    '#default_value' => $config
      ->get('user_mail_attribute') ?: 'email',
    '#states' => array(
      'invisible' => array(
        ':input[name="create_users"]' => array(
          'checked' => FALSE,
        ),
      ),
    ),
  );
  $form['security'] = array(
    '#title' => $this
      ->t('Security Options'),
    '#type' => 'fieldset',
  );
  $form['security']['security_authn_requests_sign'] = array(
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Request signed authn requests'),
    '#default_value' => $config
      ->get('security_authn_requests_sign'),
  );
  $form['security']['security_messages_sign'] = array(
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Request messages to be signed'),
    '#default_value' => $config
      ->get('security_messages_sign'),
  );
  $form['security']['security_name_id_sign'] = array(
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Request signed NameID'),
    '#default_value' => $config
      ->get('security_name_id_sign'),
  );
  $form['security']['security_request_authn_context'] = array(
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Request authn context'),
    '#default_value' => $config
      ->get('security_request_authn_context'),
  );
  return parent::buildForm($form, $form_state);
}