You are here

Home » API reference » simpleSAMLphp Authentication 7.3 » simplesamlphp_auth.inc

function _simplesaml_auth_user_register in simpleSAMLphp Authentication 7.3

Creates a new Drupal account for a SAML authenticated user.

Parameters

string $authname: Gets the authname attribute from the SAML assertion as provided by _simplesamlphp_auth_get_authname().

Return value

object The newly create Drupal user object.

1 call to _simplesaml_auth_user_register()
_simplesaml_auth_login_register in ./simplesamlphp_auth.inc
Performs login and/or register actions for SAML authenticated users.

File

./simplesamlphp_auth.inc, line 89
Contains non-hook implementations.

Code

function _simplesaml_auth_user_register($authname) {
  global $user;
  global $_simplesamlphp_auth_as;

  // First we check the admin settings for simpleSAMLphp and find out if we are
  // allowed to register users.
  if (variable_get('simplesamlphp_auth_registerusers', TRUE)) {

    // We are allowed to register new users.
    if (variable_get('simplesamlphp_auth_debug', 0)) {
      watchdog('simplesamlphp_auth', 'Register [%authname]', array(
        '%authname' => $authname,
      ), WATCHDOG_DEBUG);
    }

    // It's possible that a user with this name already exists, but is not
    // permitted to login to Drupal via SAML. If so, log out of SAML and
    // redirect to the front page.
    $account = user_load_by_name($authname);
    if ($account) {
      if (variable_get('simplesamlphp_auth_debug', 0)) {
        watchdog('simplesamlphp_auth', 'User [%authname] could not be registered because that username already exists and is not SAML enabled.', array(
          '%authname' => $authname,
        ), WATCHDOG_DEBUG);
      }
      drupal_set_message(t('We are sorry, your user account is not SAML enabled.'));
      $_simplesamlphp_auth_as
        ->logout(base_path());
      return FALSE;
    }

    // Register the new user.
    user_external_login_register($authname, 'simplesamlphp_auth');
    if (variable_get('simplesamlphp_auth_debug', 0)) {
      watchdog('simplesamlphp_auth', 'Registered [%authname] with uid @uid', array(
        '%authname' => $authname,
        '@uid' => $user->uid,
      ), WATCHDOG_DEBUG);
    }
    if (!empty($user->uid)) {

      // Populate roles based on configuration setting.
      $roles = _simplesamlphp_auth_rolepopulation(variable_get('simplesamlphp_auth_rolepopulation', ''));
      $userinfo = array(
        'roles' => $roles,
      );
      $user = user_save($user, $userinfo);
      return $user;
    }
    else {

      // We were unable to register this new user on the site.
      // We let the user know about this, log an error, and redirect to the home
      // page.
      drupal_set_message(t("We are sorry. While you have successfully authenticated, we were unable to create an account for you on this site. Please ask the site administrator to provision access for you."));
      watchdog('simplesamlphp_auth', 'Unable to register %authname using simplesamlphp_auth', array(
        '%authname' => $authname,
      ), WATCHDOG_ERROR);
      $_simplesamlphp_auth_as
        ->logout(base_path());
    }
  }
  else {

    // We are not allowed to register new users on the site through simpleSAML.
    // We let the user know about this and redirect to the user/login page.
    drupal_set_message(t("We are sorry. Although you have successfully authenticated, you are not yet entitled to access this site. Please ask the site administrator to provide access for you."));
    $_simplesamlphp_auth_as
      ->logout(base_path());
  }
}