public function SimplesamlphpDrupalAuth::externalRegister in simpleSAMLphp Authentication 8.3
Registers a user locally as one authenticated by the SimpleSAML IdP.
Parameters
string $authname: The authentication name.
Return value
\Drupal\Core\Entity\EntityInterface|bool The registered Drupal user.
Throws
\Exception An ExternalAuth exception.
1 call to SimplesamlphpDrupalAuth::externalRegister()
- SimplesamlphpDrupalAuth::externalLoginRegister in src/
Service/ SimplesamlphpDrupalAuth.php - Log in and optionally register a user based on the authname provided.
File
- src/
Service/ SimplesamlphpDrupalAuth.php, line 146
Class
- SimplesamlphpDrupalAuth
- Service to link SimpleSAMLphp authentication with Drupal users.
Namespace
Drupal\simplesamlphp_auth\ServiceCode
public function externalRegister($authname) {
$account = FALSE;
// It's possible that a user with their username set to this authname
// already exists in the Drupal database.
$existing_user = $this->entityTypeManager
->getStorage('user')
->loadByProperties([
'name' => $authname,
]);
$existing_user = $existing_user ? reset($existing_user) : FALSE;
if ($existing_user) {
// If auto-enable SAML is activated, link this user to SAML.
if ($this->config
->get('autoenablesaml')) {
if ($this->config
->get('debug')) {
$this->logger
->debug('Linking authname %authname to existing Drupal user with ID %id because "Automatically enable SAML authentication for existing users upon successful login" setting is activated.', [
'%authname' => $authname,
'%id' => $existing_user
->id(),
]);
}
$this->externalauth
->linkExistingAccount($authname, 'simplesamlphp_auth', $existing_user);
$account = $existing_user;
}
else {
if ($this->config
->get('debug')) {
$this->logger
->debug('A local Drupal user with username %authname already exists. Aborting the creation of a SAML-enabled Drupal user.', [
'%authname' => $authname,
]);
}
// User is not permitted to login to Drupal via SAML.
// Log out of SAML and redirect to the front page.
$this->messenger
->addMessage($this
->t('We are sorry, your user account is not SAML enabled.'), 'status');
$this->simplesamlAuth
->logout(base_path());
return FALSE;
}
}
else {
// If auto-enable SAML is activated, take more action to find an existing
// user.
if ($this->config
->get('autoenablesaml')) {
// Allow other modules to decide if there is an existing Drupal user,
// based on the supplied SAML atttributes.
$attributes = $this->simplesamlAuth
->getAttributes();
foreach ($this->moduleHandler
->getImplementations('simplesamlphp_auth_existing_user') as $module) {
$return_value = $this->moduleHandler
->invoke($module, 'simplesamlphp_auth_existing_user', [
$attributes,
]);
if ($return_value instanceof UserInterface) {
$account = $return_value;
if ($this->config
->get('debug')) {
$this->logger
->debug('Linking authname %authname to existing Drupal user with ID %id because "Automatically enable SAML authentication for existing users upon successful login" setting is activated.', [
'%authname' => $authname,
'%id' => $account
->id(),
]);
}
$this->externalauth
->linkExistingAccount($authname, 'simplesamlphp_auth', $account);
}
}
}
// Check the admin settings for simpleSAMLphp and find out if we
// are allowed to register users.
if (!$this->config
->get('register_users')) {
// We're not allowed to register new users on the site through
// simpleSAML. We let the user know about this and redirect to the
// user/login page.
$this->messenger
->addMessage($this
->t('We are sorry. While you have successfully authenticated, you are not yet entitled to access this site. Please ask the site administrator to provision access for you.'), 'status');
$this->simplesamlAuth
->logout(base_path());
return FALSE;
}
}
if (!$account) {
// Create the new user.
try {
$account = $this->externalauth
->register($authname, 'simplesamlphp_auth');
} catch (\Exception $ex) {
watchdog_exception('simplesamlphp_auth', $ex);
$this->messenger
->addMessage($this
->t('Error registering user: An account with this username already exists.'), 'error');
}
}
if ($account) {
$this
->synchronizeUserAttributes($account, TRUE);
return $this->externalauth
->userLoginFinalize($account, $authname, 'simplesamlphp_auth');
}
}