-
Notifications
You must be signed in to change notification settings - Fork 1
/
samlauth.module
109 lines (97 loc) · 2.57 KB
/
samlauth.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php
/**
* @file
* A SAML Authenication layer for Drupal.
*/
define('SAMLAUTH_REQUEST_ID', 'samlauth_request_id');
/**
* Implements hook_menu().
*/
function samlauth_menu() {
return [
'admin/config/services/samlauth' => [
'title' => 'SAML Authentication',
'description' => 'Manage settings for the SAML 2.0 authentication layer.',
'page callback' => 'drupal_get_form',
'page arguments' => ['samlauth_admin_settings'],
'access arguments' => ['administer samlauth'],
'file' => 'samlauth.admin.inc',
'type' => MENU_NORMAL_ITEM,
],
'saml/%samlauth/consume' => [
'title' => 'SAML Assertion Customer Service',
'description' => 'The endpoint to process the SAML response.',
'page callback' => 'samlauth_page_acs',
'page arguments' => [1],
'access callback' => TRUE,
'file' => 'samlauth.pages.inc',
'type' => MENU_CALLBACK,
],
'saml/%samlauth/login' => [
'title' => 'SAML Login',
'description' => 'Sends an AuthnRequest to the Identity Provider.',
'page callback' => 'samlauth_page_login',
'page arguments' => [1],
'access callback' => 'samlauth_menu_access',
'access arguments' => ['anonymous user'],
'file' => 'samlauth.pages.inc',
'type' => MENU_CALLBACK,
],
'saml/%samlauth/metadata.xml' => [
'title' => 'SAML Metadata',
'description' => 'The metadata for the Service Provider.',
'page callback' => 'samlauth_page_metadata',
'page arguments' => [1],
'access callback' => TRUE,
'file' => 'samlauth.pages.inc',
'type' => MENU_CALLBACK,
],
];
}
/**
* Implements hook_permission().
*/
function samlauth_permission() {
return [
'administer samlauth' => [
'title' => t('Administer SAML Authenication'),
],
];
}
/**
* Callback: samlauth_menu().
*
* Wildcard loader for the menu router.
*
* @param string $idp_machine_name
*
* @return string|false
*/
function samlauth_load($idp_machine_name) {
module_load_include('inc', 'samlauth', 'samlauth');
$idp_exists = !empty(samlauth_settings($idp_machine_name));
if (!$idp_exists) {
return FALSE;
}
return $idp_machine_name;
}
/**
* Callback: samlauth_menu().
*
* Menu access callback for the menu router.
*
* @param string[] $roles
* Drupal roles to allow access.
*
* @return bool
*/
function samlauth_menu_access() {
$roles = func_get_args();
foreach ($roles as $role_name) {
$role = user_role_load_by_name($role_name);
if ($role && user_has_role($role->rid)) {
return TRUE;
}
}
return FALSE;
}