Back to the module list

Authentication Shibboleth

The Shibboleth module can be installed in Apache and allow to authenticate the users in a SAML federation.

This authshibboleth module provide the methods to read the data provided by the Shibd daemon across the Apache process.

It allow to get fields from Shibd (from the IDP).

The class definition

Class \authshibboleth

Namespace \

Description

 User authentication against Shibboleth

Properties

public $appName;
 The application name
public $firstnameParam="givenName";
 The Firstname parameter returned by Shibboleth server
public $lastnameParam="sn";
 The Lastname parameter returned by Shibboleth server
public $mailParam="mail";
 The mail parameter returned by Shibboleth server
public $otherFields=array (ou,o);
 The others parameters returned by Shibboleth server
public $urlAuthentificated="";
 The optional URL use to authenticate the users
public $urlLogout="";
 The optional URL to disconnect the users
public $urlPasswd="";
 The optional URL to change the user password

Methods

public function authentication ($email, $password)
 Try to authenticate the email/password of the user
      @param string $email Email to authenticate
      @param string $password Password to authenticate

public function changepassword ($oldpassword, $newpassword)
 Method to change the password : unavailable in SESSION auth
      @param string $oldpassword The old password (to check if the user have the
         rights to change the password)
      @param string $newpassword The new password to be recorded

public function connect ()
 No connection to shibboleth

public function getdetails ()
 Return all the parameters recorded for the authenticate user

public function listusers ()
 List all the users available in the database
 Return firstname, lastname, mail, with mail is an array

public function logout ()
 Remove the information from the session

public function overwritepassword ($email, $newpassword)
 Method to overwrite the password (without oldpassword check)
      Must be reserved to the administrators. For the users, use changepassword
      method
      @param string $email the user identifier to select
      @param string $newpassword The new password to be recorded

public function pageHTML ($baseURL, $message="", $url="", $alreadyAuth=false)
 Display the authentication page
 The message is displayed to the user in case of error
 The url is the caller url to go back if authentication is correct
 @param string $baseURL The URL base to use for the links
 @param string|null $message Message to display to the user
 @param string|null $url URL to go back after successful authentication
 @param mixed $alreadyAuth If the user is already authenticated, the value
 will be displayed if the user is coming on the page.