Constants

L_OK

L_OK = 0

L_REMARK

L_REMARK = 4

L_WARN

L_WARN = 32

L_ERROR

L_ERROR = 256

EXTERNAL_DB_SYNCSTATE_NOT_SYNCED

EXTERNAL_DB_SYNCSTATE_NOT_SYNCED = 0

EXTERNAL_DB_SYNCSTATE_SYNCED

EXTERNAL_DB_SYNCSTATE_SYNCED = 1

EXTERNAL_DB_SYNCSTATE_NOTSUBJECTTOSYNCING

EXTERNAL_DB_SYNCSTATE_NOTSUBJECTTOSYNCING = 2

PROFILES_INCOMPLETE

PROFILES_INCOMPLETE = 0

PROFILES_CONFIGURED

PROFILES_CONFIGURED = 1

PROFILES_SHOWTIME

PROFILES_SHOWTIME = 2

Properties

$identifier

$identifier : 

the unique identifier of this entity instance refers to the integer row name in the DB -> int; Federation has no own DB, so the identifier is of no use there -> use Fedearation->$tld

Type

— identifier of the entity instance

$name

$name : 

the name of the entity in the current locale

Type

$federation

$federation : 

The shortname of this IdP's federation

Type

Methods

__construct()

__construct(  instId) : 

Constructs an IdP object based on its details in the database.

Cannot be used to define a new IdP in the database! This happens via Federation::newIdP()

Parameters

instId

the database row identifier

Returns

getAttributes()

getAttributes(  optionName = NULL) : mixed|string|int

This function retrieves the entity's attributes.

If called with the optional parameter, only attribute values for the attribute name in $optionName are retrieved; otherwise, all attributes are retrieved. The retrieval is in-memory from the internal attributes class member - no DB callback, so changes in the database during the class instance lifetime are not considered.

Parameters

optionName

optionally, the name of the attribute that is to be retrieved

Returns

mixed|string|int —

of arrays of attributes which were set for this IdP

beginFlushAttributes()

beginFlushAttributes() : mixed|string|int

deletes all attributes in this profile except the _file ones, these are reported as array

Returns

mixed|string|int —

list of row id's of file-based attributes which weren't deleted

commitFlushAttributes()

commitFlushAttributes(mixed|string|int  tobedeleted) : 

after a beginFlushAttributes, deletes all attributes which are in the tobedeleted array.

Parameters

mixed|string|int tobedeleted

array of database rows which are to be deleted

Returns

flushAttributes()

flushAttributes() : 

deletes all attributes of this entity from the database

Returns

addAttribute()

addAttribute(  attrName,   attrLang,   attrValue) : 

Adds an attribute for the entity instance into the database. Multiple instances of the same attribute are supported.

Parameters

attrName

Name of the attribute. This must be a well-known value from the profile_option_dict table in the DB.

attrLang

language of the attribute. Can be NULL.

attrValue

Value of the attribute. Can be anything; will be stored in the DB as-is.

Returns

fetchRawDataByIndex()

fetchRawDataByIndex(  table,   row) : string|bool

Retrieves data from the underlying tables, for situations where instantiating the IdP or Profile object is inappropriate

Parameters

table

institution_option or profile_option

row

rowindex

Returns

string|bool —

the data, or FALSE if something went wrong

isDataRestricted()

isDataRestricted(  table,   row) : 

Checks if a raw data pointer is public data (return value FALSE) or if yes who the authorised admins to view it are (return array of user IDs)

Parameters

table

which database table is this about

row

row index of the table

Returns

FALSE if the data is public, an array of owners of the data if it is NOT public

updateFreshness()

updateFreshness() : 

This function sets the timestamp of last modification of the child profiles to the current timestamp.

This is needed for installer caching: all installers which are on disk must be re-created if an attribute changes. This timestamp here is used to determine if the installer on disk is still new enough.

Returns

__destruct()

__destruct() : 

destroys the entity.

Logs the end of lifetime of the entity to the debug log on level 5.

Returns

getAttributeValue()

getAttributeValue(mixed|string|int  attributeArray, string|int  index1, string|int  index2) : 

This is a helper fuction to retrieve a value from two-dimensional arrays The function tests if the value for the first indes is defined and then the same with the second and finally returns the value if something on the way is not defined, NULL is returned

Parameters

mixed|string|int attributeArray
string|int index1
string|int index2

Returns

createTemporaryDirectory()

createTemporaryDirectory(  purpose = installer,   failIsFatal = 1) : mixed|string|int

create a temporary directory and return the location

Parameters

purpose

one of 'installer', 'logo', 'test' defined the purpose of the directory

failIsFatal

decides if a creation failure should cause an error; defaults to true

Returns

mixed|string|int —

the tuple of: base path, absolute path for directory, directory name

rrmdir()

rrmdir(  dir) : 

this direcory delete function has been copied from PHP documentation

Parameters

dir

name of the directory to delete

Returns

uuid()

uuid(  prefix,  deterministicSource = NULL) : 

generates a UUID, for the devices which identify file contents by UUID

Parameters

prefix

an extra prefix to set before the UUID

deterministicSource

Returns

UUID (possibly prefixed)

randomString()

randomString(  length,   keyspace = 23456789abcdefghijkmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ) : 

produces a random string

Parameters

length

the length of the string to produce

keyspace

the pool of characters to use for producing the string

Throws

\Exception

Returns

listProfiles()

listProfiles(  activeOnly = FALSE) : mixed|string|int

This function retrieves all registered profiles for this IdP from the database

Parameters

activeOnly

if and set to non-zero will cause listing of only those institutions which have some valid profiles defined.

Returns

mixed|string|int —

list of Profiles of this IdP

maxProfileStatus()

maxProfileStatus() : 

looks through all the profiles of the inst and determines the highest prod-ready level among the profiles

Returns

highest level of completeness of all the profiles of the inst

listOwners()

listOwners() : mixed|string|int

This function retrieves an array of authorised users which can manipulate this institution.

Returns

mixed|string|int —

owners of the institution; numbered array with members ID, MAIL and LEVEL

isPrimaryOwner()

isPrimaryOwner(  user) : 

Primary owners are allowed to invite other (secondary) admins to the institution

Parameters

user

ID of a logged-in user

Returns

TRUE if this user is an admin with FED-level blessing

profileCount()

profileCount() : 

This function gets the profile count for a given IdP.

The count could be retreived from the listProfiles method but this is less expensive.

Returns

profile count

newProfile()

newProfile(  type) : \core\AbstractProfile|null

Adds a new profile to this IdP.

Only creates the DB entry for the Profile. If you want to add attributes later, see Profile::addAttribute().

Parameters

type

exactly "RADIUS" or "SILVERBULLET", all other values throw an Exception

Returns

\core\AbstractProfile|null —

new Profile object if successful, or NULL if an error occured

destroy()

destroy() : 

deletes the IdP and all its profiles

Returns

getExternalDBSyncCandidates()

getExternalDBSyncCandidates() : 

Performs a lookup in an external database to determine matching entities to this IdP.

The business logic of this function is roaming consortium specific; if no match algorithm is known for the consortium, FALSE is returned.

Returns

list of entities in external database that correspond to this IdP or FALSE if no consortium-specific matching function is defined

getExternalDBSyncState()

getExternalDBSyncState() : 

returns the state of sync with the external DB.

Returns

getExternalDBId()

getExternalDBId() : string|bool

Retrieves the external DB identifier of this institution. Returns FALSE if no ID is known.

Returns

string|bool —

the external identifier; or FALSE if no external ID is known

setExternalDBId()

setExternalDBId(  identifier) : 

Associates the external DB id with a CAT id

Parameters

identifier

the external DB id, which can be alpha-numeric

Returns

removeExternalDBId()

removeExternalDBId() : 

removes the link between a CAT institution and the external DB

Returns