Skip to content

Functionality to use Assertion Consumer URLs as the prod sso trigger #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
judaw wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Functionality to use Assertion Consumer URLs as the prod sso trigger #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7d5c9f7
Functionality to use Assertion Consumer URLs as the prod sso trigger
judaw Mar 9, 2026
4d7434b
Wording update
judaw Mar 9, 2026
513b3fd
Fixing error on empty config
judaw Mar 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions cwd_saml_mapping.module
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,8 @@ function cwd_saml_mapping_preprocess_item_list(&$variables) {
}

$use_saml_in_prod = $config->getRawData()['use_prod_in_saml'];
$is_prod_and_use_prod_shibboleth = (isset($_ENV['PANTHEON_ENVIRONMENT']) && $_ENV['PANTHEON_ENVIRONMENT'] === 'live' && $use_saml_in_prod);
$use_prod_shibboleth = ShibbolethHelper::useProductionShibboleth();
$is_prod_and_use_prod_shibboleth = $use_prod_shibboleth && $use_saml_in_prod;
if ($is_prod_and_use_prod_shibboleth) {
//Loop through links and remove ones that contain 'test'
foreach ($variables['items'] as $index => $link) {
Expand Down Expand Up @@ -307,7 +308,7 @@ function cwd_saml_mapping_form_alter(&$form, \Drupal\Core\Form\FormStateInterfac
$form['#cache'] = ['max-age' => 0];

$hide_drupal_login_prod = $config->getRawData()['hide_drupal_login_prod'] ?? FALSE;
$is_prod_and_hide = (isset($_ENV['PANTHEON_ENVIRONMENT']) && $_ENV['PANTHEON_ENVIRONMENT'] === 'live' && $hide_drupal_login_prod);
$use_prod_shib_and_hide_drupal_login = (ShibbolethHelper::useProductionShibboleth() && $hide_drupal_login_prod);
$hide_drupal_login = $config->getRawData()['hide_drupal_login'] ?? FALSE;

$sso_text = $config->getRawData()['sso_text'] ?? "Login with your NetID";
Expand All @@ -316,7 +317,7 @@ function cwd_saml_mapping_form_alter(&$form, \Drupal\Core\Form\FormStateInterfac
'#weight' => -999,
);

if ($hide_drupal_login || $is_prod_and_hide) {
if ($hide_drupal_login || $use_prod_shib_and_hide_drupal_login) {
unset($form['name']);
unset($form['pass']);
unset($form['actions']);
Expand Down Expand Up @@ -355,9 +356,9 @@ function cwd_saml_mapping_user_login_form_submit($form, FormStateInterface $form
function cwd_saml_mapping_local_tasks_alter(&$local_tasks) {
$config = \Drupal::config('cwd_saml_mapping.config_form');
$hide_drupal_login_prod = $config->getRawData()['hide_drupal_login_prod'] ?? FALSE;
$is_prod_and_hide = (isset($_ENV['PANTHEON_ENVIRONMENT']) && $_ENV['PANTHEON_ENVIRONMENT'] === 'live' && $hide_drupal_login_prod);
$use_prod_shib_and_hide_drupal_login = (ShibbolethHelper::useProductionShibboleth() && $hide_drupal_login_prod);
$hide_drupal_login = $config->getRawData()['hide_drupal_login'] ?? FALSE;
if ($hide_drupal_login || $is_prod_and_hide) {
if ($hide_drupal_login || $use_prod_shib_and_hide_drupal_login) {
unset($local_tasks['user.register']);
unset($local_tasks['user.login']);
}
Expand Down Expand Up @@ -452,7 +453,7 @@ function cwd_saml_mapping_preprocess_page(&$variables) {
$url_string = "/saml/drupal_login";
$samlsp_login_config = \Drupal::config('saml_sp_drupal_login.config');
$idps = $samlsp_login_config->getRawData()['idp'];
if (isset($_ENV['PANTHEON_ENVIRONMENT']) && $_ENV['PANTHEON_ENVIRONMENT'] === 'live') {
if (ShibbolethHelper::useProductionShibboleth()) {
$url_string .= "/" . $idps['cornell_prod'];
}
else {
Expand Down
4 changes: 2 additions & 2 deletions src/Form/CWDSamlMappingConfigForm.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
];
$form['customize_links']['use_prod_in_saml'] = [
'#type' => 'checkbox',
'#title' => $this->t('Use Production Shibboleth on the Live/Production site.'),
'#title' => $this->t('Use Production Shibboleth on all Assertion Consumer URLs. Once your site is launched this should always be enabled.'),
'#default_value' => $config->get('use_prod_in_saml'),
];
$form['customize_links']['show_all_idps'] = [
Expand All @@ -63,7 +63,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
];
$form['customize_links']['hide_drupal_login_prod'] = [
'#type' => 'checkbox',
'#title' => $this->t('Hide Drupal Login in Prod.'),
'#title' => $this->t('Hide Drupal Login in all envs using Production Shibboleth.'),
'#default_value' => $config->get('hide_drupal_login_prod'),
];
$form['customize_headings'] = [
Expand Down
14 changes: 14 additions & 0 deletions src/ShibbolethHelper.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,18 @@ public static function getAllowedUserNamePropertyArray() {
];
return $mapping_array;
}

public static function useProductionShibboleth() {
$saml_sp_assertion_consumer_url = \Drupal::config('saml_sp.settings')->get('assertion_urls') ?? "";
$urls = explode("\r\n", $saml_sp_assertion_consumer_url);
$current_domain = \Drupal::request()->getHost();
foreach ($urls as $url) {
$url = str_replace('https://', '', $url);
$final_domain = str_replace('/saml/consume', '', $url);
if($final_domain === $current_domain) {
return true;
}
}
return false;
}
}