check if user is loggedin without redirect, with SAML protocol?

Question

I just started developing with simplesamlPHP, wich use the SAML protocol. I want to allow users to see a web app without login (as anonymous user. when the user logged in, is able to see some hidden stuff.

I need to check if the user is already logged in other of the services (or do i need to check this at the service provider?) without redirecting the user, because if it redirect, the user get the login form.

Answer 1

Your Application should be protected by a simpleSAMLphp SP.

To check if a user is logged or not you should load the simpleSAMLphp library and then use the function isAuthenticated().

This is the first thing you must check when you load the login.php function of your app. If isAuthenticated() returns false then you redirect to the SP, if isAuthenticated() returns true then you can check if user had an active session at the final app and update it (if exists) or create a new one.

simpleSAMLphp is well documented. Check the API doc here [1]

[1] https://simplesamlphp.org/docs/stable/simplesamlphp-sp-api

Example of coding:

require_once('/var/lib/usr/simplesamlphp/lib/_autoload.php');

$saml_auth = new SimpleSAML_Auth_Simple('saml');

if ($saml_auth->isAuthenticated()) {
  $attributes = $saml_auth->getAttributes();
  if (is_user_loggedin_local_app()) {
    update_session_local_app($attributes);
  }
  {
    create_session_local_app($attributes);
  }
}
else {
  $saml_auth->requireAuth();
}

As you see your local login form disappear. If you want to enable 2 ways to authentication (saml and local) then you have to create a new view at your local application with this logic and add a link to this view at your local login form.