show all configured IdP's on the login screen

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

4 files changed, 79 insertions, 15 deletions

diff --git a/appinfo/app.php b/appinfo/app.php
index d1ef6712..1ec876a1 100644
--- a/appinfo/app.php
+++ b/appinfo/app.php
@@ -119,9 +119,11 @@ if($useSamlForDesktopClients === '1') {
 	}
 }
 
-$multipleUserBackEnds = $config->getAppValue('user_saml', 'general-allow_multiple_user_back_ends', '0');
+$multipleUserBackEnds = $samlSettings->allowMultipleUserBackEnds();
+$configuredIdps = $samlSettings->getListOfIdps();
+$showLoginOptions = $multipleUserBackEnds || count($configuredIdps) > 1;
 
-if ($redirectSituation === true && $multipleUserBackEnds === '1') {
+if ($redirectSituation === true && $showLoginOptions) {
 	$params = $request->getParams();
 	$redirectUrl = '';
 	if(isset($params['redirect_url'])) {
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
index dcbf0285..6fc588da 100644
--- a/lib/Controller/SAMLController.php
+++ b/lib/Controller/SAMLController.php
@@ -55,6 +55,8 @@ class SAMLController extends Controller {
 	private $logger;
 	/** @var IL10N */
 	private $l;
+	/** @var SAMLSettings */
+	private $settings;
 
 	/**
 	 * @param string $appName
@@ -67,6 +69,7 @@ class SAMLController extends Controller {
 	 * @param IURLGenerator $urlGenerator
 	 * @param IUserManager $userManager
 	 * @param ILogger $logger
+	 * @param SAMLSettings $settings
 	 * @param IL10N $l
 	 */
 	public function __construct($appName,
@@ -79,6 +82,7 @@ class SAMLController extends Controller {
 								IURLGenerator $urlGenerator,
 								IUserManager $userManager,
 								ILogger $logger,
+								SAMLSettings $settings,
 								IL10N $l) {
 		parent::__construct($appName, $request);
 		$this->session = $session;
@@ -89,6 +93,7 @@ class SAMLController extends Controller {
 		$this->urlGenerator = $urlGenerator;
 		$this->userManager = $userManager;
 		$this->logger = $logger;
+		$this->settings = $settings;
 		$this->l = $l;
 	}
 
@@ -325,26 +330,48 @@ class SAMLController extends Controller {
 	 * @return Http\TemplateResponse
 	 */
 	public function selectUserBackEnd($redirectUrl) {
-		$loginUrls = [
-			'directLogin' => [
-				'url' => $this->getDirectLoginUrl($redirectUrl),
+
+		$loginUrls = [];
+
+		if ($this->settings->allowMultipleUserBackEnds()) {
+			$loginUrls['directLogin'] = [
+				'url' => $this->getDirectLoginUrl(),
 				'display-name' => $this->l->t('Direct log in')
-				],
-			'ssoLogin' => [
-				'url' => $this->getSSOUrl($redirectUrl),
-				'display-name' => $this->getSSODisplayName(),
-				]
-		];
+			];
+		}
+
+		$loginUrls['ssoLogin'] = $this->getIdps($redirectUrl);
+
 		return new Http\TemplateResponse($this->appName, 'selectUserBackEnd', $loginUrls, 'guest');
 	}
 
 	/**
+	 * get the IdPs showed at the login page
+	 *
+	 * @param $redirectUrl
+	 * @return array
+	 */
+	private function getIdps($redirectUrl) {
+		$result = [];
+		$idps = $this->settings->getListOfIdps();
+		foreach ($idps as $idpId => $displayName) {
+			$result[] = [
+				'url' => $this->getSSOUrl($redirectUrl, $idpId),
+				'display-name' => $this->getSSODisplayName($displayName),
+			];
+		}
+
+		return $result;
+	}
+
+	/**
 	 * get SSO URL
 	 *
 	 * @param $redirectUrl
+	 * @param idp identifier
 	 * @return string
 	 */
-	private function getSSOUrl($redirectUrl) {
+	private function getSSOUrl($redirectUrl, $idp) {
 
 		$originalUrl = '';
 		if(!empty($redirectUrl)) {
@@ -358,6 +385,7 @@ class SAMLController extends Controller {
 			[
 				'requesttoken' => $csrfToken->getEncryptedValue(),
 				'originalUrl' => $originalUrl,
+				'idp' => $idp
 			]
 		);
 
@@ -368,10 +396,10 @@ class SAMLController extends Controller {
 	/**
 	 * return the display name of the SSO identity provider
 	 *
+	 * @param $displayName
 	 * @return string
 	 */
-	protected function getSSODisplayName() {
-		$displayName = $this->config->getAppValue('user_saml', 'general-idp0_display_name');
+	protected function getSSODisplayName($displayName) {
 		if (empty($displayName)) {
 			$displayName = $this->l->t('SSO & SAML log in');
 		}
diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
index 380f2d70..84d21a65 100644
--- a/lib/SAMLSettings.php
+++ b/lib/SAMLSettings.php
@@ -47,7 +47,37 @@ class SAMLSettings {
 		$this->request = $request;
 	}
 
+	/**
+	 * get list of the configured IDPs
+	 *
+	 * @return array
+	 */
+	public function getListOfIdps() {
+		$result = [];
+
+		$providerIds = explode(',', $this->config->getAppValue('user_saml', 'providerIds', '1'));
+		natsort($providerIds);
+
+		foreach ($providerIds as $id) {
+			$prefix = $id === '1' ? '' : $id .'-';
+			$result[$id] = $this->config->getAppValue('user_saml', $prefix . 'general-idp0_display_name', '');
+		}
+
+		return $result;
+	}
+
+	/**
+	 * check if multiple user back ends are allowed
+	 *
+	 * @return bool
+	 */
+	public function allowMultipleUserBackEnds() {
+		$setting = $this->config->getAppValue('user_saml', 'general-allow_multiple_user_back_ends', '0');
+		return  $setting === '1';
+	}
+
 	public function getOneLoginSettingsArray() {
+
 		$settings = [
 			'strict' => true,
 			'debug' => $this->config->getSystemValue('debug', false),
diff --git a/templates/selectUserBackEnd.php b/templates/selectUserBackEnd.php
index 03915924..ab3e5931 100644
--- a/templates/selectUserBackEnd.php
+++ b/templates/selectUserBackEnd.php
@@ -9,12 +9,16 @@ style('user_saml', 'selectUserBackEnd');
 
 <h1>Choose login option:</h1>
 
+	<?php if(isset($_['directLogin'])) : ?>
 <div class="login-option">
 	<a href="<?php p($_['directLogin']['url']); ?>"><?php p($_['directLogin']['display-name']); ?></a>
 </div>
+	<?php endif; ?>
 
+	<?php foreach ($_['ssoLogin'] as $idp) { ?>
 <div class="login-option">
-	<a href="<?php p($_['ssoLogin']['url']); ?>"><?php p($_['ssoLogin']['display-name']); ?></a>
+	<a href="<?php p($idp['url']); ?>"><?php p($idp['display-name']); ?></a>
 </div>
+	<?php } ?>
 
 </div>