

    SSO SERVER EXTENSIONS

    
Author: Petr Gladkikh <pgladkikh@parallels.com>    

Note described here functionality is currently intended to gagther feedback and details
of interfaces can be changed in future.

Some parts of SSO functionality can be extended or overridden with special extension modules.
Extension modules are loaded automatically and need not be specially registered.
Part of functionality that cen be extended or overridden is identified by "mount point" identificator.

Extension module is a php file that contains class annotated as extension.
Annotation is a tag "mounts" in JavaDoc-style comment that is placed just before class declaration.
Class name should be prefixed with "ext_" and should not contain other underscores. E.g.:

    /**
     * @mounts AMountPointIdentifier
     */
     class ext_MyExtention {
     }

Extension module is placed into directory "SRC/ext" where SRC is root directory of SSO sources.

Each extension is plugged at specific "mount point". To requirements specified above each
mount point may have additional requirements to the extension.

Currently extension module should itself care about it's configuration. However it is possible
for extention module to access to logger of SSO server (see following section for details).


    LOGGING

If an extension module needs a logger then it should declare publicly accessible member variable
annotated with "@inject log" tag:

     class ext_MyExtention {
        /**
         * @inject log
         */
        public $logger;

        public function doSomething() {
            $this->log->warn("Thinking hard.");
        }
     }

Logger has 4 methods:
    error(message, exception = null)
    warn(message)
    info(message)
    trace(message)


    MOUNT POINT "CREDENTIALS CHECKER"

This extension allows to verify validity of specified credentials (pair of user name and password).
Note that:
    1. once enabled it replaces embedded credentials checker and thus should be able to
verify credentials of any application (service provider) that is attached to the SSO server
instance.
    2. Federated identity credentials are checked by SSO server itself even if this extention
is enabled.

Class that is used as credentials checker should implement interface idp_CredentialsChecker.

Example of such extension is in file ext/ExampleCredentialsChecker.php
(hint: To enable and play with this example code replace tag "@NO_mounts" with "@mounts"
and try to authenticate with hard-coded credentials).