/**
* Does the actual authentication of the user and returns an id that will be used
* to load the current user (loadUserOnSession)
*
* @param STRING $name
* @param STRING $password
* @return STRING id - used for loading the user
*
* Contributions by Erik Mitchell erikm@logicpd.com
*/
function authenticateUser($name, $password)
{
if (empty($_POST['SAMLResponse'])) {
return parent::authenticateUser($name, $password);
}
require 'modules/Users/authentication/SAMLAuthenticate/settings.php';
require 'modules/Users/authentication/SAMLAuthenticate/lib/onelogin/saml.php';
$samlresponse = new SamlResponse(get_saml_settings(), $_POST['SAMLResponse']);
if ($samlresponse->is_valid()) {
$dbresult = $GLOBALS['db']->query("SELECT id, status FROM users WHERE user_name='" . $samlresponse->get_nameid() . "' AND deleted = 0");
//user already exists use this one
if ($row = $GLOBALS['db']->fetchByAssoc($dbresult)) {
if ($row['status'] != 'Inactive') {
return $row['id'];
} else {
return '';
}
} else {
return $this->createUser($samlresponse->get_nameid());
}
}
return '';
}
/**
* Retrieves user ID from SamlResponse according to SamlSettings
*
* @param SamlResponse $samlresponse
* @param SamlSettings $settings
* @return string
*/
protected function get_user_id($samlresponse, $settings)
{
if (isset($settings->saml_settings['check']['user_name'])) {
$xmlDoc = $samlresponse->xml;
$xpath = new DOMXpath($xmlDoc);
$query = $settings->saml_settings['check']['user_name'];
$entries = $xpath->query($query);
$name_id = $entries->item(0)->nodeValue;
} else {
$name_id = $samlresponse->get_nameid();
}
return $name_id;
}
$onelogin_saml_name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
require_once 'lib/onelogin/saml.php';
$authrequest = new AuthRequest();
$authrequest->user_settings = get_user_settings();
$onelogin_saml_url = $authrequest->create();
redirect($onelogin_saml_url, 0);
} elseif (isset($_POST['SAMLResponse']) && $_POST['SAMLResponse'] && !(isset($_GET['normal']) && $_GET['normal']) || isset($SESSION->normal) && $SESSION->normal && !(isset($_GET['logout']) && $_GET['logout'])) {
## myDebugger("SAML RESPONSE");
require_once 'lib/onelogin/saml.php';
$samlresponse = new SamlResponse($_POST['SAMLResponse']);
$samlresponse->user_settings = get_user_settings();
if (!$samlresponse->is_valid()) {
print_error("An invalid SAML response was received from the Identity Provider. Contact the admin.");
}
//onelogin_saml_auth($samlresponse);
$username = $onelogin_saml_nameId = $samlresponse->get_nameid();
// make variables accessible to saml->get_userinfo; Information will be requested from authenticate_user_login -> create_user_record / update_user_record
$GLOBALS['onelogin_saml_login_attributes'] = $saml_attributes = $samlresponse->get_saml_attributes();
## myDebugger("<pre>SAML ATTRIBUTES...<br />".print_r($saml_attributes, true)."SAML...<br />".htmlentities(base64_decode($_POST['SAMLResponse']))."</pre>");
$wantsurl = isset($SESSION->wantsurl) ? $SESSION->wantsurl : FALSE;
} else {
// You shouldn't be able to reach here.
print_error("Module Setup Error: Review the OneLogin setup instructions for the SAML authentication module, and be sure to change the following one line of code in Moodle's core in 'login/index.php'.<br /><br /><div style=\"text-align:center;\">CHANGE THE FOLLOWING LINE OF CODE (in 'login/index.php')...</div><br /><font style=\"font-size:18px;\"><strong>if (!empty(\$CFG->alternateloginurl)) {</strong></font><br /><br /><div style=\"text-align:center;\">...to...</div><br /><strong><font style=\"font-size:18px;\">if (!empty(\$CFG->alternateloginurl) && !isset(\$_GET['normal'])) { </font></strong> \r\n");
}
///$wantsurl = isset($SESSION->wantsurl) ? $SESSION->wantsurl : FALSE;
///unset($SESSION->retry);
///unset($SESSION->wantsurl);
///session_write_close();
// Valid session. Register or update user in Moodle, log him on, and redirect to Moodle front
// we require the plugin to know that we are now doing a saml login in hook puser_login
$GLOBALS['onelogin_saml_login'] = TRUE;
