Esempio n. 1
0
// Loading SAML library
require_once '../openssophp/config/config.php';
require_once '../openssophp/lib/saml-lib.php';
// Needs a function to get the token from the php session
require_once '../openssophp/spi/sessionhandling/' . $LIGHTBULB_CONFIG['spi-sessionhandling'] . '.php';
// Needs a function to get the token from the php session
require_once '../openssophp/spi/namemapping/' . $LIGHTBULB_CONFIG['spi-namemapping'] . '.php';
// Load functions...
require_once "example-lib.php";
// URL to return user to after authentication. Will be this page :D
$return_url = selfURL();
// URL initiating SSO with lighbulb, contains some configuration parameters.
$ssoinit_url = $LIGHTBULB_CONFIG['baseurl'] . "spSSOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url);
// Logout URL. Also a openssophp service with some parameters and a return url.
$logout_url = $LIGHTBULB_CONFIG['baseurl'] . "spSLOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url);
$userid = $_POST["username"];
$password = $_POST["password"];
$username = authenticateLocalUser($userid, $password);
if (is_null($username)) {
    echo "Error login, probably bad credentials. Sorry.";
    exit;
} else {
    if (!is_null(spi_sessionhandling_getNameID())) {
        // The user is already authenticated to an IdP so we federate the accounts..
        $nameId = getNameID(spi_sessionhandling_getResponse());
        spi_namemapping_mapNameIdToLocalId($nameId["NameQualifier"], $nameId["SPNameQualifier"], spi_sessionhandling_getNameID(), $userid);
    }
    spi_sessionhandling_setUserId($userid);
    header("Location: " . urldecode($_POST["goto"]));
    exit;
}
 *
 * $Id: AssertionConsumerService.php,v 1.2 2007/06/11 17:33:13 superpat7 Exp $
 *
 * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
 */
require_once 'config/config.php';
require_once 'lib/saml-lib.php';
require_once 'spi/sessionhandling/' . $LIGHTBULB_CONFIG['spi-sessionhandling'] . '.php';
require_once 'spi/namemapping/' . $LIGHTBULB_CONFIG['spi-namemapping'] . '.php';
if (empty($_POST['SAMLResponse'])) {
    echo '<p>Unable to process the submission.<br />
        No SAMLResponse in posted data</p>';
} else {
    error_log("Entering sp.php");
    if ($token = processResponse($_POST)) {
        $nameId = getNameID($token);
        if (isset($nameId)) {
            error_log("NameQualifier = " . $nameId["NameQualifier"]);
            error_log("SPNameQualifier = " . $nameId["SPNameQualifier"]);
            error_log("NameID = " . $nameId["NameID"]);
            $localID = spi_namemapping_nameIdToLocalId($nameId["NameQualifier"], $nameId["SPNameQualifier"], $nameId["NameID"]);
            if (isset($localID) && $localID != "") {
                error_log("NameID successfull federation. Now set User ID = " . $localID);
                // User is sucessfully mapped to a local ID
                spi_sessionhandling_setNameID($nameId["NameID"]);
                spi_sessionhandling_setUserID($localID);
                spi_sessionhandling_setResponse($token);
            } else {
                // User is not mapped to a local ID. The user is still authenticated, but further steps may be needed
                // in order to proceed. The service will probably do one of two things, either auto-generate a new account or
                // require the user to login using a local account and then federate the user.