/** * Start the logout operation. * * @param array &$state The logout state. * @param string|NULL $assocId The SP we are logging out from. */ public function startLogout(array &$state, $assocId) { assert('is_string($assocId) || is_null($assocId)'); $associations = $this->idp->getAssociations(); if (count($associations) === 0) { $this->idp->finishLogout($state); } foreach ($associations as $id => &$association) { $idp = SimpleSAML_IdP::getByState($association); $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; if (!is_null($assocId)) { $spName = $this->idp->getSPName($assocId); if ($spName === NULL) { $spName = array('en' => $assocId); } $state['core:Logout-IFrame:From'] = $spName; } else { $state['core:Logout-IFrame:From'] = NULL; } $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'); $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id)); SimpleSAML_Utilities::redirect($url); }
/** * @param array &$links The links on the frontpage, split into sections. */ function metalisting_hook_frontpage(&$links) { assert('is_array($links)'); assert('array_key_exists("links", $links)'); $links['federation'][] = array('href' => SimpleSAML_Module::getModuleURL('metalisting/'), 'text' => array('en' => 'Federation entity listing', 'no' => 'Liste over føderasjonsmedlemmer')); $links['federation'][] = array('href' => SimpleSAML_Module::getModuleURL('metalisting/index.php?extended=1'), 'text' => array('en' => 'Federation entity listing (extended)', 'no' => 'Liste over føderasjonsmedlemmer (mer info)')); }
/** * Constructor for Google authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!array_key_exists('key', $config)) { throw new Exception('Google authentication source is not properly configured: missing [key]'); } $this->key = $config['key']; if (!array_key_exists('secret', $config)) { throw new Exception('Google authentication source is not properly configured: missing [secret]'); } $this->secret = $config['secret']; $this->linkback = SimpleSAML_Module::getModuleURL('authgoogleOIDC') . '/linkback.php'; // Create Client $this->client = new Google_Client(); $this->client->setApplicationName('Google gateway'); $this->client->setClientId($this->key); $this->client->setClientSecret($this->secret); $this->client->setRedirectUri($this->linkback); $this->client->addScope('openid'); $this->client->addScope('profile'); $this->client->addScope('email'); }
/** * Hook to add the modinfo module to the frontpage. * * @param array &$links The links on the frontpage, split into sections. */ function statistics_hook_frontpage(&$links) { assert('is_array($links)'); assert('array_key_exists("links", $links)'); $links['config']['statistics'] = array('href' => SimpleSAML_Module::getModuleURL('statistics/showstats.php'), 'text' => array('en' => 'Show statistics', 'no' => 'Vis statistikk'), 'shorttext' => array('en' => 'Statistics', 'no' => 'Statistikk')); $links['config']['statisticsmeta'] = array('href' => SimpleSAML_Module::getModuleURL('statistics/statmeta.php'), 'text' => array('en' => 'Show statistics metadata', 'no' => 'Vis statistikk metadata'), 'shorttext' => array('en' => 'Statistics metadata', 'no' => 'Statistikk metadata')); }
/** * Process an authentication response. * * This function saves the state, and if necessary redirects the user to the page where the user * is informed about the expiry date of his/her certificate. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (isset($state['isPassive']) && $state['isPassive'] === TRUE) { /* We have a passive request. Skip the warning. */ return; } if (!isset($_SERVER['SSL_CLIENT_CERT']) || $_SERVER['SSL_CLIENT_CERT'] == '') { return; } $client_cert = $_SERVER['SSL_CLIENT_CERT']; $client_cert_data = openssl_x509_parse($client_cert); if ($client_cert_data == FALSE) { SimpleSAML_Logger::error('authX509: invalid cert'); return; } $validTo = $client_cert_data['validTo_time_t']; $now = time(); $daysleft = (int) (($validTo - $now) / (24 * 60 * 60)); if ($daysleft > $this->warndaysbefore) { /* We have a certificate that will be valid for some time. Skip the warning. */ return; } SimpleSAML_Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days'); $state['daysleft'] = $daysleft; $state['renewurl'] = $this->renewurl; /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire'); $url = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Apply filter to validate attributes. * * @param array &$request The current request */ public function process(&$request) { $authorize = FALSE; assert('is_array($request)'); assert('array_key_exists("Attributes", $request)'); $attributes =& $request['Attributes']; foreach ($this->valid_attribute_values as $name => $patterns) { if (array_key_exists($name, $attributes)) { foreach ($patterns as $pattern) { $values = $attributes[$name]; if (!is_array($values)) { $values = array($values); } foreach ($values as $value) { if (preg_match($pattern, $value)) { $authorize = TRUE; break 3; } } } } } if (!$authorize) { /* Save state and redirect to 403 page. */ $id = SimpleSAML_Auth_State::saveState($request, 'authorize:Authorize'); $url = SimpleSAML_Module::getModuleURL('authorize/authorize_403.php'); SimpleSAML_Utilities::redirect($url, array('StateId' => $id)); } }
/** * Start the logout operation. * * @param array &$state The logout state. * @param string|null $assocId The SP we are logging out from. */ public function startLogout(array &$state, $assocId) { assert('is_string($assocId) || is_null($assocId)'); $associations = $this->idp->getAssociations(); if (count($associations) === 0) { $this->idp->finishLogout($state); } foreach ($associations as $id => &$association) { $idp = SimpleSAML_IdP::getByState($association); $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; if (!is_null($assocId)) { $spName = $this->idp->getSPName($assocId); if ($spName === null) { $spName = array('en' => $assocId); } $state['core:Logout-IFrame:From'] = $spName; } else { $state['core:Logout-IFrame:From'] = null; } $params = array('id' => SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame')); if (isset($state['core:Logout-IFrame:InitType'])) { $params['type'] = $state['core:Logout-IFrame:InitType']; } $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', $params); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url); }
/** * When the process logic determines that the user is not * authorized for this service, then forward the user to * an 403 unauthorized page. * * Separated this code into its own method so that child * classes can override it and change the action. Forward * thinking in case a "chained" ACL is needed, more complex * permission logic. * * @param array $request */ protected function unauthorized(&$request) { SimpleSAML_Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, true)); $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized'); $url = SimpleSAML_Module::getModuleURL('saml/sp/wrong_authncontextclassref.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Hook to add the simple consenet admin module to the frontpage. * * @param array &$links The links on the frontpage, split into sections. */ function consentSimpleAdmin_hook_frontpage(&$links) { assert('is_array($links)'); assert('array_key_exists("links", $links)'); $links['config'][] = array('href' => SimpleSAML_Module::getModuleURL('consentSimpleAdmin/consentAdmin.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:header}'); $links['config'][] = array('href' => SimpleSAML_Module::getModuleURL('consentSimpleAdmin/consentStats.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:headerstats}'); }
/** * Start a login operation. * * @param array $params Various options to the authentication request. */ public function login(array $params = array()) { if (array_key_exists('KeepPost', $params)) { $keepPost = (bool) $params['KeepPost']; } else { $keepPost = TRUE; } if (!isset($params['ReturnTo']) && !isset($params['ReturnCallback'])) { $params['ReturnTo'] = SimpleSAML_Utilities::selfURL(); } if (isset($params['ReturnTo']) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') { $params['ReturnTo'] = SimpleSAML_Utilities::createPostRedirectLink($params['ReturnTo'], $_POST); } $session = SimpleSAML_Session::getInstance(); $authnRequest = array('IsPassive' => isset($params['isPassive']) ? $params['isPassive'] : FALSE, 'ForceAuthn' => isset($params['ForceAuthn']) ? $params['ForceAuthn'] : FALSE, 'core:State' => $params, 'core:prevSession' => $session->getAuthData($this->authority, 'AuthnInstant'), 'core:authority' => $this->authority); if (isset($params['saml:RequestId'])) { $authnRequest['RequestID'] = $params['saml:RequestId']; } if (isset($params['SPMetadata']['entityid'])) { $authnRequest['Issuer'] = $params['SPMetadata']['entityid']; } if (isset($params['saml:RelayState'])) { $authnRequest['RelayState'] = $params['saml:RelayState']; } if (isset($params['saml:IDPList'])) { $authnRequest['IDPList'] = $params['saml:IDPList']; } $authId = SimpleSAML_Utilities::generateID(); $session->setAuthnRequest('saml2', $authId, $authnRequest); $relayState = SimpleSAML_Module::getModuleURL('core/bwc_resumeauth.php', array('RequestID' => $authId)); $config = SimpleSAML_Configuration::getInstance(); $authurl = '/' . $config->getBaseURL() . $this->auth; SimpleSAML_Utilities::redirect($authurl, array('RelayState' => $relayState, 'AuthId' => $authId, 'protocol' => 'saml2')); }
/** * Process a authentication response. * * This function checks how long it is since the last time the user was authenticated. * If it is to short a while since, we will show a warning to the user. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (!array_key_exists('PreviousSSOTimestamp', $state)) { /* * No timestamp from the previous SSO to this SP. This is the first * time during this session. */ return; } $timeDelta = time() - $state['PreviousSSOTimestamp']; if ($timeDelta >= 10) { /* At least 10 seconds since last attempt. */ return; } if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) { $entityId = $state['Destination']['entityid']; } else { $entityId = 'UNKNOWN'; } SimpleSAML_Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE)); /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval'); $url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php'); SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id)); }
function listMetadata($t, $metadata, $extended = FALSE) { $now = time(); echo '<ul>'; foreach ($metadata as $entry) { $flag = NULL; if (array_key_exists('tags', $entry)) { if (in_array('norway', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/no.png'); } if (in_array('denmark', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/dk.png'); } if (in_array('finland', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fi.png'); } if (in_array('sweden', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/se.png'); } if (in_array('switzerland', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/ch.png'); } if (in_array('france', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fr.png'); } if (in_array('poland', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/pl.png'); } if (in_array('germany', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/de.png'); } } echo '<li>'; if (isset($flag)) { echo ' <img style="display: inline; margin-right: 5px" src="' . $flag . '" alt="Flag" />'; } if (array_key_exists('name', $entry)) { echo $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['name'], 'en')); } else { echo $entry['entityid']; } // echo('<pre>'); print_r($entry); echo('</pre>'); if ($extended) { if (array_key_exists('expire', $entry)) { if ($entry['expire'] < $now) { echo '<span style="color: #500; font-weight: bold"> (expired ' . number_format(($now - $entry['expire']) / 3600, 1) . ' hours ago)</span>'; } else { echo '<span style="color: #ccc; "> (expires in ' . number_format(($entry['expire'] - $now) / 3600, 1) . ' hours)</span>'; } } } if (array_key_exists('url', $entry)) { echo ' [ <a href="' . $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['url'], 'en')) . '">more</a> ]'; } echo '</li>'; } echo '</ul>'; echo '</fieldset>'; }
/** * Retrieve the destination we should send the message to. * * This will return a debug endpoint if we have debug enabled. If debug * is disabled, NULL is returned, in which case the default destination * will be used. * * @return string|NULL The destination the message should be delivered to. */ public static function getDebugDestination() { $globalConfig = SimpleSAML_Configuration::getInstance(); if (!$globalConfig->getBoolean('debug', FALSE)) { return NULL; } return SimpleSAML_Module::getModuleURL('saml2/debug.php'); }
/** * Hook to add the modinfo module to the frontpage. * * @param array &$links The links on the frontpage, split into sections. */ function core_hook_frontpage(&$links) { assert('is_array($links)'); assert('array_key_exists("links", $links)'); $links['links']['frontpage_welcome'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_welcome.php'), 'text' => '{core:frontpage:welcome}', 'shorttext' => '{core:frontpage:welcome}'); $links['links']['frontpage_config'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_config.php'), 'text' => '{core:frontpage:configuration}', 'shorttext' => '{core:frontpage:configuration}'); $links['links']['frontpage_auth'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_auth.php'), 'text' => '{core:frontpage:auth}', 'shorttext' => '{core:frontpage:auth}'); $links['links']['frontpage_federation'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_federation.php'), 'text' => '{core:frontpage:federation}', 'shorttext' => '{core:frontpage:federation}'); }
public function authenticate(&$state) { assert('is_array($state)'); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID); $url = SimpleSAML_Module::getModuleURL('InfoCard/login-infocard.php'); SimpleSAML_Utilities::redirectTrustedURL($url, array('AuthState' => $id)); }
/** * Retrieve a admin login URL. * * @param string|NULL $returnTo The URL the user should arrive on after admin authentication. Defaults to null. * * @return string A URL which can be used for admin authentication. * @throws \InvalidArgumentException If $returnTo is neither a string nor null. */ public static function getAdminLoginURL($returnTo = null) { if (!(is_string($returnTo) || is_null($returnTo))) { throw new \InvalidArgumentException('Invalid input parameters.'); } if ($returnTo === null) { $returnTo = \SimpleSAML\Utils\HTTP::getSelfURL(); } return \SimpleSAML_Module::getModuleURL('core/login-admin.php', array('ReturnTo' => $returnTo)); }
/** * Initialize processing of the redirect test. * * @param array &$state The state we should update. */ public function process(&$state) { assert('is_array($state)'); assert('array_key_exists("Attributes", $state)'); /* To check whether the state is saved correctly. */ $state['Attributes']['RedirectTest1'] = array('OK'); /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test'); $url = SimpleSAML_Module::getModuleURL('exampleauth/redirecttest.php'); SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Process a authentication response. * * This function saves the state, and redirects the user to the page where the user * can authorize the release of the attributes. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (isset($state['isPassive']) && $state['isPassive'] === TRUE) { /* We have a passive request. Skip the warning. */ return; } /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'warning:request'); $url = SimpleSAML_Module::getModuleURL('preprodwarning/showwarning.php'); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Initialize login. * * This function saves the information about the login, and redirects to a * login page. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID); $url = SimpleSAML_Module::getModuleURL('gepiauth/loginuserpassorg.php'); $params = array('AuthState' => $id); SimpleSAML_Utilities::redirect($url, $params); }
/** * Initiate authentication. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { $state['aselect::authid'] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, 'aselect:login', true); try { $app_url = SimpleSAML_Module::getModuleURL('aselect/credentials.php', array('ssp_state' => $id)); $as_url = $this->request_authentication($app_url); SimpleSAML_Utilities::redirect($as_url); } catch (Exception $e) { // attach the exception to the state SimpleSAML_Auth_State::throwException($state, $e); } }
/** * Log-in using Facebook platform * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $facebook = new sspmod_authfacebook_Facebook(array('appId' => $this->api_key, 'secret' => $this->secret), $state); $facebook->destroySession(); $linkback = SimpleSAML_Module::getModuleURL('authfacebook/linkback.php', array('AuthState' => $stateID)); $url = $facebook->getLoginUrl(array('redirect_uri' => $linkback, 'scope' => $this->req_perms)); SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); SimpleSAML_Utilities::redirect($url); }
/** * Redirect to page setting CDC. * * @param array &$state The request state. */ public function process(&$state) { assert('is_array($state)'); if (!isset($state['Source']['entityid'])) { SimpleSAML_Logger::warning('saml:CDC: Could not find IdP entityID.'); return; } /* Save state and build request. */ $id = SimpleSAML_Auth_State::saveState($state, 'cdc:resume'); $returnTo = SimpleSAML_Module::getModuleURL('cdc/resume.php', array('domain' => $this->domain)); $params = array('id' => $id, 'entityID' => $state['Source']['entityid']); $this->client->sendRequest($returnTo, 'append', $params); }
/** * Hook to add links to the frontpage. * * @param array &$links The links on the frontpage, split into sections. */ function discojuice_hook_frontpage(&$links) { assert('is_array($links)'); assert('array_key_exists("links", $links)'); $links['federation'][] = array( 'href' => SimpleSAML_Module::getModuleURL('discojuice/central.php'), 'text' => array('en' => 'DiscoJuice: Discovery Service (not functional without IdP Discovery parameters)'), ); $links['federation'][] = array( 'href' => SimpleSAML_Module::getModuleURL('discojuice/feed.php'), 'text' => array('en' => 'DiscoJuice: Metadata Feed (JSON)'), ); }
/** * Prompt the user with a list of authentication sources. * * This method saves the information about the configured sources, * and redirects to a page where the user must select one of these * authentication sources. * * This method never return. The authentication process is finished * in the delegateAuthentication method. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); $state[self::AUTHID] = $this->authId; $state[self::SOURCESID] = $this->sources; /* Save the $state array, so that we can restore if after a redirect */ $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID); /* Redirect to the select source page. We include the identifier of the saved state array as a parameter to the login form */ $url = SimpleSAML_Module::getModuleURL('multiauth/selectsource.php'); $params = array('AuthState' => $id); SimpleSAML_Utilities::redirect($url, $params); /* The previous function never returns, so this code is never executed */ assert('FALSE'); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!array_key_exists('key', $config)) { throw new Exception('Bnet authentication source is not properly configured: missing [key]'); } $this->key = $config['key']; if (!array_key_exists('secret', $config)) { throw new Exception('Bnet authentication source is not properly configured: missing [secret]'); } $this->secret = $config['secret']; $this->linkback = SimpleSAML_Module::getModuleURL('authbnet') . '/linkback.php'; }
/** * Log-in using Twitter platform * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $consumer = new sspmod_oauth_Consumer($this->key, $this->secret); // Get the request token $linkback = SimpleSAML_Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID)); $requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback)); SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]"); $state['authtwitter:authdata:requestToken'] = $requestToken; SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); // Authorize the request token $consumer->getAuthorizeRequest('https://api.twitter.com/oauth/authenticate', $requestToken); }
/** * Called by linkback, to finish validate/ finish logging in. * @param state $state * @return list username, casattributes/ldap attributes */ public function finalStep(&$state) { global $mysqli; $ticket = $state['cas:ticket']; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $service = SimpleSAML_Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID)); list($username, $casattributes) = $this->casValidation($ticket, $service); //recherche du login gepi $path = dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))))); require_once($path."/secure/connect.inc.php"); // Database connection require_once($path."/lib/mysql.inc"); if ($this->_champ_cas_uid_retour == 'username') { $uid = $username; } else { $uid = $casattributes['uid']; } $requete = 'SELECT '.$this->_search_table_gepi_login_column.' FROM '.$this->_search_table_name.' WHERE '.$this->_search_table_cas_uid_column.'=\''.$uid.'\''; $result = $mysqli->query($requete); $valeur = $result->fetch_array(MYSQLI_NUM); if (!$valeur) { //utilisateur non trouvé dans la base gepi, l'authentification a échoué SimpleSAML_Logger::error('gepicas:' . $this->authId . ': not authenticated. User is in the CAS but not in the gepi local database.'); throw new SimpleSAML_Error_UserNotFound('Utilisateur non trouve dans la base locale'); } $attributes['login'] = array($valeur[0]); $attributes['login_gepi'] = array($valeur[0]); # On interroge la base de données pour récupérer des attributs qu'on va retourner # Cela ne sert pas à gepi directement mais à des services qui peuvent s'appuyer sur gepi pour l'athentification $query = $mysqli->query("SELECT nom, prenom, email, statut FROM utilisateurs WHERE (login = '******'login_gepi'][0]."')"); $row = $query->fetch_object(); $attributes['nom'] = array($row->nom); $attributes['prenom'] = array($row->prenom); $attributes['statut'] = array($row->statut); $attributes['email'] = array($row->email); $state['Attributes'] = $attributes; SimpleSAML_Auth_Source::completeAuth($state); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); if (!array_key_exists('key', $config)) { throw new Exception('Google authentication source is not properly configured: missing [key]'); } $this->key = $config['key']; if (!array_key_exists('secret', $config)) { throw new Exception('Google authentication source is not properly configured: missing [secret]'); } $this->secret = $config['secret']; $this->linkback = SimpleSAML_Module::getModuleURL('authgoogle') . '/linkback.php'; // Google Discovery Document /*$dd = 'https://accounts.google.com/.well-known/openid-configuration'; $xmlddresponse = $this->curl_file_get_contents($dd); SimpleSAML_Logger::debug('Google Response: '.$xmlddresponse);*/ }
/** * Initialize login. * * This function saves the information about the login, and redirects to a * login page. * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { assert('is_array($state)'); $config = SimpleSAML_Configuration::getConfig('authsources.php'); $state[sspmod_authTiqr_Auth_Tiqr::CONFIGID] = $config->getArray(self::getAuthId(), array()); /* We are going to need the authId in order to retrieve this authentication source later. */ $state[self::AUTHID] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, sspmod_authTiqr_Auth_Tiqr::STAGEID); $server = sspmod_authTiqr_Auth_Tiqr::getServer(false); $session = SimpleSAML_Session::getSessionFromRequest(); $sessionId = $session->getSessionId(); $user = $server->getAuthenticatedUser($sessionId); if (empty($user)) { $url = SimpleSAML_Module::getModuleURL('authTiqr/login.php'); SimpleSAML_Utilities::redirect($url, array('AuthState' => $id)); } else { $attributes = array('uid' => array($user), 'displayName' => array(sspmod_authTiqr_Auth_Tiqr::getUserStorage()->getDisplayName($user))); $attributes = array_merge($attributes, sspmod_authTiqr_Auth_Tiqr::getUserStorage()->getAdditionalAttributes($user)); $state['Attributes'] = $attributes; } }
<?php /** * * * @author Mathias Meisfjordskar, University of Oslo. * <*****@*****.**> * @package simpleSAMLphp */ $this->includeAtTemplateBase('includes/header.php'); ?> <h1><?php echo $this->t('{negotiate:negotiate:disable_title}'); ?> </h1> <?php $url = SimpleSAML_Module::getModuleURL('negotiate/enable.php'); echo $this->t('{negotiate:negotiate:disable_info_pre}', array('URL' => htmlspecialchars($url))); ?> <?php echo $this->t('{negotiate:negotiate:info_post}'); ?> <?php $this->includeAtTemplateBase('includes/footer.php');