/** * Check that the user has access to the statistics. * * If the user doesn't have access, send the user to the login page. */ public static function checkAccess(SimpleSAML_Configuration $statconfig) { $protected = $statconfig->getBoolean('protected', FALSE); $authsource = $statconfig->getString('auth', NULL); $allowedusers = $statconfig->getValue('allowedUsers', NULL); $useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName'); $acl = $statconfig->getValue('acl', NULL); if ($acl !== NULL && !is_string($acl) && !is_array($acl)) { throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.'); } if (!$protected) { return; } if (SimpleSAML_Utilities::isAdmin()) { // User logged in as admin. OK. SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted'); return; } if (!isset($authsource)) { // If authsource is not defined, init admin login. SimpleSAML_Utilities::requireAdmin(); } /* We are using an authsource for login. */ $as = new SimpleSAML_Auth_Simple($authsource); $as->requireAuth(); // User logged in with auth source. SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']'); // Retrieving attributes $attributes = $as->getAttributes(); if (!empty($allowedusers)) { // Check if userid exists if (!isset($attributes[$useridattr][0])) { throw new Exception('User ID is missing'); } // Check if userid is allowed access.. if (in_array($attributes[$useridattr][0], $allowedusers)) { SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']'); return; } SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']'); } else { SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.'); } if (!is_null($acl)) { $acl = new sspmod_core_ACL($acl); if ($acl->allows($attributes)) { SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.'); return; } SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.'); } else { SimpleSAML_Logger::debug('Statistics auth - no ACL configured.'); } throw new SimpleSAML_Error_Exception('Access denied to the current user.'); }
<?php /* Load simpleSAMLphp, configuration */ $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); /* Check if valid local session exists.. */ if ($config->getBoolean('admin.protectindexpage', false)) { SimpleSAML_Utilities::requireAdmin(); } $loginurl = SimpleSAML_Utilities::getAdminLoginURL(); $isadmin = SimpleSAML_Utilities::isAdmin(); $warnings = array(); if (!SimpleSAML_Utilities::isHTTPS()) { $warnings[] = '{core:frontpage:warnings_https}'; } if ($config->getValue('secretsalt') === 'defaultsecretsalt') { $warnings[] = '{core:frontpage:warnings_secretsalt}'; } if (extension_loaded('suhosin')) { $suhosinLength = ini_get('suhosin.get.max_value_length'); if (empty($suhosinLength) || (int) $suhosinLength < 2048) { $warnings[] = '{core:frontpage:warnings_suhosin_url_length}'; } } $links = array(); $links_welcome = array(); $links_config = array(); $links_auth = array(); $links_federation = array(); $links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'example-simple/hostnames.php?dummy=1', 'text' => '{core:frontpage:link_diagnostics}'); $links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/phpinfo.php', 'text' => '{core:frontpage:link_phpinfo}');
$config = SimpleSAML_Configuration::getInstance(); $statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php'); $session = SimpleSAML_Session::getInstance(); /** * AUTHENTICATION and Authorization for access to the statistics. */ $protected = $statconfig->getBoolean('protected', FALSE); $authsource = $statconfig->getString('auth', NULL); $allowedusers = $statconfig->getValue('allowedUsers', NULL); $useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName'); $acl = $statconfig->getValue('acl', NULL); if ($acl !== NULL && !is_string($acl) && !is_array($acl)) { throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.'); } if ($protected) { if (SimpleSAML_Utilities::isAdmin()) { // User logged in as admin. OK. SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted'); } elseif (isset($authsource) && $session->isValid($authsource)) { // User logged in with auth source. SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']'); // Retrieving attributes $attributes = $session->getAttributes(); $allow = FALSE; if (!empty($allowedusers)) { // Check if userid exists if (!isset($attributes[$useridattr][0])) { throw new Exception('User ID is missing'); } // Check if userid is allowed access.. if (!in_array($attributes[$useridattr][0], $allowedusers)) {
$metaBuilder->addMetadataSP20($metaArray); $metaBuilder->addContact('technical', array('emailAddress' => $config->getString('technicalcontact_email', NULL), 'name' => $config->getString('technicalcontact_name', NULL))); $metaxml = $metaBuilder->getEntityDescriptorText(); /* Sign the metadata if enabled. */ $metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $spmeta, 'SAML 2 SP'); /* * Generate list of IdPs that you can send metadata to. */ $idplist = $metadata->getList('saml20-idp-remote'); $idpsend = array(); foreach ($idplist as $entityid => $mentry) { if (array_key_exists('send_metadata_email', $mentry)) { $idpsend[$entityid] = $mentry; } } $adminok = SimpleSAML_Utilities::isAdmin(); $adminlogin = SimpleSAML_Utilities::getAdminLoginURL(SimpleSAML_Utilities::addURLParameter(SimpleSAML_Utilities::selfURLNoQuery(), array('output' => 'xhtml'))); $sentok = FALSE; /* * Send metadata to Identity Provider, if the user filled submitted the form */ if (array_key_exists('sendtoidp', $_POST)) { if (!array_key_exists($_POST['sendtoidp'], $idpsend)) { throw new Exception('Entity ID ' . $_POST['sendtoidp'] . ' not found in metadata. Cannot send metadata to this IdP.'); } $emailadr = $idpsend[$_POST['sendtoidp']]['send_metadata_email']; $from = $_POST['email']; $message = '<h1>simpleSAMLphp SAML 2.0 Service Provider Metadata</h1> <p>Metadata was sent to you from a simpleSAMLphp SAML 2.0 Service Provider. The service provider requests to connect to the following Identity Provider: <ul>