/** * Does the actual authentication of the user and returns an id that will be used * to load the current user (loadUserOnSession) * * @param STRING $name * @param STRING $password * @return STRING id - used for loading the user * * Contributions by Erik Mitchell erikm@logicpd.com */ function authenticateUser($name, $password) { if (empty($_POST['SAMLResponse'])) { return parent::authenticateUser($name, $password); } require 'modules/Users/authentication/SAMLAuthenticate/settings.php'; require 'modules/Users/authentication/SAMLAuthenticate/lib/onelogin/saml.php'; $samlresponse = new SamlResponse(get_saml_settings(), $_POST['SAMLResponse']); if ($samlresponse->is_valid()) { $dbresult = $GLOBALS['db']->query("SELECT id, status FROM users WHERE user_name='" . $samlresponse->get_nameid() . "' AND deleted = 0"); //user already exists use this one if ($row = $GLOBALS['db']->fetchByAssoc($dbresult)) { if ($row['status'] != 'Inactive') { return $row['id']; } else { return ''; } } else { return $this->createUser($samlresponse->get_nameid()); } } return ''; }
/** * Retrieves user ID from SamlResponse according to SamlSettings * * @param SamlResponse $samlresponse * @param SamlSettings $settings * @return string */ protected function get_user_id($samlresponse, $settings) { if (isset($settings->saml_settings['check']['user_name'])) { $xmlDoc = $samlresponse->xml; $xpath = new DOMXpath($xmlDoc); $query = $settings->saml_settings['check']['user_name']; $entries = $xpath->query($query); $name_id = $entries->item(0)->nodeValue; } else { $name_id = $samlresponse->get_nameid(); } return $name_id; }
$onelogin_saml_name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"; require_once 'lib/onelogin/saml.php'; $authrequest = new AuthRequest(); $authrequest->user_settings = get_user_settings(); $onelogin_saml_url = $authrequest->create(); redirect($onelogin_saml_url, 0); } elseif (isset($_POST['SAMLResponse']) && $_POST['SAMLResponse'] && !(isset($_GET['normal']) && $_GET['normal']) || isset($SESSION->normal) && $SESSION->normal && !(isset($_GET['logout']) && $_GET['logout'])) { ## myDebugger("SAML RESPONSE"); require_once 'lib/onelogin/saml.php'; $samlresponse = new SamlResponse($_POST['SAMLResponse']); $samlresponse->user_settings = get_user_settings(); if (!$samlresponse->is_valid()) { print_error("An invalid SAML response was received from the Identity Provider. Contact the admin."); } //onelogin_saml_auth($samlresponse); $username = $onelogin_saml_nameId = $samlresponse->get_nameid(); // make variables accessible to saml->get_userinfo; Information will be requested from authenticate_user_login -> create_user_record / update_user_record $GLOBALS['onelogin_saml_login_attributes'] = $saml_attributes = $samlresponse->get_saml_attributes(); ## myDebugger("<pre>SAML ATTRIBUTES...<br />".print_r($saml_attributes, true)."SAML...<br />".htmlentities(base64_decode($_POST['SAMLResponse']))."</pre>"); $wantsurl = isset($SESSION->wantsurl) ? $SESSION->wantsurl : FALSE; } else { // You shouldn't be able to reach here. print_error("Module Setup Error: Review the OneLogin setup instructions for the SAML authentication module, and be sure to change the following one line of code in Moodle's core in 'login/index.php'.<br /><br /><div style=\"text-align:center;\">CHANGE THE FOLLOWING LINE OF CODE (in 'login/index.php')...</div><br /><font style=\"font-size:18px;\"><strong>if (!empty(\$CFG->alternateloginurl)) {</strong></font><br /><br /><div style=\"text-align:center;\">...to...</div><br /><strong><font style=\"font-size:18px;\">if (!empty(\$CFG->alternateloginurl) && !isset(\$_GET['normal'])) { </font></strong> \r\n"); } ///$wantsurl = isset($SESSION->wantsurl) ? $SESSION->wantsurl : FALSE; ///unset($SESSION->retry); ///unset($SESSION->wantsurl); ///session_write_close(); // Valid session. Register or update user in Moodle, log him on, and redirect to Moodle front // we require the plugin to know that we are now doing a saml login in hook puser_login $GLOBALS['onelogin_saml_login'] = TRUE;