This function will retrieve the attributes of the current user if the user is authenticated. If the user isn't
authenticated, it will return an empty array.
public getAttributes ( ) : array | ||
return | array | The users attributes. |
public function __construct() { // Obligatoire parent::__construct(); $this->data = array(); // System FED Oxylane if (FEDACTIVE) { require __DIR__ . '/../simplesaml/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('Oxylane-sp'); $isAuth = $as->isAuthenticated(); if (!$isAuth) { $as->requireAuth(); } else { $attributes = $as->getAttributes(); $this->data['fed']['0'] = $attributes['uid'][0]; //identifiant $this->data['fed']['1'] = $attributes['cn'][0]; //nom de la personne $this->data['fed']['2'] = $attributes['mail'][0]; //mail de la personne } } else { $this->data['fed']['0'] = "ID"; $this->data['fed']['1'] = "NOM"; $this->data['fed']['2'] = "MAIL"; } // END FED // Chargement des ressources pour tout le contrôleur $this->load->database(); $this->load->helper('form'); $this->load->helper('titreUrl'); $this->load->helper('convertlien'); $this->load->library('form_validation'); $this->load->model('pages_model', 'pm'); $this->load->model('plannings_model', 'plm'); $this->load->model('types_model', 'tm'); $this->load->model('chaines_model', 'cm'); $this->load->model('groupes_model', 'gm'); $this->load->model('bandeau_model', 'bm'); if (FEDLOG) { $this->load->model('logs_model', 'lm'); } // Récupération de toute les chaines $this->data['chaines'] = $this->cm->getAll(); $this->data['superadmin'] = true; // Cette méthode permet de changer les délimiteurs par défaut des messages d'erreur (<p></p>). $this->form_validation->set_error_delimiters('<p class="alert alert-error fade in"><a class="close" data-dismiss="alert" href="#">×</a>', '</p>'); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ($this->auth->guest()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { //return redirect()->guest('auth/login') //tsipizic for SAML //login user and get attributes $as = new \SimpleSAML_Auth_Simple('default-sp'); $as->requireAuth(); $attributes = $as->getAttributes(); //create user if he does not exist and log him in $mail = $attributes['mail'][0]; $db_user = User::where('mail', $mail)->first(); if ($db_user) { Auth::login($db_user); } else { $user = new User(); $user->mail = $mail; $user->save(); Auth::login($user); } } } return $next($request); }
/** * Executes index action * * @param sfRequest $request A request object */ public function executeIndex(sfWebRequest $request) { if (!$request->getParameter('sf_culture')) { $ssaml = new SimpleSAML_Auth_Simple('default-sp'); $attributes = $ssaml->getAttributes(); if ($this->getUser()->isFirstRequest()) { if (array_key_exists('preferredLanguage', $attributes)) { $culture = $attributes['preferredLanguage']; if ($culture != 'hu' && $culture != 'en') { $culture = $request->getPreferredCulture(array('en', 'hu')); } } else { $culture = $request->getPreferredCulture(array('en', 'hu')); } $this->getUser()->setCulture($culture); $this->getUser()->isFirstRequest(false); } else { $culture = $this->getUser()->getCulture(); } $this->redirect('localized_homepage'); } $p = Doctrine::getTable('Principal')->findOneByFedid($this->getUser()->getUsername()); if ($p) { $oos = $p->getOrganization(); $ros = $p->getRelatedOrganizations(TRUE); } else { $p = new Principal(); $p->setFedid($this->getUser()->getUsername()); $p->save(); } $this->oos = $oos; $this->ros = $ros; }
function get_attributes() { // Only run in step 5 or later ! So change when steps array is changed! if (isset($_REQUEST['s'])) { if ($_REQUEST['s'] >= 4) { if ($ssp_location = issetweb('ssp_location')) { $ssp_autoloader = $ssp_location . '/lib/_autoload.php'; if (is_readable($ssp_autoloader)) { //echo "<pre>sesion:"; var_dump($_SESSION); echo "rquest"; var_dump($_REQUEST); include_once $ssp_autoloader; if ($ssp_authsource = issetweb('ssp_authsource')) { $as = new SimpleSAML_Auth_Simple($ssp_authsource); if (!$as->isAuthenticated()) { $as->requireAuth(); } $attributes = $as->getAttributes(); foreach (array_keys($attributes) as $at) { // These are key|value pairs to populate the SELECT boxes $simpleattrs[$at] = $at . " (" . $attributes[$at][0] . ")"; } // Add attributes themselves as well, for later use $simpleattrs['saml'] = $attributes; // echo "<pre>"; var_dump($simpleattrs); ksort($simpleattrs); return $simpleattrs; } } } } } return false; }
/** * Performs an authentication attempt using SimpleSAMLphp * * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed * @return Zend_Auth_Result */ public function authenticate() { require_once LIBRARY_PATH . '/simplesamlphp/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('default-sp'); $as->requireAuth(); // If SimpleSAMLphp didn't stop it, then the user is logged in. return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $as->getAttributes(), array("Authentication Successful")); }
/** * Check that the user has access to the statistics. * * If the user doesn't have access, send the user to the login page. */ public static function checkAccess(SimpleSAML_Configuration $statconfig) { $protected = $statconfig->getBoolean('protected', FALSE); $authsource = $statconfig->getString('auth', NULL); $allowedusers = $statconfig->getValue('allowedUsers', NULL); $useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName'); $acl = $statconfig->getValue('acl', NULL); if ($acl !== NULL && !is_string($acl) && !is_array($acl)) { throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.'); } if (!$protected) { return; } if (SimpleSAML\Utils\Auth::isAdmin()) { // User logged in as admin. OK. SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted'); return; } if (!isset($authsource)) { // If authsource is not defined, init admin login. SimpleSAML\Utils\Auth::requireAdmin(); } /* We are using an authsource for login. */ $as = new SimpleSAML_Auth_Simple($authsource); $as->requireAuth(); // User logged in with auth source. SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']'); // Retrieving attributes $attributes = $as->getAttributes(); if (!empty($allowedusers)) { // Check if userid exists if (!isset($attributes[$useridattr][0])) { throw new Exception('User ID is missing'); } // Check if userid is allowed access.. if (in_array($attributes[$useridattr][0], $allowedusers)) { SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']'); return; } SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']'); } else { SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.'); } if (!is_null($acl)) { $acl = new sspmod_core_ACL($acl); if ($acl->allows($attributes)) { SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.'); return; } SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.'); } else { SimpleSAML_Logger::debug('Statistics auth - no ACL configured.'); } throw new SimpleSAML_Error_Exception('Access denied to the current user.'); }
/** * @inheritDoc */ public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity) { $as = $this->config->getString('auth'); $auth = new \SimpleSAML_Auth_Simple($as); // We should be authenticated so this returns the session user attributes (or [] if not) $attributes = $auth->getAttributes(); $scopes = []; foreach ($accessTokenEntity->getScopes() as $scope) { $scopes[] = $scope->getIdentifier(); } $this->conn->insert($this->getTableName(), ['id' => $accessTokenEntity->getIdentifier(), 'scopes' => $scopes, 'attributes' => $attributes, 'expires_at' => $accessTokenEntity->getExpiryDateTime(), 'user_id' => $accessTokenEntity->getUserIdentifier(), 'client_id' => $accessTokenEntity->getClient()->getIdentifier()], ['string', 'json_array', 'json_array', 'datetime', 'string', 'string']); }
public function downloadAction() { $this->_helper->viewRenderer->setNoRender(true); $this->_helper->layout->disableLayout(); $filename = APPLICATION_ROOT . '/public_html/files/' . $this->_getParam('filename'); $filename = realpath($filename); try { $file = new SxCms_File($filename); $data = $file->getCleanFile(); $identity = Zend_Auth::getInstance()->getIdentity(); if (!$file->isAllowed($identity)) { $this->_helper->redirector->setExit(true)->gotoSimple('unauthorized', 'index'); return; } if ($file->isApb()) { $as = new SimpleSAML_Auth_Simple('klavsts'); $attributes = $as->getAttributes(); if (!$attributes) { $this->_forward('unauthorized', 'index', null, array('url' => $this->view->url())); return; } $attributes = $attributes['urn:klav:docmanager']; $filecheck = new SxCms_Filesystem($file->getPath()); $filecheck->setApb($attributes); if (!$filecheck->isAllowed()) { $this->_helper->redirector->setExit(true)->gotoSimple('unauthorized', 'index'); return; } } // workaround for when PECL class finfo is not installed $mimeType = 'application/octet-stream'; if (@class_exists('finfo')) { $finfo = new finfo(FILEINFO_MIME); $mimeType = $finfo->file($filename); } // mimetype "unknown", let's figure it out by filename extension if ($mimeType == 'application/octet-stream') { $ext = strtolower(end(explode('.', $filename))); $types = simplexml_load_file(APPLICATION_PATH . '/var/mime-types.xml'); $result = $types->xpath('//mime-types/mime-type/ext[. ="' . $ext . '"]/..'); $result = $result[0]->attributes(); $result = (string) $result['name']; $mimeType = $result; } $size = mb_strlen($data); $this->getResponse()->setHeader('Content-Type', $mimeType)->setHeader('Content-Length', $size); echo $data; } catch (Exception $e) { throw new Zend_Controller_Action_Exception('File not found', 404); } }
function procesarFormulario() { $saml_lib_path = '/var/simplesamlphp/lib/_autoload.php'; require_once $saml_lib_path; // $aplication_base_url = 'http://10.20.0.38/splocal/'; $aplication_base_url = $this->host . $this->site . '/'; $source = 'SPcrono'; // Fuente de autenticación definida en el authsources del SP $as = new SimpleSAML_Auth_Simple($source); // Se pasa como parametro la fuente de autenticación $login_params = array('ReturnTo' => $aplication_base_url . 'index.php'); $as->requireAuth($login_params); $aaa = $as->getAttributes(); return false; }
/** * @METHOD crear_sesion * * Crea una nueva sesión en la base de datos. * @PARAM usuario_aplicativo * @PARAM nivel_acceso * @PARAM expiracion * @PARAM conexion_id * * @return boolean * @access public */ function crearSesion() { $saml_lib_path = '/var/simplesamlphp/lib/_autoload.php'; require_once $saml_lib_path; // $aplication_base_url = 'http://10.20.0.38/splocal/'; $aplication_base_url = $this->hostSSO . $this->site . '/'; $source = $this->SPSSO; // Fuente de autenticación definida en el authsources del SP $as = new SimpleSAML_Auth_Simple($source); // Se pasa como parametro la fuente de autenticación $login_params = array('ReturnTo' => $aplication_base_url . 'index.php'); $as->requireAuth($login_params); $atributos = $as->getAttributes(); $this->sesionUsuario->crearSesion($atributos['usuario'][0]); return $atributos; }
public function authenticate() { try { $as = new \SimpleSAML_Auth_Simple($this->_domain); $globalConfig = \SimpleSAML_Configuration::getInstance(); //$globalConfig::setConfigDir(G_CONFIGDIR.'saml/'); $as->requireAuth(); if ($as->isAuthenticated()) { $attributes = $as->getAttributes(); if (!array_key_exists($this->_sso_settings['saml_email'], $attributes)) { // TemplateController::setMessage(("A valid email is needed for account related communication").". ".("Check that the %s attribute (%s) defined in your configuration is correct",("Email"),$this->_sso_settings['saml_email']), 'error'); $this->ssoLogout(); } elseif (!array_key_exists($this->_sso_settings['saml_first_name'], $attributes)) { // TemplateController::setMessage(("'%s' is required",("First name")).". ".("Check that the %s attribute (%s) defined in your configuration is correct",("First name"),$this->_sso_settings['saml_first_name']), 'error'); $this->ssoLogout(); } elseif (!array_key_exists($this->_sso_settings['saml_last_name'], $attributes)) { // TemplateController::setMessage(("'%s' is required",("Last name")).". ".("Check that the %s attribute (%s) defined in your configuration is correct",("Last name"),$this->_sso_settings['saml_last_name']), 'error'); $this->ssoLogout(); } else { if (trim($attributes[$this->_sso_settings['saml_email']][0]) == '') { $attributes[$this->_sso_settings['saml_email']][0] = " "; // TemplateController::setMessage(("A valid email is needed for account related communication"), 'error'); } if (trim($attributes[$this->_sso_settings['saml_first_name']][0]) == '' && trim($attributes[$this->_sso_settings['saml_last_name']][0]) == '') { $attributes[$this->_sso_settings['saml_first_name']][0] = ' '; $attributes[$this->_sso_settings['saml_last_name']][0] = ' '; } else { if (trim($attributes[$this->_sso_settings['saml_first_name']][0]) == '') { $attributes[$this->_sso_settings['saml_first_name']][0] = $attributes[$this->_sso_settings['saml_last_name']][0]; } if (trim($attributes[$this->_sso_settings['saml_last_name']][0]) == '') { $attributes[$this->_sso_settings['saml_last_name']][0] = $attributes[$this->_sso_settings['saml_first_name']][0]; } } $this->_login($attributes); //pr($attributes);exit; //echo "redirect now";exit; //\SimpleSAML_Utilities::postRedirect("https://index.php", $attributes); } } } catch (\SimpleSAML_Error_Error $e) { $this->_samlErrorHandler($e); } catch (\Exception $e) { handleNormalFlowExceptions($e); } return $this; }
public function beforeProcess(&$action) { if (CopixConfig::get('conf_Saml_actif') != 1) { return; } require_once COPIX_UTILS_PATH . '../../simplesamlphp/lib/_autoload.php'; $asId = 'iconito-sql'; if (CopixConfig::exists('default|conf_Saml_authSource') && CopixConfig::get('default|conf_Saml_authSource')) { $asId = CopixConfig::get('default|conf_Saml_authSource'); } $as = new SimpleSAML_Auth_Simple($asId); $ppo->user = _currentUser(); if ($as->isAuthenticated() && !$ppo->user->isConnected()) { $attributes = $as->getAttributes(); $uidAttribute = 'login_dbuser'; if (CopixConfig::exists('default|conf_Saml_uidAttribute') && CopixConfig::get('default|conf_Saml_uidAttribute')) { $uidAttribute = CopixConfig::get('default|conf_Saml_uidAttribute'); } $ppo->saml_user = null; if (isset($attributes[$uidAttribute]) && isset($attributes[$uidAttribute][0])) { $ppo->saml_user = $attributes[$uidAttribute][0]; } if ($ppo->saml_user) { $ppo->iconito_user = Kernel::getUserInfo("LOGIN", $ppo->saml_user); if ($ppo->iconito_user['login']) { _currentUser()->login(array('login' => $ppo->iconito_user['login'], 'assistance' => true)); $url_return = CopixUrl::get('kernel||doSelectHome'); // $url_return = CopixUrl::get ('assistance||users'); return new CopixActionReturn(COPIX_AR_REDIRECT, $url_return); } else { $ppo->cas_error = 'no-iconito-user'; return _arPpo($ppo, 'cas.tpl'); } } } if (!$as->isAuthenticated() && $ppo->user->isConnected()) { $ppo->user = _currentUser(); if ($ppo->user->isConnected()) { CopixAuth::getCurrentUser()->logout(array()); CopixEventNotifier::notify('logout', array('login' => CopixAuth::getCurrentUser()->getLogin())); CopixAuth::destroyCurrentUser(); CopixSession::destroyNamespace('default'); } } }
public function __construct() { // Obligatoire parent::__construct(); $this->data = array(); // System FED Oxylane if (FEDACTIVE) { require __DIR__ . '/../simplesaml/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('Oxylane-sp'); $isAuth = $as->isAuthenticated(); $url = $as->getLoginURL(); if (!$isAuth) { //$url = $as->getLoginURL(); //echo '<p>You are not authenticated. <a href="' . htmlspecialchars($url) . '">Log in</a>.</p>'; $as->requireAuth(); } else { //$url = $as->getLogoutURL(); //echo '<p>You are currently authenticated. <a href="' . htmlspecialchars($url) . '">Log out</a>.</p>'; $attributes = $as->getAttributes(); $uid = $attributes['uid'][0]; $this->data['fed']['0'] = $uid; $this->data['fed']['1'] = $attributes['cn'][0]; $this->data['fed']['2'] = $attributes['mail'][0]; $this->load->model('admins_model', 'am'); $admins = $this->am->getAll(); if (!$this->in_array_column($uid, $admins)) { echo "Utilisateur non autorisés"; redirect('welcome', 'refresh'); } } } else { $this->data['fed']['0'] = "ID"; $this->data['fed']['1'] = "NOM"; $this->data['fed']['2'] = "MAIL"; } // END System FED Oxylane // Chargement des ressources pour tout le contrôleur $this->load->database(); $this->load->helper('form'); $this->load->library('form_validation'); $this->load->model('pages_model', 'pm'); $this->load->model('chaines_model', 'cm'); $this->load->model('groupes_model', 'gm'); $this->load->model('logs_model', 'lm'); }
function getUser(SimpleSAML_Auth_Simple $as, ConfigProxy $janus_config) { // Get data from config /** @var string $useridattr */ $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName'); // Validate user $attributes = $as->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { echo json_encode(array('status' => 'user_id_is_missing')); exit; } $userid = $attributes[$useridattr][0]; $user = new sspmod_janus_User(); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); return $user; }
/** * Retrieve the current user ID. * * @return string The current user ID, or NULL if the user isn't authenticated. */ public function getUserId() { if (!$this->authSource->isAuthenticated()) { return NULL; } $attributes = $this->authSource->getAttributes(); if (!array_key_exists($this->usernameAttribute, $attributes)) { throw new SimpleSAML_Error_Exception('Missing username attribute ' . var_export($this->usernameAttribute, TRUE) . ' in the attributes of the user.'); } $values = array_values($attributes[$this->usernameAttribute]); if (empty($values)) { throw new SimpleSAML_Error_Exception('Username attribute was empty.'); } if (count($values) > 1) { throw new SimpleSAML_Error_Exception('More than one attribute value in username.'); } $userId = $values[0]; return $userId; }
public function loginAction() { //$logger = Zend_Registry::get('logger'); //$logger->log('bericht hier', Zend_Log::INFO); $this->_helper->viewRenderer->setNoRender(true); $this->_helper->layout->disableLayout(); $config = Zend_Registry::get('config'); $url = $config->system->web->url . $config->system->web->baseurl; $as = new SimpleSAML_Auth_Simple('klavsts'); $options = array('saml:IsPassive' => true, 'KeepPost' => false, 'ReturnTo' => $this->view->url(), 'ErrorURL' => $url . '/index/unauthorized'); $as->requireAuth($options); $attributes = $as->getAttributes(); $user = new SxCms_User_Klav(); $user->setFirstName($attributes['urn:klav:data:Username'][0]); $user->setEmail($attributes['urn:klav:data:Email'][0]); $user->setDoccheck($attributes['urn:klav:data:doccheck'][0]); $user->setFarmanager($attributes['urn:klav:data:farmanager']); $user->setClientId($attributes['urn:klav:data:client'][0]); $user->setLanguage($attributes['urn:klav:data:taal_cd'][0]); $user->setGroups($attributes['urn:klav:groups']); $user->setDocmanager($attributes['urn:klav:docmanager']); $user->setClients($attributes['urn:klav:clients']); $user->setNamed($attributes['urn:klav:data:named'][0]); $user->setSessionId($attributes['urn:klav:sessionid'][0]); $user->setUsername($attributes['UserName'][0]); $mapper = new SxCms_Group_DataMapper(); $groups = $attributes['groups']; foreach ($groups as $samlId) { $group = $mapper->getBySamlId($samlId); if ($group) { $user->addGroup($group); } } $auth = Zend_Auth::getInstance(); $storage = $auth->getStorage(); $storage->write($user); // full requested url $burl = $this->_getParam('url', ''); $burl = base64_decode($burl); $burl = urldecode($burl); $burl = 'http://' . $this->getRequest()->getHttpHost() . $burl; $this->_helper->redirector->setGotoUrl($burl); }
public function authenticate(TokenInterface $token) { /** @var string $authenticationType */ $authenticationType = $this->config->getValue('auth', 'login-admin'); if (php_sapi_name() === 'cli') { return $this->getTokenForUsername($authenticationType); } $as = new \SimpleSAML_Auth_Simple($authenticationType); if (!$as->isAuthenticated()) { throw new AuthenticationException("Authsource '{$authenticationType}' is invalid"); } /** @var string $userIdAttributeName */ $userIdAttributeName = $this->config->getValue('useridattr', 'eduPersonPrincipalName'); // Check if userid exists $attributes = $as->getAttributes(); if (!isset($attributes[$userIdAttributeName])) { throw new AuthenticationException("Attribute '{$userIdAttributeName}' with User ID is missing."); } return $this->getTokenForUsername($attributes[$userIdAttributeName][0]); }
function mostrarBotonLogin() { //configuración de simplesaml para autenticación SSO (single sign ON) $saml_lib_path = '/var/simplesamlphp/lib/_autoload.php'; require_once $saml_lib_path; $aplication_base_url = $this->host . $this->site; $source = 'SP_SNIES'; # Fuente de autenticación definida en el authsources del SP $as = new SimpleSAML_Auth_Simple($source); # Se pasa como parametro la fuente de autenticación //var_dump($as->isAuthenticated()); if (!$as->isAuthenticated()) { $this->formulario(); } else { //$valorCodificado = "action=loginSso"; $valorCodificado = "&pagina=listadoVariablesSnies"; //$esteBloque=$this->miConfigurador->getVariableConfiguracion ( 'esteBloque' ); //$valorCodificado .= "&bloque=" . $esteBloque ['nombre']; //$valorCodificado .= "&bloqueGrupo=" . $esteBloque ["grupo"]; $valorCodificado = $this->miConfigurador->fabricaConexiones->crypto->codificar($valorCodificado); //Mostrar enlace //Rescatar el parámetro enlace desde los datos de configuraión en la base de datos $variable = $this->miConfigurador->getVariableConfiguracion("enlace"); $miEnlace = $this->host . $this->site . '/index.php?' . $variable . '=' . $valorCodificado; header("Location: " . $miEnlace); //var_dump($miEnlace); $attributes = $as->getAttributes(); if (empty($attributes)) { echo 'No se obtuvieron atributos del usuario'; } else { echo '<table class="table table-bordered table-striped">'; foreach ($attributes as $key => $values) { echo '<tr><td>' . $key . '</td><td>'; echo implode('<br>', $values); echo '</td></tr>'; } echo '</table>'; } //echo '<p><a class="btn" href="logout.php">Cerrar sesión</a></p>'; } }
/** * Executes index action * * @param sfRequest $request A request object */ public function executeIndex(sfWebRequest $request) { if (!$request->getParameter('sf_culture')) { $ssaml = new SimpleSAML_Auth_Simple('default-sp'); $attributes = $ssaml->getAttributes(); //die(var_dump($attributes['preferredLanguage'])); if ($this->getUser()->isFirstRequest()) { if (array_key_exists('preferredLanguage', $attributes)) { $culture = $attributes['preferredLanguage']; if ($culture != 'hu' && $culture != 'en') { $culture = $request->getPreferredCulture(array('hu', 'en')); } } else { $culture = $request->getPreferredCulture(array('hu', 'en')); } $this->getUser()->setCulture($culture); $this->getUser()->isFirstRequest(false); } else { $culture = $this->getUser()->getCulture(); } $this->redirect('localized_homepage'); } }
/** * Process a request. * * This function never returns. * * @param Auth_OpenID_Request $request The request we are processing. */ public function processRequest(array $state) { assert('isset($state["request"])'); $request = $state['request']; $sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest($request); $ax_req = Auth_OpenId_AX_FetchRequest::fromOpenIDRequest($request); /* In resume.php there should be a way to display data requested through sreg or ax. */ if (!$this->authSource->isAuthenticated()) { if ($request->immediate) { /* Not logged in, and we cannot show a login form. */ $this->sendResponse($request->answer(FALSE)); } $resumeURL = $this->getStateURL('resume.php', $state); $this->authSource->requireAuth(array('ReturnTo' => $resumeURL)); } $identity = $this->getIdentity(); assert('$identity !== FALSE'); /* Should always be logged in here. */ if (!$request->idSelect() && $identity !== $request->identity) { /* The identity in the request doesn't match the one of the logged in user. */ throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.'); } if ($this->isTrusted($identity, $request->trust_root)) { $trusted = TRUE; } elseif (isset($state['TrustResponse'])) { $trusted = (bool) $state['TrustResponse']; } else { if ($request->immediate) { /* Not trusted, and we cannot show a trust-form. */ $this->sendResponse($request->answer(FALSE)); } $trustURL = $this->getStateURL('trust.php', $state); SimpleSAML_Utilities::redirectTrustedURL($trustURL); } if (!$trusted) { /* The user doesn't trust this site. */ $this->sendResponse($request->answer(FALSE)); } $response = $request->answer(TRUE, NULL, $identity); //Process attributes $attributes = $this->authSource->getAttributes(); foreach ($attributes as $key => $attr) { if (is_array($attr) && count($attr) === 1) { $attributes[$key] = $attr[0]; } } $pc = new SimpleSAML_Auth_ProcessingChain($this->authProc, array(), 'idp'); $state = array('Attributes' => $attributes, 'isPassive' => TRUE); $pc->processStatePassive(&$state); $attributes = $state['Attributes']; //Process SREG requests $sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $attributes); $sreg_resp->toMessage($response->fields); //Process AX requests $ax_resp = new Auth_OpenID_AX_FetchResponse(); foreach ($ax_req->iterTypes() as $type_uri) { if (isset($attributes[$type_uri])) { $ax_resp->addValue($type_uri, $attributes[$type_uri]); } } $ax_resp->toMessage($response->fields); /* The user is authenticated, and trusts this site. */ $this->sendResponse($response); }
* @copyright 2009 Jacob Christiansen * @license http://www.opensource.org/licenses/mit-license.php MIT License * @link http://github.com/janus-ssp/janus/ * @since File available since Release 1.5.1 */ require __DIR__ . '/_includes.php'; // Initial setup $config = SimpleSAML_Configuration::getInstance(); $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $authsource = $janus_config->getValue('auth', 'login-admin'); $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName'); $et = new SimpleSAML_XHTML_Template($config, 'janus:editentity.php', 'janus:editentity'); $as = new SimpleSAML_Auth_Simple($authsource); // Validate user if ($as->isAuthenticated()) { $attributes = $as->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { echo $et->t('error_no_access'); exit; } // Get Entity controller $mcontroller = sspmod_janus_DiContainer::getInstance()->getEntityController(); // Get the user $user = new sspmod_janus_User(); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD);
reqLib('eyeSessions', 'checkAndSstartSession'); service('extern', 'getFile', array($myExtern, $type), 1); } elseif (isset($_GET['api'])) { require_once EYE_ROOT . '/xml-rpc/server.eyecode'; xmlrpc_parseRequest(); } else { //Loading eyeWidgets definitions reqLib('eyeWidgets', 'loadWidgets'); //Starting a simple session reqLib('eyeSessions', 'startSession'); //for SAML 2.0 authentication abay global $ssoUser; global $ssoUserGroup; if (empty($ssoUser)) { $sa = new SimpleSAML_Auth_Simple('default-sp'); $attributes = $sa->getAttributes(); $ssoUser = $attributes["UserName"][0]; $ssoUserGroup = $attributes["urn:oid:1.3.6.1.4.1.5923.1.1.1.5"][0]; } //If widget table does not exist, create it reqLib('eyeWidgets', 'checkTable'); //if a shorturl is present if (!empty($myInfo)) { //check if the shorturl exists, and get the msg and checknum associated to it if (is_array($_SESSION['shortUrls'][$myInfo])) { $msg = $_SESSION['shortUrls'][$myInfo]['msg']; $checknum = $_SESSION['shortUrls'][$myInfo]['checknum']; $_GET['msg'] = $msg; $_REQUEST['msg'] = $msg; $_GET['checknum'] = $checknum; $_REQUEST['checknum'] = $checknum;
function authenticated_via_saml(&$saml_username = NULL, &$saml_displayname = NULL) { global $SAML_options, $debug_mode, $auto_tags; if (!file_exists($SAML_options['simplesamlphp_basedir'] . '/lib/_autoload.php')) { throw new RackTablesError('Configured for SAML authentication, but simplesaml is not found.', RackTablesError::MISCONFIGURED); } require_once $SAML_options['simplesamlphp_basedir'] . '/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple($SAML_options['sp_profile']); if (!$as->isAuthenticated()) { $as->requireAuth(); } $attributes = $as->getAttributes(); $saml_username = saml_getAttributeValue($attributes, $SAML_options['usernameAttribute']); $saml_displayname = saml_getAttributeValue($attributes, $SAML_options['fullnameAttribute']); if (array_key_exists('groupListAttribute', $SAML_options)) { foreach (saml_getAttributeValues($attributes, $SAML_options['groupListAttribute']) as $autotag) { $auto_tags[] = array('tag' => '$sgcn_' . $autotag); } } return $as->isAuthenticated(); }
<?php global $CONNECT, $RESULT, $DBDATABASE, $DBUSER, $DBPASSWORD; require_once "/var/www/simplesamlphp/lib/_autoload.php"; $auth = new SimpleSAML_Auth_Simple("osm"); $DBHOST = "localhost"; $DBDATABASE = "pedro"; $DBUSER = "******"; $DBPASSWORD = "******"; $CONNECT = pg_connect("host={$DBHOST} dbname={$DBDATABASE} password={$DBPASSWORD} user={$DBUSER}") or die("Databaze je down."); $set = pg_query($CONNECT, "set client_encoding to UNICODE;"); $logged = false; if (!$auth->isAuthenticated()) { echo "Uživatel nepřihlášen - <a href=\"" . $auth->getLoginURL() . "\">přihlásit</a>"; } if ($auth->isAuthenticated()) { $attr = $auth->getAttributes(); $user_id = ''; $user_nick = ''; $osm_user = ''; if (isset($attr["id"])) { $user_id = $attr["id"][0]; } if (isset($attr["nick"])) { $user_nick = $attr["nick"][0]; } if (isset($attr["osm_user"])) { $logged = true; } } if ($logged) { echo "Přihlášen jako " . $user_nick . " - ";
} } // taken from Moodle clean_param - make sure the wantsurl is correctly formed include_once 'validateurlsyntax.php'; if (!validateUrlSyntax($wantsurl, 's?H?S?F?E?u-P-a?I?p?f?q?r?')) { $wantsurl = $CFG->wwwroot; } // trim off any reference to login and stash $_SESSION['wantsurl'] = preg_replace('/\\&login$/', '', $wantsurl); // now - are we logged in? $as->requireAuth(); // ensure that $_SESSION is cleared for simplesamlphp if (isset($_SESSION['wantsurl'])) { unset($_SESSION['wantsurl']); } $saml_attributes = $as->getAttributes(); @session_write_close(); // now - let's continue with the session handling that would normally be done // by Maharas init.php // the main thin is that it sets the session cookie name back to what it should be // session_name(get_config('cookieprefix') . 'mahara'); // and starts the session again // *********************************************************************** // copied from original init.php // *********************************************************************** // Only do authentication once we know the page theme, so that the login form // can have the correct theming. require_once dirname(dirname(dirname(__FILE__))) . '/auth/lib.php'; $SESSION = Session::singleton(); $USER = new LiveUser(); $THEME = new Theme($USER);
public function processLogin() { require_once COPIX_UTILS_PATH . '../../simplesamlphp/lib/_autoload.php'; $asId = 'iconito-sql'; if (CopixConfig::exists('default|conf_Saml_authSource') && CopixConfig::get('default|conf_Saml_authSource')) { $asId = CopixConfig::get('default|conf_Saml_authSource'); } $as = new SimpleSAML_Auth_Simple($asId); $_SESSION['chartValid'] = false; $ppo = new CopixPPO(); $ppo->user = _currentUser(); if ($ppo->user->isConnected()) { $url_return = CopixUrl::get('kernel||doSelectHome'); /* * PATCH FOR CHARTE */ $this->user->forceReload(); if (!$this->service('charte|CharteService')->checkUserValidation()) { $this->flash->redirect = $url_return; return $this->go('charte|charte|valid'); } return _arRedirect($url_return); //return new CopixActionReturn (COPIX_AR_REDIRECT, $url_return); } else { $as->requireAuth(); $attributes = $as->getAttributes(); /* echo "<pre>"; print_r($attributes); die(); */ $uidAttribute = 'login_dbuser'; if (CopixConfig::exists('default|conf_Saml_uidAttribute') && CopixConfig::get('default|conf_Saml_uidAttribute')) { $uidAttribute = CopixConfig::get('default|conf_Saml_uidAttribute'); } $ppo->saml_user = null; if (isset($attributes[$uidAttribute]) && isset($attributes[$uidAttribute][0])) { $ppo->saml_user = $attributes[$uidAttribute][0]; } else { $ppo->saml_error = 'bad-conf-uidattribute'; return _arPpo($ppo, 'saml-error.tpl'); } if ($ppo->saml_user) { $ppo->iconito_user = Kernel::getUserInfo("LOGIN", $ppo->saml_user); if ($ppo->iconito_user['login']) { _currentUser()->login(array('login' => $ppo->iconito_user['login'], 'assistance' => true)); $url_return = CopixUrl::get('kernel||doSelectHome'); // $url_return = CopixUrl::get ('assistance||users'); return new CopixActionReturn(COPIX_AR_REDIRECT, $url_return); } else { $ppo->saml_error = 'no-iconito-user'; return _arPpo($ppo, 'saml-error.tpl'); } } } // $as->getLoginURL(); /* if (!$as->isAuthenticated()) { $url = SimpleSAML_Module::getModuleURL('core/authenticate.php', array('as' => $asId)); $params = array( 'ErrorURL' => CopixUrl::get ('auth|saml|test_error'), 'ReturnTo' => CopixUrl::get ('auth|saml|test_ok'), ); $as->login($params); } */ /* $attributes = $as->getAttributes(); echo "<pre>"; print_r($attributes); die(); */ }
/** * Get the attributes from an SAML authentication exchange. * * These attributes can include all kinds of information, for example: * - firstname * - lastname * - email address * - etc. * * @param SimpleSAML_Auth_Simple $saml_auth the Authentication object from the SimpleSAMLPHP library * @param string $source the name of the Service Provider * * @return bool|array an array with the provided attributes, false on failure */ function simplesaml_get_authentication_attributes(SimpleSAML_Auth_Simple $saml_auth, $source) { $result = false; if (!empty($saml_auth) && $saml_auth instanceof SimpleSAML_Auth_Simple && !empty($source)) { $result = $saml_auth->getAttributes(); $auth_source = $saml_auth->getAuthSource(); if ($auth_source instanceof sspmod_saml_Auth_Source_SP) { // only check extra data for SAML sources $setting = elgg_get_plugin_setting($source . "_external_id", "simplesaml"); if (!empty($setting)) { $external_id = $saml_auth->getAuthData($setting); if (!empty($external_id)) { $result["elgg:external_id"] = array($external_id["Value"]); } } } } return $result; }
<?php //require_once('/var/simplesamlphp/lib/_autoload.php'); require_once 'c:/simplesaml/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('mewSQLAuth'); $as->requireAuth(); //$as = new SimpleSAML_Auth_Simple('mewSQLStatic'); //$as->requireAuth( array('saml:idp' => 'http://localhost/simplesaml') ); ////$as->requireAuth( array('KeepPost' => TRUE, 'loginNames' => $_GET['loginNames'])); $attributes[] = $as->getAttributes(); $authSource = $as->getAuthSource(); $session = SimpleSAML_Session::getInstance(); //$session->doLogout($authSource); //$as->logout(array()); $json = json_encode($attributes); header('Content-type: application/json; charset=utf-8'); header('Cache-Control: no-cache, must-revalidate'); header('Expires: Mon, 1 Jan 1990 00:00:00 GMT'); print isset($_GET['callback']) ? "{$_GET['callback']}({$json})" : $json;
* without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ if (isset($_GET['samlroute'])) { require_once __DIR__ . '/lib/_autoload.php'; $saml = new \SimpleSAML_Auth_Simple('default-sp'); if (!$saml->isAuthenticated()) { /* Show login link. */ $saml->requireAuth(); } else { $user = $saml->getAttributes(); foreach ($user as $key => $value) { $user[$key] = $value[0]; } $attr = json_encode($user); header('Location: ' . $_SERVER['SCRIPT_NAME'] . '/../../index.php/service/syntarsus/login/handler?tk=' . $_GET['tk'] . '&ref=' . $_GET['ref'] . '&route=' . $_GET['samlroute'] . '&attr=' . $attr); } }
public function postconnectAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $referer = trim($this->session->connectreferer); if (trim($referer) === "") { $referer = $_SERVER["HTTP_REFERER"]; $this->session->connectreferer = $referer; } if (trim($referer) === "") { $referer = "https://" . $_SERVER["HTTP_HOST"]; } //check if user is loggedin if (isset($this->session->userid) === false || is_numeric($this->session->userid) === false || intval($this->session->userid) <= 0) { header("Location: " . $referer); return; } //Check if source is given $source = trim($this->_getParam("source")); if ($source == "") { header("Location: https://" . $_SERVER["HTTP_HOST"]); return; } $this->session->connectdaccountsource = $source; $authsource = str_replace("-sp", "", strtolower(trim($source))); $connectedsource = str_replace("-sp", "-connect", strtolower(trim($source))); require_once SamlAuth::LIB_AUTOLOAD; //Initialize SAML $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php'); $t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-connect'); if (!in_array($connectedsource, $t->data['sources'])) { header("Location: " . $referer); return; } //SAML Authentication new user account for connection $as = new SimpleSAML_Auth_Simple($connectedsource); $attributes = $as->getAttributes(); $uid = $attributes['idp:uid'][0]; if (trim($uid) == "") { $this->session->userError = array("title" => "New Account Connection", "message" => "Could not connect with new user account. Not enough information returned from account provider."); $this->_helper->redirector('postconnected'); return; } //Check if user is already connected to the requested account //If true redirect the user to the previous location (referer) $uaccount = AccountConnect::isConnectedTo($this->session, $uid, $authsource); if ($uaccount !== false) { $this->_helper->redirector('postconnected'); return; } else { //Check if this account is already connected to another profile $user = SamlAuth::getUserByAccountValues($uid, $authsource); if ($user !== null && $user->id != $this->session->userid) { $this->session->userError = array("title" => "Could not connect to " . str_replace("-", " ", $authsource) . " account", "message" => "The " . str_replace("-", " ", $authsource) . " account you tried to connect your profile to is already connected to another user profile."); $this->_helper->redirector('postconnected'); return; } } //Build account name for user account $userFirstName = isset($attributes["idp:givenName"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:givenName"][0] : ""; $userLastName = isset($attributes["idp:sn"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:sn"][0] : ""; $userFullName = trim($userFirstName . " " . $userLastName); $idptrace = isset($attributes["idp:traceidp"]) === true && count($attributes["idp:traceidp"]) > 0 ? $attributes["idp:traceidp"] : array(); if ($userFullName === "") { $userFullName = null; } //Do the account connection AccountConnect::connectAccountToProfile($this->session->userid, $uid, $authsource, $userFullName, $idptrace); //Update connected user accounts $this->session->currentUserAccounts = SamlAuth::getUserAccountsByUser($this->session->userid, true); //redirect to post connected action to logout connected account $this->_helper->redirector('postconnected'); }