function send_geni_user($server, $info) { $geni_user = geni_loadUser(); $req_url = idURL($geni_user->username); $response =& $info->answer(true, null, $req_url); // Answer with some sample Simple Registration data. global $portal_cert_file; global $portal_private_key_file; $sreg_data = array(); if ($geni_user) { $sreg_data['nickname'] = $geni_user->username; $sreg_data['email'] = $geni_user->email(); } if (empty($sreg_data)) { error_log("OpenID: Unable to access user information."); } // Add the simple registration response values to the OpenID // response message. $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); $sreg_response->toMessage($response->fields); /* * Attribute Exchange (AX) is an OpenID extension to pass additional * attributes. This code was derived by looking at some client * examples and the AX code. No server-side examples of PHP OpenID * AX were found. * * AX seems to be fragile. Small changes to the code below can * result in authentication failures. * * The user URN has '+' characters but these consistently caused * authentication failures in testing. Replacing the '+' with '|' * worked, so that is a necessary transformation below. */ $ax_request = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info); if ($ax_request and !Auth_OpenID_AX::isError($ax_request)) { /* error_log("received AX request: " . print_r($ax_request, true)); */ $ax_response = new Auth_OpenID_AX_FetchResponse(); add_project_slice_info($geni_user, $projects, $slices); foreach ($ax_request->iterTypes() as $ax_req_type) { switch ($ax_req_type) { case 'http://geni.net/projects': $ax_response->setValues($ax_req_type, $projects); break; case 'http://geni.net/slices': $ax_response->setValues($ax_req_type, $slices); break; case 'http://geni.net/user/urn': $urn = $geni_user->urn(); $urn = str_replace('+', '|', $urn); $ax_response->addValue('http://geni.net/user/urn', $urn); break; case 'http://geni.net/user/prettyname': $ax_response->addValue($ax_req_type, $geni_user->prettyName()); break; case 'http://geni.net/wimax/username': case 'http://geni.net/wimax/wimax_username': $wimax_name = null; if (isset($geni_user->ma_member->wimax_username)) { $wimax_name = $geni_user->ma_member->wimax_username; } /* Only send wimax name if it exists. */ if ($wimax_name) { $ax_response->addValue($ax_req_type, $wimax_name); } break; case 'http://geni.net/irods/username': /* Get the iRODS username. Do we need to respect the * 'irods_enabled' flag? */ $irods_username = null; if (isset($geni_user->ma_member->irods_username)) { $irods_username = $geni_user->ma_member->irods_username; } /* Only send it if it exists. */ if ($irods_username) { error_log("Returning iRODS username {$irods_username} for user " . $geni_user->urn()); $ax_response->addValue($ax_req_type, $irods_username); } else { error_log("No iRODS username in OpenID for user " . $geni_user->urn()); } break; case 'http://geni.net/irods/zone': /* Get the IRods zone for this user. */ $irods_zone = irods_default_zone(); /* Only send it if it exists. */ if ($irods_zone) { error_log("Returning iRODS zone {$irods_zone} for user " . $geni_user->urn()); $ax_response->addValue($ax_req_type, $irods_zone); } else { error_log("No iRODS zone in OpenID for user " . $geni_user->urn()); } break; } } $ax_response->toMessage($response->fields); } // Generate a response to send to the user agent. $webresponse =& $server->encodeResponse($response); $new_headers = array(); foreach ($webresponse->headers as $k => $v) { $new_headers[] = $k . ": " . $v; } return array($new_headers, $webresponse->body); }