/**
* Check that the user has access to the statistics.
*
* If the user doesn't have access, send the user to the login page.
*/
public static function checkAccess(SimpleSAML_Configuration $statconfig)
{
$protected = $statconfig->getBoolean('protected', FALSE);
$authsource = $statconfig->getString('auth', NULL);
$allowedusers = $statconfig->getValue('allowedUsers', NULL);
$useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
$acl = $statconfig->getValue('acl', NULL);
if ($acl !== NULL && !is_string($acl) && !is_array($acl)) {
throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
}
if (!$protected) {
return;
}
if (SimpleSAML\Utils\Auth::isAdmin()) {
// User logged in as admin. OK.
SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
return;
}
if (!isset($authsource)) {
// If authsource is not defined, init admin login.
SimpleSAML\Utils\Auth::requireAdmin();
}
/* We are using an authsource for login. */
$as = new SimpleSAML_Auth_Simple($authsource);
$as->requireAuth();
// User logged in with auth source.
SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
// Retrieving attributes
$attributes = $as->getAttributes();
if (!empty($allowedusers)) {
// Check if userid exists
if (!isset($attributes[$useridattr][0])) {
throw new Exception('User ID is missing');
}
// Check if userid is allowed access..
if (in_array($attributes[$useridattr][0], $allowedusers)) {
SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
return;
}
SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
} else {
SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.');
}
if (!is_null($acl)) {
$acl = new sspmod_core_ACL($acl);
if ($acl->allows($attributes)) {
SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.');
return;
}
SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.');
} else {
SimpleSAML_Logger::debug('Statistics auth - no ACL configured.');
}
throw new SimpleSAML_Error_Exception('Access denied to the current user.');
}
<?php
require_once '../_include.php';
/* Make sure that the user has admin access rights. */
SimpleSAML\Utils\Auth::requireAdmin();
$config = SimpleSAML_Configuration::getInstance();
if (!empty($_FILES['xmlfile']['tmp_name'])) {
$xmldata = file_get_contents($_FILES['xmlfile']['tmp_name']);
} elseif (array_key_exists('xmldata', $_POST)) {
$xmldata = $_POST['xmldata'];
}
if (!empty($xmldata)) {
\SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
/* Get all metadata for the entities. */
foreach ($entities as &$entity) {
$entity = array('shib13-sp-remote' => $entity->getMetadata1xSP(), 'shib13-idp-remote' => $entity->getMetadata1xIdP(), 'saml20-sp-remote' => $entity->getMetadata20SP(), 'saml20-idp-remote' => $entity->getMetadata20IdP());
}
/* Transpose from $entities[entityid][type] to $output[type][entityid]. */
$output = SimpleSAML\Utils\Arrays::transpose($entities);
/* Merge all metadata of each type to a single string which should be
* added to the corresponding file.
*/
foreach ($output as $type => &$entities) {
$text = '';
foreach ($entities as $entityId => $entityMetadata) {
if ($entityMetadata === NULL) {
continue;
}
/* Remove the entityDescriptor element because it is unused, and only
* makes the output harder to read.
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\Auth::getAdminLoginURL instead();
*/
public static function getAdminLoginURL($returnTo = NULL)
{
return SimpleSAML\Utils\Auth::getAdminLoginURL($returnTo);
}
<?php
// Load SimpleSAMLphp, configuration
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
// Check if valid local session exists.
if ($config->getBoolean('admin.protectindexpage', false)) {
SimpleSAML\Utils\Auth::requireAdmin();
}
$loginurl = SimpleSAML\Utils\Auth::getAdminLoginURL();
$isadmin = SimpleSAML\Utils\Auth::isAdmin();
$links = array();
$links_welcome = array();
$links_config = array();
$links_auth = array();
$links_federation = array();
if ($config->getBoolean('idpdisco.enableremember', FALSE)) {
$links_federation[] = array('href' => 'cleardiscochoices.php', 'text' => '{core:frontpage:link_cleardiscochoices}');
}
$links_federation[] = array('href' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'admin/metadata-converter.php', 'text' => '{core:frontpage:link_xmlconvert}');
$allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation);
SimpleSAML\Module::callHooks('frontpage', $allLinks);
$metadataHosted = array();
SimpleSAML\Module::callHooks('metadata_hosted', $metadataHosted);
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$metaentries = array('hosted' => $metadataHosted, 'remote' => array());
if ($isadmin) {
$metaentries['remote']['saml20-idp-remote'] = $metadata->getList('saml20-idp-remote');
$metaentries['remote']['shib13-idp-remote'] = $metadata->getList('shib13-idp-remote');
}
if ($config->getBoolean('enable.saml20-idp', FALSE) === true) {
