public function __construct() { // Obligatoire parent::__construct(); $this->data = array(); // System FED Oxylane if (FEDACTIVE) { require __DIR__ . '/../simplesaml/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('Oxylane-sp'); $isAuth = $as->isAuthenticated(); if (!$isAuth) { $as->requireAuth(); } else { $attributes = $as->getAttributes(); $this->data['fed']['0'] = $attributes['uid'][0]; //identifiant $this->data['fed']['1'] = $attributes['cn'][0]; //nom de la personne $this->data['fed']['2'] = $attributes['mail'][0]; //mail de la personne } } else { $this->data['fed']['0'] = "ID"; $this->data['fed']['1'] = "NOM"; $this->data['fed']['2'] = "MAIL"; } // END FED // Chargement des ressources pour tout le contrôleur $this->load->database(); $this->load->helper('form'); $this->load->helper('titreUrl'); $this->load->helper('convertlien'); $this->load->library('form_validation'); $this->load->model('pages_model', 'pm'); $this->load->model('plannings_model', 'plm'); $this->load->model('types_model', 'tm'); $this->load->model('chaines_model', 'cm'); $this->load->model('groupes_model', 'gm'); $this->load->model('bandeau_model', 'bm'); if (FEDLOG) { $this->load->model('logs_model', 'lm'); } // Récupération de toute les chaines $this->data['chaines'] = $this->cm->getAll(); $this->data['superadmin'] = true; // Cette méthode permet de changer les délimiteurs par défaut des messages d'erreur (<p></p>). $this->form_validation->set_error_delimiters('<p class="alert alert-error fade in"><a class="close" data-dismiss="alert" href="#">×</a>', '</p>'); }
/** * Executes index action * * @param sfRequest $request A request object */ public function executeIndex(sfWebRequest $request) { if (!$request->getParameter('sf_culture')) { $ssaml = new SimpleSAML_Auth_Simple('default-sp'); $attributes = $ssaml->getAttributes(); if ($this->getUser()->isFirstRequest()) { if (array_key_exists('preferredLanguage', $attributes)) { $culture = $attributes['preferredLanguage']; if ($culture != 'hu' && $culture != 'en') { $culture = $request->getPreferredCulture(array('en', 'hu')); } } else { $culture = $request->getPreferredCulture(array('en', 'hu')); } $this->getUser()->setCulture($culture); $this->getUser()->isFirstRequest(false); } else { $culture = $this->getUser()->getCulture(); } $this->redirect('localized_homepage'); } $p = Doctrine::getTable('Principal')->findOneByFedid($this->getUser()->getUsername()); if ($p) { $oos = $p->getOrganization(); $ros = $p->getRelatedOrganizations(TRUE); } else { $p = new Principal(); $p->setFedid($this->getUser()->getUsername()); $p->save(); } $this->oos = $oos; $this->ros = $ros; }
function get_attributes() { // Only run in step 5 or later ! So change when steps array is changed! if (isset($_REQUEST['s'])) { if ($_REQUEST['s'] >= 4) { if ($ssp_location = issetweb('ssp_location')) { $ssp_autoloader = $ssp_location . '/lib/_autoload.php'; if (is_readable($ssp_autoloader)) { //echo "<pre>sesion:"; var_dump($_SESSION); echo "rquest"; var_dump($_REQUEST); include_once $ssp_autoloader; if ($ssp_authsource = issetweb('ssp_authsource')) { $as = new SimpleSAML_Auth_Simple($ssp_authsource); if (!$as->isAuthenticated()) { $as->requireAuth(); } $attributes = $as->getAttributes(); foreach (array_keys($attributes) as $at) { // These are key|value pairs to populate the SELECT boxes $simpleattrs[$at] = $at . " (" . $attributes[$at][0] . ")"; } // Add attributes themselves as well, for later use $simpleattrs['saml'] = $attributes; // echo "<pre>"; var_dump($simpleattrs); ksort($simpleattrs); return $simpleattrs; } } } } } return false; }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ($this->auth->guest()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { //return redirect()->guest('auth/login') //tsipizic for SAML //login user and get attributes $as = new \SimpleSAML_Auth_Simple('default-sp'); $as->requireAuth(); $attributes = $as->getAttributes(); //create user if he does not exist and log him in $mail = $attributes['mail'][0]; $db_user = User::where('mail', $mail)->first(); if ($db_user) { Auth::login($db_user); } else { $user = new User(); $user->mail = $mail; $user->save(); Auth::login($user); } } } return $next($request); }
/** * Performs an authentication attempt using SimpleSAMLphp * * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed * @return Zend_Auth_Result */ public function authenticate() { require_once LIBRARY_PATH . '/simplesamlphp/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('default-sp'); $as->requireAuth(); // If SimpleSAMLphp didn't stop it, then the user is logged in. return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $as->getAttributes(), array("Authentication Successful")); }
/** * Check that the user has access to the statistics. * * If the user doesn't have access, send the user to the login page. */ public static function checkAccess(SimpleSAML_Configuration $statconfig) { $protected = $statconfig->getBoolean('protected', FALSE); $authsource = $statconfig->getString('auth', NULL); $allowedusers = $statconfig->getValue('allowedUsers', NULL); $useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName'); $acl = $statconfig->getValue('acl', NULL); if ($acl !== NULL && !is_string($acl) && !is_array($acl)) { throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.'); } if (!$protected) { return; } if (SimpleSAML\Utils\Auth::isAdmin()) { // User logged in as admin. OK. SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted'); return; } if (!isset($authsource)) { // If authsource is not defined, init admin login. SimpleSAML\Utils\Auth::requireAdmin(); } /* We are using an authsource for login. */ $as = new SimpleSAML_Auth_Simple($authsource); $as->requireAuth(); // User logged in with auth source. SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']'); // Retrieving attributes $attributes = $as->getAttributes(); if (!empty($allowedusers)) { // Check if userid exists if (!isset($attributes[$useridattr][0])) { throw new Exception('User ID is missing'); } // Check if userid is allowed access.. if (in_array($attributes[$useridattr][0], $allowedusers)) { SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']'); return; } SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']'); } else { SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.'); } if (!is_null($acl)) { $acl = new sspmod_core_ACL($acl); if ($acl->allows($attributes)) { SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.'); return; } SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.'); } else { SimpleSAML_Logger::debug('Statistics auth - no ACL configured.'); } throw new SimpleSAML_Error_Exception('Access denied to the current user.'); }
public static function checkLoggedAndSameAuth() { $session = SimpleSAML_Session::getSessionFromRequest(); $uregconf = SimpleSAML_Configuration::getConfig('module_selfregister.php'); $asId = $uregconf->getString('auth'); $as = new SimpleSAML_Auth_Simple($asId); if ($as->isAuthenticated()) { return $as; } return false; }
/** * @inheritDoc */ public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity) { $as = $this->config->getString('auth'); $auth = new \SimpleSAML_Auth_Simple($as); // We should be authenticated so this returns the session user attributes (or [] if not) $attributes = $auth->getAttributes(); $scopes = []; foreach ($accessTokenEntity->getScopes() as $scope) { $scopes[] = $scope->getIdentifier(); } $this->conn->insert($this->getTableName(), ['id' => $accessTokenEntity->getIdentifier(), 'scopes' => $scopes, 'attributes' => $attributes, 'expires_at' => $accessTokenEntity->getExpiryDateTime(), 'user_id' => $accessTokenEntity->getUserIdentifier(), 'client_id' => $accessTokenEntity->getClient()->getIdentifier()], ['string', 'json_array', 'json_array', 'datetime', 'string', 'string']); }
function procesarFormulario() { $saml_lib_path = '/var/simplesamlphp/lib/_autoload.php'; require_once $saml_lib_path; // $aplication_base_url = 'http://10.20.0.38/splocal/'; $aplication_base_url = $this->host . $this->site . '/'; $source = 'SPcrono'; // Fuente de autenticación definida en el authsources del SP $auth = new SimpleSAML_Auth_Simple($source); // Se pasa como parametro la fuente de autenticación $auth->logout($aplication_base_url . 'index.php'); return true; }
/** * Require admin access to the current page. * * This is a helper function for limiting a page to those with administrative access. It will redirect the user to * a login page if the current user doesn't have admin access. * * @return void This function will only return if the user is admin. * @throws \SimpleSAML_Error_Exception If no "admin" authentication source was configured. * * @author Olav Morken, UNINETT AS <*****@*****.**> * @author Jaime Perez, UNINETT AS <*****@*****.**> */ public static function requireAdmin() { if (self::isAdmin()) { return; } // not authenticated as admin user, start authentication if (\SimpleSAML_Auth_Source::getById('admin') !== null) { $as = new \SimpleSAML_Auth_Simple('admin'); $as->login(); } else { throw new \SimpleSAML_Error_Exception('Cannot find "admin" auth source, and admin privileges are required.'); } }
public function downloadAction() { $this->_helper->viewRenderer->setNoRender(true); $this->_helper->layout->disableLayout(); $filename = APPLICATION_ROOT . '/public_html/files/' . $this->_getParam('filename'); $filename = realpath($filename); try { $file = new SxCms_File($filename); $data = $file->getCleanFile(); $identity = Zend_Auth::getInstance()->getIdentity(); if (!$file->isAllowed($identity)) { $this->_helper->redirector->setExit(true)->gotoSimple('unauthorized', 'index'); return; } if ($file->isApb()) { $as = new SimpleSAML_Auth_Simple('klavsts'); $attributes = $as->getAttributes(); if (!$attributes) { $this->_forward('unauthorized', 'index', null, array('url' => $this->view->url())); return; } $attributes = $attributes['urn:klav:docmanager']; $filecheck = new SxCms_Filesystem($file->getPath()); $filecheck->setApb($attributes); if (!$filecheck->isAllowed()) { $this->_helper->redirector->setExit(true)->gotoSimple('unauthorized', 'index'); return; } } // workaround for when PECL class finfo is not installed $mimeType = 'application/octet-stream'; if (@class_exists('finfo')) { $finfo = new finfo(FILEINFO_MIME); $mimeType = $finfo->file($filename); } // mimetype "unknown", let's figure it out by filename extension if ($mimeType == 'application/octet-stream') { $ext = strtolower(end(explode('.', $filename))); $types = simplexml_load_file(APPLICATION_PATH . '/var/mime-types.xml'); $result = $types->xpath('//mime-types/mime-type/ext[. ="' . $ext . '"]/..'); $result = $result[0]->attributes(); $result = (string) $result['name']; $mimeType = $result; } $size = mb_strlen($data); $this->getResponse()->setHeader('Content-Type', $mimeType)->setHeader('Content-Length', $size); echo $data; } catch (Exception $e) { throw new Zend_Controller_Action_Exception('File not found', 404); } }
public function logout() { //check for application session and invalidate if (Auth::check()) { Auth::logout(); } //check for sso session and invalidate $as = new \SimpleSAML_Auth_Simple('default-sp'); if ($as->isAuthenticated()) { $as->logout(); } //redirect to home return Redirect::Action('mainController@index'); }
function procesarFormulario() { $saml_lib_path = '/var/simplesamlphp/lib/_autoload.php'; require_once $saml_lib_path; // $aplication_base_url = 'http://10.20.0.38/splocal/'; $aplication_base_url = $this->host . $this->site . '/'; $source = 'SPcrono'; // Fuente de autenticación definida en el authsources del SP $as = new SimpleSAML_Auth_Simple($source); // Se pasa como parametro la fuente de autenticación $login_params = array('ReturnTo' => $aplication_base_url . 'index.php'); $as->requireAuth($login_params); $aaa = $as->getAttributes(); return false; }
/** * Hook on the forward function to make sure we can logout on SimpleSAML * * @param string $hook the name of the hook * @param string $type the tpe of the hook * @param bool $return_value the current url to forward to * @param array $params supplied params * * @return void */ public static function forward($hook, $type, $return_value, $params) { global $SIMPLESAML_SOURCE; if (elgg_is_logged_in() || empty($SIMPLESAML_SOURCE)) { return; } // do we have a logout source try { $source = new \SimpleSAML_Auth_Simple($SIMPLESAML_SOURCE); // logout of the external source $source->logout(elgg_get_site_url()); } catch (Exception $e) { // do nothing } }
public function beforeProcess(&$action) { if (CopixConfig::get('conf_Saml_actif') != 1) { return; } require_once COPIX_UTILS_PATH . '../../simplesamlphp/lib/_autoload.php'; $asId = 'iconito-sql'; if (CopixConfig::exists('default|conf_Saml_authSource') && CopixConfig::get('default|conf_Saml_authSource')) { $asId = CopixConfig::get('default|conf_Saml_authSource'); } $as = new SimpleSAML_Auth_Simple($asId); $ppo->user = _currentUser(); if ($as->isAuthenticated() && !$ppo->user->isConnected()) { $attributes = $as->getAttributes(); $uidAttribute = 'login_dbuser'; if (CopixConfig::exists('default|conf_Saml_uidAttribute') && CopixConfig::get('default|conf_Saml_uidAttribute')) { $uidAttribute = CopixConfig::get('default|conf_Saml_uidAttribute'); } $ppo->saml_user = null; if (isset($attributes[$uidAttribute]) && isset($attributes[$uidAttribute][0])) { $ppo->saml_user = $attributes[$uidAttribute][0]; } if ($ppo->saml_user) { $ppo->iconito_user = Kernel::getUserInfo("LOGIN", $ppo->saml_user); if ($ppo->iconito_user['login']) { _currentUser()->login(array('login' => $ppo->iconito_user['login'], 'assistance' => true)); $url_return = CopixUrl::get('kernel||doSelectHome'); // $url_return = CopixUrl::get ('assistance||users'); return new CopixActionReturn(COPIX_AR_REDIRECT, $url_return); } else { $ppo->cas_error = 'no-iconito-user'; return _arPpo($ppo, 'cas.tpl'); } } } if (!$as->isAuthenticated() && $ppo->user->isConnected()) { $ppo->user = _currentUser(); if ($ppo->user->isConnected()) { CopixAuth::getCurrentUser()->logout(array()); CopixEventNotifier::notify('logout', array('login' => CopixAuth::getCurrentUser()->getLogin())); CopixAuth::destroyCurrentUser(); CopixSession::destroyNamespace('default'); } } }
public function __construct() { // Obligatoire parent::__construct(); $this->data = array(); // System FED Oxylane if (FEDACTIVE) { require __DIR__ . '/../simplesaml/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('Oxylane-sp'); $isAuth = $as->isAuthenticated(); $url = $as->getLoginURL(); if (!$isAuth) { //$url = $as->getLoginURL(); //echo '<p>You are not authenticated. <a href="' . htmlspecialchars($url) . '">Log in</a>.</p>'; $as->requireAuth(); } else { //$url = $as->getLogoutURL(); //echo '<p>You are currently authenticated. <a href="' . htmlspecialchars($url) . '">Log out</a>.</p>'; $attributes = $as->getAttributes(); $uid = $attributes['uid'][0]; $this->data['fed']['0'] = $uid; $this->data['fed']['1'] = $attributes['cn'][0]; $this->data['fed']['2'] = $attributes['mail'][0]; $this->load->model('admins_model', 'am'); $admins = $this->am->getAll(); if (!$this->in_array_column($uid, $admins)) { echo "Utilisateur non autorisés"; redirect('welcome', 'refresh'); } } } else { $this->data['fed']['0'] = "ID"; $this->data['fed']['1'] = "NOM"; $this->data['fed']['2'] = "MAIL"; } // END System FED Oxylane // Chargement des ressources pour tout le contrôleur $this->load->database(); $this->load->helper('form'); $this->load->library('form_validation'); $this->load->model('pages_model', 'pm'); $this->load->model('chaines_model', 'cm'); $this->load->model('groupes_model', 'gm'); $this->load->model('logs_model', 'lm'); }
function getUser(SimpleSAML_Auth_Simple $as, ConfigProxy $janus_config) { // Get data from config /** @var string $useridattr */ $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName'); // Validate user $attributes = $as->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { echo json_encode(array('status' => 'user_id_is_missing')); exit; } $userid = $attributes[$useridattr][0]; $user = new sspmod_janus_User(); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); return $user; }
public function loginAction() { //$logger = Zend_Registry::get('logger'); //$logger->log('bericht hier', Zend_Log::INFO); $this->_helper->viewRenderer->setNoRender(true); $this->_helper->layout->disableLayout(); $config = Zend_Registry::get('config'); $url = $config->system->web->url . $config->system->web->baseurl; $as = new SimpleSAML_Auth_Simple('klavsts'); $options = array('saml:IsPassive' => true, 'KeepPost' => false, 'ReturnTo' => $this->view->url(), 'ErrorURL' => $url . '/index/unauthorized'); $as->requireAuth($options); $attributes = $as->getAttributes(); $user = new SxCms_User_Klav(); $user->setFirstName($attributes['urn:klav:data:Username'][0]); $user->setEmail($attributes['urn:klav:data:Email'][0]); $user->setDoccheck($attributes['urn:klav:data:doccheck'][0]); $user->setFarmanager($attributes['urn:klav:data:farmanager']); $user->setClientId($attributes['urn:klav:data:client'][0]); $user->setLanguage($attributes['urn:klav:data:taal_cd'][0]); $user->setGroups($attributes['urn:klav:groups']); $user->setDocmanager($attributes['urn:klav:docmanager']); $user->setClients($attributes['urn:klav:clients']); $user->setNamed($attributes['urn:klav:data:named'][0]); $user->setSessionId($attributes['urn:klav:sessionid'][0]); $user->setUsername($attributes['UserName'][0]); $mapper = new SxCms_Group_DataMapper(); $groups = $attributes['groups']; foreach ($groups as $samlId) { $group = $mapper->getBySamlId($samlId); if ($group) { $user->addGroup($group); } } $auth = Zend_Auth::getInstance(); $storage = $auth->getStorage(); $storage->write($user); // full requested url $burl = $this->_getParam('url', ''); $burl = base64_decode($burl); $burl = urldecode($burl); $burl = 'http://' . $this->getRequest()->getHttpHost() . $burl; $this->_helper->redirector->setGotoUrl($burl); }
public static function isAuthenticated() { require_once SamlAuth::LIB_AUTOLOAD; $source = null; $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php'); $t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-sp'); foreach ($t->data['sources'] as &$_source) { $as = new SimpleSAML_Auth_Simple($_source); if ($as->isAuthenticated()) { $source = $as; break; } } if ($source === null) { return false; } return $source; }
public function authenticate(TokenInterface $token) { /** @var string $authenticationType */ $authenticationType = $this->config->getValue('auth', 'login-admin'); if (php_sapi_name() === 'cli') { return $this->getTokenForUsername($authenticationType); } $as = new \SimpleSAML_Auth_Simple($authenticationType); if (!$as->isAuthenticated()) { throw new AuthenticationException("Authsource '{$authenticationType}' is invalid"); } /** @var string $userIdAttributeName */ $userIdAttributeName = $this->config->getValue('useridattr', 'eduPersonPrincipalName'); // Check if userid exists $attributes = $as->getAttributes(); if (!isset($attributes[$userIdAttributeName])) { throw new AuthenticationException("Attribute '{$userIdAttributeName}' with User ID is missing."); } return $this->getTokenForUsername($attributes[$userIdAttributeName][0]); }
function mostrarBotonLogin() { //configuración de simplesaml para autenticación SSO (single sign ON) $saml_lib_path = '/var/simplesamlphp/lib/_autoload.php'; require_once $saml_lib_path; $aplication_base_url = $this->host . $this->site; $source = 'SP_SNIES'; # Fuente de autenticación definida en el authsources del SP $as = new SimpleSAML_Auth_Simple($source); # Se pasa como parametro la fuente de autenticación //var_dump($as->isAuthenticated()); if (!$as->isAuthenticated()) { $this->formulario(); } else { //$valorCodificado = "action=loginSso"; $valorCodificado = "&pagina=listadoVariablesSnies"; //$esteBloque=$this->miConfigurador->getVariableConfiguracion ( 'esteBloque' ); //$valorCodificado .= "&bloque=" . $esteBloque ['nombre']; //$valorCodificado .= "&bloqueGrupo=" . $esteBloque ["grupo"]; $valorCodificado = $this->miConfigurador->fabricaConexiones->crypto->codificar($valorCodificado); //Mostrar enlace //Rescatar el parámetro enlace desde los datos de configuraión en la base de datos $variable = $this->miConfigurador->getVariableConfiguracion("enlace"); $miEnlace = $this->host . $this->site . '/index.php?' . $variable . '=' . $valorCodificado; header("Location: " . $miEnlace); //var_dump($miEnlace); $attributes = $as->getAttributes(); if (empty($attributes)) { echo 'No se obtuvieron atributos del usuario'; } else { echo '<table class="table table-bordered table-striped">'; foreach ($attributes as $key => $values) { echo '<tr><td>' . $key . '</td><td>'; echo implode('<br>', $values); echo '</td></tr>'; } echo '</table>'; } //echo '<p><a class="btn" href="logout.php">Cerrar sesión</a></p>'; } }
/** * Executes index action * * @param sfRequest $request A request object */ public function executeIndex(sfWebRequest $request) { if (!$request->getParameter('sf_culture')) { $ssaml = new SimpleSAML_Auth_Simple('default-sp'); $attributes = $ssaml->getAttributes(); //die(var_dump($attributes['preferredLanguage'])); if ($this->getUser()->isFirstRequest()) { if (array_key_exists('preferredLanguage', $attributes)) { $culture = $attributes['preferredLanguage']; if ($culture != 'hu' && $culture != 'en') { $culture = $request->getPreferredCulture(array('hu', 'en')); } } else { $culture = $request->getPreferredCulture(array('hu', 'en')); } $this->getUser()->setCulture($culture); $this->getUser()->isFirstRequest(false); } else { $culture = $this->getUser()->getCulture(); } $this->redirect('localized_homepage'); } }
/** * Executes this filter. * * @param sfFilterChain $filterChain A sfFilterChain instance */ public function execute($filterChain) { // disable security on login and secure actions /* if ( (sfConfig::get('sf_login_module') == $this->context->getModuleName()) && (sfConfig::get('sf_login_action') == $this->context->getActionName()) || (sfConfig::get('sf_secure_module') == $this->context->getModuleName()) && (sfConfig::get('sf_secure_action') == $this->context->getActionName()) ) { $filterChain->execute(); return; } */ if ($this->context->getUser()->isAuthenticated()) { $as = new SimpleSAML_Auth_Simple('default-sp'); if (!$as->isAuthenticated()) { $this->context->getUser()->setAuthenticated(FALSE); } } // the user has access, continue $filterChain->execute(); }
/** * Initialize a backwards-compatibility authsource for the given authentication page and authority. * * @param string $auth The authentication page. * @param string|NULL $authority The authority we should validate the login against. * @deprecated */ public function __construct($auth, $authority) { assert('is_string($auth)'); assert('is_string($authority) || is_null($authority)'); if ($authority === NULL) { $candidates = array('auth/login-admin.php' => 'login-admin', 'auth/login-cas-ldap.php' => 'login-cas-ldap', 'auth/login-ldapmulti.php' => 'login-ldapmulti', 'auth/login-radius.php' => 'login-radius', 'auth/login-tlsclient.php' => 'tlsclient', 'auth/login-wayf-ldap.php' => 'login-wayf-ldap', 'auth/login.php' => 'login'); if (!isset($candidates[$auth])) { throw new SimpleSAML_Error_Exception('You must provide an authority when using ' . $auth); } $authority = $candidates[$auth]; } $this->auth = $auth; $this->authority = $authority; parent::__construct($authority); }
/** * Process a logout request. * * This function will never return. * * @param array &$state The logout request state. * @param string|NULL $assocId The association we received the logout request from, or NULL if there was no association. */ public function handleLogoutRequest(array &$state, $assocId) { assert('isset($state["Responder"])'); assert('is_string($assocId) || is_null($assocId)'); $state['core:IdP'] = $this->id; $state['core:TerminatedAssocId'] = $assocId; if ($assocId !== NULL) { $this->terminateAssociation($assocId); } /* Terminate the local session. */ $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout:afterbridge'); $returnTo = SimpleSAML_Module::getModuleURL('core/idp/resumelogout.php', array('id' => $id)); $this->authSource->logout($returnTo); $handler = $this->getLogoutHandler(); $handler->startLogout($state, $assocId); assert('FALSE'); }
/** * Process a logout request. * * This function will never return. * * @param array &$state The logout request state. * @param string|null $assocId The association we received the logout request from, or null if there was no * association. */ public function handleLogoutRequest(array &$state, $assocId) { assert('isset($state["Responder"])'); assert('is_string($assocId) || is_null($assocId)'); $state['core:IdP'] = $this->id; $state['core:TerminatedAssocId'] = $assocId; if ($assocId !== null) { $this->terminateAssociation($assocId); $session = SimpleSAML_Session::getSessionFromRequest(); $session->deleteData('core:idp-ssotime', $this->id . ':' . $state['saml:SPEntityId']); } // terminate the local session $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout:afterbridge'); $returnTo = SimpleSAML\Module::getModuleURL('core/idp/resumelogout.php', array('id' => $id)); $this->authSource->logout($returnTo); $handler = $this->getLogoutHandler(); $handler->startLogout($state, $assocId); assert('false'); }
/** * Process a request. * * This function never returns. * * @param Auth_OpenID_Request $request The request we are processing. */ public function processRequest(array $state) { assert('isset($state["request"])'); SimpleSAML_Utilities::maskErrors(E_NOTICE | E_STRICT); $request = $state['request']; if (!$this->authSource->isAuthenticated()) { if ($request->immediate) { /* Not logged in, and we cannot show a login form. */ $this->sendResponse($request->answer(FALSE)); } $resumeURL = $this->getStateURL('resume.php', $state); $this->authSource->requireAuth(array('ReturnTo' => $resumeURL)); } $identity = $this->getIdentity(); assert('$identity !== FALSE'); /* Should always be logged in here. */ if (!$request->idSelect() && $identity !== $request->identity) { /* The identity in the request doesn't match the one of the logged in user. */ throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.'); } if ($this->isTrusted($identity, $request->trust_root)) { $trusted = TRUE; } elseif (isset($state['TrustResponse'])) { $trusted = (bool) $state['TrustResponse']; } else { if ($request->immediate) { /* Not trusted, and we cannot show a trust-form. */ $this->sendResponse($request->answer(FALSE)); } $trustURL = $this->getStateURL('trust.php', $state); SimpleSAML_Utilities::redirect($trustURL); } if (!$trusted) { /* The user doesn't trust this site. */ $this->sendResponse($request->answer(FALSE)); } /* The user is authenticated, and trusts this site. */ $this->sendResponse($request->answer(TRUE, NULL, $identity)); }
/** * Require admin access for current page. * * This is a helper-function for limiting a page to admin access. It will redirect * the user to a login page if the current user doesn't have admin access. */ public static function requireAdmin() { if (self::isAdmin()) { return; } $returnTo = self::selfURL(); /* Not authenticated as admin user. Start authentication. */ if (SimpleSAML_Auth_Source::getById('admin') !== NULL) { $as = new SimpleSAML_Auth_Simple('admin'); $as->login(); } else { /* For backwards-compatibility. */ $config = SimpleSAML_Configuration::getInstance(); self::redirectTrustedURL('/' . $config->getBaseURL() . 'auth/login-admin.php', array('RelayState' => $returnTo)); } }
qui ensuite demande à l'IdP de tuer la session en cours. */ // Redirection mise en dure ici pour l'instant, tant que ça ne concerne que Bordeaux... // Remarque : le code 307 peut causer des soucis ; le code 302 semble mieux. http://fr.wikipedia.org/wiki/Liste_des_codes_HTTP header('Status: 302 Found', TRUE, 302); header('Location: https://ent2d.ac-bordeaux.fr/Shibboleth.sso/Logout'); exit; } // //////////////////////////////////////////////////////////////////////////////////////////////////// // Déconnexion de GEPI avec le protocole SAML // //////////////////////////////////////////////////////////////////////////////////////////////////// if ($connexion_mode == 'gepi') { // Charger l'autoload de la librairie SimpleSAMLphp (qui ne peut être intégré de façon simple dans le _loader par un unique appel de classe (comme phpCAS). require CHEMIN_DOSSIER_SACOCHE . '_lib' . DS . 'SimpleSAMLphp' . DS . 'lib' . DS . '_autoload.php'; // Mise en session d'informations dont SimpleSAMLphp a besoin ; utiliser des constantes ne va pas car Gepi fait un appel à SimpleSAMLphp en court-circuitant SACoche pour vérifier la légitimité de l'appel. $_SESSION['SACoche-SimpleSAMLphp'] = array('GEPI_URL' => $gepi_url, 'GEPI_RNE' => $gepi_rne, 'GEPI_CERTIFICAT_EMPREINTE' => $gepi_certificat_empreinte, 'SIMPLESAMLPHP_BASEURLPATH' => substr($_SERVER['SCRIPT_NAME'], 1, -9) . '_lib/SimpleSAMLphp/www/', 'WEBMESTRE_NOM' => WEBMESTRE_NOM, 'WEBMESTRE_PRENOM' => WEBMESTRE_PRENOM, 'WEBMESTRE_COURRIEL' => WEBMESTRE_COURRIEL); // Initialiser la classe $auth = new SimpleSAML_Auth_Simple('distant-gepi-saml'); // Déconnexion de GEPI if ($auth->isAuthenticated()) { $auth->logout(); exit; } elseif (isset($_SESSION['SimpleSAMLphp_SESSION'])) { // On revient très probablement de la déconnexion de GEPI (en effet, au contraire de CAS, la page de déconnexion distante renvoie vers l'application au lieu de marquer un arrêt). unset($_SESSION['SimpleSAMLphp_SESSION']); exit_error('Deconnexion de Gepi', 'Déconnexion du service d\'authentification Gepi effectuée.<br />Fermez votre navigateur par sécurité.'); } else { // Bizarre... a priori on n'était pas connecté à GEPI... appel direct ? exit_error('Deconnexion de Gepi', 'Votre authentification sur Gepi n\'a pas été retrouvée.<br />Fermez votre navigateur par sécurité pour être certain d\'en être déconnecté.'); } }
public function actionSlo() { $returnUrl = $this->_request->getParam('return'); \utilities\Registry::clearRegistry(); $auth = new \SimpleSAML_Auth_Simple('authinstance'); $auth->logout($returnUrl); assert('FALSE'); }