/**
* Start the logout operation.
*
* @param array &$state The logout state.
* @param string|NULL $assocId The SP we are logging out from.
*/
public function startLogout(array &$state, $assocId)
{
assert('is_string($assocId) || is_null($assocId)');
$associations = $this->idp->getAssociations();
if (count($associations) === 0) {
$this->idp->finishLogout($state);
}
foreach ($associations as $id => &$association) {
$idp = SimpleSAML_IdP::getByState($association);
$association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
$association['core:Logout-IFrame:State'] = 'onhold';
}
$state['core:Logout-IFrame:Associations'] = $associations;
if (!is_null($assocId)) {
$spName = $this->idp->getSPName($assocId);
if ($spName === NULL) {
$spName = array('en' => $assocId);
}
$state['core:Logout-IFrame:From'] = $spName;
} else {
$state['core:Logout-IFrame:From'] = NULL;
}
$id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame');
$url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id));
SimpleSAML_Utilities::redirect($url);
}
/**
* @param array &$links The links on the frontpage, split into sections.
*/
function metalisting_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['federation'][] = array('href' => SimpleSAML_Module::getModuleURL('metalisting/'), 'text' => array('en' => 'Federation entity listing', 'no' => 'Liste over føderasjonsmedlemmer'));
$links['federation'][] = array('href' => SimpleSAML_Module::getModuleURL('metalisting/index.php?extended=1'), 'text' => array('en' => 'Federation entity listing (extended)', 'no' => 'Liste over føderasjonsmedlemmer (mer info)'));
}
/**
* Constructor for Google authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
if (!array_key_exists('key', $config)) {
throw new Exception('Google authentication source is not properly configured: missing [key]');
}
$this->key = $config['key'];
if (!array_key_exists('secret', $config)) {
throw new Exception('Google authentication source is not properly configured: missing [secret]');
}
$this->secret = $config['secret'];
$this->linkback = SimpleSAML_Module::getModuleURL('authgoogleOIDC') . '/linkback.php';
// Create Client
$this->client = new Google_Client();
$this->client->setApplicationName('Google gateway');
$this->client->setClientId($this->key);
$this->client->setClientSecret($this->secret);
$this->client->setRedirectUri($this->linkback);
$this->client->addScope('openid');
$this->client->addScope('profile');
$this->client->addScope('email');
}
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function statistics_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['config']['statistics'] = array('href' => SimpleSAML_Module::getModuleURL('statistics/showstats.php'), 'text' => array('en' => 'Show statistics', 'no' => 'Vis statistikk'), 'shorttext' => array('en' => 'Statistics', 'no' => 'Statistikk'));
$links['config']['statisticsmeta'] = array('href' => SimpleSAML_Module::getModuleURL('statistics/statmeta.php'), 'text' => array('en' => 'Show statistics metadata', 'no' => 'Vis statistikk metadata'), 'shorttext' => array('en' => 'Statistics metadata', 'no' => 'Statistikk metadata'));
}
/**
* Process an authentication response.
*
* This function saves the state, and if necessary redirects the user to the page where the user
* is informed about the expiry date of his/her certificate.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
/* We have a passive request. Skip the warning. */
return;
}
if (!isset($_SERVER['SSL_CLIENT_CERT']) || $_SERVER['SSL_CLIENT_CERT'] == '') {
return;
}
$client_cert = $_SERVER['SSL_CLIENT_CERT'];
$client_cert_data = openssl_x509_parse($client_cert);
if ($client_cert_data == FALSE) {
SimpleSAML_Logger::error('authX509: invalid cert');
return;
}
$validTo = $client_cert_data['validTo_time_t'];
$now = time();
$daysleft = (int) (($validTo - $now) / (24 * 60 * 60));
if ($daysleft > $this->warndaysbefore) {
/* We have a certificate that will be valid for some time. Skip the warning. */
return;
}
SimpleSAML_Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
$state['daysleft'] = $daysleft;
$state['renewurl'] = $this->renewurl;
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
$url = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Apply filter to validate attributes.
*
* @param array &$request The current request
*/
public function process(&$request)
{
$authorize = FALSE;
assert('is_array($request)');
assert('array_key_exists("Attributes", $request)');
$attributes =& $request['Attributes'];
foreach ($this->valid_attribute_values as $name => $patterns) {
if (array_key_exists($name, $attributes)) {
foreach ($patterns as $pattern) {
$values = $attributes[$name];
if (!is_array($values)) {
$values = array($values);
}
foreach ($values as $value) {
if (preg_match($pattern, $value)) {
$authorize = TRUE;
break 3;
}
}
}
}
}
if (!$authorize) {
/* Save state and redirect to 403 page. */
$id = SimpleSAML_Auth_State::saveState($request, 'authorize:Authorize');
$url = SimpleSAML_Module::getModuleURL('authorize/authorize_403.php');
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
}
}
/**
* Start the logout operation.
*
* @param array &$state The logout state.
* @param string|null $assocId The SP we are logging out from.
*/
public function startLogout(array &$state, $assocId)
{
assert('is_string($assocId) || is_null($assocId)');
$associations = $this->idp->getAssociations();
if (count($associations) === 0) {
$this->idp->finishLogout($state);
}
foreach ($associations as $id => &$association) {
$idp = SimpleSAML_IdP::getByState($association);
$association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
$association['core:Logout-IFrame:State'] = 'onhold';
}
$state['core:Logout-IFrame:Associations'] = $associations;
if (!is_null($assocId)) {
$spName = $this->idp->getSPName($assocId);
if ($spName === null) {
$spName = array('en' => $assocId);
}
$state['core:Logout-IFrame:From'] = $spName;
} else {
$state['core:Logout-IFrame:From'] = null;
}
$params = array('id' => SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'));
if (isset($state['core:Logout-IFrame:InitType'])) {
$params['type'] = $state['core:Logout-IFrame:InitType'];
}
$url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', $params);
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
}
/**
* When the process logic determines that the user is not
* authorized for this service, then forward the user to
* an 403 unauthorized page.
*
* Separated this code into its own method so that child
* classes can override it and change the action. Forward
* thinking in case a "chained" ACL is needed, more complex
* permission logic.
*
* @param array $request
*/
protected function unauthorized(&$request)
{
SimpleSAML_Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, true));
$id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
$url = SimpleSAML_Module::getModuleURL('saml/sp/wrong_authncontextclassref.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Hook to add the simple consenet admin module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function consentSimpleAdmin_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['config'][] = array('href' => SimpleSAML_Module::getModuleURL('consentSimpleAdmin/consentAdmin.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:header}');
$links['config'][] = array('href' => SimpleSAML_Module::getModuleURL('consentSimpleAdmin/consentStats.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:headerstats}');
}
/**
* Start a login operation.
*
* @param array $params Various options to the authentication request.
*/
public function login(array $params = array())
{
if (array_key_exists('KeepPost', $params)) {
$keepPost = (bool) $params['KeepPost'];
} else {
$keepPost = TRUE;
}
if (!isset($params['ReturnTo']) && !isset($params['ReturnCallback'])) {
$params['ReturnTo'] = SimpleSAML_Utilities::selfURL();
}
if (isset($params['ReturnTo']) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
$params['ReturnTo'] = SimpleSAML_Utilities::createPostRedirectLink($params['ReturnTo'], $_POST);
}
$session = SimpleSAML_Session::getInstance();
$authnRequest = array('IsPassive' => isset($params['isPassive']) ? $params['isPassive'] : FALSE, 'ForceAuthn' => isset($params['ForceAuthn']) ? $params['ForceAuthn'] : FALSE, 'core:State' => $params, 'core:prevSession' => $session->getAuthData($this->authority, 'AuthnInstant'), 'core:authority' => $this->authority);
if (isset($params['saml:RequestId'])) {
$authnRequest['RequestID'] = $params['saml:RequestId'];
}
if (isset($params['SPMetadata']['entityid'])) {
$authnRequest['Issuer'] = $params['SPMetadata']['entityid'];
}
if (isset($params['saml:RelayState'])) {
$authnRequest['RelayState'] = $params['saml:RelayState'];
}
if (isset($params['saml:IDPList'])) {
$authnRequest['IDPList'] = $params['saml:IDPList'];
}
$authId = SimpleSAML_Utilities::generateID();
$session->setAuthnRequest('saml2', $authId, $authnRequest);
$relayState = SimpleSAML_Module::getModuleURL('core/bwc_resumeauth.php', array('RequestID' => $authId));
$config = SimpleSAML_Configuration::getInstance();
$authurl = '/' . $config->getBaseURL() . $this->auth;
SimpleSAML_Utilities::redirect($authurl, array('RelayState' => $relayState, 'AuthId' => $authId, 'protocol' => 'saml2'));
}
/**
* Process a authentication response.
*
* This function checks how long it is since the last time the user was authenticated.
* If it is to short a while since, we will show a warning to the user.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
if (!array_key_exists('PreviousSSOTimestamp', $state)) {
/*
* No timestamp from the previous SSO to this SP. This is the first
* time during this session.
*/
return;
}
$timeDelta = time() - $state['PreviousSSOTimestamp'];
if ($timeDelta >= 10) {
/* At least 10 seconds since last attempt. */
return;
}
if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) {
$entityId = $state['Destination']['entityid'];
} else {
$entityId = 'UNKNOWN';
}
SimpleSAML_Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE));
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
$url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
}
function listMetadata($t, $metadata, $extended = FALSE)
{
$now = time();
echo '<ul>';
foreach ($metadata as $entry) {
$flag = NULL;
if (array_key_exists('tags', $entry)) {
if (in_array('norway', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/no.png');
}
if (in_array('denmark', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/dk.png');
}
if (in_array('finland', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fi.png');
}
if (in_array('sweden', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/se.png');
}
if (in_array('switzerland', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/ch.png');
}
if (in_array('france', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fr.png');
}
if (in_array('poland', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/pl.png');
}
if (in_array('germany', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/de.png');
}
}
echo '<li>';
if (isset($flag)) {
echo ' <img style="display: inline; margin-right: 5px" src="' . $flag . '" alt="Flag" />';
}
if (array_key_exists('name', $entry)) {
echo $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['name'], 'en'));
} else {
echo $entry['entityid'];
}
// echo('<pre>'); print_r($entry); echo('</pre>');
if ($extended) {
if (array_key_exists('expire', $entry)) {
if ($entry['expire'] < $now) {
echo '<span style="color: #500; font-weight: bold"> (expired ' . number_format(($now - $entry['expire']) / 3600, 1) . ' hours ago)</span>';
} else {
echo '<span style="color: #ccc; "> (expires in ' . number_format(($entry['expire'] - $now) / 3600, 1) . ' hours)</span>';
}
}
}
if (array_key_exists('url', $entry)) {
echo ' [ <a href="' . $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['url'], 'en')) . '">more</a> ]';
}
echo '</li>';
}
echo '</ul>';
echo '</fieldset>';
}
/**
* Retrieve the destination we should send the message to.
*
* This will return a debug endpoint if we have debug enabled. If debug
* is disabled, NULL is returned, in which case the default destination
* will be used.
*
* @return string|NULL The destination the message should be delivered to.
*/
public static function getDebugDestination()
{
$globalConfig = SimpleSAML_Configuration::getInstance();
if (!$globalConfig->getBoolean('debug', FALSE)) {
return NULL;
}
return SimpleSAML_Module::getModuleURL('saml2/debug.php');
}
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function core_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['links']['frontpage_welcome'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_welcome.php'), 'text' => '{core:frontpage:welcome}', 'shorttext' => '{core:frontpage:welcome}');
$links['links']['frontpage_config'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_config.php'), 'text' => '{core:frontpage:configuration}', 'shorttext' => '{core:frontpage:configuration}');
$links['links']['frontpage_auth'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_auth.php'), 'text' => '{core:frontpage:auth}', 'shorttext' => '{core:frontpage:auth}');
$links['links']['frontpage_federation'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_federation.php'), 'text' => '{core:frontpage:federation}', 'shorttext' => '{core:frontpage:federation}');
}
public function authenticate(&$state)
{
assert('is_array($state)');
/* We are going to need the authId in order to retrieve this authentication source later. */
$state[self::AUTHID] = $this->authId;
$id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
$url = SimpleSAML_Module::getModuleURL('InfoCard/login-infocard.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('AuthState' => $id));
}
/**
* Retrieve a admin login URL.
*
* @param string|NULL $returnTo The URL the user should arrive on after admin authentication. Defaults to null.
*
* @return string A URL which can be used for admin authentication.
* @throws \InvalidArgumentException If $returnTo is neither a string nor null.
*/
public static function getAdminLoginURL($returnTo = null)
{
if (!(is_string($returnTo) || is_null($returnTo))) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
if ($returnTo === null) {
$returnTo = \SimpleSAML\Utils\HTTP::getSelfURL();
}
return \SimpleSAML_Module::getModuleURL('core/login-admin.php', array('ReturnTo' => $returnTo));
}
/**
* Initialize processing of the redirect test.
*
* @param array &$state The state we should update.
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Attributes", $state)');
/* To check whether the state is saved correctly. */
$state['Attributes']['RedirectTest1'] = array('OK');
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test');
$url = SimpleSAML_Module::getModuleURL('exampleauth/redirecttest.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Process a authentication response.
*
* This function saves the state, and redirects the user to the page where the user
* can authorize the release of the attributes.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
/* We have a passive request. Skip the warning. */
return;
}
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'warning:request');
$url = SimpleSAML_Module::getModuleURL('preprodwarning/showwarning.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Initialize login.
*
* This function saves the information about the login, and redirects to a
* login page.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state) {
assert('is_array($state)');
/* We are going to need the authId in order to retrieve this authentication source later. */
$state[self::AUTHID] = $this->authId;
$id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
$url = SimpleSAML_Module::getModuleURL('gepiauth/loginuserpassorg.php');
$params = array('AuthState' => $id);
SimpleSAML_Utilities::redirect($url, $params);
}
/**
* Initiate authentication.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
$state['aselect::authid'] = $this->authId;
$id = SimpleSAML_Auth_State::saveState($state, 'aselect:login', true);
try {
$app_url = SimpleSAML_Module::getModuleURL('aselect/credentials.php', array('ssp_state' => $id));
$as_url = $this->request_authentication($app_url);
SimpleSAML_Utilities::redirect($as_url);
} catch (Exception $e) {
// attach the exception to the state
SimpleSAML_Auth_State::throwException($state, $e);
}
}
/**
* Log-in using Facebook platform
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
/* We are going to need the authId in order to retrieve this authentication source later. */
$state[self::AUTHID] = $this->authId;
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
$facebook = new sspmod_authfacebook_Facebook(array('appId' => $this->api_key, 'secret' => $this->secret), $state);
$facebook->destroySession();
$linkback = SimpleSAML_Module::getModuleURL('authfacebook/linkback.php', array('AuthState' => $stateID));
$url = $facebook->getLoginUrl(array('redirect_uri' => $linkback, 'scope' => $this->req_perms));
SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
SimpleSAML_Utilities::redirect($url);
}
/**
* Redirect to page setting CDC.
*
* @param array &$state The request state.
*/
public function process(&$state)
{
assert('is_array($state)');
if (!isset($state['Source']['entityid'])) {
SimpleSAML_Logger::warning('saml:CDC: Could not find IdP entityID.');
return;
}
/* Save state and build request. */
$id = SimpleSAML_Auth_State::saveState($state, 'cdc:resume');
$returnTo = SimpleSAML_Module::getModuleURL('cdc/resume.php', array('domain' => $this->domain));
$params = array('id' => $id, 'entityID' => $state['Source']['entityid']);
$this->client->sendRequest($returnTo, 'append', $params);
}
/**
* Hook to add links to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function discojuice_hook_frontpage(&$links) {
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['federation'][] = array(
'href' => SimpleSAML_Module::getModuleURL('discojuice/central.php'),
'text' => array('en' => 'DiscoJuice: Discovery Service (not functional without IdP Discovery parameters)'),
);
$links['federation'][] = array(
'href' => SimpleSAML_Module::getModuleURL('discojuice/feed.php'),
'text' => array('en' => 'DiscoJuice: Metadata Feed (JSON)'),
);
}
/**
* Prompt the user with a list of authentication sources.
*
* This method saves the information about the configured sources,
* and redirects to a page where the user must select one of these
* authentication sources.
*
* This method never return. The authentication process is finished
* in the delegateAuthentication method.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
$state[self::AUTHID] = $this->authId;
$state[self::SOURCESID] = $this->sources;
/* Save the $state array, so that we can restore if after a redirect */
$id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
/* Redirect to the select source page. We include the identifier of the
saved state array as a parameter to the login form */
$url = SimpleSAML_Module::getModuleURL('multiauth/selectsource.php');
$params = array('AuthState' => $id);
SimpleSAML_Utilities::redirect($url, $params);
/* The previous function never returns, so this code is never
executed */
assert('FALSE');
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
if (!array_key_exists('key', $config)) {
throw new Exception('Bnet authentication source is not properly configured: missing [key]');
}
$this->key = $config['key'];
if (!array_key_exists('secret', $config)) {
throw new Exception('Bnet authentication source is not properly configured: missing [secret]');
}
$this->secret = $config['secret'];
$this->linkback = SimpleSAML_Module::getModuleURL('authbnet') . '/linkback.php';
}
/**
* Log-in using Twitter platform
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
/* We are going to need the authId in order to retrieve this authentication source later. */
$state[self::AUTHID] = $this->authId;
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
$consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
// Get the request token
$linkback = SimpleSAML_Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID));
$requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback));
SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . "]");
$state['authtwitter:authdata:requestToken'] = $requestToken;
SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
// Authorize the request token
$consumer->getAuthorizeRequest('https://api.twitter.com/oauth/authenticate', $requestToken);
}
/**
* Called by linkback, to finish validate/ finish logging in.
* @param state $state
* @return list username, casattributes/ldap attributes
*/
public function finalStep(&$state) {
global $mysqli;
$ticket = $state['cas:ticket'];
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
$service = SimpleSAML_Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
list($username, $casattributes) = $this->casValidation($ticket, $service);
//recherche du login gepi
$path = dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__))))))));
require_once($path."/secure/connect.inc.php");
// Database connection
require_once($path."/lib/mysql.inc");
if ($this->_champ_cas_uid_retour == 'username') {
$uid = $username;
} else {
$uid = $casattributes['uid'];
}
$requete = 'SELECT '.$this->_search_table_gepi_login_column.' FROM '.$this->_search_table_name.' WHERE '.$this->_search_table_cas_uid_column.'=\''.$uid.'\'';
$result = $mysqli->query($requete);
$valeur = $result->fetch_array(MYSQLI_NUM);
if (!$valeur) {
//utilisateur non trouvé dans la base gepi, l'authentification a échoué
SimpleSAML_Logger::error('gepicas:' . $this->authId .
': not authenticated. User is in the CAS but not in the gepi local database.');
throw new SimpleSAML_Error_UserNotFound('Utilisateur non trouve dans la base locale');
}
$attributes['login'] = array($valeur[0]);
$attributes['login_gepi'] = array($valeur[0]);
# On interroge la base de données pour récupérer des attributs qu'on va retourner
# Cela ne sert pas à gepi directement mais à des services qui peuvent s'appuyer sur gepi pour l'athentification
$query = $mysqli->query("SELECT nom, prenom, email, statut FROM utilisateurs WHERE (login = '******'login_gepi'][0]."')");
$row = $query->fetch_object();
$attributes['nom'] = array($row->nom);
$attributes['prenom'] = array($row->prenom);
$attributes['statut'] = array($row->statut);
$attributes['email'] = array($row->email);
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
if (!array_key_exists('key', $config)) {
throw new Exception('Google authentication source is not properly configured: missing [key]');
}
$this->key = $config['key'];
if (!array_key_exists('secret', $config)) {
throw new Exception('Google authentication source is not properly configured: missing [secret]');
}
$this->secret = $config['secret'];
$this->linkback = SimpleSAML_Module::getModuleURL('authgoogle') . '/linkback.php';
// Google Discovery Document
/*$dd = 'https://accounts.google.com/.well-known/openid-configuration';
$xmlddresponse = $this->curl_file_get_contents($dd);
SimpleSAML_Logger::debug('Google Response: '.$xmlddresponse);*/
}
/**
* Initialize login.
*
* This function saves the information about the login, and redirects to a
* login page.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
$config = SimpleSAML_Configuration::getConfig('authsources.php');
$state[sspmod_authTiqr_Auth_Tiqr::CONFIGID] = $config->getArray(self::getAuthId(), array());
/* We are going to need the authId in order to retrieve this authentication source later. */
$state[self::AUTHID] = $this->authId;
$id = SimpleSAML_Auth_State::saveState($state, sspmod_authTiqr_Auth_Tiqr::STAGEID);
$server = sspmod_authTiqr_Auth_Tiqr::getServer(false);
$session = SimpleSAML_Session::getSessionFromRequest();
$sessionId = $session->getSessionId();
$user = $server->getAuthenticatedUser($sessionId);
if (empty($user)) {
$url = SimpleSAML_Module::getModuleURL('authTiqr/login.php');
SimpleSAML_Utilities::redirect($url, array('AuthState' => $id));
} else {
$attributes = array('uid' => array($user), 'displayName' => array(sspmod_authTiqr_Auth_Tiqr::getUserStorage()->getDisplayName($user)));
$attributes = array_merge($attributes, sspmod_authTiqr_Auth_Tiqr::getUserStorage()->getAdditionalAttributes($user));
$state['Attributes'] = $attributes;
}
}
<?php
/**
*
*
* @author Mathias Meisfjordskar, University of Oslo.
* <*****@*****.**>
* @package simpleSAMLphp
*/
$this->includeAtTemplateBase('includes/header.php');
?>
<h1><?php
echo $this->t('{negotiate:negotiate:disable_title}');
?>
</h1>
<?php
$url = SimpleSAML_Module::getModuleURL('negotiate/enable.php');
echo $this->t('{negotiate:negotiate:disable_info_pre}', array('URL' => htmlspecialchars($url)));
?>
<?php
echo $this->t('{negotiate:negotiate:info_post}');
?>
<?php
$this->includeAtTemplateBase('includes/footer.php');
