/**
* Check that the user has access to the statistics.
*
* If the user doesn't have access, send the user to the login page.
*/
public static function checkAccess(SimpleSAML_Configuration $statconfig)
{
$protected = $statconfig->getBoolean('protected', FALSE);
$authsource = $statconfig->getString('auth', NULL);
$allowedusers = $statconfig->getValue('allowedUsers', NULL);
$useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
$acl = $statconfig->getValue('acl', NULL);
if ($acl !== NULL && !is_string($acl) && !is_array($acl)) {
throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
}
if (!$protected) {
return;
}
if (SimpleSAML_Utilities::isAdmin()) {
// User logged in as admin. OK.
SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
return;
}
if (!isset($authsource)) {
// If authsource is not defined, init admin login.
SimpleSAML_Utilities::requireAdmin();
}
/* We are using an authsource for login. */
$as = new SimpleSAML_Auth_Simple($authsource);
$as->requireAuth();
// User logged in with auth source.
SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
// Retrieving attributes
$attributes = $as->getAttributes();
if (!empty($allowedusers)) {
// Check if userid exists
if (!isset($attributes[$useridattr][0])) {
throw new Exception('User ID is missing');
}
// Check if userid is allowed access..
if (in_array($attributes[$useridattr][0], $allowedusers)) {
SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
return;
}
SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
} else {
SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.');
}
if (!is_null($acl)) {
$acl = new sspmod_core_ACL($acl);
if ($acl->allows($attributes)) {
SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.');
return;
}
SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.');
} else {
SimpleSAML_Logger::debug('Statistics auth - no ACL configured.');
}
throw new SimpleSAML_Error_Exception('Access denied to the current user.');
}
<?php
/* Load simpleSAMLphp, configuration */
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
SimpleSAML_Utilities::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utilities::isAdmin();
$warnings = array();
if (!SimpleSAML_Utilities::isHTTPS()) {
$warnings[] = '{core:frontpage:warnings_https}';
}
if ($config->getValue('secretsalt') === 'defaultsecretsalt') {
$warnings[] = '{core:frontpage:warnings_secretsalt}';
}
if (extension_loaded('suhosin')) {
$suhosinLength = ini_get('suhosin.get.max_value_length');
if (empty($suhosinLength) || (int) $suhosinLength < 2048) {
$warnings[] = '{core:frontpage:warnings_suhosin_url_length}';
}
}
$links = array();
$links_welcome = array();
$links_config = array();
$links_auth = array();
$links_federation = array();
$links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'example-simple/hostnames.php?dummy=1', 'text' => '{core:frontpage:link_diagnostics}');
$links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/phpinfo.php', 'text' => '{core:frontpage:link_phpinfo}');
$config = SimpleSAML_Configuration::getInstance();
$statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php');
$session = SimpleSAML_Session::getInstance();
/**
* AUTHENTICATION and Authorization for access to the statistics.
*/
$protected = $statconfig->getBoolean('protected', FALSE);
$authsource = $statconfig->getString('auth', NULL);
$allowedusers = $statconfig->getValue('allowedUsers', NULL);
$useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
$acl = $statconfig->getValue('acl', NULL);
if ($acl !== NULL && !is_string($acl) && !is_array($acl)) {
throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
}
if ($protected) {
if (SimpleSAML_Utilities::isAdmin()) {
// User logged in as admin. OK.
SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
} elseif (isset($authsource) && $session->isValid($authsource)) {
// User logged in with auth source.
SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
// Retrieving attributes
$attributes = $session->getAttributes();
$allow = FALSE;
if (!empty($allowedusers)) {
// Check if userid exists
if (!isset($attributes[$useridattr][0])) {
throw new Exception('User ID is missing');
}
// Check if userid is allowed access..
if (!in_array($attributes[$useridattr][0], $allowedusers)) {
$metaBuilder->addMetadataSP20($metaArray);
$metaBuilder->addContact('technical', array('emailAddress' => $config->getString('technicalcontact_email', NULL), 'name' => $config->getString('technicalcontact_name', NULL)));
$metaxml = $metaBuilder->getEntityDescriptorText();
/* Sign the metadata if enabled. */
$metaxml = SimpleSAML_Metadata_Signer::sign($metaxml, $spmeta, 'SAML 2 SP');
/*
* Generate list of IdPs that you can send metadata to.
*/
$idplist = $metadata->getList('saml20-idp-remote');
$idpsend = array();
foreach ($idplist as $entityid => $mentry) {
if (array_key_exists('send_metadata_email', $mentry)) {
$idpsend[$entityid] = $mentry;
}
}
$adminok = SimpleSAML_Utilities::isAdmin();
$adminlogin = SimpleSAML_Utilities::getAdminLoginURL(SimpleSAML_Utilities::addURLParameter(SimpleSAML_Utilities::selfURLNoQuery(), array('output' => 'xhtml')));
$sentok = FALSE;
/*
* Send metadata to Identity Provider, if the user filled submitted the form
*/
if (array_key_exists('sendtoidp', $_POST)) {
if (!array_key_exists($_POST['sendtoidp'], $idpsend)) {
throw new Exception('Entity ID ' . $_POST['sendtoidp'] . ' not found in metadata. Cannot send metadata to this IdP.');
}
$emailadr = $idpsend[$_POST['sendtoidp']]['send_metadata_email'];
$from = $_POST['email'];
$message = '<h1>simpleSAMLphp SAML 2.0 Service Provider Metadata</h1>
<p>Metadata was sent to you from a simpleSAMLphp SAML 2.0 Service Provider. The service provider requests to connect to the following Identity Provider:
<ul>
