protected function _mailTechnicalContact($tag, sspmod_janus_Cron_Logger $logger) { $errorHtml = $this->_getHtmlForMessages($logger->getNamespacedErrors(), 'errors'); $warningHtml = $this->_getHtmlForMessages($logger->getNamespacedWarnings(), 'warnings'); $noticeHtml = $this->_getHtmlForMessages($logger->getNamespacedNotices(), 'notices'); $config = SimpleSAML_Configuration::getInstance(); $time = date(DATE_RFC822); $url = SimpleSAML_Utilities::selfURL(); $message = <<<MESSAGE <h1>Cron report</h1> <p>Cron ran at {$time}</p> <p>URL: <tt>{$url}</tt></p> <p>Tag: {$tag}</p> <h2>Errors</h2> {$errorHtml} <h2>Warnings</h2> {$warningHtml} <h2>Notices</h2> {$noticeHtml} MESSAGE; $toAddress = $config->getString('technicalcontact_email', '*****@*****.**'); if ($toAddress == '*****@*****.**') { SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.'); } else { $email = new SimpleSAML_XHTML_EMail($toAddress, 'JANUS cron report', '*****@*****.**'); $email->setBody($message); $email->send(); } }
function casValidate($cas) { $service = SimpleSAML_Utilities::selfURL(); $service = preg_replace("/(\\?|&)?ticket=.*/", "", $service); # always tagged on by cas /** * Got response from CAS server. */ if (isset($_GET['ticket'])) { $ticket = urlencode($_GET['ticket']); #ini_set('default_socket_timeout', 15); if (isset($cas['validate'])) { # cas v1 yes|no\r<username> style $paramPrefix = strpos($cas['validate'], '?') ? '&' : '?'; $result = SimpleSAML_Utilities::fetch($cas['validate'] . $paramPrefix . 'ticket=' . $ticket . '&service=' . urlencode($service)); $res = preg_split("/\r?\n/", $result); if (strcmp($res[0], "yes") == 0) { return array($res[1], array()); } else { throw new Exception("Failed to validate CAS service ticket: {$ticket}"); } } elseif (isset($cas['serviceValidate'])) { # cas v2 xml style $paramPrefix = strpos($cas['serviceValidate'], '?') ? '&' : '?'; $result = SimpleSAML_Utilities::fetch($cas['serviceValidate'] . $paramPrefix . 'ticket=' . $ticket . '&service=' . urlencode($service)); $dom = DOMDocument::loadXML($result); $xPath = new DOMXpath($dom); $xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas'); $success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user"); if ($success->length == 0) { $failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure"); throw new Exception("Error when validating CAS service ticket: " . $failure->item(0)->textContent); } else { $attributes = array(); if ($casattributes = $cas['attributes']) { # some has attributes in the xml - attributes is a list of XPath expressions to get them foreach ($casattributes as $name => $query) { $attrs = $xPath->query($query); foreach ($attrs as $attrvalue) { $attributes[$name][] = $attrvalue->textContent; } } } $casusername = $success->item(0)->textContent; return array($casusername, $attributes); } } else { throw new Exception("validate or serviceValidate not specified"); } /** * First request, will redirect the user to the CAS server for authentication. */ } else { SimpleSAML_Logger::info("AUTH - cas-ldap: redirecting to {$cas['login']}"); SimpleSAML_Utilities::redirectTrustedURL($cas['login'], array('service' => $service)); } }
/** * Create a new NotFound error * * @param string $reason Optional description of why the given page could not be found. */ public function __construct($reason = NULL) { assert('is_null($reason) || is_string($reason)'); $url = SimpleSAML_Utilities::selfURL(); if ($reason === NULL) { parent::__construct(array('NOTFOUND', '%URL%' => $url)); } else { parent::__construct(array('NOTFOUNDREASON', '%URL%' => $url, '%REASON%' => $reason)); } $this->reason = $reason; }
$server->add_signature_method($hmac_method); $server->add_signature_method($plaintext_method); $server->add_signature_method($rsa_method); $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getSessionFromRequest(); $as = $oauthconfig->getString('auth'); if (!$session->isValid($as)) { SimpleSAML_Auth_Default::initLogin($as, SimpleSAML_Utilities::selfURL()); } if (!empty($_REQUEST['consent'])) { $consumer = $store->lookup_consumer_by_requestToken($requestToken); $t = new SimpleSAML_XHTML_Template($config, 'oauth:consent.php'); $t->data['header'] = '{status:header_saml20_sp}'; $t->data['consumer'] = $consumer; // array containint {name, description, key, secret, owner} keys $t->data['urlAgree'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array("consent" => "yes")); $t->data['logouturl'] = SimpleSAML_Utilities::selfURLNoQuery() . '?logout'; $t->show(); exit; // and be done. } $attributes = $session->getAttributes(); // Assume user consent at this point and proceed with authorizing the token list($url, $verifier) = $store->authorize($requestToken, $attributes); if ($url) { // If authorize() returns a URL, take user there (oauth1.0a) SimpleSAML_Utilities::redirectTrustedURL($url); } else { if (isset($_REQUEST['oauth_callback'])) { // If callback was provided in the request (oauth1.0) SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['oauth_callback']);
/** * Retrieve a URL that can be used to log the user out. * * @param string|NULL $returnTo The page the user should be returned to afterwards. * If this parameter is NULL, the user will be returned to the current page. * @return string A URL which is suitable for use in link-elements. */ public function getLogoutURL($returnTo = NULL) { assert('is_null($returnTo) || is_string($returnTo)'); if ($returnTo === NULL) { $returnTo = SimpleSAML_Utilities::selfURL(); } $logout = SimpleSAML_Module::getModuleURL('core/as_logout.php', array('AuthId' => $this->authSource, 'ReturnTo' => $returnTo)); return $logout; }
} if (isset($this->data['hideLanguageBar']) && $this->data['hideLanguageBar'] === TRUE) { $includeLanguageBar = FALSE; } if ($includeLanguageBar) { $languages = $this->getLanguageList(); if (count($languages) > 1) { echo '<div id="languagebar">'; $langnames = array('no' => 'Bokmål', 'nn' => 'Nynorsk', 'se' => 'Sámegiella', 'sam' => 'Åarjelh-saemien giele', 'da' => 'Dansk', 'en' => 'English', 'de' => 'Deutsch', 'sv' => 'Svenska', 'fi' => 'Suomeksi', 'es' => 'Español', 'fr' => 'Français', 'it' => 'Italiano', 'nl' => 'Nederlands', 'lb' => 'Lëtzebuergesch', 'cs' => 'Čeština', 'sl' => 'Slovenščina', 'lt' => 'Lietuvių kalba', 'hr' => 'Hrvatski', 'hu' => 'Magyar', 'pl' => 'Język polski', 'pt' => 'Português', 'pt-br' => 'Português brasileiro', 'ru' => 'русский язык', 'et' => 'eesti keel', 'tr' => 'Türkçe', 'el' => 'ελληνικά', 'ja' => '日本語', 'zh' => '简体中文', 'zh-tw' => '繁體中文', 'ar' => 'العربية', 'fa' => 'پارسی', 'ur' => 'اردو', 'he' => 'עִבְרִית', 'id' => 'Bahasa Indonesia', 'sr' => 'Srpski', 'lv' => 'Latviešu', 'ro' => 'Românește', 'eu' => 'Euskara'); $textarray = array(); foreach ($languages as $lang => $current) { $lang = strtolower($lang); if ($current) { $textarray[] = $langnames[$lang]; } else { $textarray[] = '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array($this->languageParameterName => $lang))) . '">' . $langnames[$lang] . '</a>'; } } echo join(' | ', $textarray); echo '</div>'; } } ?> <br> <h6 class="muted text-center">This template is proportioned by Raptor</h6> <h6 class="muted text-center">Please edit this template in: web/SSO/simplesamlphp/modules/core/template/raptorloginuserpass.php</h6><br> </div> <!-- // main-content --> </div>
/** * Receive an authentication request. * * @param SimpleSAML_IdP $idp The IdP we are receiving it for. */ public static function receiveAuthnRequest(SimpleSAML_IdP $idp) { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $supportedBindings = array(SAML2_Const::BINDING_HTTP_POST); if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) { $supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT; } if ($idpMetadata->getBoolean('saml20.hok.assertion', FALSE)) { $supportedBindings[] = SAML2_Const::BINDING_HOK_SSO; } if (isset($_REQUEST['spentityid'])) { /* IdP initiated authentication. */ if (isset($_REQUEST['cookieTime'])) { $cookieTime = (int) $_REQUEST['cookieTime']; if ($cookieTime + 5 > time()) { /* * Less than five seconds has passed since we were * here the last time. Cookies are probably disabled. */ SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL()); } } $spEntityId = (string) $_REQUEST['spentityid']; $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); if (isset($_REQUEST['RelayState'])) { $relayState = (string) $_REQUEST['RelayState']; } else { $relayState = NULL; } if (isset($_REQUEST['binding'])) { $protocolBinding = (string) $_REQUEST['binding']; } else { $protocolBinding = NULL; } if (isset($_REQUEST['NameIDFormat'])) { $nameIDFormat = (string) $_REQUEST['NameIDFormat']; } else { $nameIDFormat = NULL; } $requestId = NULL; $IDPList = array(); $ProxyCount = NULL; $RequesterID = NULL; $forceAuthn = FALSE; $isPassive = FALSE; $consumerURL = NULL; $consumerIndex = NULL; $extensions = NULL; $allowCreate = TRUE; $idpInit = TRUE; SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: ' . var_export($spEntityId, TRUE)); } else { $binding = SAML2_Binding::getCurrentBinding(); $request = $binding->receive(); if (!$request instanceof SAML2_AuthnRequest) { throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.'); } $spEntityId = $request->getIssuer(); if ($spEntityId === NULL) { throw new SimpleSAML_Error_BadRequest('Received message on authentication request endpoint without issuer.'); } $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $request); $relayState = $request->getRelayState(); $requestId = $request->getId(); $IDPList = $request->getIDPList(); $ProxyCount = $request->getProxyCount(); if ($ProxyCount !== null) { $ProxyCount--; } $RequesterID = $request->getRequesterID(); $forceAuthn = $request->getForceAuthn(); $isPassive = $request->getIsPassive(); $consumerURL = $request->getAssertionConsumerServiceURL(); $protocolBinding = $request->getProtocolBinding(); $consumerIndex = $request->getAssertionConsumerServiceIndex(); $extensions = $request->getExtensions(); $nameIdPolicy = $request->getNameIdPolicy(); if (isset($nameIdPolicy['Format'])) { $nameIDFormat = $nameIdPolicy['Format']; } else { $nameIDFormat = NULL; } if (isset($nameIdPolicy['AllowCreate'])) { $allowCreate = $nameIdPolicy['AllowCreate']; } else { $allowCreate = FALSE; } $idpInit = FALSE; SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: ' . var_export($spEntityId, TRUE)); } SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'forceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'protocol' => 'saml2', 'idpInit' => $idpInit)); $acsEndpoint = self::getAssertionConsumerService($supportedBindings, $spMetadata, $consumerURL, $protocolBinding, $consumerIndex); $IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array()))); if ($ProxyCount == null) { $ProxyCount = $spMetadata->getInteger('ProxyCount', null); } if (!$forceAuthn) { $forceAuthn = $spMetadata->getBoolean('ForceAuthn', FALSE); } $sessionLostParams = array('spentityid' => $spEntityId, 'cookieTime' => time()); if ($relayState !== NULL) { $sessionLostParams['RelayState'] = $relayState; } $sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), $sessionLostParams); $state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendResponse'), SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC => array('sspmod_saml_IdP_SAML2', 'handleAuthError'), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'SPMetadata' => $spMetadata->toArray(), 'saml:RelayState' => $relayState, 'saml:RequestId' => $requestId, 'saml:IDPList' => $IDPList, 'saml:ProxyCount' => $ProxyCount, 'saml:RequesterID' => $RequesterID, 'ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'saml:ConsumerURL' => $acsEndpoint['Location'], 'saml:Binding' => $acsEndpoint['Binding'], 'saml:NameIDFormat' => $nameIDFormat, 'saml:AllowCreate' => $allowCreate, 'saml:Extensions' => $extensions); $idp->handleAuthenticationRequest($state); }
throw new SimpleSAML_Error_Error('METADATA', $exception); } if (!isset($session) || !$session->isValid('shib13')) { if ($idpentityid == null) { SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: No chosen or default IdP, go to Shib13disco'); /* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration. * Falling back to builtin discovery service. */ if (array_key_exists('idpdisco.url', $spmetadata)) { $discservice = $spmetadata['idpdisco.url']; } elseif ($config->getString('idpdisco.url.shib13', NULL) !== NULL) { $discservice = $config->getString('idpdisco.url.shib13'); } else { $discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php'; } SimpleSAML_Utilities::redirect($discservice, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid')); } try { $ar = new SimpleSAML_XML_Shib13_AuthnRequest(); $ar->setIssuer($spentityid); if (isset($_GET['RelayState'])) { $ar->setRelayState($_GET['RelayState']); } SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')'); $url = $ar->createRedirect($idpentityid); SimpleSAML_Utilities::redirect($url); } catch (Exception $exception) { throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception); } } else { $relaystate = $session->getRelayState();
/* Load simpleSAMLphp, configuration and metadata */ $session = SimpleSAML_Session::getSessionFromRequest(); $config = SimpleSAML_Configuration::getInstance(); $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $authsource = $janus_config->getValue('auth', 'login-admin'); $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName'); $as = new SimpleSAML_Auth_Simple($authsource); if ($as->isAuthenticated()) { $attributes = $as->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { $session->setData('string', 'refURL', SimpleSAML_Utilities::selfURL()); SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php')); } if (isset($_GET['eid'])) { $eid = $_GET['eid']; } else { throw new SimpleSAML_Error_Exception('Eid must be set'); } if (isset($_GET['revisionid'])) { $revisionid = $_GET['revisionid']; } else { throw new SimpleSAML_Error_Exception('Revisionid must be set'); } $md_options = $janus_config->getValue('mdexport.default_options'); $metaxml = sspmod_janus_MetaExport::getReadableXMLMetadata($eid, $revisionid, array('maxCache' => $md_options['maxCache'], 'maxDuration' => $md_options['maxDuration'])); $metaflat = sspmod_janus_MetaExport::getFlatMetadata($eid, $revisionid);
assert('array_key_exists("SimpleSAML_Auth_Source.id", $state)'); $authId = $state['SimpleSAML_Auth_Source.id']; $as = SimpleSAML_Configuration::getConfig('authsources.php')->getValue($authId); // Use 2 factor authentication class $gaLogin = SimpleSAML_Auth_Source::getById($authId, 'sspmod_authtfaga_Auth_Source_authtfaga'); if ($gaLogin === null) { throw new Exception('Invalid authentication source: ' . $authId); } // Init template $template = 'authtfaga:login.php'; $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, $template); $errorCode = null; //If user doesn't have session, force to use the main authentication method if (!$session->isValid($as['mainAuthSource'])) { SimpleSAML_Auth_Default::initLogin($as['mainAuthSource'], SimpleSAML_Utilities::selfURL()); } $attributes = $session->getAuthData($as['mainAuthSource'], 'Attributes'); $state['Attributes'] = $attributes; $uid = $attributes[$as['uidField']][0]; $state['UserID'] = $uid; $isEnabled = $gaLogin->isEnabled2fa($uid); if (is_null($isEnabled) || isset($_GET['postSetEnable2fa'])) { //If the user has not set his preference of 2 factor authentication, redirect to settings page if (isset($_POST['setEnable2f'])) { if ($_POST['setEnable2f'] == 1) { $gaKey = $gaLogin->createSecret(); $gaLogin->registerGAkey($uid, $gaKey); $gaLogin->enable2fa($uid); $t->data['todo'] = 'generateGA'; $t->data['autofocus'] = 'otp';
/** * Start a logout operation. * * @param string|NULL $url The URL the user should be redirected to after logging out. * Defaults to the current page. * @deprecated */ public function logout($url = NULL) { if ($url === NULL) { $url = SimpleSAML_Utilities::selfURL(); } $session = SimpleSAML_Session::getSessionFromRequest(); if (!$session->isValid($this->authority)) { /* Not authenticated to this authentication source. */ SimpleSAML_Utilities::redirectTrustedURL($url); assert('FALSE'); } if ($this->authority === 'saml2') { $config = SimpleSAML_Configuration::getInstance(); SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php', array('RelayState' => $url)); } $session->doLogout($this->authority); SimpleSAML_Utilities::redirectTrustedURL($url); }
exit; } } #print_r($_REQUEST['tag']) ; exit; if (!is_null($cronconfig->getValue('allowed_tags'))) { if (!in_array($_REQUEST['tag'], $cronconfig->getValue('allowed_tags'))) { SimpleSAML_Logger::error('Cron - Illegal tag [' . $_REQUEST['tag'] . '].'); exit; } } $summary = array(); $croninfo = array('summary' => &$summary, 'tag' => $_REQUEST['tag']); SimpleSAML_Module::callHooks('cron', $croninfo); foreach ($summary as $s) { SimpleSAML_Logger::debug('Cron - Summary: ' . $s); } if ($cronconfig->getValue('sendemail', TRUE) && count($summary) > 0) { $statustext = '<ul><li>' . join('</li><li>', $summary) . '</li></ul>'; $message = '<h1>Cron report</h1><p>Cron ran at ' . date(DATE_RFC822) . '</p>' . '<p>URL: <tt>' . SimpleSAML_Utilities::selfURL() . '</tt></p>' . '<p>Tag: ' . $_REQUEST['tag'] . "</p>\n\n" . $statustext; $toaddress = $config->getString('technicalcontact_email', '*****@*****.**'); if ($toaddress == '*****@*****.**') { SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.'); } else { $email = new SimpleSAML_XHTML_EMail($toaddress, 'simpleSAMLphp cron report', '*****@*****.**'); $email->setBody($message); $email->send(); } } #$t = new SimpleSAML_XHTML_Template($config, 'modinfo:modlist.php'); #$t->data['modules'] = $modinfo; #$t->show();
/** * Receive an authentication request. * * @param SimpleSAML_IdP $idp The IdP we are receiving it for. */ public static function receiveAuthnRequest(SimpleSAML_IdP $idp) { if (isset($_REQUEST['cookieTime'])) { $cookieTime = (int) $_REQUEST['cookieTime']; if ($cookieTime + 5 > time()) { /* * Less than five seconds has passed since we were * here the last time. Cookies are probably disabled. */ SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL()); } } if (!isset($_REQUEST['providerId'])) { throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.'); } $spEntityId = (string) $_REQUEST['providerId']; if (!isset($_REQUEST['shire'])) { throw new SimpleSAML_Error_BadRequest('Missing shire parameter.'); } $shire = (string) $_REQUEST['shire']; if (isset($_REQUEST['target'])) { $target = $_REQUEST['target']; } else { $target = NULL; } SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.'); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote'); $found = FALSE; foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) { if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') { continue; } if ($ep['Location'] !== $shire) { continue; } $found = TRUE; break; } if (!$found) { throw new Exception('Invalid AssertionConsumerService for SP ' . var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE)); } SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'protocol' => 'saml1')); $sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('cookieTime' => time())); $state = array('Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'), 'SPMetadata' => $spMetadata->toArray(), 'saml:shire' => $shire, 'saml:target' => $target, 'saml:AuthnRequestReceivedAt' => microtime(TRUE)); $idp->handleAuthenticationRequest($state); }
/** * Log the user out. * Ajout : Efface la variable de la source d'authentification de la session * Ajout : ne fait pas le logout de la source si c'est précisé dans la configuration. La fonction retourne dans ce cas là * * This function logs the user out. It will never return. By default, * it will cause a redirect to the current page after logging the user * out, but a different URL can be given with the $params parameter. * * Generic parameters are: * - 'ReturnTo': The URL the user should be returned to after logout. * - 'ReturnCallback': The function that should be called after logout. * - 'ReturnStateParam': The parameter we should return the state in when redirecting. * - 'ReturnStateStage': The stage the state array should be saved with. * * @param string|array|NULL $params Either the url the user should be redirected to after logging out, * or an array with parameters for the logout. If this parameter is * NULL, we will return to the current page. */ public function logout($params = NULL) { unset($_SESSION['utilisateur_saml_source']); if ($this->getDoSourceLogout()) { parent::logout($params); } else { assert('is_array($params) || is_string($params) || is_null($params)'); if ($params === NULL) { $params = SimpleSAML_Utilities::selfURL(); } if (is_string($params)) { $params = array( 'ReturnTo' => $params, ); } assert('is_array($params)'); assert('isset($params["ReturnTo"]) || isset($params["ReturnCallback"])'); if (isset($params['ReturnStateParam']) || isset($params['ReturnStateStage'])) { assert('isset($params["ReturnStateParam"]) && isset($params["ReturnStateStage"])'); } $session = SimpleSAML_Session::getInstance(); if ($session->isValid($this->authSource)) { $state = $session->getAuthData($this->authSource, 'LogoutState'); if ($state !== NULL) { $params = array_merge($state, $params); } $session->doLogout($this->authSource); $params['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted'); } //on rajoute dans la requet le portal_return_url, ça sera utilisé dans un refresh ultérieur (logout.php ou Session.class.php) if (isset($params["ReturnTo"])) { $portal_return_url = $this->getPortalReturnUrl(); //echo $portal_return_url;die; if ($portal_return_url != null) { if (strpos($params["ReturnTo"],'?') === false) { $portal_parameter = '?portal_return_url='.$portal_return_url; } else { $portal_parameter = '&portal_return_url='.$portal_return_url; } $params["ReturnTo"] .= $portal_parameter; } } self::logoutCompleted($params); } }
</div> <?php } ?> <h2 style="break: both"><?php echo $this->t('{authX509:X509error:certificate_header}'); ?> </h2> <p><?php echo $this->t('{authX509:X509error:certificate_text}'); ?> </p> <a href="<?php echo htmlspecialchars(SimpleSAML_Utilities::selfURL()); ?> "> <?php echo $this->t('{login:login_button}'); ?> </a> <?php if (!empty($this->data['links'])) { echo '<ul class="links" style="margin-top: 2em">'; foreach ($this->data['links'] as $l) { echo '<li><a href="' . htmlspecialchars($l['href']) . '">' . htmlspecialchars($this->t($l['text'])) . '</a></li>'; } echo '</ul>'; }
} } echo "</ul>"; echo <<<TRSTART \t </div></td></tr> </table> </td> \t <td class='caAllowed'><input onClick="javascript:checkConsent(this.value, {$show_spid}, this.checked)" value='{$consentValue}' type='checkbox' {$checkedAttr}><span id="consentText{$show_spid}">{$consentText}</span></td> TRSTART; echo "</td></tr>\n"; $show_spid++; } ?> </table> <p> <?php echo $this->t('consentadmin_description2'); ?> </p> <h2>Logout</h2> <p><a href="<?php echo SimpleSAML_Utilities::selfURL() . '?logout'; ?> ">Logout</a></p> <?php $this->includeAtTemplateBase('includes/footer.php');
SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco'); /* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration. * Falling back to builtin discovery service. */ if (array_key_exists('idpdisco.url', $spmetadata)) { $discourl = $spmetadata['idpdisco.url']; } elseif ($config->getString('idpdisco.url.saml20', NULL) !== NULL) { $discourl = $config->getString('idpdisco.url.saml20'); } else { $discourl = SimpleSAML_Utilities::getBaseURL() . 'saml2/sp/idpdisco.php'; } $extDiscoveryStorage = $config->getString('idpdisco.extDiscoveryStorage', NULL); if ($extDiscoveryStorage !== NULL) { SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true')); } $discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'); $discoparameters['isPassive'] = $isPassive; if (sizeof($reachableIDPs) > 0) { $discoparameters['IDPList'] = $reachableIDPs; } SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters); } /* * Create and send authentication request to the IdP. */ try { $spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-hosted'); $idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-remote'); $ar = sspmod_saml_Message::buildAuthnRequest($spMetadata, $idpMetadata); $assertionConsumerServiceURL = $metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted'); $ar->setAssertionConsumerServiceURL($assertionConsumerServiceURL);
$et->show(); exit; } $authsource = $janus_config->getValue('auth', 'login-admin'); $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName'); if ($session->isValid($authsource)) { $attributes = $session->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { $returnURL = $session->getData('string', 'refURL'); if (is_null($returnURL)) { $returnURL = SimpleSAML_Utilities::selfURL(); } else { $session->deleteData('string', 'refURL'); } SimpleSAML_Auth_Default::initLogin($authsource, $returnURL, NULL, $_GET); } $user = new sspmod_janus_User(); $user->setUserid($userid); if (!$user->load(sspmod_janus_User::USERID_LOAD)) { $autocreatenewuser = $janus_config->getValue('user.autocreate', false); if ($autocreatenewuser) { SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/newUser.php'), array('userid' => $userid)); } else { SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/noNewUser.php'), array('userid' => $userid)); } } else {
$cronconfig = SimpleSAML_Configuration::getConfig('module_cron.php'); if (!is_null($cronconfig->getValue('key'))) { if ($_REQUEST['key'] !== $cronconfig->getValue('key')) { SimpleSAML_Logger::error('Cron - Wrong key provided. Cron will not run.'); exit; } } if (!is_null($cronconfig->getValue('allowed_tags'))) { if (!in_array($_REQUEST['tag'], $cronconfig->getValue('allowed_tags'))) { SimpleSAML_Logger::error('Cron - Illegal tag [' . $_REQUEST['tag'] . '].'); exit; } } $summary = array(); $croninfo = array('summary' => &$summary, 'tag' => $_REQUEST['tag']); $url = SimpleSAML_Utilities::selfURL(); $time = date(DATE_RFC822); SimpleSAML_Module::callHooks('cron', $croninfo); foreach ($summary as $s) { SimpleSAML_Logger::debug('Cron - Summary: ' . $s); } if ($cronconfig->getValue('sendemail', TRUE) && count($summary) > 0) { $message = '<h1>Cron report</h1><p>Cron ran at ' . $time . '</p>' . '<p>URL: <tt>' . $url . '</tt></p>' . '<p>Tag: ' . $croninfo['tag'] . "</p>\n\n" . '<ul><li>' . join('</li><li>', $summary) . '</li></ul>'; $toaddress = $config->getString('technicalcontact_email', '*****@*****.**'); if ($toaddress == '*****@*****.**') { SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.'); } else { $email = new SimpleSAML_XHTML_EMail($toaddress, 'simpleSAMLphp cron report', '*****@*****.**'); $email->setBody($message); $email->send(); }
<?php $languages = $this->getLanguageList(); $langnames = array('no' => 'Bokmål', 'nn' => 'Nynorsk', 'se' => 'Sámegiella', 'sam' => 'Åarjelh-saemien giele', 'da' => 'Dansk', 'en' => 'English', 'de' => 'Deutsch', 'sv' => 'Svenska', 'fi' => 'Suomeksi', 'es' => 'Español', 'fr' => 'Français', 'it' => 'Italiano', 'nl' => 'Nederlands', 'lb' => 'Luxembourgish', 'cs' => 'Czech', 'sl' => 'Slovenščina', 'lt' => 'Lietuvių kalba', 'hr' => 'Hrvatski', 'hu' => 'Magyar', 'pl' => 'Polski', 'pt' => 'Português', 'pt-BR' => 'Português brasileiro', 'ru' => 'русский язык', 'et' => 'Eesti keel', 'tr' => 'Türkçe', 'el' => 'ελληνικά', 'ja' => '日本語', 'zh-tw' => '中文', 'ar' => 'العربية', 'fa' => 'پارسی', 'ur' => 'اردو', 'he' => 'עִבְרִית'); if (empty($_POST)) { foreach ($languages as $lang => $current) { if ($current) { echo '<li class="pull-right dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown">' . '<span class="glyphicon glyphicon-flag"></span> ' . $langnames[$lang] . ' <b class="caret"></b></a>'; } } echo '<ul class="dropdown-menu">'; $textarray = array(); foreach ($languages as $lang => $current) { if (!$current) { $url = htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('language' => $lang))); $title = $langnames[$lang]; echo '<li><a href="' . $url . '">' . $title . '</a></li>'; } } echo '</ul>'; }
* @package simpleSAMLphp * @version $Id$ */ require_once '../../_include.php'; $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); SimpleSAML_Logger::info('WS-Fed - SP.initSSO: Accessing WS-Fed SP initSSO script'); if (!$config->getBoolean('enable.wsfed-sp', false)) { throw new SimpleSAML_Error_Error('NOACCESS'); } if (empty($_GET['RelayState'])) { throw new SimpleSAML_Error_Error('NORELAYSTATE'); } try { $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getString('default-wsfed-idp', NULL); $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('wsfed-sp-hosted'); } catch (Exception $exception) { throw new SimpleSAML_Error_Error('METADATA', $exception); } if ($idpentityid == null) { SimpleSAML_Logger::info('WS-Fed - SP.initSSO: No chosen or default IdP, go to WSFeddisco'); SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'wsfed/sp/idpdisco.php', array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid')); } try { $relaystate = $_GET['RelayState']; $idpmeta = $metadata->getMetaData($idpentityid, 'wsfed-idp-remote'); $spmeta = $metadata->getMetaData($spentityid, 'wsfed-sp-hosted'); SimpleSAML_Utilities::redirect($idpmeta['prp'], array('wa' => 'wsignin1.0', 'wct' => gmdate('Y-m-d\\TH:i:s\\Z', time()), 'wtrealm' => $spentityid, 'wctx' => $relaystate)); } catch (Exception $exception) { throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception); }
/** * Require admin access for current page. * * This is a helper-function for limiting a page to admin access. It will redirect * the user to a login page if the current user doesn't have admin access. */ public static function requireAdmin() { if (self::isAdmin()) { return; } $returnTo = SimpleSAML_Utilities::selfURL(); /* Not authenticated as admin user. Start authentication. */ if (SimpleSAML_Auth_Source::getById('admin') !== NULL) { $as = new SimpleSAML_Auth_Simple('admin'); $as->login(); } else { /* For backwards-compatibility. */ $config = SimpleSAML_Configuration::getInstance(); SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php', array('RelayState' => $returnTo)); } }
<?php require_once '../_include.php'; $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); if (!$session->isValid('wsfed')) { SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'wsfed/sp/initSSO.php', array('RelayState' => SimpleSAML_Utilities::selfURL())); } $attributes = $session->getAuthData('wsfed', 'Attributes'); $t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes'); $t->data['header'] = '{status:header_wsfed}'; $t->data['remaining'] = $session->getAuthData('wsfed', 'Expire') - time(); $t->data['sessionsize'] = $session->getSize(); $t->data['attributes'] = $attributes; $t->data['logouturl'] = '/' . $config->getBaseURL() . 'wsfed/sp/initSLO.php?RelayState=/' . $config->getBaseURL() . 'logout.php'; $t->show();
<?php require_once '../_include.php'; /* Load simpleSAMLphp, configuration */ $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); /* Check if valid local session exists.. */ SimpleSAML_Utilities::requireAdmin(); $attributes = array(); $attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']); $attributes['HTTPS'] = array($_SERVER['HTTPS']); $attributes['SERVER_PROTOCOL'] = array($_SERVER['SERVER_PROTOCOL']); $attributes['SERVER_PORT'] = array($_SERVER['SERVER_PORT']); $attributes['Utilities_getBaseURL()'] = array(SimpleSAML_Utilities::getBaseURL()); $attributes['Utilities_getSelfHost()'] = array(SimpleSAML_Utilities::getSelfHost()); $attributes['Utilities_selfURLhost()'] = array(SimpleSAML_Utilities::selfURLhost()); $attributes['Utilities_selfURLNoQuery()'] = array(SimpleSAML_Utilities::selfURLNoQuery()); $attributes['Utilities_getSelfHostWithPath()'] = array(SimpleSAML_Utilities::getSelfHostWithPath()); $attributes['Utilities_getFirstPathElement()'] = array(SimpleSAML_Utilities::getFirstPathElement()); $attributes['Utilities_selfURL()'] = array(SimpleSAML_Utilities::selfURL()); $et = new SimpleSAML_XHTML_Template($config, 'status.php'); $et->data['header'] = '{status:header_diagnostics}'; $et->data['remaining'] = 'na'; $et->data['attributes'] = $attributes; $et->data['valid'] = 'na'; $et->data['logout'] = null; $et->show();
/** * Process an authentication response. * * @param array &$state The state array. */ public function postAuth(array &$state) { $consumer = $this->getConsumer($state); $return_to = SimpleSAML_Utilities::selfURL(); // Complete the authentication process using the server's // response. $response = $consumer->complete($return_to); // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { // This means the authentication was cancelled. throw new SimpleSAML_Error_UserAborted(); } else { if ($response->status == Auth_OpenID_FAILURE) { // Authentication failed; display the error message. throw new SimpleSAML_Error_AuthSource($this->authId, 'Authentication failed: ' . var_export($response->message, TRUE)); } else { if ($response->status != Auth_OpenID_SUCCESS) { throw new SimpleSAML_Error_AuthSource($this->authId, 'General error. Try again.'); } } } // This means the authentication succeeded; extract the // identity URL and Simple Registration data (if it was // returned). $openid = $response->identity_url; $attributes = array('openid' => array($openid)); $attributes['openid.server_url'] = array($response->endpoint->server_url); if ($response->endpoint->canonicalID) { $attributes['openid.canonicalID'] = array($response->endpoint->canonicalID); } if ($response->endpoint->local_id) { $attributes['openid.local_id'] = array($response->endpoint->local_id); } $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response, $this->validateSReg); $sregresponse = $sreg_resp->contents(); if (is_array($sregresponse) && count($sregresponse) > 0) { $attributes['openid.sregkeys'] = array_keys($sregresponse); foreach ($sregresponse as $sregkey => $sregvalue) { $attributes['openid.sreg.' . $sregkey] = array($sregvalue); } } // Get AX response information $ax = new Auth_OpenID_AX_FetchResponse(); $ax_resp = $ax->fromSuccessResponse($response); if ($ax_resp instanceof Auth_OpenID_AX_FetchResponse && !empty($ax_resp->data)) { $axresponse = $ax_resp->data; $attributes['openid.axkeys'] = array_keys($axresponse); foreach ($axresponse as $axkey => $axvalue) { if (preg_match("/^\\w+:/", $axkey)) { $attributes[$axkey] = is_array($axvalue) ? $axvalue : array($axvalue); } else { SimpleSAML_Logger::warning('Invalid attribute name in AX response: ' . var_export($axkey, TRUE)); } } } SimpleSAML_Logger::debug('OpenID Returned Attributes: ' . implode(", ", array_keys($attributes))); $state['Attributes'] = $attributes; SimpleSAML_Auth_Source::completeAuth($state); }
/** * Receive an authentication request. * * @param SimpleSAML_IdP $idp The IdP we are receiving it for. */ public static function receiveAuthnRequest(SimpleSAML_IdP $idp) { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $supportedBindings = array(SAML2_Const::BINDING_HTTP_POST); if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) { $supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT; } if (isset($_REQUEST['spentityid'])) { /* IdP initiated authentication. */ if (isset($_REQUEST['cookieTime'])) { $cookieTime = (int) $_REQUEST['cookieTime']; if ($cookieTime + 5 > time()) { /* * Less than five seconds has passed since we were * here the last time. Cookies are probably disabled. */ SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL()); } } $spEntityId = (string) $_REQUEST['spentityid']; $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); if (isset($_REQUEST['RelayState'])) { $relayState = (string) $_REQUEST['RelayState']; } else { $relayState = NULL; } if (isset($_REQUEST['binding'])) { $protocolBinding = (string) $_REQUEST['binding']; } else { $protocolBinding = NULL; } if (isset($_REQUEST['NameIDFormat'])) { $nameIDFormat = (string) $_REQUEST['NameIDFormat']; } else { $nameIDFormat = NULL; } $requestId = NULL; $IDPList = array(); $ProxyCount = NULL; $RequesterID = NULL; $forceAuthn = FALSE; $isPassive = FALSE; $consumerURL = NULL; SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: ' . var_export($spEntityId, TRUE)); } else { $binding = SAML2_Binding::getCurrentBinding(); $request = $binding->receive(); if (!$request instanceof SAML2_AuthnRequest) { throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.'); } $spEntityId = $request->getIssuer(); if ($spEntityId === NULL) { throw new SimpleSAML_Error_BadRequest('Received message on authentication request endpoint without issuer.'); } $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $request); $relayState = $request->getRelayState(); $requestId = $request->getId(); $IDPList = $request->getIDPList(); $ProxyCount = $request->getProxyCount(); if ($ProxyCount !== null) { $ProxyCount--; } $RequesterID = $request->getRequesterID(); $forceAuthn = $request->getForceAuthn(); $isPassive = $request->getIsPassive(); $consumerURL = $request->getAssertionConsumerServiceURL(); $protocolBinding = $request->getProtocolBinding(); $nameIdPolicy = $request->getNameIdPolicy(); if (isset($nameIdPolicy['Format'])) { $nameIDFormat = $nameIdPolicy['Format']; } else { $nameIDFormat = NULL; } SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: ' . var_export($spEntityId, TRUE)); } if ($protocolBinding === NULL || !in_array($protocolBinding, $supportedBindings, TRUE)) { /* * No binding specified or unsupported binding requested - default to HTTP-POST. * TODO: Select any supported binding based on default endpoint? */ $protocolBinding = SAML2_Const::BINDING_HTTP_POST; } if ($consumerURL !== NULL) { $found = FALSE; foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) { if ($ep['Binding'] !== $protocolBinding) { continue; } if ($ep['Location'] !== $consumerURL) { continue; } $found = TRUE; break; } if (!$found) { SimpleSAML_Logger::warning('Authentication request from ' . var_export($spEntityId, TRUE) . ' contains invalid AssertionConsumerService URL. Was ' . var_export($consumerURL, TRUE) . '.'); $consumerURL = NULL; } } if ($consumerURL === NULL) { /* Not specified or invalid. Use default. */ $consumerURL = $spMetadata->getDefaultEndpoint('AssertionConsumerService', array($protocolBinding)); $consumerURL = $consumerURL['Location']; } $IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array()))); if ($ProxyCount == null) { $ProxyCount = $spMetadata->getInteger('ProxyCount', null); } if (!$forceAuthn) { $forceAuthn = $spMetadata->getBoolean('ForceAuthn', FALSE); } $sessionLostParams = array('spentityid' => $spEntityId, 'cookieTime' => time()); if ($relayState !== NULL) { $sessionLostParams['RelayState'] = $relayState; } $sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), $sessionLostParams); $state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendResponse'), SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC => array('sspmod_saml_IdP_SAML2', 'handleAuthError'), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'SPMetadata' => $spMetadata->toArray(), 'saml:RelayState' => $relayState, 'saml:RequestId' => $requestId, 'saml:IDPList' => $IDPList, 'saml:ProxyCount' => $ProxyCount, 'saml:RequesterID' => $RequesterID, 'ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'saml:ConsumerURL' => $consumerURL, 'saml:Binding' => $protocolBinding, 'saml:NameIDFormat' => $nameIDFormat); $idp->handleAuthenticationRequest($state); }
/* Load simpleSAMLphp, configuration and metadata */ $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); $metaconfig = SimpleSAML_Configuration::getConfig('module_metaedit.php'); $mdh = new SimpleSAML_Metadata_MetaDataStorageHandlerSerialize($metaconfig->getValue('metahandlerConfig', NULL)); $authsource = $metaconfig->getValue('auth', 'login-admin'); $useridattr = $metaconfig->getValue('useridattr', 'eduPersonPrincipalName'); if ($session->isValid($authsource)) { $attributes = $session->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL()); } function requireOwnership($metadata, $userid) { if (!isset($metadata['owner'])) { throw new Exception('Metadata has no owner. Which means no one is granted access, not even you.'); } if ($metadata['owner'] !== $userid) { throw new Exception('Metadata has an owner that is not equal to your userid, hence you are not granted access.'); } } if (array_key_exists('entityid', $_REQUEST)) { $metadata = $mdh->getMetadata($_REQUEST['entityid'], 'saml20-sp-remote'); requireOwnership($metadata, $userid); } elseif (array_key_exists('xmlmetadata', $_REQUEST)) { $xmldata = $_REQUEST['xmlmetadata'];
public function requireAuth($allowAnonymous = FALSE) { #echo '<pre>allowanon:' . var_export($allowAnonymous, TRUE) . '</pre>'; if ($this->isAuth) { return TRUE; } if (array_key_exists('auth', $_GET) && $_GET['auth'] === 'facebook') { $this->facebookAuth(); } if (array_key_exists('auth', $_GET) && $_GET['auth'] === 'twitter') { $this->twitterAuth(); } if (!empty($_REQUEST['idp']) && !$this->as->isAuthenticated()) { $this->as->login(array('saml:idp' => $_REQUEST['idp'])); } if (!$allowAnonymous) { SimpleSAML_Utilities::redirect($this->disco . '?entityID=' . urlencode($this->auth->entityid) . '&returnIDParam=idp' . '&return=' . urlencode(SimpleSAML_Utilities::selfURL() . '?')); exit; // $this->as->requireAuth(); // exit; } $this->checkAnonymousSession(); }
/** * Retrieve a admin login URL. * * @param string|NULL $returnTo The URL the user should arrive on after admin authentication. * @return string A URL which can be used for admin authentication. */ public static function getAdminLoginURL($returnTo = NULL) { assert('is_string($returnTo) || is_null($returnTo)'); if ($returnTo === NULL) { $returnTo = SimpleSAML_Utilities::selfURL(); } return SimpleSAML_Module::getModuleURL('core/login-admin.php', array('ReturnTo' => $returnTo)); }
<?php /** * The _include script registers a autoloader for the simpleSAMLphp libraries. It also * initializes the simpleSAMLphp config class with the correct path. */ require_once '_include.php'; /* Load simpleSAMLphp, configuration and metadata */ $config = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getInstance(); if (!$session->isValid('openid')) { /* Authenticate with an AuthSource. */ $hints = array('openid' => NULL); SimpleSAML_Auth_Default::initLogin('openid', SimpleSAML_Utilities::selfURL(), NULL, $hints); } $attributes = $session->getAttributes(); $t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes'); $t->data['header'] = '{openid:dictopenid:openidtestpage}'; $t->data['remaining'] = $session->remainingTime(); $t->data['sessionsize'] = $session->getSize(); $t->data['attributes'] = $attributes; $t->data['icon'] = 'bino.png'; $t->data['logouturl'] = NULL; $t->show();