protected function _mailTechnicalContact($tag, sspmod_janus_Cron_Logger $logger)
{
$errorHtml = $this->_getHtmlForMessages($logger->getNamespacedErrors(), 'errors');
$warningHtml = $this->_getHtmlForMessages($logger->getNamespacedWarnings(), 'warnings');
$noticeHtml = $this->_getHtmlForMessages($logger->getNamespacedNotices(), 'notices');
$config = SimpleSAML_Configuration::getInstance();
$time = date(DATE_RFC822);
$url = SimpleSAML_Utilities::selfURL();
$message = <<<MESSAGE
<h1>Cron report</h1>
<p>Cron ran at {$time}</p>
<p>URL: <tt>{$url}</tt></p>
<p>Tag: {$tag}</p>
<h2>Errors</h2>
{$errorHtml}
<h2>Warnings</h2>
{$warningHtml}
<h2>Notices</h2>
{$noticeHtml}
MESSAGE;
$toAddress = $config->getString('technicalcontact_email', '*****@*****.**');
if ($toAddress == '*****@*****.**') {
SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.');
} else {
$email = new SimpleSAML_XHTML_EMail($toAddress, 'JANUS cron report', '*****@*****.**');
$email->setBody($message);
$email->send();
}
}
function casValidate($cas)
{
$service = SimpleSAML_Utilities::selfURL();
$service = preg_replace("/(\\?|&)?ticket=.*/", "", $service);
# always tagged on by cas
/**
* Got response from CAS server.
*/
if (isset($_GET['ticket'])) {
$ticket = urlencode($_GET['ticket']);
#ini_set('default_socket_timeout', 15);
if (isset($cas['validate'])) {
# cas v1 yes|no\r<username> style
$paramPrefix = strpos($cas['validate'], '?') ? '&' : '?';
$result = SimpleSAML_Utilities::fetch($cas['validate'] . $paramPrefix . 'ticket=' . $ticket . '&service=' . urlencode($service));
$res = preg_split("/\r?\n/", $result);
if (strcmp($res[0], "yes") == 0) {
return array($res[1], array());
} else {
throw new Exception("Failed to validate CAS service ticket: {$ticket}");
}
} elseif (isset($cas['serviceValidate'])) {
# cas v2 xml style
$paramPrefix = strpos($cas['serviceValidate'], '?') ? '&' : '?';
$result = SimpleSAML_Utilities::fetch($cas['serviceValidate'] . $paramPrefix . 'ticket=' . $ticket . '&service=' . urlencode($service));
$dom = DOMDocument::loadXML($result);
$xPath = new DOMXpath($dom);
$xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
$success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
if ($success->length == 0) {
$failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure");
throw new Exception("Error when validating CAS service ticket: " . $failure->item(0)->textContent);
} else {
$attributes = array();
if ($casattributes = $cas['attributes']) {
# some has attributes in the xml - attributes is a list of XPath expressions to get them
foreach ($casattributes as $name => $query) {
$attrs = $xPath->query($query);
foreach ($attrs as $attrvalue) {
$attributes[$name][] = $attrvalue->textContent;
}
}
}
$casusername = $success->item(0)->textContent;
return array($casusername, $attributes);
}
} else {
throw new Exception("validate or serviceValidate not specified");
}
/**
* First request, will redirect the user to the CAS server for authentication.
*/
} else {
SimpleSAML_Logger::info("AUTH - cas-ldap: redirecting to {$cas['login']}");
SimpleSAML_Utilities::redirectTrustedURL($cas['login'], array('service' => $service));
}
}
/**
* Create a new NotFound error
*
* @param string $reason Optional description of why the given page could not be found.
*/
public function __construct($reason = NULL)
{
assert('is_null($reason) || is_string($reason)');
$url = SimpleSAML_Utilities::selfURL();
if ($reason === NULL) {
parent::__construct(array('NOTFOUND', '%URL%' => $url));
} else {
parent::__construct(array('NOTFOUNDREASON', '%URL%' => $url, '%REASON%' => $reason));
}
$this->reason = $reason;
}
$server->add_signature_method($hmac_method);
$server->add_signature_method($plaintext_method);
$server->add_signature_method($rsa_method);
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
$as = $oauthconfig->getString('auth');
if (!$session->isValid($as)) {
SimpleSAML_Auth_Default::initLogin($as, SimpleSAML_Utilities::selfURL());
}
if (!empty($_REQUEST['consent'])) {
$consumer = $store->lookup_consumer_by_requestToken($requestToken);
$t = new SimpleSAML_XHTML_Template($config, 'oauth:consent.php');
$t->data['header'] = '{status:header_saml20_sp}';
$t->data['consumer'] = $consumer;
// array containint {name, description, key, secret, owner} keys
$t->data['urlAgree'] = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array("consent" => "yes"));
$t->data['logouturl'] = SimpleSAML_Utilities::selfURLNoQuery() . '?logout';
$t->show();
exit;
// and be done.
}
$attributes = $session->getAttributes();
// Assume user consent at this point and proceed with authorizing the token
list($url, $verifier) = $store->authorize($requestToken, $attributes);
if ($url) {
// If authorize() returns a URL, take user there (oauth1.0a)
SimpleSAML_Utilities::redirectTrustedURL($url);
} else {
if (isset($_REQUEST['oauth_callback'])) {
// If callback was provided in the request (oauth1.0)
SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['oauth_callback']);
/**
* Retrieve a URL that can be used to log the user out.
*
* @param string|NULL $returnTo The page the user should be returned to afterwards.
* If this parameter is NULL, the user will be returned to the current page.
* @return string A URL which is suitable for use in link-elements.
*/
public function getLogoutURL($returnTo = NULL)
{
assert('is_null($returnTo) || is_string($returnTo)');
if ($returnTo === NULL) {
$returnTo = SimpleSAML_Utilities::selfURL();
}
$logout = SimpleSAML_Module::getModuleURL('core/as_logout.php', array('AuthId' => $this->authSource, 'ReturnTo' => $returnTo));
return $logout;
}
}
if (isset($this->data['hideLanguageBar']) && $this->data['hideLanguageBar'] === TRUE) {
$includeLanguageBar = FALSE;
}
if ($includeLanguageBar) {
$languages = $this->getLanguageList();
if (count($languages) > 1) {
echo '<div id="languagebar">';
$langnames = array('no' => 'Bokmål', 'nn' => 'Nynorsk', 'se' => 'Sámegiella', 'sam' => 'Åarjelh-saemien giele', 'da' => 'Dansk', 'en' => 'English', 'de' => 'Deutsch', 'sv' => 'Svenska', 'fi' => 'Suomeksi', 'es' => 'Español', 'fr' => 'Français', 'it' => 'Italiano', 'nl' => 'Nederlands', 'lb' => 'Lëtzebuergesch', 'cs' => 'Čeština', 'sl' => 'Slovenščina', 'lt' => 'Lietuvių kalba', 'hr' => 'Hrvatski', 'hu' => 'Magyar', 'pl' => 'Język polski', 'pt' => 'Português', 'pt-br' => 'Português brasileiro', 'ru' => 'русский язык', 'et' => 'eesti keel', 'tr' => 'Türkçe', 'el' => 'ελληνικά', 'ja' => '日本語', 'zh' => '简体中文', 'zh-tw' => '繁體中文', 'ar' => 'العربية', 'fa' => 'پارسی', 'ur' => 'اردو', 'he' => 'עִבְרִית', 'id' => 'Bahasa Indonesia', 'sr' => 'Srpski', 'lv' => 'Latviešu', 'ro' => 'Românește', 'eu' => 'Euskara');
$textarray = array();
foreach ($languages as $lang => $current) {
$lang = strtolower($lang);
if ($current) {
$textarray[] = $langnames[$lang];
} else {
$textarray[] = '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array($this->languageParameterName => $lang))) . '">' . $langnames[$lang] . '</a>';
}
}
echo join(' | ', $textarray);
echo '</div>';
}
}
?>
<br>
<h6 class="muted text-center">This template is proportioned by Raptor</h6>
<h6 class="muted text-center">Please edit this template in: web/SSO/simplesamlphp/modules/core/template/raptorloginuserpass.php</h6><br>
</div>
<!-- // main-content -->
</div>
/**
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$supportedBindings = array(SAML2_Const::BINDING_HTTP_POST);
if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) {
$supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT;
}
if ($idpMetadata->getBoolean('saml20.hok.assertion', FALSE)) {
$supportedBindings[] = SAML2_Const::BINDING_HOK_SSO;
}
if (isset($_REQUEST['spentityid'])) {
/* IdP initiated authentication. */
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int) $_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL());
}
}
$spEntityId = (string) $_REQUEST['spentityid'];
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
if (isset($_REQUEST['RelayState'])) {
$relayState = (string) $_REQUEST['RelayState'];
} else {
$relayState = NULL;
}
if (isset($_REQUEST['binding'])) {
$protocolBinding = (string) $_REQUEST['binding'];
} else {
$protocolBinding = NULL;
}
if (isset($_REQUEST['NameIDFormat'])) {
$nameIDFormat = (string) $_REQUEST['NameIDFormat'];
} else {
$nameIDFormat = NULL;
}
$requestId = NULL;
$IDPList = array();
$ProxyCount = NULL;
$RequesterID = NULL;
$forceAuthn = FALSE;
$isPassive = FALSE;
$consumerURL = NULL;
$consumerIndex = NULL;
$extensions = NULL;
$allowCreate = TRUE;
$idpInit = TRUE;
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: ' . var_export($spEntityId, TRUE));
} else {
$binding = SAML2_Binding::getCurrentBinding();
$request = $binding->receive();
if (!$request instanceof SAML2_AuthnRequest) {
throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.');
}
$spEntityId = $request->getIssuer();
if ($spEntityId === NULL) {
throw new SimpleSAML_Error_BadRequest('Received message on authentication request endpoint without issuer.');
}
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $request);
$relayState = $request->getRelayState();
$requestId = $request->getId();
$IDPList = $request->getIDPList();
$ProxyCount = $request->getProxyCount();
if ($ProxyCount !== null) {
$ProxyCount--;
}
$RequesterID = $request->getRequesterID();
$forceAuthn = $request->getForceAuthn();
$isPassive = $request->getIsPassive();
$consumerURL = $request->getAssertionConsumerServiceURL();
$protocolBinding = $request->getProtocolBinding();
$consumerIndex = $request->getAssertionConsumerServiceIndex();
$extensions = $request->getExtensions();
$nameIdPolicy = $request->getNameIdPolicy();
if (isset($nameIdPolicy['Format'])) {
$nameIDFormat = $nameIdPolicy['Format'];
} else {
$nameIDFormat = NULL;
}
if (isset($nameIdPolicy['AllowCreate'])) {
$allowCreate = $nameIdPolicy['AllowCreate'];
} else {
$allowCreate = FALSE;
}
$idpInit = FALSE;
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: ' . var_export($spEntityId, TRUE));
}
SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'forceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'protocol' => 'saml2', 'idpInit' => $idpInit));
$acsEndpoint = self::getAssertionConsumerService($supportedBindings, $spMetadata, $consumerURL, $protocolBinding, $consumerIndex);
$IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array())));
if ($ProxyCount == null) {
$ProxyCount = $spMetadata->getInteger('ProxyCount', null);
}
if (!$forceAuthn) {
$forceAuthn = $spMetadata->getBoolean('ForceAuthn', FALSE);
}
$sessionLostParams = array('spentityid' => $spEntityId, 'cookieTime' => time());
if ($relayState !== NULL) {
$sessionLostParams['RelayState'] = $relayState;
}
$sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), $sessionLostParams);
$state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendResponse'), SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC => array('sspmod_saml_IdP_SAML2', 'handleAuthError'), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'SPMetadata' => $spMetadata->toArray(), 'saml:RelayState' => $relayState, 'saml:RequestId' => $requestId, 'saml:IDPList' => $IDPList, 'saml:ProxyCount' => $ProxyCount, 'saml:RequesterID' => $RequesterID, 'ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'saml:ConsumerURL' => $acsEndpoint['Location'], 'saml:Binding' => $acsEndpoint['Binding'], 'saml:NameIDFormat' => $nameIDFormat, 'saml:AllowCreate' => $allowCreate, 'saml:Extensions' => $extensions);
$idp->handleAuthenticationRequest($state);
}
throw new SimpleSAML_Error_Error('METADATA', $exception);
}
if (!isset($session) || !$session->isValid('shib13')) {
if ($idpentityid == null) {
SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: No chosen or default IdP, go to Shib13disco');
/* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
* Falling back to builtin discovery service.
*/
if (array_key_exists('idpdisco.url', $spmetadata)) {
$discservice = $spmetadata['idpdisco.url'];
} elseif ($config->getString('idpdisco.url.shib13', NULL) !== NULL) {
$discservice = $config->getString('idpdisco.url.shib13');
} else {
$discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php';
}
SimpleSAML_Utilities::redirect($discservice, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'));
}
try {
$ar = new SimpleSAML_XML_Shib13_AuthnRequest();
$ar->setIssuer($spentityid);
if (isset($_GET['RelayState'])) {
$ar->setRelayState($_GET['RelayState']);
}
SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
$url = $ar->createRedirect($idpentityid);
SimpleSAML_Utilities::redirect($url);
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
}
} else {
$relaystate = $session->getRelayState();
/* Load simpleSAMLphp, configuration and metadata */
$session = SimpleSAML_Session::getSessionFromRequest();
$config = SimpleSAML_Configuration::getInstance();
$janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
$authsource = $janus_config->getValue('auth', 'login-admin');
$useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
$as = new SimpleSAML_Auth_Simple($authsource);
if ($as->isAuthenticated()) {
$attributes = $as->getAttributes();
// Check if userid exists
if (!isset($attributes[$useridattr])) {
throw new Exception('User ID is missing');
}
$userid = $attributes[$useridattr][0];
} else {
$session->setData('string', 'refURL', SimpleSAML_Utilities::selfURL());
SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php'));
}
if (isset($_GET['eid'])) {
$eid = $_GET['eid'];
} else {
throw new SimpleSAML_Error_Exception('Eid must be set');
}
if (isset($_GET['revisionid'])) {
$revisionid = $_GET['revisionid'];
} else {
throw new SimpleSAML_Error_Exception('Revisionid must be set');
}
$md_options = $janus_config->getValue('mdexport.default_options');
$metaxml = sspmod_janus_MetaExport::getReadableXMLMetadata($eid, $revisionid, array('maxCache' => $md_options['maxCache'], 'maxDuration' => $md_options['maxDuration']));
$metaflat = sspmod_janus_MetaExport::getFlatMetadata($eid, $revisionid);
assert('array_key_exists("SimpleSAML_Auth_Source.id", $state)');
$authId = $state['SimpleSAML_Auth_Source.id'];
$as = SimpleSAML_Configuration::getConfig('authsources.php')->getValue($authId);
// Use 2 factor authentication class
$gaLogin = SimpleSAML_Auth_Source::getById($authId, 'sspmod_authtfaga_Auth_Source_authtfaga');
if ($gaLogin === null) {
throw new Exception('Invalid authentication source: ' . $authId);
}
// Init template
$template = 'authtfaga:login.php';
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, $template);
$errorCode = null;
//If user doesn't have session, force to use the main authentication method
if (!$session->isValid($as['mainAuthSource'])) {
SimpleSAML_Auth_Default::initLogin($as['mainAuthSource'], SimpleSAML_Utilities::selfURL());
}
$attributes = $session->getAuthData($as['mainAuthSource'], 'Attributes');
$state['Attributes'] = $attributes;
$uid = $attributes[$as['uidField']][0];
$state['UserID'] = $uid;
$isEnabled = $gaLogin->isEnabled2fa($uid);
if (is_null($isEnabled) || isset($_GET['postSetEnable2fa'])) {
//If the user has not set his preference of 2 factor authentication, redirect to settings page
if (isset($_POST['setEnable2f'])) {
if ($_POST['setEnable2f'] == 1) {
$gaKey = $gaLogin->createSecret();
$gaLogin->registerGAkey($uid, $gaKey);
$gaLogin->enable2fa($uid);
$t->data['todo'] = 'generateGA';
$t->data['autofocus'] = 'otp';
/**
* Start a logout operation.
*
* @param string|NULL $url The URL the user should be redirected to after logging out.
* Defaults to the current page.
* @deprecated
*/
public function logout($url = NULL)
{
if ($url === NULL) {
$url = SimpleSAML_Utilities::selfURL();
}
$session = SimpleSAML_Session::getSessionFromRequest();
if (!$session->isValid($this->authority)) {
/* Not authenticated to this authentication source. */
SimpleSAML_Utilities::redirectTrustedURL($url);
assert('FALSE');
}
if ($this->authority === 'saml2') {
$config = SimpleSAML_Configuration::getInstance();
SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php', array('RelayState' => $url));
}
$session->doLogout($this->authority);
SimpleSAML_Utilities::redirectTrustedURL($url);
}
exit;
}
}
#print_r($_REQUEST['tag']) ; exit;
if (!is_null($cronconfig->getValue('allowed_tags'))) {
if (!in_array($_REQUEST['tag'], $cronconfig->getValue('allowed_tags'))) {
SimpleSAML_Logger::error('Cron - Illegal tag [' . $_REQUEST['tag'] . '].');
exit;
}
}
$summary = array();
$croninfo = array('summary' => &$summary, 'tag' => $_REQUEST['tag']);
SimpleSAML_Module::callHooks('cron', $croninfo);
foreach ($summary as $s) {
SimpleSAML_Logger::debug('Cron - Summary: ' . $s);
}
if ($cronconfig->getValue('sendemail', TRUE) && count($summary) > 0) {
$statustext = '<ul><li>' . join('</li><li>', $summary) . '</li></ul>';
$message = '<h1>Cron report</h1><p>Cron ran at ' . date(DATE_RFC822) . '</p>' . '<p>URL: <tt>' . SimpleSAML_Utilities::selfURL() . '</tt></p>' . '<p>Tag: ' . $_REQUEST['tag'] . "</p>\n\n" . $statustext;
$toaddress = $config->getString('technicalcontact_email', '*****@*****.**');
if ($toaddress == '*****@*****.**') {
SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.');
} else {
$email = new SimpleSAML_XHTML_EMail($toaddress, 'simpleSAMLphp cron report', '*****@*****.**');
$email->setBody($message);
$email->send();
}
}
#$t = new SimpleSAML_XHTML_Template($config, 'modinfo:modlist.php');
#$t->data['modules'] = $modinfo;
#$t->show();
/**
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int) $_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL());
}
}
if (!isset($_REQUEST['providerId'])) {
throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.');
}
$spEntityId = (string) $_REQUEST['providerId'];
if (!isset($_REQUEST['shire'])) {
throw new SimpleSAML_Error_BadRequest('Missing shire parameter.');
}
$shire = (string) $_REQUEST['shire'];
if (isset($_REQUEST['target'])) {
$target = $_REQUEST['target'];
} else {
$target = NULL;
}
SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.');
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
$found = FALSE;
foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') {
continue;
}
if ($ep['Location'] !== $shire) {
continue;
}
$found = TRUE;
break;
}
if (!$found) {
throw new Exception('Invalid AssertionConsumerService for SP ' . var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));
}
SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'protocol' => 'saml1'));
$sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('cookieTime' => time()));
$state = array('Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'), 'SPMetadata' => $spMetadata->toArray(), 'saml:shire' => $shire, 'saml:target' => $target, 'saml:AuthnRequestReceivedAt' => microtime(TRUE));
$idp->handleAuthenticationRequest($state);
}
/**
* Log the user out.
* Ajout : Efface la variable de la source d'authentification de la session
* Ajout : ne fait pas le logout de la source si c'est précisé dans la configuration. La fonction retourne dans ce cas là
*
* This function logs the user out. It will never return. By default,
* it will cause a redirect to the current page after logging the user
* out, but a different URL can be given with the $params parameter.
*
* Generic parameters are:
* - 'ReturnTo': The URL the user should be returned to after logout.
* - 'ReturnCallback': The function that should be called after logout.
* - 'ReturnStateParam': The parameter we should return the state in when redirecting.
* - 'ReturnStateStage': The stage the state array should be saved with.
*
* @param string|array|NULL $params Either the url the user should be redirected to after logging out,
* or an array with parameters for the logout. If this parameter is
* NULL, we will return to the current page.
*/
public function logout($params = NULL) {
unset($_SESSION['utilisateur_saml_source']);
if ($this->getDoSourceLogout()) {
parent::logout($params);
} else {
assert('is_array($params) || is_string($params) || is_null($params)');
if ($params === NULL) {
$params = SimpleSAML_Utilities::selfURL();
}
if (is_string($params)) {
$params = array(
'ReturnTo' => $params,
);
}
assert('is_array($params)');
assert('isset($params["ReturnTo"]) || isset($params["ReturnCallback"])');
if (isset($params['ReturnStateParam']) || isset($params['ReturnStateStage'])) {
assert('isset($params["ReturnStateParam"]) && isset($params["ReturnStateStage"])');
}
$session = SimpleSAML_Session::getInstance();
if ($session->isValid($this->authSource)) {
$state = $session->getAuthData($this->authSource, 'LogoutState');
if ($state !== NULL) {
$params = array_merge($state, $params);
}
$session->doLogout($this->authSource);
$params['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted');
}
//on rajoute dans la requet le portal_return_url, ça sera utilisé dans un refresh ultérieur (logout.php ou Session.class.php)
if (isset($params["ReturnTo"])) {
$portal_return_url = $this->getPortalReturnUrl();
//echo $portal_return_url;die;
if ($portal_return_url != null) {
if (strpos($params["ReturnTo"],'?') === false) {
$portal_parameter = '?portal_return_url='.$portal_return_url;
} else {
$portal_parameter = '&portal_return_url='.$portal_return_url;
}
$params["ReturnTo"] .= $portal_parameter;
}
}
self::logoutCompleted($params);
}
}
</div>
<?php
}
?>
<h2 style="break: both"><?php
echo $this->t('{authX509:X509error:certificate_header}');
?>
</h2>
<p><?php
echo $this->t('{authX509:X509error:certificate_text}');
?>
</p>
<a href="<?php
echo htmlspecialchars(SimpleSAML_Utilities::selfURL());
?>
">
<?php
echo $this->t('{login:login_button}');
?>
</a>
<?php
if (!empty($this->data['links'])) {
echo '<ul class="links" style="margin-top: 2em">';
foreach ($this->data['links'] as $l) {
echo '<li><a href="' . htmlspecialchars($l['href']) . '">' . htmlspecialchars($this->t($l['text'])) . '</a></li>';
}
echo '</ul>';
}
}
}
echo "</ul>";
echo <<<TRSTART
\t </div></td></tr>
</table>
</td>
\t
<td class='caAllowed'><input onClick="javascript:checkConsent(this.value, {$show_spid}, this.checked)" value='{$consentValue}' type='checkbox' {$checkedAttr}><span id="consentText{$show_spid}">{$consentText}</span></td>
TRSTART;
echo "</td></tr>\n";
$show_spid++;
}
?>
</table>
<p>
<?php
echo $this->t('consentadmin_description2');
?>
</p>
<h2>Logout</h2>
<p><a href="<?php
echo SimpleSAML_Utilities::selfURL() . '?logout';
?>
">Logout</a></p>
<?php
$this->includeAtTemplateBase('includes/footer.php');
SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
/* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
* Falling back to builtin discovery service.
*/
if (array_key_exists('idpdisco.url', $spmetadata)) {
$discourl = $spmetadata['idpdisco.url'];
} elseif ($config->getString('idpdisco.url.saml20', NULL) !== NULL) {
$discourl = $config->getString('idpdisco.url.saml20');
} else {
$discourl = SimpleSAML_Utilities::getBaseURL() . 'saml2/sp/idpdisco.php';
}
$extDiscoveryStorage = $config->getString('idpdisco.extDiscoveryStorage', NULL);
if ($extDiscoveryStorage !== NULL) {
SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::addURLparameter($discourl, array('return' => SimpleSAML_Utilities::selfURL(), 'remember' => 'true', 'entityID' => $spentityid, 'returnIDParam' => 'idpentityid')), 'returnIDParam' => 'idpentityid', 'isPassive' => 'true'));
}
$discoparameters = array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid');
$discoparameters['isPassive'] = $isPassive;
if (sizeof($reachableIDPs) > 0) {
$discoparameters['IDPList'] = $reachableIDPs;
}
SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters);
}
/*
* Create and send authentication request to the IdP.
*/
try {
$spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-hosted');
$idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-remote');
$ar = sspmod_saml_Message::buildAuthnRequest($spMetadata, $idpMetadata);
$assertionConsumerServiceURL = $metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted');
$ar->setAssertionConsumerServiceURL($assertionConsumerServiceURL);
$et->show();
exit;
}
$authsource = $janus_config->getValue('auth', 'login-admin');
$useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
if ($session->isValid($authsource)) {
$attributes = $session->getAttributes();
// Check if userid exists
if (!isset($attributes[$useridattr])) {
throw new Exception('User ID is missing');
}
$userid = $attributes[$useridattr][0];
} else {
$returnURL = $session->getData('string', 'refURL');
if (is_null($returnURL)) {
$returnURL = SimpleSAML_Utilities::selfURL();
} else {
$session->deleteData('string', 'refURL');
}
SimpleSAML_Auth_Default::initLogin($authsource, $returnURL, NULL, $_GET);
}
$user = new sspmod_janus_User();
$user->setUserid($userid);
if (!$user->load(sspmod_janus_User::USERID_LOAD)) {
$autocreatenewuser = $janus_config->getValue('user.autocreate', false);
if ($autocreatenewuser) {
SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/newUser.php'), array('userid' => $userid));
} else {
SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/noNewUser.php'), array('userid' => $userid));
}
} else {
$cronconfig = SimpleSAML_Configuration::getConfig('module_cron.php');
if (!is_null($cronconfig->getValue('key'))) {
if ($_REQUEST['key'] !== $cronconfig->getValue('key')) {
SimpleSAML_Logger::error('Cron - Wrong key provided. Cron will not run.');
exit;
}
}
if (!is_null($cronconfig->getValue('allowed_tags'))) {
if (!in_array($_REQUEST['tag'], $cronconfig->getValue('allowed_tags'))) {
SimpleSAML_Logger::error('Cron - Illegal tag [' . $_REQUEST['tag'] . '].');
exit;
}
}
$summary = array();
$croninfo = array('summary' => &$summary, 'tag' => $_REQUEST['tag']);
$url = SimpleSAML_Utilities::selfURL();
$time = date(DATE_RFC822);
SimpleSAML_Module::callHooks('cron', $croninfo);
foreach ($summary as $s) {
SimpleSAML_Logger::debug('Cron - Summary: ' . $s);
}
if ($cronconfig->getValue('sendemail', TRUE) && count($summary) > 0) {
$message = '<h1>Cron report</h1><p>Cron ran at ' . $time . '</p>' . '<p>URL: <tt>' . $url . '</tt></p>' . '<p>Tag: ' . $croninfo['tag'] . "</p>\n\n" . '<ul><li>' . join('</li><li>', $summary) . '</li></ul>';
$toaddress = $config->getString('technicalcontact_email', '*****@*****.**');
if ($toaddress == '*****@*****.**') {
SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.');
} else {
$email = new SimpleSAML_XHTML_EMail($toaddress, 'simpleSAMLphp cron report', '*****@*****.**');
$email->setBody($message);
$email->send();
}
<?php
$languages = $this->getLanguageList();
$langnames = array('no' => 'Bokmål', 'nn' => 'Nynorsk', 'se' => 'Sámegiella', 'sam' => 'Åarjelh-saemien giele', 'da' => 'Dansk', 'en' => 'English', 'de' => 'Deutsch', 'sv' => 'Svenska', 'fi' => 'Suomeksi', 'es' => 'Español', 'fr' => 'Français', 'it' => 'Italiano', 'nl' => 'Nederlands', 'lb' => 'Luxembourgish', 'cs' => 'Czech', 'sl' => 'Slovenščina', 'lt' => 'Lietuvių kalba', 'hr' => 'Hrvatski', 'hu' => 'Magyar', 'pl' => 'Polski', 'pt' => 'Português', 'pt-BR' => 'Português brasileiro', 'ru' => 'русский язык', 'et' => 'Eesti keel', 'tr' => 'Türkçe', 'el' => 'ελληνικά', 'ja' => '日本語', 'zh-tw' => '中文', 'ar' => 'العربية', 'fa' => 'پارسی', 'ur' => 'اردو', 'he' => 'עִבְרִית');
if (empty($_POST)) {
foreach ($languages as $lang => $current) {
if ($current) {
echo '<li class="pull-right dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown">' . '<span class="glyphicon glyphicon-flag"></span> ' . $langnames[$lang] . ' <b class="caret"></b></a>';
}
}
echo '<ul class="dropdown-menu">';
$textarray = array();
foreach ($languages as $lang => $current) {
if (!$current) {
$url = htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), array('language' => $lang)));
$title = $langnames[$lang];
echo '<li><a href="' . $url . '">' . $title . '</a></li>';
}
}
echo '</ul>';
}
* @package simpleSAMLphp
* @version $Id$
*/
require_once '../../_include.php';
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
SimpleSAML_Logger::info('WS-Fed - SP.initSSO: Accessing WS-Fed SP initSSO script');
if (!$config->getBoolean('enable.wsfed-sp', false)) {
throw new SimpleSAML_Error_Error('NOACCESS');
}
if (empty($_GET['RelayState'])) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
try {
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getString('default-wsfed-idp', NULL);
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('wsfed-sp-hosted');
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('METADATA', $exception);
}
if ($idpentityid == null) {
SimpleSAML_Logger::info('WS-Fed - SP.initSSO: No chosen or default IdP, go to WSFeddisco');
SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'wsfed/sp/idpdisco.php', array('entityID' => $spentityid, 'return' => SimpleSAML_Utilities::selfURL(), 'returnIDParam' => 'idpentityid'));
}
try {
$relaystate = $_GET['RelayState'];
$idpmeta = $metadata->getMetaData($idpentityid, 'wsfed-idp-remote');
$spmeta = $metadata->getMetaData($spentityid, 'wsfed-sp-hosted');
SimpleSAML_Utilities::redirect($idpmeta['prp'], array('wa' => 'wsignin1.0', 'wct' => gmdate('Y-m-d\\TH:i:s\\Z', time()), 'wtrealm' => $spentityid, 'wctx' => $relaystate));
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
}
/**
* Require admin access for current page.
*
* This is a helper-function for limiting a page to admin access. It will redirect
* the user to a login page if the current user doesn't have admin access.
*/
public static function requireAdmin()
{
if (self::isAdmin()) {
return;
}
$returnTo = SimpleSAML_Utilities::selfURL();
/* Not authenticated as admin user. Start authentication. */
if (SimpleSAML_Auth_Source::getById('admin') !== NULL) {
$as = new SimpleSAML_Auth_Simple('admin');
$as->login();
} else {
/* For backwards-compatibility. */
$config = SimpleSAML_Configuration::getInstance();
SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php', array('RelayState' => $returnTo));
}
}
<?php
require_once '../_include.php';
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
if (!$session->isValid('wsfed')) {
SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'wsfed/sp/initSSO.php', array('RelayState' => SimpleSAML_Utilities::selfURL()));
}
$attributes = $session->getAuthData('wsfed', 'Attributes');
$t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes');
$t->data['header'] = '{status:header_wsfed}';
$t->data['remaining'] = $session->getAuthData('wsfed', 'Expire') - time();
$t->data['sessionsize'] = $session->getSize();
$t->data['attributes'] = $attributes;
$t->data['logouturl'] = '/' . $config->getBaseURL() . 'wsfed/sp/initSLO.php?RelayState=/' . $config->getBaseURL() . 'logout.php';
$t->show();
<?php
require_once '../_include.php';
/* Load simpleSAMLphp, configuration */
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
/* Check if valid local session exists.. */
SimpleSAML_Utilities::requireAdmin();
$attributes = array();
$attributes['HTTP_HOST'] = array($_SERVER['HTTP_HOST']);
$attributes['HTTPS'] = array($_SERVER['HTTPS']);
$attributes['SERVER_PROTOCOL'] = array($_SERVER['SERVER_PROTOCOL']);
$attributes['SERVER_PORT'] = array($_SERVER['SERVER_PORT']);
$attributes['Utilities_getBaseURL()'] = array(SimpleSAML_Utilities::getBaseURL());
$attributes['Utilities_getSelfHost()'] = array(SimpleSAML_Utilities::getSelfHost());
$attributes['Utilities_selfURLhost()'] = array(SimpleSAML_Utilities::selfURLhost());
$attributes['Utilities_selfURLNoQuery()'] = array(SimpleSAML_Utilities::selfURLNoQuery());
$attributes['Utilities_getSelfHostWithPath()'] = array(SimpleSAML_Utilities::getSelfHostWithPath());
$attributes['Utilities_getFirstPathElement()'] = array(SimpleSAML_Utilities::getFirstPathElement());
$attributes['Utilities_selfURL()'] = array(SimpleSAML_Utilities::selfURL());
$et = new SimpleSAML_XHTML_Template($config, 'status.php');
$et->data['header'] = '{status:header_diagnostics}';
$et->data['remaining'] = 'na';
$et->data['attributes'] = $attributes;
$et->data['valid'] = 'na';
$et->data['logout'] = null;
$et->show();
/**
* Process an authentication response.
*
* @param array &$state The state array.
*/
public function postAuth(array &$state)
{
$consumer = $this->getConsumer($state);
$return_to = SimpleSAML_Utilities::selfURL();
// Complete the authentication process using the server's
// response.
$response = $consumer->complete($return_to);
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
// This means the authentication was cancelled.
throw new SimpleSAML_Error_UserAborted();
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
throw new SimpleSAML_Error_AuthSource($this->authId, 'Authentication failed: ' . var_export($response->message, TRUE));
} else {
if ($response->status != Auth_OpenID_SUCCESS) {
throw new SimpleSAML_Error_AuthSource($this->authId, 'General error. Try again.');
}
}
}
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$openid = $response->identity_url;
$attributes = array('openid' => array($openid));
$attributes['openid.server_url'] = array($response->endpoint->server_url);
if ($response->endpoint->canonicalID) {
$attributes['openid.canonicalID'] = array($response->endpoint->canonicalID);
}
if ($response->endpoint->local_id) {
$attributes['openid.local_id'] = array($response->endpoint->local_id);
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response, $this->validateSReg);
$sregresponse = $sreg_resp->contents();
if (is_array($sregresponse) && count($sregresponse) > 0) {
$attributes['openid.sregkeys'] = array_keys($sregresponse);
foreach ($sregresponse as $sregkey => $sregvalue) {
$attributes['openid.sreg.' . $sregkey] = array($sregvalue);
}
}
// Get AX response information
$ax = new Auth_OpenID_AX_FetchResponse();
$ax_resp = $ax->fromSuccessResponse($response);
if ($ax_resp instanceof Auth_OpenID_AX_FetchResponse && !empty($ax_resp->data)) {
$axresponse = $ax_resp->data;
$attributes['openid.axkeys'] = array_keys($axresponse);
foreach ($axresponse as $axkey => $axvalue) {
if (preg_match("/^\\w+:/", $axkey)) {
$attributes[$axkey] = is_array($axvalue) ? $axvalue : array($axvalue);
} else {
SimpleSAML_Logger::warning('Invalid attribute name in AX response: ' . var_export($axkey, TRUE));
}
}
}
SimpleSAML_Logger::debug('OpenID Returned Attributes: ' . implode(", ", array_keys($attributes)));
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
}
/**
* Receive an authentication request.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveAuthnRequest(SimpleSAML_IdP $idp)
{
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$supportedBindings = array(SAML2_Const::BINDING_HTTP_POST);
if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) {
$supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT;
}
if (isset($_REQUEST['spentityid'])) {
/* IdP initiated authentication. */
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int) $_REQUEST['cookieTime'];
if ($cookieTime + 5 > time()) {
/*
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
SimpleSAML_Utilities::checkCookie(SimpleSAML_Utilities::selfURL());
}
}
$spEntityId = (string) $_REQUEST['spentityid'];
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
if (isset($_REQUEST['RelayState'])) {
$relayState = (string) $_REQUEST['RelayState'];
} else {
$relayState = NULL;
}
if (isset($_REQUEST['binding'])) {
$protocolBinding = (string) $_REQUEST['binding'];
} else {
$protocolBinding = NULL;
}
if (isset($_REQUEST['NameIDFormat'])) {
$nameIDFormat = (string) $_REQUEST['NameIDFormat'];
} else {
$nameIDFormat = NULL;
}
$requestId = NULL;
$IDPList = array();
$ProxyCount = NULL;
$RequesterID = NULL;
$forceAuthn = FALSE;
$isPassive = FALSE;
$consumerURL = NULL;
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: ' . var_export($spEntityId, TRUE));
} else {
$binding = SAML2_Binding::getCurrentBinding();
$request = $binding->receive();
if (!$request instanceof SAML2_AuthnRequest) {
throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.');
}
$spEntityId = $request->getIssuer();
if ($spEntityId === NULL) {
throw new SimpleSAML_Error_BadRequest('Received message on authentication request endpoint without issuer.');
}
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $request);
$relayState = $request->getRelayState();
$requestId = $request->getId();
$IDPList = $request->getIDPList();
$ProxyCount = $request->getProxyCount();
if ($ProxyCount !== null) {
$ProxyCount--;
}
$RequesterID = $request->getRequesterID();
$forceAuthn = $request->getForceAuthn();
$isPassive = $request->getIsPassive();
$consumerURL = $request->getAssertionConsumerServiceURL();
$protocolBinding = $request->getProtocolBinding();
$nameIdPolicy = $request->getNameIdPolicy();
if (isset($nameIdPolicy['Format'])) {
$nameIDFormat = $nameIdPolicy['Format'];
} else {
$nameIDFormat = NULL;
}
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: ' . var_export($spEntityId, TRUE));
}
if ($protocolBinding === NULL || !in_array($protocolBinding, $supportedBindings, TRUE)) {
/*
* No binding specified or unsupported binding requested - default to HTTP-POST.
* TODO: Select any supported binding based on default endpoint?
*/
$protocolBinding = SAML2_Const::BINDING_HTTP_POST;
}
if ($consumerURL !== NULL) {
$found = FALSE;
foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) {
if ($ep['Binding'] !== $protocolBinding) {
continue;
}
if ($ep['Location'] !== $consumerURL) {
continue;
}
$found = TRUE;
break;
}
if (!$found) {
SimpleSAML_Logger::warning('Authentication request from ' . var_export($spEntityId, TRUE) . ' contains invalid AssertionConsumerService URL. Was ' . var_export($consumerURL, TRUE) . '.');
$consumerURL = NULL;
}
}
if ($consumerURL === NULL) {
/* Not specified or invalid. Use default. */
$consumerURL = $spMetadata->getDefaultEndpoint('AssertionConsumerService', array($protocolBinding));
$consumerURL = $consumerURL['Location'];
}
$IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array())));
if ($ProxyCount == null) {
$ProxyCount = $spMetadata->getInteger('ProxyCount', null);
}
if (!$forceAuthn) {
$forceAuthn = $spMetadata->getBoolean('ForceAuthn', FALSE);
}
$sessionLostParams = array('spentityid' => $spEntityId, 'cookieTime' => time());
if ($relayState !== NULL) {
$sessionLostParams['RelayState'] = $relayState;
}
$sessionLostURL = SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), $sessionLostParams);
$state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendResponse'), SimpleSAML_Auth_State::EXCEPTION_HANDLER_FUNC => array('sspmod_saml_IdP_SAML2', 'handleAuthError'), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'SPMetadata' => $spMetadata->toArray(), 'saml:RelayState' => $relayState, 'saml:RequestId' => $requestId, 'saml:IDPList' => $IDPList, 'saml:ProxyCount' => $ProxyCount, 'saml:RequesterID' => $RequesterID, 'ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive, 'saml:ConsumerURL' => $consumerURL, 'saml:Binding' => $protocolBinding, 'saml:NameIDFormat' => $nameIDFormat);
$idp->handleAuthenticationRequest($state);
}
/* Load simpleSAMLphp, configuration and metadata */
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
$metaconfig = SimpleSAML_Configuration::getConfig('module_metaedit.php');
$mdh = new SimpleSAML_Metadata_MetaDataStorageHandlerSerialize($metaconfig->getValue('metahandlerConfig', NULL));
$authsource = $metaconfig->getValue('auth', 'login-admin');
$useridattr = $metaconfig->getValue('useridattr', 'eduPersonPrincipalName');
if ($session->isValid($authsource)) {
$attributes = $session->getAttributes();
// Check if userid exists
if (!isset($attributes[$useridattr])) {
throw new Exception('User ID is missing');
}
$userid = $attributes[$useridattr][0];
} else {
SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL());
}
function requireOwnership($metadata, $userid)
{
if (!isset($metadata['owner'])) {
throw new Exception('Metadata has no owner. Which means no one is granted access, not even you.');
}
if ($metadata['owner'] !== $userid) {
throw new Exception('Metadata has an owner that is not equal to your userid, hence you are not granted access.');
}
}
if (array_key_exists('entityid', $_REQUEST)) {
$metadata = $mdh->getMetadata($_REQUEST['entityid'], 'saml20-sp-remote');
requireOwnership($metadata, $userid);
} elseif (array_key_exists('xmlmetadata', $_REQUEST)) {
$xmldata = $_REQUEST['xmlmetadata'];
public function requireAuth($allowAnonymous = FALSE)
{
#echo '<pre>allowanon:' . var_export($allowAnonymous, TRUE) . '</pre>';
if ($this->isAuth) {
return TRUE;
}
if (array_key_exists('auth', $_GET) && $_GET['auth'] === 'facebook') {
$this->facebookAuth();
}
if (array_key_exists('auth', $_GET) && $_GET['auth'] === 'twitter') {
$this->twitterAuth();
}
if (!empty($_REQUEST['idp']) && !$this->as->isAuthenticated()) {
$this->as->login(array('saml:idp' => $_REQUEST['idp']));
}
if (!$allowAnonymous) {
SimpleSAML_Utilities::redirect($this->disco . '?entityID=' . urlencode($this->auth->entityid) . '&returnIDParam=idp' . '&return=' . urlencode(SimpleSAML_Utilities::selfURL() . '?'));
exit;
// $this->as->requireAuth();
// exit;
}
$this->checkAnonymousSession();
}
/**
* Retrieve a admin login URL.
*
* @param string|NULL $returnTo The URL the user should arrive on after admin authentication.
* @return string A URL which can be used for admin authentication.
*/
public static function getAdminLoginURL($returnTo = NULL)
{
assert('is_string($returnTo) || is_null($returnTo)');
if ($returnTo === NULL) {
$returnTo = SimpleSAML_Utilities::selfURL();
}
return SimpleSAML_Module::getModuleURL('core/login-admin.php', array('ReturnTo' => $returnTo));
}
<?php
/**
* The _include script registers a autoloader for the simpleSAMLphp libraries. It also
* initializes the simpleSAMLphp config class with the correct path.
*/
require_once '_include.php';
/* Load simpleSAMLphp, configuration and metadata */
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
if (!$session->isValid('openid')) {
/* Authenticate with an AuthSource. */
$hints = array('openid' => NULL);
SimpleSAML_Auth_Default::initLogin('openid', SimpleSAML_Utilities::selfURL(), NULL, $hints);
}
$attributes = $session->getAttributes();
$t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes');
$t->data['header'] = '{openid:dictopenid:openidtestpage}';
$t->data['remaining'] = $session->remainingTime();
$t->data['sessionsize'] = $session->getSize();
$t->data['attributes'] = $attributes;
$t->data['icon'] = 'bino.png';
$t->data['logouturl'] = NULL;
$t->show();
