/** * Initializes the authority objects based on an associative array of arguments * @param array $args an associate array of arguments. The argument list is dependent on the authority * * General - Required keys: * TITLE => The human readable title of the AuthorityImage * INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority * * General - Optional keys: * LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in * * CAS - Required keys: * CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0": * CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1' * CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu" * CAS_PORT => The port the CAS server is listening on, e.g. "443" * CAS_PATH => The path of the CAS application, e.g. "/cas/" * CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity * of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate * validation will be performed (not recommended for production). * * CAS - Optional keys: * ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * * NOTE: Any subclass MUST call parent::init($args) to ensure proper operation * */ public function init($args) { parent::init($args); // include the PHPCAS library if (empty($args['CAS_PHPCAS_PATH'])) { require_once 'CAS.php'; } else { require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php'; } if (empty($args['CAS_PROTOCOL'])) { throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_HOST'])) { throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PORT'])) { throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PATH'])) { throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PROXY_INIT'])) { phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false); } else { phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false); if (!empty($args['CAS_PROXY_TICKET_PATH'])) { phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']); } if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) { phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']); } } if (empty($args['CAS_CA_CERT'])) { phpCAS::setNoCasServerValidation(); } else { phpCAS::setCasServerCACert($args['CAS_CA_CERT']); } // Record any attribute mapping configured. if (!empty($args['ATTRA_EMAIL'])) { CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']); } if (!empty($args['ATTRA_FIRST_NAME'])) { CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']); } if (!empty($args['ATTRA_LAST_NAME'])) { CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']); } if (!empty($args['ATTRA_FULL_NAME'])) { CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']); } // Store an attribute for group membership if configured. if (!empty($args['ATTRA_MEMBER_OF'])) { CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']); } }
public function init($args) { parent::init($args); // set field map using SHIB_XXX_FIELD = "" maps to $_SERVER values foreach ($args as $arg => $value) { if (preg_match("/^shib_(email|firstname|lastname|fullname)_field\$/", strtolower($arg), $bits)) { $key = strtolower($bits[1]); $this->fieldMap[$key] = $value; } } if (isset($args['SHIB_ATTRIBUTES']) && is_array($args['SHIB_ATTRIBUTES'])) { $this->attributes = $args['SHIB_ATTRIBUTES']; } }
public function init($args) { parent::init($args); $args = is_array($args) ? $args : array(); if (!isset($args['DB_TYPE'])) { $args = array_merge(Kurogo::getSiteSection('database'), $args); } $this->connection = new db($args); $this->tableMap = array('user' => 'users', 'group' => 'groups', 'groupmembers' => 'groupmembers'); $this->fieldMap = array('user_userid' => 'userID', 'user_password' => 'password', 'user_email' => 'email', 'user_firstname' => 'firstname', 'user_lastname' => 'lastname', 'user_fullname' => 'fullname', 'group_groupname' => 'group', 'group_gid' => 'gid', 'group_groupmember' => 'gid', 'groupmember_group' => 'gid', 'groupmember_user' => 'userID', 'groupmember_authority' => ''); foreach ($args as $arg => $value) { if (preg_match("/^db_(user|group|groupmember)_(.*?)_field\$/", strtolower($arg), $bits)) { $key = sprintf("%s_%s", $bits[1], $bits[2]); if (isset($this->fieldMap[$key])) { $this->fieldMap[$key] = $value; } } elseif (preg_match("/^db_(.*?)_table\$/", strtolower($arg), $bits)) { $key = $bits[1]; if (isset($this->tableMap[$key])) { $this->tableMap[$key] = $value; } } else { switch ($arg) { case 'DB_USER_PASSWORD_HASH': if (!in_array($value, hash_algos())) { throw new KurogoConfigurationException("Hashing algorithm {$value} not available"); } $this->hashAlgo = $value; break; case 'DB_USER_PASSWORD_SALT': $this->hashSalt = $value; break; case 'DB_GROUP_GROUPMEMBER_PROPERTY': if (!in_array($value, array('group', 'gid'))) { throw new KurogoConfigurationException("Invalid value for DB_GROUP_GROUPMEMBER_PROPERTY {$value}. Should be gid or group"); } $this->fieldMap['group_groupmember'] = $value; break; } } } }
public function init($args) { parent::init($args); $args = is_array($args) ? $args : array(); if (!isset($args['FACEBOOK_API_KEY'], $args['FACEBOOK_API_SECRET']) || strlen($args['FACEBOOK_API_KEY']) == 0 || strlen($args['FACEBOOK_API_SECRET']) == 0) { throw new KurogoConfigurationException("API key and secret not set"); } $this->api_key = $args['FACEBOOK_API_KEY']; $this->api_secret = $args['FACEBOOK_API_SECRET']; if (isset($_SESSION['fb_access_token'])) { $this->access_token = $_SESSION['fb_access_token']; } if (isset($args['FACEBOOK_API_PERMS'])) { $this->perms = array_unique(array_merge($this->perms, $args['FACEBOOK_API_PERMS'])); } }
public function init($args) { parent::init($args); $args = is_array($args) ? $args : array(); $this->ldapServer = isset($args['LDAP_HOST']) ? $args['LDAP_HOST'] : null; $this->ldapPort = isset($args['LDAP_PORT']) ? $args['LDAP_PORT'] : 389; $this->ldapSearchBase = isset($args['LDAP_SEARCH_BASE']) ? $args['LDAP_SEARCH_BASE'] : null; $this->ldapUserSearchBase = isset($args['LDAP_USER_SEARCH_BASE']) ? $args['LDAP_USER_SEARCH_BASE'] : null; $this->ldapGroupSearchBase = isset($args['LDAP_GROUP_SEARCH_BASE']) ? $args['LDAP_GROUP_SEARCH_BASE'] : null; //used if anonymous searches are not permitted (i.e. AD) $this->ldapAdminDN = isset($args['LDAP_ADMIN_DN']) ? $args['LDAP_ADMIN_DN'] : null; $this->ldapAdminPassword = isset($args['LDAP_ADMIN_PASSWORD']) ? $args['LDAP_ADMIN_PASSWORD'] : null; $this->fieldMap = $this->defaultFieldMap(); foreach ($args as $arg => $value) { if (preg_match("/^ldap_(user|group)_(.*?)_field\$/", strtolower($arg), $bits)) { if (isset($this->fieldMap[$bits[2]])) { $this->fieldMap[$bits[2]] = strtolower($value); } } } if (empty($this->ldapServer)) { throw new KurogoConfigurationException("Invalid LDAP Server"); } if (empty($this->ldapPort)) { throw new KurogoConfigurationException("Invalid LDAP Port"); } }
public function init($args) { parent::init($args); $args = is_array($args) ? $args : array(); $this->userFile = isset($args['PASSWD_USER_FILE']) ? $args['PASSWD_USER_FILE'] : null; $this->groupFile = isset($args['PASSWD_GROUP_FILE']) ? $args['PASSWD_GROUP_FILE'] : null; if ($this->userLogin != 'NONE') { if (!is_readable($this->userFile)) { throw new Exception("Unable to load password file $this->userFile"); } } }
public function init($args) { parent::init($args); $args = is_array($args) ? $args : array(); $this->tokenSessionVar = sprintf("%s_token", $this->getAuthorityIndex()); $this->tokenSecretSessionVar = sprintf("%s_tokenSecret", $this->getAuthorityIndex()); if (isset($_SESSION[$this->tokenSessionVar], $_SESSION[$this->tokenSecretSessionVar])) { $this->setToken($_SESSION[$this->tokenSessionVar]); $this->setTokenSecret($_SESSION[$this->tokenSecretSessionVar]); } }
/** * Initializes the authority objects based on an associative array of arguments * @param array $args an associate array of arguments. The argument list is dependent on the authority * * General - Required keys: * TITLE => The human readable title of the AuthorityImage * INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority * * General - Optional keys: * LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in * * CAS - Required keys: * CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0": * CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1' * CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu" * CAS_PORT => The port the CAS server is listening on, e.g. "443" * CAS_PATH => The path of the CAS application, e.g. "/cas/" * CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity * of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate * validation will be performed (not recommended for production). * * CAS - Optional keys: * ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * * NOTE: Any subclass MUST call parent::init($args) to ensure proper operation * */ public function init($args) { parent::init($args); // include the PHPCAS library if (empty($args['CAS_PHPCAS_PATH'])) { require_once 'CAS.php'; } else { require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php'; } if (!empty($args['CAS_DEBUG_LOG'])) { phpCAS::setDebug($args['CAS_DEBUG_LOG']); } if (empty($args['CAS_PROTOCOL'])) { throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_HOST'])) { throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PORT'])) { throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PATH'])) { throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PROXY_INIT'])) { phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false); } else { phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false); if (!empty($args['CAS_PROXY_TICKET_PATH']) && !empty($args['CAS_PROXY_TICKET_DB_DSN'])) { throw new KurogoConfigurationException('Only one of CAS_PROXY_TICKET_PATH or CAS_PROXY_TICKET_DB_DSN may be set for ' . $this->AuthorityTitle); } if (!empty($args['CAS_PROXY_TICKET_PATH'])) { if (version_compare(PHPCAS_VERSION, '1.3', '>=')) { phpCAS::setPGTStorageFile($args['CAS_PROXY_TICKET_PATH']); } else { phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']); } } if (!empty($args['CAS_PROXY_TICKET_DB_DSN'])) { $user = $pass = $table = $driver_opts = ''; if (!empty($args['CAS_PROXY_TICKET_DB_USER'])) { $user = $args['CAS_PROXY_TICKET_DB_USER']; } if (!empty($args['CAS_PROXY_TICKET_DB_PASS'])) { $pass = $args['CAS_PROXY_TICKET_DB_PASS']; } if (!empty($args['CAS_PROXY_TICKET_DB_TABLE'])) { $table = $args['CAS_PROXY_TICKET_DB_TABLE']; } if (!empty($args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'])) { $driver_opts = $args['CAS_PROXY_TICKET_DB_DRIVER_OPTS']; } phpCAS::setPGTStorageDb($args['CAS_PROXY_TICKET_DB_DSN'], $user, $pass, $table, $driver_opts); } if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) { phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']); } } if (empty($args['CAS_CA_CERT'])) { phpCAS::setNoCasServerValidation(); } else { phpCAS::setCasServerCACert($args['CAS_CA_CERT']); } // Record any attribute mapping configured. if (!empty($args['ATTRA_EMAIL'])) { CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']); } if (!empty($args['ATTRA_FIRST_NAME'])) { CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']); } if (!empty($args['ATTRA_LAST_NAME'])) { CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']); } if (!empty($args['ATTRA_FULL_NAME'])) { CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']); } // Store an attribute for group membership if configured. if (!empty($args['ATTRA_MEMBER_OF'])) { CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']); } }
public function init($args) { parent::init($args); $args = is_array($args) ? $args : array(); if (!isset($args['API_KEY'], $args['API_SECRET']) || strlen($args['API_KEY'])==0 || strlen($args['API_SECRET'])==0) { throw new Exception("API key and secret not set"); } $this->api_key = $args['API_KEY']; $this->api_secret = $args['API_SECRET']; if (isset($_SESSION['fb_access_token'])) { $this->access_token = $_SESSION['fb_access_token']; } }
public function init($args) { parent::init($args); $args = is_array($args) ? $args : array(); $this->userFile = isset($args['PASSWD_USER_FILE']) ? $args['PASSWD_USER_FILE'] : null; $this->groupFile = isset($args['PASSWD_GROUP_FILE']) ? $args['PASSWD_GROUP_FILE'] : null; if (isset($args['PASSWD_HASH'])) { $hashAlgo = $args['PASSWD_HASH']; if ($hashAlgo == 'site') { $hashAlgo = 'hmac_sha1'; $args['PASSWD_KEY'] = SITE_KEY; } if ($hashAlgo == 'server') { $hashAlgo = 'hmac_sha1'; $args['PASSWD_KEY'] = SERVER_KEY; } if (preg_match("/^hmac_(.+)\$/", $hashAlgo, $bits)) { if (!isset($args['PASSWD_KEY'])) { throw new KurogoConfigurationException("HMAC hash requires PASSWD_KEY"); } $this->hmac = true; $this->hashKey = $args['PASSWD_KEY']; $hashAlgo = $bits[1]; } if (!in_array($hashAlgo, hash_algos())) { throw new KurogoConfigurationException("Hashing algorithm {$hashAlgo} not available"); } $this->hashAlgo = $hashAlgo; } if ($this->userLogin != 'NONE') { if (!is_readable($this->userFile)) { throw new KurogoConfigurationException("Unable to load password file {$this->userFile}"); } } }