/**
* Initializes the authority objects based on an associative array of arguments
* @param array $args an associate array of arguments. The argument list is dependent on the authority
*
* General - Required keys:
* TITLE => The human readable title of the AuthorityImage
* INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
*
* General - Optional keys:
* LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
*
* CAS - Required keys:
* CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
* CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
* CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
* CAS_PORT => The port the CAS server is listening on, e.g. "443"
* CAS_PATH => The path of the CAS application, e.g. "/cas/"
* CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
* of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
* validation will be performed (not recommended for production).
*
* CAS - Optional keys:
* ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
*
* NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
*
*/
public function init($args)
{
parent::init($args);
// include the PHPCAS library
if (empty($args['CAS_PHPCAS_PATH'])) {
require_once 'CAS.php';
} else {
require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
}
if (empty($args['CAS_PROTOCOL'])) {
throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_HOST'])) {
throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PORT'])) {
throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PATH'])) {
throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PROXY_INIT'])) {
phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
} else {
phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
if (!empty($args['CAS_PROXY_TICKET_PATH'])) {
phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']);
}
if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) {
phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']);
}
}
if (empty($args['CAS_CA_CERT'])) {
phpCAS::setNoCasServerValidation();
} else {
phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
}
// Record any attribute mapping configured.
if (!empty($args['ATTRA_EMAIL'])) {
CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
}
if (!empty($args['ATTRA_FIRST_NAME'])) {
CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
}
if (!empty($args['ATTRA_LAST_NAME'])) {
CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
}
if (!empty($args['ATTRA_FULL_NAME'])) {
CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
}
// Store an attribute for group membership if configured.
if (!empty($args['ATTRA_MEMBER_OF'])) {
CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
}
}
public function init($args)
{
parent::init($args);
// set field map using SHIB_XXX_FIELD = "" maps to $_SERVER values
foreach ($args as $arg => $value) {
if (preg_match("/^shib_(email|firstname|lastname|fullname)_field\$/", strtolower($arg), $bits)) {
$key = strtolower($bits[1]);
$this->fieldMap[$key] = $value;
}
}
if (isset($args['SHIB_ATTRIBUTES']) && is_array($args['SHIB_ATTRIBUTES'])) {
$this->attributes = $args['SHIB_ATTRIBUTES'];
}
}
public function init($args)
{
parent::init($args);
$args = is_array($args) ? $args : array();
if (!isset($args['DB_TYPE'])) {
$args = array_merge(Kurogo::getSiteSection('database'), $args);
}
$this->connection = new db($args);
$this->tableMap = array('user' => 'users', 'group' => 'groups', 'groupmembers' => 'groupmembers');
$this->fieldMap = array('user_userid' => 'userID', 'user_password' => 'password', 'user_email' => 'email', 'user_firstname' => 'firstname', 'user_lastname' => 'lastname', 'user_fullname' => 'fullname', 'group_groupname' => 'group', 'group_gid' => 'gid', 'group_groupmember' => 'gid', 'groupmember_group' => 'gid', 'groupmember_user' => 'userID', 'groupmember_authority' => '');
foreach ($args as $arg => $value) {
if (preg_match("/^db_(user|group|groupmember)_(.*?)_field\$/", strtolower($arg), $bits)) {
$key = sprintf("%s_%s", $bits[1], $bits[2]);
if (isset($this->fieldMap[$key])) {
$this->fieldMap[$key] = $value;
}
} elseif (preg_match("/^db_(.*?)_table\$/", strtolower($arg), $bits)) {
$key = $bits[1];
if (isset($this->tableMap[$key])) {
$this->tableMap[$key] = $value;
}
} else {
switch ($arg) {
case 'DB_USER_PASSWORD_HASH':
if (!in_array($value, hash_algos())) {
throw new KurogoConfigurationException("Hashing algorithm {$value} not available");
}
$this->hashAlgo = $value;
break;
case 'DB_USER_PASSWORD_SALT':
$this->hashSalt = $value;
break;
case 'DB_GROUP_GROUPMEMBER_PROPERTY':
if (!in_array($value, array('group', 'gid'))) {
throw new KurogoConfigurationException("Invalid value for DB_GROUP_GROUPMEMBER_PROPERTY {$value}. Should be gid or group");
}
$this->fieldMap['group_groupmember'] = $value;
break;
}
}
}
}
public function init($args)
{
parent::init($args);
$args = is_array($args) ? $args : array();
if (!isset($args['FACEBOOK_API_KEY'], $args['FACEBOOK_API_SECRET']) || strlen($args['FACEBOOK_API_KEY']) == 0 || strlen($args['FACEBOOK_API_SECRET']) == 0) {
throw new KurogoConfigurationException("API key and secret not set");
}
$this->api_key = $args['FACEBOOK_API_KEY'];
$this->api_secret = $args['FACEBOOK_API_SECRET'];
if (isset($_SESSION['fb_access_token'])) {
$this->access_token = $_SESSION['fb_access_token'];
}
if (isset($args['FACEBOOK_API_PERMS'])) {
$this->perms = array_unique(array_merge($this->perms, $args['FACEBOOK_API_PERMS']));
}
}
public function init($args)
{
parent::init($args);
$args = is_array($args) ? $args : array();
$this->ldapServer = isset($args['LDAP_HOST']) ? $args['LDAP_HOST'] : null;
$this->ldapPort = isset($args['LDAP_PORT']) ? $args['LDAP_PORT'] : 389;
$this->ldapSearchBase = isset($args['LDAP_SEARCH_BASE']) ? $args['LDAP_SEARCH_BASE'] : null;
$this->ldapUserSearchBase = isset($args['LDAP_USER_SEARCH_BASE']) ? $args['LDAP_USER_SEARCH_BASE'] : null;
$this->ldapGroupSearchBase = isset($args['LDAP_GROUP_SEARCH_BASE']) ? $args['LDAP_GROUP_SEARCH_BASE'] : null;
//used if anonymous searches are not permitted (i.e. AD)
$this->ldapAdminDN = isset($args['LDAP_ADMIN_DN']) ? $args['LDAP_ADMIN_DN'] : null;
$this->ldapAdminPassword = isset($args['LDAP_ADMIN_PASSWORD']) ? $args['LDAP_ADMIN_PASSWORD'] : null;
$this->fieldMap = $this->defaultFieldMap();
foreach ($args as $arg => $value) {
if (preg_match("/^ldap_(user|group)_(.*?)_field\$/", strtolower($arg), $bits)) {
if (isset($this->fieldMap[$bits[2]])) {
$this->fieldMap[$bits[2]] = strtolower($value);
}
}
}
if (empty($this->ldapServer)) {
throw new KurogoConfigurationException("Invalid LDAP Server");
}
if (empty($this->ldapPort)) {
throw new KurogoConfigurationException("Invalid LDAP Port");
}
}
public function init($args)
{
parent::init($args);
$args = is_array($args) ? $args : array();
$this->userFile = isset($args['PASSWD_USER_FILE']) ? $args['PASSWD_USER_FILE'] : null;
$this->groupFile = isset($args['PASSWD_GROUP_FILE']) ? $args['PASSWD_GROUP_FILE'] : null;
if ($this->userLogin != 'NONE') {
if (!is_readable($this->userFile)) {
throw new Exception("Unable to load password file $this->userFile");
}
}
}
public function init($args) {
parent::init($args);
$args = is_array($args) ? $args : array();
$this->tokenSessionVar = sprintf("%s_token", $this->getAuthorityIndex());
$this->tokenSecretSessionVar = sprintf("%s_tokenSecret", $this->getAuthorityIndex());
if (isset($_SESSION[$this->tokenSessionVar], $_SESSION[$this->tokenSecretSessionVar])) {
$this->setToken($_SESSION[$this->tokenSessionVar]);
$this->setTokenSecret($_SESSION[$this->tokenSecretSessionVar]);
}
}
/**
* Initializes the authority objects based on an associative array of arguments
* @param array $args an associate array of arguments. The argument list is dependent on the authority
*
* General - Required keys:
* TITLE => The human readable title of the AuthorityImage
* INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
*
* General - Optional keys:
* LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
*
* CAS - Required keys:
* CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
* CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
* CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
* CAS_PORT => The port the CAS server is listening on, e.g. "443"
* CAS_PATH => The path of the CAS application, e.g. "/cas/"
* CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
* of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
* validation will be performed (not recommended for production).
*
* CAS - Optional keys:
* ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
*
* NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
*
*/
public function init($args)
{
parent::init($args);
// include the PHPCAS library
if (empty($args['CAS_PHPCAS_PATH'])) {
require_once 'CAS.php';
} else {
require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
}
if (!empty($args['CAS_DEBUG_LOG'])) {
phpCAS::setDebug($args['CAS_DEBUG_LOG']);
}
if (empty($args['CAS_PROTOCOL'])) {
throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_HOST'])) {
throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PORT'])) {
throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PATH'])) {
throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PROXY_INIT'])) {
phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
} else {
phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
if (!empty($args['CAS_PROXY_TICKET_PATH']) && !empty($args['CAS_PROXY_TICKET_DB_DSN'])) {
throw new KurogoConfigurationException('Only one of CAS_PROXY_TICKET_PATH or CAS_PROXY_TICKET_DB_DSN may be set for ' . $this->AuthorityTitle);
}
if (!empty($args['CAS_PROXY_TICKET_PATH'])) {
if (version_compare(PHPCAS_VERSION, '1.3', '>=')) {
phpCAS::setPGTStorageFile($args['CAS_PROXY_TICKET_PATH']);
} else {
phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']);
}
}
if (!empty($args['CAS_PROXY_TICKET_DB_DSN'])) {
$user = $pass = $table = $driver_opts = '';
if (!empty($args['CAS_PROXY_TICKET_DB_USER'])) {
$user = $args['CAS_PROXY_TICKET_DB_USER'];
}
if (!empty($args['CAS_PROXY_TICKET_DB_PASS'])) {
$pass = $args['CAS_PROXY_TICKET_DB_PASS'];
}
if (!empty($args['CAS_PROXY_TICKET_DB_TABLE'])) {
$table = $args['CAS_PROXY_TICKET_DB_TABLE'];
}
if (!empty($args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'])) {
$driver_opts = $args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'];
}
phpCAS::setPGTStorageDb($args['CAS_PROXY_TICKET_DB_DSN'], $user, $pass, $table, $driver_opts);
}
if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) {
phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']);
}
}
if (empty($args['CAS_CA_CERT'])) {
phpCAS::setNoCasServerValidation();
} else {
phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
}
// Record any attribute mapping configured.
if (!empty($args['ATTRA_EMAIL'])) {
CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
}
if (!empty($args['ATTRA_FIRST_NAME'])) {
CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
}
if (!empty($args['ATTRA_LAST_NAME'])) {
CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
}
if (!empty($args['ATTRA_FULL_NAME'])) {
CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
}
// Store an attribute for group membership if configured.
if (!empty($args['ATTRA_MEMBER_OF'])) {
CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
}
}
public function init($args)
{
parent::init($args);
$args = is_array($args) ? $args : array();
if (!isset($args['API_KEY'], $args['API_SECRET']) ||
strlen($args['API_KEY'])==0 || strlen($args['API_SECRET'])==0) {
throw new Exception("API key and secret not set");
}
$this->api_key = $args['API_KEY'];
$this->api_secret = $args['API_SECRET'];
if (isset($_SESSION['fb_access_token'])) {
$this->access_token = $_SESSION['fb_access_token'];
}
}
public function init($args)
{
parent::init($args);
$args = is_array($args) ? $args : array();
$this->userFile = isset($args['PASSWD_USER_FILE']) ? $args['PASSWD_USER_FILE'] : null;
$this->groupFile = isset($args['PASSWD_GROUP_FILE']) ? $args['PASSWD_GROUP_FILE'] : null;
if (isset($args['PASSWD_HASH'])) {
$hashAlgo = $args['PASSWD_HASH'];
if ($hashAlgo == 'site') {
$hashAlgo = 'hmac_sha1';
$args['PASSWD_KEY'] = SITE_KEY;
}
if ($hashAlgo == 'server') {
$hashAlgo = 'hmac_sha1';
$args['PASSWD_KEY'] = SERVER_KEY;
}
if (preg_match("/^hmac_(.+)\$/", $hashAlgo, $bits)) {
if (!isset($args['PASSWD_KEY'])) {
throw new KurogoConfigurationException("HMAC hash requires PASSWD_KEY");
}
$this->hmac = true;
$this->hashKey = $args['PASSWD_KEY'];
$hashAlgo = $bits[1];
}
if (!in_array($hashAlgo, hash_algos())) {
throw new KurogoConfigurationException("Hashing algorithm {$hashAlgo} not available");
}
$this->hashAlgo = $hashAlgo;
}
if ($this->userLogin != 'NONE') {
if (!is_readable($this->userFile)) {
throw new KurogoConfigurationException("Unable to load password file {$this->userFile}");
}
}
}
