/**
* Emulate the 'authorization' via Shibalike
*/
public function emulateIdp()
{
$data = [];
if (Input::get('username') != null) {
$username = Input::get('username') === Input::get('password') ? Input::get('username') : '';
$userAttrs = $this->idp->fetchAttrs($username);
if ($userAttrs) {
$this->idp->markAsAuthenticated($username);
$this->idp->redirect();
}
$data['error'] = 'Incorrect username and/or password';
}
return view('IdpLogin', $data);
}
<?php
/**
* All you need for an IdP is an authentication process and a way to get user
* attributes. Once you trust the identity of the user, you mark them as authenticated,
* which fetches and stores their attributes in the state manager.
*/
require '_inc.php';
$idp = new Shibalike\IdP(getStateManager(), getAttrStore(), getConfig());
// crude authentication
if (!empty($_POST)) {
// perform auth
$username = '';
if (in_array($_POST['username'], array('jadmin', 'juser'))) {
if ($_POST['username'] === $_POST['password']) {
$username = $_POST['username'];
}
} else {
if ($_POST['password'] == 'password1') {
$username = $_POST['username'];
}
}
$authenticatedSuccessfully = !empty($username);
// try authentication somehow (e.g. using Zend_Auth)
if ($authenticatedSuccessfully) {
$userAttrs = $idp->fetchAttrs($username);
if ($userAttrs) {
$idp->markAsAuthenticated($username);
$idp->redirect();
} else {
// user is not in attr store!
/**
* Emulate the 'authorization' via Shibalike
*/
public function emulateIdp()
{
if (Input::get('username') != null) {
$username = '';
if (Input::get('username') === Input::get('password')) {
$username = Input::get('username');
}
$userAttrs = $this->idp->fetchAttrs($username);
if ($userAttrs) {
$this->idp->markAsAuthenticated($username);
$this->idp->redirect();
} else {
$error = 'Sorry. You failed to authenticate. <a href="idp" alt="Try Again">Try again</a>';
}
}
?>
<html>
<head>
<title>Emulated IdP Login</title>
<style type="text/css">
body {
font-family: sans-serif;
}
.title {
text-align: center;
font-weight: 200;
color: grey;
}
input[type="submit"] {
padding: 10px;
border: 1px solid #cdcdcd;
border-radius: 5px;
background-color: #fff;
min-width: 100%;
}
input[type="submit"]:hover {
background-color: #cdcdcd;
cursor: pointer;
}
</style>
</head>
<body>
<div style="margin: 10px auto; width: 100%; border: 1px solid grey; border-radius: 5px; padding: 10px; max-width: 400px; min-width: 300px;">
<h2 class="title">Login to Continue</h2>
<form action="" method="post" style="color: grey;">
<input type="hidden" name="_token" value="<?php
echo csrf_token();
?>
">
<?php
echo isset($error) ? '<p><em>' . $error . '</em></p>' : '';
?>
<p>
<label for="username">Username</label>
<input type="text" name="username" id="username" style="width: 100%; padding: 5px; border-radius: 5px; border: 1px solid #cdcdcd;" />
</p>
<p>
<label for="password">Password</label>
<input type="password" name="password" id="password" style="width: 100%; padding: 5px; border-radius: 5px; border: 1px solid #cdcdcd;" />
</p>
<p><input type="submit" value="Login"></p>
</form>
</div>
</div>
</html>
<?php
}
<?php
// for the demo let's pretend Shibboleth is protecting this directory...
$_SERVER = array_merge($_SERVER, array('UFADGroupsDN' => 'FakeGroup', 'businessName' => 'User,Johnny B', 'cn' => 'User, Johnny', 'eduperson_affiliations' => '', 'eppn' => '*****@*****.**', 'givenName' => 'Johnny', 'glid' => 'juser', 'loa' => '2', 'mail' => '*****@*****.**', 'middleName' => 'B', 'postalAddress' => '$$123 Fake St$GAINESVILLE$FL$326110001', 'primary-affiliation' => 'T', 'sn' => 'User', 'uf_affiliations' => '', 'ufid' => '32445260'));
// the "IdP"
require dirname(__DIR__) . '/_inc.php';
$idp = new Shibalike\IdP(getStateManager(), getAttrStore(), getConfig());
if (isset($_GET['logout'])) {
$idp->logout();
$idp->redirect('../goodbye.php');
}
// since shibboleth is protecting this directory, we know at this point,
// attributes will be present in $_SERVER.
$username = $_SERVER['glid'];
$userAttrs = $idp->fetchAttrs($username);
$idp->markAsAuthenticated($username);
$idp->redirect();
