TODO: Documentation; only cleared up exception/log messages
| public validate ( $config, $username, $password = null ) |
}
$casusername = $success->item(0)->textContent;
return array($casusername, $attributes);
}
} else {
throw new Exception("validate or serviceValidate not specified");
}
/**
* First request, will redirect the user to the CAS server for authentication.
*/
} else {
SimpleSAML_Logger::info("AUTH - cas-ldap: redirecting to {$cas['login']}");
SimpleSAML_Utilities::redirectTrustedURL($cas['login'], array('service' => $service));
}
}
try {
list($username, $casattributes) = casValidate($casconfig);
SimpleSAML_Logger::info('AUTH - cas-ldap: ' . $username . ' authenticated by ' . $casconfig['validate']);
$ldapattributes = array();
if ($ldapconfig['servers']) {
$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']);
$ldapattributes = $ldap->validate($ldapconfig, $username);
}
$attributes = array_merge_recursive($casattributes, $ldapattributes);
$session->doLogin('login-cas-ldap');
$session->setAttributes($attributes);
$session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['RelayState']);
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('CASERROR', $exception);
}
$ldapconfig = $casldapconfig[$idpentityid]['ldap'];
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('METADATA', $exception);
}
/*
* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
if ($username = $_POST['username']) {
try {
$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']);
$attributes = $ldap->validate($ldapconfig, $username, $_POST['password']);
if ($attributes === FALSE) {
$error = "LDAP_INVALID_CREDENTIALS";
} else {
$session->doLogin('login-wayf-ldap');
$session->setAttributes($attributes);
$session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
SimpleSAML_Utilities::redirectTrustedURL($relaystate);
}
} catch (Exception $e) {
throw new SimpleSAML_Error_Error('LDAPERROR', $e);
}
}
$t = new SimpleSAML_XHTML_Template($config, $ldapconfig['template']);
$t->data['header'] = 'simpleSAMLphp: Enter username and password';
$t->data['relaystate'] = htmlspecialchars($relaystate);
/**
* Called by linkback, to finish validate/ finish logging in.
* @param state $state
* @return list username, casattributes/ldap attributes
*/
public function finalStep(&$state)
{
$ticket = $state['cas:ticket'];
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
$service = SimpleSAML_Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
list($username, $casattributes) = $this->casValidation($ticket, $service);
$ldapattributes = array();
if ($this->_ldapConfig['servers']) {
$ldap = new SimpleSAML_Auth_LDAP($this->_ldapConfig['servers'], $this->_ldapConfig['enable_tls']);
$ldapattributes = $ldap->validate($this->_ldapConfig, $username);
}
$attributes = array_merge_recursive($casattributes, $ldapattributes);
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
}
