TODO: Documentation; only cleared up exception/log messages
public validate ( $config, $username, $password = null ) |
} $casusername = $success->item(0)->textContent; return array($casusername, $attributes); } } else { throw new Exception("validate or serviceValidate not specified"); } /** * First request, will redirect the user to the CAS server for authentication. */ } else { SimpleSAML_Logger::info("AUTH - cas-ldap: redirecting to {$cas['login']}"); SimpleSAML_Utilities::redirectTrustedURL($cas['login'], array('service' => $service)); } } try { list($username, $casattributes) = casValidate($casconfig); SimpleSAML_Logger::info('AUTH - cas-ldap: ' . $username . ' authenticated by ' . $casconfig['validate']); $ldapattributes = array(); if ($ldapconfig['servers']) { $ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']); $ldapattributes = $ldap->validate($ldapconfig, $username); } $attributes = array_merge_recursive($casattributes, $ldapattributes); $session->doLogin('login-cas-ldap'); $session->setAttributes($attributes); $session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['RelayState']); } catch (Exception $exception) { throw new SimpleSAML_Error_Error('CASERROR', $exception); }
$ldapconfig = $casldapconfig[$idpentityid]['ldap']; } catch (Exception $exception) { throw new SimpleSAML_Error_Error('METADATA', $exception); } /* * Load the RelayState argument. The RelayState argument contains the address * we should redirect the user to after a successful authentication. */ if (!array_key_exists('RelayState', $_REQUEST)) { throw new SimpleSAML_Error_Error('NORELAYSTATE'); } $relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']); if ($username = $_POST['username']) { try { $ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']); $attributes = $ldap->validate($ldapconfig, $username, $_POST['password']); if ($attributes === FALSE) { $error = "LDAP_INVALID_CREDENTIALS"; } else { $session->doLogin('login-wayf-ldap'); $session->setAttributes($attributes); $session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); SimpleSAML_Utilities::redirectTrustedURL($relaystate); } } catch (Exception $e) { throw new SimpleSAML_Error_Error('LDAPERROR', $e); } } $t = new SimpleSAML_XHTML_Template($config, $ldapconfig['template']); $t->data['header'] = 'simpleSAMLphp: Enter username and password'; $t->data['relaystate'] = htmlspecialchars($relaystate);
/** * Called by linkback, to finish validate/ finish logging in. * @param state $state * @return list username, casattributes/ldap attributes */ public function finalStep(&$state) { $ticket = $state['cas:ticket']; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $service = SimpleSAML_Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID)); list($username, $casattributes) = $this->casValidation($ticket, $service); $ldapattributes = array(); if ($this->_ldapConfig['servers']) { $ldap = new SimpleSAML_Auth_LDAP($this->_ldapConfig['servers'], $this->_ldapConfig['enable_tls']); $ldapattributes = $ldap->validate($this->_ldapConfig, $username); } $attributes = array_merge_recursive($casattributes, $ldapattributes); $state['Attributes'] = $attributes; SimpleSAML_Auth_Source::completeAuth($state); }