public static function fillICdata($user, $UserCredential, $ppid = NULL) { $ICdata = array(); $ICdata['CardId'] = sspmod_InfoCard_UserFunctions::generate_card_ID($user); $ICdata['CardName'] = $user . "-SELFCREDENTIAL-IC"; $ICdata['CardImage'] = '/var/simplesaml/modules/InfoCard/www/resources/demoimage.png'; $ICdata['TimeExpires'] = "9999-12-31T23:59:59Z"; //Credentials $ICdata['DisplayCredentialHint'] = 'Enter your password'; switch ($UserCredential) { case 'UsernamePasswordCredential': $ICdata['UserName'] = $user; break; case 'KerberosV5Credential': break; case 'X509V3Credential': $ICdata['KeyIdentifier'] = NULL; //X509V3Credential break; case 'SelfIssuedCredential': $ICdata['PPID'] = $ppid; break; default: break; } return $ICdata; }
$idp_key = $autoconfig->getValue('sts_key'); $token->addIDPKey($idp_key); $token->addSTSCertificate(''); $claims = $token->process($_POST['xmlToken']); if ($claims->isValid() && $claims->privatepersonalidentifier != NULL) { $ppid = $claims->privatepersonalidentifier; SimpleSAML_Logger::debug("PPID = {$ppid}"); $ICconfig['InfoCard'] = $Infocard; $ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl'); //sspmod_InfoCard_Utils::getIssuer($sts_crt); $ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl'); $ICconfig['mexurl'] = $autoconfig->getValue('mexurl'); $ICconfig['sts_key'] = $autoconfig->getValue('sts_key'); $ICconfig['certificates'] = $autoconfig->getValue('certificates'); $ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential'); $ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username, $userCredential, $ppid); $IC = sspmod_InfoCard_STS::createCard($ICdata, $ICconfig); header('Content-Disposition: attachment; filename="' . $ICdata['CardName'] . '.crd"'); header('Content-Type: application/x-informationcard'); header('Content-Length:' . strlen($IC)); echo $IC; $state = 'end'; } else { SimpleSAML_Logger::debug('Wrong Self-Issued card'); $error = 'wrong_IC'; $state = "selfIssued"; } } else { SimpleSAML_Logger::debug('NO HAY XML TOKEN'); $error = NULL; $state = "selfIssued";
SimpleSAML_Logger::debug('PPID: ' . $ppid); if (sspmod_InfoCard_UserFunctions::validateUser(array('PPID' => $ppid), $ICconfig['UserCredential'])) { $authenticated = true; } break; default: break; } $messageid = $doc->getElementsByTagname('MessageID')->item(0)->nodeValue; if ($authenticated) { $ICconfig['InfoCard'] = $autoconfig->getValue('InfoCard'); $ICconfig['issuer'] = $autoconfig->getValue('issuer'); $ICconfig['sts_crt'] = $autoconfig->getValue('sts_crt'); $ICconfig['sts_key'] = $autoconfig->getValue('sts_key'); $requiredClaims = sspmod_InfoCard_Utils::extractClaims($ICconfig['InfoCard']['schema'], $doc->getElementsByTagname('ClaimType')); $claimValues = sspmod_InfoCard_UserFunctions::fillClaims($username, $ICconfig['InfoCard']['requiredClaims'], $ICconfig['InfoCard']['optionalClaims'], $requiredClaims); $response = sspmod_InfoCard_STS::createToken($claimValues, $ICconfig, $messageid); } else { $response = sspmod_InfoCard_STS::errorMessage('Wrong Credentials', $messageid); } Header('Content-length: ' . strlen($response) + 1); print $response; //LOG if ($debugDir != null) { $handle = fopen($debugDir . '/' . $messageid . '.log', 'w'); fwrite($handle, " ------ InfoCard simpleSAMLphp Module LOG ------\n\n"); fwrite($handle, "-- TIME: " . gmdate('Y-m-d') . ' ' . gmdate('H:i:s') . "\n"); fwrite($handle, "-- MESSAGE ID: " . $messageid . "\n\n\n"); fwrite($handle, "-- RST\n"); fwrite($handle, $HTTP_RAW_POST_DATA); fwrite($handle, "\n\n\n-- RSTR\n");
function DB_update_connected_user($username, $DB_params) { $card_id = sspmod_InfoCard_UserFunctions::generate_card_ID($username); $dbconn = pg_connect('host=' . $DB_params['DB_host'] . ' port=' . $DB_params['DB_port'] . ' dbname=' . $DB_params['DB_dbname'] . ' user='******'DB_user'] . ' password='******'DB_password']); $result = pg_fetch_all(pg_query_params($dbconn, 'SELECT * FROM connected_users WHERE name = $1', array("{$username}"))); if ($result[0]) { pg_update($dbconn, 'connected_users', array('card_id' => $card_id), array('name' => $username)); return true; } else { return false; } }