diff options
| author | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-23 16:00:54 +0000 |
|---|---|---|
| committer | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-23 16:00:54 +0000 |
| commit | f94170a65c5585a2c955d14360becd3e2ca98ac2 (patch) | |
| tree | 925f029ba25f31676fa92ca40113660c6423c5b5 | |
| parent | 662764422bbf1b01decc01d414a7ab9d0db63958 (diff) | |
| download | lasso-f94170a65c5585a2c955d14360becd3e2ca98ac2.tar.gz lasso-f94170a65c5585a2c955d14360becd3e2ca98ac2.tar.xz lasso-f94170a65c5585a2c955d14360becd3e2ca98ac2.zip | |
Group misc functions into misc.php on the idp and sp
Add Federation Terminaison metadata on the idp and sp
Add view off federation on the sp
Add cancel federation button on the sp and idp
Defederation is not working yet
20 files changed, 1108 insertions, 147 deletions
diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php index 2ce14992..5e73a82e 100644 --- a/php/Attic/examples/sample-idp/admin_user.php +++ b/php/Attic/examples/sample-idp/admin_user.php @@ -255,18 +255,16 @@ if (!empty($identity_dump)) { $login->setIdentityFromDump($identity_dump); - $identity = $login->identity; - // FIXME : providerIds is empty - // var_dump($identity->providerIds); + $providerIDs = $identity->providerIds; ?> <table width="100%"> <?php - for($i = count($providerIDs); $i > 0; $i--) - { + for($i = 0; $i < $providerIDs->length() ; $i++) + { ?> <tr> - <td align='center'><?php echo print $providerIDs[$i - 1]; ?></td> + <td align='center'><?php echo $providerIDs->getItem($i); ?></td> <td align='right'><a href="">cancel federation</a></td> </tr> <?php diff --git a/php/Attic/examples/sample-idp/cancel_federation.php b/php/Attic/examples/sample-idp/cancel_federation.php new file mode 100644 index 00000000..6ced9c86 --- /dev/null +++ b/php/Attic/examples/sample-idp/cancel_federation.php @@ -0,0 +1,225 @@ +<?php +/* + * Identity Provider Example -- Cancel Federation with an Service Provider + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + require_once 'Log.php'; + require_once 'DB.php'; + require_once 'session.php'; + + $config = unserialize(file_get_contents('config.inc')); + + $methodes = array('redirect' => lassoHttpMethodRedirect, 'soap' => lassoHttpMethodSoap); + + // connect to the data base + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + die($db->getMessage()); + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + + // session handler + session_set_save_handler("open_session", "close_session", + "read_session", "write_session", "destroy_session", "gc_session"); + + if (empty($_GET['profile'])) + { + $logger->err("Cancel Federation called without profile."); + die("Cancel Federation called without profile."); + } + + if (empty($_GET['with'])) + { + $logger->err("Cancel Federation called without providerID."); + die("Cancel Federation called without providerID."); + } + + session_start(); + + lasso_init(); + + if (empty($_SESSION['user_id'])) + { + $logger->err("UserID is empty, user is not logged in."); + die("UserID is empty, user is not logged in."); + } + + if (empty($_SESSION['identity_dump'])) + { + $logger->err("Identity Dump is empty, user is not federated."); + die("Identity Dump is empty, user is not federated."); + } + + if (!in_array($_GET['profile'], array_keys($methodes))) + { + die("Unknown defederation profile : " . $_GET['profile']); + $logger->err("Unknown defederation profile : " . $_GET['profile']); + } + + $user_id = $_SESSION['user_id']; + + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); + + $defederation = new LassoDefederation($server, lassoProviderTypeIdp); + $defederation->setIdentityFromDump($_SESSION['identity_dump']); + + if (!empty($_SESSION['session_dump'])) + $defederation->setSessionFromDump($_SESSION['session_dump']); + + $logger->debug("Create Cancel Federation Notification for User '" . $_SESSION["user_id"] . + "' with Service Provider '" . $_GET['with']. "'"); + + $defederation->initNotification($_GET['with'], $methodes[$_GET['profile']]); + + $defederation->buildNotificationMsg(); + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + $loggery>err("Name Identifier is empty."); + die("Name Identifier is empty."); + } + + $identity = $defederation->identity; + if (isset($defederation->identity)) + { + // Update identity dump + $identity_dump = $identity->dump(); + $_SESSION['identity_dump'] = $identity_dump; + $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); + } + else // Delete identity and session dumps + $query = "UPDATE users SET identity_dump=''"; + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' identity dump in the database"); + + // Update session dump, if available + if (!empty($_SESSION['sesion_dump']) && $defederation->isSessionDirty) + { + $session = $defederation->session; + $session_dump = $session->dump(); + $_SESSION['session_dump'] = $session_dump; + + $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' session dump in the database"); +} + +// Delete Name Identifier +$query = "DELETE FROM nameidentifiers WHERE user_id='$user_id' "; +$query .= "AND name_identifier='$nameIdentifier'"; + +$res =& $db->query($query); +if (DB::isError($res)) +{ + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); +} + +$logger->info("Delete Name Identifier '$nameIdentifier' for User '$user_id'"); + +switch($_GET['profile']) +{ + case 'redirect': + $url = $defederation->msgUrl; + $logger->info("Redirect user to $url"); + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url\r\n\r\n"); + break; + case 'soap': + $url = parse_url($defederation->msgUrl); + $soap = sprintf( + "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", + $url['path'], $url['host'], $url['port'], strlen($defederation->msgBody), $defederation->msgBody); + + $logger->info('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path']); + $logger->debug('SOAP Request : ' . $soap); + + $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); + socket_set_timeout($fp, 10); + fwrite($fp, $soap); + + // header + do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); + + // chunked encoding + if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) + { + do { + $byte = ''; + $chunk_size = ''; + + do { + $chunk_size .= $byte; + $byte = fread($fp, 1); + } while ($byte != "\\r"); + + fread($fp, 1); + $chunk_size = hexdec($chunk_size); + $response .= fread($fp, $chunk_size); + fread($fp, 2); + } while ($chunk_size); + } + else + { + if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) + $response = @fread($fp, $matches[1]); + else + while (!feof($fp)) $response .= fread($fp, 1024); + } + fclose($fp); + + $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); + $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); + + // TODO : check reponse status + + + break; + } + +?> + +<?php + lasso_shutdown(); +?> diff --git a/php/Attic/examples/sample-idp/index.php b/php/Attic/examples/sample-idp/index.php index 79d6a318..189a59d2 100644 --- a/php/Attic/examples/sample-idp/index.php +++ b/php/Attic/examples/sample-idp/index.php @@ -65,6 +65,10 @@ You can get more informations about <b>Lasso</b> at <br> session_start(); lasso_init(); + + // Create Lasso Server + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> @@ -85,19 +89,70 @@ You can get more informations about <b>Lasso</b> at <br> <?php } ?> </p> <p align='center'> - <b>Identity Provider Fonctionnality</b><br> + <b>Identity Provider Fonctionnality</b> +</p> <?php if (!isset($_SESSION["user_id"])) { ?> - <a href="login.php">Local Login</a><br> -<?php } else { ?> -<!-- - <td><a href="federate.php">Create federation</a></td> - <td><a href="defederate.php">Destroy federation</a></td> ---> - <a href="logout.php">Local Logout</a> -<?php } ?> +<p align='center'> + <a href="login.php">Local Login</a></p> +<?php + } + else + { + if (isset($_SESSION['identity_dump'])) + { + $login = new LassoLogin($server); + $login->setIdentityFromDump($_SESSION['identity_dump']); + if (!empty($_SESSION['session_dump'])) + $login->setSessionFromDump($_SESSION['sesion_dump']); + $identity = $login->identity; + $providerIDs = $identity->providerIds; + + if ($providerIDs->length()) + { +?> +<p align='center'>Cancel a Federation with :</p> +<p align='center'> +<table align='center'> +<thead> +<tr> + <td align='center'>Service Provider</td> + <td align='center'>Profile</td> +</tr> +</thead> +<tbody> +<?php + for($i = 0; $i < $providerIDs->length() ; $i++) + { + $providerID = $providerIDs->getItem($i); +?> +<tr> + <td align='center'><?php echo $providerID; ?></td> + <td align='center'> + <a href="cancel_federation.php?profile=redirect&with=<?php echo $providerID; ?>">Redirect</a> | + <a href="cancel_federation.php?profile=soap&with=<?php echo $providerID; ?>">SOAP</a> + </td> +</tr> +<?php + } +?> +</tbody> +</table> </p> +<?php + } + else + { +?> +<p align='center'>Your are not Federated with an Service Provider.</p> +<?php + } + } +?> +<p align='center'> +<a href="logout.php">Local Logout</a></p> +<?php } ?> <p align='center'> <table align='center'> diff --git a/php/Attic/examples/sample-idp/login.php b/php/Attic/examples/sample-idp/login.php index 3014ac20..16fbeff7 100644 --- a/php/Attic/examples/sample-idp/login.php +++ b/php/Attic/examples/sample-idp/login.php @@ -57,6 +57,40 @@ $logger->log("User from '" . $_SERVER['REMOTE_ADDR'] . "' pressed the cancel button during HTTP basic authentication request", PEAR_LOG_NOTICE); } + function startLocalSession($user_id, $username) + { + global $db, $logger; + + $_SESSION['user_id'] = $user_id; + $_SESSION['username'] = $username; + + $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; + + $res =& $db->query($query); + + if (DB::isError($res)) + { + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); + die("Could not fetch identity and session dump"); + } + if ($res->numRows()) + { + $row = $res->fetchRow(); + if (!empty($row[0])) + $_SESSION['identity_dump'] = $row[0]; + if (!empty($row[1])) + $_SESSION['session_dump'] = $row[1]; + } + + $logger->log("User '$username' ($user_id) authenticated, local session started", PEAR_LOG_NOTICE); + + $url = 'index.php'; + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url\r\n\r\n"); + exit; + } /* * This function authentificate the user against the Users Database @@ -71,8 +105,8 @@ $res =& $db->query($query); if (DB::isError($res)) { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); die("Internal Server Error"); } @@ -96,41 +130,13 @@ // Check Login and Password if (!($user_id = authentificateUser($db, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))) { - $logger->log("Authentication failure with login '".$form->exportValue('username')." password '". $form->exportValue('password') ."' IP " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_WARNING); + $logger->warning("Authentication failure with login '". $_SERVER['PHP_AUTH_USER'] . " password '" + . $_SERVER['PHP_AUTH_PW'] ."' IP " . $_SERVER['REMOTE_ADDR']); sendHTTPBasicAuth(); exit; } else - { - $_SESSION['user_id'] = $user_id; - $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; - - $logger->log("User '".$_SERVER['PHP_AUTH_USER']."' ($user_id) authenticated, local session started", PEAR_LOG_NOTICE); - - - /* TODO : load identity and session dump - $query = "SELECT identity_dump,session_dump FROM users WHERE identity_dump"; - $query .= " IS NOT NULL AND session_dump IS NOT NULL AND user_id='$user_id'"; - - $res =& $db->query($query); - - if (DB::isError($res)) - die($res->getMessage()); - - if ($res->numRows()) - { - $row = $res->fetchRow(); - - $_SESSION['identity_dump'] = $row[0]; - $_SESSION['session_dump'] = $row[1]; - } */ - - $url = 'index.php'; - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - exit; - } + startLocalSession($user_id, $_SERVER['PHP_AUTH_USER']); } } else if ($config['auth_type'] == 'auth_form') @@ -151,17 +157,8 @@ { if (($user_id = authentificateUser($db, $form->exportValue('username'), $form->exportValue('password')))) { - $_SESSION['user_id'] = $user_id; - $_SESSION['username'] = $form->exportValue('username'); - - $logger->log("User '".$form->exportValue('username')."'($user_id) authenticated, local session started", PEAR_LOG_NOTICE); - - $url = 'index.php'; - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - exit; - } + startLocalSession($user_id, $form->exportValue('username')); + } else $logger->log("Authentication failure with login '".$form->exportValue('username')." password '". $form->exportValue('password') ."' IP '" . $_SERVER['REMOTE_ADDR']."'", PEAR_LOG_WARNING); } diff --git a/php/Attic/examples/sample-idp/metadata_idp1.xml b/php/Attic/examples/sample-idp/metadata_idp1.xml index 3330c73d..afa9c9b2 100644 --- a/php/Attic/examples/sample-idp/metadata_idp1.xml +++ b/php/Attic/examples/sample-idp/metadata_idp1.xml @@ -12,8 +12,12 @@ <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier</RegisterNameIdentifierServiceURL> <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile> + <FederationTerminationServiceURL>https://idp1:1998/federationTermination</FederationTerminationServiceURL> + <FederationTerminationServiceReturnURL>https://idp1:1998/federationTerminationReturn</FederationTerminationServiceReturnURL> + <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile> - <SoapEndpoint>https://idp1:1998/soapEndpoint</SoapEndpoint> + + <SoapEndpoint>https://idp1:1998/soapEndpoint.php</SoapEndpoint> </IDPDescriptor> </EntityDescriptor> diff --git a/php/Attic/examples/sample-idp/metadata_sp1.xml b/php/Attic/examples/sample-idp/metadata_sp1.xml index e93daf15..9b2bf70c 100644 --- a/php/Attic/examples/sample-idp/metadata_sp1.xml +++ b/php/Attic/examples/sample-idp/metadata_sp1.xml @@ -15,9 +15,8 @@ <FederationTerminationServiceURL>https://sp1:2006/federationTermination</FederationTerminationServiceURL> <FederationTerminationServiceReturnURL>https://sp1:2006/federationTerminationReturn</FederationTerminationServiceReturnURL> <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile> - <SoapEndpoint>https://sp1:2006/soapEndpoint</SoapEndpoint> + <SoapEndpoint>https://sp1:2006/soapEndpoint.php</SoapEndpoint> <AuthnRequestsSigned>true</AuthnRequestsSigned> diff --git a/php/Attic/examples/sample-idp/misc.php b/php/Attic/examples/sample-idp/misc.php new file mode 100644 index 00000000..df9709e5 --- /dev/null +++ b/php/Attic/examples/sample-idp/misc.php @@ -0,0 +1,55 @@ +<?php +/* + * Service Provider Example -- Misc functions + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +function read_http_response($fp, &$header, &$response) +{ + // header + do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); + + // chunked encoding + if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) + { + do { + $byte = ''; + $chunk_size = ''; + + do { + $chunk_size .= $byte; + $byte = fread($fp, 1); + } while ($byte != "\\r"); + + fread($fp, 1); + $chunk_size = hexdec($chunk_size); + $response .= fread($fp, $chunk_size); + fread($fp, 2); + } while ($chunk_size); + } + else + { + if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) + $response = @fread($fp, $matches[1]); + else + while (!feof($fp)) $response .= fread($fp, 1024); + } +} diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php index 5284f886..6aa7f613 100644 --- a/php/Attic/examples/sample-idp/setup.php +++ b/php/Attic/examples/sample-idp/setup.php @@ -222,6 +222,16 @@ print "OK"; + print "<br>Insert user 'test' into 'users' : "; + + $query = "INSERT INTO users(user_id, username, password, created) "; + $query .= "VALUES (nextval('user_id_seq'), 'test', 'test', NOW())"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + print "OK"; + print "<br>Create table 'nameidentifiers' : "; $query = "DROP TABLE nameidentifiers CASCADE"; diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php index 3ecf4795..2a30c7d6 100644 --- a/php/Attic/examples/sample-idp/singleSignOn.php +++ b/php/Attic/examples/sample-idp/singleSignOn.php @@ -108,16 +108,10 @@ $is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE); if (!$is_first_sso) - { $login->setIdentityFromDump($array['identity_dump']); - $logger->log("Update Identity dump for user '$user_id' :" . $array['identity_dump'], PEAR_LOG_DEBUG); - } if (!empty($array['session_dump'])) - { $login->setSessionFromDump($array['session_dump']); - $logger->log("Update Session dump for user '$user_id' :" . $array['session_dump'], PEAR_LOG_DEBUG); - } doneSingleSignOn($db, $login, $user_id, $is_first_sso); } @@ -166,7 +160,7 @@ if (DB::isError($res)) { $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); die("Internal Server Error"); } $logger->log("Update user '$user_id' identity dump in the database : $identity_dump", PEAR_LOG_DEBUG); diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php index 2b051070..6ce56d02 100644 --- a/php/Attic/examples/sample-idp/soapEndpoint.php +++ b/php/Attic/examples/sample-idp/soapEndpoint.php @@ -124,7 +124,7 @@ } break; case lassoRequestTypeLogout: - $logger->log("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); + $logger->info("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR']); // Logout $logout = new LassoLogout($server, lassoProviderTypeIdp); @@ -135,7 +135,7 @@ if (empty($nameIdentifier)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("Name Identifier is empty", PEAR_LOG_ERR); + $logger->err("Name Identifier is empty"); exit; } @@ -235,7 +235,7 @@ } - /* TODO : try multiple sp logout + // TODO : try multiple sp logout while(($providerID = $logout->getNextProviderId())) { $logout->initRequest($providerID, lassoHttpMethodAny); // FIXME @@ -258,34 +258,9 @@ continue; } fwrite($fp, $soap); - - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } - fclose($fp); + read_http_response($fp, $header, $response); + $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); @@ -295,7 +270,7 @@ continue; } $logout->processResponseMsg($response, lassoHttpMethodSoap); - } */ + } $logout->buildResponseMsg(); @@ -337,10 +312,81 @@ echo $logout->msgBody; break; case lassoRequestTypeDefederation: + $logger->info("SOAP Defederation Request from " . $_SERVER['REMOTE_ADDR']); + + $defederation = new LassoDefederation($server, lassoProviderTypeSp); + $defederation->processNotificationMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); + + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name Identifier is empty"); + exit; + } + + $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; + $res =& $db->query($query); + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name identifier '$nameIdentifier' doesn't correspond to any user"); + exit; + } + + $row = $res->fetchRow(); + $user_id = $row[0]; + $logger->debug("UserID is '$user_id"); + + $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; + $res =& $db->query($query); + + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("User is not federated."); + exit; + } + $row = $res->fetchRow(); + $identity_dump = $row[0]; + $session_dump = $row[1]; + + $defederation->setIdentityFromDump($identity_dump); + if (!empty($session_dump)) + $defederation->setSessionFromDump($identity_dump); + + $defederation->validateNotification(); + + if (empty($defederation->msgUrl)): + header("HTTP/1.0 204 No Content"); + else + { + $url = $defederation->msgUrl; + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url\n\n"); + } + break; default: header("HTTP/1.0 500 Internal Server Error"); - $logger->log("Unknown or unsupported SOAP request", PEAR_LOG_CRIT); + $logger->crit("Unknown or unsupported SOAP request"); } lasso_shutdown(); diff --git a/php/Attic/examples/sample-idp/user_add.php b/php/Attic/examples/sample-idp/user_add.php index a93fbf2b..71432c6f 100644 --- a/php/Attic/examples/sample-idp/user_add.php +++ b/php/Attic/examples/sample-idp/user_add.php @@ -64,7 +64,7 @@ { $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_ERR); $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("username exist!"); + die("Username exist!"); } $logger->log("Create User '" . $form->exportValue('username') . "'", PEAR_LOG_NOTICE); diff --git a/php/Attic/examples/sample-idp/view_session.php b/php/Attic/examples/sample-idp/view_session.php new file mode 100644 index 00000000..cdd62c98 --- /dev/null +++ b/php/Attic/examples/sample-idp/view_session.php @@ -0,0 +1,121 @@ +<?php +/* + * Service Provider Example -- Online User Viewer + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + require_once 'DB.php'; + + if (!file_exists('config.inc')) + { +?> +<p align='center'><b>Service Provider Configuration file is not available</b><br> +Please run the setup script :<br> +<a href='setup.php'>Lasso Service Provider Setup</a><br> +You can get more informations about <b>Lasso</b> at <br> +<a href='http://lasso.entrouvert.org/'>http://lasso.entrouvert.org/</a></p> +<?php + exit(); + } + $config = unserialize(file_get_contents('config.inc')); + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + $query = "SELECT nameidentifiers.user_id,users.username,ip "; + $query .= "FROM nameidentifiers,sso_sessions,users "; + $query .= "WHERE sso_sessions.name_identifier = nameidentifiers.name_identifier "; + $query .= "AND nameidentifiers.user_id = users.user_id"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + $numRows = $res->numRows(); +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" +"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> +<head> +<title>Lasso Service Provider Example : View Online Users</title> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" /> +</head> +<body> + +<p align='center'> +<table align='center' width='95%' border='1'> +<caption>Online Users</caption> +<thead> +<tr> + <td align='center'>User ID</td> + <td align='center'>User Name</td> + <td align='center'>Address IP</td> + <td align='center'>Started</td> + <td align='center'>Duration</td> +</tr> +</thead> +<tbody> +<?php + if ($numRows) + { + $num_col = $res->numCols(); + $tableinfo = $db->tableInfo($res); + + while($row = $res->fetchRow()) + { + echo "<tr>"; + for ($i = 0; $i < $num_col; $i++) + { + echo "<td align='center'>"; + switch ($tableinfo[$i]['name']) + { + case "ip": + echo long2ip($row[$i]); + break; + default: + echo $row[$i]; + } + echo "</td>"; + } + echo "</tr>"; + } + + } +?> +</tbody> +<tfoot> +<tr> + <td colspan='5'> </td> +</tr> +</tfoot> +</table> +</p> + +<br> +<p align='center'><a href='index.php'>Index</a> +</p> +<br> +<p align='center'>Copyright © 2004 Entr'ouvert</p> + +</body> +</html> diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php index 30efe3c6..48a903dd 100644 --- a/php/Attic/examples/sample-sp/admin_user.php +++ b/php/Attic/examples/sample-sp/admin_user.php @@ -24,13 +24,18 @@ $config = unserialize(file_get_contents('config.inc')); + require_once 'Log.php'; require_once 'DB.php'; - - + + // connect to the data base $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); + die($db->getMessage()); + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + if (!empty($_GET['dump'])) { $query = "SELECT identity_dump FROM users WHERE user_id=".$db->quoteSmart($_GET['dump']); @@ -38,6 +43,7 @@ if (DB::isError($res)) print $res->getMessage(). "\n"; $row = $res->fetchRow(); + ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> @@ -78,6 +84,15 @@ die($res->getMessage()); } + lasso_init(); + + // Create Lasso Server + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); + + // Lasso User + $login = new LassoLogin($server); + $query = "SELECT * FROM users"; $res =& $db->query($query); if (DB::isError($res)) @@ -107,7 +122,7 @@ <thead> <tr align="center"><?php for ($i = 0; $i < $num_col; $i++) { - echo "<td>" . $tableinfo[$i]['name'] ."</td>"; + echo "<td><b>" . $tableinfo[$i]['name'] ."</b></td>"; } ?><td> </td> </tr> @@ -127,6 +142,7 @@ { case "identity_dump": echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "')>view</a>"; + $identity_dump = $row[$i]; break; default: @@ -137,9 +153,29 @@ <?php } ?> - <td> - <a href="<?php echo $PHP_SELF . '?del=' . $row[0]; ?>">delete</a> - </td> + <td rowspan='2'><a href="<?php echo $PHP_SELF . '?del=' . $row[0]; ?>">delete</a></td> +</tr> +<tr> + <td colspan='<?php echo $num_col; ?>' align='center'> +<? + // get all federations for this user + if (!empty($identity_dump)) + { + $login->setIdentityFromDump($identity_dump); + $identity = $login->identity; + $providerIDs = $identity->providerIds; + + for($i = 0; $i < $providerIDs->length() ; $i++) + { + if ($i) + echo "<br>"; + echo $providerIDs->getItem($i); + } + } + else + echo "Not Federated with an Service Provider."; +?> + </td> </tr> <?php } @@ -165,4 +201,5 @@ </html> <?php $db->disconnect(); + lasso_shutdown(); ?> diff --git a/php/Attic/examples/sample-sp/assertionConsumer.php b/php/Attic/examples/sample-sp/assertionConsumer.php index 727c2c0f..f7d38d32 100644 --- a/php/Attic/examples/sample-sp/assertionConsumer.php +++ b/php/Attic/examples/sample-sp/assertionConsumer.php @@ -25,6 +25,7 @@ require_once 'Log.php'; require_once 'DB.php'; require_once 'session.php'; + require_once 'misc.php'; $config = unserialize(file_get_contents('config.inc')); @@ -55,7 +56,7 @@ $login = new LassoLogin($server); - $logger->log('Request from ' . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); + $logger->info('Request from ' . $_SERVER['REMOTE_ADDR']); $login->initRequest($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); $login->buildRequestMsg(); @@ -72,36 +73,8 @@ $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); socket_set_timeout($fp, 10); fwrite($fp, $soap); - - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = @fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } - fclose($fp); + + read_http_response($fp, $header, $response); $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); @@ -151,8 +124,10 @@ $login->acceptSso(); $session = $login->session; + $identity = $login->identity; $_SESSION['nameidentifier'] = $login->nameIdentifier; + $_SESSION['identity_dump'] = $identity->dump(); $_SESSION['session_dump'] = $session->dump(); $_SESSION['user_id'] = $user_id; @@ -209,6 +184,7 @@ $_SESSION['nameidentifier'] = $login->nameIdentifier; + $_SESSION['identity_dump'] = $identity->dump(); $_SESSION['session_dump'] = $session->dump(); $_SESSION['user_id'] = $user_id; diff --git a/php/Attic/examples/sample-sp/cancel_federation.php b/php/Attic/examples/sample-sp/cancel_federation.php new file mode 100644 index 00000000..66a2076d --- /dev/null +++ b/php/Attic/examples/sample-sp/cancel_federation.php @@ -0,0 +1,200 @@ +<?php +/* + * Service Provider Example -- Cancel Federation with an Identity Provider + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + require_once 'Log.php'; + require_once 'DB.php'; + require_once 'session.php'; + require_once 'misc.php'; + + $config = unserialize(file_get_contents('config.inc')); + + $methodes = array('redirect' => lassoHttpMethodRedirect, 'soap' => lassoHttpMethodSoap); + + // connect to the data base + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + die($db->getMessage()); + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + + // session handler + session_set_save_handler("open_session", "close_session", + "read_session", "write_session", "destroy_session", "gc_session"); + + if (empty($_GET['profile'])) + { + $logger->err("Cancel Federation called without profile."); + die("Cancel Federation called without profile."); + } + + if (empty($_GET['with'])) + { + $logger->err("Cancel Federation called without providerID."); + die("Cancel Federation called without providerID."); + } + + session_start(); + + lasso_init(); + + if (empty($_SESSION['user_id'])) + { + $logger->err("UserID is empty, user is not logged in."); + die("UserID is empty, user is not logged in."); + } + + if (empty($_SESSION['identity_dump'])) + { + $logger->err("Identity Dump is empty, user is not federated."); + die("Identity Dump is empty, user is not federated."); + } + + if (!in_array($_GET['profile'], array_keys($methodes))) + { + die("Unknown defederation profile : " . $_GET['profile']); + $logger->err("Unknown defederation profile : " . $_GET['profile']); + } + + $user_id = $_SESSION['user_id']; + + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); + + $defederation = new LassoDefederation($server, lassoProviderTypeSp); + $defederation->setIdentityFromDump($_SESSION['identity_dump']); + + if (!empty($_SESSION['session_dump'])) + $defederation->setSessionFromDump($_SESSION['session_dump']); + + $logger->debug("Create Cancel Federation Notification for User '" . $_SESSION["user_id"] . + "' with Identity Provider '" . $_GET['with']. "'"); + + $defederation->initNotification($_GET['with'], $methodes[$_GET['profile']]); + + $defederation->buildNotificationMsg(); + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + $loggery>err("Name Identifier is empty."); + die("Name Identifier is empty."); + } + + $identity = $defederation->identity; + if (isset($defederation->identity)) + { + // Update identity dump + $identity_dump = $identity->dump(); + $_SESSION['identity_dump'] = $identity_dump; + $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); + } + else // Delete identity and session dumps + $query = "UPDATE users SET identity_dump=''"; + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' identity dump in the database"); + + // Update session dump, if available + if (!empty($_SESSION['sesion_dump']) && $defederation->isSessionDirty) + { + $session = $defederation->session; + $session_dump = $session->dump(); + $_SESSION['session_dump'] = $session_dump; + + $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' session dump in the database"); +} + +// Delete Name Identifier +$query = "DELETE FROM nameidentifiers WHERE user_id='$user_id' "; +$query .= "AND name_identifier='$nameIdentifier'"; + +$res =& $db->query($query); +if (DB::isError($res)) +{ + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); +} + +$logger->info("Delete Name Identifier '$nameIdentifier' for User '$user_id'"); + +switch($_GET['profile']) +{ + case 'redirect': + $url = $defederation->msgUrl; + $logger->info("Redirect user to $url"); + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url\r\n\r\n"); + break; + case 'soap': + $url = parse_url($defederation->msgUrl); + $soap = sprintf( + "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", + $url['path'], $url['host'], $url['port'], strlen($defederation->msgBody), $defederation->msgBody); + + $logger->info('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path']); + $logger->debug('SOAP Request : ' . $soap); + + $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); + socket_set_timeout($fp, 10); + fwrite($fp, $soap); + + read_http_response($fp, $header, $reponse); + + fclose($fp); + + $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); + $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); + + // TODO : check reponse status + + + break; + } + +?> + +<?php + lasso_shutdown(); +?> diff --git a/php/Attic/examples/sample-sp/index.php b/php/Attic/examples/sample-sp/index.php index 62c5faef..43948017 100644 --- a/php/Attic/examples/sample-sp/index.php +++ b/php/Attic/examples/sample-sp/index.php @@ -64,7 +64,11 @@ You can get more informations about <b>Lasso</b> at <br> session_start(); + lasso_init(); + + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> @@ -104,11 +108,48 @@ You can get more informations about <b>Lasso</b> at <br> <td><?php echo $config['providerID']; ?></td> <td><a href="login.php?profile=post">post</a> | <a href="login.php?profile=artifact">artifact</a></td> </tr> -<?php } else { ?> +<?php } else { + // User is federated with an Service Provider + if (isset($_SESSION['identity_dump'])) + { + $login = new LassoLogin($server); + $login->setIdentityFromDump($_SESSION['identity_dump']); + if (!empty($_SESSION['session_dump'])) + $login->setSessionFromDump($_SESSION['session_dump']); + $identity = $login->identity; + $providerIDs = $identity->providerIds; + + if ($providerIDs->length()) + { +?> <tr> - <td colspan="2">Single Logout</td> + <td align='center' colspan='2'>Cancel a Federation with :</td> +</tr> +<tr> + <td align='center'>Identity Provider</td><td align='center'>Profile</td> +</tr> +<?php + for($i = 0; $i < $providerIDs->length() ; $i++) + { + $providerID = $providerIDs->getItem($i); +?> +<tr> + <td align='center'><?php echo $providerID; ?></td> + <td align='center'> + <a href="cancel_federation.php?profile=redirect&with=<?php echo $providerID; ?>">Redirect</a> | + <a href="cancel_federation.php?profile=soap&with=<?php echo $providerID; ?>">SOAP</a> + </td> +</tr> +<tr> + <td colspan='2'> </td> +</tr> +<?php + } + } + } +?> <tr> - <td colspan="2"><a href="logout.php">Logout!</a></td> + <td>Single Logout using </td><td><a href="logout.php?profile=soap">SOAP</a></td> </tr> <?php } ?> </table> diff --git a/php/Attic/examples/sample-sp/metadata_idp1.xml b/php/Attic/examples/sample-sp/metadata_idp1.xml index 5dda1a22..afa9c9b2 100644 --- a/php/Attic/examples/sample-sp/metadata_idp1.xml +++ b/php/Attic/examples/sample-sp/metadata_idp1.xml @@ -4,14 +4,18 @@ xmlns="urn:liberty:metadata:2003-08"> <IDPDescriptor> - <SingleSignOnServiceURL>https://idp1:1998/singleSignOn.php</SingleSignOnServiceURL> + <SingleSignOnServiceURL>https://idp1:1998/singleSignOn</SingleSignOnServiceURL> <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile> - <SingleLogoutServiceURL>https://idp1:1998/singleLogout.php</SingleLogoutServiceURL> + <SingleLogoutServiceURL>https://idp1:1998/singleLogout</SingleLogoutServiceURL> <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile> - <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier.php</RegisterNameIdentifierServiceURL> + <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier</RegisterNameIdentifierServiceURL> <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile> + <FederationTerminationServiceURL>https://idp1:1998/federationTermination</FederationTerminationServiceURL> + <FederationTerminationServiceReturnURL>https://idp1:1998/federationTerminationReturn</FederationTerminationServiceReturnURL> + <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile> + <SoapEndpoint>https://idp1:1998/soapEndpoint.php</SoapEndpoint> diff --git a/php/Attic/examples/sample-sp/misc.php b/php/Attic/examples/sample-sp/misc.php new file mode 100644 index 00000000..df9709e5 --- /dev/null +++ b/php/Attic/examples/sample-sp/misc.php @@ -0,0 +1,55 @@ +<?php +/* + * Service Provider Example -- Misc functions + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +function read_http_response($fp, &$header, &$response) +{ + // header + do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); + + // chunked encoding + if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) + { + do { + $byte = ''; + $chunk_size = ''; + + do { + $chunk_size .= $byte; + $byte = fread($fp, 1); + } while ($byte != "\\r"); + + fread($fp, 1); + $chunk_size = hexdec($chunk_size); + $response .= fread($fp, $chunk_size); + fread($fp, 2); + } while ($chunk_size); + } + else + { + if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) + $response = @fread($fp, $matches[1]); + else + while (!feof($fp)) $response .= fread($fp, 1024); + } +} diff --git a/php/Attic/examples/sample-sp/setup.php b/php/Attic/examples/sample-sp/setup.php index 2886c88a..a27d3d05 100644 --- a/php/Attic/examples/sample-sp/setup.php +++ b/php/Attic/examples/sample-sp/setup.php @@ -284,6 +284,7 @@ ob_end_flush(); ob_end_flush(); ?> +<p><a href='index.php'>Back to Index</a></p> </body> </html> <?php diff --git a/php/Attic/examples/sample-sp/soapEndpoint.php b/php/Attic/examples/sample-sp/soapEndpoint.php new file mode 100644 index 00000000..ef7dcc8a --- /dev/null +++ b/php/Attic/examples/sample-sp/soapEndpoint.php @@ -0,0 +1,143 @@ +<?php +/* + * Identity Provider Example -- SOAP Endpoint + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + require_once 'Log.php'; + require_once 'DB.php'; + require_once 'session.php'; + + + $config = unserialize(file_get_contents('config.inc')); + + $server_dump = file_get_contents($config['server_dump_filename']); + + header("Content-Type: text/xml\r\n"); + + // connect to the data base + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + { + header("HTTP/1.0 500 Internal Server Error"); + exit; + } + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + + // session handler + session_set_save_handler("open_session", "close_session", + "read_session", "write_session", "destroy_session", "gc_session"); + + session_start(); + + if (empty($HTTP_RAW_POST_DATA)) + { + $logger->log("HTTP_RAW_POST_DATA is empty", PEAR_LOG_WARNING); + die("HTTP_RAW_POST_DATA is empty!"); + } + + lasso_init(); + + $requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA); + $server = LassoServer::newFromDump($server_dump); + + switch ($requestype) + { + case lassoRequestTypeLogout: + $logger->info("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR']); + + break; + case lassoRequestTypeDefederation: + $logger->info("SOAP Defederation Request from " . $_SERVER['REMOTE_ADDR']); + + $defederation = new LassoDefederation($server, lassoProviderTypeSp); + $defederation->processNotificationMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); + + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name Identifier is empty"); + exit; + } + + $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; + $res =& $db->query($query); + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name identifier '$nameIdentifier' doesn't correspond to any user"); + exit; + } + + $row = $res->fetchRow(); + $user_id = $row[0]; + $logger->debug("UserID is '$user_id"); + + $query = "SELECT identity_dump FROM users WHERE user_id='$user_id'"; + $res =& $db->query($query); + + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("User is not federated."); + exit; + } + $row = $res->fetchRow(); + $identity_dump = $row[0]; + + $defederation->setIdentityFromDump($identity_dump); + + // TODO : Get Session + + $defederation->validateNotification(); + + $identity = $defederation->identity; + + if (!isset($identity->dump)) + { + $identity_dump = $identity->dump; + } + + break; + default: + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("Unknown or unsupported SOAP request"); + } + +?> |