diff options
| author | Christophe Nowicki <cnowicki@easter-eggs.com> | 2005-01-25 15:31:39 +0000 |
|---|---|---|
| committer | Christophe Nowicki <cnowicki@easter-eggs.com> | 2005-01-25 15:31:39 +0000 |
| commit | acafd6b03f4b92587f3e4ec0af0c46cb3d037ba6 (patch) | |
| tree | 1f302ebcbad5efb37607401a50ceb583883752ed /php/Attic/examples/sample-idp | |
| parent | f0d06800bae38641b2ebdc77e2984c58423e9030 (diff) | |
Remove php samples from the lasso repository
I'm still working on it. I will release an independant Pear
package for Lasso 0.6.
The pear package repository is here:
https://meuh.dyndns.org/cgi-bin/viewcvs.cgi/lasso_pear/
Diffstat (limited to 'php/Attic/examples/sample-idp')
23 files changed, 0 insertions, 3396 deletions
diff --git a/php/Attic/examples/sample-idp/.cvsignore b/php/Attic/examples/sample-idp/.cvsignore deleted file mode 100644 index 22a4e729..00000000 --- a/php/Attic/examples/sample-idp/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -Makefile.in - diff --git a/php/Attic/examples/sample-idp/Makefile.am b/php/Attic/examples/sample-idp/Makefile.am deleted file mode 100644 index 5f2818fb..00000000 --- a/php/Attic/examples/sample-idp/Makefile.am +++ /dev/null @@ -1,21 +0,0 @@ -EXTRA_DIST = \ - admin_user.php \ - cancel_federation.php \ - create_metadata.php \ - defederate.php \ - edit_metadata.php \ - federate.php \ - index.php \ - log_view.php \ - login.php \ - logout.php \ - metadata_idp1.xml \ - metadata_sp1.xml \ - misc.php \ - session.php \ - setup.php \ - singleSignOn.php \ - soapEndpoint.php \ - user_add.php \ - view_session.php \ - README diff --git a/php/Attic/examples/sample-idp/README b/php/Attic/examples/sample-idp/README deleted file mode 100644 index e69de29b..00000000 --- a/php/Attic/examples/sample-idp/README +++ /dev/null diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php deleted file mode 100644 index 05767f14..00000000 --- a/php/Attic/examples/sample-idp/admin_user.php +++ /dev/null @@ -1,306 +0,0 @@ -<?php -/* - * Identity Provider Example -- User Administration - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - $number_of_users = 5; - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - // Show XML dump - if (!empty($_GET['dump']) && !empty($_GET['type'])) - { - $query = "SELECT " . ($_GET['type'] == 'identity' ? 'identity' : 'session') . - $query .= "_dump FROM users WHERE user_id=".$db->quoteSmart($_GET['dump']); - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $row = $res->fetchRow(); -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<body onLoad="window.focus();"> -<table> -<caption><?php echo ($_GET['type'] == 'identity' ? 'Identity' : 'Session'); ?> Dump</caption> -<tr> - <td> - <textarea rows="15" cols="50"><?php echo htmlentities($row[0], ENT_QUOTES); ?></textarea> - </td> -</tr> -<tr> -<td align="center"><a href="javascript:window.close(self)">Close</a></td> -</tr> -</table> -</body> -</html> -<?php - exit; - } - - if (!empty($_GET['del'])) { - - $query = "DELETE FROM nameidentifiers WHERE user_id=".$db->quoteSmart($_GET['del']); - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $query = "DELETE FROM users WHERE user_id=".$db->quoteSmart($_GET['del']); - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $logger->log("Delete User '".$_GET['del']."'", PEAR_LOG_NOTICE); - } - - lasso_init(); - - // Create Lasso Server - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); - - // Lasso User - $login = new LassoLogin($server); - - // Count users - $query = "SELECT COUNT(*) FROM users"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $row = $res->fetchRow(); - $count = $row[0]; - - - $startUser = ((empty($_GET['startUser'])) ? 0 : $_GET['startUser']); - - $query = "SELECT * FROM users"; - - if (!isset($_GET['show_all'])) - $query .= " OFFSET $startUser LIMIT " . ($startUser + $number_of_users); - $res =& $db->query($query); - - if (DB::isError($db)) - die($db->getMessage()); -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<head> -<title>Lasso Identity Provider Example : Users Management</title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" /> -<script language="JavaScript" type="text/javascript"> -<!-- - - function openpopup(popurl) - { - var winpops=window.open(popurl,"","width=400,height=300") - } - - function ToggleAll() - { - for (var i = 0; i < document.frm.elements.length; i++) - { - if(document.frm.elements[i].type == 'checkbox') - document.frm.elements[i].checked = !(document.frm.elements[i].checked); - } - } - -//--> -</script> -</head> - -<body> -<form name='frm' method=> -<table border="1" align="center"> -<caption>Users</caption> -<?php - $num_col = $res->numCols(); - $tableinfo = $db->tableInfo($res); -?> -<thead> -<tr> - <td colspan='<?php echo $num_col + 1; ?>'> - - <?php - if ($startUser) - echo "<a href=$PHP_SELF?startUser=" . ($startUser - $number_of_users) . ">Previous</a>"; - else - echo "Previous" - ?> - | - <?php - if ((($count - $startUser) > $number_of_users) && !isset($_GET['show_all'])) - echo "<a href=$PHP_SELF?startUser=" . ($startUser + $number_of_users) . ">Next</a>"; - else - echo "Next"; - - if (isset($_GET['show_all'])) - echo "| <a href=\"" . $PHP_SELF ."?startUser=0\">Paginate</a>"; - else - { - for ($i = 0; $i < $count; $i += $number_of_users) - if ($i == $startUser) - echo "| " . ( $i / $number_of_users); - else - echo "| <a href=\"$PHP_SELF?startUser=$i\">" . ( $i / $number_of_users) . "</a>"; - if ($count > $number_of_users) - echo "| <a href=\"$PHP_SELF?show_all=1\">Show All</a>"; - } - if ($count) - { - ?> - | <a href="javascript:void(0)" onClick="ToggleAll();">Toggle All</a> - <?php - } - ?> - </td> - <td align='right'><a href="javascript:openpopup('user_add.php')">add user</a></td> -</tr> -<tr align="center"> -<td> </td> -<?php - for ($i = 0; $i < $num_col; $i++) { - echo "<td><b>" . $tableinfo[$i]['name'] ."</b></td>"; - } -?> -<td> </td> -</tr> -</thead> -<tbody> -<?php - while ($row =& $res->fetchRow()) { -?> -<tr align="center"> -<td rowspan="2"> - <input type='checkbox' name='uid' value='<?php $row[0]; ?>'> -</td> -<?php - for ($i = 0; $i < $num_col; $i++) - { - ?> - <td> - <?php - // show row content - switch ($tableinfo[$i]['name']) - { - case "identity_dump": - $identity_dump = $row[$i]; - if (empty($row[$i])) - echo " "; - else - echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=identity')>view</a>"; - break; - case "session_dump": - $session_dump = $row[$i]; - if (empty($row[$i])) - echo " "; - else - echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=session')>view</a>"; - break; - default: - echo (empty($row[$i])) ? " " : $row[$i]; - } - ?> - </td> - <?php - } - ?> - <td rowspan="2"> - <a href="<?php echo $PHP_SELF . '?del=' . $row[0]; ?>">delete</a> - <a href="javascript:openpopup('user_edit.php?user_id=<?php echo ?>')">edit</a> - </td> -</tr> -<tr> - <td colspan="<?php echo $num_col; ?>" align='center'> - <?php - // get all federations for this user - if (!empty($identity_dump)) - { - $login->setIdentityFromDump($identity_dump); - $identity = $login->identity; - $providerIDs = $identity->providerIds; -?> -<table width="100%"> -<?php - for($i = 0; $i < $providerIDs->length() ; $i++) - { -?> -<tr> - <td align='center'><?php echo $providerIDs->getItem($i); ?></td> - <td align='right'><a href="">cancel federation</a></td> -</tr> -<?php - } -?> -</table> -<?php - } - else - echo "Not Federated with an Service Provider."; - ?> - </td> -</tr> -<?php -} -?> -</tbody> -<tfoot> -<tr> - <td colspan="<?php echo $num_col + 1; ?>"> </td> - <td>Total: <?php echo $count; ?> Users</td> -</tr> -</tfoot> -</table> -</form> - -<br> -<p align='center'><a href='index.php'>Index</a> -</p> - -<br> -<p>Copyright © 2004, 2005 Entr'ouvert</p> - -</body> - -</html> -<?php - lasso_shutdown(); -?> diff --git a/php/Attic/examples/sample-idp/cancel_federation.php b/php/Attic/examples/sample-idp/cancel_federation.php deleted file mode 100644 index 9593d957..00000000 --- a/php/Attic/examples/sample-idp/cancel_federation.php +++ /dev/null @@ -1,225 +0,0 @@ -<?php -/* - * Identity Provider Example -- Cancel Federation with an Service Provider - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - $methodes = array('redirect' => lassoHttpMethodRedirect, 'soap' => lassoHttpMethodSoap); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - if (empty($_GET['profile'])) - { - $logger->err("Cancel Federation called without profile."); - die("Cancel Federation called without profile."); - } - - if (empty($_GET['with'])) - { - $logger->err("Cancel Federation called without providerID."); - die("Cancel Federation called without providerID."); - } - - session_start(); - - lasso_init(); - - if (empty($_SESSION['user_id'])) - { - $logger->err("UserID is empty, user is not logged in."); - die("UserID is empty, user is not logged in."); - } - - if (empty($_SESSION['identity_dump'])) - { - $logger->err("Identity Dump is empty, user is not federated."); - die("Identity Dump is empty, user is not federated."); - } - - if (!in_array($_GET['profile'], array_keys($methodes))) - { - die("Unknown defederation profile : " . $_GET['profile']); - $logger->err("Unknown defederation profile : " . $_GET['profile']); - } - - $user_id = $_SESSION['user_id']; - - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); - - $defederation = new LassoDefederation($server, lassoProviderTypeIdp); - $defederation->setIdentityFromDump($_SESSION['identity_dump']); - - if (!empty($_SESSION['session_dump'])) - $defederation->setSessionFromDump($_SESSION['session_dump']); - - $logger->debug("Create Cancel Federation Notification for User '" . $_SESSION["user_id"] . - "' with Service Provider '" . $_GET['with']. "'"); - - $defederation->initNotification($_GET['with'], $methodes[$_GET['profile']]); - - $defederation->buildNotificationMsg(); - $nameIdentifier = $defederation->nameIdentifier; - if (empty($nameIdentifier)) - { - $loggery>err("Name Identifier is empty."); - die("Name Identifier is empty."); - } - - $identity = $defederation->identity; - if (isset($defederation->identity)) - { - // Update identity dump - $identity_dump = $identity->dump(); - $_SESSION['identity_dump'] = $identity_dump; - $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); - } - else // Delete identity and session dumps - $query = "UPDATE users SET identity_dump=''"; - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - die("Internal Server Error"); - } - $logger->debug("Update user '$user_id' identity dump in the database"); - - // Update session dump, if available - if (!empty($_SESSION['sesion_dump']) && $defederation->isSessionDirty) - { - $session = $defederation->session; - $session_dump = $session->dump(); - $_SESSION['session_dump'] = $session_dump; - - $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - die("Internal Server Error"); - } - $logger->debug("Update user '$user_id' session dump in the database"); -} - -// Delete Name Identifier -$query = "DELETE FROM nameidentifiers WHERE user_id='$user_id' "; -$query .= "AND name_identifier='$nameIdentifier'"; - -$res =& $db->query($query); -if (DB::isError($res)) -{ - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - die("Internal Server Error"); -} - -$logger->info("Delete Name Identifier '$nameIdentifier' for User '$user_id'"); - -switch($_GET['profile']) -{ - case 'redirect': - $url = $defederation->msgUrl; - $logger->info("Redirect user to $url"); - - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - break; - case 'soap': - $url = parse_url($defederation->msgUrl); - $soap = sprintf( - "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", - $url['path'], $url['host'], $url['port'], strlen($defederation->msgBody), $defederation->msgBody); - - $logger->info('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path']); - $logger->debug('SOAP Request : ' . $soap); - - $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); - socket_set_timeout($fp, 10); - fwrite($fp, $soap); - - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = @fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } - fclose($fp); - - $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); - $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); - - // TODO : check reponse status - - - break; - } - -?> - -<?php - lasso_shutdown(); -?> diff --git a/php/Attic/examples/sample-idp/create_metadata.php b/php/Attic/examples/sample-idp/create_metadata.php deleted file mode 100644 index e55e79ab..00000000 --- a/php/Attic/examples/sample-idp/create_metadata.php +++ /dev/null @@ -1,144 +0,0 @@ -<?php -/* - * Identity Provider Example -- Form for creating Service Provider Metadata - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - - $form = new HTML_QuickForm('frm'); - - $form->setDefaults(array( - 'providerID' => 'https://', - 'AssertionConsumerService' => 'https://', - 'SoapEndpoint' => 'https://', - 'SingleLogoutService' => 'https://', - 'RegisterNameIdentifierService' => 'https://', - 'AuthnRequestsSigned' => 1, - 'filename' => getcwd().'/metadata.xml' - )); - - $form->addElement('header', null, 'Create Liberty Alliance Metadata for an Service Provider'); - $form->addElement('text', 'providerID', 'providerID:', array('size' => 60, 'maxlength' => 255)); - - $form->addElement('text', 'AssertionConsumerService', 'AssertionConsumerService:', array('size' => 60, 'maxlength' => 255)); - - $form->addElement('text', 'SingleLogoutService', 'SingleLogoutService:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('select', 'SingleLogoutProtocolProfile', 'SingleLogoutProtocolProfile:', array('http://projectliberty.org/profiles/slo-idp-soap')); - - $form->addElement('text', 'RegisterNameIdentifierService', 'RegisterNameIdentifierService:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('select', 'RegisterNameIdentifierProtocolProfile', 'RegisterNameIdentifierProtocolProfile:', array('http://projectliberty.org/profiles/rni-sp-soap')); - - $form->addElement('text', 'SoapEndpoint', 'SoapEndpoint:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('checkbox', 'AuthnRequestsSigned', 'Authn Requests must be signed? :', ''); - - $form->addElement('textarea', 'metadata', 'Metadata:', array('cols' => 60, 'rows' => 15)); - $form->addElement('text', 'filename', 'Filename:', array('size' => 60, 'maxlength' => 255)); - - $button[] = &HTML_QuickForm::createElement('button', null, 'Preview', array('onclick' => "write_metadata_preview();")); - $button[] = &HTML_QuickForm::createElement('submit', null, 'Write Metadata'); - - $form->addGroup($button, null, null, ' ', false); - - if ($form->validate()) { - - $xml = "<?xml version=\"1.0\"?> -<EntityDescriptor providerID=\"". $form->exportValue('providerID') ."\" xmlns=\"urn:liberty:metadata:2003-08\"> -<SPDescriptor> - <AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">" . $form->exportValue('AssertionConsumerService') . "</AssertionConsumerServiceURL>\n - <SingleLogoutServiceURL>" . $form->exportValue('SingleLogoutService') . "</SingleLogoutServiceURL> - <SingleLogoutProtocolProfile>" . $form->exportValue('SingleLogoutProtocolProfile') . "</SingleLogoutProtocolProfile>\n - <RegisterNameIdentifierServiceURL>" . $form->exportValue('RegisterNameIdentifierService') . "</RegisterNameIdentifierServiceURL> - <RegisterNameIdentifierProtocolProfile>" . $form->exportValue('RegisterNameIdentifierProtocolProfile') . "</RegisterNameIdentifierProtocolProfile>\n - <SoapEndpoint>" . $form->exportValue('SoapEndpoint') . "</SoapEndpoint>\n - <AuthnRequestsSigned>" . (($form->exportValue('AuthnRequestsSigned')) ? 'true' : 'false') . "</AuthnRequestsSigned> -</SPDescriptor> -</EntityDescriptor>"; - - - if (($fd = fopen($form->exportValue('filename'), "w"))) - { - fwrite($fd, $xml); - fclose($fd); - } - else - die("Could not write metadata file :" . $form->exportValue('filename')); -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<head> -<script type="text/javascript"> -<!-- - function set_and_close() - { - opener.document.frm.metadata.value = '<?php echo $form->exportValue('filename'); ?>'; - window.close(); - } -// --> -</script> -</head> -<body onLoad="set_and_close()"> -</body> -</html> -<?php - exit; - } -?> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<head> -<script language="JavaScript" type="text/javascript"> -<!-- - - function write_metadata_preview(popurl) - { - frm = document.frm; - - frm.metadata.value = - '<\?xml version=\"1.0\"\?>\n' + - '<EntityDescriptor\n' + - 'providerID="' + frm.providerID.value + '\"\n' + - 'xmlns=\"urn:liberty:metadata:2003-08\">\n' + - '<SPDescriptor>\n' + - '<AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">' + - frm.AssertionConsumerService.value + '</AssertionConsumerServiceURL>\n' + - '<SingleLogoutServiceURL>' + frm.SingleLogoutService.value + '</SingleLogoutServiceURL>\n' + - '<SingleLogoutProtocolProfile>' + frm.SingleLogoutProtocolProfile.options[frm.SingleLogoutProtocolProfile.value].text + '</SingleLogoutProtocolProfile>\n' + - '<RegisterNameIdentifierServiceURL>' + frm.RegisterNameIdentifierService.value + '</RegisterNameIdentifierServiceURL>\n' + - '<RegisterNameIdentifierProtocolProfile>' + frm.RegisterNameIdentifierProtocolProfile.options[frm.RegisterNameIdentifierProtocolProfile.value].text + '</RegisterNameIdentifierProtocolProfile>\n' + - '<SoapEndpoint>' + frm.SoapEndpoint.value + '</SoapEndpoint>\n' + - '<AuthnRequestsSigned>' + ((frm.AuthnRequestsSigned.value) ? 'true' : 'false') + '</AuthnRequestsSigned>\n' + - '</SPDescriptor>\n' + - '</EntityDescriptor>'; - } -//--> -</script> -</head> -<body> -<?php - $form->display(); -?> -<br> -<p>Copyright © 2004, 2005 Entr'ouvert</p> -</body> -</html> diff --git a/php/Attic/examples/sample-idp/defederate.php b/php/Attic/examples/sample-idp/defederate.php deleted file mode 100644 index e2c107e8..00000000 --- a/php/Attic/examples/sample-idp/defederate.php +++ /dev/null @@ -1,32 +0,0 @@ -<?php -/* - * Identity Provider Example -- Destroy Federation - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - session_start(); - - if (!isset($_SESSION['user_id'])) - { - die("User is not logged in!\n"); - } - -?> diff --git a/php/Attic/examples/sample-idp/edit_metadata.php b/php/Attic/examples/sample-idp/edit_metadata.php deleted file mode 100644 index 78795c57..00000000 --- a/php/Attic/examples/sample-idp/edit_metadata.php +++ /dev/null @@ -1,61 +0,0 @@ -<?php -/* - * Identity Provider Example -- Setup - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - $filename = $_GET['filename']; - if (!empty($filename) && file_exists($filename)) - { - require_once 'HTML/QuickForm.php'; - - $form = new HTML_QuickForm('frm'); - - $form->addElement('header', null, 'Edit Liberty Alliance Metadata for an Service Provider'); - $form->addElement('text', 'providerID', 'providerID:', array('size' => 60, 'maxlength' => 255)); - - $form->addElement('text', 'AssertionConsumerService', 'AssertionConsumerService:', array('size' => 60, 'maxlength' => 255)); - - $form->addElement('text', 'SingleLogoutService', 'SingleLogoutService:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('select', 'SingleLogoutProtocolProfile', 'SingleLogoutProtocolProfile:', array('http://projectliberty.org/profiles/slo-idp-soap')); - - $form->addElement('text', 'RegisterNameIdentifierService', 'RegisterNameIdentifierService:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('select', 'RegisterNameIdentifierProtocolProfile', 'RegisterNameIdentifierProtocolProfile:', array('http://projectliberty.org/profiles/rni-sp-soap')); - - $form->addElement('text', 'SoapEndpoint', 'SoapEndpoint:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('checkbox', 'AuthnRequestsSigned', 'Authn Requests must be signed? :', ''); -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<head> - <title>Edit Metadata</title> -</head> -<body> -<?php - $form->display(); -?> -<br> -<p>Copyright © 2004, 2005 Entr'ouvert</p> -</body> -</html> -<?php - } -?> diff --git a/php/Attic/examples/sample-idp/federate.php b/php/Attic/examples/sample-idp/federate.php deleted file mode 100644 index 46da3fc9..00000000 --- a/php/Attic/examples/sample-idp/federate.php +++ /dev/null @@ -1,32 +0,0 @@ -<?php -/* - * Identity Provider Example -- Create Federation - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - session_start(); - - if (!isset($_SESSION['user_id'])) - { - die("User is not logged in!\n"); - } - -?> diff --git a/php/Attic/examples/sample-idp/idp_openssl.cnf b/php/Attic/examples/sample-idp/idp_openssl.cnf deleted file mode 100644 index 7336057c..00000000 --- a/php/Attic/examples/sample-idp/idp_openssl.cnf +++ /dev/null @@ -1,19 +0,0 @@ -[ req ] -default_bits = 2048 -encrypt_key = yes -distinguished_name = req_dn -x509_extensions = cert_type -prompt = no - -[ req_dn ] -C=FR -ST=Ile de France -L=Paris -O=Entrouvert -OU=Automatically-generated SSL key -CN=idp1 -emailAddress=webmaster@domain.com - -[ cert_type ] -nsCertType = server - diff --git a/php/Attic/examples/sample-idp/index.php b/php/Attic/examples/sample-idp/index.php deleted file mode 100644 index 3fda8a13..00000000 --- a/php/Attic/examples/sample-idp/index.php +++ /dev/null @@ -1,193 +0,0 @@ -<?php -/* - * Identity Provider Example -- Index File - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'DB.php'; - require_once 'session.php'; - - if(!extension_loaded('lasso')) { - $ret = @dl('lasso.' . PHP_SHLIB_SUFFIX); - if ($ret == FALSE) - { -?> -<p align='center'><b>The Lasso Extension is not available</b><br> -Please check your PHP extensions<br> -You can get more informations about <b>Lasso</b> at <br> -<a href='http://lasso.entrouvert.org/'>http://lasso.entrouvert.org/</a></p> -<?php - exit(); - } - } - - if (!file_exists('config.inc')) - { -?> -<p align='center'><b>Identity Provider Configuration file is not available</b><br> -Please run the setup script :<br> -<a href='setup.php'>Lasso Service Provider Setup</a><br> -You can get more informations about <b>Lasso</b> at <br> -<a href='http://lasso.entrouvert.org/'>http://lasso.entrouvert.org/</a></p> -<?php - exit(); - } - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - lasso_init(); - - // Create Lasso Server - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> -<head> -<title>Lasso Identity Provider Example</title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" /> -</head> - -<body> -<p align='center'> - <b>Identity Provider Administration</b><br> - <a href="setup.php">Setup</a><br> - <a href="admin_user.php">Users Management</a><br> - <a href="view_session.php">View Online Users</a> -<?php if ($config['log_handler'] == 'sql') { ?> - <br><a href="log_view.php">View log</a> -<?php } ?> -</p> -<p align='center'> - <b>Identity Provider Fonctionnality</b> -</p> -<?php - if (!isset($_SESSION["user_id"])) { - ?> -<p align='center'> - <a href="login.php">Local Login</a></p> -<?php - } - else - { - if (isset($_SESSION['identity_dump'])) - { - $login = new LassoLogin($server); - $login->setIdentityFromDump($_SESSION['identity_dump']); - if (!empty($_SESSION['session_dump'])) - $login->setSessionFromDump($_SESSION['sesion_dump']); - $identity = $login->identity; - $providerIDs = $identity->providerIds; - - if ($providerIDs->length()) - { -?> -<p align='center'>Cancel a Federation with :</p> -<p align='center'> -<table align='center'> -<thead> -<tr> - <td align='center'>Service Provider</td> - <td align='center'>Profile</td> -</tr> -</thead> -<tbody> -<?php - for($i = 0; $i < $providerIDs->length() ; $i++) - { - $providerID = $providerIDs->getItem($i); -?> -<tr> - <td align='center'><?php echo $providerID; ?></td> - <td align='center'> - <a href="cancel_federation.php?profile=redirect&with=<?php echo $providerID; ?>">Redirect</a> | - <a href="cancel_federation.php?profile=soap&with=<?php echo $providerID; ?>">SOAP</a> - </td> -</tr> -<?php - } -?> -</tbody> -</table> -</p> -<?php - } - else - { -?> -<p align='center'>Your are not Federated with an Service Provider.</p> -<?php - } - } -?> -<p align='center'> -<a href="logout.php">Local Logout</a></p> -<?php } ?> - -<p align='center'> -<table align='center'> -<caption><b>Status</b></caption> -<tr> - <?php - if (!isset($_SESSION["user_id"])) - { - echo "<td>User is <b>not</b> logged in!</td>"; - } - else - { - ?> - <td colspan='2' align="center">User <b>is</b> logged in!</td> -</tr> -<tr> - <td><b>UserID:</b></td><td><?php echo $_SESSION["user_id"]; ?></td> -</tr> -<tr> - <td><b>User Name:</b></td><td><?php echo $_SESSION["username"]; ?></td> -</tr> -<tr> - <td><b>PHP Session ID:</b></td><td><?php echo session_id(); ?></td> -</tr> -<?php - } -?> -</table> - -<br> -<p align='center'>Copyright © 2004, 2005 Entr'ouvert</p> - -</body> - -</html> -<?php - lasso_shutdown(); -?> diff --git a/php/Attic/examples/sample-idp/log_view.php b/php/Attic/examples/sample-idp/log_view.php deleted file mode 100644 index 40f2025d..00000000 --- a/php/Attic/examples/sample-idp/log_view.php +++ /dev/null @@ -1,160 +0,0 @@ -<?php -/* - * Identity Provider Example -- View log - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - require_once 'DB.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - if ($config['log_handler'] != 'sql') - die("Unsupported log handler"); - - $number_of_msg = 8; - - // Count log messages - $query = "SELECT COUNT(*) FROM log"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $row = $res->fetchRow(); - $count = $row[0]; - - $startMsg = ((empty($_GET['startMsg'])) ? 0 : $_GET['startMsg']); - - $query = "SELECT * FROM log ORDER BY id DESC"; - if (!isset($_GET['show_all'])) - $query .= " OFFSET $startMsg LIMIT " . ($startMsg + $number_of_msg); - - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $numRows = $res->numRows(); - -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<head> -<head> - <title>Lasso Identity Provider Example : View Logs</title> -</head> -<body> -<br> -<table border='1' width='100%'> -<caption>Logged events</caption> -<thead> -<tr> - <td colspan='4'> - <?php - if ($startMsg) - echo "<a href=$PHP_SELF?startMsg=" . ($startMsg - $number_of_msg) . ">Previous</a>"; - else - echo "Previous" - ?> - | - <?php - if ((($count - $startMsg) > $number_of_users) && !isset($_GET['show_all'])) - echo "<a href=\"" . $PHP_SELF . "?startMsg=" . ($startMsg + $number_of_msg) . "\">Next</a>"; - else - echo "Next"; - - if (isset($_GET['show_all'])) - echo "| <a href=\"" . $PHP_SELF ."?startMsg=0\">Paginate</a>"; - else - { - for ($i = 0; $i < $count; $i += $number_of_msg) - if ($i == $startMsg) - echo "| " . ( $i / $number_of_msg); - else - echo "| <a href=\"$PHP_SELF?startMsg=$i\">" . ( $i / $number_of_msg) . "</a>"; - if ($count > $number_of_msg) - echo "| <a href=\"$PHP_SELF?show_all=1\">Show All</a>"; - } - ?> - </td> -</tr> -<tr> - <td align='center'>date</td> - <td align='center'>filename</td> - <td align='center'>priority</td> - <td align='center'>message</td> -</tr> -</thead> -<tbody> -<?php - if ($numRows) - { - $num_col = $res->numCols(); - $tableinfo = $db->tableInfo($res); - - $desc = array("emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug"); - - while($row = $res->fetchRow()) - { - echo "<tr>"; - for ($i = 0; $i < $num_col; $i++) - { - switch ($tableinfo[$i]['name']) - { - case "id": - break; - case "priority": - echo "<td align='center'>" . $desc[$row[$i]] . "</td>"; - break; - case "message": - echo "<td>" . $row[$i] . "</td>"; - break; - default: - echo "<td align='center'>" . $row[$i] . "</td>"; - } - } - echo "</tr>"; - } - } -?> -<tr> -</tr> -</tbody> -<tfoot> -<tr> - <td colspan='4'> </td> -</tr> -</tfoot> -</table> -<br> -<p align='center'><a href='index.php'>Index</a> -</p> -<br> -<p>Copyright © 2004, 2005 Entr'ouvert</p> -</body> -</html> - diff --git a/php/Attic/examples/sample-idp/login.php b/php/Attic/examples/sample-idp/login.php deleted file mode 100644 index 7c4d3c3d..00000000 --- a/php/Attic/examples/sample-idp/login.php +++ /dev/null @@ -1,182 +0,0 @@ -<?php -/* - * Identity Provider Example -- Local Login - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - /* - * - */ - function sendHTTPBasicAuth() - { - global $logger; - - header('WWW-Authenticate: Basic realm="Lasso Identity Provider One"'); - header('HTTP/1.0 401 Unauthorized'); - echo "Acces Denied"; - $logger->log("User from '" . $_SERVER['REMOTE_ADDR'] . "' pressed the cancel button during HTTP basic authentication request", PEAR_LOG_NOTICE); - } - - function startLocalSession($user_id, $username) - { - global $db, $logger; - - $_SESSION['user_id'] = $user_id; - $_SESSION['username'] = $username; - - $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; - - $res =& $db->query($query); - - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("Could not fetch identity and session dump"); - } - if ($res->numRows()) - { - $row = $res->fetchRow(); - if (!empty($row[0])) - $_SESSION['identity_dump'] = $row[0]; - if (!empty($row[1])) - $_SESSION['session_dump'] = $row[1]; - } - - $logger->log("User '$username' ($user_id) authenticated, local session started", PEAR_LOG_NOTICE); - - $url = 'index.php'; - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - exit; - } - - /* - * This function authentificate the user against the Users Database - */ - function authentificateUser($db, $username, $password) - { - global $logger; - - $query = "SELECT user_id FROM users WHERE username=".$db->quoteSmart($username); - $query .= " AND password=".$db->quoteSmart($password); - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("Internal Server Error"); - } - - if ($res->numRows()) - { - $row = $res->fetchRow(); - return ($row[0]); - } - return (0); - } - - if ($config['auth_type'] == 'auth_basic') - { - if (!isset($_SERVER['PHP_AUTH_USER'])) - { - sendHTTPBasicAuth(); - exit; - } - else - { - // Check Login and Password - if (!($user_id = authentificateUser($db, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))) - { - $logger->warning("Authentication failure with login '". $_SERVER['PHP_AUTH_USER'] . " password '" - . $_SERVER['PHP_AUTH_PW'] ."' IP " . $_SERVER['REMOTE_ADDR']); - sendHTTPBasicAuth(); - exit; - } - else - startLocalSession($user_id, $_SERVER['PHP_AUTH_USER']); - } - } - else if ($config['auth_type'] == 'auth_form') - { - - $form = new HTML_QuickForm('frm'); - - $form->addElement('header', null, 'Login on the Lasso Identity Provider Example'); - - $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('submit', null, 'Ok'); - - $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); - $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); - - if ($form->validate()) - { - if (($user_id = authentificateUser($db, $form->exportValue('username'), $form->exportValue('password')))) - { - startLocalSession($user_id, $form->exportValue('username')); - } - else - $logger->log("Authentication failure with login '".$form->exportValue('username')." password '". $form->exportValue('password') ."' IP '" . $_SERVER['REMOTE_ADDR']."'", PEAR_LOG_WARNING); - } -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<body> -<?php - $form->display(); -?> -</body> -</html> -<?php - } - else - { - $logger->log("Unknown authentification type '". $config['auth_type'] ."', check IdP setup", PEAR_LOG_ALERT); - die('Unknown authentification type'); - } -?> diff --git a/php/Attic/examples/sample-idp/logout.php b/php/Attic/examples/sample-idp/logout.php deleted file mode 100644 index 4089c8dd..00000000 --- a/php/Attic/examples/sample-idp/logout.php +++ /dev/null @@ -1,55 +0,0 @@ -<?php -/* - * Identity Provider Example -- Local Logout - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - // Destroy The PHP Session - $_SESSION = array(); - session_destroy(); - - $url = "index.php"; - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - exit; -?> diff --git a/php/Attic/examples/sample-idp/metadata_idp1.xml b/php/Attic/examples/sample-idp/metadata_idp1.xml deleted file mode 100644 index af84f259..00000000 --- a/php/Attic/examples/sample-idp/metadata_idp1.xml +++ /dev/null @@ -1,44 +0,0 @@ -<?xml version="1.0"?> -<EntityDescriptor - providerID="https://idp1.lasso.lan/metadata" - xmlns="urn:liberty:metadata:2003-08"> - <IDPDescriptor> - - <SingleSignOnServiceURL>https://idp1.lasso.lan:1998/singleSignOn</SingleSignOnServiceURL> - <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</SingleSignOnProtocolProfile> - <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</SingleSignOnProtocolProfile> - - <SingleLogoutServiceURL>https://idp1.lasso.lan:1998/singleLogout</SingleLogoutServiceURL> - <SingleLogoutServiceReturnURL>https://idp1.lasso.lan:1998/singleLogoutReturn</SingleLogoutServiceReturnURL> - <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile> - <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</SingleLogoutProtocolProfile> - <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</SingleLogoutProtocolProfile> - <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</SingleLogoutProtocolProfile> - - <FederationTerminationServiceURL>https://idp1.lasso.lan:1998/federationTermination</FederationTerminationServiceURL> - <FederationTerminationServiceReturnURL>https://idp1.lasso.lan:1998/federationTerminationReturn</FederationTerminationServiceReturnURL> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</FederationTerminationNotificationProtocolProfile> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</FederationTerminationNotificationProtocolProfile> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile> - - <RegisterNameIdentifierServiceURL>https://idp1.lasso.lan:1998/registerNameIdentifier</RegisterNameIdentifierServiceURL> - <RegisterNameIdentifierServiceReturnURL>https://idp1.lasso.lan:1998/registerNameIdentifierReturn</RegisterNameIdentifierServiceReturnURL> - <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</RegisterNameIdentifierProtocolProfile> - <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</RegisterNameIdentifierProtocolProfile> - <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile> - <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile> - - <NameIdentifierMappingProtocolProfile>http://projectliberty.org/profiles/nim-sp-http</NameIdentifierMappingProtocolProfile> - - <SoapEndpoint>https://idp1.lasso.lan:1998/soapEndpoint</SoapEndpoint> - -</IDPDescriptor> - -<Organization> - <OrganizationName>Identity Provider idp1.lasso.lan</OrganizationName> - <OrganizationDisplayName xml:lang="en">Identity Provider 1</OrganizationDisplayName> - <OrganizationURL xml:lang="en">http://idp1.lasso.lan/</OrganizationURL> -</Organization> - -</EntityDescriptor> diff --git a/php/Attic/examples/sample-idp/metadata_sp1.xml b/php/Attic/examples/sample-idp/metadata_sp1.xml deleted file mode 100644 index cf2fad08..00000000 --- a/php/Attic/examples/sample-idp/metadata_sp1.xml +++ /dev/null @@ -1,42 +0,0 @@ -<?xml version="1.0"?> -<EntityDescriptor - providerID="https://sp1.lasso.lan/metadata" - xmlns="urn:liberty:metadata:2003-08"> - <SPDescriptor> - - <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://sp1.lasso.lan:2006/assertionConsumer</AssertionConsumerServiceURL> - - <SingleLogoutServiceURL>https://sp1.lasso.lan:2006/singleLogout</SingleLogoutServiceURL> - <SingleLogoutServiceReturnURL>https://sp1.lasso.lan:2006/singleLogoutReturn</SingleLogoutServiceReturnURL> - <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile> - <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</SingleLogoutProtocolProfile> - <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</SingleLogoutProtocolProfile> - <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</SingleLogoutProtocolProfile> - - <FederationTerminationServiceURL>https://sp1.lasso.lan:2006/federationTermination</FederationTerminationServiceURL> - <FederationTerminationServiceReturnURL>https://sp1.lasso.lan:2006/federationTerminationReturn</FederationTerminationServiceReturnURL> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</FederationTerminationNotificationProtocolProfile> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</FederationTerminationNotificationProtocolProfile> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile> - - <RegisterNameIdentifierServiceURL>https://sp1.lasso.lan:2006/registerNameIdentifier</RegisterNameIdentifierServiceURL> - <RegisterNameIdentifierServiceReturnURL>https://sp1.lasso.lan:2006/registerNameIdentifierReturn</RegisterNameIdentifierServiceReturnURL> - <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</RegisterNameIdentifierProtocolProfile> - <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</RegisterNameIdentifierProtocolProfile> - <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile> - <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile> - - <SoapEndpoint>https://sp1.lasso.lan:2006/soapEndpoint</SoapEndpoint> - - <AuthnRequestsSigned>true</AuthnRequestsSigned> - - </SPDescriptor> - -<Organization> - <OrganizationName>Service Provider sp1.lasso.lan</OrganizationName> - <OrganizationDisplayName xml:lang="en">Service Provider 1</OrganizationDisplayName> - <OrganizationURL xml:lang="en">http://sp1.lasso.lan/</OrganizationURL> -</Organization> - -</EntityDescriptor> diff --git a/php/Attic/examples/sample-idp/misc.php b/php/Attic/examples/sample-idp/misc.php deleted file mode 100644 index 9f305b13..00000000 --- a/php/Attic/examples/sample-idp/misc.php +++ /dev/null @@ -1,68 +0,0 @@ -<?php -/* - * Service Provider Example -- Misc functions - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -function read_http_response($fp, &$header, &$response) -{ - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = @fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } -} - -function isDBError($res) -{ - global $logger; - - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("Internal Server Error"); - } -} - diff --git a/php/Attic/examples/sample-idp/session.php b/php/Attic/examples/sample-idp/session.php deleted file mode 100644 index b51bb893..00000000 --- a/php/Attic/examples/sample-idp/session.php +++ /dev/null @@ -1,86 +0,0 @@ -<?php -/* - * Pear::DB session handler - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - -function open_session ($save_path, $session_name) { - return(true); -} - -function close_session() { - global $db; - $db->disconnect(); - return(true); -} - -function read_session ($id) { - global $db; - - $query = "SELECT * FROM sessions WHERE id='$id'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - exit; - die($res->getMessage()); - } - - if ($res->numRows() == 1) - { - $row = $res->fetchRow(); - return ($row[2]); - } else { - return(""); - } -} - -function write_session ($id, $sess_data) { - global $db; - - $query = "DELETE FROM sessions WHERE id='$id'"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $query = "INSERT INTO sessions(id, lastupdate, data) VALUES('$id', NOW(),"; - $query .= $db->quoteSmart($sess_data).")"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); -} - -function destroy_session ($id) { - global $db; - - $query = "DELETE FROM sessions WHERE id='$id'"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - return true; -} - -function gc_session ($maxlifetime) { - return true; -} - -?> diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php deleted file mode 100644 index ddc956a5..00000000 --- a/php/Attic/examples/sample-idp/setup.php +++ /dev/null @@ -1,604 +0,0 @@ -<?php -/* - * Identity Provider Example -- Setup - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<?php - if(!extension_loaded('lasso')) { - $ret = @dl('lasso.' . PHP_SHLIB_SUFFIX); - if ($ret == FALSE) - { - print "<p align='center'><b>The Lasso Extension is not available</b><br>"; - print "Please check your PHP extensions<br>"; - print "You can get more informations about <b>Lasso</b> at <br>"; - print "<a href='http://lasso.entrouvert.org/'>http://lasso.entrouvert.org/</a></p>"; - exit(); - } - } - - /* - * This callback function is called by array_walk and - * add an service provider to the identity provider. - */ - function add_service_provider(&$item, $key, $server) - { - print "<br>$key : "; - - $ret = $server->addProvider(LASSO_PROVIDER_ROLE_SP, - $item['metadata'], - $item['public_key'], - $item['ca']); - - /* FIXME : check addProvider return value - if ($ret != TRUE) - { - print "Failed"; - break; - } - else */ - print "OK"; - } - - function write_config_inc($config) - { - $config_ser = serialize($config); - $filename = "config.inc"; - - if ($fd = fopen($filename, "w")) - { - fwrite($fd, $config_ser); - fclose($fd); - return TRUE; - } - return FALSE; - } - - require_once 'DB.php'; - - # default config - if (!file_exists('config.inc')) - { - $cwd = getcwd(); - $config = array( - 'dsn' => "pgsql://idp:idp@localhost/idp", - 'server_dump_filename' => "lasso_server_dump.xml", - 'log_handler' => 'sql', - 'auth_type' => 'auth_form', - 'idp-metadata' => $cwd . "/metadata_idp1.xml", - 'idp-private_key' => $cwd . "/private-key-raw_idp1.pem", - 'idp-secret_key' => "", - 'idp-ca' => $cwd . "/certificate_idp1.pem", - 'sp' => array( - 'sp1' => array( - 'metadata' => $cwd . "/metadata_sp1.xml", - 'public_key' => $cwd . "/public-key_sp1.pem", - 'ca' => $cwd . "/certificate_sp1.pem") - /* another service provider - 'sp2' => array( - 'metadata' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/metadata.xml", - 'public_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/public-key.pem", - 'ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem") */ - )); - - $config_ser = serialize($config); - if (!write_config_inc($config)) - die("Could not write default config file, - if you get a \"permission denied\" error, check the owner of the - sample directory. (it must be www-data)."); - } - else - { - $config = unserialize(file_get_contents('config.inc')); - } - - $keys = array_keys($_POST); - - $to_del = preg_grep('/delete_(\w)/', $keys); - - if (!empty($to_del)) - { - $keys = array_values($to_del); - foreach($keys as $key) - { - $name = substr($key, 7); - unset($config['sp'][$name]); - write_config_inc($config); - } - } - - $to_update = preg_grep('/update_(\w)/', $keys); - - if (!empty($to_update)) - { - $keys = array_values($to_update); - foreach($keys as $key) - { - $name = substr($key, 7); - $config['sp'][$name]['metadata'] = $_POST['sp^'.$name.'^metadata']; - $config['sp'][$name]['public_key'] = $_POST['sp^'.$name.'^public_key']; - $config['sp'][$name]['ca'] = $_POST['sp^'.$name.'^ca']; - write_config_inc($config); - } - } - - - if (array_key_exists('new', $_POST)) - { - $form = array('sp' => 'Name', - 'metadata' => 'Metadata', - 'public_key' => 'Public Key', - 'ca' => 'Certificate'); - - foreach ($form as $input => $name) - if (empty($_POST[$input])) - die("Field <b>$name</b> is empty"); - - $config['sp'][$_POST['sp']] = array( - 'metadata' => $_POST['metadata'], - 'public_key' => $_POST['public_key'], - 'ca' => $_POST['ca']); - - write_config_inc($config); - } - - if (array_key_exists('setup', $_POST)) - { - ob_start(); - - $setup = FALSE; - - print "<b>Lasso Identity Provider Setup</b><br>"; - - unset($_POST['setup'], $_POST['metadata'], $_POST['public_key'], $_POST['ca'], $_POST['sp']); - - $sps = array_values(preg_grep("/sp\^/", array_keys($_POST))); - - - $_POST['sp'] = array(); - - foreach ($sps as $sp) { - list($null, $name, $type) = split("\^", $sp, 3); - $_POST['sp'][$name][$type] = $_POST[$sp]; - unset($_POST[$sp]); - } - - $diff = array_diff($_POST, $config); - - foreach($diff as $key => $value) { - $config[$key] = $value; - } - - print "Check Data base : "; - - $db = &DB::connect($config['dsn']); - - if (DB::isError($db)) { - die("Failed (" . $db->getMessage() . ")"); - } - else - print "OK"; - - print "<br>Create sequence 'user_id_seq' : "; - - $query = "DROP SEQUENCE user_id_seq"; - $res =& $db->query($query); - - $query = "CREATE SEQUENCE user_id_seq"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "<br>Create table 'users' : "; - $query = "DROP TABLE users CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE users ( - user_id varchar(100) primary key, - username varchar(255) unique, - password varchar(255), - identity_dump text, - session_dump text, - created timestamp)"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "<br>Insert user 'test' into 'users' : "; - - $query = "INSERT INTO users(user_id, username, password, created) "; - $query .= "VALUES (nextval('user_id_seq'), 'test', 'test', NOW())"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - print "OK"; - - print "<br>Create table 'nameidentifiers' : "; - - $query = "DROP TABLE nameidentifiers CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE nameidentifiers ( - name_identifier varchar(100) primary key, - user_id varchar(100), - FOREIGN KEY (user_id) REFERENCES users (user_id))"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "<br>Create table 'assertions' : "; - $query = "DROP TABLE assertions CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE assertions ( - assertion text, - response_dump text, - created timestamp)"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "<br>Create table 'log' : "; - $query = "DROP TABLE log CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE log ( - id integer primary key, - logtime timestamp, - ident varchar(16), - priority integer, - message text)"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "<br>Create sequence 'log_id' : "; - - $query = "DROP SEQUENCE log_id"; - $res =& $db->query($query); - - $query = "CREATE SEQUENCE log_id"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "<br>Create table 'sessions' : "; - $query = "DROP TABLE sessions CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE sessions ( - id varchar(32) primary key, - lastupdate timestamp, - data text)"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "<br>Create table 'sso_sessions' : "; - $query = "DROP TABLE sso_sessions CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE sso_sessions ( - name_identifier character varying(100), - session_id character varying(32), - ip integer - )"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - $db->disconnect(); - - // Check if IdP files does exists - $keys = array_keys($config); - $files = preg_grep("/idp/", $keys); - - foreach($files as $file) - { - print "<br>Check file " . $config[$file] . " : "; - if (!file_exists($config[$file])) - { - if ($file == 'idp-secret_key') - print "not found (optional)"; - else - die("Failed (file does not exist)"); - } - else - print "OK"; - } - - - foreach($config['sp'] as $key) - { - foreach ($key as $file) - { - print "<br>Check file " . $file . " : "; - if (!file_exists($file)) - { - die("Failed (file does not exist)"); - } - else - print "OK"; - - } - } - - lasso_init(); - - print "<br>Create Server : "; - - /* - $server = new LassoServer( - $config['idp-metadata'], - $config['idp-public_key'], - $config['idp-private_key'], - $config['idp-ca']); - */ - - $server = new LassoServer( - $config['idp-metadata'], - $config['idp-private_key'], - $config['idp-secret_key'], - $config['idp-ca']); - - if (empty($server)) - die("Failed"); - else - print "OK"; - - - print "<br>Add Service Provider(s) :"; - - array_walk($config['sp'], 'add_service_provider', $server); - - print "<br>Write XML Server Dump : "; - - $dump = $server->dump(); - - if (($fd = fopen($config['server_dump_filename'], "w"))) - { - fwrite($fd, $dump); - fclose($fd); - print "OK"; - } - else - die("Failed"); - - lasso_shutdown(); - - print "<br>Save configuration file : "; - - - # Save configuration file - $config_ser = serialize($config); - if (($fd = fopen("config.inc", "w"))) - { - fwrite($fd, $config_ser); - fclose($fd); - print "OK"; - } - else - { - print("Failed"); - break; - } - $setup = TRUE; - } - $setup_log = ob_get_contents(); - ob_end_clean(); -?> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> -<head> -<title>Setup script for Lasso (Liberty Alliance Single Sign On)</title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" /> -<?php - if ($setup == TRUE) { -?> -<meta http-equiv="Refresh" CONTENT="3; URL=index.php"> -</head> -<body> -<?php echo $setup_log; ?> -<p><a href='index.php'>Back to Index</a></p> -</body> -</html> -<?php - } - else - { -?> -<script language="JavaScript" type="text/javascript"> -<!-- - - function openpopup(popurl) - { - var winpops=window.open(popurl,"","width=745,height=600") - } -//--> -</script> -</head> -<body> -<form name='frm' action='<?php echo $PHP_SELF ?>' method='POST'> - -<p align='center'>Lasso Identity Provider Setup</p> -<hr> -<p> -<table> -<tr> - <td colspan='3' align='center'>Database</td> -</tr> -<tr> - <td>DSN (Data Source Name) :</td> - <td><input type='text' name='dsn' size='50' value='<?php echo $config['dsn']; ?>' maxlength='100'></td> - <td><a href='http://pear.php.net/manual/en/package.database.db.intro-dsn.php' target='_new'>Help</a></td> -</tr> -<tr> - <td colspan='3' align='center'>Authentification</td> -</tr> -<td> -<tr> - <td>Authentification type :</td> - <td> - <select name='auth_type'> - <option value="auth_form" <?php if ($config['auth_type'] == 'auth_form') echo 'selected="selected"'; ?>>HTML Login/Password Form</option> - <option value="auth_basic" <?php if ($config['auth_type'] == 'auth_basic') echo 'selected="selected"'; ?>>HTTP Auth Basic</option> - </select> - </td><td> </td> -</tr> -<tr> - <td colspan='3' align='center'>Logging</td> -</tr> -<tr> - <td>Handler :</td> - <td> - <select name='log_handler'> - <option value="null" <?php if ($config['log_handler'] == 'null') echo 'selected="selected"'; ?>>NULL (disabled)</option> - <option value="sql" <?php if ($config['log_handler'] == 'sql') echo 'selected="selected"'; ?>>Database</option> - <option value="syslog" <?php if ($config['log_handler'] == 'syslog') echo 'selected="selected"'; ?>>Syslog</option> - </select> - </td><td> </td> -</tr> -</table> -</p> -<hr> -<p> -<table> -<caption>Identity Provider</caption> - -<tr> - <td>Server XML Dump :</td><td><input type='text' name='server_dump_filename' size='50' value='<?php echo $config['server_dump_filename']; ?>' maxlength='100'></td><td> </td> -</tr> - -<tr> - <td>Metadata :</td><td><input type='text' name='idp-metadata' size='50' value='<?php echo $config['idp-metadata']; ?>'></td><td> </td> -</tr> - - -<tr> - <td>Private Key :</td><td><input type='text' name='idp-private_key' size='50' value='<?php echo $config['idp-private_key']; ?>'></td><td> </td> -</tr> - -<tr> - <td>Secret Key (optional) :</td><td><input type='text' name='idp-secret_key' size='50' value='<?php echo $config['idp-secret_key']; ?>'></td><td> </td> -</tr> - -<tr> - <td>Certificate :</td><td><input type='text' name='idp-ca' size='50' value='<?php echo $config['idp-ca']; ?>'></td><td> </td> -</tr> -</table> -</p> - -<hr> -<?php - foreach ($config['sp'] as $sp => $name) - { -?> -<table> -<caption>Service Provider <b><?php echo $sp ?></caption> - -<tr> - <td>Metadata :</td><td><input type='text' name='sp^<?php echo $sp; ?>^metadata' size='50' value='<?php echo $config['sp'][$sp]['metadata']; ?>'></td> - <td><a href="javascript:openpopup('edit_metadata.php?filename=<?php echo $config['sp'][$sp]['metadata']; ?>')">Edit Metadata</a></td> -</tr> -<tr> - <td>Public Key :</td><td><input type='text' name='sp^<?php echo $sp; ?>^public_key' size='50' value='<?php echo $config['sp'][$sp]['public_key']; ?>'></td><td> </td> - -</tr> -<tr> - <td>Certificate :</td><td><input type='text' name='sp^<?php echo $sp; ?>^ca' size='50' value='<?php echo $config['sp'][$sp]['ca']; ?>'></td><td> </td> -</tr> - -<tr> - <td colspan='3' align='center'> - <input type='submit' name='update_<?php echo $sp; ?>' value='save / update'> - <input type='submit' name='delete_<?php echo $sp; ?>' value='delete'> - </td> -</tr> -</table> - -<?php - } -?> -</p> - -<p> -<table> -<caption>Add a new Service Provider</caption> - -<tr> - <td>Name :</td><td><input type='text' name='sp' size='50'></td><td> </td> -</tr> - -<tr> - <td>Metadata :</td><td><input type='text' name='metadata' size='50'></td> - <td><a href="javascript:openpopup('create_metadata.php')">Create Metadata</a></td> -</tr> - -<tr> - <td>Public Key :</td><td><input type='text' name='public_key' size='50'></td><td> </td> -</tr> - -<tr> - <td>Certificate :</td><td><input type='text' name='ca' size='50'></td><td> </td> -</tr> - -<tr> - <td colspan='3' align='center'> - <input type='submit' name='new' value='save / update'> - </td> -</tr> -</fieldset> -</table> -</p> -<hr> -<p> - <input type='submit' name='setup' value='setup'> -</p> -</form> -<p align='center'><a href='index.php'>Index</a> -</p> -<p>Copyright © 2004, 2005 Entr'ouvert</p> -</body> -</html> -<?php - } -?> diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php deleted file mode 100644 index d4548bb9..00000000 --- a/php/Attic/examples/sample-idp/singleSignOn.php +++ /dev/null @@ -1,494 +0,0 @@ -<?php -/* - * Identity Provider Example -- Single Sing On - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - require_once 'misc.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - lasso_init(); - - // Create Lasso Server - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); - - // HTTP Basic Authentification - if ($config['auth_type'] == 'auth_basic') - { - if (!isset($_SERVER['PHP_AUTH_USER'])) - { - sendHTTPBasicAuth(); - exit; - } - else - { - $login = new LassoLogin($server); - - // init login - updateDumpsFromSession($login); - initFromAuthnRequest($login); - - - // User must *NOT* Authenticate with the IdP - if (!$login->mustAuthenticate()) - { - $user_id = authentificateUser($db, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - if (!$user_id) - { - $logger->log("User must not authenticate, username and password are not available", PEAR_LOG_CRIT); - die("Unknown User"); - } - - $array = getIdentityDumpAndSessionDumpFromUserID($db, $user_id); - if (empty($array)) - { - $logger->log("User must no authenticate, but I don't find session and identity - dump in the database", PEAR_LOG_CRIT); - die("Could not get Identity and Session Dump"); - } - - $login->setIdentityFromDump($array['identity_dump']); - if (!empty($array['session_dump'])) - { - $logger->log("Update Session from dump for User '$user_id'", PEAR_LOG_CRIT); - $login->setSessionFromDump($array['session_dump']); - } - - doneSingleSignOn($db, $login, $user_id); - exit; - } - - // Check Login and Password - if (!($user_id = authentificateUser($db, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))) - { - sendHTTPBasicAuth(); - exit; - } - else - { - $array = getIdentityDumpAndSessionDumpFromUserID($db, $user_id); - $is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE); - - if (!$is_first_sso) - $login->setIdentityFromDump($array['identity_dump']); - - if (!empty($array['session_dump'])) - $login->setSessionFromDump($array['session_dump']); - - doneSingleSignOn($db, $login, $user_id, $is_first_sso); - } - } - exit; - } - - // HTML Form Authentification - - // Create the form - $form = new HTML_QuickForm('frm'); - - $form->addElement('header', null, 'Single Sing On Login'); - - $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('submit', null, 'Ok'); - - $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); - $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); - - /* - * - */ - function sendHTTPBasicAuth() - { - global $logger; - - header('WWW-Authenticate: Basic realm="Lasso Identity Provider One"'); - header('HTTP/1.0 401 Unauthorized'); - echo "Acces Denied"; - $logger->log("User from '" . $_SERVER['REMOTE_ADDR'] . "' pressed the cancel button during HTTP basic authentication request", PEAR_LOG_NOTICE); - } - - /* - * Update Identity dump - */ - function updateIdentityDump($db, $user_id, $identity_dump) - { - global $logger; - - $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - - isDBError($res); - $logger->log("Update user '$user_id' identity dump in the database : $identity_dump", PEAR_LOG_DEBUG); - } - - /* - * Update Session dump - */ - function updateSessionDump($db, $user_id, $session_dump) - { - global $logger; - - $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - isDBError($res); - $logger->log("Update user '$user_id' Session dump in the database : $session_dump", PEAR_LOG_DEBUG); - } - - /* - * Save the Assertion Artifact in the database - */ - function saveAssertionArtifact($db, $artifact, $assertion) - { - global $logger; - $assertion_dump = $assertion->dump(); - - if (empty($assertion_dump)) - { - $logger->log("assertion dump is empty", PEAR_LOG_ALERT); - die("assertion dump is empty"); - } - - // Save assertion - $query = "INSERT INTO assertions (assertion, response_dump, created) VALUES "; - $query .= "('".$artifact."',".$db->quoteSmart($assertion_dump).", NOW())"; - - $res =& $db->query($query); - isDBError($res); - } - - /* - * Update Session and Identity Dump from PHP Session variables - */ - function updateDumpsFromSession(&$login) - { - global $logger; - - // Get session and identity dump if there are available - if (!empty($_SESSION['session_dump'])) - { - $login->setSessionFromDump($_SESSION['session_dump']); - $logger->log("Update user's session dump", PEAR_LOG_DEBUG); - } - - if (!empty($_SESSION['identity_dump'])) - { - $login->setIdentityFromDump($_SESSION['identity_dump']); - $logger->log("Update user's identity dump", PEAR_LOG_DEBUG); - } - } - - /* - * Init Lasso login from AuthnRequestMsg - */ - function initFromAuthnRequest(&$login) - { - global $logger; - - switch ($_SERVER['REQUEST_METHOD']) - { - case 'GET': - $login->processAuthnRequestMsg($_SERVER['QUERY_STRING']); - $logger->log("processAuthnRequestMsg with method GET : " . $_SERVER['QUERY_STRING'], PEAR_LOG_DEBUG); - break; - case 'POST': - if (empty($_POST['LAREQ'])) - { - $logger->log("POST LARQ value is empty"); - die("POST LARQ value is empty"); - } - $login->processAuthnRequestMsg($_POST['LAREQ']); - $logger->log("processAuthnRequestMsg with method POST", PEAR_LOG_DEBUG); - break; - default: - $logger->log("initFromAuthnRequest with called an unknown method", PEAR_LOG_CRIT); - die("Unknown request method"); - } - } - - /* - * This function authentificate the user against the Postgres Database - */ - function authentificateUser($db, $username, $password) - { - global $logger; - - $query = "SELECT user_id FROM users WHERE username=".$db->quoteSmart($username); - $query .= " AND password=".$db->quoteSmart($password); - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die($res->getMessage()); - } - - if ($res->numRows()) - { - $row = $res->fetchRow(); - return ($row[0]); - } - return (0); - } - - /* - * Get UserID from the NameIdentifier - * return user_id or 0 if not found - */ - function getUserIDFromNameIdentifier($db, $nameidentifier) - { - $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameidentifier'"; - - $res =& $db->query($query); - isDBError($res); - - // UserID not found - if (!$res->numRows()) - return (0); - - $row = $res->fetchRow(); - return ($row[0]); - } - - /* - * - */ - function getIdentityDumpAndSessionDumpFromUserID($db, $user_id) - { - $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - if ($res->numRows()) - { - $row =& $res->fetchRow(); - $ret = array("identity_dump" => $row[0], "session_dump" => $row[1]); - return ($ret); - } - } - - - /* - * - */ - function doneSingleSignOn($db, &$login, $user_id) - { - global $logger; - - $authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? LASSO_SAML_AUTHENTICATION_METHOD_SECURE_REMOTE_PASSWORD : LASSO_SAML_AUTHENTICATION_METHOD_REMOTE_PASSWORD); - - // reauth in session_cache_expire, default is 180 minutes - $reauthenticateOnOrAfter = strftime("%Y-%m-%dT%H:%M:%SZ", time() + session_cache_expire() * 60); - - $login->validateRequestMsg(TRUE, TRUE); - $login->buildAssertion($authenticationMethod, 0, - $reauthenticateOnOrAfter, "", ""); - - if ($login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) - $login->buildArtifactMsg(LASSO_HTTP_METHOD_REDIRECT); - else if ($login->protocolProfile == lLASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST) - $login->buildAuthnResponseMsg(); - else - { - $logger->log("Unknown protocol profile", PEAR_LOG_CRIT); - die("Unknown protocol profile\n"); - } - - $query = "SELECT * FROM nameidentifiers WHERE name_identifier='"; - $query .= $login->nameIdentifier."' AND user_id='$user_id'"; - - $res =& $db->query($query); - isDBError($res); - - if (!$res->numRows()) - { - // register new name_identifier - $query = "INSERT INTO nameidentifiers (name_identifier, user_id) "; - $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')"; - - $res =& $db->query($query); - isDBError($res); - $logger->log("Register Name Identifier '" . $login->nameIdentifier ."' for User '$user_id'", PEAR_LOG_INFO); - } - - $identity = $login->identity; - // do we need to update identity dump? - if ($login->isIdentityDirty) - updateIdentityDump($db, $user_id, $identity->dump()); - - $session = $login->session; - // do we need to update session dump? - if ($login->isSessionDirty) - updateSessionDump($db, $user_id, $session->dump()); - - if (empty($login->assertionArtifact)) - { - $logger->log("Assertion Artifact is empty", PEAR_LOG_CRIT); - die("assertion Artifact is empty"); - } - - $logger->log("Assertion Artifact is '" . $login->assertionArtifact . "'", PEAR_LOG_DEBUG); - - saveAssertionArtifact($db, $login->assertionArtifact, $login->assertion); - - - // Save PHP Session ID in the sso_session table - $query = "INSERT INTO sso_sessions(name_identifier, session_id, ip)"; - $query .= " VALUES('" . $login->nameIdentifier . "','" . session_id() . "','"; - $query .= ip2long($_SERVER['REMOTE_ADDR']) . "')"; - - $res =& $db->query($query); - isDBError($res); - - unset($_SESSION['login_dump']); // delete login_dump - $_SESSION['identity_dump'] = $identity->dump(); - $_SESSION['session_dump'] = $session->dump(); - - $logger->log("New Single Sign On Session started for user '$user_id'", PEAR_LOG_INFO); - - switch($login->protocolProfile) - { - case LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART: - $url = $login->msgUrl; - - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\n\n"); - lasso_shutdown(); - exit; - case LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST: - // TODO : lassoLoginProtocolProfileBrwsPost - die("Not yet implemented"); - default: - $logger->log("Unknown Login Protocol Profile :" . $login->protocolProfile, PEAR_LOG_CRIT); - die("Unknown Login Protocol Profile"); - } - } - - // validate login - if ($form->validate()) - { - if (empty($_SESSION['login_dump'])) - { - $logger->log("Login dump is not registred in the session", PEAR_LOG_ERR); - die("Login dump is not registred"); - } - - $login = LassoLogin::newFromDump($server, $_SESSION['login_dump']); - - if (($user_id = authentificateUser($db, $form->exportValue('username'), - $form->exportValue('password')))) - { - $array = getIdentityDumpAndSessionDumpFromUserID($db, $user_id); - $is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE); - - if (!empty($array['identity_dump'])) - { - $logger->log("Update Identity dump for user '$user_id' from the database", PEAR_LOG_INFO); - $login->setIdentityFromDump($array['identity_dump']); - } - - if (!empty($array['identity_dump'])) - { - $logger->log("Update Identity dump for user '$user_id' from the database", PEAR_LOG_INFO); - $login->setIdentityFromDump($array['identity_dump']); - } - - - if (!empty($array['session_dump'])) - { - $logger->log("Update Session dump for user '$user_id' from the database", PEAR_LOG_INFO); - $login->setSessionFromDump($array['session_dump']); - } - - doneSingleSignOn($db, $login, $user_id); - exit; - } - else - $logger->log("Authentication failure with login '". $form->exportValue('username')." - password '". $form->exportValue('password') ."' IP '" . $_SERVER['REMOTE_ADDR']."'", PEAR_LOG_WARNING); - } - else - { - $login = new LassoLogin($server); - - // init login - updateDumpsFromSession($login); - initFromAuthnRequest($login); - - // User must NOT Authenticate with the IdP - if (!$login->mustAuthenticate()) - { - $user_id = getUserIDFromNameIdentifier($db, $login->nameIdentifier); - - if (!$user_id) - { - $logger->log("Could not get UserID from Name Identifier '" . $login->nameIdentifier . "'", PEAR_LOG_ERR); - die("Internal Server Error"); - } - doneSingleSignOn($db, $login, $user_id); - exit; - } - else - { - // register login dump in this session, - // we can not transfert xml dump with hidden input - $_SESSION['login_dump'] = $login->dump(); - } - } -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<body> -<?php - $form->display(); -?> -</body> -</html> diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php deleted file mode 100644 index 2fe0d33c..00000000 --- a/php/Attic/examples/sample-idp/soapEndpoint.php +++ /dev/null @@ -1,393 +0,0 @@ -<?php -/* - * Identity Provider Example -- SOAP Endpoint - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - $server_dump = file_get_contents($config['server_dump_filename']); - - header("Content-Type: text/xml\r\n"); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - { - header("HTTP/1.0 500 Internal Server Error"); - exit; - } - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // shutdown function - function close_logger() - { - global $logger; - $logger->close(); - } - register_shutdown_function("close_logger"); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - if (empty($HTTP_RAW_POST_DATA)) - { - $logger->log("HTTP_RAW_POST_DATA is empty", PEAR_LOG_WARNING); - die("HTTP_RAW_POST_DATA is empty!"); - } - - lasso_init(); - - $requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA); - $server = LassoServer::newFromDump($server_dump); - - switch ($requestype) - { - // Login - case lassoRequestTypeLogin: - $logger->log("SOAP Login Request from " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); - - $login = new LassoLogin($server); - $login->processRequestMsg($HTTP_RAW_POST_DATA); - $artifact = $login->assertionArtifact; - - $query = "SELECT response_dump FROM assertions WHERE assertion='" . $artifact . "'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - - // Good Artifact, send reponse_dump - if ($res->numRows()) - { - $row = $res->fetchRow(); - - $logger->log("Good artifact send by " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); - - // Delete assertion from the database - $query = "DELETE FROM assertions WHERE assertion='" . $artifact . "'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - $logger->log("Delete assertion '$artifact'", PEAR_LOG_DEBUG); - - $login->setAssertionFromDump($row[0]); - $login->buildResponseMsg(); - header("Content-Length: " . strlen($login->msgBody) . "\r\n"); - echo $login->msgBody; - exit; - } - else - { - // Wrong Artifact - header("HTTP/1.0 403 Forbidden"); - header("Content-Length: 0\r\n"); - $logger->log("Wrong artifact send by " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_WARNING); - exit; - } - break; - case lassoRequestTypeLogout: - $logger->info("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR']); - - // Logout - $logout = new LassoLogout($server, lassoProviderTypeIdp); - $logout->processRequestMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); - $nameIdentifier = $logout->nameIdentifier; - - // name identifier is empty, wrong request - if (empty($nameIdentifier)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("Name Identifier is empty"); - exit; - } - - $logger->log("Name Identifier '$nameIdentifier'", PEAR_LOG_DEBUG); - - $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("Could not find user_id matching nameidentifier '$nameIdentifier'", PEAR_LOG_ERR); - exit; - } - - $row = $res->fetchRow(); - $user_id = $row[0]; - - $logger->log("Name Identifier '$nameIdentifier' match UserID '$user_id'", PEAR_LOG_DEBUG); - - $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("Could not fetch identity and session dump for user '$user_id'", PEAR_LOG_ERR); - exit; - } - - $row = $res->fetchRow(); - $user_dump = $row[0]; - $session_dump = $row[1]; - - if (!empty($session_dump)) - { - $logout->setSessionFromDump($session_dump); - $logger->log("Update session from dump", PEAR_LOG_DEBUG); - } - $logout->setIdentityFromDump($user_dump); - - // TODO : handle bad validate request - $logout->validateRequest(); - - if ($logout->isIdentityDirty) - { - $identity = $logout->identity; - $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity->dump()); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - $logger->log("Update identity dump for user '$user_id'", PEAR_LOG_DEBUG); - } - - if ($logout->isSessionDirty) - { - $session = $logout->session; - $query = "UPDATE users SET session_dump="; - $query .= (($session == NULL) ? "''" : $db->quoteSmart($session->dump())); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - if ($session) - $logger->log("Update session dump for user '$user_id'", PEAR_LOG_DEBUG); - else - $logger->log("Delete session dump for user '$user_id'", PEAR_LOG_DEBUG); - } - - - // TODO : try multiple sp logout - while(($providerID = $logout->getNextProviderId())) - { - $logout->initRequest($providerID, lassoHttpMethodAny); // FIXME - $logout->buildRequestMsg(); - $url = parse_url($logout->msgUrl); - - $logger->log("Send SOAP Logout Request to '$providerID' for user '$user_id'", PEAR_LOG_INFO); - - $soap = sprintf("POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", - $url['path'], $url['host'], $url['port'], strlen($logout->msgBody), $logout->msgBody); - - $logger->log('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path'], PEAR_LOG_INFO); - $logger->log('SOAP Request : ' . $soap, PEAR_LOG_DEBUG); - - $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30); - if (!$fp) - { - $logger->log("Could not send SOAP Logout Request to '$providerID' - for user '$user_id' : $errstr ($errno)", PEAR_LOG_WARN); - continue; - } - fwrite($fp, $soap); - - read_http_response($fp, $header, $response); - - $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); - $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); - - if (!preg_match("/^HTTP\/1\\.. 200/i", $header)) - { - $logger->log("Logout faild for user '$user_id' on '$providerID'", PEAR_LOG_WARN); - continue; - } - $logout->processResponseMsg($response, lassoHttpMethodSoap); - } - - $logout->buildResponseMsg(); - - // Get PHP session ID - $query = "SELECT session_id FROM sso_sessions WHERE name_identifier='$nameIdentifier'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - $row = $res->fetchRow(); - $session_id = $row[0]; - - $logger->log("Name Identifier '$nameIdentifier' match PHP Session ID '$session_id'", PEAR_LOG_DEBUG); - - // Delete SSO Session from table 'sso_sessions' - $query = "DELETE FROM sso_sessions WHERE name_identifier='$nameIdentifier'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - - $logger->log("Destroy PHP Session '$session_id'", PEAR_LOG_DEBUG); - $logger->log("User '$user_id' is logged out", PEAR_LOG_INFO); - - // Destroy The PHP Session - session_id($session_id); - $_SESSION = array(); - session_destroy(); - - header("Content-Length: " . strlen($logout->msgBody) . "\r\n"); - echo $logout->msgBody; - break; - case lassoRequestTypeDefederation: - $logger->info("SOAP Defederation Request from " . $_SERVER['REMOTE_ADDR']); - - $defederation = new LassoDefederation($server, lassoProviderTypeSp); - $defederation->processNotificationMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); - - $nameIdentifier = $defederation->nameIdentifier; - if (empty($nameIdentifier)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("Name Identifier is empty"); - exit; - } - - $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - exit; - } - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("Name identifier '$nameIdentifier' doesn't correspond to any user"); - exit; - } - - $row = $res->fetchRow(); - $user_id = $row[0]; - $logger->debug("UserID is '$user_id"); - - $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; - $res =& $db->query($query); - - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - exit; - } - - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("User is not federated."); - exit; - } - $row = $res->fetchRow(); - $identity_dump = $row[0]; - $session_dump = $row[1]; - - $defederation->setIdentityFromDump($identity_dump); - if (!empty($session_dump)) - $defederation->setSessionFromDump($identity_dump); - - $defederation->validateNotification(); - - if (empty($defederation->msgUrl)): - header("HTTP/1.0 204 No Content"); - else - { - $url = $defederation->msgUrl; - - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\n\n"); - } - break; - - default: - header("HTTP/1.0 500 Internal Server Error"); - $logger->crit("Unknown or unsupported SOAP request"); - } - - lasso_shutdown(); -?> diff --git a/php/Attic/examples/sample-idp/user_add.php b/php/Attic/examples/sample-idp/user_add.php deleted file mode 100644 index 61d2cf16..00000000 --- a/php/Attic/examples/sample-idp/user_add.php +++ /dev/null @@ -1,111 +0,0 @@ -<?php -/* - * Identity Provider Example -- User Administration - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - $form = new HTML_QuickForm('frm'); - - $form->addElement('header', null, 'Add New User'); - $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('text', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('submit', null, 'Create'); - - $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); - $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); - - if ($form->validate()) - { - - $query = "INSERT INTO users (user_id, username, password, created) VALUES(nextval('user_id_seq'),"; - $query .= $db->quoteSmart($form->exportValue('username')) . ","; - $query .= $db->quoteSmart($form->exportValue('password')) . ", NOW())"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_ERR); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("Username exist!"); - } - - $logger->log("Create User '" . $form->exportValue('username') . "'", PEAR_LOG_NOTICE); -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<head> -<script type="text/javascript"> -<!-- - function reload_and_close() - { - opener.document.location.reload(); - window.close(); - } - -// --> -</script> -</head> -<body onLoad="reload_and_close();"> -</body> -</html> -<?php - } - else - { -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html> -<head> - <title>Add User</title> -</head> -<body onLoad="window.focus();"> -<?php - $form->display(); -?> -<br> -<p>Copyright © 2004, 2005 Entr'ouvert</p> -</body> -</html> -<?php - } -?> diff --git a/php/Attic/examples/sample-idp/view_session.php b/php/Attic/examples/sample-idp/view_session.php deleted file mode 100644 index 0c9fa429..00000000 --- a/php/Attic/examples/sample-idp/view_session.php +++ /dev/null @@ -1,121 +0,0 @@ -<?php -/* - * Service Provider Example -- Online User Viewer - * - * Copyright (C) 2004, 2005 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'DB.php'; - - if (!file_exists('config.inc')) - { -?> -<p align='center'><b>Service Provider Configuration file is not available</b><br> -Please run the setup script :<br> -<a href='setup.php'>Lasso Service Provider Setup</a><br> -You can get more informations about <b>Lasso</b> at <br> -<a href='http://lasso.entrouvert.org/'>http://lasso.entrouvert.org/</a></p> -<?php - exit(); - } - $config = unserialize(file_get_contents('config.inc')); - - $db = &DB::connect($config['dsn']); - - if (DB::isError($db)) - die($db->getMessage()); - - $query = "SELECT nameidentifiers.user_id,users.username,ip "; - $query .= "FROM nameidentifiers,sso_sessions,users "; - $query .= "WHERE sso_sessions.name_identifier = nameidentifiers.name_identifier "; - $query .= "AND nameidentifiers.user_id = users.user_id"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $numRows = $res->numRows(); -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> -<head> -<title>Lasso Service Provider Example : View Online Users</title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" /> -</head> -<body> - -<p align='center'> -<table align='center' width='95%' border='1'> -<caption>Online Users</caption> -<thead> -<tr> - <td align='center'>User ID</td> - <td align='center'>User Name</td> - <td align='center'>Address IP</td> - <td align='center'>Started</td> - <td align='center'>Duration</td> -</tr> -</thead> -<tbody> -<?php - if ($numRows) - { - $num_col = $res->numCols(); - $tableinfo = $db->tableInfo($res); - - while($row = $res->fetchRow()) - { - echo "<tr>"; - for ($i = 0; $i < $num_col; $i++) - { - echo "<td align='center'>"; - switch ($tableinfo[$i]['name']) - { - case "ip": - echo long2ip($row[$i]); - break; - default: - echo $row[$i]; - } - echo "</td>"; - } - echo "</tr>"; - } - - } -?> -</tbody> -<tfoot> -<tr> - <td colspan='5'> </td> -</tr> -</tfoot> -</table> -</p> - -<br> -<p align='center'><a href='index.php'>Index</a> -</p> -<br> -<p align='center'>Copyright © 2004, 2005 Entr'ouvert</p> - -</body> -</html> |