diff options
author | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-06 16:24:26 +0000 |
---|---|---|
committer | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-06 16:24:26 +0000 |
commit | 7acad8e5e7a56a2413d4fb18df919e0839cd7571 (patch) | |
tree | 9dceba29a50bc299f102629729db49d1be5fcedc /php/Attic/examples | |
parent | aab4db8ebcce9d5263a3c1a898d011711876a01d (diff) | |
download | lasso-7acad8e5e7a56a2413d4fb18df919e0839cd7571.tar.gz lasso-7acad8e5e7a56a2413d4fb18df919e0839cd7571.tar.xz lasso-7acad8e5e7a56a2413d4fb18df919e0839cd7571.zip |
PHP Idp Sample :
- form for creating metadata
- sso support
- small README with installation instruction
Diffstat (limited to 'php/Attic/examples')
-rw-r--r-- | php/Attic/examples/sample-idp/README | 28 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/admin_user.php | 21 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/create_metadata.php | 134 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/defederate.php | 32 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/federate.php | 32 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/index.php | 51 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/login.php | 37 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/logout.php | 36 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/setup.php | 14 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/singleSignOn.php | 199 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/soapEndpoint.php | 66 | ||||
-rw-r--r-- | php/Attic/examples/sample-idp/user_add.php | 2 |
12 files changed, 613 insertions, 39 deletions
diff --git a/php/Attic/examples/sample-idp/README b/php/Attic/examples/sample-idp/README index a78f9817..5183812e 100644 --- a/php/Attic/examples/sample-idp/README +++ b/php/Attic/examples/sample-idp/README @@ -1 +1,27 @@ -TODO ;0) +Lasso PHP Identity Provider Exemple +---------------------------------- + +SOFTWARE + This directory include a Liberty Alliance Identity Provider written in PHP + with the Lasso extension. + +INSTALLATION + You need the fallowing components : + - The Apache Web Server with PHP4 version 4.3 with OpenSSL support enabled + - The Lasso Extension for PHP + - The PostgreSQL database server + - PHP Pear modules : DB, HTML_QuickForm + + Under Debian GNU/Linux you can install thoses package with apt-get or aptitude: + apache, php4, php4-lasso, postgresql, pear. + + You can download pear modules with the pear commande : + + # pear install DB HTML_Common HTML_Form HTML_QuickForm + +CONFIGURATION + For the Apache web server you need to add in the httpd.conf file: + + RewriteEngine on + RewriteRule ^/(soapEndpoint|singleSignOn)(.*)$ /$1.php$2 + diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php index a08d8187..e42b68b6 100644 --- a/php/Attic/examples/sample-idp/admin_user.php +++ b/php/Attic/examples/sample-idp/admin_user.php @@ -31,12 +31,16 @@ if (DB::isError($db)) die($db->getMessage()); - if (!empty($_GET['dump'])) + // Show XML dump + if (!empty($_GET['dump']) && !empty($_GET['type'])) { - $query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'"; + + $query = "SELECT " . ($_GET['type'] == 'user' ? 'user' : 'session') . + $query .= "_dump FROM users WHERE user_id='" . $_GET['dump'] . "'"; $res =& $db->query($query); if (DB::isError($res)) - print $res->getMessage(). "\n"; + die($res->getMessage()); + $row = $res->fetchRow(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" @@ -44,7 +48,7 @@ <html> <body> <table> -<caption>Identity Dump</caption> +<caption><?php echo ($_GET['type'] == 'user' ? 'Identity' : 'Session'); ?> Dump</caption> <tr> <td> <textarea rows="15" cols="50"><?php echo htmlentities($row[0], ENT_QUOTES); ?></textarea> @@ -86,6 +90,7 @@ <html> <head> <title>Lasso Service Provider Example : Users Management</title> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" /> <script language="JavaScript" type="text/javascript"> <!-- @@ -146,10 +151,12 @@ <?php switch ($tableinfo[$i]['name']) { - case "identity_dump": - echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "')>view</a>"; + case "user_dump": + echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=user')>view</a>"; + break; + case "session_dump": + echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=session')>view</a>"; break; - default: echo (empty($row[$i])) ? " " : $row[$i]; } diff --git a/php/Attic/examples/sample-idp/create_metadata.php b/php/Attic/examples/sample-idp/create_metadata.php new file mode 100644 index 00000000..cef56991 --- /dev/null +++ b/php/Attic/examples/sample-idp/create_metadata.php @@ -0,0 +1,134 @@ +<?php +/* + * Identity Provider Example -- Form for creating Service Provider Metadata + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + require_once 'HTML/QuickForm.php'; + + $form = new HTML_QuickForm('frm'); + + $form->setDefaults(array( + 'providerID' => 'https://', + 'AssertionConsumerService' => 'https://', + 'SoapEndpoint' => 'https://', + 'SingleLogoutService' => 'https://', + 'RegisterNameIdentifierService' => 'https://', + 'AuthnRequestsSigned' => 1, + 'filename' => getcwd().'/metadata.xml' + )); + + $form->addElement('header', null, 'Create Liberty Alliance Metadata for an Service Provider'); + $form->addElement('text', 'providerID', 'providerID:', array('size' => 60, 'maxlength' => 255)); + + $form->addElement('text', 'AssertionConsumerService', 'AssertionConsumerService:', array('size' => 60, 'maxlength' => 255)); + + $form->addElement('text', 'SingleLogoutService', 'SingleLogoutService:', array('size' => 60, 'maxlength' => 255)); + $form->addElement('select', 'SingleLogoutProtocolProfile', 'SingleLogoutProtocolProfile:', array('http://projectliberty.org/profiles/slo-idp-soap')); + + $form->addElement('text', 'RegisterNameIdentifierService', 'RegisterNameIdentifierService:', array('size' => 60, 'maxlength' => 255)); + $form->addElement('select', 'RegisterNameIdentifierProtocolProfile', 'RegisterNameIdentifierProtocolProfile:', array('http://projectliberty.org/profiles/rni-sp-soap')); + + $form->addElement('text', 'SoapEndpoint', 'SoapEndpoint:', array('size' => 60, 'maxlength' => 255)); + $form->addElement('checkbox', 'AuthnRequestsSigned', 'Authn Requests must be signed? :', ''); + + $form->addElement('textarea', 'metadata', 'Metadata:', array('cols' => 60, 'rows' => 15)); + $form->addElement('text', 'filename', 'Filename:', array('size' => 60, 'maxlength' => 255)); + + $button[] = &HTML_QuickForm::createElement('button', null, 'Preview', array('onclick' => "write_metadata_preview();")); + $button[] = &HTML_QuickForm::createElement('submit', null, 'Write Metadata'); + + $form->addGroup($button, null, null, ' ', false); + + if ($form->validate()) { + + $xml = "<?xml version=\"1.0\"?> +<EntityDescriptor providerID=\"". $form->exportValue('providerID') ."\" xmlns=\"urn:liberty:metadata:2003-08\"> +<SPDescriptor> + <AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">" . $form->exportValue('AssertionConsumerService') . "</AssertionConsumerServiceURL>\n + <SingleLogoutServiceURL>" . $form->exportValue('SingleLogoutService') . "</SingleLogoutServiceURL> + <SingleLogoutProtocolProfile>" . $form->exportValue('SingleLogoutProtocolProfile') . "</SingleLogoutProtocolProfile>\n + <RegisterNameIdentifierServiceURL>" . $form->exportValue('RegisterNameIdentifierService') . "</RegisterNameIdentifierServiceURL> + <RegisterNameIdentifierProtocolProfile>" . $form->exportValue('RegisterNameIdentifierProtocolProfile') . "</RegisterNameIdentifierProtocolProfile>\n + <SoapEndpoint>" . $form->exportValue('SoapEndpoint') . "</SoapEndpoint>\n + <AuthnRequestsSigned>" . (($form->exportValue('AuthnRequestsSigned')) ? 'true' : 'false') . "</AuthnRequestsSigned> +</SPDescriptor> +</EntityDescriptor>"; + + + if (($fd = fopen($form->exportValue('filename'), "w"))) + { + fwrite($fd, $xml); + fclose($fd); + } + else + die("Could not write metadata file :" . $form->exportValue('filename')); +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" +"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html> +<head> +<body onLoad="window.close()"> +</body> +</html> +<?php + exit; + } +?> + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html> +<head> +<script language="JavaScript" type="text/javascript"> +<!-- + + function write_metadata_preview(popurl) + { + frm = document.frm; + + frm.metadata.value = + '<\?xml version=\"1.0\"\?>\n' + + '<EntityDescriptor\n' + + 'providerID="' + frm.providerID.value + '\"\n' + + 'xmlns=\"urn:liberty:metadata:2003-08\">\n' + + '<SPDescriptor>\n' + + '<AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">' + + frm.AssertionConsumerService.value + '</AssertionConsumerServiceURL>\n' + + '<SingleLogoutServiceURL>' + frm.SingleLogoutService.value + '</SingleLogoutServiceURL>\n' + + '<SingleLogoutProtocolProfile>' + frm.SingleLogoutProtocolProfile.options[frm.SingleLogoutProtocolProfile.value].text + '</SingleLogoutProtocolProfile>\n' + + '<RegisterNameIdentifierServiceURL>' + frm.RegisterNameIdentifierService.value + '</RegisterNameIdentifierServiceURL>\n' + + '<RegisterNameIdentifierProtocolProfile>' + frm.RegisterNameIdentifierProtocolProfile.options[frm.RegisterNameIdentifierProtocolProfile.value].text + '</RegisterNameIdentifierProtocolProfile>\n' + + '<SoapEndpoint>' + frm.SoapEndpoint.value + '</SoapEndpoint>\n' + + '<AuthnRequestsSigned>' + ((frm.AuthnRequestsSigned.value) ? 'true' : 'false') + '</AuthnRequestsSigned>\n' + + '</SPDescriptor>\n' + + '</EntityDescriptor>'; + } +//--> +</script> +</head> +<body> +<?php + $form->display(); +?> +<br> +<p>Copyright © 2004 Entr'ouvert</p> +</body> +</html> diff --git a/php/Attic/examples/sample-idp/defederate.php b/php/Attic/examples/sample-idp/defederate.php new file mode 100644 index 00000000..05079268 --- /dev/null +++ b/php/Attic/examples/sample-idp/defederate.php @@ -0,0 +1,32 @@ +<?php +/* + * Identity Provider Example -- Destroy Federation + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + session_start(); + + if (!isset($_SESSION['user_id'])) + { + die("User is not logged in!\n"); + } + +?> diff --git a/php/Attic/examples/sample-idp/federate.php b/php/Attic/examples/sample-idp/federate.php new file mode 100644 index 00000000..fa57d360 --- /dev/null +++ b/php/Attic/examples/sample-idp/federate.php @@ -0,0 +1,32 @@ +<?php +/* + * Identity Provider Example -- Create Federation + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + session_start(); + + if (!isset($_SESSION['user_id'])) + { + die("User is not logged in!\n"); + } + +?> diff --git a/php/Attic/examples/sample-idp/index.php b/php/Attic/examples/sample-idp/index.php index d5fe963d..09939e0a 100644 --- a/php/Attic/examples/sample-idp/index.php +++ b/php/Attic/examples/sample-idp/index.php @@ -52,13 +52,9 @@ You can get more informations about <b>Lasso</b> at <br> require_once 'DB.php'; - if (!empty($_GET['SID'])) - session_start($_GET['SID']); - else - session_start(); + session_start(); lasso_init(); - ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> @@ -82,12 +78,53 @@ You can get more informations about <b>Lasso</b> at <br> <tr> <td><b>Identity Provider Fonctionnality</b></td> </tr> +<?php + if (!isset($_SESSION["user_id"])) { + ?> +<tr> + <td><a href="login.php">Local Login</a></td> +</tr> +<?php } else { ?> <tr> - <td><a href="login.php">Login</a></td> + <td><a href="federate.php">Create federation</a></td> </tr> +<tr> + <td><a href="defederate.php">Destroy federation</a></td> +</tr> +<tr> + <td><a href="logout.php">Local Logout</a></td> +</tr> +<?php } ?> </table> </p> -<!-- <p>Lasso Version : <?php // echo lasso_version(); ?></p> --> + +<p> +<table border="1" frame="above"> +<caption><b>Status</b></caption> +<tr> + <?php + if (!isset($_SESSION["user_id"])) + { + echo "<td>User is <b>not</b> logged in!</td>"; + } + else + { + ?> + <td colspan='2' align="center">User <b>is</b> logged in!</td> +</tr> +<tr> + <td><b>UserID:</b></td><td><?php echo $_SESSION["user_id"]; ?></td> +</tr> +<tr> + <td><b>User Name:</b></td><td><?php echo $_SESSION["username"]; ?></td> +</tr> +<tr> + <td><b>PHP Session ID:</b></td><td><?php echo session_id(); ?></td> +</tr> +<?php + } +?> +</table> <br> <p>Copyright © 2004 Entr'ouvert</p> diff --git a/php/Attic/examples/sample-idp/login.php b/php/Attic/examples/sample-idp/login.php index f8f7fbca..b61a933b 100644 --- a/php/Attic/examples/sample-idp/login.php +++ b/php/Attic/examples/sample-idp/login.php @@ -23,18 +23,53 @@ */ $config = unserialize(file_get_contents('config.inc')); - require_once 'DB.php'; require_once 'HTML/QuickForm.php'; + require_once 'DB.php'; + $form = new HTML_QuickForm('frm'); $form->addElement('header', null, 'Login on the Lasso Identity Provider Example'); + $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); $form->addElement('submit', null, 'Ok'); $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); + + if ($form->validate()) + { + $config = unserialize(file_get_contents('config.inc')); + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username')); + $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + $db->disconnect(); + + if ($res->numRows()) + { + $row = $res->fetchRow(); + session_start(); + $_SESSION['user_id'] = $row[0]; + $_SESSION['username'] = $form->exportValue('username'); + + $url = 'index.php'; + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url"); + exit; + } + } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> diff --git a/php/Attic/examples/sample-idp/logout.php b/php/Attic/examples/sample-idp/logout.php new file mode 100644 index 00000000..7f187cab --- /dev/null +++ b/php/Attic/examples/sample-idp/logout.php @@ -0,0 +1,36 @@ +<?php +/* + * Identity Provider Example -- Local Logout + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + session_start(); + + # Destroy The PHP Session + $_SESSION = array(); + + session_destroy(); + + $url = "index.php"; + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url"); +?> diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php index 306aa854..a7b148af 100644 --- a/php/Attic/examples/sample-idp/setup.php +++ b/php/Attic/examples/sample-idp/setup.php @@ -363,6 +363,15 @@ <head> <title>Setup script for Lasso (Liberty Alliance Single Sign On)</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" /> +<script language="JavaScript" type="text/javascript"> +<!-- + + function openpopup(popurl) + { + var winpops=window.open(popurl,"","width=600,height=400") + } +//--> +</script> </head> <body> <form name='frm' action='<?php echo $PHP_SELF ?>' method='POST'> @@ -447,7 +456,8 @@ </tr> <tr> - <td>Metadata</td><td><input type='text' name='metadata' size='50'></td><td> </td> + <td>Metadata</td><td><input type='text' name='metadata' size='50'></td> + <td><a href="javascript:openpopup('create_metadata.php')">Create Metadata</a></td> </tr> <tr> @@ -471,6 +481,8 @@ <input type='submit' name='setup' value='setup'> </p> </form> +<br> +<p>Copyright © 2004 Entr'ouvert</p> </body> </html> <?php diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php index 5143f9c0..d9d7f10a 100644 --- a/php/Attic/examples/sample-idp/singleSignOn.php +++ b/php/Attic/examples/sample-idp/singleSignOn.php @@ -1,7 +1,6 @@ <?php /* - * - * Identity Provider Example -- Setup + * Identity Provider Example -- Single Sing On * * Copyright (C) 2004 Entr'ouvert * http://lasso.entrouvert.org @@ -22,35 +21,191 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + + require_once 'HTML/QuickForm.php'; + require_once 'DB.php'; - if (empty($_POST) && empty($_GET)) + $config = unserialize(file_get_contents('config.inc')); + + session_start(); + + // Create the form + $form = new HTML_QuickForm('frm'); + + $form->addElement('header', null, 'Single Sing On Login'); + + $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); + $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); + $form->addElement('submit', null, 'Ok'); + + $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); + $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); + + // Login dump is not available, show the login form + if (!isset($_SESSION['login_dump']) && !$form->validate()) { - die("Unknow login methode!"); - } - $methode = empty($_POST) ? 'GET' : 'POST'; + // Check for AuthnRequest + if (empty($_POST) && empty($_GET)) + { + die("Unknow login methode!"); + } - $config = unserialize(file_get_contents('config.inc')); + lasso_init(); + + $server_dump = file_get_contents($config['server_dump_filename']); - lasso_init(); + $server = LassoServer::newfromdump($server_dump); - $server_dump = file_get_contents($config['server_dump_filename']); + $login = new LassoLogin($server); - $server = LassoServer::newfromdump($server_dump); + if ($_SERVER['REQUEST_METHOD'] = 'GET') + $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); + else + { + // TODO + exit; + } - $login = new LassoLogin($server); + // User must NOT Authenticate with the IdP + if (!$login->mustAuthenticate()) + { + // TODO + exit; + } - if ($methode = 'GET') - { - print $_SERVER['QUERY_STRING']; - $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); - print "ici"; - } - else - { - // TODO + $login_dump = $login->dump(); + + $_SESSION['login_dump'] = $login->dump(); + + lasso_shutdown(); } + + + + if (isset($_SESSION['login_dump']) && $form->validate()) + { + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + die($db->getMessage()); - //echo $methode; - //echo $_SERVER['QUERY_STRING']; + $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username')); + $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + if ($res->numRows()) + { + // Get user_id from users + $row = $res->fetchRow(); + $user_id = $row[0]; + + $server_dump = file_get_contents($config['server_dump_filename']); + + lasso_init(); + + $server = LassoServer::newfromdump($server_dump); + + $login = LassoLogin::newfromdump($server, $_SESSION['login_dump']); + + $authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword); + + if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt) + { + $login->buildArtifactMsg( + TRUE, // User is authenticated + $authenticationMethod, + "2005-05-03T16:12:00Z", # FIXME: reauthenticateOnOrAfter + lassoHttpMethodRedirect); + } + else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost) + { + // TODO + print "TODO : Post\n"; + exit(); + } + else + die("Unknown protocol profile for login:" . $login->protocolProfile); + + if ($login->isIdentityDirty) + { + // TODO + // print "isIdentityDirty yes"; + } + + // Get name identifier + $query = "SELECT name_identifier FROM nameidentifiers WHERE user_id='$user_id'"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + // Save name identifier + if (!$res->numRows()) + { + $query = "INSERT INTO nameidentifiers (name_identifier, user_id) "; + $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + $name_identifier = $login->nameIdentifier; + } + else + { + $row = $res->fetchRow(); + $name_identifier = $row[0]; + } + + // Update identity dump + $identity = $login->identity; + $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump())." WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + // Update session dump + $session = $login->session; + $query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump())." WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + // Save assertion + $query = "INSERT INTO assertions (assertion, response_dump) VALUES ('" . $login->assertionArtifact; + $query .= "', '" . $login->responseDump . "')"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt) + { + $artifact = $login->assertionArtifact; + $response_msg = $login->responseDump; + $url = $login->msgUrl; + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url"); + } + else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost) + { + } + + lasso_shutdown(); + exit(); + } + } +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" +"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html> +<body> +<?php + $form->display(); ?> +</body> +</html> diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php index 11cfd52b..84b60bf7 100644 --- a/php/Attic/examples/sample-idp/soapEndpoint.php +++ b/php/Attic/examples/sample-idp/soapEndpoint.php @@ -22,4 +22,70 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + require_once 'DB.php'; + + header("Content-Type: text/xml\r\n"); + + if (empty($HTTP_RAW_POST_DATA)) + die("HTTP_RAW_POST_DATA is empty!"); + + $config = unserialize(file_get_contents('config.inc')); + + $server_dump = file_get_contents($config['server_dump_filename']); + + lasso_init(); + + $requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA); + $server = LassoServer::newfromdump($server_dump); + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + switch ($requestype) + { + // Login + case lassoRequestTypeLogin: + $login = new LassoLogin($server); + $login->processRequestMsg($HTTP_RAW_POST_DATA); + $artifact = $login->assertionArtifact; + + $query = "SELECT response_dump FROM assertions WHERE assertion='"; + $query .= $artifact ."'"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + // Good Artifact, send reponse_dump + if ($res->numRows()) + { + $row = $res->fetchRow(); + + $query = "DELETE FROM assertions WHERE assertion='" . $artifact . "'"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + header("Content-Length: " . strlen($row[0]) . "\r\n"); + echo $row[0]; + } + else + { + // Wrong Artifact + header("HTTP/1.0 403 Forbidden"); + header("Content-Length: 0\r\n"); + exit; + } + break; + case lassoRequestTypeLogout: + break; + case lassoRequestTypeDefederation: + break; + default: + die("Unkown request type!"); + } + + lasso_shutdown(); ?> diff --git a/php/Attic/examples/sample-idp/user_add.php b/php/Attic/examples/sample-idp/user_add.php index 1ef3cdb3..ff363f28 100644 --- a/php/Attic/examples/sample-idp/user_add.php +++ b/php/Attic/examples/sample-idp/user_add.php @@ -73,5 +73,7 @@ <?php $form->display(); ?> +<br> +<p>Copyright © 2004 Entr'ouvert</p> </body> </html> |