diff options
| author | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-22 14:59:15 +0000 |
|---|---|---|
| committer | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-22 14:59:15 +0000 |
| commit | f5ab5917e49e70b3a82174d6885f34ce1b907730 (patch) | |
| tree | c4b87e923aec027018f1ac88a7dd2c4c9d74ba6f /php | |
| parent | a952e642e05288e24760e0106a2022d4fd941750 (diff) | |
| download | lasso-f5ab5917e49e70b3a82174d6885f34ce1b907730.tar.gz lasso-f5ab5917e49e70b3a82174d6885f34ce1b907730.tar.xz lasso-f5ab5917e49e70b3a82174d6885f34ce1b907730.zip | |
fix problem with the sso, now the user can do more than one sso session.
Diffstat (limited to 'php')
| -rw-r--r-- | php/Attic/examples/sample-idp/admin_user.php | 7 | ||||
| -rw-r--r-- | php/Attic/examples/sample-idp/singleSignOn.php | 102 | ||||
| -rw-r--r-- | php/Attic/examples/sample-idp/soapEndpoint.php | 87 |
3 files changed, 125 insertions, 71 deletions
diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php index 172dabe9..2ce14992 100644 --- a/php/Attic/examples/sample-idp/admin_user.php +++ b/php/Attic/examples/sample-idp/admin_user.php @@ -124,7 +124,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> -<title>Lasso Service Provider Example : Users Management</title> +<title>Lasso Identity Provider Example : Users Management</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" /> <script language="JavaScript" type="text/javascript"> <!-- @@ -254,12 +254,11 @@ // get all federations for this user if (!empty($identity_dump)) { - if (!empty($session_dump)) - $login->setSessionFromDump($session_dump); $login->setIdentityFromDump($identity_dump); $identity = $login->identity; - $providerIDs = $identity->providerIDs; + // FIXME : providerIds is empty + // var_dump($identity->providerIds); ?> <table width="100%"> <?php diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php index b73d5515..3ecf4795 100644 --- a/php/Attic/examples/sample-idp/singleSignOn.php +++ b/php/Attic/examples/sample-idp/singleSignOn.php @@ -87,7 +87,10 @@ $login->setIdentityFromDump($array['identity_dump']); if (!empty($array['session_dump'])) + { + $logger->log("Update Session from dump for User '$user_id'", PEAR_LOG_CRIT); $login->setSessionFromDump($array['session_dump']); + } doneSingleSignOn($db, $login, $user_id); exit; @@ -104,11 +107,17 @@ $array = getIdentityDumpAndSessionDumpFromUserID($db, $user_id); $is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE); - /*if (!$is_first_sso) - $login->setIdentityFromDump($array['identity_dump']); */ + if (!$is_first_sso) + { + $login->setIdentityFromDump($array['identity_dump']); + $logger->log("Update Identity dump for user '$user_id' :" . $array['identity_dump'], PEAR_LOG_DEBUG); + } if (!empty($array['session_dump'])) + { $login->setSessionFromDump($array['session_dump']); + $logger->log("Update Session dump for user '$user_id' :" . $array['session_dump'], PEAR_LOG_DEBUG); + } doneSingleSignOn($db, $login, $user_id, $is_first_sso); } @@ -156,11 +165,11 @@ $res =& $db->query($query); if (DB::isError($res)) { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); die("Internal Server Error"); } - $logger->log("Update user '$user_id' identity dump", PEAR_LOG_DEBUG); + $logger->log("Update user '$user_id' identity dump in the database : $identity_dump", PEAR_LOG_DEBUG); } /* @@ -176,11 +185,11 @@ $res =& $db->query($query); if (DB::isError($res)) { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); die("Internal Server Error"); } - $logger->log("Update user '$user_id' session dump", PEAR_LOG_DEBUG); + $logger->log("Update user '$user_id' Session dump in the database : $session_dump", PEAR_LOG_DEBUG); } /* @@ -189,7 +198,10 @@ function saveAssertionArtifact($db, $artifact, $assertion) { global $logger; - + /* + var_dump($assertion); + if ($assertion->_cPtr == NULL) + print "null"; */ $assertion_dump = $assertion->dump(); if (empty($assertion_dump)) @@ -205,7 +217,7 @@ $res =& $db->query($query); if (DB::isError($res)) { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); die("Internal Server Error"); } @@ -237,15 +249,25 @@ */ function initFromAuthnRequest(&$login) { + global $logger; + switch ($_SERVER['REQUEST_METHOD']) { case 'GET': $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); + $logger->log("initFromAuthnRequest with method GET : " . $_SERVER['QUERY_STRING'], PEAR_LOG_DEBUG); break; case 'POST': - die("methode POST not implemented"); // TODO + if (empty($_POST['LAREQ'])) + { + $logger->log("POST LARQ value is empty"); + die("POST LARQ value is empty"); + } + $login->initFromAuthnRequestMsg($_POST['LAREQ'], lassoHttpMethodPost); + $logger->log("initFromAuthnRequest with method POST", PEAR_LOG_DEBUG); break; default: + $logger->log("initFromAuthnRequest with called an unknown method", PEAR_LOG_CRIT); die("Unknown request method"); } } @@ -263,8 +285,8 @@ $res =& $db->query($query); if (DB::isError($res)) { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); die($res->getMessage()); } @@ -287,8 +309,8 @@ $res =& $db->query($query); if (DB::isError($res)) { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); die($res->getMessage()); } @@ -323,7 +345,7 @@ /* * */ - function doneSingleSignOn($db, &$login, $user_id, $is_first_sso = FALSE) + function doneSingleSignOn($db, &$login, $user_id) { global $logger; @@ -344,19 +366,31 @@ die("Unknown protocol profile\n"); } - if ($is_first_sso) + $query = "SELECT * FROM nameidentifiers WHERE name_identifier='"; + $query .= $login->nameIdentifier."' AND user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) { - // name_identifier - $query = "INSERT INTO nameidentifiers (name_identifier, user_id) "; - $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')"; + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); + die($res->getMessage()); + } + if (!$res->numRows()) + { + // register new name_identifier + $query = "INSERT INTO nameidentifiers (name_identifier, user_id) "; + $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')"; + $res =& $db->query($query); if (DB::isError($res)) { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); - die($res->getMessage()); - } + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); + die($res->getMessage()); + } + $logger->log("Register Name Identifier '" . $login->nameIdentifier ."' for User '$user_id'", PEAR_LOG_INFO); } $identity = $login->identity; @@ -375,6 +409,8 @@ die("assertion Artifact is empty"); } + $logger->log("Assertion Artifact is '" . $login->assertionArtifact . "'", PEAR_LOG_DEBUG); + saveAssertionArtifact($db, $login->assertionArtifact, $login->assertion); @@ -383,8 +419,6 @@ $query .= " VALUES('" . $login->nameIdentifier . "','" . session_id() . "','"; $query .= ip2long($_SERVER['REMOTE_ADDR']) . "')"; - echo $query; - $res =& $db->query($query); if (DB::isError($res)) { @@ -412,7 +446,7 @@ case lassoLoginProtocolProfileBrwsPost: // TODO : lassoLoginProtocolProfileBrwsPost default: - $logger->log("Unknown Login Protocol Profile :" . $db->getMessage(), PEAR_LOG_CRIT); + $logger->log("Unknown Login Protocol Profile :" . $login->protocolProfile, PEAR_LOG_CRIT); die("Unknown Login Protocol Profile"); } } @@ -435,17 +469,25 @@ $is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE); if (!empty($array['identity_dump'])) + { + $logger->log("Update Identity dump for user '$user_id' from the database", PEAR_LOG_INFO); $login->setIdentityFromDump($array['identity_dump']); + } - /* if (!$is_first_sso) + if (!empty($array['identity_dump'])) + { + $logger->log("Update Identity dump for user '$user_id' from the database", PEAR_LOG_INFO); $login->setIdentityFromDump($array['identity_dump']); - else - $logger->log("First SingleSignOn for user '$user_id'", PEAR_LOG_INFO); */ + } + if (!empty($array['session_dump'])) + { + $logger->log("Update Session dump for user '$user_id' from the database", PEAR_LOG_INFO); $login->setSessionFromDump($array['session_dump']); + } - doneSingleSignOn($db, $login, $user_id, $is_first_sso); + doneSingleSignOn($db, $login, $user_id); exit; } else diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php index 16812432..2b051070 100644 --- a/php/Attic/examples/sample-idp/soapEndpoint.php +++ b/php/Attic/examples/sample-idp/soapEndpoint.php @@ -43,6 +43,14 @@ $conf['db'] = $db; $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + // shutdown function + function close_logger() + { + global $logger; + $logger->close(); + } + register_shutdown_function("close_logger"); + // session handler session_set_save_handler("open_session", "close_session", "read_session", "write_session", "destroy_session", "gc_session"); @@ -76,8 +84,8 @@ if (DB::isError($res)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); exit; } @@ -86,14 +94,16 @@ { $row = $res->fetchRow(); + $logger->log("Good artifact send by " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); + + // Delete assertion from the database $query = "DELETE FROM assertions WHERE assertion='" . $artifact . "'"; $res =& $db->query($query); - if (DB::isError($res)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); exit; } $logger->log("Delete assertion '$artifact'", PEAR_LOG_DEBUG); @@ -102,7 +112,6 @@ $login->buildResponseMsg(); header("Content-Length: " . strlen($login->msgBody) . "\r\n"); echo $login->msgBody; - exit; } else @@ -122,7 +131,6 @@ $logout->processRequestMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); $nameIdentifier = $logout->nameIdentifier; - // name identifier is empty, wrong request if (empty($nameIdentifier)) { @@ -139,8 +147,8 @@ if (DB::isError($res)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); exit; } @@ -162,8 +170,8 @@ if (DB::isError($res)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); exit; } @@ -178,7 +186,11 @@ $user_dump = $row[0]; $session_dump = $row[1]; - $logout->setSessionFromDump($session_dump); + if (!empty($session_dump)) + { + $logout->setSessionFromDump($session_dump); + $logger->log("Update session from dump", PEAR_LOG_DEBUG); + } $logout->setIdentityFromDump($user_dump); // TODO : handle bad validate request @@ -189,14 +201,13 @@ $identity = $logout->identity; $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity->dump()); $query .= " WHERE user_id='$user_id'"; - $logger->log("ici3", PEAR_LOG_DEBUG); $res =& $db->query($query); if (DB::isError($res)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); exit; } $logger->log("Update identity dump for user '$user_id'", PEAR_LOG_DEBUG); @@ -205,22 +216,26 @@ if ($logout->isSessionDirty) { $session = $logout->session; - $query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump()); - $query .= " WHERE user_id='$user_id'"; + $query = "UPDATE users SET session_dump="; + $query .= (($session == NULL) ? "''" : $db->quoteSmart($session->dump())); + $query .= " WHERE user_id='$user_id'"; $res =& $db->query($query); if (DB::isError($res)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); exit; } - $logger->log("Update session dump for user '$user_id'", PEAR_LOG_DEBUG); + if ($session) + $logger->log("Update session dump for user '$user_id'", PEAR_LOG_DEBUG); + else + $logger->log("Delete session dump for user '$user_id'", PEAR_LOG_DEBUG); } - // TODO : try multiple sp logout + /* TODO : try multiple sp logout while(($providerID = $logout->getNextProviderId())) { $logout->initRequest($providerID, lassoHttpMethodAny); // FIXME @@ -280,13 +295,9 @@ continue; } $logout->processResponseMsg($response, lassoHttpMethodSoap); - } + } */ - $logout->buildResponseMsg(); - header("Content-Length: " . strlen($logout->msgBody) . "\r\n"); - echo $logout->msgBody; - // Get PHP session ID $query = "SELECT session_id FROM sso_sessions WHERE name_identifier='$nameIdentifier'"; @@ -294,8 +305,8 @@ if (DB::isError($res)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); exit; } $row = $res->fetchRow(); @@ -303,25 +314,27 @@ $logger->log("Name Identifier '$nameIdentifier' match PHP Session ID '$session_id'", PEAR_LOG_DEBUG); - session_id($session_id); - - // Destroy The PHP Session - $_SESSION = array(); - session_destroy(); - // Delete SSO Session from table 'sso_sessions' $query = "DELETE FROM sso_sessions WHERE name_identifier='$nameIdentifier'"; $res =& $db->query($query); if (DB::isError($res)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); exit; } - $logger->log("Destroy PHP Session '$session_id'", PEAR_LOG_DEBUG); + $logger->log("Destroy PHP Session '$session_id'", PEAR_LOG_DEBUG); $logger->log("User '$user_id' is logged out", PEAR_LOG_INFO); + + // Destroy The PHP Session + session_id($session_id); + $_SESSION = array(); + session_destroy(); + + header("Content-Length: " . strlen($logout->msgBody) . "\r\n"); + echo $logout->msgBody; break; case lassoRequestTypeDefederation: |