summaryrefslogtreecommitdiffstats
path: root/php/Attic/examples/sample-idp/singleSignOn.php
diff options
context:
space:
mode:
Diffstat (limited to 'php/Attic/examples/sample-idp/singleSignOn.php')
-rw-r--r--php/Attic/examples/sample-idp/singleSignOn.php273
1 files changed, 154 insertions, 119 deletions
diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php
index 93d040f7..f137e73f 100644
--- a/php/Attic/examples/sample-idp/singleSignOn.php
+++ b/php/Attic/examples/sample-idp/singleSignOn.php
@@ -28,6 +28,12 @@
$config = unserialize(file_get_contents('config.inc'));
session_start();
+
+ lasso_init();
+
+ // Create Lasso Server
+ $server_dump = file_get_contents($config['server_dump_filename']);
+ $server = LassoServer::newFromDump($server_dump);
// Create the form
$form = new HTML_QuickForm('frm');
@@ -41,87 +47,92 @@
$form->addRule('username', 'Please enter the Username', 'required', null, 'client');
$form->addRule('password', 'Please enter the Password', 'required', null, 'client');
- function singleSignOn_done($config, $db, $user_id = 0)
+ /*
+ * This function authentificate the user against the Postgres Database
+ */
+ function authentificateUser($db, $username, $password)
{
- $server_dump = file_get_contents($config['server_dump_filename']);
-
- lasso_init();
-
- $server = LassoServer::newFromDump($server_dump);
- $login = LassoLogin::newFromDump($server, $_SESSION['login_dump']);
+ $query = "SELECT user_id FROM users WHERE username=".$db->quoteSmart($username);
+ $query .= " AND password=".$db->quoteSmart($password);
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+ if ($res->numRows())
+ {
+ $row = $res->fetchRow();
+ return ($row[0]);
+ }
+ return (0);
+ }
+
+ /*
+ *
+ */
+ function doneSingleSignOn($db, $login, $user_id, $is_first_sso)
+ {
$authenticationMethod =
(($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword);
- // reauth in session_cache_expire default is 180 minutes
+ // reauth in session_cache_expire, default is 180 minutes
$reauthenticateOnOrAfter = strftime("%Y-%m-%dT%H:%M:%SZ", time() + session_cache_expire() * 60);
-
- if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
+
+ /* FIXME : there is a segfault when I use a switch statement
+ switch($login->protocolProfile)
{
- $login->buildArtifactMsg(
- TRUE, // User is authenticated
- $authenticationMethod,
- $reauthenticateOnOrAfter,
- lassoHttpMethodRedirect);
- }
+ case lassoLoginProtocolProfileBrwsArt:
+ $login->buildArtifactMsg(TRUE, // User is authenticated
+ $authenticationMethod, $reauthenticateOnOrAfter, lassoHttpMethodRedirect);
+ break;
+ case lassoLoginProtocolProfileBrwsPost:
+ die("TODO : Post\n");
+ default:
+ die("Unknown protocol profile\n");
+ } */
+
+ if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
+ $login->buildArtifactMsg(TRUE, // User is authenticated
+ $authenticationMethod, $reauthenticateOnOrAfter, lassoHttpMethodRedirect);
else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
- {
- // TODO
- print "TODO : Post\n";
- exit();
- }
+ die("TODO : Post\n"); // TODO
else
- die("Unknown protocol profile for login:" . $login->protocolProfile);
-
- if (empty($user_id))
- {
- // Get user_id
- $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='";
- $query .= $login->nameIdentifier . "'";
-
- $res =& $db->query($query);
- if (DB::isError($res))
- die($res->getMessage());
+ die("Unknown protocol profile\n");
- $row = $res->fetchRow();
- $user_id = $row[0];
- }
- else
+ if ($is_first_sso)
{
+ // name_identifier
$query = "INSERT INTO nameidentifiers (name_identifier, user_id) ";
$query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')";
- $res =& $db->query($query);
+
+ $res =& $db->query($query);
if (DB::isError($res))
- die($res->getMessage());
- $name_identifier = $login->nameIdentifier;
+ die($res->getMessage());
}
+ $identity = $login->identity;
+ // do we need to update identity dump?
if ($login->isIdentityDirty)
{
- $identity = $login->identity;
- $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump());
+ $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity->dump());
$query .= " WHERE user_id='$user_id'";
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
- }
+ }
- // Update identity dump
- $identity = $login->identity;
- $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump())." WHERE user_id='$user_id'";
-
- $res =& $db->query($query);
- if (DB::isError($res))
- die($res->getMessage());
-
- // Update session dump
$session = $login->session;
- $query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump())." WHERE user_id='$user_id'";
+ // do we need to update session dump?
+ if ($login->isSessionDirty)
+ {
+ $query = "UPDATE users SET session_dump=".$db->quoteSmart($identity->dump());
+ $query .= " WHERE user_id='$user_id'";
- $res =& $db->query($query);
- if (DB::isError($res))
- die($res->getMessage());
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+ }
if (empty($login->assertionArtifact))
die("assertion Artifact is empty");
@@ -131,7 +142,7 @@
if (empty($assertion_dump))
die("assertion dump is empty");
-
+
// Save assertion
$query = "INSERT INTO assertions (assertion, response_dump, created) VALUES ";
$query .= "('".$login->assertionArtifact."',".$db->quoteSmart($assertion_dump).", NOW())";
@@ -140,98 +151,122 @@
if (DB::isError($res))
die($res->getMessage());
- $_SESSION['login_dump'] = $login->dump();
+ $_SESSION['login_dump'] = ''; // delete login_dump
+ $_SESSION['identity_dump'] = $session->dump();
$_SESSION['session_dump'] = $session->dump();
- if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
- {
- $url = $login->msgUrl;
-
- header("Request-URI: $url");
- header("Content-Location: $url");
- header("Location: $url");
- }
- else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
+ switch($login->protocolProfile)
{
+ case lassoLoginProtocolProfileBrwsArt:
+ $url = $login->msgUrl;
+
+ header("Request-URI: $url");
+ header("Content-Location: $url");
+ header("Location: $url\n\n");
+ lasso_shutdown();
+ exit;
+ case lassoLoginProtocolProfileBrwsPost:
+ die("TODO : lassoLoginProtocolProfileBrwsPost");
+ break;
+ default:
+ die("Unknown Login Protocol Profile");
}
-
- lasso_shutdown();
}
- if (!$form->validate())
+ // validate login
+ if ($form->validate())
{
- // Check for AuthnRequest
- if (empty($_POST) && empty($_GET))
+ if (empty($_SESSION['login_dump']))
+ die("Login dump is not registred");
+
+ // conect to the data base
+ $db = &DB::connect($config['dsn']);
+ if (DB::isError($db))
+ die($db->getMessage());
+
+ $login = LassoLogin::newfromdump($server, $_SESSION['login_dump']);
+
+ if (($user_id = authentificateUser($db, $form->exportValue('username'),
+ $form->exportValue('password'))))
{
- die("Unknow login methode!");
- }
+ // User is authentificated
+ $query = "SELECT identity_dump,session_dump FROM users WHERE identity_dump";
+ $query .= " IS NOT NULL AND session_dump IS NOT NULL AND user_id='$user_id'";
- lasso_init();
-
- $server_dump = file_get_contents($config['server_dump_filename']);
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
- $server = LassoServer::newfromdump($server_dump);
+ $is_first_sso = FALSE;
+ if ($res->numRows())
+ {
+ $row =& $res->fetchRow();
+ $login->setIdentityFromDump($row[0]);
+ $login->setSessionFromDump($row[1]);
+ }
+ else
+ $is_first_sso = TRUE;
- if (!empty($_SESSION['login_dump']))
- $login = LassoLogin::newFromDump($server, $_SESSION['login_dump']);
- else
- $login = new LassoLogin($server);
+ doneSingleSignOn($db, $login, $user_id, $is_first_sso);
+ $db->disconnect();
+ exit;
+ }
+ }
+ else
+ {
+ $login = new LassoLogin($server);
+ // Get session and identity dump if there are available
if (!empty($_SESSION['session_dump']))
$login->setSessionFromDump($_SESSION['session_dump']);
+
+ if (!empty($_SESSION['identity_dump']))
+ $login->setIdentityFromDump($_SESSION['identity_dump']);
- if ($_SERVER['REQUEST_METHOD'] = 'GET')
- $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
- else
+ switch ($_SERVER['REQUEST_METHOD'])
{
- // TODO
- exit;
+ case 'GET':
+ $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
+ break;
+ case 'POST':
+ die("methode POST not implemented"); // TODO
+ break;
+ default:
+ die("Unknown request method");
}
-
+
// User must NOT Authenticate with the IdP
if (!$login->mustAuthenticate())
{
+ // conect to the data base
$db = &DB::connect($config['dsn']);
if (DB::isError($db))
die($db->getMessage());
- singleSignOn_done($config, $db);
+ $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='";
+ $query .= $login->nameIdentifier . "'";
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+
+ if (!$res->numRows())
+ die("Unknown User");
+
+ $row = $res->fetchRow();
+ $user_id = $row[0];
+
+ doneSingleSignOn($db, $user_id);
$db->disconnect();
exit;
}
-
- $login_dump = $login->dump();
- $session = $login->session;
- $_SESSION['login_dump'] = $login->dump();
- $_SESSION['session_dump'] = $session->dump();
-
- lasso_shutdown();
- }
-
-
- if (isset($_SESSION['login_dump']) && $form->validate())
- {
- $db = &DB::connect($config['dsn']);
-
- if (DB::isError($db))
- die($db->getMessage());
-
- $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
- $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
-
- $res =& $db->query($query);
- if (DB::isError($res))
- die($res->getMessage());
-
- if ($res->numRows())
+ else
{
- $row = $res->fetchRow();
- $user_id = $row[0];
- singleSignOn_done($config, $db, $user_id);
- $db->disconnect();
- exit();
+ // register login dump in this session,
+ // we can not transfert xml dump with hidden input
+ $_SESSION['login_dump'] = $login->dump();
}
- }
+ }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
generated by cgit (git 2.34.1) at 2024-09-27 13:53:48 +0000