diff options
Diffstat (limited to 'php/Attic/examples/sample-idp/singleSignOn.php')
-rw-r--r-- | php/Attic/examples/sample-idp/singleSignOn.php | 205 |
1 files changed, 114 insertions, 91 deletions
diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php index 2569d2fa..27ae27b6 100644 --- a/php/Attic/examples/sample-idp/singleSignOn.php +++ b/php/Attic/examples/sample-idp/singleSignOn.php @@ -41,83 +41,27 @@ $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); - // Login dump is not available, show the login form - if (!isset($_SESSION['login_dump']) && !$form->validate()) + function singleSignOn_done($config, $db, $user_id = 0) { - // Check for AuthnRequest - if (empty($_POST) && empty($_GET)) - { - die("Unknow login methode!"); - } - - lasso_init(); - - $server_dump = file_get_contents($config['server_dump_filename']); - - $server = LassoServer::newfromdump($server_dump); - - $login = new LassoLogin($server); - - if ($_SERVER['REQUEST_METHOD'] = 'GET') - $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); - else - { - // TODO - exit; - } - - // User must NOT Authenticate with the IdP - if (!$login->mustAuthenticate()) - { - // TODO - exit; - } - - $login_dump = $login->dump(); - - $_SESSION['login_dump'] = $login->dump(); - - lasso_shutdown(); - } - - - - if (isset($_SESSION['login_dump']) && $form->validate()) - { - $db = &DB::connect($config['dsn']); - - if (DB::isError($db)) - die($db->getMessage()); - - $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username')); - $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - if ($res->numRows()) - { - // Get user_id from users - $row = $res->fetchRow(); - $user_id = $row[0]; - $server_dump = file_get_contents($config['server_dump_filename']); - + lasso_init(); - $server = LassoServer::newfromdump($server_dump); + $server = LassoServer::newFromDump($server_dump); + $login = LassoLogin::newFromDump($server, $_SESSION['login_dump']); - $login = LassoLogin::newfromdump($server, $_SESSION['login_dump']); + $authenticationMethod = + (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword); - $authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword); + // reauth in session_cache_expire default is 180 minutes + $reauthenticateOnOrAfter = strftime("%Y-%m-%dT%H:%M:%SZ", time() + session_cache_expire() * 60); if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt) { $login->buildArtifactMsg( TRUE, // User is authenticated $authenticationMethod, - "2005-05-03T16:12:00Z", # FIXME: reauthenticateOnOrAfter + $reauthenticateOnOrAfter, lassoHttpMethodRedirect); } else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost) @@ -129,39 +73,43 @@ else die("Unknown protocol profile for login:" . $login->protocolProfile); - if ($login->isIdentityDirty) + if (empty($user_id)) { - $identity = $login->identity; - $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump()); - $query .= " WHERE user_id='$user_id'"; + // Get user_id + $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='"; + $query .= $login->nameIdentifier . "'"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); - } - - // Get name identifier - $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='"; - $query .= $login->nameIdentifier . "'"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - // Save name identifier - if (!$res->numRows()) + $row = $res->fetchRow(); + $user_id = $row[0]; + } + else { - $query = "INSERT INTO nameidentifiers (name_identifier, user_id) "; - $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')"; - $res =& $db->query($query); - if (DB::isError($res)) + // Save name identifier + if (!$res->numRows()) + { + $query = "INSERT INTO nameidentifiers (name_identifier, user_id) "; + $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')"; + $res =& $db->query($query); + if (DB::isError($res)) die($res->getMessage()); - $name_identifier = $login->nameIdentifier; + $name_identifier = $login->nameIdentifier; + } } - else + + if ($login->isIdentityDirty) { - $row = $res->fetchRow(); - $name_identifier = $row[0]; - } + $identity = $login->identity; + $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump()); + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + } // Update identity dump $identity = $login->identity; @@ -174,7 +122,7 @@ // Update session dump $session = $login->session; $query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump())." WHERE user_id='$user_id'"; - + $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); @@ -188,15 +136,17 @@ if (empty($assertion_dump)) die("assertion dump is empty"); - // Save assertion $query = "INSERT INTO assertions (assertion, response_dump, created) VALUES "; $query .= "('".$login->assertionArtifact."',".$db->quoteSmart($assertion_dump).", NOW())"; - + $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); + $_SESSION['login_dump'] = $login->dump(); + $_SESSION['session_dump'] = $session->dump(); + if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt) { $url = $login->msgUrl; @@ -210,6 +160,79 @@ } lasso_shutdown(); + } + + if (!$form->validate()) + { + // Check for AuthnRequest + if (empty($_POST) && empty($_GET)) + { + die("Unknow login methode!"); + } + + lasso_init(); + + $server_dump = file_get_contents($config['server_dump_filename']); + + $server = LassoServer::newfromdump($server_dump); + + if (!empty($_SESSION['login_dump'])) + $login = LassoLogin::newFromDump($server, $_SESSION['login_dump']); + else + $login = new LassoLogin($server); + + if (!empty($_SESSION['session_dump'])) + $login->setSessionFromDump($_SESSION['session_dump']); + + if ($_SERVER['REQUEST_METHOD'] = 'GET') + $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); + else + { + // TODO + exit; + } + + // User must NOT Authenticate with the IdP + if (!$login->mustAuthenticate()) + { + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + die($db->getMessage()); + + singleSignOn_done($config, $db); + $db->disconnect(); + exit; + } + + $login_dump = $login->dump(); + $session = $login->session; + $_SESSION['login_dump'] = $login->dump(); + $_SESSION['session_dump'] = $session->dump(); + + lasso_shutdown(); + } + + + if (isset($_SESSION['login_dump']) && $form->validate()) + { + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username')); + $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + if ($res->numRows()) + { + $row = $res->fetchRow(); + $user_id = $row[0]; + singleSignOn_done($config, $db, $user_id); + $db->disconnect(); exit(); } } |