summaryrefslogtreecommitdiffstats
path: root/php/Attic/examples/sample-idp/singleSignOn.php
diff options
context:
space:
mode:
Diffstat (limited to 'php/Attic/examples/sample-idp/singleSignOn.php')
-rw-r--r--php/Attic/examples/sample-idp/singleSignOn.php205
1 files changed, 114 insertions, 91 deletions
diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php
index 2569d2fa..27ae27b6 100644
--- a/php/Attic/examples/sample-idp/singleSignOn.php
+++ b/php/Attic/examples/sample-idp/singleSignOn.php
@@ -41,83 +41,27 @@
$form->addRule('username', 'Please enter the Username', 'required', null, 'client');
$form->addRule('password', 'Please enter the Password', 'required', null, 'client');
- // Login dump is not available, show the login form
- if (!isset($_SESSION['login_dump']) && !$form->validate())
+ function singleSignOn_done($config, $db, $user_id = 0)
{
- // Check for AuthnRequest
- if (empty($_POST) && empty($_GET))
- {
- die("Unknow login methode!");
- }
-
- lasso_init();
-
- $server_dump = file_get_contents($config['server_dump_filename']);
-
- $server = LassoServer::newfromdump($server_dump);
-
- $login = new LassoLogin($server);
-
- if ($_SERVER['REQUEST_METHOD'] = 'GET')
- $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
- else
- {
- // TODO
- exit;
- }
-
- // User must NOT Authenticate with the IdP
- if (!$login->mustAuthenticate())
- {
- // TODO
- exit;
- }
-
- $login_dump = $login->dump();
-
- $_SESSION['login_dump'] = $login->dump();
-
- lasso_shutdown();
- }
-
-
-
- if (isset($_SESSION['login_dump']) && $form->validate())
- {
- $db = &DB::connect($config['dsn']);
-
- if (DB::isError($db))
- die($db->getMessage());
-
- $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
- $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
-
- $res =& $db->query($query);
- if (DB::isError($res))
- die($res->getMessage());
-
- if ($res->numRows())
- {
- // Get user_id from users
- $row = $res->fetchRow();
- $user_id = $row[0];
-
$server_dump = file_get_contents($config['server_dump_filename']);
-
+
lasso_init();
- $server = LassoServer::newfromdump($server_dump);
+ $server = LassoServer::newFromDump($server_dump);
+ $login = LassoLogin::newFromDump($server, $_SESSION['login_dump']);
- $login = LassoLogin::newfromdump($server, $_SESSION['login_dump']);
+ $authenticationMethod =
+ (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword);
- $authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword);
+ // reauth in session_cache_expire default is 180 minutes
+ $reauthenticateOnOrAfter = strftime("%Y-%m-%dT%H:%M:%SZ", time() + session_cache_expire() * 60);
if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
{
$login->buildArtifactMsg(
TRUE, // User is authenticated
$authenticationMethod,
- "2005-05-03T16:12:00Z", # FIXME: reauthenticateOnOrAfter
+ $reauthenticateOnOrAfter,
lassoHttpMethodRedirect);
}
else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
@@ -129,39 +73,43 @@
else
die("Unknown protocol profile for login:" . $login->protocolProfile);
- if ($login->isIdentityDirty)
+ if (empty($user_id))
{
- $identity = $login->identity;
- $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump());
- $query .= " WHERE user_id='$user_id'";
+ // Get user_id
+ $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='";
+ $query .= $login->nameIdentifier . "'";
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
- }
-
- // Get name identifier
- $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='";
- $query .= $login->nameIdentifier . "'";
- $res =& $db->query($query);
- if (DB::isError($res))
- die($res->getMessage());
- // Save name identifier
- if (!$res->numRows())
+ $row = $res->fetchRow();
+ $user_id = $row[0];
+ }
+ else
{
- $query = "INSERT INTO nameidentifiers (name_identifier, user_id) ";
- $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')";
- $res =& $db->query($query);
- if (DB::isError($res))
+ // Save name identifier
+ if (!$res->numRows())
+ {
+ $query = "INSERT INTO nameidentifiers (name_identifier, user_id) ";
+ $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')";
+ $res =& $db->query($query);
+ if (DB::isError($res))
die($res->getMessage());
- $name_identifier = $login->nameIdentifier;
+ $name_identifier = $login->nameIdentifier;
+ }
}
- else
+
+ if ($login->isIdentityDirty)
{
- $row = $res->fetchRow();
- $name_identifier = $row[0];
- }
+ $identity = $login->identity;
+ $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump());
+ $query .= " WHERE user_id='$user_id'";
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+ }
// Update identity dump
$identity = $login->identity;
@@ -174,7 +122,7 @@
// Update session dump
$session = $login->session;
$query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump())." WHERE user_id='$user_id'";
-
+
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
@@ -188,15 +136,17 @@
if (empty($assertion_dump))
die("assertion dump is empty");
-
// Save assertion
$query = "INSERT INTO assertions (assertion, response_dump, created) VALUES ";
$query .= "('".$login->assertionArtifact."',".$db->quoteSmart($assertion_dump).", NOW())";
-
+
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
+ $_SESSION['login_dump'] = $login->dump();
+ $_SESSION['session_dump'] = $session->dump();
+
if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
{
$url = $login->msgUrl;
@@ -210,6 +160,79 @@
}
lasso_shutdown();
+ }
+
+ if (!$form->validate())
+ {
+ // Check for AuthnRequest
+ if (empty($_POST) && empty($_GET))
+ {
+ die("Unknow login methode!");
+ }
+
+ lasso_init();
+
+ $server_dump = file_get_contents($config['server_dump_filename']);
+
+ $server = LassoServer::newfromdump($server_dump);
+
+ if (!empty($_SESSION['login_dump']))
+ $login = LassoLogin::newFromDump($server, $_SESSION['login_dump']);
+ else
+ $login = new LassoLogin($server);
+
+ if (!empty($_SESSION['session_dump']))
+ $login->setSessionFromDump($_SESSION['session_dump']);
+
+ if ($_SERVER['REQUEST_METHOD'] = 'GET')
+ $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
+ else
+ {
+ // TODO
+ exit;
+ }
+
+ // User must NOT Authenticate with the IdP
+ if (!$login->mustAuthenticate())
+ {
+ $db = &DB::connect($config['dsn']);
+ if (DB::isError($db))
+ die($db->getMessage());
+
+ singleSignOn_done($config, $db);
+ $db->disconnect();
+ exit;
+ }
+
+ $login_dump = $login->dump();
+ $session = $login->session;
+ $_SESSION['login_dump'] = $login->dump();
+ $_SESSION['session_dump'] = $session->dump();
+
+ lasso_shutdown();
+ }
+
+
+ if (isset($_SESSION['login_dump']) && $form->validate())
+ {
+ $db = &DB::connect($config['dsn']);
+
+ if (DB::isError($db))
+ die($db->getMessage());
+
+ $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
+ $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+
+ if ($res->numRows())
+ {
+ $row = $res->fetchRow();
+ $user_id = $row[0];
+ singleSignOn_done($config, $db, $user_id);
+ $db->disconnect();
exit();
}
}
generated by cgit (git 2.34.1) at 2024-06-22 07:16:11 +0000