diff options
Diffstat (limited to 'php/Attic/examples/sample-idp/singleSignOn.php')
-rw-r--r-- | php/Attic/examples/sample-idp/singleSignOn.php | 199 |
1 files changed, 177 insertions, 22 deletions
diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php index 5143f9c0..d9d7f10a 100644 --- a/php/Attic/examples/sample-idp/singleSignOn.php +++ b/php/Attic/examples/sample-idp/singleSignOn.php @@ -1,7 +1,6 @@ <?php /* - * - * Identity Provider Example -- Setup + * Identity Provider Example -- Single Sing On * * Copyright (C) 2004 Entr'ouvert * http://lasso.entrouvert.org @@ -22,35 +21,191 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + + require_once 'HTML/QuickForm.php'; + require_once 'DB.php'; - if (empty($_POST) && empty($_GET)) + $config = unserialize(file_get_contents('config.inc')); + + session_start(); + + // Create the form + $form = new HTML_QuickForm('frm'); + + $form->addElement('header', null, 'Single Sing On Login'); + + $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); + $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); + $form->addElement('submit', null, 'Ok'); + + $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); + $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); + + // Login dump is not available, show the login form + if (!isset($_SESSION['login_dump']) && !$form->validate()) { - die("Unknow login methode!"); - } - $methode = empty($_POST) ? 'GET' : 'POST'; + // Check for AuthnRequest + if (empty($_POST) && empty($_GET)) + { + die("Unknow login methode!"); + } - $config = unserialize(file_get_contents('config.inc')); + lasso_init(); + + $server_dump = file_get_contents($config['server_dump_filename']); - lasso_init(); + $server = LassoServer::newfromdump($server_dump); - $server_dump = file_get_contents($config['server_dump_filename']); + $login = new LassoLogin($server); - $server = LassoServer::newfromdump($server_dump); + if ($_SERVER['REQUEST_METHOD'] = 'GET') + $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); + else + { + // TODO + exit; + } - $login = new LassoLogin($server); + // User must NOT Authenticate with the IdP + if (!$login->mustAuthenticate()) + { + // TODO + exit; + } - if ($methode = 'GET') - { - print $_SERVER['QUERY_STRING']; - $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); - print "ici"; - } - else - { - // TODO + $login_dump = $login->dump(); + + $_SESSION['login_dump'] = $login->dump(); + + lasso_shutdown(); } + + + + if (isset($_SESSION['login_dump']) && $form->validate()) + { + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + die($db->getMessage()); - //echo $methode; - //echo $_SERVER['QUERY_STRING']; + $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username')); + $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + if ($res->numRows()) + { + // Get user_id from users + $row = $res->fetchRow(); + $user_id = $row[0]; + + $server_dump = file_get_contents($config['server_dump_filename']); + + lasso_init(); + + $server = LassoServer::newfromdump($server_dump); + + $login = LassoLogin::newfromdump($server, $_SESSION['login_dump']); + + $authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword); + + if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt) + { + $login->buildArtifactMsg( + TRUE, // User is authenticated + $authenticationMethod, + "2005-05-03T16:12:00Z", # FIXME: reauthenticateOnOrAfter + lassoHttpMethodRedirect); + } + else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost) + { + // TODO + print "TODO : Post\n"; + exit(); + } + else + die("Unknown protocol profile for login:" . $login->protocolProfile); + + if ($login->isIdentityDirty) + { + // TODO + // print "isIdentityDirty yes"; + } + + // Get name identifier + $query = "SELECT name_identifier FROM nameidentifiers WHERE user_id='$user_id'"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + // Save name identifier + if (!$res->numRows()) + { + $query = "INSERT INTO nameidentifiers (name_identifier, user_id) "; + $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + $name_identifier = $login->nameIdentifier; + } + else + { + $row = $res->fetchRow(); + $name_identifier = $row[0]; + } + + // Update identity dump + $identity = $login->identity; + $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump())." WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + // Update session dump + $session = $login->session; + $query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump())." WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + // Save assertion + $query = "INSERT INTO assertions (assertion, response_dump) VALUES ('" . $login->assertionArtifact; + $query .= "', '" . $login->responseDump . "')"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt) + { + $artifact = $login->assertionArtifact; + $response_msg = $login->responseDump; + $url = $login->msgUrl; + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url"); + } + else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost) + { + } + + lasso_shutdown(); + exit(); + } + } +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" +"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html> +<body> +<?php + $form->display(); ?> +</body> +</html> |