summaryrefslogtreecommitdiffstats
path: root/php/Attic/examples/sample-idp/singleSignOn.php
diff options
context:
space:
mode:
Diffstat (limited to 'php/Attic/examples/sample-idp/singleSignOn.php')
-rw-r--r--php/Attic/examples/sample-idp/singleSignOn.php199
1 files changed, 177 insertions, 22 deletions
diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php
index 5143f9c0..d9d7f10a 100644
--- a/php/Attic/examples/sample-idp/singleSignOn.php
+++ b/php/Attic/examples/sample-idp/singleSignOn.php
@@ -1,7 +1,6 @@
<?php
/*
- *
- * Identity Provider Example -- Setup
+ * Identity Provider Example -- Single Sing On
*
* Copyright (C) 2004 Entr'ouvert
* http://lasso.entrouvert.org
@@ -22,35 +21,191 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+
+ require_once 'HTML/QuickForm.php';
+ require_once 'DB.php';
- if (empty($_POST) && empty($_GET))
+ $config = unserialize(file_get_contents('config.inc'));
+
+ session_start();
+
+ // Create the form
+ $form = new HTML_QuickForm('frm');
+
+ $form->addElement('header', null, 'Single Sing On Login');
+
+ $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255));
+ $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255));
+ $form->addElement('submit', null, 'Ok');
+
+ $form->addRule('username', 'Please enter the Username', 'required', null, 'client');
+ $form->addRule('password', 'Please enter the Password', 'required', null, 'client');
+
+ // Login dump is not available, show the login form
+ if (!isset($_SESSION['login_dump']) && !$form->validate())
{
- die("Unknow login methode!");
- }
- $methode = empty($_POST) ? 'GET' : 'POST';
+ // Check for AuthnRequest
+ if (empty($_POST) && empty($_GET))
+ {
+ die("Unknow login methode!");
+ }
- $config = unserialize(file_get_contents('config.inc'));
+ lasso_init();
+
+ $server_dump = file_get_contents($config['server_dump_filename']);
- lasso_init();
+ $server = LassoServer::newfromdump($server_dump);
- $server_dump = file_get_contents($config['server_dump_filename']);
+ $login = new LassoLogin($server);
- $server = LassoServer::newfromdump($server_dump);
+ if ($_SERVER['REQUEST_METHOD'] = 'GET')
+ $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
+ else
+ {
+ // TODO
+ exit;
+ }
- $login = new LassoLogin($server);
+ // User must NOT Authenticate with the IdP
+ if (!$login->mustAuthenticate())
+ {
+ // TODO
+ exit;
+ }
- if ($methode = 'GET')
- {
- print $_SERVER['QUERY_STRING'];
- $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
- print "ici";
- }
- else
- {
- // TODO
+ $login_dump = $login->dump();
+
+ $_SESSION['login_dump'] = $login->dump();
+
+ lasso_shutdown();
}
+
+
+
+ if (isset($_SESSION['login_dump']) && $form->validate())
+ {
+ $db = &DB::connect($config['dsn']);
+ if (DB::isError($db))
+ die($db->getMessage());
- //echo $methode;
- //echo $_SERVER['QUERY_STRING'];
+ $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
+ $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+
+ if ($res->numRows())
+ {
+ // Get user_id from users
+ $row = $res->fetchRow();
+ $user_id = $row[0];
+
+ $server_dump = file_get_contents($config['server_dump_filename']);
+
+ lasso_init();
+
+ $server = LassoServer::newfromdump($server_dump);
+
+ $login = LassoLogin::newfromdump($server, $_SESSION['login_dump']);
+
+ $authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword);
+
+ if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
+ {
+ $login->buildArtifactMsg(
+ TRUE, // User is authenticated
+ $authenticationMethod,
+ "2005-05-03T16:12:00Z", # FIXME: reauthenticateOnOrAfter
+ lassoHttpMethodRedirect);
+ }
+ else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
+ {
+ // TODO
+ print "TODO : Post\n";
+ exit();
+ }
+ else
+ die("Unknown protocol profile for login:" . $login->protocolProfile);
+
+ if ($login->isIdentityDirty)
+ {
+ // TODO
+ // print "isIdentityDirty yes";
+ }
+
+ // Get name identifier
+ $query = "SELECT name_identifier FROM nameidentifiers WHERE user_id='$user_id'";
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+
+ // Save name identifier
+ if (!$res->numRows())
+ {
+ $query = "INSERT INTO nameidentifiers (name_identifier, user_id) ";
+ $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')";
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+ $name_identifier = $login->nameIdentifier;
+ }
+ else
+ {
+ $row = $res->fetchRow();
+ $name_identifier = $row[0];
+ }
+
+ // Update identity dump
+ $identity = $login->identity;
+ $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump())." WHERE user_id='$user_id'";
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+
+ // Update session dump
+ $session = $login->session;
+ $query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump())." WHERE user_id='$user_id'";
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+
+ // Save assertion
+ $query = "INSERT INTO assertions (assertion, response_dump) VALUES ('" . $login->assertionArtifact;
+ $query .= "', '" . $login->responseDump . "')";
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ die($res->getMessage());
+
+ if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
+ {
+ $artifact = $login->assertionArtifact;
+ $response_msg = $login->responseDump;
+ $url = $login->msgUrl;
+
+ header("Request-URI: $url");
+ header("Content-Location: $url");
+ header("Location: $url");
+ }
+ else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
+ {
+ }
+
+ lasso_shutdown();
+ exit();
+ }
+ }
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<body>
+<?php
+ $form->display();
?>
+</body>
+</html>
generated by cgit (git 2.34.1) at 2024-06-21 08:23:16 +0000