diff options
Diffstat (limited to 'php/Attic/examples/sample-sp')
| -rw-r--r-- | php/Attic/examples/sample-sp/admin_user.php | 53 | ||||
| -rw-r--r-- | php/Attic/examples/sample-sp/assertionConsumer.php | 38 | ||||
| -rw-r--r-- | php/Attic/examples/sample-sp/cancel_federation.php | 200 | ||||
| -rw-r--r-- | php/Attic/examples/sample-sp/index.php | 47 | ||||
| -rw-r--r-- | php/Attic/examples/sample-sp/metadata_idp1.xml | 10 | ||||
| -rw-r--r-- | php/Attic/examples/sample-sp/misc.php | 55 | ||||
| -rw-r--r-- | php/Attic/examples/sample-sp/setup.php | 1 | ||||
| -rw-r--r-- | php/Attic/examples/sample-sp/soapEndpoint.php | 143 |
8 files changed, 502 insertions, 45 deletions
diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php index 30efe3c6..48a903dd 100644 --- a/php/Attic/examples/sample-sp/admin_user.php +++ b/php/Attic/examples/sample-sp/admin_user.php @@ -24,13 +24,18 @@ $config = unserialize(file_get_contents('config.inc')); + require_once 'Log.php'; require_once 'DB.php'; - - + + // connect to the data base $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); + die($db->getMessage()); + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + if (!empty($_GET['dump'])) { $query = "SELECT identity_dump FROM users WHERE user_id=".$db->quoteSmart($_GET['dump']); @@ -38,6 +43,7 @@ if (DB::isError($res)) print $res->getMessage(). "\n"; $row = $res->fetchRow(); + ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> @@ -78,6 +84,15 @@ die($res->getMessage()); } + lasso_init(); + + // Create Lasso Server + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); + + // Lasso User + $login = new LassoLogin($server); + $query = "SELECT * FROM users"; $res =& $db->query($query); if (DB::isError($res)) @@ -107,7 +122,7 @@ <thead> <tr align="center"><?php for ($i = 0; $i < $num_col; $i++) { - echo "<td>" . $tableinfo[$i]['name'] ."</td>"; + echo "<td><b>" . $tableinfo[$i]['name'] ."</b></td>"; } ?><td> </td> </tr> @@ -127,6 +142,7 @@ { case "identity_dump": echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "')>view</a>"; + $identity_dump = $row[$i]; break; default: @@ -137,9 +153,29 @@ <?php } ?> - <td> - <a href="<?php echo $PHP_SELF . '?del=' . $row[0]; ?>">delete</a> - </td> + <td rowspan='2'><a href="<?php echo $PHP_SELF . '?del=' . $row[0]; ?>">delete</a></td> +</tr> +<tr> + <td colspan='<?php echo $num_col; ?>' align='center'> +<? + // get all federations for this user + if (!empty($identity_dump)) + { + $login->setIdentityFromDump($identity_dump); + $identity = $login->identity; + $providerIDs = $identity->providerIds; + + for($i = 0; $i < $providerIDs->length() ; $i++) + { + if ($i) + echo "<br>"; + echo $providerIDs->getItem($i); + } + } + else + echo "Not Federated with an Service Provider."; +?> + </td> </tr> <?php } @@ -165,4 +201,5 @@ </html> <?php $db->disconnect(); + lasso_shutdown(); ?> diff --git a/php/Attic/examples/sample-sp/assertionConsumer.php b/php/Attic/examples/sample-sp/assertionConsumer.php index 727c2c0f..f7d38d32 100644 --- a/php/Attic/examples/sample-sp/assertionConsumer.php +++ b/php/Attic/examples/sample-sp/assertionConsumer.php @@ -25,6 +25,7 @@ require_once 'Log.php'; require_once 'DB.php'; require_once 'session.php'; + require_once 'misc.php'; $config = unserialize(file_get_contents('config.inc')); @@ -55,7 +56,7 @@ $login = new LassoLogin($server); - $logger->log('Request from ' . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); + $logger->info('Request from ' . $_SERVER['REMOTE_ADDR']); $login->initRequest($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); $login->buildRequestMsg(); @@ -72,36 +73,8 @@ $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); socket_set_timeout($fp, 10); fwrite($fp, $soap); - - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = @fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } - fclose($fp); + + read_http_response($fp, $header, $response); $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); @@ -151,8 +124,10 @@ $login->acceptSso(); $session = $login->session; + $identity = $login->identity; $_SESSION['nameidentifier'] = $login->nameIdentifier; + $_SESSION['identity_dump'] = $identity->dump(); $_SESSION['session_dump'] = $session->dump(); $_SESSION['user_id'] = $user_id; @@ -209,6 +184,7 @@ $_SESSION['nameidentifier'] = $login->nameIdentifier; + $_SESSION['identity_dump'] = $identity->dump(); $_SESSION['session_dump'] = $session->dump(); $_SESSION['user_id'] = $user_id; diff --git a/php/Attic/examples/sample-sp/cancel_federation.php b/php/Attic/examples/sample-sp/cancel_federation.php new file mode 100644 index 00000000..66a2076d --- /dev/null +++ b/php/Attic/examples/sample-sp/cancel_federation.php @@ -0,0 +1,200 @@ +<?php +/* + * Service Provider Example -- Cancel Federation with an Identity Provider + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + require_once 'Log.php'; + require_once 'DB.php'; + require_once 'session.php'; + require_once 'misc.php'; + + $config = unserialize(file_get_contents('config.inc')); + + $methodes = array('redirect' => lassoHttpMethodRedirect, 'soap' => lassoHttpMethodSoap); + + // connect to the data base + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + die($db->getMessage()); + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + + // session handler + session_set_save_handler("open_session", "close_session", + "read_session", "write_session", "destroy_session", "gc_session"); + + if (empty($_GET['profile'])) + { + $logger->err("Cancel Federation called without profile."); + die("Cancel Federation called without profile."); + } + + if (empty($_GET['with'])) + { + $logger->err("Cancel Federation called without providerID."); + die("Cancel Federation called without providerID."); + } + + session_start(); + + lasso_init(); + + if (empty($_SESSION['user_id'])) + { + $logger->err("UserID is empty, user is not logged in."); + die("UserID is empty, user is not logged in."); + } + + if (empty($_SESSION['identity_dump'])) + { + $logger->err("Identity Dump is empty, user is not federated."); + die("Identity Dump is empty, user is not federated."); + } + + if (!in_array($_GET['profile'], array_keys($methodes))) + { + die("Unknown defederation profile : " . $_GET['profile']); + $logger->err("Unknown defederation profile : " . $_GET['profile']); + } + + $user_id = $_SESSION['user_id']; + + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); + + $defederation = new LassoDefederation($server, lassoProviderTypeSp); + $defederation->setIdentityFromDump($_SESSION['identity_dump']); + + if (!empty($_SESSION['session_dump'])) + $defederation->setSessionFromDump($_SESSION['session_dump']); + + $logger->debug("Create Cancel Federation Notification for User '" . $_SESSION["user_id"] . + "' with Identity Provider '" . $_GET['with']. "'"); + + $defederation->initNotification($_GET['with'], $methodes[$_GET['profile']]); + + $defederation->buildNotificationMsg(); + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + $loggery>err("Name Identifier is empty."); + die("Name Identifier is empty."); + } + + $identity = $defederation->identity; + if (isset($defederation->identity)) + { + // Update identity dump + $identity_dump = $identity->dump(); + $_SESSION['identity_dump'] = $identity_dump; + $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); + } + else // Delete identity and session dumps + $query = "UPDATE users SET identity_dump=''"; + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' identity dump in the database"); + + // Update session dump, if available + if (!empty($_SESSION['sesion_dump']) && $defederation->isSessionDirty) + { + $session = $defederation->session; + $session_dump = $session->dump(); + $_SESSION['session_dump'] = $session_dump; + + $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' session dump in the database"); +} + +// Delete Name Identifier +$query = "DELETE FROM nameidentifiers WHERE user_id='$user_id' "; +$query .= "AND name_identifier='$nameIdentifier'"; + +$res =& $db->query($query); +if (DB::isError($res)) +{ + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); +} + +$logger->info("Delete Name Identifier '$nameIdentifier' for User '$user_id'"); + +switch($_GET['profile']) +{ + case 'redirect': + $url = $defederation->msgUrl; + $logger->info("Redirect user to $url"); + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url\r\n\r\n"); + break; + case 'soap': + $url = parse_url($defederation->msgUrl); + $soap = sprintf( + "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", + $url['path'], $url['host'], $url['port'], strlen($defederation->msgBody), $defederation->msgBody); + + $logger->info('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path']); + $logger->debug('SOAP Request : ' . $soap); + + $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); + socket_set_timeout($fp, 10); + fwrite($fp, $soap); + + read_http_response($fp, $header, $reponse); + + fclose($fp); + + $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); + $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); + + // TODO : check reponse status + + + break; + } + +?> + +<?php + lasso_shutdown(); +?> diff --git a/php/Attic/examples/sample-sp/index.php b/php/Attic/examples/sample-sp/index.php index 62c5faef..43948017 100644 --- a/php/Attic/examples/sample-sp/index.php +++ b/php/Attic/examples/sample-sp/index.php @@ -64,7 +64,11 @@ You can get more informations about <b>Lasso</b> at <br> session_start(); + lasso_init(); + + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> @@ -104,11 +108,48 @@ You can get more informations about <b>Lasso</b> at <br> <td><?php echo $config['providerID']; ?></td> <td><a href="login.php?profile=post">post</a> | <a href="login.php?profile=artifact">artifact</a></td> </tr> -<?php } else { ?> +<?php } else { + // User is federated with an Service Provider + if (isset($_SESSION['identity_dump'])) + { + $login = new LassoLogin($server); + $login->setIdentityFromDump($_SESSION['identity_dump']); + if (!empty($_SESSION['session_dump'])) + $login->setSessionFromDump($_SESSION['session_dump']); + $identity = $login->identity; + $providerIDs = $identity->providerIds; + + if ($providerIDs->length()) + { +?> <tr> - <td colspan="2">Single Logout</td> + <td align='center' colspan='2'>Cancel a Federation with :</td> +</tr> +<tr> + <td align='center'>Identity Provider</td><td align='center'>Profile</td> +</tr> +<?php + for($i = 0; $i < $providerIDs->length() ; $i++) + { + $providerID = $providerIDs->getItem($i); +?> +<tr> + <td align='center'><?php echo $providerID; ?></td> + <td align='center'> + <a href="cancel_federation.php?profile=redirect&with=<?php echo $providerID; ?>">Redirect</a> | + <a href="cancel_federation.php?profile=soap&with=<?php echo $providerID; ?>">SOAP</a> + </td> +</tr> +<tr> + <td colspan='2'> </td> +</tr> +<?php + } + } + } +?> <tr> - <td colspan="2"><a href="logout.php">Logout!</a></td> + <td>Single Logout using </td><td><a href="logout.php?profile=soap">SOAP</a></td> </tr> <?php } ?> </table> diff --git a/php/Attic/examples/sample-sp/metadata_idp1.xml b/php/Attic/examples/sample-sp/metadata_idp1.xml index 5dda1a22..afa9c9b2 100644 --- a/php/Attic/examples/sample-sp/metadata_idp1.xml +++ b/php/Attic/examples/sample-sp/metadata_idp1.xml @@ -4,14 +4,18 @@ xmlns="urn:liberty:metadata:2003-08"> <IDPDescriptor> - <SingleSignOnServiceURL>https://idp1:1998/singleSignOn.php</SingleSignOnServiceURL> + <SingleSignOnServiceURL>https://idp1:1998/singleSignOn</SingleSignOnServiceURL> <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile> - <SingleLogoutServiceURL>https://idp1:1998/singleLogout.php</SingleLogoutServiceURL> + <SingleLogoutServiceURL>https://idp1:1998/singleLogout</SingleLogoutServiceURL> <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile> - <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier.php</RegisterNameIdentifierServiceURL> + <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier</RegisterNameIdentifierServiceURL> <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile> + <FederationTerminationServiceURL>https://idp1:1998/federationTermination</FederationTerminationServiceURL> + <FederationTerminationServiceReturnURL>https://idp1:1998/federationTerminationReturn</FederationTerminationServiceReturnURL> + <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile> + <SoapEndpoint>https://idp1:1998/soapEndpoint.php</SoapEndpoint> diff --git a/php/Attic/examples/sample-sp/misc.php b/php/Attic/examples/sample-sp/misc.php new file mode 100644 index 00000000..df9709e5 --- /dev/null +++ b/php/Attic/examples/sample-sp/misc.php @@ -0,0 +1,55 @@ +<?php +/* + * Service Provider Example -- Misc functions + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +function read_http_response($fp, &$header, &$response) +{ + // header + do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); + + // chunked encoding + if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) + { + do { + $byte = ''; + $chunk_size = ''; + + do { + $chunk_size .= $byte; + $byte = fread($fp, 1); + } while ($byte != "\\r"); + + fread($fp, 1); + $chunk_size = hexdec($chunk_size); + $response .= fread($fp, $chunk_size); + fread($fp, 2); + } while ($chunk_size); + } + else + { + if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) + $response = @fread($fp, $matches[1]); + else + while (!feof($fp)) $response .= fread($fp, 1024); + } +} diff --git a/php/Attic/examples/sample-sp/setup.php b/php/Attic/examples/sample-sp/setup.php index 2886c88a..a27d3d05 100644 --- a/php/Attic/examples/sample-sp/setup.php +++ b/php/Attic/examples/sample-sp/setup.php @@ -284,6 +284,7 @@ ob_end_flush(); ob_end_flush(); ?> +<p><a href='index.php'>Back to Index</a></p> </body> </html> <?php diff --git a/php/Attic/examples/sample-sp/soapEndpoint.php b/php/Attic/examples/sample-sp/soapEndpoint.php new file mode 100644 index 00000000..ef7dcc8a --- /dev/null +++ b/php/Attic/examples/sample-sp/soapEndpoint.php @@ -0,0 +1,143 @@ +<?php +/* + * Identity Provider Example -- SOAP Endpoint + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + require_once 'Log.php'; + require_once 'DB.php'; + require_once 'session.php'; + + + $config = unserialize(file_get_contents('config.inc')); + + $server_dump = file_get_contents($config['server_dump_filename']); + + header("Content-Type: text/xml\r\n"); + + // connect to the data base + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + { + header("HTTP/1.0 500 Internal Server Error"); + exit; + } + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + + // session handler + session_set_save_handler("open_session", "close_session", + "read_session", "write_session", "destroy_session", "gc_session"); + + session_start(); + + if (empty($HTTP_RAW_POST_DATA)) + { + $logger->log("HTTP_RAW_POST_DATA is empty", PEAR_LOG_WARNING); + die("HTTP_RAW_POST_DATA is empty!"); + } + + lasso_init(); + + $requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA); + $server = LassoServer::newFromDump($server_dump); + + switch ($requestype) + { + case lassoRequestTypeLogout: + $logger->info("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR']); + + break; + case lassoRequestTypeDefederation: + $logger->info("SOAP Defederation Request from " . $_SERVER['REMOTE_ADDR']); + + $defederation = new LassoDefederation($server, lassoProviderTypeSp); + $defederation->processNotificationMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); + + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name Identifier is empty"); + exit; + } + + $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; + $res =& $db->query($query); + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name identifier '$nameIdentifier' doesn't correspond to any user"); + exit; + } + + $row = $res->fetchRow(); + $user_id = $row[0]; + $logger->debug("UserID is '$user_id"); + + $query = "SELECT identity_dump FROM users WHERE user_id='$user_id'"; + $res =& $db->query($query); + + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("User is not federated."); + exit; + } + $row = $res->fetchRow(); + $identity_dump = $row[0]; + + $defederation->setIdentityFromDump($identity_dump); + + // TODO : Get Session + + $defederation->validateNotification(); + + $identity = $defederation->identity; + + if (!isset($identity->dump)) + { + $identity_dump = $identity->dump; + } + + break; + default: + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("Unknown or unsupported SOAP request"); + } + +?> |