summaryrefslogtreecommitdiffstats
path: root/php
diff options
context:
space:
mode:
Diffstat (limited to 'php')
-rw-r--r--php/Attic/examples/sample-idp/admin_user.php7
-rw-r--r--php/Attic/examples/sample-idp/singleSignOn.php102
-rw-r--r--php/Attic/examples/sample-idp/soapEndpoint.php87
3 files changed, 125 insertions, 71 deletions
diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php
index 172dabe9..2ce14992 100644
--- a/php/Attic/examples/sample-idp/admin_user.php
+++ b/php/Attic/examples/sample-idp/admin_user.php
@@ -124,7 +124,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
-<title>Lasso Service Provider Example : Users Management</title>
+<title>Lasso Identity Provider Example : Users Management</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
<script language="JavaScript" type="text/javascript">
<!--
@@ -254,12 +254,11 @@
// get all federations for this user
if (!empty($identity_dump))
{
- if (!empty($session_dump))
- $login->setSessionFromDump($session_dump);
$login->setIdentityFromDump($identity_dump);
$identity = $login->identity;
- $providerIDs = $identity->providerIDs;
+ // FIXME : providerIds is empty
+ // var_dump($identity->providerIds);
?>
<table width="100%">
<?php
diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php
index b73d5515..3ecf4795 100644
--- a/php/Attic/examples/sample-idp/singleSignOn.php
+++ b/php/Attic/examples/sample-idp/singleSignOn.php
@@ -87,7 +87,10 @@
$login->setIdentityFromDump($array['identity_dump']);
if (!empty($array['session_dump']))
+ {
+ $logger->log("Update Session from dump for User '$user_id'", PEAR_LOG_CRIT);
$login->setSessionFromDump($array['session_dump']);
+ }
doneSingleSignOn($db, $login, $user_id);
exit;
@@ -104,11 +107,17 @@
$array = getIdentityDumpAndSessionDumpFromUserID($db, $user_id);
$is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE);
- /*if (!$is_first_sso)
- $login->setIdentityFromDump($array['identity_dump']); */
+ if (!$is_first_sso)
+ {
+ $login->setIdentityFromDump($array['identity_dump']);
+ $logger->log("Update Identity dump for user '$user_id' :" . $array['identity_dump'], PEAR_LOG_DEBUG);
+ }
if (!empty($array['session_dump']))
+ {
$login->setSessionFromDump($array['session_dump']);
+ $logger->log("Update Session dump for user '$user_id' :" . $array['session_dump'], PEAR_LOG_DEBUG);
+ }
doneSingleSignOn($db, $login, $user_id, $is_first_sso);
}
@@ -156,11 +165,11 @@
$res =& $db->query($query);
if (DB::isError($res))
{
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
$logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
die("Internal Server Error");
}
- $logger->log("Update user '$user_id' identity dump", PEAR_LOG_DEBUG);
+ $logger->log("Update user '$user_id' identity dump in the database : $identity_dump", PEAR_LOG_DEBUG);
}
/*
@@ -176,11 +185,11 @@
$res =& $db->query($query);
if (DB::isError($res))
{
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
die("Internal Server Error");
}
- $logger->log("Update user '$user_id' session dump", PEAR_LOG_DEBUG);
+ $logger->log("Update user '$user_id' Session dump in the database : $session_dump", PEAR_LOG_DEBUG);
}
/*
@@ -189,7 +198,10 @@
function saveAssertionArtifact($db, $artifact, $assertion)
{
global $logger;
-
+ /*
+ var_dump($assertion);
+ if ($assertion->_cPtr == NULL)
+ print "null"; */
$assertion_dump = $assertion->dump();
if (empty($assertion_dump))
@@ -205,7 +217,7 @@
$res =& $db->query($query);
if (DB::isError($res))
{
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
$logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
die("Internal Server Error");
}
@@ -237,15 +249,25 @@
*/
function initFromAuthnRequest(&$login)
{
+ global $logger;
+
switch ($_SERVER['REQUEST_METHOD'])
{
case 'GET':
$login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
+ $logger->log("initFromAuthnRequest with method GET : " . $_SERVER['QUERY_STRING'], PEAR_LOG_DEBUG);
break;
case 'POST':
- die("methode POST not implemented"); // TODO
+ if (empty($_POST['LAREQ']))
+ {
+ $logger->log("POST LARQ value is empty");
+ die("POST LARQ value is empty");
+ }
+ $login->initFromAuthnRequestMsg($_POST['LAREQ'], lassoHttpMethodPost);
+ $logger->log("initFromAuthnRequest with method POST", PEAR_LOG_DEBUG);
break;
default:
+ $logger->log("initFromAuthnRequest with called an unknown method", PEAR_LOG_CRIT);
die("Unknown request method");
}
}
@@ -263,8 +285,8 @@
$res =& $db->query($query);
if (DB::isError($res))
{
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
die($res->getMessage());
}
@@ -287,8 +309,8 @@
$res =& $db->query($query);
if (DB::isError($res))
{
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
die($res->getMessage());
}
@@ -323,7 +345,7 @@
/*
*
*/
- function doneSingleSignOn($db, &$login, $user_id, $is_first_sso = FALSE)
+ function doneSingleSignOn($db, &$login, $user_id)
{
global $logger;
@@ -344,19 +366,31 @@
die("Unknown protocol profile\n");
}
- if ($is_first_sso)
+ $query = "SELECT * FROM nameidentifiers WHERE name_identifier='";
+ $query .= $login->nameIdentifier."' AND user_id='$user_id'";
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
{
- // name_identifier
- $query = "INSERT INTO nameidentifiers (name_identifier, user_id) ";
- $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')";
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
+ die($res->getMessage());
+ }
+ if (!$res->numRows())
+ {
+ // register new name_identifier
+ $query = "INSERT INTO nameidentifiers (name_identifier, user_id) ";
+ $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')";
+
$res =& $db->query($query);
if (DB::isError($res))
{
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
- die($res->getMessage());
- }
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
+ die($res->getMessage());
+ }
+ $logger->log("Register Name Identifier '" . $login->nameIdentifier ."' for User '$user_id'", PEAR_LOG_INFO);
}
$identity = $login->identity;
@@ -375,6 +409,8 @@
die("assertion Artifact is empty");
}
+ $logger->log("Assertion Artifact is '" . $login->assertionArtifact . "'", PEAR_LOG_DEBUG);
+
saveAssertionArtifact($db, $login->assertionArtifact, $login->assertion);
@@ -383,8 +419,6 @@
$query .= " VALUES('" . $login->nameIdentifier . "','" . session_id() . "','";
$query .= ip2long($_SERVER['REMOTE_ADDR']) . "')";
- echo $query;
-
$res =& $db->query($query);
if (DB::isError($res))
{
@@ -412,7 +446,7 @@
case lassoLoginProtocolProfileBrwsPost:
// TODO : lassoLoginProtocolProfileBrwsPost
default:
- $logger->log("Unknown Login Protocol Profile :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("Unknown Login Protocol Profile :" . $login->protocolProfile, PEAR_LOG_CRIT);
die("Unknown Login Protocol Profile");
}
}
@@ -435,17 +469,25 @@
$is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE);
if (!empty($array['identity_dump']))
+ {
+ $logger->log("Update Identity dump for user '$user_id' from the database", PEAR_LOG_INFO);
$login->setIdentityFromDump($array['identity_dump']);
+ }
- /* if (!$is_first_sso)
+ if (!empty($array['identity_dump']))
+ {
+ $logger->log("Update Identity dump for user '$user_id' from the database", PEAR_LOG_INFO);
$login->setIdentityFromDump($array['identity_dump']);
- else
- $logger->log("First SingleSignOn for user '$user_id'", PEAR_LOG_INFO); */
+ }
+
if (!empty($array['session_dump']))
+ {
+ $logger->log("Update Session dump for user '$user_id' from the database", PEAR_LOG_INFO);
$login->setSessionFromDump($array['session_dump']);
+ }
- doneSingleSignOn($db, $login, $user_id, $is_first_sso);
+ doneSingleSignOn($db, $login, $user_id);
exit;
}
else
diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php
index 16812432..2b051070 100644
--- a/php/Attic/examples/sample-idp/soapEndpoint.php
+++ b/php/Attic/examples/sample-idp/soapEndpoint.php
@@ -43,6 +43,14 @@
$conf['db'] = $db;
$logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf);
+ // shutdown function
+ function close_logger()
+ {
+ global $logger;
+ $logger->close();
+ }
+ register_shutdown_function("close_logger");
+
// session handler
session_set_save_handler("open_session", "close_session",
"read_session", "write_session", "destroy_session", "gc_session");
@@ -76,8 +84,8 @@
if (DB::isError($res))
{
header("HTTP/1.0 500 Internal Server Error");
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
exit;
}
@@ -86,14 +94,16 @@
{
$row = $res->fetchRow();
+ $logger->log("Good artifact send by " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO);
+
+ // Delete assertion from the database
$query = "DELETE FROM assertions WHERE assertion='" . $artifact . "'";
$res =& $db->query($query);
-
if (DB::isError($res))
{
header("HTTP/1.0 500 Internal Server Error");
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
exit;
}
$logger->log("Delete assertion '$artifact'", PEAR_LOG_DEBUG);
@@ -102,7 +112,6 @@
$login->buildResponseMsg();
header("Content-Length: " . strlen($login->msgBody) . "\r\n");
echo $login->msgBody;
-
exit;
}
else
@@ -122,7 +131,6 @@
$logout->processRequestMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap);
$nameIdentifier = $logout->nameIdentifier;
-
// name identifier is empty, wrong request
if (empty($nameIdentifier))
{
@@ -139,8 +147,8 @@
if (DB::isError($res))
{
header("HTTP/1.0 500 Internal Server Error");
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
exit;
}
@@ -162,8 +170,8 @@
if (DB::isError($res))
{
header("HTTP/1.0 500 Internal Server Error");
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
exit;
}
@@ -178,7 +186,11 @@
$user_dump = $row[0];
$session_dump = $row[1];
- $logout->setSessionFromDump($session_dump);
+ if (!empty($session_dump))
+ {
+ $logout->setSessionFromDump($session_dump);
+ $logger->log("Update session from dump", PEAR_LOG_DEBUG);
+ }
$logout->setIdentityFromDump($user_dump);
// TODO : handle bad validate request
@@ -189,14 +201,13 @@
$identity = $logout->identity;
$query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity->dump());
$query .= " WHERE user_id='$user_id'";
- $logger->log("ici3", PEAR_LOG_DEBUG);
$res =& $db->query($query);
if (DB::isError($res))
{
header("HTTP/1.0 500 Internal Server Error");
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
exit;
}
$logger->log("Update identity dump for user '$user_id'", PEAR_LOG_DEBUG);
@@ -205,22 +216,26 @@
if ($logout->isSessionDirty)
{
$session = $logout->session;
- $query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump());
- $query .= " WHERE user_id='$user_id'";
+ $query = "UPDATE users SET session_dump=";
+ $query .= (($session == NULL) ? "''" : $db->quoteSmart($session->dump()));
+ $query .= " WHERE user_id='$user_id'";
$res =& $db->query($query);
if (DB::isError($res))
{
header("HTTP/1.0 500 Internal Server Error");
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
exit;
}
- $logger->log("Update session dump for user '$user_id'", PEAR_LOG_DEBUG);
+ if ($session)
+ $logger->log("Update session dump for user '$user_id'", PEAR_LOG_DEBUG);
+ else
+ $logger->log("Delete session dump for user '$user_id'", PEAR_LOG_DEBUG);
}
- // TODO : try multiple sp logout
+ /* TODO : try multiple sp logout
while(($providerID = $logout->getNextProviderId()))
{
$logout->initRequest($providerID, lassoHttpMethodAny); // FIXME
@@ -280,13 +295,9 @@
continue;
}
$logout->processResponseMsg($response, lassoHttpMethodSoap);
- }
+ } */
-
$logout->buildResponseMsg();
- header("Content-Length: " . strlen($logout->msgBody) . "\r\n");
- echo $logout->msgBody;
-
// Get PHP session ID
$query = "SELECT session_id FROM sso_sessions WHERE name_identifier='$nameIdentifier'";
@@ -294,8 +305,8 @@
if (DB::isError($res))
{
header("HTTP/1.0 500 Internal Server Error");
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
exit;
}
$row = $res->fetchRow();
@@ -303,25 +314,27 @@
$logger->log("Name Identifier '$nameIdentifier' match PHP Session ID '$session_id'", PEAR_LOG_DEBUG);
- session_id($session_id);
-
- // Destroy The PHP Session
- $_SESSION = array();
- session_destroy();
-
// Delete SSO Session from table 'sso_sessions'
$query = "DELETE FROM sso_sessions WHERE name_identifier='$nameIdentifier'";
$res =& $db->query($query);
if (DB::isError($res))
{
header("HTTP/1.0 500 Internal Server Error");
- $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
- $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG);
exit;
}
- $logger->log("Destroy PHP Session '$session_id'", PEAR_LOG_DEBUG);
+ $logger->log("Destroy PHP Session '$session_id'", PEAR_LOG_DEBUG);
$logger->log("User '$user_id' is logged out", PEAR_LOG_INFO);
+
+ // Destroy The PHP Session
+ session_id($session_id);
+ $_SESSION = array();
+ session_destroy();
+
+ header("Content-Length: " . strlen($logout->msgBody) . "\r\n");
+ echo $logout->msgBody;
break;
case lassoRequestTypeDefederation:
generated by cgit (git 2.34.1) at 2026-02-18 01:35:21 +0000