Lasso Service Provider Example : Users Management

From 2f842992283f7cf71f3c7b2159e6eda61ec202e2 Mon Sep 17 00:00:00 2001 From: Christophe Nowicki Date: Wed, 1 Sep 2004 15:01:59 +0000 Subject: PHP IdP Sample : - setup system is working - user management (add, delete, etc ...) - sso login in progress --- php/Attic/examples/sample-idp/README | 1 + php/Attic/examples/sample-idp/admin_user.php | 190 ++++++++++ php/Attic/examples/sample-idp/index.php | 100 ++++++ php/Attic/examples/sample-idp/login.php | 47 +++ php/Attic/examples/sample-idp/setup.php | 478 +++++++++++++++++++++++++ php/Attic/examples/sample-idp/singleSignOn.php | 56 +++ php/Attic/examples/sample-idp/soapEndpoint.php | 25 ++ php/Attic/examples/sample-idp/user_add.php | 77 ++++ 8 files changed, 974 insertions(+) create mode 100644 php/Attic/examples/sample-idp/README create mode 100644 php/Attic/examples/sample-idp/admin_user.php create mode 100644 php/Attic/examples/sample-idp/index.php create mode 100644 php/Attic/examples/sample-idp/login.php create mode 100644 php/Attic/examples/sample-idp/setup.php create mode 100644 php/Attic/examples/sample-idp/singleSignOn.php create mode 100644 php/Attic/examples/sample-idp/soapEndpoint.php create mode 100644 php/Attic/examples/sample-idp/user_add.php (limited to 'php') diff --git a/php/Attic/examples/sample-idp/README b/php/Attic/examples/sample-idp/README new file mode 100644 index 00000000..a78f9817 --- /dev/null +++ b/php/Attic/examples/sample-idp/README @@ -0,0 +1 @@ +TODO ;0) diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php new file mode 100644 index 00000000..a08d8187 --- /dev/null +++ b/php/Attic/examples/sample-idp/admin_user.php @@ -0,0 +1,190 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + $config = unserialize(file_get_contents('config.inc')); + + require_once 'DB.php'; + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + if (!empty($_GET['dump'])) + { + $query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'"; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + $row = $res->fetchRow(); +?> + + + + + + + + + + + +

Identity Dump
+ <?php echo htmlentities($row[0], ENT_QUOTES); ?> +
Close

+ + +query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + $query = "DELETE FROM users WHERE user_id='" . $_GET['del'] . "'" ; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + } + + + $query = "SELECT * FROM users"; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; +?> + + + +Lasso Service Provider Example : Users Management + + + + +

+ + +numCols(); + $tableinfo = $db->tableInfo($res); +?> + + + + + + + +" . $tableinfo[$i]['name'] .""; + } +?> + + + + +fetchRow()) { +?> + + + + + + + + + + + + + + + +

Users
Previous \| Next \| Show All \| Toggle All	add user

+ +	+ view"; + break; + + default: + echo (empty($row[$i])) ? " " : $row[$i]; + } + ?> +	+ delete +
	Total: numRows();?> Users

+ +
+

Index +

+ +
+

+ + + + +disconnect(); +?> diff --git a/php/Attic/examples/sample-idp/index.php b/php/Attic/examples/sample-idp/index.php new file mode 100644 index 00000000..d5fe963d --- /dev/null +++ b/php/Attic/examples/sample-idp/index.php @@ -0,0 +1,100 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + if(!extension_loaded('lasso')) { + $ret = @dl('lasso.' . PHP_SHLIB_SUFFIX); + if ($ret == FALSE) + { +?> +

The Lasso Extension is not available
+Please check your PHP extensions
+You can get more informations about Lasso at
+http://lasso.entrouvert.org/

+ +

Identity Provider Configuration file is not available
+Please run the setup script :
+Lasso Service Provider Setup
+You can get more informations about Lasso at
+http://lasso.entrouvert.org/

+ + + + +Lasso Service Provider Example + + + + +

+ + + + + + + + + + + + + + + + +
Identity Provider Administration
Setup
Users Management
Identity Provider Fonctionnality
Login
+

+ + +
+

+ + + + + diff --git a/php/Attic/examples/sample-idp/login.php b/php/Attic/examples/sample-idp/login.php new file mode 100644 index 00000000..f8f7fbca --- /dev/null +++ b/php/Attic/examples/sample-idp/login.php @@ -0,0 +1,47 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + $config = unserialize(file_get_contents('config.inc')); + + require_once 'DB.php'; + require_once 'HTML/QuickForm.php'; + + $form = new HTML_QuickForm('frm'); + + $form->addElement('header', null, 'Login on the Lasso Identity Provider Example'); + $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); + $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); + $form->addElement('submit', null, 'Ok'); + + $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); + $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); +?> + + + +display(); +?> + + diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php new file mode 100644 index 00000000..306aa854 --- /dev/null +++ b/php/Attic/examples/sample-idp/setup.php @@ -0,0 +1,478 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +?> + +The Lasso Extension is not available
"; + print "Please check your PHP extensions
"; + print "You can get more informations about Lasso at
"; + print "http://lasso.entrouvert.org/

"; + exit(); + } + } + + /* + * This callback function is called by array_walk and + * add an service provider to the identity provider. + */ + function add_service_provider(&$item, $key, $server) + { + print "
$key : "; + + $ret = $server->addProvider($item['metadata'], $item['public_key'], $item['ca']); + + /*if ($ret != TRUE) + { + print "Failed"; + break; + } + else */ + print "OK"; + } + + function write_config_inc($config) + { + $config_ser = serialize($config); + $filename = "config.inc"; + + if ($fd = fopen($filename, "w")) + { + fwrite($fd, $config_ser); + fclose($fd); + return TRUE; + } + return FALSE; + } + + require_once 'DB.php'; + + # default config + if (!file_exists('config.inc')) + { + $cwd = getcwd(); + $config = array( + 'dsn' => "pgsql://idp:idp@localhost/idp", + 'server_dump_filename' => "lasso_server_dump.xml", + 'idp-metadata' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/metadata.xml", + 'idp-public_key' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/public-key.pem", + 'idp-private_key' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/private-key-raw.pem", + 'idp-ca' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/certificate.pem", + 'sp' => array( + 'sp1' => array( + 'metadata' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/metadata.xml", + 'public_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/public-key.pem", + 'ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem"), + 'sp2' => array( + 'metadata' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/metadata.xml", + 'public_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/public-key.pem", + 'ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem") + )); + + $config_ser = serialize($config); + + if (!write_config_inc($config)) + die("Could not write default config file"); + } + else + { + $config = unserialize(file_get_contents('config.inc')); + } + + $keys = array_keys($_POST); + + $to_del = preg_grep('/delete_(\w)/', $keys); + + if (!empty($to_del)) + { + $keys = array_values($to_del); + foreach($keys as $key) + { + $name = substr($key, 7); + unset($config['sp'][$name]); + write_config_inc($config); + } + } + + $to_update = preg_grep('/update_(\w)/', $keys); + + if (!empty($to_update)) + { + $keys = array_values($to_update); + foreach($keys as $key) + { + $name = substr($key, 7); + $config['sp'][$name]['metadata'] = $_POST['sp^'.$name.'^metadata']; + $config['sp'][$name]['public_key'] = $_POST['sp^'.$name.'^public_key']; + $config['sp'][$name]['ca'] = $_POST['sp^'.$name.'^ca']; + write_config_inc($config); + } + } + + + if (array_key_exists('new', $_POST)) + { + $form = array('sp' => 'Name', + 'metadata' => 'Metadata', + 'public_key' => 'Public Key', + 'ca' => 'Certificate'); + + foreach ($form as $input => $name) + if (empty($_POST[$input])) + die("Field $name is empty"); + + $config['sp'][$_POST['sp']] = array( + 'metadata' => $_POST['metadata'], + 'public_key' => $_POST['public_key'], + 'ca' => $_POST['ca']); + + write_config_inc($config); + } + + if (array_key_exists('setup', $_POST)) + { + ob_start(); + + $setup = FALSE; + + print "Lasso Identity Provider Setup
"; + + unset($_POST['setup'], $_POST['metadata'], $_POST['public_key'], $_POST['ca'], $_POST['sp']); + + $sps = array_values(preg_grep("/sp\^/", array_keys($_POST))); + + + $_POST['sp'] = array(); + + foreach ($sps as $sp) { + list($null, $name, $type) = split("\^", $sp, 3); + $_POST['sp'][$name][$type] = $_POST[$sp]; + unset($_POST[$sp]); + } + + $diff = array_diff($_POST, $config); + + foreach($diff as $key => $value) { + $config[$key] = $value; + } + + print "Check Data base : "; + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) { + die("Failed (" . $db->getMessage() . ")"); + } + else + print "OK"; + + print "
Create sequence 'user_id_seq' : "; + + $query = "DROP SEQUENCE user_id_seq"; + $res =& $db->query($query); + + $query = "CREATE SEQUENCE user_id_seq"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + print "OK"; + + print "
Create table 'users' : "; + $query = "DROP TABLE users CASCADE"; + $res =& $db->query($query); + + $query = "CREATE TABLE users ( + user_id varchar(100) primary key, + username varchar(255), + password varchar(255), + user_dump text, + session_dump text)"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + print "OK"; + + print "
Create table 'nameidentifiers' : "; + + $query = "DROP TABLE nameidentifiers CASCADE"; + $res =& $db->query($query); + + $query = "CREATE TABLE nameidentifiers ( + name_identifier varchar(100) primary key, + user_id varchar(100), + FOREIGN KEY (user_id) REFERENCES users (user_id))"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + print "OK"; + + print "
Create table 'assertions' : "; + $query = "DROP TABLE assertions CASCADE"; + $res =& $db->query($query); + + $query = "CREATE TABLE assertions ( + assertion text, + response_dump text)"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + print "OK"; + + $db->disconnect(); + + // Check if IdP files does exists + + $keys = array_keys($config); + $files = preg_grep("/idp/", $keys); + + foreach($files as $file) + { + print "
Check file " . $config[$file] . " : "; + if (!file_exists($config[$file])) + { + die("Failed (file does not exist)"); + } + else + print "OK"; + } + + + foreach($config['sp'] as $key) + { + foreach ($key as $file) + { + print "
Check file " . $file . " : "; + if (!file_exists($file)) + { + die("Failed (file does not exist)"); + } + else + print "OK"; + + } + } + + lasso_init(); + + print "
Create Server : "; + + $server = new LassoServer($config['idp-metadata'], + $config['idp-public_key'], $config['idp-private_key'], + $config['idp-ca'], lassoSignatureMethodRsaSha1); + + if (empty($server)) + { + die("Failed"); + } + else + print "OK"; + + + print "
Add Service Provider(s) :"; + + array_walk($config['sp'], 'add_service_provider', $server); + + print "
Write XML Server Dump : "; + + $dump = $server->dump(); + + if (($fd = fopen($config['server_dump_filename'], "w"))) + { + fwrite($fd, $dump); + fclose($fd); + print "OK"; + } + else + die("Failed"); + + lasso_shutdown(); + + print "
Save configuration file : "; + + + # Save configuration file + $config_ser = serialize($config); + if (($fd = fopen("config.inc", "w"))) + { + fwrite($fd, $config_ser); + fclose($fd); + print "OK"; + } + else + { + print("Failed"); + break; + } + $setup = TRUE; + } + ob_start(); +?> + + +Setup script for Lasso (Liberty Alliance Single Sign On) + + + + + + + + + + + + + +Setup script for Lasso (Liberty Alliance Single Sign On) + + + +

+ +

Lasso Identity Provider Setup

+ + + + + + + + +
Database Configuration
DSN (Data Source Name) : ' maxlength='100'> Help
Server XML Dump: ' maxlength='100'>
+

Database Configuration
DSN (Data Source Name) :	' maxlength='100'>	Help
Server XML Dump:	' maxlength='100'>

+ + + + + + + + + + + + + + + + + + + + + +
Identity Provider
Metadata '>
Public Key '>
Private Key '>
Certificate '>
+

+ +

+ $name) + { +?> + + + + + + + + + + + + + + + + + + +

Service Provider
Metadata	'>
Public Key	'>
Certificate	'>
+ + +

+ + +

+ +

+ + + + + + + + + + + + + + + + + + + + + + + +
Add a new Service Provider
Name
Metadata
Public Key
Certificate
+ +
+

+ +

+ + + diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php new file mode 100644 index 00000000..5143f9c0 --- /dev/null +++ b/php/Attic/examples/sample-idp/singleSignOn.php @@ -0,0 +1,56 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + if (empty($_POST) && empty($_GET)) + { + die("Unknow login methode!"); + } + $methode = empty($_POST) ? 'GET' : 'POST'; + + $config = unserialize(file_get_contents('config.inc')); + + lasso_init(); + + $server_dump = file_get_contents($config['server_dump_filename']); + + $server = LassoServer::newfromdump($server_dump); + + $login = new LassoLogin($server); + + if ($methode = 'GET') + { + print $_SERVER['QUERY_STRING']; + $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); + print "ici"; + } + else + { + // TODO + } + + + //echo $methode; + //echo $_SERVER['QUERY_STRING']; +?> diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php new file mode 100644 index 00000000..11cfd52b --- /dev/null +++ b/php/Attic/examples/sample-idp/soapEndpoint.php @@ -0,0 +1,25 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +?> diff --git a/php/Attic/examples/sample-idp/user_add.php b/php/Attic/examples/sample-idp/user_add.php new file mode 100644 index 00000000..1ef3cdb3 --- /dev/null +++ b/php/Attic/examples/sample-idp/user_add.php @@ -0,0 +1,77 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +?> +addElement('header', null, 'Add New User'); + $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); + $form->addElement('text', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); + $form->addElement('submit', null, 'Create'); + + $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); + $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); + + if ($form->validate()) { + + $config = unserialize(file_get_contents('config.inc')); + + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + die($db->getMessage()); + + $query = "INSERT INTO users (user_id, username, password) VALUES(nextval('user_id_seq'),'"; + $query .= $form->exportValue('username') . "','" . $form->exportValue('password') . "')"; + + $res =& $db->query($query); + if (DB::isError($db)) + die($db->getMessage()); + + $db->disconnect(); +?> + + + + + + + + + + +display(); +?> + + -- cgit