From 78bf15ec270fc853569a1b8766560105e69f8a73 Mon Sep 17 00:00:00 2001 From: Christophe Nowicki Date: Tue, 31 Aug 2004 10:17:55 +0000 Subject: new version of the PHP service provider made with the new Swig PHP binding --- php/Attic/examples/sample-sp/README | 1 + php/Attic/examples/sample-sp/admin_user.php | 162 +++++++++++ php/Attic/examples/sample-sp/assertionConsumer.php | 166 +++++++++++ php/Attic/examples/sample-sp/index.php | 163 +++++++++++ php/Attic/examples/sample-sp/login.php | 53 ++++ php/Attic/examples/sample-sp/logout.php | 104 +++++++ php/Attic/examples/sample-sp/register.php | 86 ++++++ php/Attic/examples/sample-sp/setup.php | 316 +++++++++++++++++++++ 8 files changed, 1051 insertions(+) create mode 100644 php/Attic/examples/sample-sp/README create mode 100644 php/Attic/examples/sample-sp/admin_user.php create mode 100644 php/Attic/examples/sample-sp/assertionConsumer.php create mode 100644 php/Attic/examples/sample-sp/index.php create mode 100644 php/Attic/examples/sample-sp/login.php create mode 100644 php/Attic/examples/sample-sp/logout.php create mode 100644 php/Attic/examples/sample-sp/register.php create mode 100644 php/Attic/examples/sample-sp/setup.php (limited to 'php') diff --git a/php/Attic/examples/sample-sp/README b/php/Attic/examples/sample-sp/README new file mode 100644 index 00000000..a78f9817 --- /dev/null +++ b/php/Attic/examples/sample-sp/README @@ -0,0 +1 @@ +TODO ;0) diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php new file mode 100644 index 00000000..6893ad72 --- /dev/null +++ b/php/Attic/examples/sample-sp/admin_user.php @@ -0,0 +1,162 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + $config = unserialize(file_get_contents('config.inc')); + + require_once 'DB.php'; + + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + if (!empty($_GET['dump'])) { + $query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'"; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + $row = $res->fetchRow(); +?> + + + + + + + + + + + +
Identity Dump
+ +
Close
+ + +query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + $query = "DELETE FROM users WHERE user_id='" . $_GET['del'] . "'" ; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + } + + + $query = "SELECT * FROM users"; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; +?> + + + +Lasso Service Provider Example : Users Management + + + + + + +numCols(); + $tableinfo = $db->tableInfo($res); +?> + +" . $tableinfo[$i]['name'] .""; + } +?> + + + +fetchRow()) { +?> + + + + + + + + + + + + + + +
Users
 
+ view"; + break; + + default: + echo (empty($row[$i])) ? " " : $row[$i]; + } + ?> + + delete +
 Total: numRows();?> Users
+ + + + +disconnect(); +?> diff --git a/php/Attic/examples/sample-sp/assertionConsumer.php b/php/Attic/examples/sample-sp/assertionConsumer.php new file mode 100644 index 00000000..4aa45ed8 --- /dev/null +++ b/php/Attic/examples/sample-sp/assertionConsumer.php @@ -0,0 +1,166 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + $config = unserialize(file_get_contents('config.inc')); + + require_once 'DB.php'; + + + if (!$_GET['SAMLart']) { + exit(1); + } + + session_start(); + + lasso_init(); + + $server_dump = file_get_contents($config['server_dump_filename']); + + $server = LassoServer::newfromdump($server_dump); + + $login = new LassoLogin($server); + + $login->initRequest($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); + $login->buildRequestMsg(); + + $url = parse_url($login->msgUrl); + + $soap = sprintf( + "POST %s HTTP/1.1\r\nHost: %s:%d\r\nAccept-Encoding: identity\r\nContent-Length: %d\r\nContent-Type: text/xml\r\nAccept: text/xml,application/xml,application/xhtml+xml,text/html\r\nConnection: close\r\n\r\n%s\r\n", + $url['path'], $url['host'], $url['port'], strlen($login->msgBody), $login->msgBody); + + + # PHP 4.3.0 with OpenSSL support required + $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); + fwrite($fp, $soap); + $ret = fgets($fp); + + if (!preg_match("/^HTTP\/1\\.. 200/i", $ret)) { + die("Wrong artifact"); + } + + while (!feof($fp)) { + $reponse .= @fread($fp, 8192); + } + + fclose($fp); + + list($header, $body) = preg_split("/(\r\n\r\n|\n\n)/", $reponse, 2); + + $login->processResponseMsg($body); + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='" . $login->nameIdentifier . "'"; + $res =& $db->query($query); + + if (DB::isError($res)) + die($res->getMessage()); + + if ($res->numRows() > 0) + { + // User already exist in the database + $row =& $res->fetchRow(); + $user_id = $row[0]; + + # Get Identity Dump from the data base + $query = "SELECT identity_dump FROM users WHERE user_id='$user_id'"; + $res =& $db->query($query); + + if (DB::isError($db)) + die($db->getMessage()); + + $row =& $res->fetchRow(); + + $login->setIdentityFromDump($row[0]); + + $res->free(); + + $login->acceptSso(); + + $session = $login->session; + + $_SESSION["nameidentifier"] = $login->nameIdentifier; + $_SESSION["session_dump"] = $session->dump(); + $_SESSION["user_id"] = $user_id; + + $url = "index.php?SID=". $SID; + } + else + { + // New User + $login->acceptSso(); + + $identity = $login->identity; + $identity_dump = $identity->dump(); + + $session = $login->session; + + // Insert into users + $identity_dump_quoted = $db->quoteSmart($identity_dump); + $query = "INSERT INTO users (user_id,identity_dump,created) VALUES(nextval('user_id_seq'), $identity_dump_quoted, NOW())"; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + // Get UserID + $query = "SELECT last_value FROM user_id_seq"; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + $row = $res->fetchRow(); + $user_id = $row[0]; + + // Insert into nameidentifiers + $query = "INSERT INTO nameidentifiers VALUES('".$login->nameIdentifier."', '$user_id')"; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + + $_SESSION["nameidentifier"] = $login->nameIdentifier; + $_SESSION["session_dump"] = $session->dump(); + $_SESSION["user_id"] = $user_id; + + $url = "register.php?SID=". $SID; + } + + // Update last_login + $query = "UPDATE users SET last_login=NOW() WHERE user_id='$user_id'"; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + $db->disconnect(); + + lasso_shutdown(); + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url"); + exit(); +?> diff --git a/php/Attic/examples/sample-sp/index.php b/php/Attic/examples/sample-sp/index.php new file mode 100644 index 00000000..39dddfed --- /dev/null +++ b/php/Attic/examples/sample-sp/index.php @@ -0,0 +1,163 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + if(!extension_loaded('lasso')) { + $ret = @dl('lasso.' . PHP_SHLIB_SUFFIX); + if ($ret == FALSE) + { +?> +

The Lasso Extension is not available
+Please check your PHP extensions
+You can get more informations about Lasso at
+http://lasso.entrouvert.org/

+ +

Service Provider Configuration file is not available
+Please run the setup script :
+Lasso Service Provider Setup
+You can get more informations about Lasso at
+http://lasso.entrouvert.org/

+ + + + +Lasso Service Provider Example + + + + +

+ + + + + + + + + + + + + + + + + + + + + + +
Service Provider Administration
Setup
Users Management
Serice Provider Fonctionnality
Login!
Logout!
+

+

+ + + + User is not logged in!"; + } + else + { + ?> + + + + + + + + +getMessage()); + + $query = "SELECT * FROM users WHERE user_id='". $_SESSION["user_id"] ."'"; + + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + list($user_id, $identity_dump, $first_name, $last_name, $created, $last_login) = $res->fetchRow(); + + ?> + + + + + + + + + + + + + + + disconnect(); + } + ?> + +
Status
User is logged in!
Name Identifier:
UserID:
Last Name:
First Name:
PHP Session ID:
Account Created:
Last Login:
+

+ + +
+

Copyright © 2004 Entr'ouvert

+ + + + + diff --git a/php/Attic/examples/sample-sp/login.php b/php/Attic/examples/sample-sp/login.php new file mode 100644 index 00000000..ae851941 --- /dev/null +++ b/php/Attic/examples/sample-sp/login.php @@ -0,0 +1,53 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + + $config = unserialize(file_get_contents('config.inc')); + + lasso_init(); + + $server_dump = file_get_contents($config['server_dump_filename']); + + $server = LassoServer::newfromdump($server_dump); + + $login = new LassoLogin($server); + + $login->initauthnrequest(lassoHttpMethodRedirect); + + $request = $login->authnRequest; + + $request->isPassive = FALSE; + $request->nameIdPolicy = lassoLibNameIDPolicyTypeFederated; + $request->consent = lassoLibConsentObtained; + + $login->buildAuthnRequestMsg("https://idp1/metadata"); + + $url = $login->msgUrl; + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url"); + exit(); +?> diff --git a/php/Attic/examples/sample-sp/logout.php b/php/Attic/examples/sample-sp/logout.php new file mode 100644 index 00000000..78ebec0c --- /dev/null +++ b/php/Attic/examples/sample-sp/logout.php @@ -0,0 +1,104 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + $config = unserialize(file_get_contents('config.inc')); + + require_once 'DB.php'; + + if (!empty($_GET['SID'])) + session_start($_GET['SID']); + else + session_start(); + + if (!isset($_SESSION["nameidentifier"])) { + print "User is not logged in"; + exit(0); + } + + lasso_init(); + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + $server_dump = file_get_contents($config['server_dump_filename']); + + $server = LassoServer::newfromdump($server_dump); + + $logout = new LassoLogout($server, lassoProviderTypeSp); + + $query = "SELECT identity_dump FROM users WHERE user_id='" . $_SESSION['user_id'] . "'"; + + $res =& $db->query($query); + + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + $row = $res->fetchRow(); + + $logout->setIdentityFromDump($row[0]); + $logout->setSessionFromDump($_SESSION['session_dump']); + + $logout->initRequest(); + $logout->buildRequestMsg(); + + $url = parse_url($logout->msgUrl); + + $soap = sprintf( + "POST %s HTTP/1.1\r\nHost: %s:%d\r\nAccept-Encoding: identity\r\nContent-Length: %d\r\nContent-Type: text/xml\r\nAccept: text/xml,application/xml,application/xhtml+xml,text/html\r\nConnection: close\r\n\r\n%s\r\n", + $url['path'], $url['host'], $url['port'], + strlen($logout->msgBody), $logout->msgBody); + + + # PHP 4.3.0 with OpenSSL support required + $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); + + fwrite($fp, $soap); + $ret = fgets($fp); + + if (!preg_match("/^HTTP\/1\\.. 200/i", $ret)) { + die("User is already logged out"); + } + + while (!feof($fp)) { + $reponse .= @fread($fp, 8192); + } + + fclose($fp); + + # Destroy The PHP Session + $_SESSION = array(); + + session_destroy(); + + $db->disconnect(); + lasso_shutdown(); + + $url = "index.php"; + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url"); +?> diff --git a/php/Attic/examples/sample-sp/register.php b/php/Attic/examples/sample-sp/register.php new file mode 100644 index 00000000..7e61d4f7 --- /dev/null +++ b/php/Attic/examples/sample-sp/register.php @@ -0,0 +1,86 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + $config = unserialize(file_get_contents('config.inc')); + + require_once 'DB.php'; + + if (!empty($_GET['SID'])) + session_start($_GET['SID']); + else + session_start(); + + if (!isset($_SESSION["nameidentifier"])) { + print "User is not logged in"; + exit(0); + } + + switch($_POST['action']) { + case "submit": + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + $query = "UPDATE users SET first_name='" . $_POST['first_name'] . "',last_name='". $_POST['last_name'] ."' WHERE user_id='".$_SESSION["user_id"]."'"; + $res =& $db->query($query); + if (DB::isError($res)) + print $res->getMessage(). "\n"; + + $url = "index.php"; + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url"); + break; + default: +?> + + + +Lasso Service Provider Example : Registration Form + + + +
+ + + + + + + + + + + +
Registration Form
First Name:
Last Name:
 
+ +
+ + + + diff --git a/php/Attic/examples/sample-sp/setup.php b/php/Attic/examples/sample-sp/setup.php new file mode 100644 index 00000000..edefe115 --- /dev/null +++ b/php/Attic/examples/sample-sp/setup.php @@ -0,0 +1,316 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +?> + +The Lasso Extension is not available
"; + print "Please check your PHP extensions
"; + print "You can get more informations about Lasso at
"; + print "http://lasso.entrouvert.org/

"; + exit(); + } + } + + require_once 'DB.php'; + + # default config + if (!file_exists('config.inc')) + { + $cwd = getcwd(); + $config = array( + 'dsn' => "pgsql://sp:sp@localhost/sp", + 'server_dump_filename' => "lasso_server_dump.xml", + 'sp-metadata' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/metadata.xml", + 'sp-public_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/public-key.pem", + 'sp-private_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/private-key-raw.pem", + 'sp-ca' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/certificate.pem", + 'idp-metadata' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/metadata.xml", + 'idp-public_key' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/public-key.pem", + 'idp-ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem", + ); + + $config_ser = serialize($config); + + if (($fd = fopen(getcwd()."/config.inc", "w"))) + { + fwrite($fd, $config_ser); + fclose($fd); + } + else + die("Could not write default config file"); + } + else + { + $config = unserialize(file_get_contents('config.inc')); + } + + if ($_POST['action'] == 'setup') + { + ob_start(); + + $setup = FALSE; + + print "Lasso Service Provider Setup
"; + + unset($_POST['action']); + + $diff = array_diff($_POST, $config); + + foreach($diff as $key => $value) { + $config[$key] = $value; + } + + print "Check Data base : "; + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) { + die("Failed (" . $db->getMessage() . ")"); + } + else + print "OK"; + + print "
Create sequence 'user_id_seq' : "; + + $query = "DROP SEQUENCE user_id_seq"; + $res =& $db->query($query); + + $query = "CREATE SEQUENCE user_id_seq"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + print "OK"; + + print "
Create table 'users' : "; + $query = "DROP TABLE users CASCADE"; + $res =& $db->query($query); + + $query = "CREATE TABLE users ( + user_id varchar(100) primary key, + identity_dump text, + first_name varchar(50), + last_name varchar(50), + last_login timestamp, + created timestamp)"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + print "OK"; + + print "
Create table 'nameidentifiers' : "; + + $query = "DROP TABLE nameidentifiers CASCADE"; + $res =& $db->query($query); + + $query = "CREATE TABLE nameidentifiers ( + name_identifier varchar(100) primary key, + user_id varchar(100), + FOREIGN KEY (user_id) REFERENCES users (user_id))"; + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + print "OK"; + + $db->disconnect(); + + $keys = array_keys($config); + $files = preg_grep("/(sp|idp)/", $keys); + + foreach($files as $file) + { + print "
Check file " . $config[$file] . " : "; + if (!file_exists($config[$file])) + { + die("Failed (file does not exist)"); + } + else + print "OK"; + } + + lasso_init(); + + print "
Create Server : "; + + $server = new LassoServer($config['sp-metadata'], + $config['sp-public_key'], $config['sp-private_key'], + $config['sp-ca'], lassoSignatureMethodRsaSha1); + + if (empty($server)) + { + die("Failed"); + } + else + print "OK"; + + print "
Add provider : "; + + $ret = $server->add_provider($server, $config['idp-metadata'], + $config['idp-public_key'], $config['idp-ca']); + + /*if ($ret != TRUE) + { + print "Failed"; + break; + } + else */ + print "OK"; + + print "
Write XML Server Dump : "; + + $dump = $server->dump(); + + if (($fd = fopen($config['server_dump_filename'], "w"))) + { + fwrite($fd, $dump); + fclose($fd); + print "OK"; + } + else + die("Failed"); + + lasso_shutdown(); + + print "
Save configuration file : "; + + # Save configuration file + $config_ser = serialize($config); + if (($fd = fopen("config.inc", "w"))) + { + fwrite($fd, $config_ser); + fclose($fd); + print "OK"; + } + else + { + print("Failed"); + break; + } + $setup = TRUE; + } + ob_start(); +?> + + +Setup script for Lasso (Liberty Alliance Single Sign On) + + + + + + + + + + + + + +Setup script for Lasso (Liberty Alliance Single Sign On) + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Lasso Service Provider Setup
Database Configuration
DSN (Data Source Name) :' maxlength='100'>Help
Server XML Dump:' maxlength='100'> 
Service Provider
Metadata'> 
Public Key'> 
Private Key'> 
Certificate'> 
Identity Provider
Metadata'> 
Public Key'> 
Certificate'> 
 
+ +
+ + + -- cgit