From acafd6b03f4b92587f3e4ec0af0c46cb3d037ba6 Mon Sep 17 00:00:00 2001 From: Christophe Nowicki Date: Tue, 25 Jan 2005 15:31:39 +0000 Subject: Remove php samples from the lasso repository I'm still working on it. I will release an independant Pear package for Lasso 0.6. The pear package repository is here: https://meuh.dyndns.org/cgi-bin/viewcvs.cgi/lasso_pear/ --- php/Attic/examples/.cvsignore | 3 - php/Attic/examples/Makefile.am | 1 - php/Attic/examples/README | 180 ------ php/Attic/examples/gen_keys.sh | 25 - php/Attic/examples/sample-idp/.cvsignore | 3 - php/Attic/examples/sample-idp/Makefile.am | 21 - php/Attic/examples/sample-idp/README | 0 php/Attic/examples/sample-idp/admin_user.php | 306 ----------- .../examples/sample-idp/cancel_federation.php | 225 -------- php/Attic/examples/sample-idp/create_metadata.php | 144 ----- php/Attic/examples/sample-idp/defederate.php | 32 -- php/Attic/examples/sample-idp/edit_metadata.php | 61 --- php/Attic/examples/sample-idp/federate.php | 32 -- php/Attic/examples/sample-idp/idp_openssl.cnf | 19 - php/Attic/examples/sample-idp/index.php | 193 ------- php/Attic/examples/sample-idp/log_view.php | 160 ------ php/Attic/examples/sample-idp/login.php | 182 ------- php/Attic/examples/sample-idp/logout.php | 55 -- php/Attic/examples/sample-idp/metadata_idp1.xml | 44 -- php/Attic/examples/sample-idp/metadata_sp1.xml | 42 -- php/Attic/examples/sample-idp/misc.php | 68 --- php/Attic/examples/sample-idp/session.php | 86 --- php/Attic/examples/sample-idp/setup.php | 604 --------------------- php/Attic/examples/sample-idp/singleSignOn.php | 494 ----------------- php/Attic/examples/sample-idp/soapEndpoint.php | 393 -------------- php/Attic/examples/sample-idp/user_add.php | 111 ---- php/Attic/examples/sample-idp/view_session.php | 121 ----- php/Attic/examples/sample-sp/.cvsignore | 3 - php/Attic/examples/sample-sp/Makefile.am | 17 - php/Attic/examples/sample-sp/README | 1 - php/Attic/examples/sample-sp/admin_user.php | 205 ------- php/Attic/examples/sample-sp/assertionConsumer.php | 212 -------- php/Attic/examples/sample-sp/cancel_federation.php | 200 ------- php/Attic/examples/sample-sp/index.php | 214 -------- php/Attic/examples/sample-sp/log_view.php | 160 ------ php/Attic/examples/sample-sp/login.php | 94 ---- php/Attic/examples/sample-sp/logout.php | 145 ----- php/Attic/examples/sample-sp/metadata_idp1.xml | 44 -- php/Attic/examples/sample-sp/metadata_sp1.xml | 42 -- php/Attic/examples/sample-sp/misc.php | 55 -- php/Attic/examples/sample-sp/register.php | 92 ---- php/Attic/examples/sample-sp/session.php | 86 --- php/Attic/examples/sample-sp/setup.php | 419 -------------- php/Attic/examples/sample-sp/soapEndpoint.php | 143 ----- php/Attic/examples/sample-sp/sp_openssl.cnf | 19 - php/Attic/examples/sample-sp/view_session.php | 88 --- 46 files changed, 5844 deletions(-) delete mode 100644 php/Attic/examples/.cvsignore delete mode 100644 php/Attic/examples/Makefile.am delete mode 100644 php/Attic/examples/README delete mode 100755 php/Attic/examples/gen_keys.sh delete mode 100644 php/Attic/examples/sample-idp/.cvsignore delete mode 100644 php/Attic/examples/sample-idp/Makefile.am delete mode 100644 php/Attic/examples/sample-idp/README delete mode 100644 php/Attic/examples/sample-idp/admin_user.php delete mode 100644 php/Attic/examples/sample-idp/cancel_federation.php delete mode 100644 php/Attic/examples/sample-idp/create_metadata.php delete mode 100644 php/Attic/examples/sample-idp/defederate.php delete mode 100644 php/Attic/examples/sample-idp/edit_metadata.php delete mode 100644 php/Attic/examples/sample-idp/federate.php delete mode 100644 php/Attic/examples/sample-idp/idp_openssl.cnf delete mode 100644 php/Attic/examples/sample-idp/index.php delete mode 100644 php/Attic/examples/sample-idp/log_view.php delete mode 100644 php/Attic/examples/sample-idp/login.php delete mode 100644 php/Attic/examples/sample-idp/logout.php delete mode 100644 php/Attic/examples/sample-idp/metadata_idp1.xml delete mode 100644 php/Attic/examples/sample-idp/metadata_sp1.xml delete mode 100644 php/Attic/examples/sample-idp/misc.php delete mode 100644 php/Attic/examples/sample-idp/session.php delete mode 100644 php/Attic/examples/sample-idp/setup.php delete mode 100644 php/Attic/examples/sample-idp/singleSignOn.php delete mode 100644 php/Attic/examples/sample-idp/soapEndpoint.php delete mode 100644 php/Attic/examples/sample-idp/user_add.php delete mode 100644 php/Attic/examples/sample-idp/view_session.php delete mode 100644 php/Attic/examples/sample-sp/.cvsignore delete mode 100644 php/Attic/examples/sample-sp/Makefile.am delete mode 100644 php/Attic/examples/sample-sp/README delete mode 100644 php/Attic/examples/sample-sp/admin_user.php delete mode 100644 php/Attic/examples/sample-sp/assertionConsumer.php delete mode 100644 php/Attic/examples/sample-sp/cancel_federation.php delete mode 100644 php/Attic/examples/sample-sp/index.php delete mode 100644 php/Attic/examples/sample-sp/log_view.php delete mode 100644 php/Attic/examples/sample-sp/login.php delete mode 100644 php/Attic/examples/sample-sp/logout.php delete mode 100644 php/Attic/examples/sample-sp/metadata_idp1.xml delete mode 100644 php/Attic/examples/sample-sp/metadata_sp1.xml delete mode 100644 php/Attic/examples/sample-sp/misc.php delete mode 100644 php/Attic/examples/sample-sp/register.php delete mode 100644 php/Attic/examples/sample-sp/session.php delete mode 100644 php/Attic/examples/sample-sp/setup.php delete mode 100644 php/Attic/examples/sample-sp/soapEndpoint.php delete mode 100644 php/Attic/examples/sample-sp/sp_openssl.cnf delete mode 100644 php/Attic/examples/sample-sp/view_session.php (limited to 'php') diff --git a/php/Attic/examples/.cvsignore b/php/Attic/examples/.cvsignore deleted file mode 100644 index 22a4e729..00000000 --- a/php/Attic/examples/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -Makefile.in - diff --git a/php/Attic/examples/Makefile.am b/php/Attic/examples/Makefile.am deleted file mode 100644 index 79505f8d..00000000 --- a/php/Attic/examples/Makefile.am +++ /dev/null @@ -1 +0,0 @@ -SUBDIRS = sample-sp sample-idp diff --git a/php/Attic/examples/README b/php/Attic/examples/README deleted file mode 100644 index 6c58ac9b..00000000 --- a/php/Attic/examples/README +++ /dev/null @@ -1,180 +0,0 @@ -Lasso Exemples ----------------------------------- - -SOFTWARE - This directory include a Liberty Alliance Service Provider (sample-sp) - and a Liverty Alliance Identity Provider (sample-idp) written in PHP - with the Lasso extension. - -INSTALLATION - You need the fallowing components : - - The Apache Web Server with SSL support (http://www.apache.org) - - OpenSSL (http://www.openssl.org) - - PHP4 version 4.3 with OpenSSL support enabled (http://www.php.net) - - The Lasso Extension for PHP (http://lasso.entrouvert.org) - - A PostgreSQL database server (http://www.postgresql.org/) - - PHP Pear modules : DB, HTML_QuickForm, Log (http://pear.php.net) - - Debian packages for the Lasso extension are available, they are included - in the current development version (sid) and packages for the current stable - version (sarge) are available in the entr'ouvert's apt repository: - - deb http://www.entrouvert.org ./debian/lasso/ - - Add this line in your /etc/apt/sources.list and install the fallow packages : - - apt-get install apache-ssl php4 php4-lasso php4-pgsql php4-pear postgresql - - Pear packages can be installed with the pear command : - - # pear install DB HTML_Common HTML_Form HTML_QuickForm Log - -CONFIGURATION - - PostgreSQL - - Change user "postgres" password to access the database. - You can do this by executing in a shell : - - # su - postgres - $ psql template1 - template1=# ALTER USER postgres password 'new_pass'; - ALTER USER - template1=# \q - - Change your PostgreSQL server configuration to use passwords to - authenticate users writing in your /etc/postgresql/pg_hba.conf file: - - local all all password - host all all 127.0.0.1 255.255.255.255 password - - Then, restart the postmaster with /etc/init.d/postgresql restart. - - # /etc/init.d/postgresql restart - - Now you can create users idp and sp in postgres. Thoses users can create - database. - - $ createuser -A -d -P idp - Enter password for new user: - Enter it again: - Password: <-- postgres's password used to access the database - CREATE USER - - $ createuser -A -d -P sp - [ ... ] - - Create databases for idp and sp. - - $ createdb -U idp idp - Password: <-- idp's password - CREATE DATABASE - - $ createdb -U sp sp - [ ... ] - - Database setup is finished. - - Copy example source code in /var/lib/www : - - # cp -r sample-idp /var/www/idp - # cp -r sample-sp /var/www/sp - # chown -R www-data: /var/www/idp /var/www/sp - - OpenSSL - - To generate SSL certificat for the Identity Provider and the Service - Provider you need the openssl command line utility. - You need to create a certificate, a public and private key for the idp - and the sp. In order to proceed, you can run the gen_keys.sh script or use - the openssl command line utility : - - # cd /var/www/sp - # openssl req -out certificate_sp1.pem -keyout private-key-raw_sp1.pem -x509 -nodes -newkey rsa:2048 - [ ... ] - Common Name (eg, YOUR name) []:sp1 - [ ... ] - # openssl x509 -in certificate_sp1.pem -noout -pubkey > public-key_sp1.pem - # chown www-data: *.pem - - # cd /var/www/idp - # openssl req -out certificate_idp1.pem -keyout private-key-raw_idp1.pem -x509 -nodes -newkey rsa:2048 - [ ... ] - Common Name (eg, YOUR name) []:idp1 - [ ... ] - # openssl x509 -in certificate_idp1.pem -noout -pubkey > public-key_idp1.pem - # chown www-data: *.pem - - Then, copy the IdP's certificate and public key in the SP directory : - - # cd /var/www - # cp -p idp/certificate_idp1.pem idp/public-key_idp1.pem sp/ - - Copy the SP's certificate and public key in the IdP directory : - - # cd /var/www - # cp -p sp/certificate_sp1.pem sp/public-key_sp1.pem idp/ - - Enable PHP in Apache - - Change you Apache's configuration file to load PHP as module in your - /etc/apache-ssl/modules.conf file : - - LoadModule php4_module /usr/lib/apache/1.3/libphp4.so - - Add Type Mime for PHP - - In /etc/apache-ssl/httpd.conf write : - - # - # And for PHP 4.x, use: - # - AddType application/x-httpd-php .php - - PHP 4 - - Edit PHP 4 configuration file to enable the Lasso and Postgres extension - at the end of /etc/php4/apache/php.ini file : - - extension=pgsql.so - extension=lasso.so - - Configure Virtual Host in Apache - - With a two virtual hosts setup, one for the IdP and another for the SP, - you can try Lasso on one physical machine. - - At first we need to add two hosts in the /etc/hosts file : - - 127.0.0.2 idp1 idp1.lasso.lan - 127.0.0.3 sp1 sp1.lasso.lan - - In the Apache configuration file add two lines : - - Listen idp1:1998 - Listen sp1:2006 - - - DocumentRoot /var/www/idp - ServerName idp1 - SSLCertificateFile /var/www/idp/certificate_idp1.pem - SSLCertificateKeyFile /var/www/idp/private-key-raw_idp1.pem - - - - DocumentRoot /var/www/sp - ServerName sp1 - SSLCertificateFile /var/www/sp/certificate_sp1.pem - SSLCertificateKeyFile /var/www/sp/private-key-raw_sp1.pem - - - -SETUP - - Now launch your favorite web browser and go to : - - https://idp1:1998/setup.php - - or - - https://sp1:2006/setup.php diff --git a/php/Attic/examples/gen_keys.sh b/php/Attic/examples/gen_keys.sh deleted file mode 100755 index cb674a30..00000000 --- a/php/Attic/examples/gen_keys.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -# -# Generate OpenSSL certificats for PHP IdP and SP Lasso samples -# - -SP=sample-sp -SP_CFG=$SP/sp_openssl.cnf -SP_PRV=$SP/private-key-raw_sp1.pem -SP_CRT=$SP/certificate_sp1.pem -SP_PUB=$SP/public-key_sp1.pem - -IDP=sample-idp -IDP_CFG=$IDP/idp_openssl.cnf -IDP_PRV=$IDP/private-key-raw_idp1.pem -IDP_CRT=$IDP/certificate_idp1.pem -IDP_PUB=$IDP/public-key_idp1.pem - -openssl req -config $SP_CFG -out $SP_CRT -keyout $SP_PRV -x509 -nodes -newkey -batch -openssl x509 -in $SP_CRT -noout -pubkey > $SP_PUB - -openssl req -config $IDP_CFG -out $IDP_CRT -keyout $IDP_PRV -x509 -nodes -newkey -batch -openssl x509 -in $IDP_CRT -noout -pubkey > $IDP_PUB - -cp -p $IDP_CRT $IDP_PUB $SP -cp -p $SP_CRT $SP_PUB $IDP diff --git a/php/Attic/examples/sample-idp/.cvsignore b/php/Attic/examples/sample-idp/.cvsignore deleted file mode 100644 index 22a4e729..00000000 --- a/php/Attic/examples/sample-idp/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -Makefile.in - diff --git a/php/Attic/examples/sample-idp/Makefile.am b/php/Attic/examples/sample-idp/Makefile.am deleted file mode 100644 index 5f2818fb..00000000 --- a/php/Attic/examples/sample-idp/Makefile.am +++ /dev/null @@ -1,21 +0,0 @@ -EXTRA_DIST = \ - admin_user.php \ - cancel_federation.php \ - create_metadata.php \ - defederate.php \ - edit_metadata.php \ - federate.php \ - index.php \ - log_view.php \ - login.php \ - logout.php \ - metadata_idp1.xml \ - metadata_sp1.xml \ - misc.php \ - session.php \ - setup.php \ - singleSignOn.php \ - soapEndpoint.php \ - user_add.php \ - view_session.php \ - README diff --git a/php/Attic/examples/sample-idp/README b/php/Attic/examples/sample-idp/README deleted file mode 100644 index e69de29b..00000000 diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php deleted file mode 100644 index 05767f14..00000000 --- a/php/Attic/examples/sample-idp/admin_user.php +++ /dev/null @@ -1,306 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - $number_of_users = 5; - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - // Show XML dump - if (!empty($_GET['dump']) && !empty($_GET['type'])) - { - $query = "SELECT " . ($_GET['type'] == 'identity' ? 'identity' : 'session') . - $query .= "_dump FROM users WHERE user_id=".$db->quoteSmart($_GET['dump']); - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $row = $res->fetchRow(); -?> - - - - - - - - - - - -
Dump
- -
Close
- - -quoteSmart($_GET['del']); - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $query = "DELETE FROM users WHERE user_id=".$db->quoteSmart($_GET['del']); - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $logger->log("Delete User '".$_GET['del']."'", PEAR_LOG_NOTICE); - } - - lasso_init(); - - // Create Lasso Server - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); - - // Lasso User - $login = new LassoLogin($server); - - // Count users - $query = "SELECT COUNT(*) FROM users"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $row = $res->fetchRow(); - $count = $row[0]; - - - $startUser = ((empty($_GET['startUser'])) ? 0 : $_GET['startUser']); - - $query = "SELECT * FROM users"; - - if (!isset($_GET['show_all'])) - $query .= " OFFSET $startUser LIMIT " . ($startUser + $number_of_users); - $res =& $db->query($query); - - if (DB::isError($db)) - die($db->getMessage()); -?> - - - -Lasso Identity Provider Example : Users Management - - - - - -
- - -numCols(); - $tableinfo = $db->tableInfo($res); -?> - - - - - - - -" . $tableinfo[$i]['name'] .""; - } -?> - - - - -fetchRow()) { -?> - - - - - - - - - - - - - - - - - - -
Users
- - Previous"; - else - echo "Previous" - ?> - | - $number_of_users) && !isset($_GET['show_all'])) - echo "Next"; - else - echo "Next"; - - if (isset($_GET['show_all'])) - echo "| Paginate"; - else - { - for ($i = 0; $i < $count; $i += $number_of_users) - if ($i == $startUser) - echo "| " . ( $i / $number_of_users); - else - echo "| " . ( $i / $number_of_users) . ""; - if ($count > $number_of_users) - echo "| Show All"; - } - if ($count) - { - ?> - | Toggle All - - add user
  
- - - view"; - break; - case "session_dump": - $session_dump = $row[$i]; - if (empty($row[$i])) - echo " "; - else - echo "view"; - break; - default: - echo (empty($row[$i])) ? " " : $row[$i]; - } - ?> - - delete - edit -
- setIdentityFromDump($identity_dump); - $identity = $login->identity; - $providerIDs = $identity->providerIds; -?> - -length() ; $i++) - { -?> - - - - - -
getItem($i); ?>cancel federation
- -
 Total: Users
-
- -
-

Index -

- -
-

Copyright © 2004, 2005 Entr'ouvert

- - - - - diff --git a/php/Attic/examples/sample-idp/cancel_federation.php b/php/Attic/examples/sample-idp/cancel_federation.php deleted file mode 100644 index 9593d957..00000000 --- a/php/Attic/examples/sample-idp/cancel_federation.php +++ /dev/null @@ -1,225 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - $methodes = array('redirect' => lassoHttpMethodRedirect, 'soap' => lassoHttpMethodSoap); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - if (empty($_GET['profile'])) - { - $logger->err("Cancel Federation called without profile."); - die("Cancel Federation called without profile."); - } - - if (empty($_GET['with'])) - { - $logger->err("Cancel Federation called without providerID."); - die("Cancel Federation called without providerID."); - } - - session_start(); - - lasso_init(); - - if (empty($_SESSION['user_id'])) - { - $logger->err("UserID is empty, user is not logged in."); - die("UserID is empty, user is not logged in."); - } - - if (empty($_SESSION['identity_dump'])) - { - $logger->err("Identity Dump is empty, user is not federated."); - die("Identity Dump is empty, user is not federated."); - } - - if (!in_array($_GET['profile'], array_keys($methodes))) - { - die("Unknown defederation profile : " . $_GET['profile']); - $logger->err("Unknown defederation profile : " . $_GET['profile']); - } - - $user_id = $_SESSION['user_id']; - - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); - - $defederation = new LassoDefederation($server, lassoProviderTypeIdp); - $defederation->setIdentityFromDump($_SESSION['identity_dump']); - - if (!empty($_SESSION['session_dump'])) - $defederation->setSessionFromDump($_SESSION['session_dump']); - - $logger->debug("Create Cancel Federation Notification for User '" . $_SESSION["user_id"] . - "' with Service Provider '" . $_GET['with']. "'"); - - $defederation->initNotification($_GET['with'], $methodes[$_GET['profile']]); - - $defederation->buildNotificationMsg(); - $nameIdentifier = $defederation->nameIdentifier; - if (empty($nameIdentifier)) - { - $loggery>err("Name Identifier is empty."); - die("Name Identifier is empty."); - } - - $identity = $defederation->identity; - if (isset($defederation->identity)) - { - // Update identity dump - $identity_dump = $identity->dump(); - $_SESSION['identity_dump'] = $identity_dump; - $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); - } - else // Delete identity and session dumps - $query = "UPDATE users SET identity_dump=''"; - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - die("Internal Server Error"); - } - $logger->debug("Update user '$user_id' identity dump in the database"); - - // Update session dump, if available - if (!empty($_SESSION['sesion_dump']) && $defederation->isSessionDirty) - { - $session = $defederation->session; - $session_dump = $session->dump(); - $_SESSION['session_dump'] = $session_dump; - - $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - die("Internal Server Error"); - } - $logger->debug("Update user '$user_id' session dump in the database"); -} - -// Delete Name Identifier -$query = "DELETE FROM nameidentifiers WHERE user_id='$user_id' "; -$query .= "AND name_identifier='$nameIdentifier'"; - -$res =& $db->query($query); -if (DB::isError($res)) -{ - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - die("Internal Server Error"); -} - -$logger->info("Delete Name Identifier '$nameIdentifier' for User '$user_id'"); - -switch($_GET['profile']) -{ - case 'redirect': - $url = $defederation->msgUrl; - $logger->info("Redirect user to $url"); - - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - break; - case 'soap': - $url = parse_url($defederation->msgUrl); - $soap = sprintf( - "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", - $url['path'], $url['host'], $url['port'], strlen($defederation->msgBody), $defederation->msgBody); - - $logger->info('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path']); - $logger->debug('SOAP Request : ' . $soap); - - $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); - socket_set_timeout($fp, 10); - fwrite($fp, $soap); - - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = @fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } - fclose($fp); - - $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); - $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); - - // TODO : check reponse status - - - break; - } - -?> - - diff --git a/php/Attic/examples/sample-idp/create_metadata.php b/php/Attic/examples/sample-idp/create_metadata.php deleted file mode 100644 index e55e79ab..00000000 --- a/php/Attic/examples/sample-idp/create_metadata.php +++ /dev/null @@ -1,144 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - - $form = new HTML_QuickForm('frm'); - - $form->setDefaults(array( - 'providerID' => 'https://', - 'AssertionConsumerService' => 'https://', - 'SoapEndpoint' => 'https://', - 'SingleLogoutService' => 'https://', - 'RegisterNameIdentifierService' => 'https://', - 'AuthnRequestsSigned' => 1, - 'filename' => getcwd().'/metadata.xml' - )); - - $form->addElement('header', null, 'Create Liberty Alliance Metadata for an Service Provider'); - $form->addElement('text', 'providerID', 'providerID:', array('size' => 60, 'maxlength' => 255)); - - $form->addElement('text', 'AssertionConsumerService', 'AssertionConsumerService:', array('size' => 60, 'maxlength' => 255)); - - $form->addElement('text', 'SingleLogoutService', 'SingleLogoutService:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('select', 'SingleLogoutProtocolProfile', 'SingleLogoutProtocolProfile:', array('http://projectliberty.org/profiles/slo-idp-soap')); - - $form->addElement('text', 'RegisterNameIdentifierService', 'RegisterNameIdentifierService:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('select', 'RegisterNameIdentifierProtocolProfile', 'RegisterNameIdentifierProtocolProfile:', array('http://projectliberty.org/profiles/rni-sp-soap')); - - $form->addElement('text', 'SoapEndpoint', 'SoapEndpoint:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('checkbox', 'AuthnRequestsSigned', 'Authn Requests must be signed? :', ''); - - $form->addElement('textarea', 'metadata', 'Metadata:', array('cols' => 60, 'rows' => 15)); - $form->addElement('text', 'filename', 'Filename:', array('size' => 60, 'maxlength' => 255)); - - $button[] = &HTML_QuickForm::createElement('button', null, 'Preview', array('onclick' => "write_metadata_preview();")); - $button[] = &HTML_QuickForm::createElement('submit', null, 'Write Metadata'); - - $form->addGroup($button, null, null, ' ', false); - - if ($form->validate()) { - - $xml = " -exportValue('providerID') ."\" xmlns=\"urn:liberty:metadata:2003-08\"> - - " . $form->exportValue('AssertionConsumerService') . "\n - " . $form->exportValue('SingleLogoutService') . " - " . $form->exportValue('SingleLogoutProtocolProfile') . "\n - " . $form->exportValue('RegisterNameIdentifierService') . " - " . $form->exportValue('RegisterNameIdentifierProtocolProfile') . "\n - " . $form->exportValue('SoapEndpoint') . "\n - " . (($form->exportValue('AuthnRequestsSigned')) ? 'true' : 'false') . " - -"; - - - if (($fd = fopen($form->exportValue('filename'), "w"))) - { - fwrite($fd, $xml); - fclose($fd); - } - else - die("Could not write metadata file :" . $form->exportValue('filename')); -?> - - - - - - - - - - - - - - - - -display(); -?> -
-

Copyright © 2004, 2005 Entr'ouvert

- - diff --git a/php/Attic/examples/sample-idp/defederate.php b/php/Attic/examples/sample-idp/defederate.php deleted file mode 100644 index e2c107e8..00000000 --- a/php/Attic/examples/sample-idp/defederate.php +++ /dev/null @@ -1,32 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - session_start(); - - if (!isset($_SESSION['user_id'])) - { - die("User is not logged in!\n"); - } - -?> diff --git a/php/Attic/examples/sample-idp/edit_metadata.php b/php/Attic/examples/sample-idp/edit_metadata.php deleted file mode 100644 index 78795c57..00000000 --- a/php/Attic/examples/sample-idp/edit_metadata.php +++ /dev/null @@ -1,61 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - $filename = $_GET['filename']; - if (!empty($filename) && file_exists($filename)) - { - require_once 'HTML/QuickForm.php'; - - $form = new HTML_QuickForm('frm'); - - $form->addElement('header', null, 'Edit Liberty Alliance Metadata for an Service Provider'); - $form->addElement('text', 'providerID', 'providerID:', array('size' => 60, 'maxlength' => 255)); - - $form->addElement('text', 'AssertionConsumerService', 'AssertionConsumerService:', array('size' => 60, 'maxlength' => 255)); - - $form->addElement('text', 'SingleLogoutService', 'SingleLogoutService:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('select', 'SingleLogoutProtocolProfile', 'SingleLogoutProtocolProfile:', array('http://projectliberty.org/profiles/slo-idp-soap')); - - $form->addElement('text', 'RegisterNameIdentifierService', 'RegisterNameIdentifierService:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('select', 'RegisterNameIdentifierProtocolProfile', 'RegisterNameIdentifierProtocolProfile:', array('http://projectliberty.org/profiles/rni-sp-soap')); - - $form->addElement('text', 'SoapEndpoint', 'SoapEndpoint:', array('size' => 60, 'maxlength' => 255)); - $form->addElement('checkbox', 'AuthnRequestsSigned', 'Authn Requests must be signed? :', ''); -?> - - - - Edit Metadata - - -display(); -?> -
-

Copyright © 2004, 2005 Entr'ouvert

- - - diff --git a/php/Attic/examples/sample-idp/federate.php b/php/Attic/examples/sample-idp/federate.php deleted file mode 100644 index 46da3fc9..00000000 --- a/php/Attic/examples/sample-idp/federate.php +++ /dev/null @@ -1,32 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - session_start(); - - if (!isset($_SESSION['user_id'])) - { - die("User is not logged in!\n"); - } - -?> diff --git a/php/Attic/examples/sample-idp/idp_openssl.cnf b/php/Attic/examples/sample-idp/idp_openssl.cnf deleted file mode 100644 index 7336057c..00000000 --- a/php/Attic/examples/sample-idp/idp_openssl.cnf +++ /dev/null @@ -1,19 +0,0 @@ -[ req ] -default_bits = 2048 -encrypt_key = yes -distinguished_name = req_dn -x509_extensions = cert_type -prompt = no - -[ req_dn ] -C=FR -ST=Ile de France -L=Paris -O=Entrouvert -OU=Automatically-generated SSL key -CN=idp1 -emailAddress=webmaster@domain.com - -[ cert_type ] -nsCertType = server - diff --git a/php/Attic/examples/sample-idp/index.php b/php/Attic/examples/sample-idp/index.php deleted file mode 100644 index 3fda8a13..00000000 --- a/php/Attic/examples/sample-idp/index.php +++ /dev/null @@ -1,193 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'DB.php'; - require_once 'session.php'; - - if(!extension_loaded('lasso')) { - $ret = @dl('lasso.' . PHP_SHLIB_SUFFIX); - if ($ret == FALSE) - { -?> -

The Lasso Extension is not available
-Please check your PHP extensions
-You can get more informations about Lasso at
-http://lasso.entrouvert.org/

- -

Identity Provider Configuration file is not available
-Please run the setup script :
-Lasso Service Provider Setup
-You can get more informations about Lasso at
-http://lasso.entrouvert.org/

-getMessage()); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - lasso_init(); - - // Create Lasso Server - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); -?> - - - -Lasso Identity Provider Example - - - - -

- Identity Provider Administration
- Setup
- Users Management
- View Online Users - -
View log - -

-

- Identity Provider Fonctionnality -

- -

- Local Login

-setIdentityFromDump($_SESSION['identity_dump']); - if (!empty($_SESSION['session_dump'])) - $login->setSessionFromDump($_SESSION['sesion_dump']); - $identity = $login->identity; - $providerIDs = $identity->providerIds; - - if ($providerIDs->length()) - { -?> -

Cancel a Federation with :

-

- - - - - - - - -length() ; $i++) - { - $providerID = $providerIDs->getItem($i); -?> - - - - - - -
Service ProviderProfile
- Redirect | - SOAP -
-

- -

Your are not Federated with an Service Provider.

- -

-Local Logout

- - -

- - - - User is not logged in!"; - } - else - { - ?> - - - - - - - - - - - - -
Status
User is logged in!
UserID:
User Name:
PHP Session ID:
- -
-

Copyright © 2004, 2005 Entr'ouvert

- - - - - diff --git a/php/Attic/examples/sample-idp/log_view.php b/php/Attic/examples/sample-idp/log_view.php deleted file mode 100644 index 40f2025d..00000000 --- a/php/Attic/examples/sample-idp/log_view.php +++ /dev/null @@ -1,160 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - require_once 'DB.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - if ($config['log_handler'] != 'sql') - die("Unsupported log handler"); - - $number_of_msg = 8; - - // Count log messages - $query = "SELECT COUNT(*) FROM log"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $row = $res->fetchRow(); - $count = $row[0]; - - $startMsg = ((empty($_GET['startMsg'])) ? 0 : $_GET['startMsg']); - - $query = "SELECT * FROM log ORDER BY id DESC"; - if (!isset($_GET['show_all'])) - $query .= " OFFSET $startMsg LIMIT " . ($startMsg + $number_of_msg); - - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $numRows = $res->numRows(); - -?> - - - - - Lasso Identity Provider Example : View Logs - - -
- - - - - - - - - - - - - - -numCols(); - $tableinfo = $db->tableInfo($res); - - $desc = array("emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug"); - - while($row = $res->fetchRow()) - { - echo ""; - for ($i = 0; $i < $num_col; $i++) - { - switch ($tableinfo[$i]['name']) - { - case "id": - break; - case "priority": - echo ""; - break; - case "message": - echo ""; - break; - default: - echo ""; - } - } - echo ""; - } - } -?> - - - - - - - - -
Logged events
- Previous"; - else - echo "Previous" - ?> - | - $number_of_users) && !isset($_GET['show_all'])) - echo "Next"; - else - echo "Next"; - - if (isset($_GET['show_all'])) - echo "| Paginate"; - else - { - for ($i = 0; $i < $count; $i += $number_of_msg) - if ($i == $startMsg) - echo "| " . ( $i / $number_of_msg); - else - echo "| " . ( $i / $number_of_msg) . ""; - if ($count > $number_of_msg) - echo "| Show All"; - } - ?> -
datefilenameprioritymessage
" . $desc[$row[$i]] . "" . $row[$i] . "" . $row[$i] . "
 
-
-

Index -

-
-

Copyright © 2004, 2005 Entr'ouvert

- - - diff --git a/php/Attic/examples/sample-idp/login.php b/php/Attic/examples/sample-idp/login.php deleted file mode 100644 index 7c4d3c3d..00000000 --- a/php/Attic/examples/sample-idp/login.php +++ /dev/null @@ -1,182 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - /* - * - */ - function sendHTTPBasicAuth() - { - global $logger; - - header('WWW-Authenticate: Basic realm="Lasso Identity Provider One"'); - header('HTTP/1.0 401 Unauthorized'); - echo "Acces Denied"; - $logger->log("User from '" . $_SERVER['REMOTE_ADDR'] . "' pressed the cancel button during HTTP basic authentication request", PEAR_LOG_NOTICE); - } - - function startLocalSession($user_id, $username) - { - global $db, $logger; - - $_SESSION['user_id'] = $user_id; - $_SESSION['username'] = $username; - - $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; - - $res =& $db->query($query); - - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("Could not fetch identity and session dump"); - } - if ($res->numRows()) - { - $row = $res->fetchRow(); - if (!empty($row[0])) - $_SESSION['identity_dump'] = $row[0]; - if (!empty($row[1])) - $_SESSION['session_dump'] = $row[1]; - } - - $logger->log("User '$username' ($user_id) authenticated, local session started", PEAR_LOG_NOTICE); - - $url = 'index.php'; - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - exit; - } - - /* - * This function authentificate the user against the Users Database - */ - function authentificateUser($db, $username, $password) - { - global $logger; - - $query = "SELECT user_id FROM users WHERE username=".$db->quoteSmart($username); - $query .= " AND password=".$db->quoteSmart($password); - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("Internal Server Error"); - } - - if ($res->numRows()) - { - $row = $res->fetchRow(); - return ($row[0]); - } - return (0); - } - - if ($config['auth_type'] == 'auth_basic') - { - if (!isset($_SERVER['PHP_AUTH_USER'])) - { - sendHTTPBasicAuth(); - exit; - } - else - { - // Check Login and Password - if (!($user_id = authentificateUser($db, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))) - { - $logger->warning("Authentication failure with login '". $_SERVER['PHP_AUTH_USER'] . " password '" - . $_SERVER['PHP_AUTH_PW'] ."' IP " . $_SERVER['REMOTE_ADDR']); - sendHTTPBasicAuth(); - exit; - } - else - startLocalSession($user_id, $_SERVER['PHP_AUTH_USER']); - } - } - else if ($config['auth_type'] == 'auth_form') - { - - $form = new HTML_QuickForm('frm'); - - $form->addElement('header', null, 'Login on the Lasso Identity Provider Example'); - - $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('submit', null, 'Ok'); - - $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); - $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); - - if ($form->validate()) - { - if (($user_id = authentificateUser($db, $form->exportValue('username'), $form->exportValue('password')))) - { - startLocalSession($user_id, $form->exportValue('username')); - } - else - $logger->log("Authentication failure with login '".$form->exportValue('username')." password '". $form->exportValue('password') ."' IP '" . $_SERVER['REMOTE_ADDR']."'", PEAR_LOG_WARNING); - } -?> - - - -display(); -?> - - -log("Unknown authentification type '". $config['auth_type'] ."', check IdP setup", PEAR_LOG_ALERT); - die('Unknown authentification type'); - } -?> diff --git a/php/Attic/examples/sample-idp/logout.php b/php/Attic/examples/sample-idp/logout.php deleted file mode 100644 index 4089c8dd..00000000 --- a/php/Attic/examples/sample-idp/logout.php +++ /dev/null @@ -1,55 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - // Destroy The PHP Session - $_SESSION = array(); - session_destroy(); - - $url = "index.php"; - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - exit; -?> diff --git a/php/Attic/examples/sample-idp/metadata_idp1.xml b/php/Attic/examples/sample-idp/metadata_idp1.xml deleted file mode 100644 index af84f259..00000000 --- a/php/Attic/examples/sample-idp/metadata_idp1.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - - https://idp1.lasso.lan:1998/singleSignOn - http://projectliberty.org/profiles/brws-art - http://projectliberty.org/profiles/brws-post - - https://idp1.lasso.lan:1998/singleLogout - https://idp1.lasso.lan:1998/singleLogoutReturn - http://projectliberty.org/profiles/slo-idp-soap - http://projectliberty.org/profiles/slo-idp-http - http://projectliberty.org/profiles/slo-sp-soap - http://projectliberty.org/profiles/slo-sp-http - - https://idp1.lasso.lan:1998/federationTermination - https://idp1.lasso.lan:1998/federationTerminationReturn - http://projectliberty.org/profiles/fedterm-idp-soap - http://projectliberty.org/profiles/fedterm-idp-http - http://projectliberty.org/profiles/fedterm-sp-soap - http://projectliberty.org/profiles/fedterm-sp-http - - https://idp1.lasso.lan:1998/registerNameIdentifier - https://idp1.lasso.lan:1998/registerNameIdentifierReturn - http://projectliberty.org/profiles/rni-idp-soap - http://projectliberty.org/profiles/rni-idp-http - http://projectliberty.org/profiles/rni-sp-soap - http://projectliberty.org/profiles/rni-sp-http - - http://projectliberty.org/profiles/nim-sp-http - - https://idp1.lasso.lan:1998/soapEndpoint - - - - - Identity Provider idp1.lasso.lan - Identity Provider 1 - http://idp1.lasso.lan/ - - - diff --git a/php/Attic/examples/sample-idp/metadata_sp1.xml b/php/Attic/examples/sample-idp/metadata_sp1.xml deleted file mode 100644 index cf2fad08..00000000 --- a/php/Attic/examples/sample-idp/metadata_sp1.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - - https://sp1.lasso.lan:2006/assertionConsumer - - https://sp1.lasso.lan:2006/singleLogout - https://sp1.lasso.lan:2006/singleLogoutReturn - http://projectliberty.org/profiles/slo-idp-soap - http://projectliberty.org/profiles/slo-idp-http - http://projectliberty.org/profiles/slo-sp-soap - http://projectliberty.org/profiles/slo-sp-http - - https://sp1.lasso.lan:2006/federationTermination - https://sp1.lasso.lan:2006/federationTerminationReturn - http://projectliberty.org/profiles/fedterm-idp-soap - http://projectliberty.org/profiles/fedterm-idp-http - http://projectliberty.org/profiles/fedterm-sp-soap - http://projectliberty.org/profiles/fedterm-sp-http - - https://sp1.lasso.lan:2006/registerNameIdentifier - https://sp1.lasso.lan:2006/registerNameIdentifierReturn - http://projectliberty.org/profiles/rni-idp-soap - http://projectliberty.org/profiles/rni-idp-http - http://projectliberty.org/profiles/rni-sp-soap - http://projectliberty.org/profiles/rni-sp-http - - https://sp1.lasso.lan:2006/soapEndpoint - - true - - - - - Service Provider sp1.lasso.lan - Service Provider 1 - http://sp1.lasso.lan/ - - - diff --git a/php/Attic/examples/sample-idp/misc.php b/php/Attic/examples/sample-idp/misc.php deleted file mode 100644 index 9f305b13..00000000 --- a/php/Attic/examples/sample-idp/misc.php +++ /dev/null @@ -1,68 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -function read_http_response($fp, &$header, &$response) -{ - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = @fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } -} - -function isDBError($res) -{ - global $logger; - - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("Internal Server Error"); - } -} - diff --git a/php/Attic/examples/sample-idp/session.php b/php/Attic/examples/sample-idp/session.php deleted file mode 100644 index b51bb893..00000000 --- a/php/Attic/examples/sample-idp/session.php +++ /dev/null @@ -1,86 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - -function open_session ($save_path, $session_name) { - return(true); -} - -function close_session() { - global $db; - $db->disconnect(); - return(true); -} - -function read_session ($id) { - global $db; - - $query = "SELECT * FROM sessions WHERE id='$id'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - exit; - die($res->getMessage()); - } - - if ($res->numRows() == 1) - { - $row = $res->fetchRow(); - return ($row[2]); - } else { - return(""); - } -} - -function write_session ($id, $sess_data) { - global $db; - - $query = "DELETE FROM sessions WHERE id='$id'"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $query = "INSERT INTO sessions(id, lastupdate, data) VALUES('$id', NOW(),"; - $query .= $db->quoteSmart($sess_data).")"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); -} - -function destroy_session ($id) { - global $db; - - $query = "DELETE FROM sessions WHERE id='$id'"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - return true; -} - -function gc_session ($maxlifetime) { - return true; -} - -?> diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php deleted file mode 100644 index ddc956a5..00000000 --- a/php/Attic/examples/sample-idp/setup.php +++ /dev/null @@ -1,604 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ -?> - -The Lasso Extension is not available
"; - print "Please check your PHP extensions
"; - print "You can get more informations about Lasso at
"; - print "http://lasso.entrouvert.org/

"; - exit(); - } - } - - /* - * This callback function is called by array_walk and - * add an service provider to the identity provider. - */ - function add_service_provider(&$item, $key, $server) - { - print "
$key : "; - - $ret = $server->addProvider(LASSO_PROVIDER_ROLE_SP, - $item['metadata'], - $item['public_key'], - $item['ca']); - - /* FIXME : check addProvider return value - if ($ret != TRUE) - { - print "Failed"; - break; - } - else */ - print "OK"; - } - - function write_config_inc($config) - { - $config_ser = serialize($config); - $filename = "config.inc"; - - if ($fd = fopen($filename, "w")) - { - fwrite($fd, $config_ser); - fclose($fd); - return TRUE; - } - return FALSE; - } - - require_once 'DB.php'; - - # default config - if (!file_exists('config.inc')) - { - $cwd = getcwd(); - $config = array( - 'dsn' => "pgsql://idp:idp@localhost/idp", - 'server_dump_filename' => "lasso_server_dump.xml", - 'log_handler' => 'sql', - 'auth_type' => 'auth_form', - 'idp-metadata' => $cwd . "/metadata_idp1.xml", - 'idp-private_key' => $cwd . "/private-key-raw_idp1.pem", - 'idp-secret_key' => "", - 'idp-ca' => $cwd . "/certificate_idp1.pem", - 'sp' => array( - 'sp1' => array( - 'metadata' => $cwd . "/metadata_sp1.xml", - 'public_key' => $cwd . "/public-key_sp1.pem", - 'ca' => $cwd . "/certificate_sp1.pem") - /* another service provider - 'sp2' => array( - 'metadata' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/metadata.xml", - 'public_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/public-key.pem", - 'ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem") */ - )); - - $config_ser = serialize($config); - if (!write_config_inc($config)) - die("Could not write default config file, - if you get a \"permission denied\" error, check the owner of the - sample directory. (it must be www-data)."); - } - else - { - $config = unserialize(file_get_contents('config.inc')); - } - - $keys = array_keys($_POST); - - $to_del = preg_grep('/delete_(\w)/', $keys); - - if (!empty($to_del)) - { - $keys = array_values($to_del); - foreach($keys as $key) - { - $name = substr($key, 7); - unset($config['sp'][$name]); - write_config_inc($config); - } - } - - $to_update = preg_grep('/update_(\w)/', $keys); - - if (!empty($to_update)) - { - $keys = array_values($to_update); - foreach($keys as $key) - { - $name = substr($key, 7); - $config['sp'][$name]['metadata'] = $_POST['sp^'.$name.'^metadata']; - $config['sp'][$name]['public_key'] = $_POST['sp^'.$name.'^public_key']; - $config['sp'][$name]['ca'] = $_POST['sp^'.$name.'^ca']; - write_config_inc($config); - } - } - - - if (array_key_exists('new', $_POST)) - { - $form = array('sp' => 'Name', - 'metadata' => 'Metadata', - 'public_key' => 'Public Key', - 'ca' => 'Certificate'); - - foreach ($form as $input => $name) - if (empty($_POST[$input])) - die("Field $name is empty"); - - $config['sp'][$_POST['sp']] = array( - 'metadata' => $_POST['metadata'], - 'public_key' => $_POST['public_key'], - 'ca' => $_POST['ca']); - - write_config_inc($config); - } - - if (array_key_exists('setup', $_POST)) - { - ob_start(); - - $setup = FALSE; - - print "Lasso Identity Provider Setup
"; - - unset($_POST['setup'], $_POST['metadata'], $_POST['public_key'], $_POST['ca'], $_POST['sp']); - - $sps = array_values(preg_grep("/sp\^/", array_keys($_POST))); - - - $_POST['sp'] = array(); - - foreach ($sps as $sp) { - list($null, $name, $type) = split("\^", $sp, 3); - $_POST['sp'][$name][$type] = $_POST[$sp]; - unset($_POST[$sp]); - } - - $diff = array_diff($_POST, $config); - - foreach($diff as $key => $value) { - $config[$key] = $value; - } - - print "Check Data base : "; - - $db = &DB::connect($config['dsn']); - - if (DB::isError($db)) { - die("Failed (" . $db->getMessage() . ")"); - } - else - print "OK"; - - print "
Create sequence 'user_id_seq' : "; - - $query = "DROP SEQUENCE user_id_seq"; - $res =& $db->query($query); - - $query = "CREATE SEQUENCE user_id_seq"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create table 'users' : "; - $query = "DROP TABLE users CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE users ( - user_id varchar(100) primary key, - username varchar(255) unique, - password varchar(255), - identity_dump text, - session_dump text, - created timestamp)"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Insert user 'test' into 'users' : "; - - $query = "INSERT INTO users(user_id, username, password, created) "; - $query .= "VALUES (nextval('user_id_seq'), 'test', 'test', NOW())"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - print "OK"; - - print "
Create table 'nameidentifiers' : "; - - $query = "DROP TABLE nameidentifiers CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE nameidentifiers ( - name_identifier varchar(100) primary key, - user_id varchar(100), - FOREIGN KEY (user_id) REFERENCES users (user_id))"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create table 'assertions' : "; - $query = "DROP TABLE assertions CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE assertions ( - assertion text, - response_dump text, - created timestamp)"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create table 'log' : "; - $query = "DROP TABLE log CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE log ( - id integer primary key, - logtime timestamp, - ident varchar(16), - priority integer, - message text)"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create sequence 'log_id' : "; - - $query = "DROP SEQUENCE log_id"; - $res =& $db->query($query); - - $query = "CREATE SEQUENCE log_id"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create table 'sessions' : "; - $query = "DROP TABLE sessions CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE sessions ( - id varchar(32) primary key, - lastupdate timestamp, - data text)"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create table 'sso_sessions' : "; - $query = "DROP TABLE sso_sessions CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE sso_sessions ( - name_identifier character varying(100), - session_id character varying(32), - ip integer - )"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - $db->disconnect(); - - // Check if IdP files does exists - $keys = array_keys($config); - $files = preg_grep("/idp/", $keys); - - foreach($files as $file) - { - print "
Check file " . $config[$file] . " : "; - if (!file_exists($config[$file])) - { - if ($file == 'idp-secret_key') - print "not found (optional)"; - else - die("Failed (file does not exist)"); - } - else - print "OK"; - } - - - foreach($config['sp'] as $key) - { - foreach ($key as $file) - { - print "
Check file " . $file . " : "; - if (!file_exists($file)) - { - die("Failed (file does not exist)"); - } - else - print "OK"; - - } - } - - lasso_init(); - - print "
Create Server : "; - - /* - $server = new LassoServer( - $config['idp-metadata'], - $config['idp-public_key'], - $config['idp-private_key'], - $config['idp-ca']); - */ - - $server = new LassoServer( - $config['idp-metadata'], - $config['idp-private_key'], - $config['idp-secret_key'], - $config['idp-ca']); - - if (empty($server)) - die("Failed"); - else - print "OK"; - - - print "
Add Service Provider(s) :"; - - array_walk($config['sp'], 'add_service_provider', $server); - - print "
Write XML Server Dump : "; - - $dump = $server->dump(); - - if (($fd = fopen($config['server_dump_filename'], "w"))) - { - fwrite($fd, $dump); - fclose($fd); - print "OK"; - } - else - die("Failed"); - - lasso_shutdown(); - - print "
Save configuration file : "; - - - # Save configuration file - $config_ser = serialize($config); - if (($fd = fopen("config.inc", "w"))) - { - fwrite($fd, $config_ser); - fclose($fd); - print "OK"; - } - else - { - print("Failed"); - break; - } - $setup = TRUE; - } - $setup_log = ob_get_contents(); - ob_end_clean(); -?> - - -Setup script for Lasso (Liberty Alliance Single Sign On) - - - - - - -

Back to Index

- - - - - - -
- -

Lasso Identity Provider Setup

-
-

- - - - - - - - - - - - - - - - - - - - - - - -
Database
DSN (Data Source Name) :' maxlength='100'>Help
Authentification
-
Authentification type : - -  
Logging
Handler : - -  
-

-
-

- - - - - - - - - - - - - - - - - - - - - - - -
Identity Provider
Server XML Dump :' maxlength='100'> 
Metadata :'> 
Private Key :'> 
Secret Key (optional) :'> 
Certificate :'> 
-

- -
- $name) - { -?> - - - - - - - - - - - - - - - - - - -
Service Provider
Metadata :'>Edit Metadata
Public Key :'> 
Certificate :'> 
- - -
- - -

- -

- - - - - - - - - - - - - - - - - - - - - - - - -
Add a new Service Provider
Name : 
Metadata :Create Metadata
Public Key : 
Certificate : 
- -
-

-
-

- -

-
-

Index -

-

Copyright © 2004, 2005 Entr'ouvert

- - - diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php deleted file mode 100644 index d4548bb9..00000000 --- a/php/Attic/examples/sample-idp/singleSignOn.php +++ /dev/null @@ -1,494 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - require_once 'misc.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - lasso_init(); - - // Create Lasso Server - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); - - // HTTP Basic Authentification - if ($config['auth_type'] == 'auth_basic') - { - if (!isset($_SERVER['PHP_AUTH_USER'])) - { - sendHTTPBasicAuth(); - exit; - } - else - { - $login = new LassoLogin($server); - - // init login - updateDumpsFromSession($login); - initFromAuthnRequest($login); - - - // User must *NOT* Authenticate with the IdP - if (!$login->mustAuthenticate()) - { - $user_id = authentificateUser($db, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - if (!$user_id) - { - $logger->log("User must not authenticate, username and password are not available", PEAR_LOG_CRIT); - die("Unknown User"); - } - - $array = getIdentityDumpAndSessionDumpFromUserID($db, $user_id); - if (empty($array)) - { - $logger->log("User must no authenticate, but I don't find session and identity - dump in the database", PEAR_LOG_CRIT); - die("Could not get Identity and Session Dump"); - } - - $login->setIdentityFromDump($array['identity_dump']); - if (!empty($array['session_dump'])) - { - $logger->log("Update Session from dump for User '$user_id'", PEAR_LOG_CRIT); - $login->setSessionFromDump($array['session_dump']); - } - - doneSingleSignOn($db, $login, $user_id); - exit; - } - - // Check Login and Password - if (!($user_id = authentificateUser($db, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))) - { - sendHTTPBasicAuth(); - exit; - } - else - { - $array = getIdentityDumpAndSessionDumpFromUserID($db, $user_id); - $is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE); - - if (!$is_first_sso) - $login->setIdentityFromDump($array['identity_dump']); - - if (!empty($array['session_dump'])) - $login->setSessionFromDump($array['session_dump']); - - doneSingleSignOn($db, $login, $user_id, $is_first_sso); - } - } - exit; - } - - // HTML Form Authentification - - // Create the form - $form = new HTML_QuickForm('frm'); - - $form->addElement('header', null, 'Single Sing On Login'); - - $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('submit', null, 'Ok'); - - $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); - $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); - - /* - * - */ - function sendHTTPBasicAuth() - { - global $logger; - - header('WWW-Authenticate: Basic realm="Lasso Identity Provider One"'); - header('HTTP/1.0 401 Unauthorized'); - echo "Acces Denied"; - $logger->log("User from '" . $_SERVER['REMOTE_ADDR'] . "' pressed the cancel button during HTTP basic authentication request", PEAR_LOG_NOTICE); - } - - /* - * Update Identity dump - */ - function updateIdentityDump($db, $user_id, $identity_dump) - { - global $logger; - - $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - - isDBError($res); - $logger->log("Update user '$user_id' identity dump in the database : $identity_dump", PEAR_LOG_DEBUG); - } - - /* - * Update Session dump - */ - function updateSessionDump($db, $user_id, $session_dump) - { - global $logger; - - $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - isDBError($res); - $logger->log("Update user '$user_id' Session dump in the database : $session_dump", PEAR_LOG_DEBUG); - } - - /* - * Save the Assertion Artifact in the database - */ - function saveAssertionArtifact($db, $artifact, $assertion) - { - global $logger; - $assertion_dump = $assertion->dump(); - - if (empty($assertion_dump)) - { - $logger->log("assertion dump is empty", PEAR_LOG_ALERT); - die("assertion dump is empty"); - } - - // Save assertion - $query = "INSERT INTO assertions (assertion, response_dump, created) VALUES "; - $query .= "('".$artifact."',".$db->quoteSmart($assertion_dump).", NOW())"; - - $res =& $db->query($query); - isDBError($res); - } - - /* - * Update Session and Identity Dump from PHP Session variables - */ - function updateDumpsFromSession(&$login) - { - global $logger; - - // Get session and identity dump if there are available - if (!empty($_SESSION['session_dump'])) - { - $login->setSessionFromDump($_SESSION['session_dump']); - $logger->log("Update user's session dump", PEAR_LOG_DEBUG); - } - - if (!empty($_SESSION['identity_dump'])) - { - $login->setIdentityFromDump($_SESSION['identity_dump']); - $logger->log("Update user's identity dump", PEAR_LOG_DEBUG); - } - } - - /* - * Init Lasso login from AuthnRequestMsg - */ - function initFromAuthnRequest(&$login) - { - global $logger; - - switch ($_SERVER['REQUEST_METHOD']) - { - case 'GET': - $login->processAuthnRequestMsg($_SERVER['QUERY_STRING']); - $logger->log("processAuthnRequestMsg with method GET : " . $_SERVER['QUERY_STRING'], PEAR_LOG_DEBUG); - break; - case 'POST': - if (empty($_POST['LAREQ'])) - { - $logger->log("POST LARQ value is empty"); - die("POST LARQ value is empty"); - } - $login->processAuthnRequestMsg($_POST['LAREQ']); - $logger->log("processAuthnRequestMsg with method POST", PEAR_LOG_DEBUG); - break; - default: - $logger->log("initFromAuthnRequest with called an unknown method", PEAR_LOG_CRIT); - die("Unknown request method"); - } - } - - /* - * This function authentificate the user against the Postgres Database - */ - function authentificateUser($db, $username, $password) - { - global $logger; - - $query = "SELECT user_id FROM users WHERE username=".$db->quoteSmart($username); - $query .= " AND password=".$db->quoteSmart($password); - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die($res->getMessage()); - } - - if ($res->numRows()) - { - $row = $res->fetchRow(); - return ($row[0]); - } - return (0); - } - - /* - * Get UserID from the NameIdentifier - * return user_id or 0 if not found - */ - function getUserIDFromNameIdentifier($db, $nameidentifier) - { - $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameidentifier'"; - - $res =& $db->query($query); - isDBError($res); - - // UserID not found - if (!$res->numRows()) - return (0); - - $row = $res->fetchRow(); - return ($row[0]); - } - - /* - * - */ - function getIdentityDumpAndSessionDumpFromUserID($db, $user_id) - { - $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - if ($res->numRows()) - { - $row =& $res->fetchRow(); - $ret = array("identity_dump" => $row[0], "session_dump" => $row[1]); - return ($ret); - } - } - - - /* - * - */ - function doneSingleSignOn($db, &$login, $user_id) - { - global $logger; - - $authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? LASSO_SAML_AUTHENTICATION_METHOD_SECURE_REMOTE_PASSWORD : LASSO_SAML_AUTHENTICATION_METHOD_REMOTE_PASSWORD); - - // reauth in session_cache_expire, default is 180 minutes - $reauthenticateOnOrAfter = strftime("%Y-%m-%dT%H:%M:%SZ", time() + session_cache_expire() * 60); - - $login->validateRequestMsg(TRUE, TRUE); - $login->buildAssertion($authenticationMethod, 0, - $reauthenticateOnOrAfter, "", ""); - - if ($login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) - $login->buildArtifactMsg(LASSO_HTTP_METHOD_REDIRECT); - else if ($login->protocolProfile == lLASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST) - $login->buildAuthnResponseMsg(); - else - { - $logger->log("Unknown protocol profile", PEAR_LOG_CRIT); - die("Unknown protocol profile\n"); - } - - $query = "SELECT * FROM nameidentifiers WHERE name_identifier='"; - $query .= $login->nameIdentifier."' AND user_id='$user_id'"; - - $res =& $db->query($query); - isDBError($res); - - if (!$res->numRows()) - { - // register new name_identifier - $query = "INSERT INTO nameidentifiers (name_identifier, user_id) "; - $query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')"; - - $res =& $db->query($query); - isDBError($res); - $logger->log("Register Name Identifier '" . $login->nameIdentifier ."' for User '$user_id'", PEAR_LOG_INFO); - } - - $identity = $login->identity; - // do we need to update identity dump? - if ($login->isIdentityDirty) - updateIdentityDump($db, $user_id, $identity->dump()); - - $session = $login->session; - // do we need to update session dump? - if ($login->isSessionDirty) - updateSessionDump($db, $user_id, $session->dump()); - - if (empty($login->assertionArtifact)) - { - $logger->log("Assertion Artifact is empty", PEAR_LOG_CRIT); - die("assertion Artifact is empty"); - } - - $logger->log("Assertion Artifact is '" . $login->assertionArtifact . "'", PEAR_LOG_DEBUG); - - saveAssertionArtifact($db, $login->assertionArtifact, $login->assertion); - - - // Save PHP Session ID in the sso_session table - $query = "INSERT INTO sso_sessions(name_identifier, session_id, ip)"; - $query .= " VALUES('" . $login->nameIdentifier . "','" . session_id() . "','"; - $query .= ip2long($_SERVER['REMOTE_ADDR']) . "')"; - - $res =& $db->query($query); - isDBError($res); - - unset($_SESSION['login_dump']); // delete login_dump - $_SESSION['identity_dump'] = $identity->dump(); - $_SESSION['session_dump'] = $session->dump(); - - $logger->log("New Single Sign On Session started for user '$user_id'", PEAR_LOG_INFO); - - switch($login->protocolProfile) - { - case LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART: - $url = $login->msgUrl; - - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\n\n"); - lasso_shutdown(); - exit; - case LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST: - // TODO : lassoLoginProtocolProfileBrwsPost - die("Not yet implemented"); - default: - $logger->log("Unknown Login Protocol Profile :" . $login->protocolProfile, PEAR_LOG_CRIT); - die("Unknown Login Protocol Profile"); - } - } - - // validate login - if ($form->validate()) - { - if (empty($_SESSION['login_dump'])) - { - $logger->log("Login dump is not registred in the session", PEAR_LOG_ERR); - die("Login dump is not registred"); - } - - $login = LassoLogin::newFromDump($server, $_SESSION['login_dump']); - - if (($user_id = authentificateUser($db, $form->exportValue('username'), - $form->exportValue('password')))) - { - $array = getIdentityDumpAndSessionDumpFromUserID($db, $user_id); - $is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE); - - if (!empty($array['identity_dump'])) - { - $logger->log("Update Identity dump for user '$user_id' from the database", PEAR_LOG_INFO); - $login->setIdentityFromDump($array['identity_dump']); - } - - if (!empty($array['identity_dump'])) - { - $logger->log("Update Identity dump for user '$user_id' from the database", PEAR_LOG_INFO); - $login->setIdentityFromDump($array['identity_dump']); - } - - - if (!empty($array['session_dump'])) - { - $logger->log("Update Session dump for user '$user_id' from the database", PEAR_LOG_INFO); - $login->setSessionFromDump($array['session_dump']); - } - - doneSingleSignOn($db, $login, $user_id); - exit; - } - else - $logger->log("Authentication failure with login '". $form->exportValue('username')." - password '". $form->exportValue('password') ."' IP '" . $_SERVER['REMOTE_ADDR']."'", PEAR_LOG_WARNING); - } - else - { - $login = new LassoLogin($server); - - // init login - updateDumpsFromSession($login); - initFromAuthnRequest($login); - - // User must NOT Authenticate with the IdP - if (!$login->mustAuthenticate()) - { - $user_id = getUserIDFromNameIdentifier($db, $login->nameIdentifier); - - if (!$user_id) - { - $logger->log("Could not get UserID from Name Identifier '" . $login->nameIdentifier . "'", PEAR_LOG_ERR); - die("Internal Server Error"); - } - doneSingleSignOn($db, $login, $user_id); - exit; - } - else - { - // register login dump in this session, - // we can not transfert xml dump with hidden input - $_SESSION['login_dump'] = $login->dump(); - } - } -?> - - - -display(); -?> - - diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php deleted file mode 100644 index 2fe0d33c..00000000 --- a/php/Attic/examples/sample-idp/soapEndpoint.php +++ /dev/null @@ -1,393 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - $server_dump = file_get_contents($config['server_dump_filename']); - - header("Content-Type: text/xml\r\n"); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - { - header("HTTP/1.0 500 Internal Server Error"); - exit; - } - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // shutdown function - function close_logger() - { - global $logger; - $logger->close(); - } - register_shutdown_function("close_logger"); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - if (empty($HTTP_RAW_POST_DATA)) - { - $logger->log("HTTP_RAW_POST_DATA is empty", PEAR_LOG_WARNING); - die("HTTP_RAW_POST_DATA is empty!"); - } - - lasso_init(); - - $requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA); - $server = LassoServer::newFromDump($server_dump); - - switch ($requestype) - { - // Login - case lassoRequestTypeLogin: - $logger->log("SOAP Login Request from " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); - - $login = new LassoLogin($server); - $login->processRequestMsg($HTTP_RAW_POST_DATA); - $artifact = $login->assertionArtifact; - - $query = "SELECT response_dump FROM assertions WHERE assertion='" . $artifact . "'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - - // Good Artifact, send reponse_dump - if ($res->numRows()) - { - $row = $res->fetchRow(); - - $logger->log("Good artifact send by " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); - - // Delete assertion from the database - $query = "DELETE FROM assertions WHERE assertion='" . $artifact . "'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - $logger->log("Delete assertion '$artifact'", PEAR_LOG_DEBUG); - - $login->setAssertionFromDump($row[0]); - $login->buildResponseMsg(); - header("Content-Length: " . strlen($login->msgBody) . "\r\n"); - echo $login->msgBody; - exit; - } - else - { - // Wrong Artifact - header("HTTP/1.0 403 Forbidden"); - header("Content-Length: 0\r\n"); - $logger->log("Wrong artifact send by " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_WARNING); - exit; - } - break; - case lassoRequestTypeLogout: - $logger->info("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR']); - - // Logout - $logout = new LassoLogout($server, lassoProviderTypeIdp); - $logout->processRequestMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); - $nameIdentifier = $logout->nameIdentifier; - - // name identifier is empty, wrong request - if (empty($nameIdentifier)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("Name Identifier is empty"); - exit; - } - - $logger->log("Name Identifier '$nameIdentifier'", PEAR_LOG_DEBUG); - - $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("Could not find user_id matching nameidentifier '$nameIdentifier'", PEAR_LOG_ERR); - exit; - } - - $row = $res->fetchRow(); - $user_id = $row[0]; - - $logger->log("Name Identifier '$nameIdentifier' match UserID '$user_id'", PEAR_LOG_DEBUG); - - $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("Could not fetch identity and session dump for user '$user_id'", PEAR_LOG_ERR); - exit; - } - - $row = $res->fetchRow(); - $user_dump = $row[0]; - $session_dump = $row[1]; - - if (!empty($session_dump)) - { - $logout->setSessionFromDump($session_dump); - $logger->log("Update session from dump", PEAR_LOG_DEBUG); - } - $logout->setIdentityFromDump($user_dump); - - // TODO : handle bad validate request - $logout->validateRequest(); - - if ($logout->isIdentityDirty) - { - $identity = $logout->identity; - $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity->dump()); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - $logger->log("Update identity dump for user '$user_id'", PEAR_LOG_DEBUG); - } - - if ($logout->isSessionDirty) - { - $session = $logout->session; - $query = "UPDATE users SET session_dump="; - $query .= (($session == NULL) ? "''" : $db->quoteSmart($session->dump())); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - if ($session) - $logger->log("Update session dump for user '$user_id'", PEAR_LOG_DEBUG); - else - $logger->log("Delete session dump for user '$user_id'", PEAR_LOG_DEBUG); - } - - - // TODO : try multiple sp logout - while(($providerID = $logout->getNextProviderId())) - { - $logout->initRequest($providerID, lassoHttpMethodAny); // FIXME - $logout->buildRequestMsg(); - $url = parse_url($logout->msgUrl); - - $logger->log("Send SOAP Logout Request to '$providerID' for user '$user_id'", PEAR_LOG_INFO); - - $soap = sprintf("POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", - $url['path'], $url['host'], $url['port'], strlen($logout->msgBody), $logout->msgBody); - - $logger->log('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path'], PEAR_LOG_INFO); - $logger->log('SOAP Request : ' . $soap, PEAR_LOG_DEBUG); - - $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30); - if (!$fp) - { - $logger->log("Could not send SOAP Logout Request to '$providerID' - for user '$user_id' : $errstr ($errno)", PEAR_LOG_WARN); - continue; - } - fwrite($fp, $soap); - - read_http_response($fp, $header, $response); - - $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); - $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); - - if (!preg_match("/^HTTP\/1\\.. 200/i", $header)) - { - $logger->log("Logout faild for user '$user_id' on '$providerID'", PEAR_LOG_WARN); - continue; - } - $logout->processResponseMsg($response, lassoHttpMethodSoap); - } - - $logout->buildResponseMsg(); - - // Get PHP session ID - $query = "SELECT session_id FROM sso_sessions WHERE name_identifier='$nameIdentifier'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - $row = $res->fetchRow(); - $session_id = $row[0]; - - $logger->log("Name Identifier '$nameIdentifier' match PHP Session ID '$session_id'", PEAR_LOG_DEBUG); - - // Delete SSO Session from table 'sso_sessions' - $query = "DELETE FROM sso_sessions WHERE name_identifier='$nameIdentifier'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - exit; - } - - $logger->log("Destroy PHP Session '$session_id'", PEAR_LOG_DEBUG); - $logger->log("User '$user_id' is logged out", PEAR_LOG_INFO); - - // Destroy The PHP Session - session_id($session_id); - $_SESSION = array(); - session_destroy(); - - header("Content-Length: " . strlen($logout->msgBody) . "\r\n"); - echo $logout->msgBody; - break; - case lassoRequestTypeDefederation: - $logger->info("SOAP Defederation Request from " . $_SERVER['REMOTE_ADDR']); - - $defederation = new LassoDefederation($server, lassoProviderTypeSp); - $defederation->processNotificationMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); - - $nameIdentifier = $defederation->nameIdentifier; - if (empty($nameIdentifier)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("Name Identifier is empty"); - exit; - } - - $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - exit; - } - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("Name identifier '$nameIdentifier' doesn't correspond to any user"); - exit; - } - - $row = $res->fetchRow(); - $user_id = $row[0]; - $logger->debug("UserID is '$user_id"); - - $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; - $res =& $db->query($query); - - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - exit; - } - - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("User is not federated."); - exit; - } - $row = $res->fetchRow(); - $identity_dump = $row[0]; - $session_dump = $row[1]; - - $defederation->setIdentityFromDump($identity_dump); - if (!empty($session_dump)) - $defederation->setSessionFromDump($identity_dump); - - $defederation->validateNotification(); - - if (empty($defederation->msgUrl)): - header("HTTP/1.0 204 No Content"); - else - { - $url = $defederation->msgUrl; - - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\n\n"); - } - break; - - default: - header("HTTP/1.0 500 Internal Server Error"); - $logger->crit("Unknown or unsupported SOAP request"); - } - - lasso_shutdown(); -?> diff --git a/php/Attic/examples/sample-idp/user_add.php b/php/Attic/examples/sample-idp/user_add.php deleted file mode 100644 index 61d2cf16..00000000 --- a/php/Attic/examples/sample-idp/user_add.php +++ /dev/null @@ -1,111 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - $form = new HTML_QuickForm('frm'); - - $form->addElement('header', null, 'Add New User'); - $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('text', 'password', 'Password:', array('size' => 50, 'maxlength' => 255)); - $form->addElement('submit', null, 'Create'); - - $form->addRule('username', 'Please enter the Username', 'required', null, 'client'); - $form->addRule('password', 'Please enter the Password', 'required', null, 'client'); - - if ($form->validate()) - { - - $query = "INSERT INTO users (user_id, username, password, created) VALUES(nextval('user_id_seq'),"; - $query .= $db->quoteSmart($form->exportValue('username')) . ","; - $query .= $db->quoteSmart($form->exportValue('password')) . ", NOW())"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_ERR); - $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("Username exist!"); - } - - $logger->log("Create User '" . $form->exportValue('username') . "'", PEAR_LOG_NOTICE); -?> - - - - - - - - - - - - - Add User - - -display(); -?> -
-

Copyright © 2004, 2005 Entr'ouvert

- - - diff --git a/php/Attic/examples/sample-idp/view_session.php b/php/Attic/examples/sample-idp/view_session.php deleted file mode 100644 index 0c9fa429..00000000 --- a/php/Attic/examples/sample-idp/view_session.php +++ /dev/null @@ -1,121 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'DB.php'; - - if (!file_exists('config.inc')) - { -?> -

Service Provider Configuration file is not available
-Please run the setup script :
-Lasso Service Provider Setup
-You can get more informations about Lasso at
-http://lasso.entrouvert.org/

-getMessage()); - - $query = "SELECT nameidentifiers.user_id,users.username,ip "; - $query .= "FROM nameidentifiers,sso_sessions,users "; - $query .= "WHERE sso_sessions.name_identifier = nameidentifiers.name_identifier "; - $query .= "AND nameidentifiers.user_id = users.user_id"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $numRows = $res->numRows(); -?> - - - -Lasso Service Provider Example : View Online Users - - - - -

- - - - - - - - - - - - -numCols(); - $tableinfo = $db->tableInfo($res); - - while($row = $res->fetchRow()) - { - echo ""; - for ($i = 0; $i < $num_col; $i++) - { - echo ""; - } - echo ""; - } - - } -?> - - - - - - -
Online Users
User IDUser NameAddress IPStartedDuration
"; - switch ($tableinfo[$i]['name']) - { - case "ip": - echo long2ip($row[$i]); - break; - default: - echo $row[$i]; - } - echo "
 
-

- -
-

Index -

-
-

Copyright © 2004, 2005 Entr'ouvert

- - - diff --git a/php/Attic/examples/sample-sp/.cvsignore b/php/Attic/examples/sample-sp/.cvsignore deleted file mode 100644 index 22a4e729..00000000 --- a/php/Attic/examples/sample-sp/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -Makefile.in - diff --git a/php/Attic/examples/sample-sp/Makefile.am b/php/Attic/examples/sample-sp/Makefile.am deleted file mode 100644 index cdfc650e..00000000 --- a/php/Attic/examples/sample-sp/Makefile.am +++ /dev/null @@ -1,17 +0,0 @@ -EXTRA_DIST = \ - admin_user.php \ - assertionConsumer.php \ - cancel_federation.php \ - index.php \ - login.php \ - logout.php \ - metadata_idp1.xml \ - metadata_sp1.xml \ - misc.php \ - register.php \ - session.php \ - setup.php \ - soapEndpoint.php \ - view_session.php \ - README - diff --git a/php/Attic/examples/sample-sp/README b/php/Attic/examples/sample-sp/README deleted file mode 100644 index a78f9817..00000000 --- a/php/Attic/examples/sample-sp/README +++ /dev/null @@ -1 +0,0 @@ -TODO ;0) diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php deleted file mode 100644 index 72b29659..00000000 --- a/php/Attic/examples/sample-sp/admin_user.php +++ /dev/null @@ -1,205 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - $config = unserialize(file_get_contents('config.inc')); - - require_once 'Log.php'; - require_once 'DB.php'; - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - - if (!empty($_GET['dump'])) { - $query = "SELECT identity_dump FROM users WHERE user_id=".$db->quoteSmart($_GET['dump']); - $res =& $db->query($query); - if (DB::isError($res)) - print $res->getMessage(). "\n"; - $row = $res->fetchRow(); - -?> - - - - - - - - - - - -
Identity Dump
- -
Close
- - -quoteSmart($_GET['del']); - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $query = "DELETE FROM users WHERE user_id=".$db->quoteSmart($_GET['del']); - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - } - - lasso_init(); - - // Create Lasso Server - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); - - // Lasso User - $login = new LassoLogin($server); - - $query = "SELECT * FROM users"; - $res =& $db->query($query); - if (DB::isError($res)) - print $res->getMessage(). "\n"; -?> - - - -Lasso Service Provider Example : Users Management - - - - - - -numCols(); - $tableinfo = $db->tableInfo($res); -?> - -" . $tableinfo[$i]['name'] .""; - } -?> - - - -fetchRow()) { -?> - - - - - - - - - - - - - - - - - -
Users
 
- view"; - $identity_dump = $row[$i]; - break; - - default: - echo (empty($row[$i])) ? " " : $row[$i]; - } - ?> - delete
-setIdentityFromDump($identity_dump); - $identity = $login->identity; - $providerIDs = $identity->providerIds; - - for($i = 0; $i < $providerIDs->length() ; $i++) - { - if ($i) - echo "
"; - echo $providerIDs->getItem($i); - } - } - else - echo "Not Federated with an Service Provider."; -?> -
 Total: numRows();?> Users
- -
-

Index -

- -
-

Copyright © 2004, 2005 Entr'ouvert

- - - - -disconnect(); - lasso_shutdown(); -?> diff --git a/php/Attic/examples/sample-sp/assertionConsumer.php b/php/Attic/examples/sample-sp/assertionConsumer.php deleted file mode 100644 index 46bc63a5..00000000 --- a/php/Attic/examples/sample-sp/assertionConsumer.php +++ /dev/null @@ -1,212 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - require_once 'misc.php'; - - $config = unserialize(file_get_contents('config.inc')); - - if (!$_GET['SAMLart']) { - exit(1); - } - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - lasso_init(); - - $server_dump = file_get_contents($config['server_dump_filename']); - - $server = LassoServer::newFromDump($server_dump); - - $login = new LassoLogin($server); - - $logger->info('Request from ' . $_SERVER['REMOTE_ADDR']); - $login->initRequest($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); - $login->buildRequestMsg(); - - $url = parse_url($login->msgUrl); - - $soap = sprintf( - "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", - $url['path'], $url['host'], $url['port'], strlen($login->msgBody), $login->msgBody); - - $logger->log('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path'], PEAR_LOG_INFO); - $logger->log('SOAP Request : ' . $soap, PEAR_LOG_DEBUG); - - # PHP 4.3.0 with OpenSSL support required - $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); - socket_set_timeout($fp, 10); - fwrite($fp, $soap); - - read_http_response($fp, $header, $response); - - $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); - $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); - - if (!preg_match("/^HTTP\/1\\.. 200/i", $header)) { - $logger->log("Wrong Artifact send by " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_ERR); - die("Wrong Artifact"); - } - - $login->processResponseMsg($response); - - $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='" . $login->nameIdentifier . "'"; - $res =& $db->query($query); - - $logger->log("Name Identifier : " . $login->nameIdentifier, PEAR_LOG_DEBUG); - - if (DB::isError($res)) - { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); - die($db->getMessage()); - } - - if ($res->numRows() > 0) - { - // User already exist in the database - $row =& $res->fetchRow(); - $user_id = $row[0]; - - # Get Identity Dump from the data base - $query = "SELECT identity_dump FROM users WHERE user_id='$user_id'"; - $res =& $db->query($query); - - if (DB::isError($db)) - { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); - die($db->getMessage()); - } - - $row =& $res->fetchRow(); - - $login->setIdentityFromDump($row[0]); - - $res->free(); - - $login->acceptSso(); - - $session = $login->session; - $identity = $login->identity; - - $_SESSION['nameidentifier'] = $login->nameIdentifier; - $_SESSION['identity_dump'] = $identity->dump(); - $_SESSION['session_dump'] = $session->dump(); - $_SESSION['user_id'] = $user_id; - - $url = "index.php"; - - $logger->log("New session started for user '$user_id'", PEAR_LOG_INFO); - } - else - { - // New User - $login->acceptSso(); - - $identity = $login->identity; - $identity_dump = $identity->dump(); - - $session = $login->session; - - // Insert into users - $query = "INSERT INTO users (user_id,identity_dump,created) VALUES(nextval('user_id_seq'),"; - $query .= $db->quoteSmart($identity_dump) . ", NOW())"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); - die($db->getMessage()); - } - - - // Get UserID - $query = "SELECT last_value FROM user_id_seq"; - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); - die($db->getMessage()); - } - $row = $res->fetchRow(); - $user_id = $row[0]; - - $logger->log("New user($user_id) created", PEAR_LOG_NOTICE); - - // Insert into nameidentifiers - $query = "INSERT INTO nameidentifiers VALUES('".$login->nameIdentifier."', '$user_id')"; - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); - die($db->getMessage()); - } - - - $_SESSION['nameidentifier'] = $login->nameIdentifier; - $_SESSION['identity_dump'] = $identity->dump(); - $_SESSION['session_dump'] = $session->dump(); - $_SESSION['user_id'] = $user_id; - - $logger->log("New session started for user '$user_id', redirect to the registration form", PEAR_LOG_INFO); - - $url = "register.php"; - } - - // Update last_login - $query = "UPDATE users SET last_login=NOW() WHERE user_id='$user_id'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); - die($db->getMessage()); - } - $logger->log("Update last login for user '$user_id'", PEAR_LOG_INFO); - - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\n\n"); - lasso_shutdown(); - exit(); -?> diff --git a/php/Attic/examples/sample-sp/cancel_federation.php b/php/Attic/examples/sample-sp/cancel_federation.php deleted file mode 100644 index 818f2b75..00000000 --- a/php/Attic/examples/sample-sp/cancel_federation.php +++ /dev/null @@ -1,200 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - require_once 'misc.php'; - - $config = unserialize(file_get_contents('config.inc')); - - $methodes = array('redirect' => lassoHttpMethodRedirect, 'soap' => lassoHttpMethodSoap); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - if (empty($_GET['profile'])) - { - $logger->err("Cancel Federation called without profile."); - die("Cancel Federation called without profile."); - } - - if (empty($_GET['with'])) - { - $logger->err("Cancel Federation called without providerID."); - die("Cancel Federation called without providerID."); - } - - session_start(); - - lasso_init(); - - if (empty($_SESSION['user_id'])) - { - $logger->err("UserID is empty, user is not logged in."); - die("UserID is empty, user is not logged in."); - } - - if (empty($_SESSION['identity_dump'])) - { - $logger->err("Identity Dump is empty, user is not federated."); - die("Identity Dump is empty, user is not federated."); - } - - if (!in_array($_GET['profile'], array_keys($methodes))) - { - die("Unknown defederation profile : " . $_GET['profile']); - $logger->err("Unknown defederation profile : " . $_GET['profile']); - } - - $user_id = $_SESSION['user_id']; - - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); - - $defederation = new LassoDefederation($server, lassoProviderTypeSp); - $defederation->setIdentityFromDump($_SESSION['identity_dump']); - - if (!empty($_SESSION['session_dump'])) - $defederation->setSessionFromDump($_SESSION['session_dump']); - - $logger->debug("Create Cancel Federation Notification for User '" . $_SESSION["user_id"] . - "' with Identity Provider '" . $_GET['with']. "'"); - - $defederation->initNotification($_GET['with'], $methodes[$_GET['profile']]); - - $defederation->buildNotificationMsg(); - $nameIdentifier = $defederation->nameIdentifier; - if (empty($nameIdentifier)) - { - $loggery>err("Name Identifier is empty."); - die("Name Identifier is empty."); - } - - $identity = $defederation->identity; - if (isset($defederation->identity)) - { - // Update identity dump - $identity_dump = $identity->dump(); - $_SESSION['identity_dump'] = $identity_dump; - $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); - } - else // Delete identity and session dumps - $query = "UPDATE users SET identity_dump=''"; - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - die("Internal Server Error"); - } - $logger->debug("Update user '$user_id' identity dump in the database"); - - // Update session dump, if available - if (!empty($_SESSION['sesion_dump']) && $defederation->isSessionDirty) - { - $session = $defederation->session; - $session_dump = $session->dump(); - $_SESSION['session_dump'] = $session_dump; - - $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); - $query .= " WHERE user_id='$user_id'"; - - $res =& $db->query($query); - if (DB::isError($res)) - { - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - die("Internal Server Error"); - } - $logger->debug("Update user '$user_id' session dump in the database"); -} - -// Delete Name Identifier -$query = "DELETE FROM nameidentifiers WHERE user_id='$user_id' "; -$query .= "AND name_identifier='$nameIdentifier'"; - -$res =& $db->query($query); -if (DB::isError($res)) -{ - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - die("Internal Server Error"); -} - -$logger->info("Delete Name Identifier '$nameIdentifier' for User '$user_id'"); - -switch($_GET['profile']) -{ - case 'redirect': - $url = $defederation->msgUrl; - $logger->info("Redirect user to $url"); - - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - break; - case 'soap': - $url = parse_url($defederation->msgUrl); - $soap = sprintf( - "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", - $url['path'], $url['host'], $url['port'], strlen($defederation->msgBody), $defederation->msgBody); - - $logger->info('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path']); - $logger->debug('SOAP Request : ' . $soap); - - $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); - socket_set_timeout($fp, 10); - fwrite($fp, $soap); - - read_http_response($fp, $header, $reponse); - - fclose($fp); - - $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); - $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); - - // TODO : check reponse status - - - break; - } - -?> - - diff --git a/php/Attic/examples/sample-sp/index.php b/php/Attic/examples/sample-sp/index.php deleted file mode 100644 index 6ccd1b8b..00000000 --- a/php/Attic/examples/sample-sp/index.php +++ /dev/null @@ -1,214 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'DB.php'; - require_once 'session.php'; - - if(!extension_loaded('lasso')) { - $ret = @dl('lasso.' . PHP_SHLIB_SUFFIX); - if ($ret == FALSE) - { -?> -

The Lasso Extension is not available
-Please check your PHP extensions
-You can get more informations about Lasso at
-http://lasso.entrouvert.org/

- -

Service Provider Configuration file is not available
-Please run the setup script :
-Lasso Service Provider Setup
-You can get more informations about Lasso at
-http://lasso.entrouvert.org/

-getMessage()); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - - lasso_init(); - - $server_dump = file_get_contents($config['server_dump_filename']); - $server = LassoServer::newFromDump($server_dump); -?> - - - -Lasso Service Provider Example - - - - -

-Service Provider Administration
-Setup
-Users Management
-View Online Users - -
View log - -

-

- Serice Provider Fonctionnality - - - - - - - - - - - - - - - - -setIdentityFromDump($_SESSION['identity_dump']); - if (!empty($_SESSION['session_dump'])) - $login->setSessionFromDump($_SESSION['session_dump']); - $identity = $login->identity; - $providerIDs = $identity->providerIds; - - if ($providerIDs->length()) - { -?> - - - - - - -length() ; $i++) - { - $providerID = $providerIDs->getItem($i); -?> - - - - - - - - - - - - -
Single SignOn using an Identity Provider
 
ProviderProfile
post | artifact
Cancel a Federation with :
Identity ProviderProfile
- Redirect | - SOAP -
 
Single Logout using SOAP
-

- -

- - - - User is not logged in!"; - } - else - { - ?> - - - - - - - - -query($query); - if (DB::isError($res)) - die($res->getMessage()); - - list($user_id, $identity_dump, $first_name, $last_name, $last_login, $created) = $res->fetchRow(); - ?> - - - - - - - - - - - - - - - - -
Status
User is logged in!
Name Identifier:
UserID:
Last Name:
First Name:
PHP Session ID:
Account Created:
Last Login:
-

-
-

Copyright © 2004, 2005 Entr'ouvert

- - - diff --git a/php/Attic/examples/sample-sp/log_view.php b/php/Attic/examples/sample-sp/log_view.php deleted file mode 100644 index ccba208c..00000000 --- a/php/Attic/examples/sample-sp/log_view.php +++ /dev/null @@ -1,160 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'HTML/QuickForm.php'; - require_once 'DB.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die("Could not connect to the database"); - - if ($config['log_handler'] != 'sql') - die("Unsupported log handler"); - - $number_of_msg = 8; - - // Count log messages - $query = "SELECT COUNT(*) FROM log"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $row = $res->fetchRow(); - $count = $row[0]; - - $startMsg = ((empty($_GET['startMsg'])) ? 0 : $_GET['startMsg']); - - $query = "SELECT * FROM log ORDER BY id DESC"; - if (!isset($_GET['show_all'])) - $query .= " OFFSET $startMsg LIMIT " . ($startMsg + $number_of_msg); - - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $numRows = $res->numRows(); - -?> - - - - - Lasso Service Provider Example : View Logs - - -
- - - - - - - - - - - - - - -numCols(); - $tableinfo = $db->tableInfo($res); - - $desc = array("emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug"); - - while($row = $res->fetchRow()) - { - echo ""; - for ($i = 0; $i < $num_col; $i++) - { - switch ($tableinfo[$i]['name']) - { - case "id": - break; - case "priority": - echo ""; - break; - case "message": - echo ""; - break; - default: - echo ""; - } - } - echo ""; - } - } -?> - - - - - - - - -
Logged events
- Previous"; - else - echo "Previous" - ?> - | - $number_of_users) && !isset($_GET['show_all'])) - echo "Next"; - else - echo "Next"; - - if (isset($_GET['show_all'])) - echo "| Paginate"; - else - { - for ($i = 0; $i < $count; $i += $number_of_msg) - if ($i == $startMsg) - echo "| " . ( $i / $number_of_msg); - else - echo "| " . ( $i / $number_of_msg) . ""; - if ($count > $number_of_msg) - echo "| Show All"; - } - ?> -
datefilenameprioritymessage
" . $desc[$row[$i]] . "" . $row[$i] . "" . $row[$i] . "
 
-
-

Index -

-
-

Copyright © 2004, 2005 Entr'ouvert

- - - diff --git a/php/Attic/examples/sample-sp/login.php b/php/Attic/examples/sample-sp/login.php deleted file mode 100644 index f04ef8a5..00000000 --- a/php/Attic/examples/sample-sp/login.php +++ /dev/null @@ -1,94 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - lasso_init(); - - $server_dump = file_get_contents($config['server_dump_filename']); - - $server = LassoServer::newFromdump($server_dump); - - $login = new LassoLogin($server); - - if ($_GET['profile'] == 'post') - $login->initAuthnRequest(LASSO_HTTP_METHOD_POST); - elseif ($_GET['profile'] == 'artifact') - $login->initAuthnRequest(LASSO_HTTP_METHOD_REDIRECT); - else - die('Unknown Single Sign ON Profile'); - - $request = $login->authnRequest; - - $request->isPassive = FALSE; - $request->nameIdPolicy = LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED; - $request->consent = LASSO_LIB_CONSENT_OBTAINED; - - $login->buildAuthnRequestMsg($config['providerID']); - - $url = $login->msgUrl; - $msg = $login->msgBody; - switch ($_GET['profile']) - { - case 'post': -?> - - - - Authentication Request - - -
-

You should be automaticaly redirected to an authentication server.

-

If this page is still visible after a few seconds, press the Send button below.

- - -
- - - diff --git a/php/Attic/examples/sample-sp/logout.php b/php/Attic/examples/sample-sp/logout.php deleted file mode 100644 index 0c9ba4c9..00000000 --- a/php/Attic/examples/sample-sp/logout.php +++ /dev/null @@ -1,145 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - if (!isset($_SESSION["nameidentifier"])) { - $logger->log("Not logged in user '" . $_SERVER['REMOTE_ADDR'] , "', try to register.", PEAR_LOG_WARN); - exit(0); - } - - lasso_init(); - - $server_dump = file_get_contents($config['server_dump_filename']); - - $server = LassoServer::newFromDump($server_dump); - - $logout = new LassoLogout($server, lassoProviderTypeSp); - - $query = "SELECT identity_dump FROM users WHERE user_id='"; - $query .= $_SESSION['user_id']."'"; - - $res =& $db->query($query); - - if (DB::isError($res)) - { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); - die($db->getMessage()); - } - - $row = $res->fetchRow(); - - $logout->setIdentityFromDump($row[0]); - $logout->setSessionFromDump($_SESSION['session_dump']); - - $logout->initRequest(); - $logout->buildRequestMsg(); - - $url = parse_url($logout->msgUrl); - - $soap = sprintf( - "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", - $url['path'], $url['host'], $url['port'], - strlen($logout->msgBody), $logout->msgBody); - - $logger->log('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path'], PEAR_LOG_INFO); - $logger->log('SOAP Request : ' . $soap, PEAR_LOG_DEBUG); - - # PHP 4.3.0 with OpenSSL support required - $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); - socket_set_timeout($fp, 10); - fwrite($fp, $soap); - - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } - fclose($fp); - - $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); - $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); - - if (!preg_match("/^HTTP\/1\\.. 200/i", $header)) { - $logger->log("User is already logged out" . $_SERVER['REMOTE_ADDR'], PEAR_LOG_WARN); - die("User is already logged out"); - } - - # Destroy The PHP Session - $_SESSION = array(); - $logger->log("Destroy session '".session_id()."' for user '".$_SESSION['username']."'", PEAR_LOG_INFO); - session_destroy(); - - lasso_shutdown(); - - $url = "index.php"; - - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\n\r\n"); - exit; -?> diff --git a/php/Attic/examples/sample-sp/metadata_idp1.xml b/php/Attic/examples/sample-sp/metadata_idp1.xml deleted file mode 100644 index af84f259..00000000 --- a/php/Attic/examples/sample-sp/metadata_idp1.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - - https://idp1.lasso.lan:1998/singleSignOn - http://projectliberty.org/profiles/brws-art - http://projectliberty.org/profiles/brws-post - - https://idp1.lasso.lan:1998/singleLogout - https://idp1.lasso.lan:1998/singleLogoutReturn - http://projectliberty.org/profiles/slo-idp-soap - http://projectliberty.org/profiles/slo-idp-http - http://projectliberty.org/profiles/slo-sp-soap - http://projectliberty.org/profiles/slo-sp-http - - https://idp1.lasso.lan:1998/federationTermination - https://idp1.lasso.lan:1998/federationTerminationReturn - http://projectliberty.org/profiles/fedterm-idp-soap - http://projectliberty.org/profiles/fedterm-idp-http - http://projectliberty.org/profiles/fedterm-sp-soap - http://projectliberty.org/profiles/fedterm-sp-http - - https://idp1.lasso.lan:1998/registerNameIdentifier - https://idp1.lasso.lan:1998/registerNameIdentifierReturn - http://projectliberty.org/profiles/rni-idp-soap - http://projectliberty.org/profiles/rni-idp-http - http://projectliberty.org/profiles/rni-sp-soap - http://projectliberty.org/profiles/rni-sp-http - - http://projectliberty.org/profiles/nim-sp-http - - https://idp1.lasso.lan:1998/soapEndpoint - - - - - Identity Provider idp1.lasso.lan - Identity Provider 1 - http://idp1.lasso.lan/ - - - diff --git a/php/Attic/examples/sample-sp/metadata_sp1.xml b/php/Attic/examples/sample-sp/metadata_sp1.xml deleted file mode 100644 index cf2fad08..00000000 --- a/php/Attic/examples/sample-sp/metadata_sp1.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - - https://sp1.lasso.lan:2006/assertionConsumer - - https://sp1.lasso.lan:2006/singleLogout - https://sp1.lasso.lan:2006/singleLogoutReturn - http://projectliberty.org/profiles/slo-idp-soap - http://projectliberty.org/profiles/slo-idp-http - http://projectliberty.org/profiles/slo-sp-soap - http://projectliberty.org/profiles/slo-sp-http - - https://sp1.lasso.lan:2006/federationTermination - https://sp1.lasso.lan:2006/federationTerminationReturn - http://projectliberty.org/profiles/fedterm-idp-soap - http://projectliberty.org/profiles/fedterm-idp-http - http://projectliberty.org/profiles/fedterm-sp-soap - http://projectliberty.org/profiles/fedterm-sp-http - - https://sp1.lasso.lan:2006/registerNameIdentifier - https://sp1.lasso.lan:2006/registerNameIdentifierReturn - http://projectliberty.org/profiles/rni-idp-soap - http://projectliberty.org/profiles/rni-idp-http - http://projectliberty.org/profiles/rni-sp-soap - http://projectliberty.org/profiles/rni-sp-http - - https://sp1.lasso.lan:2006/soapEndpoint - - true - - - - - Service Provider sp1.lasso.lan - Service Provider 1 - http://sp1.lasso.lan/ - - - diff --git a/php/Attic/examples/sample-sp/misc.php b/php/Attic/examples/sample-sp/misc.php deleted file mode 100644 index d1f5107a..00000000 --- a/php/Attic/examples/sample-sp/misc.php +++ /dev/null @@ -1,55 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -function read_http_response($fp, &$header, &$response) -{ - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = @fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } -} diff --git a/php/Attic/examples/sample-sp/register.php b/php/Attic/examples/sample-sp/register.php deleted file mode 100644 index 2e80e903..00000000 --- a/php/Attic/examples/sample-sp/register.php +++ /dev/null @@ -1,92 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'DB.php'; - require_once 'session.php'; - - $config = unserialize(file_get_contents('config.inc')); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - if (!isset($_SESSION["nameidentifier"])) { - print "User is not logged in"; - exit(0); - } - - switch($_POST['action']) { - case "submit": - // Update User info - $query = "UPDATE users SET first_name=" . $db->quoteSmart($_POST['first_name']); - $query .= ",last_name=" . $db->quoteSmart($_POST['last_name']); - $query .= " WHERE user_id='".$_SESSION["user_id"]."'"; - - $res =& $db->query($query); - if (DB::isError($res)) - print $res->getMessage(). "\n"; - - $url = "index.php"; - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - exit(); - default: -?> - - - -Lasso Service Provider Example : Registration Form - - - -
- - - - - - - - - - - -
Registration Form
First Name:
Last Name:
 
- -
- - - - diff --git a/php/Attic/examples/sample-sp/session.php b/php/Attic/examples/sample-sp/session.php deleted file mode 100644 index b51bb893..00000000 --- a/php/Attic/examples/sample-sp/session.php +++ /dev/null @@ -1,86 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - -function open_session ($save_path, $session_name) { - return(true); -} - -function close_session() { - global $db; - $db->disconnect(); - return(true); -} - -function read_session ($id) { - global $db; - - $query = "SELECT * FROM sessions WHERE id='$id'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - exit; - die($res->getMessage()); - } - - if ($res->numRows() == 1) - { - $row = $res->fetchRow(); - return ($row[2]); - } else { - return(""); - } -} - -function write_session ($id, $sess_data) { - global $db; - - $query = "DELETE FROM sessions WHERE id='$id'"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $query = "INSERT INTO sessions(id, lastupdate, data) VALUES('$id', NOW(),"; - $query .= $db->quoteSmart($sess_data).")"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); -} - -function destroy_session ($id) { - global $db; - - $query = "DELETE FROM sessions WHERE id='$id'"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - return true; -} - -function gc_session ($maxlifetime) { - return true; -} - -?> diff --git a/php/Attic/examples/sample-sp/setup.php b/php/Attic/examples/sample-sp/setup.php deleted file mode 100644 index ab4b1399..00000000 --- a/php/Attic/examples/sample-sp/setup.php +++ /dev/null @@ -1,419 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - require_once 'DB.php'; -?> - -The Lasso Extension is not available
"; - print "Please check your PHP extensions
"; - print "You can get more informations about Lasso at
"; - print "http://lasso.entrouvert.org/

"; - exit(); - } - } - - - # default config - if (!file_exists('config.inc')) - { - $cwd = getcwd(); - $config = array( - 'dsn' => "pgsql://sp:sp@localhost/sp", - 'server_dump_filename' => "lasso_server_dump.xml", - 'log_handler' => "sql", - 'sp-metadata' => $cwd . "/metadata_sp1.xml", - 'sp-private_key' => $cwd . "/private-key-raw_sp1.pem", - 'sp-secret_key' => "", - 'sp-ca' => $cwd . "/certificate_sp1.pem", - 'providerID' => "https://idp1/metadata", - 'idp-metadata' => $cwd . "/metadata_idp1.xml", - 'idp-public_key' => $cwd . "/public-key_idp1.pem", - 'idp-ca' => $cwd . "/certificate_idp1.pem", - ); - - $config_ser = serialize($config); - - if (($fd = fopen("config.inc", "w"))) - { - fwrite($fd, $config_ser); - fclose($fd); - } - else - die("Could not write default config file, - if you get a \"permission denied\" error, check the owner of the - sample directory. (it must be www-data)."); - } - else - { - $config = unserialize(file_get_contents('config.inc')); - } - - if ($_POST['action'] == 'setup') - { - ob_start(); - - $setup = FALSE; - - print "Lasso Service Provider Setup
"; - - unset($_POST['action']); - - $diff = array_diff($_POST, $config); - - foreach($diff as $key => $value) { - $config[$key] = $value; - } - - print "Check Data base : "; - - $db = &DB::connect($config['dsn']); - - if (DB::isError($db)) { - die("Failed (" . $db->getMessage() . ")"); - } - else - print "OK"; - - print "
Create sequence 'user_id_seq' : "; - - $query = "DROP SEQUENCE user_id_seq"; - $res =& $db->query($query); - - $query = "CREATE SEQUENCE user_id_seq"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create table 'users' : "; - $query = "DROP TABLE users CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE users ( - user_id varchar(100) primary key, - identity_dump text, - first_name varchar(50), - last_name varchar(50), - last_login timestamp, - created timestamp)"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create table 'nameidentifiers' : "; - - $query = "DROP TABLE nameidentifiers CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE nameidentifiers ( - name_identifier varchar(100) primary key, - user_id varchar(100), - FOREIGN KEY (user_id) REFERENCES users (user_id))"; - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create table 'log' : "; - $query = "DROP TABLE log CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE log ( - id integer primary key, - logtime timestamp, - ident varchar(16), - priority integer, - message text)"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - - print "
Create table 'sessions' : "; - $query = "DROP TABLE sessions CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE sessions ( - id varchar(32) primary key, - lastupdate timestamp, - data text)"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - print "
Create table 'sso_sessions' : "; - $query = "DROP TABLE sso_sessions CASCADE"; - $res =& $db->query($query); - - $query = "CREATE TABLE sso_sessions ( - name_identifier character varying(100), - session_id character varying(32) - )"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - print "OK"; - - - $db->disconnect(); - - $keys = array_keys($config); - $files = preg_grep("/(sp|idp)/", $keys); - - - foreach($files as $file) - { - print "
Check file " . $config[$file] . " : "; - if (!file_exists($config[$file])) - if ($file == 'sp-secret_key') - print "not found (optional)"; - else - die("Failed (file does not exist)"); - else - print "OK"; - } - - lasso_init(); - - print "
Create Server : "; - - /* - $server = new LassoServer( - $config['sp-metadata'], - $config['sp-public_key'], - $config['sp-private_key'], - $config['sp-ca']); */ - - $server = new LassoServer( - $config['sp-metadata'], - $config['sp-private_key'], - $config['sp-secret_key'], - $config['sp-ca']); - - if (empty($server)) - { - die("Failed"); - } - else - print "OK"; - - print "
Add provider : "; - - $ret = $server->addProvider( - LASSO_PROVIDER_ROLE_IDP, - $config['idp-metadata'], - $config['idp-public_key'], - $config['idp-ca']); - - /* FIXME : check addProvider return value - if ($ret != TRUE) - { - print "Failed"; - break; - } - else */ - print "OK"; - - print "
Write XML Server Dump : "; - - $dump = $server->dump(); - - if (($fd = fopen($config['server_dump_filename'], "w"))) - { - fwrite($fd, $dump); - fclose($fd); - print "OK"; - } - else - die("Failed"); - - lasso_shutdown(); - - print "
Save configuration file : "; - - # Save configuration file - $config_ser = serialize($config); - if (($fd = fopen("config.inc", "w"))) - { - fwrite($fd, $config_ser); - fclose($fd); - print "OK"; - } - else - { - print("Failed"); - break; - } - $setup = TRUE; - } - ob_start(); -?> - - -Setup script for Lasso (Liberty Alliance Single Sign On) - - - - - - - - - - - - - -Setup script for Lasso (Liberty Alliance Single Sign On) - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Lasso Service Provider Setup
Database Configuration
DSN (Data Source Name) :' maxlength='100'>Help
Server XML Dump :' maxlength='100'> 
Logging
Handler : - -  
Service Provider
Metadata :'> 
Private Key :'> 
Secret Key (optional) :'> 
Certificate :'> 
Identity Provider
ProviderID :'> 
Metadata :'> 
Public Key :'> -  
Certificate :'> 
 
- -
-

Index -

-

Copyright © 2004, 2005 Entr'ouvert

- - - diff --git a/php/Attic/examples/sample-sp/soapEndpoint.php b/php/Attic/examples/sample-sp/soapEndpoint.php deleted file mode 100644 index 068dae18..00000000 --- a/php/Attic/examples/sample-sp/soapEndpoint.php +++ /dev/null @@ -1,143 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - require_once 'Log.php'; - require_once 'DB.php'; - require_once 'session.php'; - - - $config = unserialize(file_get_contents('config.inc')); - - $server_dump = file_get_contents($config['server_dump_filename']); - - header("Content-Type: text/xml\r\n"); - - // connect to the data base - $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - { - header("HTTP/1.0 500 Internal Server Error"); - exit; - } - - // create logger - $conf['db'] = $db; - $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); - - // session handler - session_set_save_handler("open_session", "close_session", - "read_session", "write_session", "destroy_session", "gc_session"); - - session_start(); - - if (empty($HTTP_RAW_POST_DATA)) - { - $logger->log("HTTP_RAW_POST_DATA is empty", PEAR_LOG_WARNING); - die("HTTP_RAW_POST_DATA is empty!"); - } - - lasso_init(); - - $requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA); - $server = LassoServer::newFromDump($server_dump); - - switch ($requestype) - { - case lassoRequestTypeLogout: - $logger->info("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR']); - - break; - case lassoRequestTypeDefederation: - $logger->info("SOAP Defederation Request from " . $_SERVER['REMOTE_ADDR']); - - $defederation = new LassoDefederation($server, lassoProviderTypeSp); - $defederation->processNotificationMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); - - $nameIdentifier = $defederation->nameIdentifier; - if (empty($nameIdentifier)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("Name Identifier is empty"); - exit; - } - - $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; - $res =& $db->query($query); - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - exit; - } - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("Name identifier '$nameIdentifier' doesn't correspond to any user"); - exit; - } - - $row = $res->fetchRow(); - $user_id = $row[0]; - $logger->debug("UserID is '$user_id"); - - $query = "SELECT identity_dump FROM users WHERE user_id='$user_id'"; - $res =& $db->query($query); - - if (DB::isError($res)) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->crit("DB Error :" . $res->getMessage()); - $logger->debug("DB Error :" . $res->getDebugInfo()); - exit; - } - - if (!$res->numRows()) - { - header("HTTP/1.0 500 Internal Server Error"); - $logger->err("User is not federated."); - exit; - } - $row = $res->fetchRow(); - $identity_dump = $row[0]; - - $defederation->setIdentityFromDump($identity_dump); - - // TODO : Get Session - - $defederation->validateNotification(); - - $identity = $defederation->identity; - - if (!isset($identity->dump)) - { - $identity_dump = $identity->dump; - } - - break; - default: - header("HTTP/1.0 500 Internal Server Error"); - $logger->crit("Unknown or unsupported SOAP request"); - } - -?> diff --git a/php/Attic/examples/sample-sp/sp_openssl.cnf b/php/Attic/examples/sample-sp/sp_openssl.cnf deleted file mode 100644 index f0b622d7..00000000 --- a/php/Attic/examples/sample-sp/sp_openssl.cnf +++ /dev/null @@ -1,19 +0,0 @@ -[ req ] -default_bits = 2048 -encrypt_key = yes -distinguished_name = req_dn -x509_extensions = cert_type -prompt = no - -[ req_dn ] -C=FR -ST=Ile de France -L=Paris -O=Entrouvert -OU=Automatically-generated SSL key -CN=sp1 -emailAddress=webmaster@domain.com - -[ cert_type ] -nsCertType = server - diff --git a/php/Attic/examples/sample-sp/view_session.php b/php/Attic/examples/sample-sp/view_session.php deleted file mode 100644 index 056e5bb1..00000000 --- a/php/Attic/examples/sample-sp/view_session.php +++ /dev/null @@ -1,88 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - - require_once 'DB.php'; - - if (!file_exists('config.inc')) - { -?> -

Service Provider Configuration file is not available
-Please run the setup script :
-Lasso Service Provider Setup
-You can get more informations about Lasso at
-http://lasso.entrouvert.org/

-getMessage()); - - $query = "SELECT * FROM sessions"; - - $res =& $db->query($query); - if (DB::isError($res)) - die($res->getMessage()); - - $numRows = $res->numRows(); -?> - - - -Lasso Service Provider Example : View Online Users - - - - -

- - - - - - - - - - - - - - - -
Online Users
 
 
-

- -
-

Index -

-
-

Copyright © 2004, 2005 Entr'ouvert

- - - -- cgit