* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ ?> The Lasso Extension is not available
"; print "Please check your PHP extensions
"; print "You can get more informations about Lasso at
"; print "http://lasso.entrouvert.org/

"; exit(); } } /* * This callback function is called by array_walk and * add an service provider to the identity provider. */ function add_service_provider(&$item, $key, $server) { print "
$key : "; $ret = $server->addProvider(LASSO_PROVIDER_ROLE_SP, $item['metadata'], $item['public_key'], $item['ca']); /* FIXME : check addProvider return value if ($ret != TRUE) { print "Failed"; break; } else */ print "OK"; } function write_config_inc($config) { $config_ser = serialize($config); $filename = "config.inc"; if ($fd = fopen($filename, "w")) { fwrite($fd, $config_ser); fclose($fd); return TRUE; } return FALSE; } require_once 'DB.php'; # default config if (!file_exists('config.inc')) { $cwd = getcwd(); $config = array( 'dsn' => "pgsql://idp:idp@localhost/idp", 'server_dump_filename' => "lasso_server_dump.xml", 'log_handler' => 'sql', 'auth_type' => 'auth_form', 'idp-metadata' => $cwd . "/metadata_idp1.xml", 'idp-private_key' => $cwd . "/private-key-raw_idp1.pem", 'idp-secret_key' => "", 'idp-ca' => $cwd . "/certificate_idp1.pem", 'sp' => array( 'sp1' => array( 'metadata' => $cwd . "/metadata_sp1.xml", 'public_key' => $cwd . "/public-key_sp1.pem", 'ca' => $cwd . "/certificate_sp1.pem") /* another service provider 'sp2' => array( 'metadata' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/metadata.xml", 'public_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/public-key.pem", 'ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem") */ )); $config_ser = serialize($config); if (!write_config_inc($config)) die("Could not write default config file, if you get a \"permission denied\" error, check the owner of the sample directory. (it must be www-data)."); } else { $config = unserialize(file_get_contents('config.inc')); } $keys = array_keys($_POST); $to_del = preg_grep('/delete_(\w)/', $keys); if (!empty($to_del)) { $keys = array_values($to_del); foreach($keys as $key) { $name = substr($key, 7); unset($config['sp'][$name]); write_config_inc($config); } } $to_update = preg_grep('/update_(\w)/', $keys); if (!empty($to_update)) { $keys = array_values($to_update); foreach($keys as $key) { $name = substr($key, 7); $config['sp'][$name]['metadata'] = $_POST['sp^'.$name.'^metadata']; $config['sp'][$name]['public_key'] = $_POST['sp^'.$name.'^public_key']; $config['sp'][$name]['ca'] = $_POST['sp^'.$name.'^ca']; write_config_inc($config); } } if (array_key_exists('new', $_POST)) { $form = array('sp' => 'Name', 'metadata' => 'Metadata', 'public_key' => 'Public Key', 'ca' => 'Certificate'); foreach ($form as $input => $name) if (empty($_POST[$input])) die("Field $name is empty"); $config['sp'][$_POST['sp']] = array( 'metadata' => $_POST['metadata'], 'public_key' => $_POST['public_key'], 'ca' => $_POST['ca']); write_config_inc($config); } if (array_key_exists('setup', $_POST)) { ob_start(); $setup = FALSE; print "Lasso Identity Provider Setup
"; unset($_POST['setup'], $_POST['metadata'], $_POST['public_key'], $_POST['ca'], $_POST['sp']); $sps = array_values(preg_grep("/sp\^/", array_keys($_POST))); $_POST['sp'] = array(); foreach ($sps as $sp) { list($null, $name, $type) = split("\^", $sp, 3); $_POST['sp'][$name][$type] = $_POST[$sp]; unset($_POST[$sp]); } $diff = array_diff($_POST, $config); foreach($diff as $key => $value) { $config[$key] = $value; } print "Check Data base : "; $db = &DB::connect($config['dsn']); if (DB::isError($db)) { die("Failed (" . $db->getMessage() . ")"); } else print "OK"; print "
Create sequence 'user_id_seq' : "; $query = "DROP SEQUENCE user_id_seq"; $res =& $db->query($query); $query = "CREATE SEQUENCE user_id_seq"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); print "OK"; print "
Create table 'users' : "; $query = "DROP TABLE users CASCADE"; $res =& $db->query($query); $query = "CREATE TABLE users ( user_id varchar(100) primary key, username varchar(255) unique, password varchar(255), identity_dump text, session_dump text, created timestamp)"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); print "OK"; print "
Insert user 'test' into 'users' : "; $query = "INSERT INTO users(user_id, username, password, created) "; $query .= "VALUES (nextval('user_id_seq'), 'test', 'test', NOW())"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); print "OK"; print "
Create table 'nameidentifiers' : "; $query = "DROP TABLE nameidentifiers CASCADE"; $res =& $db->query($query); $query = "CREATE TABLE nameidentifiers ( name_identifier varchar(100) primary key, user_id varchar(100), FOREIGN KEY (user_id) REFERENCES users (user_id))"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); print "OK"; print "
Create table 'assertions' : "; $query = "DROP TABLE assertions CASCADE"; $res =& $db->query($query); $query = "CREATE TABLE assertions ( assertion text, response_dump text, created timestamp)"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); print "OK"; print "
Create table 'log' : "; $query = "DROP TABLE log CASCADE"; $res =& $db->query($query); $query = "CREATE TABLE log ( id integer primary key, logtime timestamp, ident varchar(16), priority integer, message text)"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); print "OK"; print "
Create sequence 'log_id' : "; $query = "DROP SEQUENCE log_id"; $res =& $db->query($query); $query = "CREATE SEQUENCE log_id"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); print "OK"; print "
Create table 'sessions' : "; $query = "DROP TABLE sessions CASCADE"; $res =& $db->query($query); $query = "CREATE TABLE sessions ( id varchar(32) primary key, lastupdate timestamp, data text)"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); print "OK"; print "
Create table 'sso_sessions' : "; $query = "DROP TABLE sso_sessions CASCADE"; $res =& $db->query($query); $query = "CREATE TABLE sso_sessions ( name_identifier character varying(100), session_id character varying(32), ip integer )"; $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); print "OK"; $db->disconnect(); // Check if IdP files does exists $keys = array_keys($config); $files = preg_grep("/idp/", $keys); foreach($files as $file) { print "
Check file " . $config[$file] . " : "; if (!file_exists($config[$file])) { if ($file == 'idp-secret_key') print "not found (optional)"; else die("Failed (file does not exist)"); } else print "OK"; } foreach($config['sp'] as $key) { foreach ($key as $file) { print "
Check file " . $file . " : "; if (!file_exists($file)) { die("Failed (file does not exist)"); } else print "OK"; } } lasso_init(); print "
Create Server : "; /* $server = new LassoServer( $config['idp-metadata'], $config['idp-public_key'], $config['idp-private_key'], $config['idp-ca']); */ $server = new LassoServer( $config['idp-metadata'], $config['idp-private_key'], $config['idp-secret_key'], $config['idp-ca']); if (empty($server)) die("Failed"); else print "OK"; print "
Add Service Provider(s) :"; array_walk($config['sp'], 'add_service_provider', $server); print "
Write XML Server Dump : "; $dump = $server->dump(); if (($fd = fopen($config['server_dump_filename'], "w"))) { fwrite($fd, $dump); fclose($fd); print "OK"; } else die("Failed"); lasso_shutdown(); print "
Save configuration file : "; # Save configuration file $config_ser = serialize($config); if (($fd = fopen("config.inc", "w"))) { fwrite($fd, $config_ser); fclose($fd); print "OK"; } else { print("Failed"); break; } $setup = TRUE; } $setup_log = ob_get_contents(); ob_end_clean(); ?> Setup script for Lasso (Liberty Alliance Single Sign On)

Back to Index

Lasso Identity Provider Setup

Database
DSN (Data Source Name) : ' maxlength='100'> Help
Authentification
Authentification type :  
Logging
Handler :  

Identity Provider
Server XML Dump :' maxlength='100'> 
Metadata :'> 
Private Key :'> 
Secret Key (optional) :'> 
Certificate :'> 

$name) { ?>
Service Provider
Metadata :'> Edit Metadata
Public Key :'> 
Certificate :'> 

Add a new Service Provider
Name : 
Metadata : Create Metadata
Public Key : 
Certificate : 

Index

Copyright © 2004 Entr'ouvert