From 8af076abc531f3cd0e5035fb86f60c74cac7ee65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?=
Date: Wed, 10 Nov 2010 14:40:14 +0100
Subject: [PATCH] Initial import
---
README | 9 ++
languages/en.php | 25 ++++
languages/fr.php | 24 ++++
manifest.xml | 10 ++
start.php | 120 ++++++++++++++++++
views/default/account/forms/default_login.php | 38 ++++++
views/default/account/forms/login.php | 44 +++++++
views/default/settings/saml_auth/edit.php | 30 +++++
8 files changed, 300 insertions(+)
create mode 100644 README
create mode 100644 languages/en.php
create mode 100644 languages/fr.php
create mode 100644 manifest.xml
create mode 100644 start.php
create mode 100644 views/default/account/forms/default_login.php
create mode 100644 views/default/account/forms/login.php
create mode 100644 views/default/settings/saml_auth/edit.php
diff --git a/README b/README
new file mode 100644
index 0000000..2f57c4f
--- /dev/null
+++ b/README
@@ -0,0 +1,9 @@
+saml_auth plugin allows you to use SAML 2.0 protocol with Elgg.
+This plugin uses SimpleSAMLphp to "samlize" Elgg.
+
+= Installation on Debian =
+-> Install the fllowing packages : apache2, php5, simplesamlphp, memcached and php5-memcache
+-> Configure a SAML 2.0 SP in simpleSAMLphp (follow simpleSAMLphp documentation)
+-> Configure simpleSAMLphp to use memcache
+-> Install this plugin into Elgg
+
diff --git a/languages/en.php b/languages/en.php
new file mode 100644
index 0000000..311f943
--- /dev/null
+++ b/languages/en.php
@@ -0,0 +1,25 @@
+
+ */
+
+ $en = array(
+ 'saml_auth:settings:label:simplesamlphp' => "SimpleSAMLphp configuration",
+ 'saml_auth:settings:label:sp_name' => "Service Provider name",
+ 'saml_auth:settings:help:sp_name' => "The name of your SP in SimpleSAMLphp",
+ 'saml_auth:settings:label:attributes' => "Attributes mapping",
+ 'saml_auth:settings:label:username' => "Username",
+ 'saml_auth:settings:label:firstname' => "Firstname",
+ 'saml_auth:settings:label:surname' => "Surname",
+ 'saml_auth:settings:label:email' => "Email address",
+ 'saml_auth:account:authentication:text' => "Please click on the Log In button.",
+ 'saml_auth:samlerror' => "The SAML plugin is misconfigured. It will not be used.",
+ );
+
+ add_translation('en', $en);
+?>
diff --git a/languages/fr.php b/languages/fr.php
new file mode 100644
index 0000000..9d22815
--- /dev/null
+++ b/languages/fr.php
@@ -0,0 +1,24 @@
+
+ */
+
+ $fr = array(
+ 'saml_auth:settings:label:simplesamlphp' => "Configuration de SimpleSAMLphp",
+ 'saml_auth:settings:label:sp_name' => "Nom du fournisseur de service",
+ 'saml_auth:settings:help:sp_name' => "Nom de votre fournisseur de service SimpleSAMLphp",
+ 'saml_auth:settings:label:attributes' => "Attributs",
+ 'saml_auth:settings:label:username' => "Nom d'utilisateur",
+ 'saml_auth:settings:label:firstname' => "Prénom",
+ 'saml_auth:settings:label:surname' => "Nom",
+ 'saml_auth:settings:label:email' => "Courriel",
+ 'saml_auth:samlerror' => "Le plugin SAML n'est pas configuré correctement. Il n'est pas utilisé.",
+ );
+
+ add_translation('fr', $fr);
+?>
diff --git a/manifest.xml b/manifest.xml
new file mode 100644
index 0000000..2579db3
--- /dev/null
+++ b/manifest.xml
@@ -0,0 +1,10 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/start.php b/start.php
new file mode 100644
index 0000000..b8e5241
--- /dev/null
+++ b/start.php
@@ -0,0 +1,120 @@
+
+ */
+
+ // Register the events
+ register_elgg_event_handler('init','system','saml_auth_init');
+ register_elgg_event_handler('logout','user','saml_logout');
+
+ /**
+ * SAML Authentication init
+ *
+ * These parameters are required for the event API, but we won't use them:
+ */
+ function saml_auth_init()
+ {
+ global $CONFIG;
+
+ init_config();
+ $as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
+ $isAuth = $as->isAuthenticated();
+ $attributes = $as->getAttributes();
+ $elgg_user = saml_map_attributes($attributes);
+ if ($isAuth && ! isloggedin() && $elgg_user)
+ {
+ $user = get_user_by_username($elgg_user['username']);
+ if (! $user)
+ {
+ register_user($elgg_user['username'], $elgg_user['password'],
+ $elgg_user['name'], $elgg_user['email']);
+ $user = get_user_by_username($elgg_user['username']);
+ }
+ else
+ saml_sync_user($user, $elgg_user);
+ if ($user)
+ return login($user);
+ // XXX: else return an error ?
+ }
+ }
+
+ function init_config()
+ {
+ $config = find_plugin_settings('saml_auth');
+ if (! $config->sp_name)
+ set_plugin_setting('sp_name', 'default-sp', 'saml_auth');
+ if (! $config->username)
+ set_plugin_setting('username', 'uid', 'saml_auth');
+ if (! $config->firstname)
+ set_plugin_setting('firstname', 'givenName', 'saml_auth');
+ if (! $config->surname)
+ set_plugin_setting('surname', 'sn', 'saml_auth');
+ if (! $config->email)
+ set_plugin_setting('email', 'mail', 'saml_auth');
+ }
+
+ function saml_sync_user($user, $elgg_user)
+ {
+ $user->name = $elgg_user['name'];
+ $user->email = $elgg_user['email'];
+ $user->save();
+ }
+
+
+ function gen_rand_pwd()
+ {
+ $password = "";
+ $chars = "0123456789_!@#$%&*()-=+/abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_!@#$%&*()-=+/";
+ $i = 0;
+
+ while ($i < 18)
+ {
+ $char = substr($chars, rand(0, strlen($chars)-1), 1);
+ $password .= $char;
+ $i++;
+ }
+ return $password;
+ }
+
+ function saml_map_attributes($attributes)
+ {
+ $elgg_user = array();
+
+ $config = find_plugin_settings('saml_auth');
+ if (! $attributes[$config->username] or ! $attributes[$config->email])
+ return false;
+ $elgg_user['username'] = $attributes[$config->username][0];
+ $elgg_user['password'] = gen_rand_pwd();
+ $elgg_user['name'] = '';
+ if ($attributes[$config->surname] || $attributes[$config->firstname])
+ {
+ if ($attributes[$config->firstname])
+ $elgg_user['name'] = $attributes[$config->firstname][0];
+ if ($attributes[$config->surname])
+ {
+ if (! empty($elgg_user['name']))
+ $elgg_user['name'] .= ' ';
+ $elgg_user['name'] .= $attributes[$config->surname][0];
+ }
+ }
+ else
+ $elgg_user['name'] = $elgg_user['username'];
+ $elgg_user['email'] = $attributes[$config->email][0];
+
+ return $elgg_user;
+ }
+
+ function saml_logout()
+ {
+ $as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
+ if ($as->isAuthenticated())
+ $as->logout();
+
+ return true;
+ }
+
diff --git a/views/default/account/forms/default_login.php b/views/default/account/forms/default_login.php
new file mode 100644
index 0000000..394c1ea
--- /dev/null
+++ b/views/default/account/forms/default_login.php
@@ -0,0 +1,38 @@
+";
+$form_body .= "
";
+$form_body .= "
";
+
+$form_body .= elgg_view('login/extend');
+
+$form_body .= elgg_view('input/submit', array('value' => elgg_echo('login'))) . "
";
+$form_body .= "";
+$form_body .= (!isset($CONFIG->disable_registration) || !($CONFIG->disable_registration)) ? "" . elgg_echo('register') . " | " : "";
+$form_body .= "" . elgg_echo('user:password:lost') . "
";
+
+$login_url = $vars['url'];
+if ((isset($CONFIG->https_login)) && ($CONFIG->https_login)) {
+ $login_url = str_replace("http", "https", $vars['url']);
+}
+?>
+
+
+
+ $form_body, 'action' => "{$login_url}action/login"));
+ ?>
+
+
\ No newline at end of file
diff --git a/views/default/account/forms/login.php b/views/default/account/forms/login.php
new file mode 100644
index 0000000..9d14dde
--- /dev/null
+++ b/views/default/account/forms/login.php
@@ -0,0 +1,44 @@
+
+ */
+require_once('/usr/share/simplesamlphp/lib/_autoload.php');
+
+$SAML = true;
+
+try {
+ $as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
+} catch (Exception $e) {
+ $SAML = false;
+ register_error(elgg_echo('saml_auth:samlerror'));
+}
+if (array_key_exists('login', $_REQUEST))
+{
+ try {
+ $as->requireAuth();
+ } catch (Exception $e) {
+ $SAML = false;
+ register_error(elgg_echo('saml_auth:samlerror'));
+ }
+}
+$isAuth = $as->isAuthenticated();
+
+?>
+
+
+
+
+
+
+
+
+
+
diff --git a/views/default/settings/saml_auth/edit.php b/views/default/settings/saml_auth/edit.php
new file mode 100644
index 0000000..836f874
--- /dev/null
+++ b/views/default/settings/saml_auth/edit.php
@@ -0,0 +1,30 @@
+
+ /**
+ * Elgg SAML authentication
+ *
+ * @package ElggSAMLAuth
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Jerome Schneider
+ */
+?>
+
+
+
+