From a9c0cbbffac835e62f1c7a95b7f95f7ebfe80c5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= <jschneider@entrouvert.com>
Date: Mon, 15 Apr 2013 18:34:14 +0200
Subject: [PATCH] Upgrade to 1.8 and preconfigure for Shibboleth 2.0

---
 README                                        | 10 ++-
 install_descartes.txt                         | 45 ++++++++++
 languages/en.php                              |  4 +-
 languages/fr.php                              |  4 +-
 manifest.xml                                  |  2 +-
 start.php                                     | 86 ++++++-------------
 views/default/account/forms/default_login.php | 38 --------
 views/default/account/forms/login.php         | 44 ----------
 views/default/core/account/login_box.php      | 52 +++++++++++
 views/default/core/account/login_dropdown.php | 56 ++++++++++++
 views/default/forms/login_original.php        | 49 +++++++++++
 views/default/forms/login_saml.php            | 16 ++++
 .../saml_auth/settings.php}                   | 13 +++
 13 files changed, 268 insertions(+), 151 deletions(-)
 create mode 100644 install_descartes.txt
 delete mode 100644 views/default/account/forms/default_login.php
 delete mode 100644 views/default/account/forms/login.php
 create mode 100644 views/default/core/account/login_box.php
 create mode 100644 views/default/core/account/login_dropdown.php
 create mode 100644 views/default/forms/login_original.php
 create mode 100644 views/default/forms/login_saml.php
 rename views/default/{settings/saml_auth/edit.php => plugins/saml_auth/settings.php} (77%)

diff --git a/README b/README
index 2f57c4f..29b37f4 100644
--- a/README
+++ b/README
@@ -2,8 +2,10 @@ saml_auth plugin allows you to use SAML 2.0 protocol with Elgg.
 This plugin uses SimpleSAMLphp to "samlize" Elgg.
 
 = Installation on Debian =
--> Install the fllowing packages : apache2, php5, simplesamlphp, memcached and php5-memcache
--> Configure a SAML 2.0 SP in simpleSAMLphp (follow simpleSAMLphp documentation)
--> Configure simpleSAMLphp to use memcache
--> Install this plugin into Elgg
+
+ - Install the fllowing packages : apache2, php5, memcached and php5-memcache
+ - Install SimpleSAMLphp into saml_auth/simplesamlphp directory
+ - Configure a SAML 2.0 SP in simpleSAMLphp (follow simpleSAMLphp documentation)
+ - Configure simpleSAMLphp to use memcache
+ - Install this plugin into Elgg
 
diff --git a/install_descartes.txt b/install_descartes.txt
new file mode 100644
index 0000000..bbf2b8f
--- /dev/null
+++ b/install_descartes.txt
@@ -0,0 +1,45 @@
+= Installation sous Debian =
+
+== Installation des paquets Debian ==
+
+Le module saml auth dépend des paquets Debian memcached et php5-memcache.
+
+Pour les installer il faut utilisr la commande suivante.
+
+  # apt-get install memcached php5-memcache
+
+== Installer le module SAML Auth ==
+
+Pour cela il suffit de copier le dossier saml_auth dans le dossier mod de votre Elgg.
+
+== Configuration de SimpleSAMLphp ==
+
+Le module Elgg utilise la bibliothèque SimpleSAMLphp pour se connecter à la fédération RENATER.
+Cette bibliothéque est intégrée directement dans le module pour des raisons pratique.
+
+Elle est installée dans saml_auth/simplesamlphp et son dossier de configuration est dans
+saml_auth/simplesamlphp/config.
+Le module saml_auth est pré-configuré pour utiliser le Shibboleth 2.0 RENATER de test.
+
+Il faudra tout de même faire ajouter l'alias Apache suivant dans la configuration
+du vhost de votre Elgg :
+
+Alias /simplesamlphp CHEMIN_DE_VOTRE_ELGG/mod/saml_auth/simplesamlphp/www
+
+Ensuite il faudra nous demander de rajouter votre "service provider" dans la fédération RENATER
+de test ou le faire vous même en suivant les instructions :
+https://services.renater.fr/federation/test/index
+
+Pour mieux comprendre la configuration de SimpleSAMLphp en tant que sp :
+http://simplesamlphp.org/docs/1.10/simplesamlphp-sp
+
+== Activation du module ==
+
+Il faut vous rendre dans l'administration de Elgg puis dans Plugins et choisir d'activer le plugin 'SAML Auth 0.1'.
+
+== Configuration du module ==
+
+Dans l'administration de ELgg vous pouvez modifier le plugin qui est
+pour le moment configurer pour utiliser le Shibboleth de test de la fédération RENATER et
+qui permet l'authentification classique ou bien par Shibboleth.
+
diff --git a/languages/en.php b/languages/en.php
index 311f943..6ae3dd6 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -17,7 +17,9 @@
         'saml_auth:settings:label:firstname' => "Firstname",
         'saml_auth:settings:label:surname' => "Surname",
         'saml_auth:settings:label:email' => "Email address",
-        'saml_auth:account:authentication:text' => "Please click on the Log In button.",
+        'saml_auth:settings:label:classical_auth' => "Enable classical authentification",
+        'saml_auth:account:authentication:text' => "Please click on the button to connect with UnivCloud",
+        'saml_auth:account:authentication:button' => "Log In with UnivCloud",
         'saml_auth:samlerror' => "The SAML plugin is misconfigured. It will not be used.",
     );
 
diff --git a/languages/fr.php b/languages/fr.php
index f84b41f..9d6667a 100644
--- a/languages/fr.php
+++ b/languages/fr.php
@@ -17,7 +17,9 @@
         'saml_auth:settings:label:firstname' => "Prénom",
         'saml_auth:settings:label:surname' => "Nom",
         'saml_auth:settings:label:email' => "Courriel",
-        'saml_auth:account:authentication:text' => "Veuillez cliquer sur le bouton  Connexion",
+        'saml_auth:settings:label:classical_auth' => "Autoriser l'auhtentification classique",
+        'saml_auth:account:authentication:text' => "Cliquer sur le bouton pour vous connecter via UnivCloud",
+        'saml_auth:account:authentication:button' => "Se connecter avec UnivCloud",
         'saml_auth:samlerror' => "Le plugin SAML n'est pas configuré correctement. Il n'est pas utilisé.",
     );
 
diff --git a/manifest.xml b/manifest.xml
index 2579db3..dd5e54d 100644
--- a/manifest.xml
+++ b/manifest.xml
@@ -4,7 +4,7 @@
         <field key="version" value="0.1" />
         <field key="description" value="Provides SAML authentication" />
         <field key="website" value="http://www.entrouvert.org/" />
-        <field key="copyright" value="(C) Entr'ouvert 2010" />
+        <field key="copyright" value="(C) Entr'ouvert 2012" />
         <field key="licence" value="GNU Public License version 2 or later" />
         <field key="elgg_version" value="2009022701" />
 </plugin_manifest>
diff --git a/start.php b/start.php
index f80ee31..4a63dd6 100644
--- a/start.php
+++ b/start.php
@@ -1,5 +1,4 @@
 <?php
-    require_once('/usr/share/simplesamlphp/lib/_autoload.php');
     /**
      * Elgg SAML v2.0 authentication
      *
@@ -8,9 +7,10 @@
      * @author Jerome Schneider <jschneider@entrouvert.com>
      */
 
+    require_once dirname(__FILE__) . '/simplesamlphp/lib/_autoload.php';
+
     // Register the events
-    register_elgg_event_handler('init','system','saml_auth_init');
-    register_elgg_event_handler('logout','user','saml_logout');
+    elgg_register_event_handler('init','system','saml_auth_init');
 
     /**
      * SAML Authentication init
@@ -22,20 +22,15 @@
         global $CONFIG;
 
         init_config();
-        $as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
+        $as = new SimpleSAML_Auth_Simple(elgg_get_plugin_setting('sp_name', 'saml_auth'));
         $isAuth = $as->isAuthenticated();
         $attributes = $as->getAttributes();
         $elgg_user = saml_map_attributes($attributes);
-        if ($isAuth && ! isloggedin() && $elgg_user)
+        if ($isAuth && ! elgg_is_logged_in() && $elgg_user)
         {
-
-            if ($user = get_entities_from_metadata('ldapDN', $elgg_user['ldapDN'], 'user')) {
-                $user = $user[0];
-            }
+            $user = get_user_by_username($elgg_user['username']);
             if ($user) {
-                error_log('SAMLAuth found user "' . $user->username . '" for ldapDN "' . $elgg_user['ldapDN'] . '"');
-            } else {
-                error_log('SAMLAuth found no user for ldapDN ' . $elgg_user['ldapDN']);
+                trigger_error('SAMLAuth found user "' . $user->username,  E_USER_NOTICE);
             }
             if (! $user)
             {
@@ -48,7 +43,6 @@
                     return true;
                 }
                 $user = get_user_by_username($elgg_user['username']);
-                $user->ldapDN = $elgg_user['ldapDN'];
             }
             if ($user) {
                 saml_sync_user($user, $elgg_user);
@@ -58,55 +52,34 @@
             }
             // XXX: else return an error ?
         }
-        if (! $isAuth && isloggedin() && $_SESSION['saml_user']) {
+        if (! $isAuth && elgg_is_logged_in() && $_SESSION['saml_user']) {
             // unlogged from simplesamlphp but not from elgg
             return logout();
         }
+        elgg_register_event_handler('logout','user','saml_logout');
     }
 
     function init_config()
     {
-        $config = find_plugin_settings('saml_auth');
+        $config = elgg_get_calling_plugin_entity('saml_auth');
         if (! $config->sp_name)
-            set_plugin_setting('sp_name', 'default-sp', 'saml_auth');
+            elgg_set_plugin_setting('sp_name', 'default-sp', 'saml_auth');
         if (! $config->username)
-            set_plugin_setting('username', 'uid', 'saml_auth');
+            elgg_set_plugin_setting('username', 'urn:oid:0.9.2342.19200300.100.1.1', 'saml_auth');
         if (! $config->firstname)
-            set_plugin_setting('firstname', 'givenName', 'saml_auth');
+            elgg_set_plugin_setting('firstname', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.2', 'saml_auth');
         if (! $config->surname)
-            set_plugin_setting('surname', 'sn', 'saml_auth');
+            elgg_set_plugin_setting('surname', 'urn:oid:2.5.4.4', 'saml_auth');
         if (! $config->email)
-            set_plugin_setting('email', 'mail', 'saml_auth');
+            elgg_set_plugin_setting('email', 'urn:oid:0.9.2342.19200300.100.1.3', 'saml_auth');
+        if (! $config->classical_auth)
+            elgg_set_plugin_setting('classical_auth', 'yes', 'saml_auth');
     }
 
     function saml_sync_user($user, $elgg_user)
     {
         $user->name = $elgg_user['name'];
         $user->email = $elgg_user['email'];
-        $user->ldapDN = $elgg_user['ldapDN'];
-        $bday = strptime($elgg_user['birthday'], '%d/%m/%Y');
-        if ($bday != FALSE) {
-                $user->birthday = mktime(0,0,0,
-                        $bday['tm_mday'],
-                        $bday['tm_mon'],
-                        $bday['tm_year']);
-        }
-        $user->ircem = $elgg_user['ircem'];
-        $user->urssaf = $elgg_user['urssaf'];
-        $user->address = $elgg_user['address'];
-        $user->zipcode = $elgg_user['zipcode'];
-        $user->city = $elgg_user['city'];
-        $user->location = array($user->city, 'France');
-        $user->mobile = $elgg_user['mobile'];
-        $user->landline = $elgg_user['landline'];
-        remove_entity_relationships($user->guid, 'user2usertype');
-        foreach ($elgg_user['usertype'] as $usertype) {
-                $usertype = get_entities_by_title($usertype, 'object', 'usertype');
-                $usertype = $usertype[0];
-                if (!check_entity_relationship($user->guid, 'user2usertype', $usertype->guid)) {
-                        add_entity_relationship($user->guid, 'user2usertype', $usertype->guid);
-                }
-        }
         $user->save();
     }
 
@@ -130,15 +103,12 @@
     {
         $elgg_user = array();
 
-        $config = find_plugin_settings('saml_auth');
+        $config = elgg_get_calling_plugin_entity('saml_auth');
         if (! $attributes[$config->username] or ! $attributes[$config->email])
             return false;
         $elgg_user['username'] = $attributes[$config->username][0];
         $elgg_user['password'] = gen_rand_pwd();
         $elgg_user['name'] = '';
-        if ($attributes['dn']) {
-            $elgg_user['ldapDN'] = $attributes['dn'][0];
-        }
         if ($attributes[$config->surname] || $attributes[$config->firstname])
         {
             if ($attributes[$config->firstname])
@@ -153,25 +123,17 @@
         else
             $elgg_user['name'] = $elgg_user['username'];
         $elgg_user['email'] = $attributes[$config->email][0];
-        $elgg_user['usertype'] = $attributes['userClass'];
-        $elgg_user['ircem'] = $attributes['numeroIRCEM'][0];
-        $elgg_user['urssaf'] = $attributes['numeroURSSAF'][0];
-        $elgg_user['birthday'] = $attributes['dateOfBirth'][0];
-        $elgg_user['address'] = $attributes['homeStreetAddress'][0];
-        $elgg_user['zipcode'] = $attributes['homePostalCode'][0];
-        $elgg_user['city'] = $attributes['homeLocalityName'][0];
-        $elgg_user['mobile'] = $attributes['mobile'][0];
-        $elgg_user['landline'] = $attributes['telephoneNumber'][0];
 
         return $elgg_user;
     }
 
-    function saml_logout()
+    function saml_logout($page)
     {
-        $as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
-        if ($as->isAuthenticated())
-            $as->logout();
+        global $CONFIG;
 
-        return true;
+        $auth = new SimpleSAML_Auth_Simple(elgg_get_plugin_setting('sp_name', 'saml_auth'));
+        if ($auth->isAuthenticated()) {
+            $auth->logout(elgg_get_site_url());
+        }
     }
 
diff --git a/views/default/account/forms/default_login.php b/views/default/account/forms/default_login.php
deleted file mode 100644
index 394c1ea..0000000
--- a/views/default/account/forms/default_login.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-/**
- * Elgg login form
- *
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
- */
-
-global $CONFIG;
-
-$form_body = "<p class=\"loginbox\"><label>" . elgg_echo('username') . "<br />" . elgg_view('input/text', array('internalname' => 'username', 'class' => 'login-textarea')) . "</label>";
-$form_body .= "<br />";
-$form_body .= "<label>" . elgg_echo('password') . "<br />" . elgg_view('input/password', array('internalname' => 'password', 'class' => 'login-textarea')) . "</label><br />";
-
-$form_body .= elgg_view('login/extend');
-
-$form_body .= elgg_view('input/submit', array('value' => elgg_echo('login'))) . " <div id=\"persistent_login\"><label><input type=\"checkbox\" name=\"persistent\" value=\"true\" />".elgg_echo('user:persistent')."</label></div></p>";
-$form_body .= "<p class=\"loginbox\">";
-$form_body .= (!isset($CONFIG->disable_registration) || !($CONFIG->disable_registration)) ? "<a href=\"{$vars['url']}pg/register/\">" . elgg_echo('register') . "</a> | " : "";
-$form_body .= "<a href=\"{$vars['url']}account/forgotten_password.php\">" . elgg_echo('user:password:lost') . "</a></p>";
-
-$login_url = $vars['url'];
-if ((isset($CONFIG->https_login)) && ($CONFIG->https_login)) {
-	$login_url = str_replace("http", "https", $vars['url']);
-}
-?>
-
-<div id="login-box">
-<h2><?php echo elgg_echo('login'); ?></h2>
-	<?php
-		echo elgg_view('input/form', array('body' => $form_body, 'action' => "{$login_url}action/login"));
-	?>
-</div>
-<script type="text/javascript">
-	$(document).ready(function() { $('input[name=username]').focus(); });
-</script>
\ No newline at end of file
diff --git a/views/default/account/forms/login.php b/views/default/account/forms/login.php
deleted file mode 100644
index 351ae1f..0000000
--- a/views/default/account/forms/login.php
+++ /dev/null
@@ -1,44 +0,0 @@
-<?php
-/**
- * Elgg SAML v2.0 authentication
- *
- * @package ElggSAMLAuth
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Jerome Schneider <jschneider@entrouvert.com>
- */
-require_once('/usr/share/simplesamlphp/lib/_autoload.php');
-
-$SAML = true;
-
-try {
-    $as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
-} catch (Exception $e) {
-    $SAML = false;
-    register_error(elgg_echo('saml_auth:samlerror'));
-}
-if (array_key_exists('login', $_REQUEST))
-{
-    try {
-        $as->requireAuth();
-    } catch (Exception $e) {
-        $SAML = false;
-        register_error(elgg_echo('saml_auth:samlerror'));
-    }
-}
-$isAuth = $as->isAuthenticated();
-
-?>
-
-<?php if ($SAML == true): ?>
-<div id="login-box">
-<h2><?php echo elgg_echo('login'); ?></h2>
-<form method="post" action="/">
-    <?php echo '<p>' . elgg_echo('saml_auth:account:authentication:text') . '</p>' ?>
-    <input type="hidden" value="1" name="login">
-    <input type="submit" value="<? echo elgg_echo('login') ?>" class="submit_button" name="">
-</form>
-</div>
-<?php else: ?>
-<?php echo elgg_view("account/forms/default_login"); ?>
-<?php endif; ?>
-
diff --git a/views/default/core/account/login_box.php b/views/default/core/account/login_box.php
new file mode 100644
index 0000000..314034d
--- /dev/null
+++ b/views/default/core/account/login_box.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * Elgg login box
+ *
+ * @package Elgg
+ * @subpackage Core
+ *
+ * @uses $vars['module'] The module name. Default: aside
+ */
+
+$SAML = true;
+
+try {
+    $as = new SimpleSAML_Auth_Simple(elgg_get_plugin_setting('sp_name', 'saml_auth'));
+} catch (Exception $e) {
+    $SAML = false;
+    register_error(elgg_echo('saml_auth:samlerror'));
+}
+if (array_key_exists('login', $_REQUEST))
+{
+    try {
+        $as->requireAuth();
+    } catch (Exception $e) {
+        $SAML = false;
+        register_error(elgg_echo('saml_auth:samlerror'));
+    }
+}
+$isAuth = $as->isAuthenticated();
+
+$module = elgg_extract('module', $vars, 'aside');
+
+$title = elgg_echo('login');
+
+$login_url = elgg_get_site_url();
+if (elgg_get_config('https_login')) {
+    $login_url = str_replace("http:", "https:", $login_url);
+}
+
+$body = "";
+
+if ($SAML == true)
+{
+    $body .= elgg_view_form('login_saml', array('action' => "{$login_url}"));
+    $body .= '<br />';
+}
+if (($SAML == false) or (elgg_get_plugin_setting('classical_auth', 'saml_auth') == 'yes'))
+{
+    $body .= elgg_view_form('login', array('action' => "{$login_url}action/login"));
+}
+
+echo elgg_view_module($module, $title, $body);
+
diff --git a/views/default/core/account/login_dropdown.php b/views/default/core/account/login_dropdown.php
new file mode 100644
index 0000000..2f30c38
--- /dev/null
+++ b/views/default/core/account/login_dropdown.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Elgg drop-down login form
+ */
+
+$SAML = true;
+
+try {
+    $as = new SimpleSAML_Auth_Simple(elgg_get_plugin_setting('sp_name', 'saml_auth'));
+} catch (Exception $e) {
+    $SAML = false;
+    register_error(elgg_echo('saml_auth:samlerror'));
+}
+if (array_key_exists('login', $_REQUEST))
+{
+    try {
+        $as->requireAuth();
+    } catch (Exception $e) {
+        $SAML = false;
+        register_error(elgg_echo('saml_auth:samlerror'));
+    }
+}
+$isAuth = $as->isAuthenticated();
+
+if (elgg_is_logged_in()) {
+	return true;
+}
+
+$login_url = elgg_get_site_url();
+if (elgg_get_config('https_login')) {
+	$login_url = str_replace("http:", "https:", elgg_get_site_url());
+}
+
+$body = "";
+
+if ($SAML == true)
+{
+    $body .= elgg_view_form('login_saml', array('action' => "{$login_url}"));
+    $body .= '<br />';
+}
+if (($SAML == false) or (elgg_get_plugin_setting('classical_auth', 'saml_auth') == 'yes'))
+{
+    $body .= elgg_view_form('login', array('action' => "{$login_url}action/login"), array('returntoreferer' => TRUE));
+}
+?>
+<div id="login-dropdown">
+	<?php 
+		echo elgg_view('output/url', array(
+			'href' => 'login#login-dropdown-box',
+			'rel' => 'popup',
+			'class' => 'elgg-button elgg-button-dropdown',
+			'text' => elgg_echo('login'),
+		)); 
+		echo elgg_view_module('dropdown', '', $body, array('id' => 'login-dropdown-box')); 
+	?>
+</div>
diff --git a/views/default/forms/login_original.php b/views/default/forms/login_original.php
new file mode 100644
index 0000000..d2c6e62
--- /dev/null
+++ b/views/default/forms/login_original.php
@@ -0,0 +1,49 @@
+<?php
+/**
+ * Elgg login form
+ *
+ * @package Elgg
+ * @subpackage Core
+ */
+?>
+
+<div>
+	<label><?php echo elgg_echo('loginusername'); ?></label>
+	<?php echo elgg_view('input/text', array(
+		'name' => 'username',
+		'class' => 'elgg-autofocus',
+		));
+	?>
+</div>
+<div>
+	<label><?php echo elgg_echo('password'); ?></label>
+	<?php echo elgg_view('input/password', array('name' => 'password')); ?>
+</div>
+
+<?php echo elgg_view('login/extend', $vars); ?>
+
+<div class="elgg-foot">
+	<label class="mtm float-alt">
+		<input type="checkbox" name="persistent" value="true" />
+		<?php echo elgg_echo('user:persistent'); ?>
+	</label>
+	
+	<?php echo elgg_view('input/submit', array('value' => elgg_echo('login'))); ?>
+	
+	<?php 
+	if (isset($vars['returntoreferer'])) {
+		echo elgg_view('input/hidden', array('name' => 'returntoreferer', 'value' => 'true'));
+	}
+	?>
+
+	<ul class="elgg-menu elgg-menu-general mtm">
+	<?php
+		if (elgg_get_config('allow_registration')) {
+			echo '<li><a class="registration_link" href="' . elgg_get_site_url() . 'register">' . elgg_echo('register') . '</a></li>';
+		}
+	?>
+		<li><a class="forgot_link" href="<?php echo elgg_get_site_url(); ?>forgotpassword">
+			<?php echo elgg_echo('user:password:lost'); ?>
+		</a></li>
+	</ul>
+</div>
diff --git a/views/default/forms/login_saml.php b/views/default/forms/login_saml.php
new file mode 100644
index 0000000..74257aa
--- /dev/null
+++ b/views/default/forms/login_saml.php
@@ -0,0 +1,16 @@
+<?php
+/**
+ * Elgg SAML v2.0 authentication
+ *
+ * @package ElggSAMLAuth
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Jerome Schneider <jschneider@entrouvert.com>
+ */
+?>
+
+<div id="login-box">
+    <p><?php echo elgg_echo('saml_auth:account:authentication:text') ?></p>
+    <input type="hidden" value="1" name="login">
+    <input type="submit" value="<? echo elgg_echo('saml_auth:account:authentication:button') ?>" class="submit_button" name="">
+</div>
+
diff --git a/views/default/settings/saml_auth/edit.php b/views/default/plugins/saml_auth/settings.php
similarity index 77%
rename from views/default/settings/saml_auth/edit.php
rename to views/default/plugins/saml_auth/settings.php
index 836f874..dab5bcd 100644
--- a/views/default/settings/saml_auth/edit.php
+++ b/views/default/plugins/saml_auth/settings.php
@@ -6,7 +6,19 @@
 	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
 	 * @author Jerome Schneider <jschnneider@entrouvert.com>
 	 */
+
+$classical_auth_saml_string = elgg_echo('saml_auth:settings:label:classical_auth');
+$classical_auth_saml_view = elgg_view('input/dropdown', array(
+    'name' => 'params[classical_auth]',
+    'options_values' => array(
+        'yes' => elgg_echo('option:yes'),
+        'no' => elgg_echo('option:no'),
+        ),
+    'value' => $vars['entity']->classical_auth ? $vars['entity']->classical_auth : 'yes',
+));
+
 ?>
+
 <p>
     <fieldset style="border: 1px solid; padding: 15px; margin: 0 10px 0 10px">
         <legend><?php echo elgg_echo('saml_auth:settings:label:simplesamlphp');?></legend>
@@ -14,6 +26,7 @@
         <label for="params[sp_name]"><?php echo elgg_echo('saml_auth:settings:label:sp_name');?></label><br/>
         <div class="example"><?php echo elgg_echo('saml_auth:settings:help:sp_name');?></div>
         <input type="text" name="params[sp_name]" value="<?php echo $vars['entity']->sp_name;?>"/><br/>
+        <label><?php print $classical_auth_saml_string; ?></label> <?php print $classical_auth_saml_view  ?>
     </fieldset>
     <fieldset style="border: 1px solid; padding: 15px; margin: 0 10px 0 10px">
         <legend><?php echo elgg_echo('saml_auth:settings:label:attributes');?></legend>