172 lines
6.3 KiB
PHP
172 lines
6.3 KiB
PHP
<?php
|
|
require_once('/usr/share/simplesamlphp/lib/_autoload.php');
|
|
/**
|
|
* Elgg SAML v2.0 authentication
|
|
*
|
|
* @package ElggSAMLAuth
|
|
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
|
|
* @author Jerome Schneider <jschneider@entrouvert.com>
|
|
*/
|
|
|
|
// Register the events
|
|
register_elgg_event_handler('init','system','saml_auth_init');
|
|
register_elgg_event_handler('logout','user','saml_logout');
|
|
|
|
/**
|
|
* SAML Authentication init
|
|
*
|
|
* These parameters are required for the event API, but we won't use them:
|
|
*/
|
|
function saml_auth_init()
|
|
{
|
|
global $CONFIG;
|
|
|
|
init_config();
|
|
$as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
|
|
$isAuth = $as->isAuthenticated();
|
|
$attributes = $as->getAttributes();
|
|
$elgg_user = saml_map_attributes($attributes);
|
|
if ($isAuth && ! isloggedin() && $elgg_user)
|
|
{
|
|
|
|
if ($user = get_entities_from_metadata('ldapDN', $elgg_user['ldapDN'], 'user')) {
|
|
$user = $user[0];
|
|
}
|
|
if ($user) {
|
|
error_log('SAMLAuth found user "' . $user->username . '" for ldapDN "' . $elgg_user['ldapDN'] . '"');
|
|
} else {
|
|
error_log('SAMLAuth found no user for ldapDN ' . $elgg_user['ldapDN']);
|
|
}
|
|
if (! $user)
|
|
{
|
|
try {
|
|
if (!register_user($elgg_user['username'], $elgg_user['password'],
|
|
$elgg_user['name'], $elgg_user['email']))
|
|
return 1;
|
|
} catch (RegistrationException $e) {
|
|
error_log('SAMLAuth cannot register username "' . $elgg_user['usernane'] . '", it exists already.');
|
|
return true;
|
|
}
|
|
$user = get_user_by_username($elgg_user['username']);
|
|
$user->ldapDN = $elgg_user['ldapDN'];
|
|
}
|
|
if ($user) {
|
|
saml_sync_user($user, $elgg_user);
|
|
$result = login($user);
|
|
$_SESSION['saml_user'] = TRUE;
|
|
return $result;
|
|
}
|
|
// XXX: else return an error ?
|
|
}
|
|
if (! $isAuth && isloggedin() && $_SESSION['saml_user']) {
|
|
// unlogged from simplesamlphp but not from elgg
|
|
return logout();
|
|
}
|
|
}
|
|
|
|
function init_config()
|
|
{
|
|
$config = find_plugin_settings('saml_auth');
|
|
if (! $config->sp_name)
|
|
set_plugin_setting('sp_name', 'default-sp', 'saml_auth');
|
|
if (! $config->username)
|
|
set_plugin_setting('username', 'uid', 'saml_auth');
|
|
if (! $config->firstname)
|
|
set_plugin_setting('firstname', 'givenName', 'saml_auth');
|
|
if (! $config->surname)
|
|
set_plugin_setting('surname', 'sn', 'saml_auth');
|
|
if (! $config->email)
|
|
set_plugin_setting('email', 'mail', 'saml_auth');
|
|
}
|
|
|
|
function saml_sync_user($user, $elgg_user)
|
|
{
|
|
$user->name = $elgg_user['name'];
|
|
$user->email = $elgg_user['email'];
|
|
$user->ldapDN = $elgg_user['ldapDN'];
|
|
$user->birthday = $elgg_user['birthday'];
|
|
$user->ircem = $elgg_user['ircem'];
|
|
$user->urssaf = $elgg_user['urssaf'];
|
|
$user->address = $elgg_user['address'];
|
|
$user->zipcode = $elgg_user['zipcode'];
|
|
$user->city = $elgg_user['city'];
|
|
$user->location = array($user->city, 'France');
|
|
$user->mobile = $elgg_user['mobile'];
|
|
$user->landline = $elgg_user['landline'];
|
|
remove_entity_relationships($user->guid, 'user2usertype');
|
|
foreach ($elgg_user['usertype'] as $usertype) {
|
|
$usertype = get_entities_by_title($usertype, 'object', 'usertype');
|
|
$usertype = $usertype[0];
|
|
if (!check_entity_relationship($user->guid, 'user2usertype', $usertype->guid)) {
|
|
add_entity_relationship($user->guid, 'user2usertype', $usertype->guid);
|
|
}
|
|
}
|
|
$user->save();
|
|
}
|
|
|
|
|
|
function gen_rand_pwd()
|
|
{
|
|
$password = "";
|
|
$chars = "0123456789_!@#$%&*()-=+/abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_!@#$%&*()-=+/";
|
|
$i = 0;
|
|
|
|
while ($i < 18)
|
|
{
|
|
$char = substr($chars, rand(0, strlen($chars)-1), 1);
|
|
$password .= $char;
|
|
$i++;
|
|
}
|
|
return $password;
|
|
}
|
|
|
|
function saml_map_attributes($attributes)
|
|
{
|
|
$elgg_user = array();
|
|
|
|
$config = find_plugin_settings('saml_auth');
|
|
if (! $attributes[$config->username] or ! $attributes[$config->email])
|
|
return false;
|
|
$elgg_user['username'] = $attributes[$config->username][0];
|
|
$elgg_user['password'] = gen_rand_pwd();
|
|
$elgg_user['name'] = '';
|
|
if ($attributes['dn']) {
|
|
$elgg_user['ldapDN'] = $attributes['dn'][0];
|
|
}
|
|
if ($attributes[$config->surname] || $attributes[$config->firstname])
|
|
{
|
|
if ($attributes[$config->firstname])
|
|
$elgg_user['name'] = $attributes[$config->firstname][0];
|
|
if ($attributes[$config->surname])
|
|
{
|
|
if (! empty($elgg_user['name']))
|
|
$elgg_user['name'] .= ' ';
|
|
$elgg_user['name'] .= $attributes[$config->surname][0];
|
|
}
|
|
}
|
|
else
|
|
$elgg_user['name'] = $elgg_user['username'];
|
|
$elgg_user['email'] = $attributes[$config->email][0];
|
|
$elgg_user['usertype'] = $attributes['userClass'];
|
|
$elgg_user['ircem'] = $attributes['numeroIRCEM'][0];
|
|
$elgg_user['urssaf'] = $attributes['numeroURSSAF'][0];
|
|
$elgg_user['birthday'] = $attributes['dateOfBirth'][0];
|
|
$elgg_user['address'] = $attributes['homeStreetAddress'][0];
|
|
$elgg_user['zipcode'] = $attributes['homePostalCode'][0];
|
|
$elgg_user['city'] = $attributes['homeLocalityName'][0];
|
|
$elgg_user['mobile'] = $attributes['mobile'][0];
|
|
$elgg_user['landline'] = $attributes['telephoneNumber'][0];
|
|
|
|
return $elgg_user;
|
|
}
|
|
|
|
function saml_logout()
|
|
{
|
|
$as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
|
|
if ($as->isAuthenticated())
|
|
$as->logout();
|
|
|
|
return true;
|
|
}
|
|
|