* utils: new function extract_options that extract key-value from an array and
validate the value type. * endpoints/saml2: support a new GET arguments "passive" * public API: lassospkit_login_url take a second argument, an array of options, possibilities are: - "persistent" a boolean - "passive" a boolean Support of remoteID or other kind of parameter will be easier to implement now.
This commit is contained in:
parent
1b8f7a441b
commit
0a71c6645d
|
@ -94,6 +94,7 @@ function login() {
|
|||
$session = getSession();
|
||||
$saml2 = new LassoSPKitSAML2($session);
|
||||
$persistent = TRUE;
|
||||
$passive = FALSE;
|
||||
if (isset($_GET['persistent'])) {
|
||||
switch ($_GET['persistent']) {
|
||||
case '0':
|
||||
|
@ -107,9 +108,22 @@ function login() {
|
|||
break;
|
||||
}
|
||||
}
|
||||
if (isset($_GET['passive'])) {
|
||||
switch ($_GET['passive']) {
|
||||
case '0':
|
||||
$passive = FALSE;
|
||||
break;
|
||||
case '1':
|
||||
$passive = TRUE;
|
||||
break;
|
||||
default;
|
||||
$passive = FALSE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
// Do not allow creation of persistent federation,
|
||||
// but eventually permit transient ones
|
||||
$saml2->sso(FALSE, $persistent);
|
||||
$saml2->sso(FALSE, $persistent, $passive);
|
||||
LassoSPKitUtilsSession::setRelayState('sso', getReturnUrl());
|
||||
}
|
||||
function federate() {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
<?php
|
||||
require_once('lassospkit_utils_session.inc.php');
|
||||
require_once('lassospkit_utils.inc.php');
|
||||
require_once('lassospkit_config.inc.php');
|
||||
|
||||
/** This file contains the public front-end API
|
||||
|
@ -35,6 +36,9 @@ function _lassospkit_make_redirect_url($endpoint, $return_url, $params) {
|
|||
$redirect = $redirect . "?return_url=" . urlencode($return_url);
|
||||
// Other params
|
||||
foreach ($params as $key => $value) {
|
||||
if (is_bool($value)) {
|
||||
$value = intval($value);
|
||||
}
|
||||
$redirect = $redirect . '&' . urlencode($key) . "=" . urlencode($value);
|
||||
}
|
||||
return $redirect;
|
||||
|
@ -80,12 +84,8 @@ function lassospkit_set_federation($federation) {
|
|||
/* Return the URL where to redirect a user when liberty authentification
|
||||
* is required for existing federation or to get a transient one.
|
||||
*/
|
||||
function lassospkit_login_url($return_url, $persistent = TRUE) {
|
||||
if ($persistent) {
|
||||
$params = array( 'persistent' => 1 );
|
||||
} else {
|
||||
$params = array( 'persistent' => 0 );
|
||||
}
|
||||
function lassospkit_login_url($return_url, $options = array() ) {
|
||||
$params = LassoSPKitUtils::extract_options(array('persistent' => 'b', 'passive' => 'b'), $options);
|
||||
return _lassospkit_make_redirect_url('login',$return_url, $params);
|
||||
}
|
||||
|
||||
|
|
|
@ -27,23 +27,26 @@ class LassoSPKitSaml2 extends LassoSPKitSAMLCommon {
|
|||
to create a new federation if a persistent
|
||||
one is asked for federate = TRUE.
|
||||
*/
|
||||
public function sso($create = TRUE, $federate = TRUE) {
|
||||
function sso($create = TRUE, $federate = TRUE, $passive = FALSE) {
|
||||
if ($federate) {
|
||||
$format = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT;
|
||||
} else {
|
||||
$format = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT;
|
||||
}
|
||||
return $this->ssoInit($create,$format);
|
||||
return $this->ssoInit(array('create' => $create, 'format' => $format, 'passive' => $passive));
|
||||
}
|
||||
public function ssoInit(
|
||||
$allowCreate = TRUE,
|
||||
$nameIDFormat = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
|
||||
$remoteID = null,
|
||||
$method = LASSO_HTTP_METHOD_REDIRECT,
|
||||
$isConsentObtained = FALSE,
|
||||
$forceAuthn = FALSE,
|
||||
$isPassive = FALSE)
|
||||
function ssoInit($params = array())
|
||||
{
|
||||
$default_params = array(
|
||||
'allowCreate' => TRUE,
|
||||
'nameIDFormat' => LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
|
||||
'remoteID' => null,
|
||||
'method' => LASSO_HTTP_METHOD_REDIRECT,
|
||||
'isConsentObtained' => FALSE,
|
||||
'forceAuthn' => FALSE,
|
||||
'isPassive' => FALSE);
|
||||
extract(array_merge($default_params, $params));
|
||||
|
||||
$login = null;
|
||||
return parent::ssoCommon($login, $remoteID, $method, $isConsentObtained, $forceAuthn, $isPassive, array('nameIDFormat'=>$nameIDFormat, 'allowCreate' => $allowCreate));
|
||||
}
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
require_once('lassospkit_defines.inc.php');
|
||||
|
||||
class LassoSPKitUtils {
|
||||
static public function myself() {
|
||||
function myself() {
|
||||
return 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
|
||||
}
|
||||
static public function mydir() {
|
||||
function mydir() {
|
||||
return 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
|
||||
}
|
||||
static public function relativePathToURL($rel) {
|
||||
function relativePathToURL($rel) {
|
||||
$abs = "";
|
||||
if (isset($_SERVER['HTTPS'])) {
|
||||
$abs = "https://";
|
||||
|
@ -20,7 +20,7 @@ class LassoSPKitUtils {
|
|||
$abs = $abs . $rel;
|
||||
return $abs;
|
||||
}
|
||||
static function checkCanWrite($dir, &$error) {
|
||||
function checkCanWrite($dir, &$error) {
|
||||
$path = $dir . "/" . _CHECK_FILENAME;
|
||||
$ok = ! file_exists($path) || unlink($path);
|
||||
$ok = $ok && $file = fopen($path,"w");
|
||||
|
@ -31,7 +31,7 @@ class LassoSPKitUtils {
|
|||
}
|
||||
return $ok;
|
||||
}
|
||||
static function generatePrivateKey($file,&$error) {
|
||||
function generatePrivateKey($file,&$error) {
|
||||
if (! is_file(OPENSSL_BIN)) {
|
||||
$error = "SSL Generate: Can't find OpenSSL at " . OPENSSL_BIN;
|
||||
return 0;
|
||||
|
@ -43,7 +43,7 @@ class LassoSPKitUtils {
|
|||
}
|
||||
return 1;
|
||||
}
|
||||
public static function extractPublicKey($file,&$public,&$error) {
|
||||
function extractPublicKey($file,&$public,&$error) {
|
||||
if (! is_file(OPENSSL_BIN)) {
|
||||
$error = "SSL Generate: Can't find OpenSSL at " . OPENSSL_BIN;
|
||||
return 0;
|
||||
|
@ -62,4 +62,31 @@ class LassoSPKitUtils {
|
|||
@unlink($tempfname);
|
||||
return 1;
|
||||
}
|
||||
function extract_options($template, $source) {
|
||||
$ret = array();
|
||||
if (! is_array($source)) {
|
||||
return $ret;
|
||||
}
|
||||
foreach ($template as $key => $type) {
|
||||
if (isset($source[$key])) {
|
||||
$value = $source[$key];
|
||||
$ok = FALSE;
|
||||
switch ($type) {
|
||||
case 'b':
|
||||
$ok = is_bool($value);
|
||||
break;
|
||||
case 's':
|
||||
$ok = is_string($value);
|
||||
break;
|
||||
case 'i':
|
||||
$ok = is_int($value);
|
||||
break;
|
||||
}
|
||||
if ($ok) {
|
||||
$ret[$key] = $value;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
}
|
||||
|
|
Reference in New Issue