* fixed default usage of DummySession ind endpoints/saml2/login and federate.
* improve AutoPersistent->findFederation(..): try all the possible source of federation inline: first the nameId in the profile object, then the userId if present, finally the nameIDs extracted from the dump. * add i/o error handling to LassoSPKitConfig and comments * add a promp for the config key 'default_return_url' in LassoSPKitConfigGen * add new loggin functions: lassospkit_errlog and lassospkit_infolog. Positive error code from lasso should result in an infolog message. * import an error handler from php.net but don't use it by default. * LassoSPKitSaml2: handle SOAP nidmanagement request, move keep/restoreProfile to common class. * multi federation works, slo soap works (but signature verification is wrong) and defederation soap also.
This commit is contained in:
parent
055fb75096
commit
3b026c8610
|
@ -91,7 +91,8 @@ function getSession() {
|
|||
|
||||
function login() {
|
||||
verifyReferer();
|
||||
$saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
|
||||
$session = getSession();
|
||||
$saml2 = new LassoSPKitSAML2($session);
|
||||
$persistent = TRUE;
|
||||
if (isset($_GET['persistent'])) {
|
||||
switch ($_GET['persistent']) {
|
||||
|
@ -113,7 +114,8 @@ function login() {
|
|||
}
|
||||
function federate() {
|
||||
verifyReferer();
|
||||
$saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
|
||||
$session = getSession();
|
||||
$saml2 = new LassoSPKitSAML2($session);
|
||||
// Allow creation
|
||||
// Only persistent federation
|
||||
$saml2->sso(TRUE, TRUE);
|
||||
|
|
|
@ -16,18 +16,29 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
|
|||
}
|
||||
}
|
||||
function findFederation($nameID) {
|
||||
if (! $nameID) {
|
||||
$nameID = @array_pop(LassoSPKitUtilsSession::getNameID());
|
||||
if (! $nameID) {
|
||||
$userID = LassoSPKitUtilsSession::getUserID();
|
||||
if ($userID) {
|
||||
$nameID = md5($userID);
|
||||
$federation = null;
|
||||
if ($nameID) {
|
||||
lassospkit_debuglog("looking for session using nameID from profile: $nameID");
|
||||
$federation = $this->storage->get($nameID);
|
||||
}
|
||||
if (! $federation) {
|
||||
$userID = LassoSPKitUtilsSession::getUserID();
|
||||
if ($userID) {
|
||||
lassospkit_debuglog("looking for session using userID: $userID");
|
||||
$federation = $this->storage->get(md5($userID));
|
||||
}
|
||||
}
|
||||
if (! $federation) {
|
||||
$nameIDs = LassoSPKitUtilsSession::getNameID();
|
||||
if (is_array($nameIDs)) {
|
||||
foreach (LassoSPKitUtilsSession::getNameID() as $nameID) {
|
||||
lassospkit_debuglog("looking for session using nameID in session: $userID");
|
||||
$federation = $this->storage->get($nameID);
|
||||
}
|
||||
}
|
||||
}
|
||||
lassospkit_debuglog("looking for session for $nameID");
|
||||
$federation = $this->storage->get($nameID);
|
||||
if ($federation == null) {
|
||||
lassospkit_debuglog('did not found any session file...');
|
||||
return 0;
|
||||
}
|
||||
$this->explodeFederation($federation);
|
||||
|
|
|
@ -31,6 +31,9 @@ class LassoSPKitConfig {
|
|||
|
||||
function __construct() {
|
||||
}
|
||||
/** Explode the array $table into an inifile, do not
|
||||
try to encode values, they must be strings or null.
|
||||
*/
|
||||
static function writeIni($path, $table) {
|
||||
$content = "";
|
||||
foreach ($table as $k => $v) {
|
||||
|
@ -40,14 +43,20 @@ class LassoSPKitConfig {
|
|||
$content .= "$k=$v\n";
|
||||
}
|
||||
}
|
||||
file_put_contents($path, $content);
|
||||
|
||||
$ret = @file_put_contents($path, $content);
|
||||
if ($ret === FALSE) {
|
||||
lassospkit_errlog("Config: loadIni cannot write configuration file $path");
|
||||
throw new Exception("Cannot write $path");
|
||||
}
|
||||
}
|
||||
/** Load and parse file at $path. The file must an .ini file,
|
||||
i.e key value pairs separated by a '=' character, and pairs separated
|
||||
by a '\n' character. */
|
||||
static function loadIni($path) {
|
||||
$table = array();
|
||||
$content = file_get_contents($path);
|
||||
$content = @file_get_contents($path);
|
||||
if ($content === FALSE) {
|
||||
lassospkit_debuglog("Cannot read $path");
|
||||
lassospkit_errlog("Config: loadIni cannot read configuration file $path");
|
||||
throw new Exception("Cannot read $path");
|
||||
}
|
||||
$lines = split("\n", $content);
|
||||
|
@ -62,6 +71,7 @@ class LassoSPKitConfig {
|
|||
}
|
||||
return $table;
|
||||
}
|
||||
/** If not existent load the .ini config file and fill the singleton table. */
|
||||
static function init() {
|
||||
if (! self::$instance) {
|
||||
/* Where is lasso PHP binding ? */
|
||||
|
@ -70,9 +80,12 @@ class LassoSPKitConfig {
|
|||
self::$instance = self::loadIni(self::$file);
|
||||
}
|
||||
}
|
||||
/** Commit the content of the singleton table to the .ini file */
|
||||
static function commit() {
|
||||
self::writeIni(self::$file, self::$instance);
|
||||
}
|
||||
/** Remove a key fromt the config file. Future 'get' will
|
||||
return the default value. */
|
||||
function setDefault($name) {
|
||||
self::init();
|
||||
unset(self::$instance[$name]);
|
||||
|
@ -80,17 +93,16 @@ class LassoSPKitConfig {
|
|||
static function get($name) {
|
||||
self::init();
|
||||
if (! array_key_exists($name, self::$default_values)) {
|
||||
lassospkit_debuglog("Config: Reading value $name");
|
||||
throw new Exception('Try to read an unknown config field');
|
||||
}
|
||||
if (isset(self::$instance[$name])) {
|
||||
if (array_key_exists($name, self::$instance)) {
|
||||
return self::$instance[$name];
|
||||
}
|
||||
return self::$default_values[$name];
|
||||
}
|
||||
static function set($name, $value) {
|
||||
self::init();
|
||||
if (! isset(self::$default_values[$name])) {
|
||||
if (! array_key_exists($name, self::$default_values)) {
|
||||
throw new Exception('Try to write an unknown config field');
|
||||
}
|
||||
self::$instance[$name] = $value;
|
||||
|
|
|
@ -49,7 +49,8 @@ class LassoSPKitConfigUIGen
|
|||
'mysql_database' => array('Nom de la base'),
|
||||
'mysql_table' => array('Nom de la table'),
|
||||
'lasso_lib' => array('Emplacement de la bibliothèque Lasso PHP'),
|
||||
'cookiename' => array('Cookiename', 'text'));
|
||||
'cookiename' => array('Cookiename', 'text'),
|
||||
'default_return_url' => array('URL de retour par défaut', 'text'));
|
||||
}
|
||||
function itype($name) {
|
||||
if (isset($this->special_input[$name][1])) {
|
||||
|
@ -70,10 +71,16 @@ class LassoSPKitConfigUIGen
|
|||
case 'baseUrl':
|
||||
return LassoSPKitUtils::mydir();
|
||||
}
|
||||
if (isset(LassoSPKitConfig::$default_values[$name])) {
|
||||
return LassoSPKitConfig::get($name);
|
||||
$val = null;
|
||||
try {
|
||||
$val = LassoSPKitConfig::get($name);
|
||||
} catch (Exception $e) {
|
||||
}
|
||||
if ($val) {
|
||||
return $val;
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
return '';
|
||||
}
|
||||
|
||||
function msg($mess) {
|
||||
|
|
|
@ -4,9 +4,8 @@
|
|||
* in an unique directory with you application, you can just make it return "../data".
|
||||
*/
|
||||
function lassospkit_datadir() {
|
||||
throw new Exception('You need to configure the datadir path');
|
||||
// $path = '/var/lib/spkitlasso/' . $_SERVER['HTTP_HOST'];
|
||||
// $path = "/home/bdauvergne/public_html/data";
|
||||
$path = "/home/bdauvergne/public_html/data";
|
||||
// $path = $_SERVER['DOCUMENT_ROOT'] . '/data';
|
||||
if (! file_exists($path)) {
|
||||
@mkdir($path,755,1);
|
||||
|
|
|
@ -11,6 +11,16 @@ function lassospkit_debuglog($msg, $level = 0) {
|
|||
closelog();
|
||||
}
|
||||
}
|
||||
function lassospkit_errlog($msg) {
|
||||
openlog("LassoPHP.SP.Kit", LOG_PID, LOG_AUTHPRIV);
|
||||
syslog(LOG_ERR, $msg);
|
||||
closelog();
|
||||
}
|
||||
function lassospkit_infolog($msg) {
|
||||
openlog("LassoPHP.SP.Kit", LOG_PID, LOG_AUTHPRIV);
|
||||
syslog(LOG_INFO, $msg);
|
||||
closelog();
|
||||
}
|
||||
|
||||
function lassospkit_showCode($code) {
|
||||
echo '<pre class="code">';
|
||||
|
@ -18,40 +28,41 @@ function lassospkit_showCode($code) {
|
|||
echo '</pre>';
|
||||
}
|
||||
|
||||
// function lassospkit_errorhandler($errno, $errstr, $errfile, $errline)
|
||||
//{
|
||||
// if (error_reporting()==0) {
|
||||
// return false;
|
||||
// }
|
||||
// switch ($errno) {
|
||||
// case E_USER_ERROR:
|
||||
// bigdebug("Mon ERREUR [$errno] $errstr\n".
|
||||
// "\n" . var_export(debug_backtrace(),1) .
|
||||
// " Erreur fatale sur la ligne $errline dans le fichier $errfile".
|
||||
// ", PHP " . PHP_VERSION . " (" . PHP_OS . ")\n".
|
||||
// "Arrêt...");
|
||||
// exit(1);
|
||||
// break;
|
||||
//
|
||||
// case E_USER_WARNING:
|
||||
// bigdebug("Mon ALERTE [$errno] $errstr"
|
||||
// . "\n" . var_export(debug_backtrace(),1)
|
||||
// . " Erreur fatale sur la ligne $errline dans le fichier $errfile");
|
||||
// break;
|
||||
//
|
||||
// case E_USER_NOTICE:
|
||||
// bigdebug("Mon AVERTISSEMENT [$errno] $errstr"
|
||||
// . "\n" . var_export(debug_backtrace(),1)
|
||||
// . " Erreur fatale sur la ligne $errline dans le fichier $errfile");
|
||||
// break;
|
||||
//
|
||||
// default:
|
||||
// bigdebug("Type d'erreur inconnu : [$errno] $errstr"
|
||||
// . "\n" . var_export(debug_backtrace(),1)
|
||||
// . " Erreur fatale sur la ligne $errline dans le fichier $errfile");
|
||||
// break;
|
||||
// }
|
||||
//
|
||||
// /* Ne pas exécuter le gestionnaire interne de PHP */
|
||||
// return true;
|
||||
//}
|
||||
//set_error_handler("my_error_handler", E_ALL);
|
||||
function my_error_handler($errno, $errstr, $errfile, $errline){
|
||||
$errno = $errno & error_reporting();
|
||||
if($errno == 0) return;
|
||||
if(!defined('E_STRICT')) define('E_STRICT', 2048);
|
||||
if(!defined('E_RECOVERABLE_ERROR')) define('E_RECOVERABLE_ERROR', 4096);
|
||||
switch($errno){
|
||||
case E_ERROR: lassospkit_debuglog( "Error"); break;
|
||||
case E_WARNING: lassospkit_debuglog( "Warning"); break;
|
||||
case E_PARSE: lassospkit_debuglog( "Parse Error"); break;
|
||||
case E_NOTICE: lassospkit_debuglog( "Notice"); break;
|
||||
case E_CORE_ERROR: lassospkit_debuglog( "Core Error"); break;
|
||||
case E_CORE_WARNING: lassospkit_debuglog( "Core Warning"); break;
|
||||
case E_COMPILE_ERROR: lassospkit_debuglog( "Compile Error"); break;
|
||||
case E_COMPILE_WARNING: lassospkit_debuglog( "Compile Warning"); break;
|
||||
case E_USER_ERROR: lassospkit_debuglog( "User Error"); break;
|
||||
case E_USER_WARNING: lassospkit_debuglog( "User Warning"); break;
|
||||
case E_USER_NOTICE: lassospkit_debuglog( "User Notice"); break;
|
||||
case E_STRICT: lassospkit_debuglog( "Strict Notice"); break;
|
||||
case E_RECOVERABLE_ERROR: lassospkit_debuglog( "Recoverable Error"); break;
|
||||
default: lassospkit_debuglog( "Unknown error ($errno)"); break;
|
||||
}
|
||||
lassospkit_debuglog( ": $errstr in $errfile on line $errline\n");
|
||||
if(function_exists('debug_backtrace')){
|
||||
$backtrace = debug_backtrace();
|
||||
array_shift($backtrace);
|
||||
foreach($backtrace as $i=>$l){
|
||||
lassospkit_debuglog( "[$i] in function {$l['class']}{$l['type']}{$l['function']}");
|
||||
if($l['file']) lassospkit_debuglog( " in {$l['file']}");
|
||||
if($l['line']) lassospkit_debuglog( " on line {$l['line']}");
|
||||
lassospkit_debuglog( "\n");
|
||||
}
|
||||
}
|
||||
if(isset($GLOBALS['error_fatal'])){
|
||||
if($GLOBALS['error_fatal'] & $errno) die('fatal');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -35,11 +35,11 @@ class LassoSPKitFileStore implements LassoSPKitStore {
|
|||
@unlink($this->filepath($key));
|
||||
}
|
||||
function alias($key,$alias) {
|
||||
$target = $this->filename($key);
|
||||
$target = $this->filepath($key);
|
||||
$sym = $this->filepath($alias);
|
||||
@unlink($sym);
|
||||
$ret = @link($target,$sym);
|
||||
$this->debug($ret, "could not alias key $key => $alias");
|
||||
$this->debug($ret, "could not alias key $target => $sym");
|
||||
return $ret;
|
||||
}
|
||||
function rename($old,$new) {
|
||||
|
|
|
@ -16,6 +16,7 @@ class LassoSPKitGenericSession {
|
|||
header("Location: $url");
|
||||
}
|
||||
function doResponse($mimeType, $content) {
|
||||
lassospkit_debuglog("Renvoi la réponse de type $mimeType et contenu $content");
|
||||
header("Content-type: $mimeType");
|
||||
echo $content;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<?
|
||||
<?php
|
||||
require_once('lassospkit_datadir.inc.php');
|
||||
require_once('lassospkit_config.inc.php');
|
||||
require_once('lassospkit_lib.inc.php');
|
||||
|
@ -7,9 +7,9 @@ require_once('lassospkit_debug.inc.php');
|
|||
|
||||
class LassoSPKitHelper {
|
||||
/** If session_dump and identity_dump are present in the
|
||||
session object, use then to initialize the profile */
|
||||
session object, use then to initialize the profile */
|
||||
static function restoreDumps(LassoProfile $profile,
|
||||
LassoSPKitGenericSession $session) {
|
||||
LassoSPKitGenericSession $session) {
|
||||
$sessionDump = $session->getSessionDump();
|
||||
$identityDump = $session->getIdentityDump();
|
||||
|
||||
|
@ -17,19 +17,21 @@ class LassoSPKitHelper {
|
|||
$profile->setSessionFromDump($sessionDump);
|
||||
}
|
||||
if ($identityDump) {
|
||||
lassospkit_debuglog("load dump " . $identityDump);
|
||||
$profile->setIdentityFromDump($identityDump);
|
||||
}
|
||||
}
|
||||
/** If identity or session is dirty save them in the session
|
||||
object using setIdentyDump and setSessionDump.
|
||||
object using setIdentyDump and setSessionDump.
|
||||
|
||||
Returns the dirtiness statute ('or' of the two dirty flag).
|
||||
Returns the dirtiness statute ('or' of the two dirty flag).
|
||||
*/
|
||||
static function saveDumps(LassoProfile $profile,
|
||||
LassoSPKitGenericSession $session) {
|
||||
LassoSPKitGenericSession $session) {
|
||||
$ok = 0;
|
||||
if ($profile->hasDirtyIdentity()) {
|
||||
if ($profile->identity) {
|
||||
lassospkit_debuglog("save " . $profile->identity->dump());
|
||||
$session->setIdentityDump($profile->identity->dump());
|
||||
} else {
|
||||
$session->setIdentityDump(null);
|
||||
|
@ -47,7 +49,7 @@ class LassoSPKitHelper {
|
|||
return $ok;
|
||||
}
|
||||
/** Extract attributes values and keys from an assertion,
|
||||
and copy them into array $arr. */
|
||||
and copy them into array $arr. */
|
||||
static function assertionExtractAttributes(LassoAssertion $assertion, &$attributes) {
|
||||
foreach ($assertion->attributeStatement[0]->attribute
|
||||
as $attribute) {
|
||||
|
@ -71,79 +73,72 @@ class LassoSPKitHelper {
|
|||
return $content;
|
||||
}
|
||||
/** This should handle removing of federation, identity == null, ask
|
||||
for federation termination on the session. */
|
||||
for federation termination on the session. */
|
||||
static function saveFederation(LassoProfile $profile,
|
||||
LassoSPKitGenericSession $session) {
|
||||
$nameID = self::profileGetNameID($profile);
|
||||
if (self::saveDumps($profile,$session)) {
|
||||
$session->saveFederation();
|
||||
}
|
||||
LassoSPKitGenericSession $session) {
|
||||
self::saveDumps($profile,$session);
|
||||
$session->saveFederation();
|
||||
}
|
||||
/** Contract is that if NewID is null, session should forget about
|
||||
the current federation, if it is not then the link between local id
|
||||
and nameID should be changed to point to NewID. */
|
||||
the current federation, if it is not then the link between local id
|
||||
and nameID should be changed to point to NewID. */
|
||||
static function changeFederation(LassoProfile $profile,
|
||||
LassoSPKitGenericSession $session,
|
||||
$NewID) {
|
||||
LassoSPKitGenericSession $session,
|
||||
$NewID) {
|
||||
$nameID = self::profileGetNameID($profile);
|
||||
self::saveDumps($profile,$session);
|
||||
$session->changeFederation($nameID, $NewID);
|
||||
}
|
||||
/** Try to restore the federation informations from the profile.
|
||||
* The contract with the session object is that after findFederation
|
||||
* if it returned TRUE, then $session->identity_dump et
|
||||
* $session->session_dump contains valid dumps.
|
||||
*/
|
||||
* The contract with the session object is that after findFederation
|
||||
* if it returned TRUE, then $session->identity_dump et
|
||||
* $session->session_dump contains valid dumps.
|
||||
*/
|
||||
static function findFederation(LassoProfile $profile,
|
||||
LassoSPKitGenericSession $session) {
|
||||
LassoSPKitGenericSession $session) {
|
||||
$nameID = self::profileGetNameID($profile);
|
||||
if ($session->findFederation($nameID) == 0) {
|
||||
if ($nameID) {
|
||||
lassospkit_debuglog("fed not found");
|
||||
throw new LassoProfileFederationNotFoundError();
|
||||
} else {
|
||||
lassospkit_debuglog("nameid not found");
|
||||
throw new LassoProfileNameIdentifierNotFoundError($profile->dump());
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
self::restoreDumps($profile,$session);
|
||||
return 1;
|
||||
}
|
||||
static function postToHost($host, $path, $data_to_send, $ssl = false) {
|
||||
if ($ssl) {
|
||||
$fp = fsockopen('tls://' . $host, 443);
|
||||
} else {
|
||||
$fp = fsockopen($host, 80);
|
||||
}
|
||||
fputs($fp, "POST $path HTTP/1.1\n");
|
||||
fputs($fp, "Host: $host\n");
|
||||
fputs($fp, "Content-type: text/xml\n");
|
||||
fputs($fp, "Content-length: ".strlen($data_to_send)."\n");
|
||||
fputs($fp, "Connection: close\n\n");
|
||||
fputs($fp, "$data_to_send\n");
|
||||
$res = '';
|
||||
while(!feof($fp)) {
|
||||
$res .= fgets($fp, 128);
|
||||
}
|
||||
fclose($fp);
|
||||
/** Post some datas to given host */
|
||||
static function postToHost($host, $path, $data_to_send, $ssl = false) {
|
||||
if ($ssl) {
|
||||
$fp = fsockopen('tls://' . $host, 443);
|
||||
} else {
|
||||
$fp = fsockopen($host, 80);
|
||||
}
|
||||
fputs($fp, "POST $path HTTP/1.1\n");
|
||||
fputs($fp, "Host: $host\n");
|
||||
fputs($fp, "Content-type: text/xml\n");
|
||||
fputs($fp, "Content-length: ".strlen($data_to_send)."\n");
|
||||
fputs($fp, "Connection: close\n\n");
|
||||
fputs($fp, "$data_to_send\n");
|
||||
$res = '';
|
||||
while(!feof($fp)) {
|
||||
$res .= fgets($fp, 128);
|
||||
}
|
||||
fclose($fp);
|
||||
|
||||
$res = substr(strstr($res, "\r\n\r\n"), 4);
|
||||
$res = substr(strstr($res, "\r\n\r\n"), 4);
|
||||
|
||||
return $res;
|
||||
}
|
||||
static public function soapCall($url, $msg) {
|
||||
if (strstr($url, 'http://') != $url)
|
||||
return "";
|
||||
$short_url = substr($url, 7);
|
||||
$url_tokens = explode("/", $short_url);
|
||||
$host = $url_tokens[0];
|
||||
unset($url_tokens[0]);
|
||||
$query = implode("/", $url_tokens);
|
||||
$query = "/" . $query;
|
||||
return $res;
|
||||
}
|
||||
static public function soapCall($url, $msg) {
|
||||
if (strstr($url, 'http://') != $url)
|
||||
return "";
|
||||
$short_url = substr($url, 7);
|
||||
$url_tokens = explode("/", $short_url);
|
||||
$host = $url_tokens[0];
|
||||
unset($url_tokens[0]);
|
||||
$query = implode("/", $url_tokens);
|
||||
$query = "/" . $query;
|
||||
|
||||
$response = self::postToHost($host, $query, $msg);
|
||||
$response = self::postToHost($host, $query, $msg);
|
||||
|
||||
return $response;
|
||||
return $response;
|
||||
|
||||
|
||||
}
|
||||
|
@ -186,7 +181,7 @@ class LassoSPKitHelper {
|
|||
}
|
||||
static function getIdpMetadataFile() {
|
||||
return lassospkit_datadir() . "/" . IDP_METADATA;
|
||||
|
||||
|
||||
}
|
||||
static function getNameIDsFromDump($dump) {
|
||||
$identity = LassoIdentity::newFromDump($dump);
|
||||
|
@ -197,13 +192,12 @@ class LassoSPKitHelper {
|
|||
return $nameIDs;
|
||||
}
|
||||
static function getNameIDs(LassoIdentity $identity) {
|
||||
$nameIDs = array();
|
||||
foreach ($identity->federations as $rid => $federation) {
|
||||
if ($federation) {
|
||||
$nameIDs[$rid] = $federation->remoteNameIdentifier->content;
|
||||
}
|
||||
$nameIDs = array();
|
||||
foreach ($identity->federations as $rid => $federation) {
|
||||
if ($federation) {
|
||||
$nameIDs[$rid] = $federation->remoteNameIdentifier->content;
|
||||
}
|
||||
return $nameIDs;
|
||||
}
|
||||
return $nameIDs;
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -108,48 +108,44 @@ class LassoSPKitSaml2 extends LassoSPKitSAMLCommon {
|
|||
return processRequestNameIdManagement(LASSO_HTTP_METHOD_REDIRECT,
|
||||
$_SERVER['QUERY_STRING']);
|
||||
}
|
||||
public function processSOAPRequestNameIdManagement() {
|
||||
$contents = $this->receiveSoapMessage();
|
||||
return $this->processRequestNameIdManagement(LASSO_HTTP_METHOD_SOAP,
|
||||
$contents);
|
||||
}
|
||||
public function processRequestNameIdManagement($method, $message)
|
||||
{
|
||||
lassospkit_debuglog("NameIdManagement request handling");
|
||||
$ret = 0;
|
||||
$ok = 1;
|
||||
$ok = $ok && $nidmanagement = new LassoNameIdManagement($this->server);
|
||||
$ok = $ok && ! $ret = $nidmanagement->processRequestMsg($message);
|
||||
$this->findFederation($nidmanagement);
|
||||
$ok = $ok && ! $ret = $nidmanagement->validateRequest();
|
||||
if ($ok) {
|
||||
LassoSPKitHelper::changeFederation($nidmanagement, $this->session, $nidmanagement->request->NewID);
|
||||
if (! $ok) {
|
||||
lassospkit_debuglog("Cannot build nameidManagement profile");
|
||||
return;
|
||||
}
|
||||
$this->finishResponse($method, $nidmanagement, $ret, $ok);
|
||||
lassospkit_debuglog("NID Request init ok: $ok ret: $ret " . strError($ret));
|
||||
$ok = $ok && ! $ret = $nidmanagement->processRequestMsg($message);
|
||||
lassospkit_debuglog("NID Request processRequestMsg ok: $ok ret: $ret " . strError($ret));
|
||||
if ($ok) {
|
||||
$this->findFederation($nidmanagement);
|
||||
}
|
||||
$ok = $ok && ! $ret = $nidmanagement->validateRequest();
|
||||
lassospkit_debuglog("NID Request validateRequest ok: $ok ret: $ret " . strError($ret));
|
||||
lassospkit_debuglog("NID request type: " . var_export($nidmanagement, 1));
|
||||
// if ($ok) {
|
||||
// $newid = null;
|
||||
// if (isset($nidmanagement->request) && isset($nidmanagement->request->NewID)) {
|
||||
// $newid = $nidmanagement->request->NewID;
|
||||
// }
|
||||
//// LassoSPKitHelper::changeFederation($nidmanagement, $this->session, $newid);
|
||||
// }
|
||||
lassospkit_debuglog("NID request just before finishResponse");
|
||||
$this->finishResponse($nidmanagement, $method, $ret, $ok);
|
||||
if (! $ok) {
|
||||
$this->status = gettext('La requête de défédération a échoué');
|
||||
}
|
||||
return $ok;
|
||||
}
|
||||
function keepProfile(LassoProfile $profile) {
|
||||
$fed = @unserialize(LassoSPKitUtilsSession::getFederation());
|
||||
if ($fed == null) {
|
||||
$fed = array();
|
||||
}
|
||||
$fed['profile'] = $profile->dump();
|
||||
LassoSPKitUtilsSession::setFederation(serialize($fed));
|
||||
}
|
||||
function restoreProfile() {
|
||||
$fed = LassoSPKitUtilsSession::getFederation();
|
||||
if ($fed == null)
|
||||
return null;
|
||||
$fed = @unserialize($fed);
|
||||
if ($fed == null)
|
||||
return null;
|
||||
if (isset($fed['profile'])) {
|
||||
$profile = @$fed['profile'];
|
||||
unset($fed['profile']);
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
LassoSPKitUtilsSession::setFederation(serialize($fed));
|
||||
return $profile;
|
||||
}
|
||||
function changeFederation(LassoNameIdManagement $nidmanagement) {
|
||||
LassoSPKitHelper::changeFederation($nidmanagement, $this->session, $nidmanagement->request->NewID);
|
||||
}
|
||||
|
|
|
@ -84,6 +84,8 @@ class LassoSPKitSAMLCommon {
|
|||
}
|
||||
/** Return a normal HTTP response, for SOAP Response binding */
|
||||
public function doResponse(LassoProfile $profile) {
|
||||
lassospkit_debuglog("doResponse for profile");
|
||||
lassospkit_debuglog("with content " . $profile->msgBody);
|
||||
$this->session->doResponse('text/xml', $profile->msgBody);
|
||||
}
|
||||
/** Read a soap message from stdin */
|
||||
|
@ -126,17 +128,19 @@ class LassoSPKitSAMLCommon {
|
|||
}
|
||||
|
||||
public function finishResponse(LassoProfile $profile, $method, &$ret, &$ok) {
|
||||
$ok = $ok && ! $ret = $profile->buildResponse();
|
||||
$ret = $profile->buildResponseMsg();
|
||||
switch ($method) {
|
||||
case LASSO_HTTP_METHOD_REDIRECT:
|
||||
$this->doRedirect($profile);
|
||||
break;
|
||||
case LASSO_HTTP_METHOD_SOAP:
|
||||
lassospkit_debuglog("Finishing response with method SOAP");
|
||||
$this->doResponse($profile);
|
||||
break;
|
||||
default:
|
||||
LassoSPKitHelper::notImplemented();
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/** Web SSO protocol */
|
||||
|
@ -154,6 +158,7 @@ class LassoSPKitSAMLCommon {
|
|||
$blob) {
|
||||
lassospkit_debuglog("SSO request initiated RID: $remoteID Meth: $method Consent: $isConsentObtained ForceAuthn: $forceAuthn Passive: $isPassive " . var_export($blob,1) );
|
||||
$ok = 1 && $login = new LassoLogin($this->server);
|
||||
$this->findFederation($login);
|
||||
$ok = $ok && ! $ret = $login->initAuthnRequest($remoteID,$method);
|
||||
$ok = $ok && $request = $login->request;
|
||||
$ok = $ok && $nameidpolicy = $request->NameIDPolicy;
|
||||
|
@ -324,43 +329,59 @@ class LassoSPKitSAMLCommon {
|
|||
$contents);
|
||||
}
|
||||
public function processRequestSLO($method, $message) {
|
||||
lassospkit_debuglog("SLO request IDP initiated");
|
||||
$ret = 0;
|
||||
$ok = 1 && $logout = new LassoLogout($this->server);
|
||||
if (! $ok) {
|
||||
lassospkit_debuglog("Cannot build logout profile");
|
||||
lassospkit_errlog("processRequestSLO: Cannot build logout profile");
|
||||
return;
|
||||
}
|
||||
$ok = $ok && ! $ret = $logout->processRequestMsg($message);
|
||||
$ok = $ok && $this->findFederation($logout);
|
||||
$ok = $ok && ! $ret = $logout->validateRequest();
|
||||
if ($ok) {
|
||||
if ($method == LASSO_HTTP_METHOD_ANY) {
|
||||
$method = $logout->http_request_method;
|
||||
} else {
|
||||
$ok = ($method == $logout->http_request_method);
|
||||
}
|
||||
} else {
|
||||
lassospkit_debuglog("SLO Request validate failed ErrCode: $ret " . strError($ret));
|
||||
}
|
||||
$this->finishResponse($logout, $method, $ret, $ok);
|
||||
if (! $ok) {
|
||||
lassospkit_debuglog($message);
|
||||
} else {
|
||||
lassospkit_debuglog("SLO request handling validated for nameid " . LassoSPKitHelper::profileGetNameID($logout));
|
||||
$this->session->logout();
|
||||
$retPRM = $logout->processRequestMsg($message);
|
||||
if ($ret != 0) {
|
||||
lassospkit_warnlog("processResquestSLO: processRequestMsg returned non-0: " . strError($ret) . "($ret)");
|
||||
}
|
||||
$this->findFederation($logout);
|
||||
$retVR = $logout->validateRequest();
|
||||
$retBR = $this->finishResponse($logout, $logout->http_request_method, $ret, $ok);
|
||||
// if ($retBR != 0) {
|
||||
$this->session->logout();
|
||||
// }
|
||||
return $ok;
|
||||
}
|
||||
public function saveFederation(LassoProfile $profile) {
|
||||
LassoSPKitHelper::saveFederation($profile, $this->session);
|
||||
}
|
||||
public function findFederation(LassoProfile $profile) {
|
||||
lassospkit_debuglog("SLO request IDP initiated4");
|
||||
LassoSPKitHelper::findFederation($profile, $this->session);
|
||||
}
|
||||
/** Federation termination **/
|
||||
public function initiateFTNotification($method = LASSO_HTTP_METHOD_SOAP, $remoteID = null) {
|
||||
$this->session->changeFederation(null, null);
|
||||
}
|
||||
/** Store the given profile in the current session to restore it in the
|
||||
response endpoint handler. */
|
||||
function keepProfile(LassoProfile $profile) {
|
||||
$fed = @unserialize(LassoSPKitUtilsSession::getFederation());
|
||||
if ($fed == null) {
|
||||
$fed = array();
|
||||
}
|
||||
$fed['profile'] = $profile->dump();
|
||||
LassoSPKitUtilsSession::setFederation(serialize($fed));
|
||||
}
|
||||
/** Get the stored profile */
|
||||
function restoreProfile() {
|
||||
$fed = LassoSPKitUtilsSession::getFederation();
|
||||
if ($fed == null)
|
||||
return null;
|
||||
$fed = @unserialize($fed);
|
||||
if ($fed == null)
|
||||
return null;
|
||||
if (isset($fed['profile'])) {
|
||||
$profile = @$fed['profile'];
|
||||
unset($fed['profile']);
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
LassoSPKitUtilsSession::setFederation(serialize($fed));
|
||||
return $profile;
|
||||
}
|
||||
}
|
||||
|
|
Reference in New Issue