diff --git a/README b/README index 6516b3f..3c6cae2 100644 --- a/README +++ b/README @@ -1,12 +1,18 @@ -Lasso SPKit PHP v0.1 +Lasso SPKit PHP v0.3 This library contains code to ease the usage of the PHP bindings of the lasso library inside a service provider, usually an existing web application where you wish to handle some of the profile of the Liberty Alliance or SAML 2.0 protocols. -The API is procedural, minimal and easy to comprehend. Depending -upon the configuration +The API is procedural, minimal and easy to understand. + +Depending upong the configuration there is two functionning mode: + - liberty state is reported through the function lassospkit_nameid() and + lassospkit_federation(), your application MUST persist them by its own way. + - liberty state is stored using one of the automatic storage mode, you just + have to associate a user id with the liberty state. After any liberty event + you can retrieve this user id. = Description of the API = @@ -22,15 +28,16 @@ function lassospkit_nameid() function lassospkit_set_nameid($nameid) * Set the nameid that the next SAML profile should use. Use it before - presenting link for defederation or single logout. It has no effect if redirecting toward SSO. + presenting link for defederation or single logout. It has no effect if + redirecting toward SSO. function lassospkit_userid() * When automated storage of the federation is activated this parameter will contain the last userID associated with the current nameID. The association is done by calling setUserID then making a successul SSO request (via a - redirection to lassospki_websso_redirect). - When automated storage is inactivated, it always returns null and set_userid - is ignored by the backend code. + redirection to lassospki_websso_redirect). When automated storage is + inactivated, it always returns null and set_userid is ignored by the backend + code. function lassospkit_error() * When non-null gives a human readable explaination of the last unsucessful @@ -38,14 +45,16 @@ function lassospkit_error() federate is identity in the context of an SSO request. function lassospkit_federation() - * Return an opaque blob containing informations on the federation created with an IdP - afer a succesful request. If you intend to handle yourself storage of the federation, - you must save this together with local user account/sessions informations and restores - it before any future redirection to a logout/defederation request. If you user automated - persistence you can ignore it. + * Return an opaque blob containing informations on the federation created with + an IdP afer a succesful request. If you intend to handle yourself storage of + the federation, you must save this together with local user account/sessions + informations and restores it before any future redirection to a + logout/defederation request. If you user automated persistence you can ignore + it. function lassospkit_set_federation($federation) - * Restore the opaque blob needed to initalize SAML requests. See previous function. + * Restore the opaque blob needed to initalize SAML requests. See previous + function. function lassospkit_websso_redirect($relay) * URL to the local page intiating SSO exchanges with the IdP. Use the baseUrl diff --git a/debian/changelog b/debian/changelog index fc1fb59..6b900ee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +spkitlasso (0.3.1ubuntu1-git-95065af809) jaunty; urgency=low + + * Package from git development trunk. + + -- Benjamin Dauvergne Tue, 03 Feb 2009 12:56:30 +0100 + spkitlasso (0.3.1) jaunty; urgency=low * Catch errors when building configuration diff --git a/exemples/endpoints/configure.php b/exemples/endpoints/configure.php new file mode 120000 index 0000000..2a99adf --- /dev/null +++ b/exemples/endpoints/configure.php @@ -0,0 +1 @@ +../../endpoints/configure.php \ No newline at end of file diff --git a/exemples/endpoints/liberty.php b/exemples/endpoints/liberty.php new file mode 100644 index 0000000..1018b7c --- /dev/null +++ b/exemples/endpoints/liberty.php @@ -0,0 +1,62 @@ + login, + '/federate' => federate, + '/ssoAssertionConsumer' => ssoAssertionConsumer, + '/sloInit' => sloInit, + '/sloSoap' => sloSoap, + '/sloRedirect' => sloRedirect, + '/sloResponse' => sloResponse, + '/defederate' => defederate, + '/defederateReturn' => defederateReturn, + '/defederateNotification' => defederateNotification, + '/metadata' => metadata)); +// TODO fill implementation +function login() { + $saml2 = new LassoSPKitLiberty(new LassoSPKitDummySession()); + $params = LassoSPKitUtilsSession::getParams('login'); + $federate = TRUE; + if (isset($params['federate'])) { + $federate = $params['federate']; + } + $saml2->sso(TRUE, $federate); +} +function federate() { + $saml2 = new LassoSPKitLiberty(new LassoSPKitDummySession()); + $saml2->sso(TRUE, TRUE); +} +function ssoAssertionConsumer() { +} +function sloInit() { +} +function sloSoap() { +} +function sloRedirect() { +} +function sloResponse() { +} +function defederate() { +} +function defederateReturn() { +} +function defederateNotification() { +} +function metadata() { + header('Content-type: text/xml'); + $datadir = LassoSPKitHelper::getMetadataDir(LASSO_PROTOCOL_LIBERTY_1_2); + $pkey = $datadir . "/" . PRIVATE_KEY; + LassoSPKitUtils::extractPublicKey($pkey, $publickey, $error); + try { + $content = LassoSPKitMetadataLiberty::generateMetadata(dirname(LassoSPKitUtils::mydir()), LassoSPKitConfig::get('organization'), $publickey); + if ($content) { + header('Content-type: text/xml'); + echo $content; + } + } catch (Exception $e) { + throw $e; + } +} diff --git a/exemples/endpoints/saml2.php b/exemples/endpoints/saml2.php new file mode 100644 index 0000000..583fdde --- /dev/null +++ b/exemples/endpoints/saml2.php @@ -0,0 +1,82 @@ +__toString(); + $lines = explode("\n",$exceptionText); + foreach ($lines as $line) { + error_log($line); + } + die('There was an error, shoot yourself !'); + } + } + function headerHtml($title, $url) { + ?> + + + <?php echo $title ?> + + + + + + relayState; + $this->headerHtml("AssertionConsumer endpoint", $r); + if ($ret == 0) { + echo "Ouais on est loggé, aller $r"; + } else { + echo "Une erreur lasso s'est produite de code $ret" . strError($ret); + } + return $ret; + } + function handleSlo($ret) { + $r = $this->relayState; + if ($this->currentHttpMethod == LASSO_HTTP_METHOD_GET && + $this->currentHttpMethod == LASSO_HTTP_METHOD_POST) { + $this->headerHtml("SLO endpoint", $r); + if ($ret) { + echo "Demande de slo échoué: " . strError($ret) . "($ret)"; + } else { + echo "Demande de slo réussie"; + } + echo "Go to $r"; + $this->footerHtml(); + lassospkit_clean(); + } else { + # Specialized + $id = lassospkit_userid(); + error_log("Trying to destroy session $id"); + $session = LassoSPKitUtilsSession::getSingleton(); + $session->id = $id; + $session->clean(); + } + if ($ret) { + error_log("Demande de slo échoué: $ret"); + } else { + error_log("Demande de slo réussie: $ret"); + } + + return $ret; + } + function handleNameIdManagement($ret) { + if ($ret) { + error_log('Erreur lors du nid: ' . $ret . ': ' . strError($ret)); + } + return $ret; + } +} + + +$endpoint = new EndpointExemple(); +$endpoint->dispatchAndExit(); diff --git a/exemples/endpoints/style.css b/exemples/endpoints/style.css new file mode 100644 index 0000000..7d71e09 --- /dev/null +++ b/exemples/endpoints/style.css @@ -0,0 +1,2 @@ +.error { width: auto; color: red; border: 1px solid red; padding: 2px; } +pre,.code { background: #BBB; border: 1px solid black; padding: 1ex;white-space: pre; overflow: scroll } diff --git a/exemples/spkitlasso b/exemples/spkitlasso new file mode 120000 index 0000000..3a1af68 --- /dev/null +++ b/exemples/spkitlasso @@ -0,0 +1 @@ +../include/ \ No newline at end of file